Part 9: Deploy and Configure SDN Network Controller Service

Previous Post in Series: Part 8:  Server 2016 Software Defined Networking Overview

Welcome to part 9 in the series folks, if you’ve not read the overview guide (at the link above), it’s worth doing that before continuing on to the deployment phase as reading it may shape some of your design decisions etc.

Here is a list of the main steps that we’ll be covering in this guide:

• Prerequisites
• Prepare a Template VHDx for your SDN VMs
• Set up Active Directory Users and Groups
• Create Management Logical Network
• Create and Set up SSL Certificates
• Import, Configure and Deploy Network Controller Service Template
• Add Network Controller Service to SCVMM
• Validate your Network Controller Deployment

Prerequisites

This guide assumes you have deployed a Server 2016 Hyper-V cluster made up of at least 3 nodes. This cluster will need access to enough storage to hold 6 VMs using the VHDx we’ll discuss a little later in the guide (link above).

NOTE:  If you’ve completed parts 3 and 4 of this blog series, you’re covered

As we’re using SCVMM to deploy our Network Controller service, you need to download the template from GitHub

Click on “Clone or download”, “Download ZIP” and “Save”

Open the ZIP archive you just downloaded and navigate to VMM\Templates

Now copy the folders named “NC” and “SLB” to C:\Temp\ on your SCVMM server

Prepare a Template VHDx for your SDN VMs

During the deployment of our Network Controller Service Template, we’ll be asked to provide a generalised VHDx disk for the OS drive. If you’ve completed part 6 of this series, you can use the one you created there, otherwise follow the steps below:

• Create a new VM from using a Server 2016 ISO
• Apply all available Windows Updates
• Enable Remote Desktop and associated Windows Firewall rules (PowerShell below)

Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 1
Get-NetFirewallRule -DisplayName "Remote Desktop*" | Enable-NetFirewallRule

• Run Sysprep to generalise the OS to be used as a template disk

Press “Windows Key + R” and type “sysprep”

Run the sysprep application

Select “Enter System Out-of-Box Experience…”, tick “Generalize” and select “Shutdown”. Now click “OK”

Once SysPrep has completed and the VM has shut down, we’ll want to take a copy of the VHDx and import it into our SCVMM library (instructions below):

Copy the VHDX to your SCVMM library share folder, this could be local on the server or if you used this guide a dedicated share on your SOFS cluster.

Refresh the SCVMM library. Navigate to “Library”, right-click on your library server object and select “Refresh”.

Set up Active Directory Users and Groups

Our Network Controller deployment requires us to create two groups in AD, with that in mind, create these groups as follows:

Create a domain local security group for Network Controller Management, I called mine “NetworkControllerAdministrators”

Create a user and add it to this group – this is the user we’ll tell SCVMM to use when interacting with our Network Controller Service. As such, I called mine “NCAdmin”

Create a domain local security group for Network Controller Clients, I called mine “NetworkControllerClients”…inventive eh

Add the “NCAdmin” account you created above to this group also.

Create SCVMM Run As Account for NC Admin User

Now that you’ve created the “NCAdmin” (above) account in Active Directory, we have to give SCVMM the ability to use that account. This is done by creating a “Run As Account” for the user.

Within your SCVMM console, navigate to “Settings”, right-click on “Run As Accounts” and select “Create Run As Account”

Type a name, a description (optionally )and a password for your NC Admin user.

Leave the tick in “Validate domain credentials” and click “Finish”

Now repeat the above process to create a Run As Account for the local administrator user (if you haven’t done this previously).

Untick “Validate domain credentials” this time though as it’ll fail otherwise because it’s not a domain account

Set up SCVMM Host Group

If you’re managing multiple Hyper-V clusters from you SCVMM instance, create a new host group for the Hyper-V hosts you plan to manage via SDN and move your host cluster into it. I covered this is an earlier guide, you can find it HERE

Create Management Logical Networking

Again, this was already covered in an earlier part of this series, located HERE. If you didn’t follow this guide when building you’re hosts, have a look through it before proceeding as it was done with SDN in mind. If you created your logical switch without disabling all extensions then it’ll block your Network Controller deployment. If that’s the case, remove and redeploy your networking following the guide linked above

Create and Set up SSL Certificates

We will need an SSL certificate to securely communicate with the Network Controller service. If you’re deploying this for testing purposes, then using a self-signed certificate will suffice.

