We have a requirement to ensure that all of our subnets are covered by McAfee HBSS Rogue System Detection (RSD). RSD does nothing but scan the subnet it resides on and reports to the McAfee ePO server if there are other computers on the network without the McAfee HBSS Agent installed.

Our plan is to deploy at least one Windows 10 VM across all of 14 subnets that currently do not have an RSD sensor. Those subnets are separate from the subnet that the Hyper-V host resides on. Is it possible to have 14 VMs on the host spanning 14 different subnets, and if so, how do I go about doing it? For testing purposes I'm trying to get this working on 1 VM for the time being.

Here’s the current setup:

• The enclosure is a Dell PowerEdge VRTX, with eight physical NICs.
• Inside the enclosure are four PowerEdge M620 Blades, with 2 vNICs provisioned to each blade via the VRTX integrated switch. For the time being, we're only working on one of the blades.
• The blade I’m working on has Windows Server 2016 Datacenter installed with the Hyper-V role installed.
• Both my workstation and the Hyper-V host (x.x.252.4 /24) are able to ping the gateway (x.x.24.81) of the network (x.x.24.80 /28) that I want the test VM to be on.

Here’s what I’ve tried:

Configuration 1

• Within Hyper-V I have created a vSwitch named "External vSwitch". The connection type is to "External network" and it connects to one of the 2 vNICS provisioned to the blade. The option "Allow management operating system to share this network adapter." is enabled.
• No IP is assigned to the the vSwitch on the Hyper-V host via “Network Connections”
• On the Hyper-V host I have created a Windows 10 VM with its vNIC configured to "External vSwitch". Under the vNIC's Hardware Acceleration settings, I have disabled "Enable virtual machine queue".
• The Windows 10 VM is given an IP address of x.x.24.90 /28
• Both my workstation and the Hyper-V host (x.x.252.4 /24) are able to ping the gateway (x.x.24.81) of the network (x.x.24.80 /28) that I want the VM (x.x.24.90) to be on.
• The VM (x.x.24.90) is unable to ping the Hyper-V host (x.x.252.4) or its gateway (x.x.24.81). (No surprises here)

Configuration 2

• Within Hyper-V I have created a vSwitch named "External vSwitch". The connection type is to "External network" and it connects to one of the 2 vNICS provisioned to the blade. The option "Allow management operating system to share this network adapter." is enabled.
• The vSwitch is assigned an IP address of x.x.24.90 /28
• On the Hyper-V host I have created a Windows 10 VM with its vNIC configured to "External vSwitch". Under the vNIC's Hardware Acceleration settings, I have disabled "Enable virtual machine queue".
• The Windows 10 VM is given an IP address of x.x.24.91 /28
• The VM (x.x.24.91) is able to ping the Hyper-V host (x.x.24.90) but not its gateway (x.x.24.81).

Even if I can get the test VM to end up communicating with its gateway, is there a solution that I can use for the remaining 13 VMs on the one physical host? I know that you can only have 1 vSwitch per physical NIC, so I know it’s not possible to create a vSwitch for all 13 VMs.

I've read a few places that Routing and Remote Access might be the way to go, but I'm not sure exactly what the configuration is supposed to look like on the host or the VMs.

Is there a solution that would require creating a vSwitch without the option "Allow management operating system to share this network adapter." enabled?

Is there a route statement on the Hyper-V host or the VM that I’m not thinking of? Is there a configuration within the VRTX chassis and/or VRTX internal switch that I need to look at?

Would configuring the Hyper-V host to have the DHCP role and have IP addresses assigned to multiple Internal vSwitch(es) by DHCP be a possible solution? If so, how do I route the traffic from the Internal vSwitch out of the Hyper-V host?