Windows 8 replaces the older Virtual PC technology with Hyper-V, for a full-featured virtual machine manager, and this allows for some really interesting new networking scenarios.
Over at AskPFEPlat, Mike Leary posted a quick guide to setting up a Hyper-V isolated network for testing, on a Windows 8 box. Why focus on a Windows 8 Hyper-V installation, and not Windows Server 2012? Well, as this is likely your work machine/desktop/laptop, a key goal is to keep it as lightweight as possible in terms of memory, disk and cpu footprint.
Isolation is way cool if you plan for it, as you trade convenience for security (i.e. not blowing up the universe if you get something wrong. (I’m looking at you, DHCP)), whereas having all your hosts on an External network means you have to keep those hosts secure all the time. Plus that universe-destruction scenario I mentioned.
With Windows 8 + Hyper-V you have the opportunity to create a great lab environment on a single workstation. When I build a lab I like it to be isolated from any production network but also flexible enough to get Internet access from the lab and files and such into the lab. I like the idea of isolation because I fear things like a rogue DHCP servers or duplicate domain controllers on a production network. As a Premier Field Engineer I needed the ability to quickly reproduce issues and verify behaviors in my own lab. This approach allows me to have complete control for testing (without tweaked configurations, 3rd party software, etc.)
So, the key thing is: you need something to act as a router, which has port forwarding capabilities. I used to alternate between ISA Server/TMG and Windows Server 2003 and RRAS with the Basic Firewall for this, but the Basic Firewall feature gets removed in Server 2008, and it doesn’t really work in the same way in later releases. Plus, we’re trying to find something with the most minimal footprint possible. Mike went with DD-WRT:
So what is the solution? Well, it is not perfect- but I use a Linux based firewall/router running as VM. This solution has a very small footprint for both disk and memory (50mb and 32mb). It boots very quickly and provides lots of functionality. There are a few options in this realm including pfSense, m0mwall, and DD-WRT. In my testing I found that DD-WRT was the most stable platform and pfSense provided the best performance. Since I care more about ease of use and ease of installation I selected DD-WRT for my lab.
Funnily enough, I did almost exactly this at home the other week, and I went with Smoothwall Express as the lightweight router option. Potato, potato.
The rest of Mike’s short and sweet guide is at the original post.
Posted by Tristan Kington, MSPFE Editor who’s forwarded a port or two in his day, let me tell you, young man.