Download pdf - MSL TMG1 SetupGuide

Transcript
Page 1: MSL TMG1 SetupGuide

7/16/2019 MSL TMG1 SetupGuide

http://slidepdf.com/reader/full/msl-tmg1-setupguide 1/25

MSL-TMG1 Gateway Virtual Machine

Microsoft® Hyper-V® Classroom SetupGuide

Contents

Forefront Threat Management Gateway VM 1 Introducing Microsoft Hyper-V 1 Setup Overview 2 Classroom Requirements 2 

Hardware 3 Software 3 

Classroom Configuration 3 Instructor Computer Checklist 5 Instructor Computer Setup 6 

1. Add the Hyper-V Server Role 7 2. Create Private and External Virtual Networks 7 3. Install MSL-TMG1 virtual machine 7 4. Create a Setup Share 9 5. Copy the Virtual Machine Files to the Student Computer 9 6. Run the VM-Pre-Import script 10 7. Import the MSL-TMG1 Virtual Machine on the

Instructor Computer 10 8. Configure the MSL-TMG1 Virtual Machine on the

Instructor Computer 10 Enable the Web Access Rule 10 

 Apply All Windows Updates 11 Ensure Malware Definitions Are Updated 11 

9. Configure and Verify Internet Connectivity for Internal Virtual Machines 11 Verify That the TMG-VM Has Internet Connectivity 12 

Page 2: MSL TMG1 SetupGuide

7/16/2019 MSL TMG1 SetupGuide

http://slidepdf.com/reader/full/msl-tmg1-setupguide 2/25

  Verifying Internet Connectivity from the Virtual Machines 12 Optional Procedure If an Internet Proxy Server Is Usedon the Network 15 Optional Procedure If DNS Resolution Is Restrictedto Certain DNS Servers on Your Network 15 

Student Computer Checklist 17 Student Computer Setup 18 

1. Install the Hyper-V Server Role 18 2. Install the Base Image / Virtual Machine Files 18 

 Appendix A 19  Appendix B 20 

Supporting Virtual Server and Virtual PC Labs onHyper-V Classroom Computers 20 

Page 3: MSL TMG1 SetupGuide

7/16/2019 MSL TMG1 SetupGuide

http://slidepdf.com/reader/full/msl-tmg1-setupguide 3/25

Information in this document, including URL and other Internet Web site

references, is subject to change without notice. Unless otherwise noted, the

example companies, organizations, products, domain names, e-mail addresses,

logos, people, places, and events depicted herein are fictitious, and no

association with any real company, organization, product, domain name, e-mail

address, logo, person, place or event is intended or should be inferred.

Complying with all applicable copyright laws is the responsibility of the user.

Without limiting the rights under copyright, no part of this document may be

reproduced, stored in or introduced into a retrieval system, or transmitted in any

form or by any means (electronic, mechanical, photocopying, recording, or 

otherwise), or for any purpose, without the express written permission of 

Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other 

intellectual property rights covering subject matter in this document. Except as

expressly provided in any written license agreement from Microsoft, the

furnishing of this document does not give you any license to these patents,

trademarks, copyrights, or other intellectual property.

The names of manufacturers, products, or URLs are provided for informational

purposes only and Microsoft makes no representations and warranties, either 

expressed, implied, or statutory, regarding these manufacturers or the use of the

products with any Microsoft technologies. The inclusion of a manufacturer or 

product does not imply endorsement of Microsoft of the manufacturer or product.

Links may be provided to third party sites. Such sites are not under the control of 

Microsoft and Microsoft is not responsible for the contents of any linked site or 

any link contained in a linked site, or any changes or updates to such sites.

Microsoft is not responsible for webcasting or any other form of transmission

received from any linked site. Microsoft is providing these links to you only as a

convenience, and the inclusion of any link does not imply endorsement of 

Microsoft of the site or the products contained therein.

© 2011 Microsoft Corporation. All rights reserved.

Microsoft and the trademarks listed at http://www.microsoft.com/about/legal/en

/us/IntellectualProperty/Trademarks/EN-US.aspx are trademarks of the Microsoft

group of companies. All other trademarks are property of their respective owners.

Version 1.2

Page 4: MSL TMG1 SetupGuide

7/16/2019 MSL TMG1 SetupGuide

http://slidepdf.com/reader/full/msl-tmg1-setupguide 4/25

Page 5: MSL TMG1 SetupGuide

7/16/2019 MSL TMG1 SetupGuide

http://slidepdf.com/reader/full/msl-tmg1-setupguide 5/25

MSL-TMG1 Gateway Virtual Machine 1

Forefront Threat Management Gateway VM

Several Microsoft Learning requires Internet connectivity for some or all of the labs. To

 provide a more secure connection to the Internet, Microsoft Learning has created a VM

that is running Forefront Threat Management Gateway (TMG VM). You will need todownload and install the TMG VM on each host computer as part of classroom setup.

