Koozali.org: home of the SME Server

Vmware - SME Windows virtual client - best practice.

Offline arne

  • ****
  • 1,116
  • +0/-4
Vmware - SME Windows virtual client - best practice.
« on: January 14, 2008, 11:42:26 PM »
As I observed this exelent howto on the wiki of how to install the Vmware virtual server on the SME server, I realized I have to try it out.

http://wiki.contribs.org/Vmware

Installation went very smooth and it apeared that that or those persons that has done this howto have done a real good job.

The question that I had to ask myself was: Why should I run a virtual server on my SME server, what could this be used for, and should I run something like a virtual Linux server installation under a real Linux server installation ?

The idea that struck me was that there might be an intersting thing to check out if I could run some kind of a Windows klient inside the sme gateway. I also got that idea that it could be intesting to connect a web cam to the virual Windows installation to be able to perform remote visual observations from the server area.

My first installation was a Windows 2000 Pro SP4 installation on a SME test server that was natted in from the SME gateway. Except for some problems to get the camera up and working and externally accessable, this went rather nice and everything seemed to be working rather stable and OK. After rebooting the SME server the web cam was still on.

For my second attempt I decided to install a vitual Windows XP SP2 installation direct on my SME gateway doing the same camera things. This time it apeared to be some instability so that the virtual windows client worked for a while, and then crached. (Could be related to Windows 2000 versus Windows XP but could also be related to difrent hardware, drivers etc.)

I tried out two ways of doing remote control for the virtual Windows client from hotspots, restricted lan areas etc.

Method number one was to install the free Vmware console program on the client PC and then to do ssh tunneling to the gateway via a ssh connection running on TCP 443. This worked, but the connection apeared to be to slow to be able to say this worked good. It was working bether for the virtual Windows 2000 installation than for the virtual XP installation.

I then also tried to install the free logmein service on the virtual Windows 2000 installation and the virtual Windows XP installation. IT apeared that the logmein service gave a far bether and quicker connection to the virtual, installations compared with using the Vmware console program via a ssh tunnel. http://www.logmein.com

What I'm thinking of now is if I should replace the virtual XP installation with a virtual Win 2000 installation on the gateway to see if this works bether.

What I am courious about is any of you has some good ideas or positive or negative experiences, about how to use the option of running virtual operating system at or inside the SME server.
......

Offline arne

  • ****
  • 1,116
  • +0/-4
Re: Vmware - SME Windows virtual client - best practice.
« Reply #1 on: January 17, 2008, 12:49:52 AM »
To use a USB web cam connected to a virtual Windows installation apeared to be a bit tricky and hardware dependent. On the one PC both WIndows XP and WIndows 2000 crached when the Web cam were conncted. On the other PC Windows 2000 runned more stable with the web cam, but it was a bit tricky to configure. The web cam alternative is now a closed project.

It is my general impression that an updated Windows 2000 installation is a very good alternative if one should like to have a virtual Windows client inside the SME server. I guess there is a lot of unused Windows 2000 licenses around also. The virtual Windows 2000 pro performs very good with only 256 MB dedicated RAM.

One other alternative that I have tested out is to install 2 or 3 virtual SME servers configured as "server-only", inside the real sme gateway, for testing purposes, and to try out new contribs, software installations, etc. It works very nice I think when running one vitual Windows 2000 client against one virtual sme server, at the time, each using 256 MB dedicated ram. When tests does now work to well the virtual sme server can just be deleted and replace by a bacup copy.

These are my best options for the practical use of the vmware contrip until now.

If anyone has some good or bad experiences or any ideas how to use the vmware contrip in the best practical way on the SME server, it would be interesting to know.

By the way, don't know if it is possible to forward external traffic to a virtual server via the ordinary server-manager forwarding configuration tool. I guess this will be possible, but I have not tried. 

When it comes to the security issue, I noted that the vmware contrib did only install a bridge connected to the lan card as default (not the wan card.) To open up for web access to a virtual server running inside a SME gateway, will I guess involve some security issues. (For testing purposes only, I guess.)
I guess it will be right to say that virtual servers can not be runned at all in a internet connected SME gateway, if security should be maintained on a "reasonable level". (There will anyhow be to many unklear and possible sideeffects.)

