Milestone 11: Hyper‐V - jacobwilliams100/sys-350 GitHub Wiki

Booting the ISO

Start by downloading en-us_windows_server_2019_x64_dvd_f9475476.iso from http://192.168.3.185/files/

{4A8EE90A-03BC-40AD-AD02-D830FBBA071F}

And make a bootable USB stick of it using Rufus

These settings are fine:

{9505708D-0DB4-4B90-9120-10A22B5B6963}

Once its done, plug it into your SuperMicro and use IPMI to access iKVM to boot from the drive

{D621C231-9743-4CB0-97D2-71FD29160F29}

Installing Server 2019

Initiate the Windows Server 2019 install, choose DataCenter (Desktop Experience)

{2407F6D8-18C5-45EA-9FF0-44B1D1DB6F22}

Delete all pre-existing partitions on the drives screen

{5405EBF3-A96B-4EE7-9DF1-56B5745FAF09}

May take a little while

{552C6910-A0EE-4215-B75C-B905C62C2126}

If your SuperMicro is still plugged in from the previous labs, only "Ethernet" should be connected & active

{9D08B46B-1307-4E3B-9AAF-B4AB33D2D796}

Configuring Network settings with sconfig

{1B9F4D30-7B04-4E59-BC72-C9AFA3ACA397}

also, change the hostname to SUPER-## where ## is your SuperMicro number

Installing Hyper-V

Once your installation is ready-to-go, open Server Manager and go to Manage->Add Roles and Features

Continue through defaults until you get to the Server Roles screen and check Hyper-V

{EC085856-3703-4B2B-A03E-F221B79FD731}

Click "Add Features"

Next, Next, Next

~~Check to create a virtual switch for the one network adapter you should have~~ This should not actually be checked, this caused me problems later

{D909EBDA-ACBA-4C41-AF18-50FB41CF4638}

Ignore the Migration screen, Next

Leave the "Default Stores" how they are, Next

and check restart and "Install"

{77E101F4-470D-44BA-8E6B-1C3F30647F69}

It will restart during the install process, this is normal.

Virtual Switches

When you get back in, open Hyper-V Manager in the start menu

Open "Virtual Switch Manager" on the right pane

~~Rename the existing Virtual Switch (created during Hyper-V setup) to "Hyper-V WAN"~~ Create a new virtual switch and assign it to Ethernet's hardware interface

{2FD38C73-33DD-4C6D-AD60-C78F70E2D5A7}

EDIT: you must also uncheck "Allow Management operating system to share this network adapter"

And create a new one (internal switch) called "LAN-INTERNAL"

{DB78D319-182C-43CA-A5BD-697953116209}

And one more (internal switch) called "nat"

Now, go back to Server Manager and click Local Server in the left pane

{054C341A-915A-481B-A947-2F75383A9CCB}

From here...

Change the hostname to "Super-##" if you haven't yet
Enable Remote Desktop

{1464AC2F-47DF-4D9A-B3B4-8ADA607D8C51}

Change nat's IP to static 172.25.96.1

{8FC9FC49-1643-4FDB-887B-A6E50D50C5E2}

Your Local Server page should look something like this now:

Deliverable 1. Provide a screenshot similar to the one below.

At the end, it looked like this

Installing Windows Admin Center - ‘WAC’

(Also explored in SEC-440 Lab - Windows Admin Center)

First, download and install Google Chrome from 192.168.3.185/files

{6B943AC3-9657-4FFC-8F29-56416E850CFA}

Then use it to download Windows Admin Center from https://aka.ms/WACDownload

{DCACC42E-42DA-4331-94E6-9C8E62D23041}

run it to install WAC

{471C147D-DBD1-4B07-9606-77CF0E30DF90}

Default settings are fine

{CFE20E42-00D3-4A2A-8A56-566DE40547BB}

Go to the provided IP in chrome and log in with the OS' admin credentials

{EBB7FD27-DA6E-4091-BB71-059B91B27237}

Install the Virtual Machines and Switches extension by going to Settings (wheel in upper right corner)->Gateway->Extensions->Available extensions (if you don't already have it installed, I did for some reason)

Once its installed, go back to the dashboard, click "Super-##" scroll down in the sidebar, and click "Virtual Machines" (at the bottom)

Deliverable 2. Provide a screenshot similar to the one below that illustrates that you have installed WAC and the extensions.

