3.7 Virtual Machine, Network, Hard Disk Creation Part 7
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
Already have an account? Sign In »
5 hours 8 minutes
What about it?
All right, so
the next section, we're gonna go over. I'm glad to have you all along. Absolutely loving it today.
Um, so yeah. Uh,
cool. Okay, so switch and neck, Nick capability. So if you know, seeing this before, so if not heard of it before Nick is a network interface card. I didn't mention it, I think, in the previous set,
but we're gonna go into a little bit more about what's capable of these ones.
All right, so for here,
we're gonna go through the knowledge of what virtual networking capabilities were available in hyper V
on. That's basically it. So it's a nice, quick, easy section. And then after this, hopefully we're gonna go through building on dhe, gonna go through installing hyper V, building a virtual network and then installing and creating of'em, which we've done in previous episodes. We're gonna put it all together into one dry, impractical.
So virtual networking capabilities, basic settings. So the 1st 1 is villain. I did
so Dylan idea. We've discussed this. That means that basically, we're looking to you actually tagged your villain as we discussed before on give it a number. So that It's easier to group things together logically on the network, so they don't have to be physically on the same network in the villain. They just need to be able to talk to each other.
And you could group them together so that they just think that they were part of the same network.
And then you have bandwidth management as well. Now it literally is what it says on the tin. It allows you to manage the band with that. That networking
port adapter is dealing with effectively,
so you can see here. I've got a quick screenshot up
which have taken from one of my virtual machines on You can see I've got the network open here. Network adaptor. It's not connected to anything at the moment, but you can see here the option for enabling a virtual land identification. Itjust specifies the virtual land that this machine, when you make the changes here,
we'll use for all network communications through the network adapter. So when it sends out packets or receives them, it's looking for. In this case, it would be number two if we turned it on and left it a default on, it would only it would always tagged with those with that bill, and I did.
And then straight underneath there is the bandwidth management. This enables you to tell the network adapter how to utilize available network bandwidth.
You can add minimum and maximum bandwidth. If you don't want to restrict it, you just leave it at zero. She can only have one if you want. Maybe a maximum. Most people don't really say minimum unless they want to specifically say, Give this virtual machine X amount all the time
and then you could You would do that. But generally it's the maximum one that most people use the most.
So it's just giving you a quick idea of what the basic networking capabilities are on that point.
So let's clear the screen on that one.
So let's move on to the next. So hardware acceleration, hard acceleration, it basically just means that it's gonna be able to use the hardware itself directly. Eso In this sense, we're using Virtual Machine Q. Now this is a type of hardware packet filtering that delivers
packet data from an outside virtual machine network
directly to a virtualized host operating system.
S O. We call it V N Q. Obviously, for sure, it works by allowing a network adapter to transfer incoming frames
directly to the received buffer off that network at that network interface card by using what's called D M. A direct memory access. Now this simplifies the overhead involved in routing packets on reduces the need for copying them from the management operating system to the virtual machine. So
it means that
they don't need to step in and deal with it.
It's just like it's like an express train all the way through eso. It just keeps it nice and simple. Simple on. Instead of one process of handling all of the network data exchanges and things like that, you get different processes that process packets for different virtual machines with the thank you.
all this does is effectively eliminates the dependence on driver based traffic exchanges and improves the transfer of network traffic.
So if you can always enable virtual machine Q on your hyper V environment or your virtual environment in general because it will, it will simplify, and
it makes the route for the data a lot more direct, rather than having to pass through multiple middlemen effective
that's what it does with virtual machine. Q. It is most basic, of course.
Then we've got I p sec task off loading
S O If the virtual adapter will be performing my PC
packet, encryption and decryption, hopefully you guys know I p sec, its I p security. It's just a security that allows data to be encrypted while it's being transmitted.
Leaving the check the box checked
allows it to offload this task
the encryption and decryption to the physical adapters process, sir.