If there is some ideas around about "the virtual alternative" it would be interresting to know.
......

Offline thomasch

  • *
  • 232
  • +0/-0
Re: Vmware - SME Windows virtual client - best practice.
« Reply #2 on: January 17, 2008, 03:15:02 AM »
When tests does now work to well the virtual sme server can just be deleted and replace by a bacup copy.

To delete and replace virtual os with backup copy is too complex to me I think.

Vmware have snapshot feature. It can be use as a backup copy of 'last good configuration' of the guest OS, or maybe as a 'frozen clean install'. You can roll back to the last snapshot instead delete and copying vmdk files.

My 1500 Rupiahs (I'm in Indonesia).

Offline arne

  • ****
  • 1,116
  • +0/-4
Re: Vmware - SME Windows virtual client - best practice.
« Reply #3 on: January 17, 2008, 09:36:05 AM »
Thanks for good ideas  :)

Increasing or reducing the number of virtual servers is actually next to nothing when you first have made one. If you have a virtual SME server in a folder sme01 and you then multiply this folder using the copy function up to sme01-sme10, then you got 10 virtual server installations. If you delete 3 folders with content you got 7. This makes it extremely simple, quick and easy to test out contribs, new software, etc.

For reasons I do not understand I can not obtain https access from lan to the virtual server (normally running one at the time.)
When using a virtual Windows 2000 client, on the virtual lan inside the SME server, against the virtual sme server installation, this is not a problem.

I have noted that the snapshot feature is there on the server console, but I have not used it, as it is so simple to copy up and make more virtual servers from one "original installation".

I will say that the vmware contrib works unbelivable well, and the installation according to the wiki also turns out to give very good configuration alternatives when using only default options, for server-only installations, and for server-gateway installations. (I'm using a private server-gateway installation at the moment, to make it a little bit more safe.)

By the way Norway here. Cold, dark and bad at the moment, so it is not much more to do here at the moment than playing with SME boxes.
......

Offline arne

  • ****
  • 1,116
  • +0/-4
Re: Vmware - SME Windows virtual client - best practice. (??!!)
« Reply #4 on: January 20, 2008, 12:13:40 AM »
The firewall routing situation related to virtual installations apear to be a difficult thing, at least when the host sme server is running as a gateway. (Using standard firewall. Did also try with an alternative firewall configuration, but it did not help.)

It is difficult to get communication trough to the internal virtual servers from the LAN and from internet. Ordinary port forwarding to the virtual servers seems not to be working.

It looks like the only way to gain "full acess" to the virtual installation is to also have a virtual WIN2000 or XP client running on the virtual lan. This can be used for testing but possibly not for mych more (??!!)

Could this be a question of routing so that the packets arriving at eth0 and eth1 does not know where to move to find "the virtual lan" (??!!)

Could it be that the only practical way to run virtual installations on a SME server is if you run the SME server in server-only mode when the single network card is bridged over to the virtual servers som that the virtal installations will belong to your lan segment (??!!)

Anybody who knows or got some ideas ?  
......

Offline jumba

  • ****
  • 291
  • +0/-0
  • Donations: July 2007 - $ 20.00
    • Smeserver på svenska!
Re: Vmware - SME Windows virtual client - best practice.
« Reply #5 on: January 20, 2008, 10:40:13 AM »
One easy way of including a virtual machine in the nightly backup of Smeserver I've used is to use a cron script like this:

Code: [Select]
vmware-cmd /path/NAME_OF_MACHINE.vmx stop soft
sleep 120 (just to make sure the machine is completely OFF before next line!)
rsync -aur /path/NAME_OF_MACHINE /path/backups/NAME_OF_MACHINE
vmware-cmd /path/NAME_OF_MACHINE.vmx start soft

Of course, this consumes a lot of disc space, but the backup includes a complete copy of the virtual machine.

