Starting point
As of this point, I have a functioning Windows 2016 domain controller and DNS server, which is the starting point for the rest of the network.
Next objective
I have a VMWare Workstation Professional install running on my local machine with a bunch of workstation-type VMs installed inside. As far as testing out my domain's abilities to centrally manage a bunch of different systems, I'd like to be able to use these VMs - because EC2 instances mostly run server operating systems.
One of my local VMs is a Windows 2016 Server, which is perfect! It can serve as a local domain controller for my VMs.
Of course, there's one problem: my VMWare install is running here, and my primary domain controller is running in AWS.
So that's today's problem: establishing a VPN tunnel between my W2016 VM, and my VPC running on AWS.
(This is an unusual scenario that most people won't need or want to do, but I want to, so...)
Design
There's a few problems I need to overcome:
- My local machine is on a Comcast residential connection, and can't be relied on to have a static external IP address.
- My W2016 server is running inside a virtual machine, on a physical machine, which is behind a NAT firewall.
The solution to #1 is pretty straightforward: it means the VPN tunnel will have to be initiated from my end, every time.
#2 is more complicated. I don't want my VMs to be on my local network, I want them isolated in their own virtual network. But I also need them to be able to talk through the VPN.
The solution: VMWare will allow me to create a virtual network with no direct connectivity to the outside world. All the VMs will go on this network. The W2016 VM, though, will get a second virtual NIC that has connectivity to my local network, and from there to the outside world - through which it can establish a VPN tunnel.
I'm not certain at this point whether there will be any ill effects from maintaining two separate domain controllers that don't stay on 24/7. But we'll find out.
No comments:
Post a Comment