The TMG VM is configured as a secure gateway for Internet access. The TMG VM is

configured with two virtual networks, External Network and Private Network. The

Private Network is the network that all lab VMs are connected to. The External Network 

is attached to the network adapter on the host computer, which provides access to the

network that the host machine is attached to, and ultimately access to the Internet. Each

computer in the lab VMs will be configured with the TMG VM as the default gateway.

The TMG VM will be configured with a web access rule that will enable the VMs on the

Private Network to access the Internet. To ensure that the environment is secure, this rule

is disabled by default, and must be enabled as part of classroom setup.

Introducing Microsoft Hyper-V

Important Note: This setup requires Windows Server 2008 R2 SP1 Hyper-V. Tofacilitate importing virtual machines in to your Hyper-V server, you must run the VM-Pre-Import scripts which will create symbolic links to the Base/Middle-Tier images inthe C:\Program Files\Microsoft Learning\MSL-GW\MSL-TMG1\Virtual HardDisks\ folder.

This learning product is developed using Microsoft® Hyper-V® running on Windows

Server® 2008 R2 SP1. Hyper-V is a virtualization technology that allows a single

computer to act as a host for one or more virtual machines. The virtual machines use a set

of virtual devices that might or might not map to the physical hardware of the host

computer.

The software that is installed onto the virtual machine is unmodified, full-version, retail

software that operates exactly as it does when it is installed onto physical hardware.

The following definitions will help you with the remainder of this document:

•  Hyper-V: Hyper-V is a server application that enables users to run a broad range of 

operating systems simultaneously on a single physical server. Hyper-V is included

with some versions of Windows Server 2008 R2 SP1 and other versions of Windows

Server.

•  Host Computer: The physical computer onto which an operating system and the

Hyper-V server role have been installed.

Page 6: MSL TMG1 SetupGuide

7/16/2019 MSL TMG1 SetupGuide

http://slidepdf.com/reader/full/msl-tmg1-setupguide 6/25

2 MSL-TMG1 Gateway Virtual Machine

•  Host Operating System: The operating system that is running on the physical

computer. Windows Server 2008 R2 SP1 is the supported operating system for this

learning product

•  Virtual Machine: The computer that is running inside Hyper-V. In this document,

“Hyper-V” refers to the application running on the host, while “virtual machine”

refers to the guest operating system and any software that is running inside the

Hyper-V application.

•  Guest Operating System: The operating system that is running inside the virtual

machine.

Note: To access the Windows Security dialog box for a guest operating system,press CTRL+ALT+END. Pressing CTRL+ALT+DELETE while working with a virtualmachine will display the Windows Security dialog box for the host operatingsystem. To close the dialog box, press ESC. Other than this difference, software ona virtual machine behaves as it would behave on a physical computer.

The setup instructions that you will follow as part of this classroom setup guide configure

Hyper-V and the Virtual Machines that run on the host. Changing any of the

configuration settings may render the labs for this learning product unusable.

Note: Some legacy courseware from Microsoft Learning requires Virtual Server or Virtual PC. If your classroom computers require running Virtual Server or VirtualPC as well as Hyper-V, please see Supporting Virtual Server and Virtual PC labson Hyper-V Classroom Computers in Appendix B.

Setup OverviewThe host computers must be set up with a 64 bit version of Windows Server 2008 R2

SP1and must be running on 64 bit hardware. For more information on the supported

hardware for Hyper-V, please see the follow web site: http://www.microsoft.com/hyper-v.

The setup procedures below assume that the host computers can communicate with each

other for setup purposes. You should note the administrator’s user name and password for 

the host computers and provide this information to the instructor.

Classroom Requirements

This learning product requires a classroom with a minimum of one computer for the

instructor and one for each student. Refer to the specific course setup guide for classroom

requirements for the course. Before class begins, use the following information and

instructions to install and configure the MSL-TMG1 VM.

Page 7: MSL TMG1 SetupGuide

7/16/2019 MSL TMG1 SetupGuide

http://slidepdf.com/reader/full/msl-tmg1-setupguide 7/25

MSL-TMG1 Gateway Virtual Machine 3

HardwareThe classroom computers require the following hardware and software configuration.