Last time I made such a solution was with a virtual Windows SBS 2003. It had a 50 GB virtual disk, and the rsync copy took somewhere arount 7 minutes to complete on a quite modest server with sata discs.

...Just my two cents :-P

Offline arne

  • ****
  • 1,116
  • +0/-4
Re: Vmware - SME Windows virtual client - best practice.
« Reply #6 on: January 20, 2008, 03:45:34 PM »
Jumba -> Thanks a lot. This information also gave me one other answer that I did not have: "How can I start and stop a virtual server from shell."

My testing environment now consist of one SME 7.3 gateway with vmware server, one SME server-only on lan with vmware server, one Windows XP with vmware server and one with vmware workstation and vmware workstation has also been tested on a Ubuntu workstation.

My testing and my impression, until now, of the vmware contrib can be summed up like this:

1. The instructions found in the wiki for installing the wmware server works perfect every time.

2. Running virtual installations does as a general rule not affect the stability of the underlaying operating system. Even though there might be accidents with the virtual installations this will generally not affect the underlaying (SME) operating system.

3. If the virtual installation is running on a SME server running in server-gateway or private server-gateway mode (I'm testing with the last variant) it will be very difficult to gain full access to the installations from lan and from internett. The way of using a virtual installation running on a server-gateway could be to install a virtual windows client on the internal virtual network and make the access from this. A virtual installation on the gateway will, I think normally be running in vmware nat mode. There is a lot of written information on the vmware web, but I were not able to solve the access problem until now. (The problems is related to the nat mechanism.)

4. If the virtual installation is running on a SME server running in server-only mode, the virtual installations can be bridged and there will be no problem releated to access at all. When doing virtualization on a SME server-only installation the virtual installations will be accessable, with a lan address, like any other server installation.

5. If you for some reason want to have a virtual Windows client installation the Windows 2000 SP4 is a very good performing virtual client that runns very well with only 256 mb of dedicated ram. (There will be some overhead so it will use slightly more.) XP SP is tested and can also be used, but I think it it pulls more resources and more memory and runns slower. The new installed virtual Windows 2000 Pro fills ca 2 Gb. XP approx 4 GB (and SME server approx 1 GB If I remember it right.)

6. If you like to have some remote logon option for a virtual Windows 2000 client running inside your SME gateway, the free logmein.com service is the best option, if you trust their security consept. Using the Vmware server console via internet for this purpose works to slowly. I tried VNC Tight and it did not perform well either. Windows 2000 does not have windows remote desktop, so I have not tested this.

7. The free Vmware server product is a superior product to the commersial workstation product. Virtual installations made under vmware workstation can not be runned under vmware server. On the other hand virtual installations were copied over from SME 7.3, where they vere made and over to a vmware server running on XP. This worked without a problem.

8. Using USB units like a camera seems to be a bit tricky. On both tested hardware the setup was rather tricky. On one hardware XP and Win 2000 clients with connected camera crached all the time. On one hardware it worked more stable.

9. If you have a SME server only with 1 GB of ram and vmware on it, running in server-only mode, then this will be a exelent platform for testing out new beta revisions of the SME server (like SME 8.0) and new contribs. When you have messed it all up, you can just delete your virtual server and copy over a new one from the backup coupy. Your host (SME) system will still be clean and unchanged while your "guest" is replaced.

10. When it comes to performace the vmware web page claims that there is not any difference between a Linux and a Windows host operating system. Could be something with the hardware, but during my testing I beleve that the SME based virtual installations performed quite a bit bether than the Windows XP based installations.


One insteresting open question:

"How will a dedicated Asterisk distro like Astlinux or Trixbox perform as a virtual server installation under sme/vmware ?"

As there is, until now, not any known way to forward ports from internet to the virtual servers at a SME gateway, it has to be done on a server-only installation.

Today I run my SME Asterisk server direct on the host operating system of the SME gateway. This gives a direct external IP to the Asterisk server as my ADSL modem runs in bridge mode. I would guess thiss arrangement will give the best (for me) possible performance.

