How to: Create and Use a Network Isolated Environment

  • Article

A virtual environment that uses network isolation requires that the virtual machines in the environment must be either in a workgroup or joined to a private domain served by a domain controller (DC) virtual machine within the environment. For more information about how to use network-isolated environments, see the Network-Isolated Environments section of Virtual Environments Concepts and Guidelines.

This topic describes how you can set up an environment that uses network isolation. It assumes that you are already familiar with setting up and managing Active Directory and DNS.

This topic contains the following sections:

Process Overview

Adding and Preparing Virtual Machines and Templates for an Environment that Uses Network Isolation

Creating an Environment that Uses Network Isolation

Viewing the Status of Network-Isolated Environments

Operating an Environment that Uses Network Isolation

Communicating Between Machines in Network-Isolated Environments and Computers in the External Network

Network Isolation Checklist

Process Overview

The procedure to set up an environment that uses network isolation has the following steps:

  1. Make sure that all the prerequisites listed in the Network Isolation Checklist section of this topic have been met.

  2. Add and prepare the virtual machines and templates that you want to use in your environment.

  3. If you want to the machines to run in a private domain, prepare or import a domain controller virtual machine. The domain controller is often created as a virtual machine in System Center Virtual Machine Manager (SCVMM) and then imported into the project library. For more information, see How to: Prepare a Domain Controller Virtual Machine Using SCVMM.

  4. Use Microsoft Test Manager to create a virtual environment that is configured for network isolation from the machines that you have prepared. If the environment is to run in a private domain, include the domain controller virtual machine.

  5. Connect to the machines in your environment and perform any additional configuration, such as joining the machines to the domain of the private domain controller.

  6. To be able to create multiple copies of the environment, store the environment in the library.

Adding and Preparing Virtual Machines and Templates for an Environment that Uses Network Isolation

When you create a network environment, you can use virtual machines and templates that you import from System Center Virtual Machine Manager (SCVMM), or you can create stored virtual machines and templates from virtual machines in a deployed environment. For more information, see the following topics:

You can add a stored virtual machine or template to an environment multiple times, but you must make sure that the internal identity information for the deployed virtual machines is unique to the environment.

Setting virtual machine and template properties

If it is necessary you can modify properties of the stored virtual machines when you add them to the library or before you deploy the environment. For more information, see How to: Set the Properties of a Virtual Machine or Template.

The internal computer name of the deployed virtual machine is the name that was specified in the stored virtual machine or template. When the network isolated environment is created, Lab Management creates an alias for the virtual machine that is used to communicate with the external network.

  • If you are using a stored virtual machine in the environment, you can change the internal computer name only after you deploy the environment.

  • If you are using a template, you can specify the computer name in the Identity information group on the OS profile tab of the Machine properties page.

The stored virtual machines that you use to create a network isolated environment must be configured as workgroup machines, that is, they must not be joined to a domain. You can connect the machines to an internal domain after you deploy the environment.

  • If you are using a stored virtual machine in the environment, you can change the internal computer name only after you deploy the environment. A best practice is to add only workgroup virtual machines to your project library.

Additional required properties of the stored virtual machines or templates are described in the Virtual machines in the environment section of the Network Isolation Checklist.

Creating an Environment that Uses Network Isolation

To create an environment that uses network isolation, you first create the environment in the Lab tab of Lab Center. For more information about how to create environments, see How to: Create an Environment from Virtual Machines or Templates.

Then you start the environment, connect to it, and then perform additional configuration tasks such as joining the machines to the private domain. Finally, to enable you to run multiple copies of the environment, you shut down the environment and store it in the team project library. You can then run as many instances of the stored environment as needed.

Consider the following points as you create the environment:

  • Include the domain controller virtual machine along with the application virtual machines and templates in the environment.

  • On the Capabilities wizard page, select the Enable network isolation for this environment check box.

  • When network isolation is enabled, you are prompted to designate one of the virtual machines in the environment as the domain controller. Select the appropriate virtual machine.

