RE: MS Virtual Server- SW Development Scenario

["Rob McShinsky" <Rob () McShinsky com>]

Yes I think you should multi-home the host system in this case.  One NIC
will be used for the office LAN and the other will be used to access the
outside network.   With Virtual server installed on the developers desktop
you will need to make sure that the NIC Properties are set properly to
provide the correct host isolation of the 2 networks.  One should have
Client for Microsoft Networks, File and Print Sharing, and TCP/IP.  The
other should only have the Virtual Machine Network Service.  The development
environment  could be either housed as a virtual guest through the external
NIC and the internal NIC could be used for normal day to day office
activities or vice versa. 

You could also consider the price difference between installing and
maintaining all the different development environments on individual PCs
with the cost of second NICs, memory and potentially CPU upgrades, versus
installing a server with a virtual server solution on it where you could
have all these environments at a location that is secured in a datacenter
and more easily maintained and backed up.  They will continue to used their
current PC's for basic office tasks and remotely connect to their virtual
guest servers through RDP, VNC, PCAnywhere, or VMRC(Microsoft).  It will
probably cost more, but would be less of a headache. 

Rob McShinsky
http://virtuallyaware.spaces.live.com


From: WALI [mailto:hkhasgiwale () gmail com] 
Sent: Wednesday, June 13, 2007 12:29 PM
To: Rob () McShinsky com; 'Megan Kielman'; security-basics () securityfocus com
Subject: MS Virtual Server- SW Development Scenario

A related question to the ongoing thread of VMware.

I have heard a lot about deploying Virtual Server for Software development 
and test environment rather than keeping 10 machines stacked under the 
developers tables.

But there is a small glitch.

Each of our developers has / need access to office LAN for checking out 
emails/browsing internet etc.
Now, Compliance dictates that development/test environments should be 
isolated with developers having little/no access to production except that 
they can have read/execute permissions on the software that they developed.

Virtual Sever 2005R2 allows me with two options:
1. Virtual machines in their own internal network, accessible only through 
Remote Control after I enter into the host machines.
2. Virtual machines connected to the outside network (physical NIC of the 
host machine) and available via Remote desktop from anywhere in the LAN.

I don't want to assign two desktops to each developer. One for accessing 
his Development machines on Virtual Server, and the other to be able to 
access office emails/ browse internet etc.

What is the right way? Can I multihome developers desktop?