Hardware Level 6

  Intel Virtualization Technology (Intel VT) or AMD Virtualization (AMD-V) processor 

•  Dual 120 GB hard disks 7200 RM SATA or better*

•  4 GB RAM expandable to 8GB or higher 

•  DVD drive

•   Network adapter 

•  Super VGA (SVGA) 17-inch monitor 

•  Microsoft Mouse or compatible pointing device

•  Sound card with amplified speakers

*Striped

In addition, the instructor computer must be connected to a projection display device that

supports SVGA 1024 x 768 pixels, 16 bit colors.

SoftwarePlease note that, unless otherwise indicated, this software is not included in the Trainer 

Materials disc. This learning product was developed and tested on supported Microsoft

software, which is required for the classroom computers.

Classroom ConfigurationWhen the MSL-TMG1 VM is included in the classroom setup, the MSL-TMG1 VM

 provides a secure gateway for the other virtual machines running on the host machine to

the Internet. The other virtual machines must use the MSL-TMG1 VM as their default

gateway so that they can connect to the MSL-TMG1 VM for Internet connectivity.

After completing the classroom setup for the MSL-TMG1 VM, return to the course

specific classroom setup guide.

Page 8: MSL TMG1 SetupGuide

7/16/2019 MSL TMG1 SetupGuide

http://slidepdf.com/reader/full/msl-tmg1-setupguide 8/25

4 MSL-TMG1 Gateway Virtual Machine

The following diagram illustrates the virtual machine configuration if the MSL-TMG1

VM is deployed.

Estimated Time to Set up the Classroom: 60 Minutes

Page 9: MSL TMG1 SetupGuide

7/16/2019 MSL TMG1 SetupGuide

http://slidepdf.com/reader/full/msl-tmg1-setupguide 9/25

MSL-TMG1 Gateway Virtual Machine 5

Instructor Computer Checklist

  1. Add the Hyper-V Server Role

  2. Create Private and External Virtual Networks

  3. Install MSL-TMG1 virtual machine

  4. Create a Setup Share

  5. Copy the Virtual Machine Files to the Student Computer 

  6. Run the VM-Pre-Import script

  7. Import the MSL-TMG1 Virtual Machine on the Instructor Computer 

  8. Configure the MSL-TMG1 Virtual Machine on the Instructor Computer 

  9. Configure and Verify Internet Connectivity for Internal Virtual Machines

Page 10: MSL TMG1 SetupGuide

7/16/2019 MSL TMG1 SetupGuide

http://slidepdf.com/reader/full/msl-tmg1-setupguide 10/25

6 MSL-TMG1 Gateway Virtual Machine

Instructor Computer Setup

Use the instructions in the following section to set up the classroom manually. Before

starting the installation of the instructor computer, Windows Server 2008 R2 SP1 must be

installed on the computer.

Important: The operating systems installed on the virtual machines in this learningproduct have not been activated. Rearm has been run at the end of development,and the OS in the virtual machine will be in a grace state.

This grace state lasts for 30 days for the client and 60 days for the server. If youkeep these virtual machines running longer than this, you will either have to runrearm or activate the virtual machines using your own keys.

If the operating system has not retained this state, you may have time to run theclass before activation is required. Otherwise you can rearm the operating systemby running slmgr –rearm at the Administrative command prompt. If no additionalrearms are available, then the virtual machine will go in to “notification mode” but

will still provide full functionality. You will just have to close the initial messagesabout activation.

You may be prompted to restart the computer when the VM is started for the firsttime. This is because of the hardware differences on the Host computer. You can

 just click Restart Later to close the message.

Page 11: MSL TMG1 SetupGuide

7/16/2019 MSL TMG1 SetupGuide

http://slidepdf.com/reader/full/msl-tmg1-setupguide 11/25

MSL-TMG1 Gateway Virtual Machine 7

1. Add the Hyper-V Server RoleIn this task, you will add the Hyper-V server role on the Windows Server 2008 R2 SP1

host computer.

Important: If the Hyper-V role is already added, you can skip this procedure.

1.  On the host computer, click Start, point to Administrative Tools, and click Server

Manager.

2.  In the Server Manager console, click Roles. In the details pane, click Add Roles.

3.  On the Before You Begin page, click Next.

4.  On the Select Server Roles page, select the Hyper-V check box and click Next.

5.  On the Hyper-V page, click Next.

6.  On the Create Virtual Networks page, select the Local Area Connection check 

 box, and click Next.

7.  On the Confirm Installation Selections page, click Install. When prompted to

restart the computer, click Restart now.

8.  After the server restarts, logon using administrator credentials. When the installation

finishes, click Close.