Using a Self-signed Certificate

The following PowerShell will generate an appropriate SSL certificate, add a friendly name and the FQDN for your NC service.

New-SelfSignedCertificate -KeyUsageProperty All -Provider "Microsoft Strong Cryptographic Provider" -FriendlyName "MultiNodeNC" -DnsName @("MultiNodeNC.domain.com")

NOTE:  You can use an IP address instead of a DNS name for the Network Controller service but this is not recommended as it will restrict it to a single subnet.

Now you’ll need to export your new certificate with its private key.

Open the “Certificates” MMC. Press WinKey + R and type “certlm.msc”. Browse to “Personal” then “Certificates”

Right-click the certificate you just created and select “All Tasks”, “Export”

Click “Next” on the welcome screen

Select “Yes, export the private key” and click “Next”

On “Export File Format”, click “Next” to accept the defaults

Enter a password for the private key and click “Next”

Enter a save location and filename for your certificate and click “Next” and “Finish”

You’ll also need the certificate in the .CER format, so run through the above process again but when asked if you want to export the private key, choose “No, do not export the private key”

Using a Certificate Authority Certificate

As the aim of this guide is to get you as close to a production deployment as possible, I’m also going to run through the process for obtaining a suitable certificate from your own internal CA. If you haven’t yet deployed a CA, I’ve covered it in an earlier guide, you can find it HERE

Create SDN Network Controller Certificate Template

Before requesting a certificate from our CA, we’re going to create a custom template to make that request against.

On the domain controller (if it happens to be one) that holds your new CA, click on the Start Menu and type “certtmpl.msc” and press enter to launch the “Certificates Template Console”

We’ll start by duplicating an existing certificate template to work as our base, I used the “Computer” template.

Right-click the “Computer” template and select “Duplicate Template”

On the “General” tab, change the “Template Display Name” to something that makes more sense, I went with “SDN NC Certificate”

Change the “Validity period” to something that works for your organisation, I went with 2 years.

On the “Request Handling” tab, make sure purpose is set to “Signature and encryption” and that “Allow private key to be exported” is ticked

On the “Security” tab, give “Authenticated Users” “Enroll” permissions

On the “Subject Name” tab, select “Supply in the request” and click “OK”

Now we have to issue the certificate to the Certificate Authority

Click on the start menu and type “certsrv.msc” and press enter to launch the “Certification Authority” console

Right-click on “Certificate Templates”, click “New” and “Certificate Template to Issue”

Select the template you just created and click “OK”

Nice, we can now issue our certificates we’re getting there.

On your SCVMM server, click start and type “certlm.msc” and press enter.

Right-click on “Certificates” and select “All Tasks”, “Request New Certificate”

Click “Next” on the “Before You Begin” screen.

Make sure “Active Directory Enrollment Policy” is selected and click “Next”

Tick “Computer Template for SDN NCs” template (or whatever you named your new template) Now click the “More information is required…” link

Select “Common Name” from the “Subject Name” drop-down. Type “NCServiceName.FQDN” in the “Value” field and click “Add”

Select “DNS” from the “Alternative Name” drop-down. Type “NCServiceName.FQDN” in the “Value” field and click “Add”

On the “General” tab, type a “Friendly name” for your certificate. I went with “MultiNodeNC.domain.com2017”. Now click “OK”

Making sure your certificate template is ticked, click “Enroll”, then click “Finish”

Now we want to export the certificate with its private key (.PFX)

Still within the Certificates – Local computer console, navigate to “Personal”, “Certificates”

Right-click on the certificate you just created and select “All Tasks”, “Export”

Click “Next” on the welcome screen.

Select “Yes, export the private key” and click “Next”

Accept the defaults on the next screen and click “Next”

Tick the “Password” box and enter a password for your certificate and click “Next”

Type a file path to save your .PFX file to and click “Next” and “Finish”

You’ll also need the certificate in the .CER format, so run through the above process again but when asked if you want to export the private key, choose “No, do not export the private key”

Use the same method to export your CA root certificate (as a .CER). You’ll find it in the “Trusted Root Certification Authorities”, “Certificates” folder.

It’ll be named like this: domain-CAServerName-CA e.g. “contoso-Server1-CA”

Now, you’ll remember that earlier you downloaded the SDN Service Templates from GitHub and copied two folders “NC” and “SLB” to C:\Temp\ on your SCVMM server.

