VMware components review, and how to prepare the host server: Windows series

Part one of this series offered basic guidelines and a brief look at how VMware Server works. Moving right along, this installment reveals the important components and services within VMware Server and how to prepare the host servers. Future segments cover Windows installation, VMware Server security and more.

Components of VMware Server

So, let's look at the most important components of VMware Server, which include user accounts and groups, services and executables.

User accounts and groups
VMware Server creates a user account on the server called "__vmware_user__" when it is installed. This seems to be a hold over from the GSX days and seems to have been supplanted by the VMware Authorization Service.

Glossary and links Here you'll find every link and term mentioned throughout this series.

VMware Server also creates a group on the server called "__vmware__". "__vmware_user__" is a member of this group. Members of this group have the "SE_INTERACTIVE_LOGON" user right that enables them to log on locally. This is a good group to use to grant non-administrative accounts the ability to remotely connect to the VMware Server.

Services
VMware Server has the following service components:

The VMware Authorization Service is what listens for incoming connections from local and remote VMware Server Console applications. It listens on port 902 for these incoming connections. The service also authenticates users.

The VMware DHCP Service serves IP addresses to VMs on the server that are NATd or on private networks.

The VMware NAT Service is what allows VMs on the NATd networks to communicate with the public Internet.

The VMware Registration Service is used to stop and start VMs and manage their connections.

Executables
VMware-cmd.exe can be used to control VMware Server and the VMs from the command line. To learn more about this command simply type the following on a command prompt, "%ProgramFiles%\VMware\VMware Server\vmware-cmd.exe". More information on this command can also be found at www.vmware.com/support/developer.

VMware-vmx.exe is the process that hosts the actual VMs. The security context in which this command is run is very important and will be discussed later.

Table of contents How VMware Server works Components of VMware Server and preparing the host server Installing Windows and configuration tips Windows security and IIS SMTP and VMware Server More configuration Creating a virtual machine Installing a guest operating system and conclusions

Management user interface
Now deprecated in VMware VI3, the MUI is a way to interact with the VMware Server via a Web browser. It is accessible via HTTP at http://%HOSTNAME%:8222/ and HTTPS at http://%HOSTNAME%:8333/. SSL is enforced by default.

Preparing the host server

Before beginning, unplug the server's ethernet cables from their network ports. Most servers get hacked because they are installed in an unsecured state. Secure the server off the network and then restore its network connectivity at a later time.

If the server only has one network port, it helps to install a PCI ethernet card to provide an additional network port. This will allow for a private management network interface and a public network interface for the virtual machines.

Many of the steps to facilitate a private management network interface are discussed later in this document under the RDP, Firewall and VMware sections, but one step is possible at this time. Out of all available NICs on the server, patch one of those NIC's ethernet cables into a private network. The network does not even need to have access to the public Internet; its sole purpose is to provide the server administrator with access to the server.

If for some reason this cannot be accomplished, do not worry, it is still possible to create a private management network interface using the tools that Windows provides. A true, physical, private network is just a nice added layer of security.

RAID

An oft-overlooked part of configuring an application is its disk I/O requirements. More often than not, slow disk access is the culprit when it comes to errors with VMs rather than the usual suspects of CPU and memory.

One way to ensure the best possible disk I/O is to properly configure the server's RAID containers. The number of disks available to the server should determine the RAID configuration. Here is a handy list that you can use:

- 2 disks - 1 container, RAID-1 (mirror)

- 3 disks - 1 container, RAID-1 with hotspare

- 4 disks - 1 container, RAID-10

- 5 disks - 1 container, RAID-10 -OR- 2 containers, RAID-1 (system), RAID-1 with hotspare (data)

RAID-5 was not used, because although it is popular, there is a performance penalty for computing parity on every write.

While everyone has their own RAID configuration preferences, the attempt was made to present a few configurations that will provide the best possible disk access times without sacrificing redundancy. The labels "system" and "data" indicate in which container the OS should be installed and the data (in this case, the VMs) should be stored, respectively.

In part three, we'll discuss how to install Windows and its components.

Go back to part one

Go to part three

Rate this Tip To rate tips, you must be a member of SearchVMware.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.