2. Create Private and External Virtual NetworksThis section lists the networks created for this learning product. If you already have

Private and External virtual networks created, this procedure can be skipped.

1.  On the host machine, click Start, point to Administrative Tools, and click Hyper-V.

2.  In the Hyper-V Manager console, click Virtual Network Manager.

3.  In the center pane, click Private, and click Add.

4.  In the Name field, type Private Network , click OK .

5.  Repeat the above steps to create an External network named External Network .

3. Install MSL-TMG1 virtual machineThe MSL-TMG1 VM can be downloaded from the MCT Download Center in the

Base Virtual Hard Disks – Mid-Tiers (ENGLISH) folder. The TMG VM requiresBase11A-WS08R2SP1.VHD which is also available on the DLC in the Base Virtual

Hard Disks (ENGLISH) folder.

Page 12: MSL TMG1 SetupGuide

7/16/2019 MSL TMG1 SetupGuide

http://slidepdf.com/reader/full/msl-tmg1-setupguide 12/25

8 MSL-TMG1 Gateway Virtual Machine

Extract the Base Images:

Note: If Base11A-WS08R2SP1.VHD is already installed on the host computer, thisprocedure can be skipped. 

1.  From the source files location, double-click Base11A-WS08R2SP1.part01.exe.

2.  In the Official Microsoft Learning Products End-User License Agreement window,

click Accept to indicate that you accept the terms in the license agreement.

3.  In the WinRAR self-extracting archive window, in the Destination folder text box,

ensure that C:\Program Files\Microsoft Learning\Base is listed, and then click 

Install. Please wait while the base virtual hard disk file is extracted. This might take

a few minutes.

Extract the MSL TMG1 Virtual Machines: (if required for disk space, you can extract

the VM to a different drive as long as the Base and the Middle-Tier images are located in

the default path)

1.  From the source files location, double-click MSL-TMG1.part01.exe.

2.  In the Official Microsoft Learning Products End-User License Agreement window,

click Accept to indicate that you accept the terms in the license agreement.

3.  In the WinRAR self-extracting archive window, in the Destination folder text box,

ensure that C:\Program Files\Microsoft Learning\ is listed, and then click Install.

Please wait while the virtual machine is extracted. This might take a few minutes.

Note: After completing the extraction of all of the files, you should have thefollowing files installed:

File In Folder 

Base11A-WS08R2SP1.vhd C:\Program Files\Microsoft Learning\Base

MT11-MSL-TMG1.vhd C:\Program Files\Microsoft Learning\Base\Drives

MT11-MSL-TMG1-Diff.vhdC:\Program Files\Microsoft Learning

\MSL-GW\MSL-TMG1\Virtual Disks

VM-Pre-Import-MSL-TMG1-.bat C:\Program Files\Microsoft Learning

\MSL-GW\MSL-TMG1

Config.xml C:\Program Files\Microsoft Learning

\MSL-GW\MSL-TMG1

069072AD-F5E1-4394-B38A-

80EDA4A0DF99.exp

C:\Program Files\Microsoft Learning

\MSL-GW\MSL-TMG1\Virtual Machines

Page 13: MSL TMG1 SetupGuide

7/16/2019 MSL TMG1 SetupGuide

http://slidepdf.com/reader/full/msl-tmg1-setupguide 13/25

MSL-TMG1 Gateway Virtual Machine 9

4. Create a Setup ShareIn this task, you will share virtual machine files for copying to student computers.

1.  Share the C:\Program Files\Microsoft Learning\Base folder using a share name of 

Base_Drives.

2.  Share the C:\Program Files\Microsoft Learning\MSL-GW folder using a share name

of  MSL-GW.

Note: For information on how to set up a share in Windows Server 2008 R2 SP1,see the topic “Share a Resource” in Windows Help and Support.

5. Copy the Virtual Machine Files to the StudentComputer 

Note: you must perform the file copy prior to importing the virtual machines. Onceyou import the virtual machines, you will not be able to import them again.

1.  From the student computer, copy Base11A-WS08R2SP1.VHD from the Base_Drives

share on the instructor computer to C:\Program Files\Microsoft Learning\Base.

2.  From the student computer, copy MT11-MSL-TMG1.VHD from the Drives folder 

in the Base_Drives share on the instructor computer to C:\Program Files\Microsoft

Learning\Base\Drives.

3.  Copy all of the files from the MSL-GW share on the instructor computer to

C:\Program Files\Microsoft Learning\MSL-GW.

Note: Ensure that all files are copied.

