When using the Microsoft Hyper-V hypervisor for your enterprise IT systems, sometimes you might want to connect virtual machines (VMs) to networks which are outside of your Hyper-V host, such as your corporate intranet or the internet. That's where the Hyper-V virtual switch feature can come to your IT department's aid.
What Is a Hyper-V Virtual Switch?
The Hyper-V virtual switch works with Windows Server and Windows Server 2016. It also allows users to connect to virtual networks on the server that are running Hyper-V when you deploy Software Defined Networking (SDN), according to an October 2017 technical document posted in the Microsoft Windows IT Pro Center.
The Hyper-V virtual switch is a software-based, layer-2 Ethernet network switch that can be found in the Hyper-V virtual switch Manager. It includes "programmatically managed and extensible capabilities to connect VMs to both virtual networks and the physical network," while also providing policy enforcement for security, isolation and service levels. The switch only supports Ethernet and cannot be used with other wired local area network (LAN) technologies, including Infiniband and Fibre Channel.
What Are the Major Features of a Hyper-V Virtual Switch?
Users can choose from a wide range of functions for use within the Hyper-V virtual switch, including tenant isolation capabilities, traffic shaping, protection against malicious virtual machines and simplified troubleshooting. The switch features built-in support for Network Device Interface Specification (NDIS) filter drivers and Windows Filtering Platform (WFP) callout drivers. This allows independent software vendors (ISVs) to create extensible plugins called Virtual Switch Extensions, which can provide enhanced networking and security capabilities. 5nine Cloud Security, for example, provides multilayered protection for every point of attack across your virtual environment while sitting on a virtual switch between the Hyper-V host and virtual network adapters.
Other useful features available in the Hyper-V virtual network switch are:
- Address Resolution Protocol (ARP) and Neighbor Discovery (ND) Poisoning (spoofing) protection
- Dynamic Host Configuration Protocol (DHCP) protection
- Port Access Controls (ACLs) for traffic filtering
- Trunk Mode to VM capabilities
- Network traffic monitoring
- Isolated (private) LAN capabilities that enable administrators to segregate traffic on multiple VLANs and to establish isolated tenant communities
Administrators can create a Hyper-V virtual switch when first installing a Hyper-V hypervisor on Windows Server or Windows Server 2016. Additional virtual switches can be created using Hyper-V Manager, Windows PowerShell or 5nine Cloud Manager.
The Hyper-V virtual switch adds helpful tools for IT administrators to expand their use of the Hyper-V virtualization hypervisor to control their virtual machines and manage and distribute necessary workloads.
Editor’s Note: This post was originally published in March 2018 and has been completely revamped and updated for accuracy and comprehensiveness.
I am an author, speaker and technical evangelist focussed on Microsoft Cloud management and security. I’ve held product management and product marketing roles at early stage startups and enterprise software vendors, all with an emphasis on Microsoft technologies. As the Senior Evangelist for 5nine, I get to share the 5nine story with audiences all over the world. I talk, I blog, I record videos, and I spread the word via social media.