Virtualization is the process of allocating resources and processes to an isolated environment in order to improve the efficiency of the hardware. One of the brightest representatives in working with virtualised environments is the hypervisor on the basis of which and work with environments. There are two types of hypervisor: the first one runs on bare-metal or as a host operating system ESXi, in the second case it is an application that deploys a guest OS on the host OS.
In the case of the second type of virtualisation, virtual machines run as processes within the host system and use its operating system kernel. In this case, virtual OSes can share a kernel with the host system. They run in isolated environments provided by the hypervisor, but at the same time can share resources with the host system and other virtual machines.
One of the representatives of the second type of hypervisor is VMware Workstation, which is quite often used in infrastructure.
How do VMware networks work?
Since virtual operating systems and containers are created in an isolated environment from the host operating system, the question often arises as to how guest environments can be connected to the host environment. How do you allow virtual machines to access the Internet or an existing computer network? VMware Workstation provides many types of network device configurations, from bridged to host-only mode:
Each machine has its own network interface through which communication will take place. They are separate devices that must be combined into a single channel and/or network environment together with the host OS from where they will receive traffic.
The network infrastructure acts in organising this connection in life: switches, routers, bridges and more. In the virtual one there are not many differences, as the same network infrastructure is used to unite devices into a single whole, only virtual. Let's look at the basic ways to set up a connection.
Network configuration for VMware Workstation
All steps in the tutorial can be performed on powerful cloud servers. Serverspace provide isolated VPS / VDS servers for common and virtualize usage.
It will take some time to deploy server capacity. After that you can connect in any of the convenient ways. Let's return to our connections. The first method of connection is Bridge mode or network bridge. The schematic diagram of this method is as follows:
The principle of operation is based on the creation of a virtual switch that will join the created virtual machines into a channel environment. When all guest operating systems are in the same channel environment, it is necessary to provide access to the network adapter of the host, which has access to a public or Internet network. This is realised by means of a bridge.
A network bridge, in the context of virtualization, is a logical device, an add-on to the main interface. It allows the virtual and real interface to be combined into a single channel environment by simply forwarding frames.
In this case, having to grant access to the host network would be a problem. If the interface is used to communicate with other devices, when creating a bridge, the interface is disconnected from the machine's network stack and used in the bridge. So for a network interface, a driver is added, by default, which creates a driver under the interface. Which is used, and then the device receives the packet and routes it according to the rules on the machine.
From a security point of view, this method has a number of vulnerabilities for the host OS and network. Therefore, it is recommended to add devices to a VLAN, which will delimit the channel environment.
To configure, let's go to VMware Workstation, select the OS and go to Settings:
Select the network adapter or add as a new device and go to the left panel with the connection type, just select Bridge, the option below is responsible for copying the network state. This can increase network performance and ensure interface consistency.
The screenshot also shows the connection via NAT. The scheme of which is shown below:
The peculiarity of this connection is that the guest OS is not considered a full member of the network. Communication takes place through a NAT device, usually the host OS. All passing requests from the guest OS are replaced by the host OS and the network participant is considered to be the host OS of the guest OS. Security of the host OS can be ensured by allowing packet redirection, but prohibiting their acceptance.
Configuring the network is as simple as selecting NAT. The hypervisor will then make the changes and the machine will be available.
Host-only connection provides access to the device by connecting it to a switch, unlike other methods for guest OS the external network of the host OS is not available. Since the interfaces operate in legible mode and do not accept packets that do not belong to its address.
When you open the list of networks, you can see that each network has a different value assigned to it:
All presented networks, except for special ones labelled VMnet1 and VMnet8, are prepared switches with DHCP servers ready for connection of devices. DHCP is also configurable and the segment is changed, if there is a need to use without prepared addressing, it is always possible to create a normal Lan segment. This option is also presented among the connection methods.
The VMnet1 network pre-connects the guest OS and the host OS to the switch, organising a Host-only connection. The same happens with VMnet8, where devices are pre-switched and attached to the channel environment. The host device is specified as the gateway.
Accordingly, in order for the machines to work correctly, each of them needs to specify a corresponding adapter with a prepared or automatically configured network.