Um and so on. Let me bring up the text box. So,
as the text explains, the textbooks allows you to specify the maximum number. You can see it here on the right hand side, the maximum number off unique security associations that the virtual adapter can offload
anything above this number can we will be processed inside the virtual machine. 5 12 is the default
s 0 70% is Vienne que shed for all guests of the EMS or one per each V m s o. It will basically would depend entirely on
uh, the, uh
So if you think about what the MQ actually is, sandy, it works. By allowing the network adapter to transfer the incoming frame on that layer to directly to the received buffer with Nick
by using the direct memory access. So what it does is it goes right. I've got this frame come in through the physical packet, the physical link. I'm gonna pass it straight over to the the buffer of the virtual nick on that machine rather than passing all the way through all the different systems.
So each VM would have its own little allocation area.
Where can they deal with an open up these frames to work on them or even pack it up and send them out as well?
So each each BM would have its own effectively.
Yes, I'm going back to I p set task off loading. So the default is 5 12 offloaded
Security Association. So that's what the essay means on the end. Anything above this, and then the actual the VM would then have to kick in and use it. So if you do have ah, meaty system that can deal with a lot of I P sector start floating, you can punch this all the way up to I think it's just over 4000.
Uh, Oh, it's actually screen silly me.
4096. So select the maximum number of offloaded security associations from 1 to 4096. The more you can offer,
the better it is. Generally,
unless you haven't for a specific reason reason
the next piece is S R I O v. So
this doesn't appear on this one because it doesn't. Actually, if you've been with us for any of our previous Siri's, you don't actually get to use S r o V in hyper V client. You need to have a server in order to do this any type of server, but you must have a server, so I'm not gonna be able to show you on this machine, but it needs a server environment. But checking this, it just comes up
directly under their I p sec task of floating.
Checking that box would cause the virtual adapter to attempt to use a virtual function called
and you need to have an adapter that's capable of doing it called S R. I o ve.
Now s r i o V stands for, uh Oh, God. Uh, let me see if I've got it.
No, I haven't actually. So it's single root input output. Virtual ization.
So it sounds
a little complex. It's really no,
Uh, basically what it does is
so in order for this to work, it's probably best way the physical adapter needs to support S R i O V.
Then I clicked something. So the physical adapter needs to support S R I O V e.
Um, First off, that's the key thing for anything along that line. If the actual adapter doesn't support it, you can take this box on enough. Won't do anything at all.
in on What's that? Once that's enabled and you turn it on in virtualization. So single room input output virtualization
is specifications that allows the isolation off the PC I express resource. So in this case, it would be the network card,
to allows it to be insulated from manageability and performance reasons
and a single physical PC. I express network card. Whatever it might be can be shared on a virtual environment using the S R. I V specifications. So it's kind of like how you would have a printer installed on a network at the office, and then that would be your physical printer, which Microsoft would call a print device.
And then you can have multiple setups and configurations for that same device
with lots of different printers actually installed in people's. You have the same printer installed multiple times with different setups, one for landscape printing, one for black and white, one for color, one for ICO printing and so on and so forth.
And that allows you to do the same with these physical devices off networks so you can have one physical Nick.
And then you have lots of different variations of that same Nick available to do various different things. And you can push out different things through the different versions of that Nick Effectively.
that's if it's simple. List is very can be a lot more complex if need be as well.
All right, so,
from here, we're gonna look into a few of the more advanced features. That means said it's all right. Avi is probably one of the more advanced features anyway. But here we have Mac address spoofing.
So what? I have what we have here, Mac address spoofing means that you can just set the Mac address off the actual interface. Nice and simple. You might need it If you're doing like a white next thing of Mac addresses, you can actually pick your own Mac addresses on your network as well. If you do in a virtual environment.
D H cp guard basically means that that machine won't actually allow roadhog piece to kick in on a virtual machine network
route to guard. Same principle road routers on the network If any of you work in a business environment and do this regularly. D H e P ro D H E P's and road routers are the bane of many people's lives who work in networking, so it just allows you to do that.