HyperV VMs

We will be creating a pfSense VM in Hyper-V

Download pfSense-CE-2.7.2-RELEASE-amd64.iso from 192.168.3.185/files/

Back in Hyper-V Manager, go to SUPER-##, Actions->New->Virtual Machine

Default location is fine, name it "fw-super-19"

{0F17FE23-4164-46B3-93CA-33B2CCD582AF}

Pick gen 2

{C74F3A1C-3C42-4D50-8CAE-7AC662473EB2}

1GB RAM is fine

{B370C799-43C7-4242-A17B-D6345044770F}

Put it on Hyper-V WAN initially

{88261119-613D-4824-8024-75C171DC1332}

30GB is good

{00081FAA-900D-4FCB-B6E1-141A2B3F2A36}

For operating system, choose the pfense iso we downloaded earlier

Finish for now

Additional config

Rclick fw-super-## and go to "settings"

Add Hardware, Network Adapter

Put it on LAN-INTERNAL

Go to Security, uncheck "Enable Secure Boot"

VM2- Windows 11

We will be creating a second VM, running Windows 11. Use Chrome to download en-us_windows_11_consumer_editions_version_23h2_updated_oct_2024_x64_dvd_4728d672.iso from 185.168.3.185/files/

Follow the previous steps to create a VM of it called "WinDev2022Eval"

Give it 4GB RAM

Only connect it to LAN-INTERNAL

~80 GB should be fine

Boot from the Windows from earlier

Configure 2 or more VCPUs

Disable Secure Boot, Enable Virtual TPM

Should be ready to go

Setting up PfSense

Go ahead and power on fw-super-## in WAC

Then connect to it

Go through the pfsense setup. Defaults are fine

may take some time.

Go ahead and reboot when finished

Now we can configure it, assign interfaces from spreadsheet; configure DHCP on the LAN side if you like. config screen should look like this

EDIT: I decided to change the LAN subnet from 172.25.96.x to 10.0.17.x because I was having trouble with it and was trying to match my architecture from earlier labs.

hn0 should be WAN

hn1 should be LAN

Use your network assignment from the spreadsheet, your pf-350x eth0

Setting up WinDev2022Eval

Power up and connect to the VM, go through normal Windows installation process, defaults are fine, Pick "Pro"

Will take some time

Once you get in, if it tells you to connect to a network, open a command prompt with Shift+F10 and enter the command OOBE\BYPASSNRO to skip it

https://www.reddit.com/r/Windows11/comments/updn79/apparently_theres_no_way_to_setup_a_new_windows/

If you configured the pfSesne firewall right, you should instantly be given an IP configuration on LAN-INTERNAL from DHCP. Otherwise, you will need to configure it manually

Deliverable 3. Provide a screenshot that shows connectivity from INTERNAL->WAN->GOOGLE Similar to the one below.

Reflection

It was certainly interesting to explore yet another virtualization platform. This one was probably the easiest to set up. The stability and end-user experience on Windows was better than VCenter and OpenStack (no surprise with it being a Microsoft product). It handled Linux (pfsense) without any major issues too. Generally, I prefer open-source software, but I was actually very impressed by how well it worked "out-of-the-box" and how intuitive it was to use (aside from networking, which I will get to later). I think sometimes Linux/Open-Source fans don't realize that, from most organizations' standpoint, it is very important that software is intuitive and works reliably without extensive configuration.

I ran into a few issues though. Initially, my Windows 11 VM would not install, which I found out was because I didn't have Virtual TPM Enabled (a requirement for Windows 11 installation). After installing Windows, it would not let me get to desktop without first setting up a network, which is what I was trying to troubleshoot. A quick google search helped me find the OOBE\BYPASSNRO command to bypass this screen. My last and most severe issue was getting my pfSense VM to communicate with WAN correctly. To fix it, I needed to disable "Allow Management operating system to share this network adapter" which was causing my host OS' connection to the WAN interfere with pfSense's connection to the WAN interface. After this one the two instances of "Hyper-V WAN" on my ESXi host dissapeared, then I reconfigured pfSense one more time and it was working properly. I think that network configuration could be a bit more intuitive on Hyper-V.