1. C:\Program Files\Microsoft Learning\MSL-GW and all included folders and files

2. C:\Program Files\Microsoft Learning\Base\Base11A-WS08R2SP1.VHD

3. C:\Program Files\Microsoft Learning\Base\Drives\MT11-MSL-TMG1.VHD

4. Ensure that you have copied the files using a permission retaining softwaresuch as RoboCopy or XCopy.

5. Check that all permissions have been retained, by looking at the directoriesabove and making sure they are not Read Only.

Page 14: MSL TMG1 SetupGuide

7/16/2019 MSL TMG1 SetupGuide

http://slidepdf.com/reader/full/msl-tmg1-setupguide 14/25

10 MSL-TMG1 Gateway Virtual Machine

6. Run the VM-Pre-Import scriptIn this task, you will run the VM-Pre-Import-MSL-TMG1.bat file. This script will create

links in the import folder to the Mid-Tier images necessary for importing each VM.

1.  Double-click C:\Program Files\Microsoft Learning\MSL-GW\MSL-TMG1\VM-Pre-

Import-MSL-TMG1.bat (root of the virtual machine import folder).

2.  Verify the links are created in the appropriate C:\Program Files\Microsoft

Learning\MSL-GW\MSL-TMG1\Virtual Hard Disks\ folders.

7. Import the MSL-TMG1 Virtual Machine on theInstructor Computer 

1.  On the Instructor computer, on the host machine, click Start, point to

Administrative Tools, and click Hyper-V Manager.

2.  In the Actions pane, click Import Virtual Machine.

3.  In the Import Virtual Machine dialog box, click Browse. Browse to C:\Program

Files\Microsoft Learning\MSL-GW\MSL-TMG1, and then click Select Folder.

4.  Click Import.

8. Configure the MSL-TMG1 Virtual Machine on theInstructor Computer 

Enable the Web Access Rule

Note: Enabling the Web Access rule on the TMG VM will allow VMs on the PrivateNetwork to access the Internet.

1.  Log on to the MSL-TMG1 VM as Administrator, password Pa$$word.

2.  Click Start, All Programs, Microsoft Forefront TMG, click Forefront TMG

Management.

3.  In the left panel, expand Forefront TMG (MSL-TMG1) and then click Firewall

Policy.

4.  Right-click the Allow Web Access for All Users rule, and click Enable.

5.  Click Apply twice, and then click OK .

Note: In order to complete the next two tasks, the virtual machine must beconnected to the Internet. You may need to use the steps listed in the followingsection “Configure and Verify Internet Connectivity for Internal Virtual Machines” toconnect the virtual machine to the Internet.

Page 15: MSL TMG1 SetupGuide

7/16/2019 MSL TMG1 SetupGuide

http://slidepdf.com/reader/full/msl-tmg1-setupguide 15/25

MSL-TMG1 Gateway Virtual Machine 11

Apply All Windows Updates

Note: You should apply all available updates from Windows Update to ensure thatthe virtual machine is as secure as possible. If you cannot connect to WindowsUpdate after enabling the web access rule, see the next section for suggestions on

how to enable Internet access on the TMG server.

1.  Click Start, All Programs, click Windows Update.

2.  Click Check for Updates.

3.  If any available updates are listed, click Install Updates. Wait for the updates to

install. If required, restart the computer.

Ensure Malware Definitions Are Updated

Note: TMG is configured to check for updates every 15 minutes. Follow thisprocedure to ensure that the latest updates have been downloaded on MSL-TMG1.

1.  Log on to the MSL-TMG1 VM as Administrator, with the password of Pa$$w0rd.

2.  Click Start, All Programs, Microsoft Forefront TMG, click Forefront TMG

Management 

3.  Click Update Center.

4.  In the middle pane, right-click Malware Inspection and, click Check for and

Install New Definitions. Click OK .

5.  In the middle pane, right-click Network Inspection System and, click Check forand Install New Definitions. Click OK .

6.  Verify that the Last Update Status column for both options is listed as Up to date.

9. Configure and Verify Internet Connectivity for Internal Virtual Machines

Before configuring Internet connectivity for the virtual machines, you need to understand

the network configuration and Internet access requirements for the training center.

Organizations can have many different configurations, and you may need to use one or 

more of the following procedures to ensure that the TMG server and the other virtual

machines on the host machine have Internet connectivity.

Page 16: MSL TMG1 SetupGuide

7/16/2019 MSL TMG1 SetupGuide

http://slidepdf.com/reader/full/msl-tmg1-setupguide 16/25

12 MSL-TMG1 Gateway Virtual Machine

Verify That the TMG-VM Has Internet Connectivity

Note: By default, the MSL-TMG1 virtual machine is configured to use DHCP toobtain an IP address configuration for the network adapter that is connected to theexternal network. If the training center is using DHCP to assign IP address

configurations that enable Internet connectivity, the MSL-TMG1 VM should haveInternet connectivity. Use the following steps to verify and, if required, configureInternet connectivity. 

