I wanted to show a really cool routing Modification that I have built to Johan’s Hydration Kit.
His kit can be downloaded from www.deploymentresearch.com and is widely used by ConfigMgr professionals all over the world.
One of the challenges I face with these labs that they don’t really emulate production networks (MPLS, Internet, etc).
So I have written a very cool little script that takes one of the machines that is built during hydration and turns it into a Router / Firewall using
RRAS on Windows 2012 R2. This is version # 1 of my script and I will keep adding more modifications in the coming weeks / months.
The possibilities with this are really what strikes me as the coolest part:
Direct Access Testing from a simulated Internet
ConfigMgr Outbound Management – Via Direct Access ISATAP
Extending internal PKI to the simulated internet
Testing Lync Edge Services via the simulated Internet
Etc. etc.
Anyways let’s have a look at what I have built out with the PowerShell Script.
Figure 1 – Direct Access Multi-Site Conceptual Design for ViaMonstra
I decided that it would be a good idea to test this out by deploying a Multi-Site Direct Access Configuration and then also test a
Multi-Site Cluster with Exchange. Both worked flawlessly and as such I figured it would be fun to share this script.
Figure 2 – Exchange 2010 HA Multi-Site Conceptual Design for ViaMonstra
All of this was made possible because of this script that was originally conceived for our upcoming Advanced Windows Deployment Book.
I have modified the script for this lab and here is some of the great output…
Figure 3 – Branch_Routing_Hydration_DirectAccess.PS1 Script in action.
I thought it would be cool to list the output from the script as it actually does a lot….
C:\Users\Administrator> E:\_Scripts\Branch_Routing_Hydration_DirectAccess.ps1
… Setting Variables for the Script
Figuring out the IP Address of the DC01 Dynamically
Creating the VSwitches for the Lab
Stopping MDT01_CYL
Waitng for MDT01_CYL to shutdown …………….
Creating new VSwitch Internal-CYLVLAN20
Creating new VSwitch Internal_CYLInternet
Creating new VSwitch Internal_CYLInternet2
Creating new VSwitch Internal_CYLVLAN30
Creating new VSwitch Internal_CYLDMZ
Creating new VSwitch Internal_CYLDMZ2
Changing MAC Address on the 1st Network Adapter on MDT01_CYL
Adding a 2nd Network Adapter to MDT01_CYL
Adding a 3nd Network Adapter to MDT01_CYL
Adding a 4th Network Adapter to MDT01_CYL
Adding a 5th Network Adapter to MDT01_CYL
Adding a 6th Network Adapter to MDT01_CYL
Adding a 7th Network Adapter to MDT01_CYL
Adding a 8th Network Adapter to MDT01_CYL
Adding a 9th Network Adapter to MDT01_CYL
Starting MDT01_CYL
Waiting to start……Be Patient
Clearing DNS Client Cache
Creating a PS Session to DC01
Importing Active Directory, DHCP and DNS Modules from DC01
Importing Modules ActiveDirectory DnsServer DhcpServer on DC01….
Set credentials and allow remote administration via PowerShell to all hosts
Ethernet on MDT01 does not require a Default GW, Removing it…
Renaming 1st NIC to CorpNet
Renaming 2st NIC to DRNet
Renaming 3rd NIC to Internet
Renaming 4th NIC to DHCP Relay
Renaming 5st NIC to FSWSite
Renaming 6th NIC to DMZ
Renaming 7th NIC to Internet2
Renaming 8th NIC to DHCP Relay 2
Renaming 9th NIC to DMZ2
Adding an IP Address of 192.168.2.210 to MDT01’s ‘DRNet’ Adapter for Internet Simulation
Setting Primary DNS on MDT01 for Ethernet to pointing to DC01
DRNet on MDT01 does not require a Default GW, Removing it…
Adding an IP Address of 1.1.1.1 to MDT01’s ‘Internet’ Adapter for Internet Simulation
Setting Primary DNS on MDT01 for Ethernet to pointing to DC01
Internet on MDT01 does not require a Default GW, Removing it…
Adding an IP Address of 1.1.1.2 to MDT01’s ‘DHCPRelay’ Adapter for Internet Simulation
