I wanted to show a really cool routing Modification that I have built to Johan’s Hydration Kit.

His kit can be downloaded from www.deploymentresearch.com and is widely used by ConfigMgr professionals all over the world.

One of the challenges I face with these labs that they don’t really emulate production networks (MPLS, Internet, etc).

So I have written a very cool little script that takes one of the machines that is built during hydration and turns it into a Router / Firewall using

RRAS on Windows 2012 R2. This is version # 1 of my script and I will keep adding more modifications in the coming weeks / months.

The possibilities with this are really what strikes me as the coolest part:

Direct Access Testing from a simulated Internet

ConfigMgr Outbound Management – Via Direct Access ISATAP

Extending internal PKI to the simulated internet

Testing Lync Edge Services via the simulated Internet

Etc. etc.

 

Anyways let’s have a look at what I have built out with the PowerShell Script.

 

Figure 1 – Direct Access Multi-Site Conceptual Design for ViaMonstra

I decided that it would be a good idea to test this out by deploying a Multi-Site Direct Access Configuration and then also test a

Multi-Site Cluster with Exchange. Both worked flawlessly and as such I figured it would be fun to share this script.

 

Figure 2 – Exchange 2010 HA Multi-Site Conceptual Design for ViaMonstra

 

All of this was made possible because of this script that was originally conceived for our upcoming Advanced Windows Deployment Book.

I have modified the script for this lab and here is some of the great output…

Figure 3 – Branch_Routing_Hydration_DirectAccess.PS1 Script in action.

 

I thought it would be cool to list the output from the script as it actually does a lot….

 


C:\Users\Administrator> E:\_Scripts\Branch_Routing_Hydration_DirectAccess.ps1

… Setting Variables for the Script

Figuring out the IP Address of the DC01 Dynamically

Creating the VSwitches for the Lab

Stopping MDT01_CYL

Waitng for MDT01_CYL to shutdown …………….

Creating new VSwitch Internal-CYLVLAN20

Creating new VSwitch Internal_CYLInternet

Creating new VSwitch Internal_CYLInternet2

Creating new VSwitch Internal_CYLVLAN30

Creating new VSwitch Internal_CYLDMZ

Creating new VSwitch Internal_CYLDMZ2

Changing MAC Address on the 1st Network Adapter on MDT01_CYL

Adding a 2nd Network Adapter to MDT01_CYL

Adding a 3nd Network Adapter to MDT01_CYL

Adding a 4th Network Adapter to MDT01_CYL

Adding a 5th Network Adapter to MDT01_CYL

Adding a 6th Network Adapter to MDT01_CYL

Adding a 7th Network Adapter to MDT01_CYL

Adding a 8th Network Adapter to MDT01_CYL

Adding a 9th Network Adapter to MDT01_CYL

Starting MDT01_CYL

Waiting to start……Be Patient

Clearing DNS Client Cache

Creating a PS Session to DC01

Importing Active Directory, DHCP and DNS Modules from DC01

Importing Modules ActiveDirectory DnsServer DhcpServer on DC01….

Set credentials and allow remote administration via PowerShell to all hosts

Ethernet on MDT01 does not require a Default GW, Removing it…

Renaming 1st NIC to CorpNet

Renaming 2st NIC to DRNet

Renaming 3rd NIC to Internet

Renaming 4th NIC to DHCP Relay

Renaming 5st NIC to FSWSite

Renaming 6th NIC to DMZ

Renaming 7th NIC to Internet2

Renaming 8th NIC to DHCP Relay 2

Renaming 9th NIC to DMZ2

Adding an IP Address of 192.168.2.210 to MDT01’s ‘DRNet’ Adapter for Internet Simulation

Setting Primary DNS on MDT01 for Ethernet to pointing to DC01

DRNet on MDT01 does not require a Default GW, Removing it…

Adding an IP Address of 1.1.1.1 to MDT01’s ‘Internet’ Adapter for Internet Simulation

Setting Primary DNS on MDT01 for Ethernet to pointing to DC01

Internet on MDT01 does not require a Default GW, Removing it…

Adding an IP Address of 1.1.1.2 to MDT01’s ‘DHCPRelay’ Adapter for Internet Simulation

Setting Primary DNS on MDT01 for Ethernet to pointing to DC01

DHCPRelay on MDT01 does not require a Default GW, Removing it…

Adding an IP Address of 192.168.3.210 to MDT01’s ‘FSWSite’ Adapter for Internet Simulation

