Virtual network architecture

Virtual network architecture

The virtual network architecture of Virtual Server 2005 allows the traffic in each virtual network to be isolated from that of other virtual networks. Communication with the host operating system and devices on the network is handled by the virtual machine network services driver, which is installed by Virtual Server Setup on the host operating system at a low level, just above the hardware network driver. The virtual machine network services driver determines the routing of network packets, sending them to the host operating system or a virtual network adapter assigned to a virtual machine.

The degree to which the network traffic of virtual machines and the host operating system is isolated depends on the configuration of the virtual networks and virtual machines, as follows:

• Virtual network not attached to a physical network adapter. In this scenario, the virtual network is a self-contained private network with its own optional virtual DHCP server. The network traffic of the virtual machines attached to this network and the host operating system is completely isolated. The host operating system cannot read, monitor, or capture the network traffic of the virtual machines, and the virtual machines cannot read, monitor, or capture the network traffic of the host operating system. In addition, all network traffic is confined to the physical computer—in other words, isolated from the physical network.
• Virtual network attached to a dedicated physical network adapter. If no other virtual networks are attached to this physical network adapter, the virtual machines attached to this network cannot read, monitor, or capture the host operating system's network traffic, nor can the host operating system read, monitor, or capture network traffic between the virtual machines. The host operating system can, however, read, monitor, or capture network traffic between a virtual machine and another device on the physical network.
• Two or more virtual networks attached to the same physical network adapter. When two virtual networks are attached to the same physical network adapter, the network traffic is only partly isolated. Virtual machines attached to such virtual networks will be able to read, monitor, and capture one another's inbound network traffic, although they cannot read, monitor, and capture one another's outbound traffic.
• Virtual machines attached to the same virtual network. In this scenario, virtual machines can read, monitor, and capture the network traffic of other virtual machines attached to this virtual network. This is the same situation that exists when physical computers are attached to the same network hub: they can read, monitor, and capture one another's network traffic.

The following figure depicts virtual network architecture in Virtual Server.

For more information about working with virtual networks, see Setting Up Virtual Networks. For more information about how virtual networks function, see Virtual networks. For more information about the architecture of Virtual Server, see Architecture.