Deploying vSRX in a Hyper-V Host Using Windows PowerShell
Use this procedure to deploy and configure the vSRX as a virtual security appliance in the Hyper-V environment using Windows PowerShell.
Note the following for deploying vSRX on a Microsoft Hyper-V server:
Starting in Junos OS Release 15.1X49-D80 and Junos OS Release 17.3R1, you can deploy the vSRX only on Microsoft Hyper-V Server 2012 R2 or 2012.
Starting in Junos OS Release 15.1X49-D100 and Junos OS Release 17.4R1, you can deploy the vSRX on Microsoft Hyper-V Server 2016.
To upgrade an existing vSRX instance, see Migration, Upgrade, and Downgrade in the vSRX Release Notes.
To deploy vSRX using Windows PowerShell:
- Download the vSRX software image for Microsoft Hyper-V
from the Juniper
Networks website. The vSRX disk image supported by Microsoft
Hyper-V is a virtual hard disk (VHD) format file.
Do not change the filename of the downloaded software image or the installation will fail.
- On the Windows desktop, click the Start button and type Windows PowerShell.
- Right-click Windows PowerShell and select Run as administrator.
- Run the following command to enable Hyper–V using
Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All
- Enter the New-VM command to create the vSRX
VM. The command syntax is as follows:
PS C:>\Users\Administrator> New-VM -Name <Name> -MemoryStartupBytes <Memory> -BootDevice <BootDevice> -VHDPath <VHDPath> -Path <Path> -Generation <Generation> -Switch <SwitchName>
See Table 1 for a summary of the parameters in the New-VM command.
Table 1: New-VM Command Parameters
Specify a name for the vSRX VM that you are creating. We recommend keeping this name the same as the hostname you intend to give to the vSRX VM.
Enter 4GB as the amount of startup memory to assign to the vSRX VM.
Enter VHD as the device that the vSRX VM boots to when it starts.
Specify the location of the vSRX virtual hard disk (VHD) file that you want to deploy.
Specify the location to store the vSRX VM configuration files.
Enter 1 to create a generation 1 virtual machine for the vSRX.
Specify the name of the virtual switch that you want the vSRX VM to assign to a network adapter used by the vSRX VM. Each network adapter that is defined for a vSRX is mapped to a specific interface. See Requirements for vSRX on Microsoft Hyper-V for a summary of interface names and mappings for a vSRX VM.
Note: To locate the name of a previously created virtual switch, use the Get-VMSwitch command. See Adding vSRX Interfaces for the procedure on adding virtual switches for the vSRX VM using the Virtual Switch Manager.
The following is an example of the New-VM command syntax for creating a vSRX VM:
PS C:>\Users\Administrator> New-VM -Name vSRX_0109 -MemoryStartupBytes 4GB -BootDevice VHD -VHDPath C:\Users\Public\Documents\Hyper-V\vsrx-0109-powershell\vsrx\media-vsrx-vmdisk-151X49D80.hyper-v.vhd -Path ’C:\Users\Public\Documents\Hyper-V\vsrx-0109\’ Generation 1 SwitchName test
- Set the number of processors for the newly created vSRX
VM by entering the Set-VMProcessor command. Specify Count 2 for the number of processors. For example:
PS C:>\Users\Administrator> Set-VMProcessor -VMName <vSRVName> -Count 2
- Verify the newly created vSRX VM by entering the Get-VM command. For example:
PS C:>\Users\Administrator> Get-VM -VMName <vSRVName>
The output for the command is as follows:
Name State CPUUSage(%) MemoryAssigned(M) Uptime State Version vSRX_0109 Off 0 0 00:00:00 Operating normally 8.0
- Enable the MAC address spoofing function for the vSRX
VM if a network adapter is to be used as an interface for Layer 2
on the vSRX. MAC address spoofing allows the vSRX VM’s network
adapter to change its source MAC address for outgoing packets to one
that is not assigned to them. Enabling MAC address spoofing ensures
those packets are not dropped by the network adapter if the source
MAC address fails to match the outgoing interface MAC address.
The command syntax is as follows:
PS C:>\Users\Administrator> Set-VMNetworkAdapter -VMName <vSRVName> –computerName <HyperVHostName> –VMNetworkAdapter <NetworkAdapterName> -MacAddressSpoofing On
Verify that MacAddressSpoofing is On.
PS C:>\Users\Administrator> Get-VMNetworkAdapter -VMName <vSRVName> –computerName <HyperVHostName> | fl <HyperVHostName>name,macaddressspoofing
The output for the command is as follows:
Name : vSRX_0109 MacAddressSpoofing : On
- Enable nested virtualization for the vSRX VM by using
the Set-VMProcessor command, where VMName is the name of the vSRX VM you created. By default, the virtualization
extensions are disabled for each VM. Nested virtualization allows
you to run Hyper-V inside of a Hyper-V virtual machine. For example:
PS C:>\Users\Administrator> Set-VMProcessor -VMName <vSRX_0109> -ExposeVirtualizationExtensions $true
Nested virtualization can only be configured on a host running Microsoft Hyper-V Server 2016. In addition, Dynamic Memory must be disabled on the virtual machine containing the nested instance of Hyper-V.
- Launch and power on the vSRX VM by using the Start-VM command, where Name is the name
of the vSRX VM you created. For example:
PS C:>\Users\Administrator> Start-VM -Name <vSRX_0109>
- Configure the basic settings for the vSRX (see Configuring vSRX Using the CLI).