Mr Adian Finn has done a very nice blog post on ACL’s in Hyper-V. Not so many know about this, trust me.
Here is an abstract….
There are many reasons why you might want to isolate virtual machines at the NIC level in Hyper-V. Maybe you have different tenants on a cloud. Maybe you have some stuff that has high security requirements. If so, then there’s a new feature in Windows Server 2012 Hyper-V that you’ll like: Port ACLs (access control lists).
Port ACLs allow you to set rules as follows:
- Local MAC/IP address: what local address does this apply to?
- Remote IP/MAC address: what remote address does this apply to? Can be a specific IP address or network address or a wildcard.
- Action: Do you want to block, allow, or measure traffic that this rule applies to?
- Direction: Are you apply this rule to inbound traffic, outbound traffic, or traffic in both directions?
It’s important to note that Port ACLs works at the address level and not at the port or protocol level. If you need that level of granularity, then check out one of the certified Hyper-V Switch extensions that MSFT partners such as Cisco and 5Nine are producing
Leave a Reply