Hello guys!
What is correct deployment of CHR on Hyper-V 2016?
1U server HP DL360G7 - server is provided for colocation with VM servers IIS10+SQL2017+DEV.WS (inside)
All VM's shilded with CHR.router on the same host.
As far as i know CHR not supported SR-IOV for now, so the question is, -
How to secure HOST itself on it's - EXTERNAL Virtual Switch interface????
In any scenario we must enable at least one physical ethernet port on server and
that's immediately opens a doorway to host itself!?
OK - guests are behind CHR, CHR itself get internet from external VS and pass it to
internal VS.swutch subnet... With - VM servers IIS10+SQL2017+DEV.WS (inside)
But what about host? What is correct way of isolating HOST from direct external VS traffic?
With support for SR-IOV, (which is realised or not?) we can provide one of our physical NIC's directly to CHR VM as External.VS
and this is elegant and simple decision, but what to do for now?
How you did it now, without any external equipment? (any aditional HW or SW external routers)
Only bare metal server and white real Internet IP from colocation-provider (may be some iLO3 isolated Net from hoster also as well;-) )