When performing iterative development or testing work, it is critical to be able to quickly stand up a “clean slate” environment. The concept behind the hydration kit is to be able to rapidly “hydrate” a small Windows Domain to simulate a small enterprise environment, “Just add water!”
When I am configuring an enterprise lab environment, I want it to behave as an enterprise network would as one might encounter in the field. That is, I do not want to have any means of communication between my personal network and the lab network. I would, however, like for my lab network to be able to reach the internet. To achieve this goal, I would suggest using a router that supports 802.1Q- Virtual Local Area Networks, or VLANs. Configuring a port to a particular VLAN allows one to manage traffic by means of your designated VLAN tag, and the specified VLAN tag must be in its corresponding place within the data transmission packet.
We can use VLANs to distinguish two logical networks; but, it is important to understand that VLANs exist at layer 2, rather than layer 3 as IP does. This means a router can happily route IP packets to wherever the routing table says, even if that means the destination is a different VLAN. One must configure firewall rules to disallow traffic between the two. This allows us to have two parallel, separate logical networks that are unable to communicate with each other, but are able to communicate with the same source. Unless, of course, a NAT hole-punching technique were to be used to communicate over the internet, but I digress.
Now, one would think that you could specify multiple VLANs to a single router/switch port, configure the host machine to communicate using your primary VLAN, and share the adapter to allow guest communication with your secondary VLAN. After all, Hyper-V has the option to allow hosts/guests to share a single adapter. However, I did not have any success in attempting to do this. When I selected to share the adapter with the OS while a VLAN was specified, the connection to the primary VLAN would drop. It is not clear to me whether this is a limitation of my network adapter, of Hyper-V, or perhaps some unidentified configuration issue that I haven’t considered.
Regardless, it is simple enough to install a secondary NIC in my host machine, which is probably a good idea anyways just for performance and simplicity’s sake. The secondary NIC is only for use by Hyper-V and guest VMs and is configured to use my secondary VLAN.
For my purposes, testing scripts that interact with other machines on the same domain, I want a small domain that I can “hydrate” and quickly stand up as a functional temporary environment. This environment should be preconfigured for rapid iterative testing. To accomplish this, I have pulled Evaluation version .ISO’s from Microsoft for Windows Server 2022, and Windows 11. I built my Domain Controller with DHCP and DNS roles (which is bad practice in the real world, but simplifies the lab), configured local admin credentials, and added users and computers to AD. I then built a Windows 11 machine, configured local admin credentials, added it to the domain, and ensured proper network function. Then, I shutdown these machines, and exported them to a known location to use as “templates” of sorts.
Using the copy import type, these VMs can be imported, but given a unique identifier and stood up at will. I used the first Windows 11 machine as a template to quickly configure a few more Windows 11 boxes, and added them to the domain before shutting them down and exporting them to create more preconfigured “templates.” I also saved a config.txt file to the known location that documents things like the domain name, local/domain admin credentials, and other useful information. Obviously, this would be an enormous violation of security if this were not simply for HomeLab purposes.
Together, these files comprise a “Lab Hydration Kit” that can be used to quickly stand up a small domain with network configuration and everything already configured. This is a critical capability to have at your disposal for iterative development or testing work. And, while this is certainly not the only way to provide such a capability, it is a simple way- and, when you’re working after hours, sometimes simple is good.