To configure a deployed environment that uses network isolation

  1. When the creation is complete, start the environment.

    1. Select the environment under Lab tab in Lab Center.

    2. Click Start.

  2. Wait for the network isolation status of the environment to be Ready before you go to the next step.

  3. In Environment Viewer, connect to the environment.

  4. If your environment uses a private domain, follow these steps:

    Check and restart the domain controller. You must be the owner of the virtual domain controller.

    1. Select the domain controller virtual machine.

    2. Login to the domain controller virtual machine using its host connection.

    3. Open Windows Services tool (services.msc) and verify that the Active Directory and DNS services are running and available.

    4. On the domain controller virtual machine, click Start and then click Restart. Wait for the virtual machine to be completely restarted and for the status of network isolation to be Ready again before joining the other computers to the domain.

      It is important to restart the domain controller before you join any virtual machines to the private domain so that out-of-date locator records in DNS are purged. The domain controller must have correct DNS locator records for the new internal IP addresses assigned for network isolation. Domain members rely on these DNS locator records to locate the domain controller. On some versions of Windows servers, out-of-date DNS records are purged only during the start of the service.

    In Environment Viewer, connect to each of the other virtual machines in the environment and follow these steps to join that machine to the local domain.

    1. Login to the virtual machine using its remote connection.

    2. Click Start, right-click Computer, and then click Properties.

    3. Under the Computer name, domain, and workgroup settings, change the domain of the computer by selecting the name of the domain that you created in your domain controller virtual machine. Use the credentials of a user in that domain.

    4. After you join the domain, restart the virtual machine.

    5. Repeat this step for each virtual machine in the environment other than the domain controller.

    If the machines in your environment are in a workgroup, connect to the machines in Environment Viewer and perform any necessary configuration tasks.

  5. After you have finished the previous step, wait until the network isolation status of the environment becomes Ready before you use the environment. For more information, see Viewing the Status of Network-Isolated Environments.

  6. (Optional). Take a snapshot of the environment by using Environment Viewer.

  7. (Optional) To use the environment as a source of multiple copies, follow these steps.

    1. From the Lab tab of Test Manager, shut down the environment.

      Select the environment and then click Shut Down on the toolbar.

    2. Store the environment in the library.

      Select the environment and then click Store in Library on the toolbar. Enter a new name for the stored environment.

      Note   Do not change the configuration of the environment or its virtual machines.

    You can now ready to create multiple clones from the stored environment.

Operating an Environment that Uses Network Isolation

In the Lab tab of the Lab Center, you can start, pause, or shut down an environment that uses network isolation. You can also create snapshots of the environment and store the environment in the team project library. For more information, see How to: Operate a Virtual Environment. The following points are exceptions to procedures that are described in that topic:

Consider the following points as you operate the environment:

  • Do not use the Power off action to turn off a running environment that contains a domain controller virtual machine. Use the Shut Down action instead.

  • Do not exceed five snapshots on the environment that has a domain controller virtual machine. More than five snapshots could cause significant decrease in performance.

Operating Machines in an Environment that Uses Network Isolation

You can use the Microsoft Test Manager Environment Viewer to perform administration and configuration tasks on the machines in the environment. Except for the domain controller machine, you can connect directly to machines in the environment by using either a host or a guest connection in the Environment Viewer.

Because the domain controller is not connected to the external environment, you must use a host-based connection to directly connect to the domain controller machine in Environment Viewer. If a host-based connection is not available, you can connect to another machine in the environment and then use Remote Desktop Connection to connect to the domain controller in the private domain.

For more information, see How to: Connect to a Virtual Environment.

Viewing the Status of Network-Isolated Environments

Each network-isolated environment has an additional status that describes whether network isolation has been configured correctly in the environment.

To view the network isolation status of an environment

  1. In Test Manager, open the Lab Center of your team project, and then click the Lab tab.

  2. Click an environment.

  3. In the right-side pane, view the three icons next to Capabilities. Network isolation status is represented by the first icon.

  4. Move the pointer over this icon to see a tooltip that explains the icon.

  5. When the status is Partially Ready or Failed, there is a warning or an error message associated with the environment together with a link to More details. Clicking this link provides additional information about the warning or the error and the corrective action.