Setting Primary DNS on MDT01 for Ethernet to pointing to DC01

FSWSite on MDT01 does not require a Default GW, Removing it…

Adding an IP Address of 172.16.100.210 to MDT01’s ‘DMZ’ Adapter for Internet Simulation

Setting Primary DNS on MDT01 for Ethernet to pointing to DC01

DMZ on MDT01 does not require a Default GW, Removing it…

Adding an IP Address of 2.2.2.1 to MDT01’s ‘Internet2’ Adapter for Internet Simulation

Setting Primary DNS on MDT01 for Ethernet to pointing to DC01

Internet2 on MDT01 does not require a Default GW, Removing it…

Adding an IP Address of 2.2.2.2 to MDT01’s ‘DHCPRelay2’ Adapter for Internet Simulation 2ND Site

Setting Primary DNS on MDT01 for Ethernet to pointing to DC01

DHCPRelay2 on MDT01 does not require a Default GW, Removing it…

Adding an IP Address of 172.16.200.210 to MDT01’s ‘DMZ2’ Adapter for DMZ Simulation 2ND Site

Setting Primary DNS on MDT01 for Ethernet to pointing to DC01

DMZ2 on MDT01 does not require a Default GW, Removing it…

Installing RRAS on MDT01 for NAT Routing and DHCP Relay….

Stopping WDS Server as it was causing issues with RRAS

Disabling the WDS Service

Enabling RRAS

Configuring RRAS Startup Type to Automatic

Starting RRAS Service

Installing RRAS DHCP Relay Component

Configuring DHCP Relay IP Address with 192.168.1.200

Adding DRNET to DHCP Relay Configuration

Adding Internet 1 Site’s DHCP Relay

Adding File Share Witness Site’s DHCP Relay

Adding DMZ Site’s DHCP Relay

Adding DMZ2 Site’s DHCP Relay

Adding DHCPRelay2 Site’s DHCP Relay

Configuring NAT Device on Internet Adapter also Configuring NAT Rules to DA01 for Direct Access ….

Adding DRNET Adapter to Private NAT

Adding FSW Adapter to Private NAT

Adding DMZ Adapter to Private NAT

Adding CorpNet Adapter Private NAT

Adding DMZ2 Adapter Private NAT

Adding Internet Adapter to Public Full NAT

Creating NAT Rule for 3389 to DC01

Creating NAT Rule for 443 to the Direct Access Server

Creating NAT Rule for 80 to the External PKI Server CRL Website

Adding Internet2 Adapter to Public Full NAT

Creating NAT Rule for 3389 to DC02

Creating NAT Rule for 443 to 2nd Direct Access Server at other Site

Creating NAT Rule for 80 to the 2nd External PKI Server CRL Website

Changing Default Gateway’s on Core Lab Servers…

… DC01 will now use MDT01’s Ethernet Nic (192.168.1.210) as the Default GW

… CM01 will now use MDT01’s Ethernet Nic (192.168.1.210) as the Default GW

… DA01 will now use MDT01’s Ethernet Nic (192.168.1.210) as the Default GW

… MDT01’s CorpNet Interface should be stripped of all GW’s

Creating a DHCP Scope for the branches on the DHCP Server (DC01)

… Waiting for 5 Seconds… Be Patient

Creating a DHCP Scope for the DMZ on the DHCP Server (DC01)

… Waiting for 5 Seconds… Be Patient

Creating a DHCP Scope for the DMZ2 on the DHCP Server (DC01)

… Waiting for 5 Seconds… Be Patient

Creating a DHCP Scope for the Internet Simulation on the DHCP Server (DC01)

… Waiting for 5 Seconds… Be Patient

Creating a DHCP Scope for the Internet Simulation on the DHCP Server (DC01)

… Waiting for 5 Seconds… Be Patient

Creating a DHCP Scope for the Internal_CYLVLAN30 on the DHCP Server (DC01)

… Waiting for 5 Seconds… Be Patient

Modifying Default Gateway on Default DHCP Scope on DC01 to use 192.168.1.210 as the DG (DC01)

… Waiting for 5 Seconds… Be Patient

 

Then for the final test à right after running the script simply attach a few of the lab machines to the newly created

Vswitches and this is your result.

 


 

There you have it. A very cool Modification to the Hydration Kit.

 

Oh ya… I guess I should include the script J

http://1drv.ms/1mWq6M8

 

Enjoy!

 

Dave