1.  Log on to the MSL-TMG1 VM as Administrator, password Pa$$w0rd.

2.  Open Internet Explorer and attempt to connect to www.bing.com. If the connection

succeeds, you can continue with verifying Internet connectivity on the other virtual

servers.

3.  If you cannot connect to the Internet, you may need to assign a static IP address

configuration for the MSL-TMG1 VM. This will be the case if the training center 

requires static IP addresses for all computers that require Internet connectivity.Request a static IP address for each TMG-VM that you are deploying and configure

the virtual machine using the following steps:

a.  Open Server Manager on MSL-TMG1.

 b.  Click View Network Connections.

c.  Right-click the Public network connection and click Properties.

d.  Click Internet Protocol Version 4 (TCP/IPv4), and click Properties.

e.  Configure the appropriate IP address, Subnet mask , Default gateway, and

Preferred DNS server.

f.  Click OK , and then click Close.

g.  Test Internet connectivity again using step 2 above.

4.  If you cannot connect to the Internet, and the training center does not require static IP

addresses, but does use a proxy server for Internet access, you may need to configure

a Web Chaining rule. See the “Optional Procedure if an Internet Proxy Server is used

on the network” section below.

Verifying Internet Connectivity from the Virtual Machines

If the MSL-TMG1 VM has Internet connectivity, the next step is to verify that the virtualmachines have Internet connectivity. To do this, use the following procedure:

1.  Log on to the virtual machine using appropriate credentials.

2.  Open Internet Explorer and attempt to connect to www.bing.com. If the connection

succeeds, repeat this step on all other virtual machines that require Internet access.

Page 17: MSL TMG1 SetupGuide

7/16/2019 MSL TMG1 SetupGuide

http://slidepdf.com/reader/full/msl-tmg1-setupguide 17/25

MSL-TMG1 Gateway Virtual Machine 13

3.  If you cannot connect to the Internet, you may need to reconfigure the network 

configuration for the MSL-TMG1 VM or the other virtual machines. The MSL-

TMG1 VM is configured to use the IP address 10.10.0.1 with a subnet mask of 

255.255.0.0 on the Private network. The internal virtual machines must be configured

to use the IP address assigned to the Private network on the TMG-VM as their default

gateway. If this is not the case, you have two options:

a.  Change the IP address on the Private network on the MSL-TMG1 VM to match

the default gateway assigned to the other virtual machines. If you choose this

option, change the IP address on the Private network (for example, you can

choose an IP address such as 192.168.0.1 network with a subnet mask of 

255.255.255.0). Then, open the Forefront TMG management console on MSL-

TMG1, click Networking, double-click Internal, and on the Addresses tab,

remove the existing IP network range, and then click Add Adapter, select

Private, and click OK twice. Click Apply twice and click OK .

 b.  Change the IP address configuration for the internal virtual machines to use IPaddresses on the 10.10.0.0 network (subnet mask 255.255.0.0) and to use

10.10.0.1 as the default gateway. If you choose this option, you will need to

reconfigure all virtual machines. You may also need to configure additional IP

address settings. For example, if you change the IP address of a domain

controller or DNS server virtual machine, you will need to change all of the other 

virtual machines to use that domain controller or DNS server for DNS.

4.  If you have cloned the host machines to complete the classroom setup, the MAC

address assigned to the external network adapter on the TMG server many be the

same on all host machines. To address this, you will need to reconfigure the MAC

address on the TMG virtual machine on each host machine. To do this, complete thefollowing steps. Note that the MSL-TMG1 server must be shut down while you

complete this task.

a.  In the Hyper-V console, open the Settings dialog box for the MSL-TMG1 virtual

machine.

 b.  Click the Legacy Network Adapter that is connected to the External Network.

c.  Under MAC address, click Static. For each host machine, modify the last box of 

the MAC address so that the Virtual Machine on each host machine has a unique

value. See the following screenshot:

Page 18: MSL TMG1 SetupGuide

7/16/2019 MSL TMG1 SetupGuide

http://slidepdf.com/reader/full/msl-tmg1-setupguide 18/25

14 MSL-TMG1 Gateway Virtual Machine

5.  If you cannot connect to the Internet from the virtual machines, but the IP address

configuration is correct, the problem may be related to DNS name resolution.

a.  To verify that the issue is related to DNS name resolution, open a command

 prompt and type nslookup www.bing.com. If you receive and error proceed with

one of the next two steps.

 b.  If one of the virtual machines is configured as a DNS server, see the Optional

procedure if DNS resolution is restricted to certain DNS servers on your

network section below.

c.  If none of the virtual machines are configured as a DNS server, then you will

need to configure the virtual machine to use a DNS server that can perform

Internet name resolution. Request the IP address of a DNS server at the training

center that can perform Internet name resolution, and assign that IP address as the

DNS server for the virtual machine.

