Tip

Citrix adds Active Directory integration to XenServer 5.5

By many accounts, Citrix Systems' XenServer is a serious contender for server virtualization in many environments. But how many of us have taken the product for a spin? If you have considered

    Requires Free Membership to View

Citrix virtualization for any virtual infrastructure, here are some of its new features and key considerations before installing XenServer 5.5.

For starters, Citrix is a longtime player in virtualization. The company's presentation virtualization systems are among the top virtualization technologies. XenServer has roots in the open source Xen hypervisor which Citrix has supported to become part its XenServer and XenCenter offerings.

New Active Directory integration
XenServer 5.5 offers new features, including the highly anticipated Active Directory integration. By many accounts, this was the biggest change needed for XenServer to be considered enterprise-class. The integration allows role-based access to be assigned to users and groups through the de facto standard of organizational user account provisioning.

Since this is the most anticipated feature of XenServer 5.5, it's worth noting some of the configuration details. Above all else, it is important to know what can and cannot be done with XenServer and XenCenter's integration with Active Directory-integrated authentication. Configuring XenServer for Active Directory-integrated security is fairly straightforward: As shown in Figure 1 below, authentication for each pool configured for the XenServer hosts can be enabled via the Pool menu.

Figure 1

Once pointed to an Active Directory domain (Windows Server 2003 or higher), XenServer can apply security configurations to objects in the pool. As shown in Figure 2 below, Users or groups being added to the security configuration are enumerated to the pool,.

Figure 2

At this point, what actually happens may not be what most administrators expect, however. These steps create a computer account in the Active Directory domain for each XenServer system for most configurations. From the example configuration above, a computer account was created and put in the computer's organizational unit (OU). Figure 3 shows this new Active Directory object:

Figure 3

Architecturally, each pool has a designated master among the member XenServer nodes. This in itself isn't a showstopper; it is just a feature of which administrators need to be aware. Furthermore, if a virtual server administrator is not in charge of Active Directory, he should communicate with other IT groups to ensure that this computer account object does not get deleted. The ramifications of moving this computer account out of the computer's OU or having any group policy applied to it are unclear. This new feature is a must-have for XenServer in the enterprise. Administrators who are accustomed to other virtualization packages have to learn about the behavior of Active Directory-integrated security.

Other new features
While the Active Directory-Integrated security is the premier new feature for XenServer 5.5, the following improvements are also available:

Enhanced storage compatibility -- XenServer 5.5 now permits live virtual machine (VM) snapshot and clone operations for all storage types (Network File System [NFS], iSCSI and Fibre Channel). Previously, NFS and local storage were the most functionally broad storage platforms.

Workload-Balancing server -- The XenServer 5.5 suite includes a dedicated server for aggregate resource management. The Workload-Balancing server is a series of data collectors that interact with a dedicated database to provide VM startup placement decisions, host failure VM actions and coordinated host power-down operations. The Citrix website offers an overview of this new feature.

Additional OS support -- XenServer 5.5 now supports the following guest operating systems:

  • Windows Server 2008 (x86 and x64)
  • Windows Vista x86
  • Windows Server 2003
  • Windows XP SP2
  • CentOS Linux 4.5, 4.6, 4.7, 5.0, 5.1, 5.2, 5.3
  • Red Hat Enterprise Linux 3.6, 4.5, 4.6, 4.7, 5.0, 5.1, 5.2, 5.3
  • SUSE Linux Enterprise Server 9 SP2+, 9 SP1+, 11
  • Debian Linux Etch, Lenny

Hardware compatibility
With Version 5.5, there are no groundbreaking requirements changes. Recent versions of XenServer have been native 64-bit hypervisors, and this version introduces no major changes related to the processors. With some implementations, however, XenServer does, however, pose a potential obstacle . For example, on processors that are not Intel Virtualization Technology-enabled, XenServer can install but cannot run Windows VMs. During an installation, a system message may appear stating that virtualization assist is not available on the processors. That warning applies only to older processors. In comparison, VMware ESXi 4 and Hyper-V can be installed on these same processors and run Windows VMs.

Hardware compatibility with your virtualization technology is a critical part of the planning process for virtualization implementations of all sizes. In addition to using the Citrix XenServer Hardware Compatibility List, ask your hardware vendor for product roadmaps so that you can make informed spending decisions in line with the technology.

Shared-storage repositories
Although XenServer does not offer a hypervisor-native clustered file system, Version 5.5 adds functionality for larger implementations using Fibre Channel and iSCSI. Previously, XenServer's ability to use Fibre Channel and iSCSI storage systems in a shared-zoning capacity was limited. XenServer 5.5 introduces a shared-storage repository to make Fibre Channel and iSCSI storage systems visible to multiple hosts.

The first step in configuring XenServer 5.5 for a shared-storage repository is to create a base storage repository for the pool. When the software iSCSI initiator is used, a dedicated management interface is used for this traffic. This is important in security-zone placement for the storage traffic. It's easy to add a shared-storage repository in XenCenter. Figure 4 below shows this task being executed for two host pools for an iSCSI storage resource.

Figure 4

Like any other virtualization platform, XenServer requires more planning for storage than any other area. Beyond the XenServer Hardware compatibility List, consider security zones as part of the architecture of the storage networks. This is especially important for iSCSI and NFS networks.

Summary
This version of XenServer allows administrators to take make a case for taking a tier of the virtualized infrastructure. While the price is right, proper management of permissions, storage and virtual machines requires a lot of planning. While no blanket recommendation can be made, this tip outlines some of the critical points to consider when preparing to install XenServer 5.5.

About the author:
Rick Vanover (VCP, MCITP, MCSA) is a systems administrator at Safelite AutoGlass in Columbus, Ohio. He has over 12 years IT experience and focuses on virtualization, Windows-based server administration and system hardware.


This was first published in July 2009

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.