Networking

Create Veeam Isolated Sandbox Virtual Lab

Brandon LeeJune 13, 2017Last Updated: January 11, 2021
3 minutes read
veaamlab01
veaamlab01

I have written several posts on how to created an Isolated lab environment using the same IP addresses or overlapping subnets. This requires some network trickery to pull off to make the routing work correctly. Veeam has functionality in the Virtual Lab functionality that allows for creating a virtual lab using the same IP addresses that are used in your production network. A lot of the principles are the same. We have similiar components when we create Veeam isolated sandbox virtual lab that we do we manually use virtual routers and isolated switches. However, the Veeam isolated sandbox virtual lab streamlines the process greatly as it spins up a router on the fly with the selected subnets, etc already configured including the netmap and masquerade rules.  This is the process that Veeam uses for the SureBackup technology.  Let’s take a look.

Create Veeam Isolated Sandbox Virtual Lab

To get to the Virtual Lab setup, we navigate to Backup InfrastructureSureBackup, and Virtual Labs.  Click Add Virtual lab.

veaamlab01

Next, we name the virtual lab.  Note the name you configure here is the name of the router appliance that gets added to your VMware inventory.
veaamlab02

Next, we select the host we want for compute/memory.  If you select a resource in vCenter, it will automatically create a folder and resource pool by the same name as well.

veaamlab03

Select storage.

veaamlab04

The next configuration we pay attention to is the Proxy configuration.  Here we select a Production network and then choose our options for IP address.  This is the interface on the Virtual Lab router that actually connects to your production network.

veaamlab05

After configuring the settings above, we see our IP address and DNS server addresses configured.

veaamlab06

On the Networking screen, we select how we want to perform the configuration.  Here I am choosing Advanced single-host (manual configuration) as this allows for more granular configuration.

veaamlab07

On the Isolated Networks screen, we have important configuration here as this is what will create the isolated environment that our VMs can live on with production IP addresses.  If we click the Edit button, we will be able to choose our isolated network and masquerade settings.

veaamlab08

Notice the Virtual NIC is connected to Testlab DPG-Mgmt switch.  Note the vSwitch that gets created is a standard vSwitch, however, as you see below the name looks like a distributed vSwitch.  I am using distributed switches on this host, so the Virtual Lab is simply mimicking the name of the distributed switch that I am using for the production network.

The masquerade network address is important as this is the netmap rule that gets created on the Virtual Lab router that is the address that you connect to from the real outside production network to speak to the internal VM that is running the overlapping IP address.

veaamlab09

We won’t configure anything on the static mappings however it provides some really unique and cool possibilities.  Hopefully another post on this later.

veaamlab10

Finally, a summary of our configuration.

veaamlab11

The virtual router is deployed.

veaamlab12

We see the new virtual machine provisioned in vSphere.

veaamlab13

Notice on the VM itself, we see the two network adapters provisioned both to the production and isolated networks.

veaamlab14

First, I want to test and make sure I can ping the real production IP assigned to the router live production interface.  It is successful.

veaamlab15

I quickly provisioned a TTYLinux appliance to test pings.  The IP it grabbed on the “pseudo” production “isolated” interface was 192.168.1.3.

veaamlab16

To test connectivity, I manually added a route on the test workstation to point to the production IP of the provisioned router.  The static route directs any traffic for the masquerade subnet to the router IP.

veaamlab17

So since the internal isolated subnet is 192.168.1.X, then we should be able to connect to it via 192.168.255.X which is the masquerade subnet.  Success!

veaamlab18

Thoughts

The process to Create Veeam Isolated Sandbox Virtual Lab using the Virtual Lab functionality is straightforward.  The resulting router already has the appropriate netmap and masquerade rules configured.  Using this functionality we can provision a lab network fairly quickly even to be used outside of Veeam purposes.

Brandon LeeJune 13, 2017Last Updated: January 11, 2021
3 minutes read

Subscribe to VirtualizationHowto via Email 🔔

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Photo of Brandon Lee

Brandon Lee

Brandon Lee is the Senior Writer, Engineer and owner at Virtualizationhowto.com and has over two decades of experience in Information Technology. Having worked for numerous Fortune 500 companies as well as in various industries, Brandon has extensive experience in various IT segments and is a strong advocate for open source technologies. Brandon holds many industry certifications, loves the outdoors and spending time with family.

Related Articles

Configuring-the-Protected-EAP-Properties-in-Windows-10-802.1X-authentication-configuration

Configure Windows 10 for 802.1X User Authentication

December 18, 2018
tcp_tools03

Viewing and killing TCP IP connections Windows

October 10, 2014
appliance01a

Use VIRL Images in GNS3

November 8, 2016
superputty02

Change the font and color in SuperPutty

August 5, 2015

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© Copyright 2024, All Rights Reserved  |