• Copy the .PFX file you just created to the C:\Temp\NC\ServerCertificate.cr folder
• Copy the .CER file you just created to the C:\Temp\NC\NCCertificate.cr folder
• Copy the CA root certificate you just exported to the C:\Temp\NC\TrustedRootCertificate.cr folder
• Copy the following folders to your SCVMM library share:
  • C:\Temp\NC\Edgedeployment.cr
  • C:\Temp\NC\NCCertificate.cr
  • C:\Temp\NC\NCSetup.cr
  • C:\Temp\NC\ServerCertificate.cr
  • C:\Temp\NC\TrustedRootCertificate.cr

Now refresh your SCVMM library

Import, Configure and Deploy Network Controller Service Template

OK, we can finally start working on the actual deployment of our NC Service template. Let’s import the template we downloaded from GitHub into SCVMM.

Within your SCVMM console, navigate to “Library” and click “Import Template” on the ribbon at the top of the screen

Click “Browse” and navigate to C:\Temp\NC\Network Controller Production Generation 2 VM.xml and click “Next”

On the “Configure References” page, we’re marrying up the custom resources (.cr folders) you copied to your SCVMM library share earlier.

Click the “Pencil” icon next to “TrustedRootCertificate.cr”, select the same from the list and click “OK”

Do the same for “WinServer.vhdx”, “NCSetup.cr” and “ServerCertificate.cr”.

• For “WinServer.vhdx”, select the VHDX you prepared earlier in this guide.
• For “NCSetup.cr”, select the custom resource of the same name.
• For “ServerCertificate”, select the custom resource of the same name

Your screen should now look something like this:

Now click “Next” and “Import”

Now that our template is imported, we need to customise it for our environment.

Navigate to “Library”, “Service Templates” right-click the template you just imported and click “Properties”

Have a look at the “Service Settings” tab. These settings can be configured at the point of template deployment but if we do it here we can save them which means we don’t have to re-enter them if we do something wrong or have to reuse the template

You can modify each value by highlighting it, clicking “Properties” and populating its “Value” field

I’ve created a table below that what value you should be setting against each item:

Setting	What to Configure
ClientSecurityGroup	Enter the "Network Controller Clients" group you created in AD earlier in this guide. It should be in the following format:DOMAIN\NetworkControllerClients
DiagnosticLogShare	I didn't bother with this as I've written a script that grabs these logs if I need them, more on that later.
DiagnosticLogSharePassword	As above
DiagnosticLogShareUsername	As above
LocalAdmin	Browse and select a "Run As" account that will be the local administrator account for the SDN VMs you deploy. If you don't have a Run As account for "Administrator" yet, create it 🙂
Management	Select the "Management" VM network you created earlier
MgmtDomainAccount	Select the Run As Account for the Network Admin user you created earlier
MgmtDomainAccountName	Enter the NC Admin user in the following format: DOMAIN\Username e.g. CONTOSO\NCAdmin
MgmtDomainAccountPassword	Ignore this field as we'll insert this at the point of service deployment
MgmtDomainFQDN	Enter the FQDN of the domain the above account sits on e.g. CONTOSO.com
MgmtSecurityGroup	Enter the "Network Controller Administrators" group you created in AD earlier in this guide. It should be in the following format:DOMAIN\NetworkControllerAdministrators
RestEndPoint	Enter the FQDN you want to use for targeting your Network Controller server e.g. MultiNodeNC.domain.com
ServerCertificatePassword	Enter the password you used to export your .PFX certificate earlier in this guide

NOTE:  Do not create the RestEndPoint in DNS before running your deployment as doing this will cause it to fail. It’ll be added for you. You had to do this in earlier versions but this requirement was removed.

Now we’re going to modify a few of the settings specific to the roles we’re about to deploy.

Right-click your service template and select “Open Designer”

Click “Windows Server Network Controller” to highlight it and select “View All Properties” in the bottom right

On the “Hardware Configuration” tab change “Availability” to high.

This isn’t strictly required as the Network Controller service will continue to function when a node goes down. At the very least though, it’ll save you having to power a node down during maintenance of the host it sits on. Much more elegant to just migrate it to another host in the cluster.

NOTE:  You’ll receive a warning when trying to migrate an NC node to a Hyper-V node that already hosts one. Not an issue if your Hyper-V host count is greater than your NC nodes. It will let you manually migrate two NC nodes to the same host (overruling the Availability Set), I suggest only doing this for maintenance windows and only if it cannot be avoided.

Make sure that if you’ve set a “Classification” for your shared storage in SCVMM that you assign this classification to the VMs disk as not doing so will cause you problems during the deployment.