Setting Primary DNS on MDT01 for Ethernet to pointing to DC01
DHCPRelay on MDT01 does not require a Default GW, Removing it…
Adding an IP Address of 192.168.3.210 to MDT01’s ‘FSWSite’ Adapter for Internet Simulation
Setting Primary DNS on MDT01 for Ethernet to pointing to DC01
FSWSite on MDT01 does not require a Default GW, Removing it…
Adding an IP Address of 172.16.100.210 to MDT01’s ‘DMZ’ Adapter for Internet Simulation
Setting Primary DNS on MDT01 for Ethernet to pointing to DC01
DMZ on MDT01 does not require a Default GW, Removing it…
Adding an IP Address of 2.2.2.1 to MDT01’s ‘Internet2’ Adapter for Internet Simulation
Setting Primary DNS on MDT01 for Ethernet to pointing to DC01
Internet2 on MDT01 does not require a Default GW, Removing it…
Adding an IP Address of 2.2.2.2 to MDT01’s ‘DHCPRelay2’ Adapter for Internet Simulation 2ND Site
Setting Primary DNS on MDT01 for Ethernet to pointing to DC01
DHCPRelay2 on MDT01 does not require a Default GW, Removing it…
Adding an IP Address of 172.16.200.210 to MDT01’s ‘DMZ2’ Adapter for DMZ Simulation 2ND Site
Setting Primary DNS on MDT01 for Ethernet to pointing to DC01
DMZ2 on MDT01 does not require a Default GW, Removing it…
Installing RRAS on MDT01 for NAT Routing and DHCP Relay….
Stopping WDS Server as it was causing issues with RRAS
Disabling the WDS Service
Enabling RRAS
Configuring RRAS Startup Type to Automatic
Starting RRAS Service
Installing RRAS DHCP Relay Component
Configuring DHCP Relay IP Address with 192.168.1.200
Adding DRNET to DHCP Relay Configuration
Adding Internet 1 Site’s DHCP Relay
Adding File Share Witness Site’s DHCP Relay
Adding DMZ Site’s DHCP Relay
Adding DMZ2 Site’s DHCP Relay
Adding DHCPRelay2 Site’s DHCP Relay
Configuring NAT Device on Internet Adapter also Configuring NAT Rules to DA01 for Direct Access ….
Adding DRNET Adapter to Private NAT
Adding FSW Adapter to Private NAT
Adding DMZ Adapter to Private NAT
Adding CorpNet Adapter Private NAT
Adding DMZ2 Adapter Private NAT
Adding Internet Adapter to Public Full NAT
Creating NAT Rule for 3389 to DC01
Creating NAT Rule for 443 to the Direct Access Server
Creating NAT Rule for 80 to the External PKI Server CRL Website
Adding Internet2 Adapter to Public Full NAT
Creating NAT Rule for 3389 to DC02
Creating NAT Rule for 443 to 2nd Direct Access Server at other Site
Creating NAT Rule for 80 to the 2nd External PKI Server CRL Website
Changing Default Gateway’s on Core Lab Servers…
… DC01 will now use MDT01’s Ethernet Nic (192.168.1.210) as the Default GW
… CM01 will now use MDT01’s Ethernet Nic (192.168.1.210) as the Default GW
… DA01 will now use MDT01’s Ethernet Nic (192.168.1.210) as the Default GW
… MDT01’s CorpNet Interface should be stripped of all GW’s
Creating a DHCP Scope for the branches on the DHCP Server (DC01)
… Waiting for 5 Seconds… Be Patient
Creating a DHCP Scope for the DMZ on the DHCP Server (DC01)
… Waiting for 5 Seconds… Be Patient
Creating a DHCP Scope for the DMZ2 on the DHCP Server (DC01)
… Waiting for 5 Seconds… Be Patient
Creating a DHCP Scope for the Internet Simulation on the DHCP Server (DC01)
… Waiting for 5 Seconds… Be Patient
Creating a DHCP Scope for the Internet Simulation on the DHCP Server (DC01)
… Waiting for 5 Seconds… Be Patient
Creating a DHCP Scope for the Internal_CYLVLAN30 on the DHCP Server (DC01)
… Waiting for 5 Seconds… Be Patient
Modifying Default Gateway on Default DHCP Scope on DC01 to use 192.168.1.210 as the DG (DC01)
… Waiting for 5 Seconds… Be Patient
Then for the final test à right after running the script simply attach a few of the lab machines to the newly created
Vswitches and this is your result.
There you have it. A very cool Modification to the Hydration Kit.
Oh ya… I guess I should include the script J
Enjoy!
Dave