6.  The cloud-based SQL Azure Database service is only available through TCP port

1433. If you are able to connect to Internet Web sites from the virtual machines, but

cannot connect to SQL Azure, then ensure that the CPLS firewall allows outgoingTCP communication on TCP port 1433. The Firewall rule on the TMG server allows

outbound connectivity for all ports.

Page 19: MSL TMG1 SetupGuide

7/16/2019 MSL TMG1 SetupGuide

http://slidepdf.com/reader/full/msl-tmg1-setupguide 19/25

MSL-TMG1 Gateway Virtual Machine 15

Optional Procedure If an Internet Proxy Server Is Used on the

Network

Note: you will need to obtain the name of the proxy server used on your network. 

Configure upstream proxy server in TMG

1.  Log on to the MSL-TMG1 VM as Administrator, with the password of Pa$$word.

2.  Click Start, All Programs, Microsoft Forefront TMG, click Forefront TMG

Management 

3.  In the left panel, expand Forefront TMG (MSL-TMG1) and then click Networking.

4.  On the Web Chaining tab, click the Default rule, then in the right pane, click Edit

Selected Rule.

5.  On the Action tab select Redirecting them to a specified upstream server 6.   Next to Upstream proxy server, click Settings.

7.  In the Specify Upstream Server Configuration box type:

a.  Server: {name of server} example: proxy.contoso.com . 

 b.  Port: 80 

c.  SSL Port: 443 

8.  Select Automatically poll upstream server for the configuration.

9.  Ensure the Server URL is http://{name of server }:80/array.dll.

10. On the Bridging tab, in the Redirect SSL Requests as box, select SSL request, and

then click OK .

11. Click Apply, click Apply, and then click OK .

Optional Procedure If DNS Resolution Is Restricted to Certain

DNS Servers on Your Network

Note: You will need to obtain the IP address of an appropriate DNS server on your 

network that can be configured as a forwarder.

Configure DNS forwarder on VM running DNS on Private Network side of MSL-

TMG1 VM 

1.  On your host computer open a command prompt and type ipconfig /all.

2.  Copy down one of the DNS server IP addresses.

Page 20: MSL TMG1 SetupGuide

7/16/2019 MSL TMG1 SetupGuide

http://slidepdf.com/reader/full/msl-tmg1-setupguide 20/25

16 MSL-TMG1 Gateway Virtual Machine

3.  On the VM running DNS in the lab environment (e.g. MIA-DC1), click Start,

Administrative Tools, DNS. 

4.  Click the server name, and then double-click Forwarders.

5.  On the Forwarders tab, click Edit.

6.  Type the IP address of an available DNS server from step 2 above.

7.  Click OK twice and then close DNS Manager.

Note: After completing the classroom setup for the MSL-TMG1 VM, return to the coursespecific classroom setup guide and complete the setup for the course.

Page 21: MSL TMG1 SetupGuide

7/16/2019 MSL TMG1 SetupGuide

http://slidepdf.com/reader/full/msl-tmg1-setupguide 21/25

MSL-TMG1 Gateway Virtual Machine 17

Student Computer Checklist

  1. Install the Hyper-V Server Role

  2. Install the Base Image/ Virtual Machine Files

Page 22: MSL TMG1 SetupGuide

7/16/2019 MSL TMG1 SetupGuide

http://slidepdf.com/reader/full/msl-tmg1-setupguide 22/25

18 MSL-TMG1 Gateway Virtual Machine

Student Computer Setup

Use the instructions in the following section to set up the classroom manually. Before

starting the installation of the student computer, a supported operating system must be

installed on the computer. You can check the supported systems list at:

http://go.microsoft.com/fwlink/?LinkId=94481

Caution: These instructions assume network connectivity between the instructor computer and the student computers. If you do not have connectivity, MicrosoftLearning recommends copying the activated virtual machines to the studentcomputers by means of a manually created DVD or universal serial bus (USB)drive.

1. Install the Hyper-V Server Role

Note: If Hyper-V is already installed, you can skip this procedure.

For detailed instructions see the instructor computer setup. 