On the “OS Configuration” tab, modify the “Identity Information” field to something that makes sense for your organisation. This is the name convention used for deploying your NC nodes. So using Blog-NC# will name your NC nodes, Blog-NC1, 2 and 3. Using Blog-NC## will name them Blog-NC01, 02 and 03…dealers choice 

Now click “OK”

Now click “Configure Deployment”

Enter a name for your NC Service and choose the host group that contains the Hyper-V hosts you’re deploying your NCs to.

If you’ve followed all the above steps correctly, “Network Settings” should be pre-populated.

Now click “OK”

When you’re first presented with the “Deploy Service” screen your Hyper-V host status will show as “No suitable host”, don’t worry about this, it’s perfectly normal.

Under “Settings”, everything other than “MgmtDomainAccountPassword” and “ServerCertificatePassword” should be pre-populated. Enter the relevant passwords now.

Now click “Refresh Preview”. This will validate the deployment including checking that the Hyper-V hosts are suitable for hosting your NC VMs

You should now be looking at a screen similar to the following (stars are a good sign):

If you receive any errors at this point, it’s likely that one of the previous steps has been missed and you’ll be provided with an error message to help you troubleshoot the cause. Assuming all is as above though, click “Deploy Service” and select “OK”

The deployment will take a good while (upwards of an hour), so go grab yourself a coffee. All going well you should see the following when you get back:

It’s worth noting that if your deployment fails and the error doesn’t really mean a great deal to you, right-click the failed job and select “Restart”. The job will try to continue from the point it failed. It’s amazing how many times this actually works. If this fails again though, it’s troubleshooting time. Feel free to post a comment on this guide if you get stuck and I’ll do my best to assist (time permitting).

Add Network Controller Service to SCVMM

So we’ve successfully deployed our Network controller service, at this point though it’s sitting there doing nothing. After all this hard work, we’re not having that

Browse to “Fabric”, “Networking”, right-click “Network Service” and select “Add Network Service”

Click “Next” on the “Getting Started” screen.

Enter a name for your new network service and click “Next”

Makes sure “Manufacturer” and “Model” show as “Microsoft” and “Microsoft Network Controller” respectively and click “Next”

Select the Run As Account you created earlier for your Network Controller admin user and click “Next”

In the “Connection string” box, enter the following (modified for your environment):

“serverurl” should be the Rest DNS FQDN you entered into the “RestEndPoint” field when deploying the service template (highlighted in green in the screenshot below):

“servicename” should be the name you gave your Network Controller service at the point of deployment (highlighted in green in the screenshot below):

NOTE:  If you put spaces in your “servicename” (I didn’t), these will be accepted in the connection string without quotes and without issue.

So for this deployment, that would look like:

serverurl=https://MultiNodeNCService.domain.com;servicename=MultiNodeNetworkControllerService

Now click “Next”

Unfortunately, I don’t have screenshots for the next couple of tasks so we’ll have to go old school (and from memory):

On the “Certificates” screen a connection if made to one of your network controller VMs to retrieve the certificate that was configured during the deployment. Being that we used a CA issued certificate, select the following options and click “Next”:

• These certificates have been reviewed and can be imported to the trusted certificate storebox
• This certificate was issued from a Certification Authority…words to that effect, I can’t currently check it 🙁  It’s the only other checkbox there though

  

On the “Gather Information” tab, click “Scan Provider”. This will connect to your NC service to list its properties and list their status.

If you can see the following “isNetworkController = true”, everything should be working as intended and you can click “Next”

On the “Host Group” tab, make sure you have the correct host group selected (the one you selected when deploying the NC service, marked in green in the screenshot below).

Now click “Next” and “Finish”

The job shouldn’t take long to complete and should look something like this:

Nice one, we’re getting there. Now to check that it does what it’s supposed to do

Validate your Network Controller Deployment

Now that we’ve got our Network Controller service in and configured, there is one last thing to do before we can create our tenant VM networks and do some cross VM testing. As you will have read in my SDN overview post, encapsulated traffic is carried over the Provider Address network, so we’re going to go create that now. As per the overview, you should have already configured the Provider Address on your Top of Rack switches.

