Vista - DMZ/Inernal LAN Setup

Hi All,

I'm trying to determine if I can securely setup a single Host server
(Virtual Server or Hyper-V) hosting two VMs in the following way:

1. One VM is connected to Public DMZ
2. One VM is connected to internal network.
3. Each VM will have dedicated physical network connection.
4. Cisco Firewall rules will allow communication between DMZ and Internal
server.
5. Maximize security. How do you protect internal network if DMZ VM is
compromised?
6. Host server does not need to communicate with either VM, but VM
administration is still required from the host.

Would a 3 nic host server be required?
How would I cofingure each network connection?

Thanks!

"bitter32" <bitter32@xxxxxx> wrote in message
news:3C1296B1-BAB9-4110-A01A-F655255B25BA@xxxxxxWhat would you use a third NIC for? I cannot think of any reason unless
you want to administer the host remotely.

If you are using a Cisco you must have a physical DMZ and private LAN. In
Hyper-V you would connect one NIC in the host to the DMZ, create a virtual
switch linked to this NIC and connect one vm to the network.

You would connect another NIC in the host to the internal network, create
a virtual switch and connect the other vm to that network. The situation
with Virtual Server would be similar but you do not need to create the
virtual switches. Virtual Server will automatically set up a virtual network
for each NIC in the host.

If your firewall is compromised, there is nothing you can do about it by
changing things on this server. Whether the server is a physical or virtual
machine makes no difference to the way networking operates. If a network is
compromised, all machines on that network are compromised.