2. Install the Base Image / Virtual Machine Files

Note: Ensure that all extracted courseware virtual machine files were copied fromthe Instructor computer during the Instructor Computer setup. The followingdirectories and short cuts will be needed to ensure that the student has allnecessary files for the MSL-TMG1 VM.

1. C:\Program Files\Microsoft Learning\MSL-GW and all included foldersand files 

2. C:\Program Files\Microsoft Learning\Base\Base11A-WS08R2SP1.VHD 

3. C:\Program Files\Microsoft Learning\Base\Drives\MT11-MSL-TMG1.VHD 

1.  Check that all permissions have been retained, by looking at the directories above

and making sure they are not Read Only.

2.  Run the VM-Pre-Import script. For detailed instructions see the instructor computer 

setup.

3.  Add the virtual machines to the Hyper-V management console. For detailed

instructions see the instructor computer setup.

Page 23: MSL TMG1 SetupGuide

7/16/2019 MSL TMG1 SetupGuide

http://slidepdf.com/reader/full/msl-tmg1-setupguide 23/25

MSL-TMG1 Gateway Virtual Machine 19

Appendix A

The virtual machines were developed using the English (United States) layout shown

 below.

If your physical keyboard doesn’t match the above layout, you may need to refer to the

above layout for the character positions used to logon. For future logons and usage

throughout the labs, you may want to install your keyboard layout in the virtual machine.

Page 24: MSL TMG1 SetupGuide

7/16/2019 MSL TMG1 SetupGuide

http://slidepdf.com/reader/full/msl-tmg1-setupguide 24/25

20 MSL-TMG1 Gateway Virtual Machine

Appendix B

Supporting Virtual Server and Virtual PC Labs on Hyper-V

Classroom Computers

Microsoft Learning has created courseware with virtual labs that have required differentvirtualization technologies to be running on classroom computers. Legacy courseware

from Microsoft Learning requires Virtual Server or Virtual PC, while current courseware

requires Hyper-V. It is relatively easy to run courses on Virtual Server and Virtual PC on

the same classroom computers. However, switching between legacy courses and courses

that require Hyper-V requires significant classroom configuration changes and often

involves re-imaging the classroom computers. The following procedure is offered as an

option to help facilitate delivery of legacy and current Microsoft Learning courseware on

the same classroom computers.

If you require Hyper-V based courses as well as Virtual Server and Virtual PC courses on

the same classroom computers, follow this optional procedure to set up a dual bootconfiguration. Virtual Server and Virtual PC can run on a computer that is running

Hyper-V, however, the virtual machines will run very slowly. The procedure below

creates a second boot entry that starts Windows Server with the hypervisor turned off.

Running Virtual Server and Virtual PC VMs with the hypervisor turned off will improve

the performance of the virtual machines.

Configure classroom computer to support Hyper-V, Virtual Server 

and Virtual PC based labs

1.  Install Windows Server 2008 R2 SP1.

2.  Install Hyper-V Role.

3.  Update Hyper-V role if necessary (http://support.microsoft.com/kb/950050).

4.  Create a boot entry with the hypervisor turned off.

The following procedure provided courtesy of Ben Armstrong 

http://blogs.msdn.com/virtual_pc_guy/archive/2008/04/14/creating-a-no-hypervisor-

 boot-entry.aspx

a.  Open an administrative command prompt.

 b.  To view current boot configuration type:

bcdedit.exe

c.  To create a copy of the current active boot entry and provide an appropriate name

type:

bcdedit.exe /copy {current} /d "Windows Server 2008 R2 SP1 - no

hypervisor"

Page 25: MSL TMG1 SetupGuide

7/16/2019 MSL TMG1 SetupGuide

http://slidepdf.com/reader/full/msl-tmg1-setupguide 25/25

MSL-TMG1 Gateway Virtual Machine 21

d.  To see the new boot entry type:

bcdedit.exe

Note: hypervisorlaunchtype set to Auto

e.  To turn off the hypervisor in the new boot entry type: 

bcdedit.exe /set {nnn} hypervisorlaunchtype Off  

Note: replace {nnn} with identifier from new boot entry

5.  Reboot computer and select the Windows Server 2008 R2 SP1 – no hypervisor boot

entry.

6.  Install Virtual PC 2007 SP1.

7.  Install Virtual Server 2005 R2 SP1.

Note: Virtual Server requires IIS components to be installed and will prompt toinstall the components if not detected.

You are now ready to install Hyper-V as well as Virtual Server and Virtual PC based

courses on your classroom computer. To switch between Hyper-V and Virtual

Server/Virtual PC based courses, reboot the classroom computer and select the

appropriate boot entry.