Within your SCVMM console, navigate to “Fabric”, “Networking”, right-click “Logical Networks” and select “Create Logical Network”

Give your logical network a name and click “Next” e.g. “Provider Address Network”

Select “One connected network”, “Allow new VM networks created on this…”, “Managed by the network controller” and click “Next”

• Under “Network Sites” click “Add” and select the host group that contains your SDN enabled Hyper-V hosts.
• Click “Insert row” and enter the “VLAN” and “IP subnet” (using CIDR notation e.g. 10.10.10.0/24) you configured on your TOR switches for your Provider Address network.
• Now click “Next” and “Finish”

Now we need to give our new logical network a static IP pool to work with as IPs on this network are allocated to Hyper-V hosts and the SLB/MUXes automatically.

Right-click your “Provider Address” logical network and select “Create IP Pool”

Give your IP Pool a name that makes sense, I usually type the name of the logical network – IP Pool e.g. “Provider Address Network – IP Pool”

Confirm that the logical network selected in the drop-down is your Provider Address network and click “Next”

The default settings should be correct, and read as follows:

• “Use an existing network site”
• Network Site: “Your Provider Address network”
• IP Subnet: “The IP subnet you configured in the network site for your logical network”
• VLAN: “The VLAN you configured in the network site for your logical network”

Click “Next”

In “Starting IP address” enter the 4th IP address in your chosen range. For me this will be .4, you can leave the “Ending IP address” at its default.

Now click “Next”

Click “Insert” and type the default gateway configured on your Provider Address network, for me this will be .1

Now click “Next”

Click “Next” past DNS and WINS as they’re not required for this network.

Now click “Finish”

So we now have our Provider Address logical network and associated static IP pool, all that’s left to do is allow it to make use of the Uplink port profile on the logical switch that’s deployed to our Hyper-V hosts.

Navigate to “Fabric”, “Networking”, “Port Profiles” and right-click the uplink port profile configured on your Hyper-V hosts logical switch and select “Properties”

On the “Network configuration” tab, place a tick in the “Provider Address” network site you created earlier and click “OK”

So you should now have a Provider Address logical network with static IP pool that is available to all hosts in your Network Controller managed SCVMM host group.

Now for the fun bit, making sure all this work got us a working network controller

Create Tenant Virtual Networking

To test that everything is working as it should be, we’re now going to create a Tenant VM network (backed by the Provider Address logical network we just created) with an IP pool, spin up two VMs and attach them to said network. We will then enable ping through Windows Firewall on both VMs and try to ping between them…exciting stuff

If you’ve done this before, you can skip to the bottom where I’ve got some Powershell that does the same thing with a lot less effort.

Within your SCVMM console, navigate to “VMs and Services”, right-click on “VM Networks” and select “Create VM Network”

Enter a name for your tenant VM network.

Make sure you’ve selected your Provider Address network from the “Logical Network” dropdown and click “Next”

Select “Isolate using Hyper-V network Virtualization” and click “Next”

NOTE:  At the time of writing this, you cannot select “No isolation” for Network Controller managed logical networks.

• Click “Add” to add a VM subnet to the network.
• Enter a name and a subnet in CIDR notation e.g. 10.10.10.0/24 – As this subnet is virtualised, it can be anything. You could use the same subnet for every tenant if you wished.
• Now click “Next”

Being that we’ve not yet deployed and configured the SLB/MUX service yet, leave the “Connectivity” page at its defaults and click “Next” and “Finish”

Create Tenant VM Network Static IP Pool

Now we need to add a static IP pool to our tenant network.

Right-click the VM Network you just created and select “Create IP Pool”

Enter a name for the IP Pool, “VM network” and “VM subnet” will be auto-populated with the correct values.

Now click “Next”

Enter a “Starting IP address” within your subnet range, I suggest starting at .4

Leave “Ending IP address” as it’s default and click “Next”

Click “Insert” and add a default gateway for the IP Pool, .1 is usually the go to here.

Now click “Next”

Insert appropriate DNS servers and suffix for your IP Pool and click “Next”

Click “Next” to skip WINS, or populate as required.

Now click “Finish”

Validation Time

Now that we’ve got our tenant networking configured, we’ll want to deploy two VMs and attach them to this network. I won’t go into detail on how to deploy VMs as I expect you’ve got that nailed by now

Once you’ve got two VMs up and running, let’s attach them to your new tenant VM network:

Navigate to your first tenant VM, right-click it and select “Properties”

• On the “Hardware Configuration” tab, click on the VMs network adapter
• Select “Connected to a VM network”
• Click “Browse”
• Select the VM network you created earlier and click “OK”
• Select the VM subnet from the drop-down
• Click “OK”

Repeat the same steps for your 2nd VM.

