My Lab Environment v2.0 (Part 1 - Introduction)

Part 1 - Introduction (This Article)

Part 2 - Router & Firewall

Part 3 - Virtual Machines & Templates

Part 4 – Creating Active Directory


Whenever I give a session at a conference or user group, there is always at least one person asking me about how I setup my virtual test environment on my laptop. Over the years I’ve used different hypervisors, techniques and topologies but I’m pretty happy with the way it’s working right now. I’ve posted about my previous setups here, here and here but things have changed considerably since then.

I’m one of those people who carries around a bulky laptop for my daily work and my presentations. Although I’ve certainly looked at people with those sexy Surface Pro 3 devices in envy, I’m still not running my testlab in the cloud - despite plenty of Azure credits. And when I see what kind of problems my fellow speakers who rely on the cloud face during conferences, I’m not so sure if that’s a bad thing. Granted, I’m an on-premises guy. I don’t need the cloud for most of my demos.

My current laptop is a HP Elitebook 8570w with an i7 processor, 32GB of RAM and two SSDs. Plenty of horsepower to play with. My hypervisor of choice is currently Hyper-V, running on Windows 8.1. I’ve gone back and forth between VMware and Hyper-V the last few years, but I’ve settled with Hyper-V for now. But not quite as you will see.

Lab Philosophy

As an IT Pro I don’t want a single SharePoint server with everything on it. That’s not how it works in the real world either. I want a setup that mimics kind of a real production environment so I can learn about its constraints and particularities. So I like things like separate networks, a firewall and dedicated machines for specific tasks but without going crazy. I don’t have multiple domain controllers for example, although I might add one if needed for Active Directory focused scenarios.

You don’t want to follow this article series if you just want to install SharePoint to play around with. If you’re looking for guidance on how to do that, this setup guide from Critical Path Training does just that.


Like I mentioned, I’m using Hyper-V now. I like the way it integrates with the operating system, its performance and easy of use. I was a big fan of VMware Workstation before, but since Hyper-V has introduced enhanced session mode I’m hooked. The PowerShell support is also great - something I missed with VMware Workstation - although I’m not using it to the fullest yet. I don’t rebuild my lab that often.

The only thing that keeps me from going Hyper-V all the way is its lack of support of transparent NAT. I don’t like the fact that you have to change your external switch each time I’m moving my laptop between wired and wireless connections. I’ve written about that problem before and found a very elegant solution too, one that includes… installing VMware components. The irony.

The only change I make to the Hyper-V setup is the location of the Virtual Hard Disks and Virtual Machines. I’ve set them like this:

Virtual Hard Disks

All files that matter are on my D drive that I reserve exclusively for Hyper-V. It’s a 512 GB SSD from Crucial.

Network Setup

This is the network design that I have in mind (click to enlarge):

Virtual Network Design

The idea is to have two distinct LAN’s:

  • A Production LAN for Active Directory, SharePoint, SQL, ADFS,…
  • A DMZ LAN for reverse proxies, web servers,…

Additionally, I’d like to implement the following requirements too:

  • No traffic is allowed between the different networks by default
  • Each network should be able to access the internet
  • Internet access for my VMs is only possible through a gateway, I don’t want extra network cards in my machines
  • Each network should have its own subnet with fixed IP addresses
  • I want to be able to control exactly what traffic is allowed between the hosts and on which ports
  • The host computer will have an IP in each network for demo or management purposes

In order to meet my requirements I created 3 virtual switches in Hyper-V. A “NAT” switch, connected to the VMware VMnet8 network adapter for internet connectivity, a “PROD” switch for my production LAN and a “DMZ” switch for my DMZ LAN. I did not configure anything on these switches, all default settings.

Virtual Switch Manager

All machines in a LAN are connected to the virtual switch, which in its turn is also connected to the router/firewall device.

Routing & Firewall


To separate my networks and to provide firewalling capabilities I wanted something lightweight. Something that I could easily run with only 512 GB RAM and a single virtual core. Say hello to VyOS.

VyOS is “a Linux-based network operating system that provides software-based network routing, firewall, and VPN functionality”. It’s very powerful, compatible with Hyper-V, has a small footprint and it can even create a Site-To-Site VPN with Azure if you want to.

There’s a learning curve however because it’s only configurable via command line. In Part 2 of this series I’ll show you how to setup VyOS for our needs. Stay tuned!

Part 2 - Router & Firewall