Then you have protected networking and port mirroring. I'll just bring up the screen here so you can see them.
you can see here you've got the Mac address at the top. You can have it.
I met Mac address static on Deacon, able spoofing as well, and it allows the virtual machine to change the source Mac address in an outgoing packet toe, one that is not assigned to them. So it says, Look, I'm sending this out. I don't want to be identified. I don't want to coming back to me.
So I'm gonna change the Mac address and just send it. I'm just gonna spoof any random one on just long as it's not me. I don't care. I don't want that data back. I don't want people to know where it's coming from.
D h e p. Guard Underneath. As I said, it drops the HDP server messages from v EMS that pretending to be D h e p service that no authorized on the network
route to guard drops router advertisement on dhe like redirection and stuff like that
again from unauthorized virtual machines pretending to be a router on the network.
Um, protected network,
Puts this virtual machine
into another cluster. No, this is a bit more advanced into another cluster. Note if a network disconnection is detected, so it means that
if the network er is on just loses connectivity for whatever reason,
it's going to move this virtual machine in tow. Another node to try and keep it up and running an online effectively doesn't mean that the Viet has got a problem. Just means that is trying to keep it connected to the rest of the network, whatever that might be in that situation.
Uh, and then port mirroring as well, Which I think we can slide this. Let me see here.
Have I got this year?
Ah, there we go.
All right. So just moved up a little bit. Support mirroring allows the network traffic of any of'em to be monitored by copying the incoming and outgoing packets so effectively it's kind of like a cc of an email. So when it sends or receives a packet, it makes a carbon copy a C C
and drops it into somewhere else, and you can actually redirect it using the mirroring mode
when the pup port, when the when this virtual machine received packets or sends them.
Also send a copy to this network. Pour over here, and it allows you to actually see what's going on. And you can see the data moving in and out. Very good. If you're doing security checks and use things that wire shark or those kinds of things as well
uh, Nick teaming. So this works the same as if any of you have used Nick teeming in a server environment, you can basically enable the network adapter the network adapter, to be part of a team in the guest operating system.
many people you allows you to. This is this is useful if teaming isn't configured in the management operating system.
So if you don't have lots of physical network adapters in in your host management environment and they're all teamed, which means they're working together effectively, like being one redundant, kind of like a raid system. If you ever use one of those
it, you can actually create a teeming system where you have lots of different networks. Virtual networks, where they have virtual necks that come in on Dhe, allow them to team up so that they effectively is nick bonding. Eddie, as you say.
But it allows it in the virtual environment, not just physically on the host management server.
So it allows me to have multiple virtual networks that would bond together as well, so that there's fail over between virtual networks, multiple routes out that kind of thing,
And then device naming so device naming means that the name of the network adapter can be propagated into support guest operating systems. Eso it just means that your past, the device name across. So it can be that some situations require a specific name on the device. This is how you would pass it across to the virtual machine.
Yes, a load balancing as well.
Eso something says, Can you port there?
Can you port murdering of the uplink or isn't limited to a specific BM?
This is on a V M level, Sandy. So the setting I'm looking at here. If you look on the top here, you've got settings for D m. Demo on Deadpool. Deadpool is the host on D M. Demo is the virtual machine. So this is a virtual machine level. You can basically go in and go. I want to port Mira
this specific area.
But you could do that for as many of the ends as you like, And you can feed all of that information in tow. One physical adapter on there on your on your host, for example.
So that's absolutely fine. You can go ahead with that.
Cool. All right, so
a lot of little bits and pieces on that one. I'm no too worried if you don't grab everything of those all at the same time. But that being said,
I'm gonna throw up one of the
slides that I have here on the table. Look, actually
Oh, you guys are gonna get away with a freebie on this one.
I think I've accidentally put the wrong way to show bits on the questions.
Deny we're gonna It's gonna come up, is that never mind.