With both VMs now attached to the same network, log onto them both and give them an IP from the static pool you configured earlier (.4 and above remember).

Run the following PowerShell on both VMs to allow ICMP requests (Ping) through Windows Firewall:

New-NetFirewallRule –DisplayName "Allow ICMPv4-In" –Protocol ICMPv4

You should now be able to ping across both VMs you just connected to your Network Controller managed VM network…congratulations.

Create Tenant Networking Using PowerShell

The following PowerShell will do exactly what you’ve done above but with significantly less legwork

Here’s a breakdown of what steps it takes:

• Get your Provider Address network
• Asks user to input a name for the new VM network
• Creates new VM network
• Asks user to input a subnet for the new VM network
• Creates new subnet for VM network
• Configures starting, ending IP and default gateway based on subnet entered above
• Sets Google DNS server (this can be changed in the script as required)
• Creates new static IP pool
• Asks users to enter SCVMM displayed computer name for both VMs that we want to attach to new VM network
• Attaches both VMs to new VM network, this also configures both VMs with an IP from the new static pool

Log onto your SCVMM server and open an elevated PowerShell ISE console.

Paste the following code into the editor and run it:

Clear-Host
# Create Tenant VM Network
$PA_Network = Get-SCLogicalNetwork | ? NetworkVirtualizationEnabled -eq true | ? IsManagedByNetworkController -eq true
$VMNetName = Read-Host "Please enter a name for your new Tenant VM Network"
$VMNetwork = New-SCVMNetwork -Name $VMNetName -LogicalNetwork $PA_Network.Name -IsolationType "WindowsNetworkVirtualization" -CAIPAddressPoolType "IPV4" -PAIPAddressPoolType "IPV4"

# Create Tenant VM Subnet
$SubnetRequest = Read-Host "Please enter a subnet for your new VM Network using CIDR notation e.g. 10.10.10.0/24"
$Subnet = New-SCSubnetVLan -Subnet "$SubnetRequest"
$VMSubnet = New-SCVMSubnet -Name ($VMNetName + " - Subnet 1") -VMNetwork $VMNetwork -SubnetVLan $Subnet

# Create Tenant VM Network IP Pool
$SubnetGW = $SubnetRequest.Replace("0/24","1")
$SubnetStart = $SubnetRequest.Replace("0/24","4")
$SubnetEnd = $SubnetRequest.Replace("0/24","254")
$DefaultGateway = New-SCDefaultGateway -IPAddress $SubnetGW -Automatic
$DNSServer = "8.8.8.8" # Configured to use a Google DNS server, change this as required.
New-SCStaticIPAddressPool -Name ($VMNetName + " - IP Pool") -VMSubnet $VMSubnet -Subnet $SubnetRequest -IPAddressRangeStart $SubnetStart -IPAddressRangeEnd $SubnetEnd -DefaultGateway $DefaultGateway -DNSServer $DNSServer -RunAsynchronously

# Attach VMs to new Tenant VM Network
$VMSwitch = Get-SCLogicalSwitch | ? VirtualSwitchExtensions -like "*Microsoft Network Controller"
$VM1Nic = Get-SCVirtualMachine -Name (Read-Host "Please enter the name of your first VM to add to your new Tenant network") | Get-SCVirtualNetworkAdapter
$VM2Nic = Get-SCVirtualMachine -Name (Read-Host "Please enter the name of your second VM to add to your new Tenant network") | Get-SCVirtualNetworkAdapter
Set-SCVirtualNetworkAdapter -VirtualNetworkAdapter $VM1Nic -VMNetwork $VMNetwork -VMSubnet $VMSubnet -VirtualNetwork $VMSwitch -IPv4AddressType Dynamic -IPv6AddressType Dynamic -NoPortClassification
Set-SCVirtualNetworkAdapter -VirtualNetworkAdapter $VM2Nic -VMNetwork $VMNetwork -VMSubnet $VMSubnet -VirtualNetwork $VMSwitch -IPv4AddressType Dynamic -IPv6AddressType Dynamic -NoPortClassification

Now log onto both VMs and run the following from an elevated PowerShell console:

New-NetFirewallRule –DisplayName "Allow ICMPv4-In" –Protocol ICMPv4

You should now be able to ping between both VMs.

OK, so that was another long one folks, but you do now have the start of a working SDN deployment

Join me in part 10 when I’ll run through a Software Load Balancer service deployment. Hope to see you then!