    Note

    The status of network isolation capability is displayed only for environments that are running. If the environment is any other state, the network isolated status is not available.

The following table describes the states that are supported for network isolation.

State

Description

Not configured

Network isolation capability is not enabled in the selected environment.

Not ready

Network isolation capability is not ready. This usually means that the capability is enabled in the environment but the environment is not in a Running state.

In progress

Network isolation is being configured for the environment. This is usually seen when the environment is powering up after it has been started.

Partially ready

Network isolation has been configured on some virtual machines in the environment but not on all virtual machines. This might be a transient state that indicates the capability is still being configured on the rest of the virtual machines. If this state persists for the environment, then there was a failure configuring isolation on one or more of the virtual machines.

Ready

Network isolation is fully configured for the environment and is ready for you to work with the environment.

Failed

There was a failure while configuring network isolation capability. Click More details to learn about the problem and the resolution.

When you start a network isolated environment, the status usually starts from Not ready, transitions to In progress, then to Partially ready, and finally to Ready. The same behavior is seen when you restore a network isolated environment to an earlier snapshot. The time that it takes for the status to become Ready depends on several factors, including the time taken by virtual machine to turn on and initialize, and the load on the Hyper-V host that is running the environment.

Communicating Between Machines in Network-Isolated Environments and Computers in the External Network

To enable communication with the external network, Lab Management adds a second network adapter to the machines in an environment that uses network isolation. The second adapter provides external network aliases for the computer name and IP address.

Communicating with a machine in an isolated environment from a computer in the external network

You can communicate with machines in a network-isolated environment from a computer in the external network by using the aliases of the second network adapter. For example, you can use the computer name alias in the url to open the Web site of a Web server in an isolated network from a browser on a machine in the external network. You can also use the computer name alias as the server name in a connection string that is used to connect an application on the external domain to a database in the network isolated environment.

To obtain the external network aliases of a machine in a network-isolated environment

  1. In Microsoft Test Manager, open Lab Center, and then click Lab.

  2. Connect to the environment by using Environment Viewer.

    1. Select the environment in the list.

    2. Click Connect.

  3. In Environment Viewer, right-click the machine and choose System Info.

    • The Computer name field displays the fully qualified name of the machine on the external network.

    • The IP address displays the IP address on the external network.

Communicating with a computer in the external network from a machine in an isolated environment

A machine in a network-isolated environment can communicate with computers in the external network from by using the fully qualified domain name or IP address of the external computer.

Network Isolation Checklist

The following actions are required to use network isolation in Lab Management environments that use a private network:

Team Foundation Server

   

Enable network isolation in Team Foundation Server. For more information, see Configuring Lab Management for the First Time.

The virtual environment

   

All virtual machines in the environment must fit on a single physical host.

The Active Directory and DNS virtual machine

   

Enable the Active Directory and the DNS server roles on a single machine.

   

Enable Remote Desktop Services.

   

Install Lab agent. For more information, see Installing and Configuring Visual Studio Agents and Test and Build Controllers.

   

(Recommended) Set the Administrator password not to expire.

Virtual machines in the environment

Make sure that the following properties are set on the virtual machines or templates that you want to use in the environment before you deploy a network isolated environment:

   

The machine must be joined to a workgroup before you create the environment.

   

Enable Remote Desktop Services.

   

Install Lab agent. For more information, see Installing and Configuring Visual Studio Agents and Test and Build Controllers.

   

(Recommended) Install Test Manager test and build agents. For more information, see Installing and Configuring Visual Studio Agents and Test and Build Controllers.

   

(Recommended) Install any supporting applications that you need in the environment.

   

(Recommended) Set Administrator password not to expire.

The application that you want to test

   

Your application must be able to work on computers that have multiple network adapters.

   

Your application must be run on one of the following operating systems: Windows XP SP3 and later versions, Windows Vista, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2.

See Also

Tasks

How to: Prepare a Domain Controller Virtual Machine Using SCVMM

Concepts

Virtual Environments Concepts and Guidelines

How to: Connect to a Virtual Environment