I would guess that running a virtual Trixbox or an AstLinux installation as virtual installations on a SME server-only server will lead to slover performance and reduced quality. On the other hand this is not 100 % for sure, so it could be rather interesting to know.


If anyone has some ideas, some experiences, some info or some open questions about how the new vmware contrib can be used, please leave a message  :-) 
« Last Edit: January 20, 2008, 03:47:32 PM by arne »
......

Offline arne

  • ****
  • 1,116
  • +0/-4
Re: Vmware - SME Windows virtual client - best practice.
« Reply #7 on: January 20, 2008, 04:04:42 PM »
.. by the way there is approx 750 free pdf pages and some more html info on this subject:
http://www.vmware.com/support/pubs/server_pubs.html
......

Offline william_syd

  • ****
  • 1,608
  • +0/-0
  • Nothing to see here.
    • http://www.magicwilly.info
Re: Vmware - SME Windows virtual client - best practice.
« Reply #8 on: January 21, 2008, 01:03:00 AM »

 new vmware contrib can be used

New? Did I miss something?


If anyone has some ideas,

Yes. Try to get Server2 beta working with SME.

http://www.vmware.com/beta/server/
Regards,
William

IF I give advise.. It's only if it was me....

Offline arne

  • ****
  • 1,116
  • +0/-4
Re: Vmware - SME Windows virtual client - best practice.
« Reply #9 on: January 21, 2008, 02:10:03 AM »
I did not know anything about virtualization until a rather short time ago. I also know a lot of people that knows less about this subject that I does now.

There are still open questions on the basic functinality of the vmware 1.x server when installed on SME server. One of these basic questions is how to access virtual server resourses running inside a SME gateay server.

It does not seem to be the case that the contrib or the SME gateway does support this (??!!) (Unless there is a smart way to configure the vmware server or its enviromnent so it is possible to gain direct access to the virtual server resources.)

The situation seems still to be that a default sme server installation that means a server-gateay installation will not give access to the virtual server installations when addressing these via ip from lan or from internet.

Is this correct or does this problem have a solution ?

The 750-1000 pages documentation at the vmware web (manuals etc) is related to the the version 1.x

I think there is still missing a few things on the 1.x project before one can say everything is solved and everything is working.

By the way, I don't know what basic news that will be in the vmware 2.x server. Should be interesing to know  :-) 
Correction: Your link does contain some interesting information :) :)

http://www.vmware.com/products/beta/vmware_server/vmserver2.pdf
« Last Edit: January 21, 2008, 02:16:58 AM by arne »
......

Offline imcintyre

  • *
  • 609
  • +0/-0
Re: Vmware - SME Windows virtual client - best practice.
« Reply #10 on: January 21, 2008, 02:33:50 AM »
I read down to the "Supported 32 Bit Guest Operating System" and did not see SME or Centos listed :shock:

Offline william_syd

  • ****
  • 1,608
  • +0/-0
  • Nothing to see here.
    • http://www.magicwilly.info
Re: Vmware - SME Windows virtual client - best practice.
« Reply #11 on: January 21, 2008, 02:41:03 AM »
I read down to the "Supported 32 Bit Guest Operating System" and did not see SME or Centos listed :shock:

Linux 32-Bit Guest Operating Systems

Red Hat Enterprise Linux AS 5.0
Red Hat Enterprise Linux ES 5.0
Red Hat Enterprise Linux WS 5.0
Red Hat Enterprise Linux AS 4.5
Red Hat Enterprise Linux ES 4.5
Red Hat Enterprise Linux WS 4.5
Regards,
William

IF I give advise.. It's only if it was me....

Offline arne

  • ****
  • 1,116
  • +0/-4
Re: Vmware - SME Windows virtual client - best practice.
« Reply #12 on: January 24, 2008, 03:03:10 AM »
By reading further on i the documentation I can see that both Centos hosting and guest operating system is supportet  :)

I have until now not been able to solve the problem of obtainig full access to the virtual server installations running on a SME gateway. Forwarding of ports from Intenet has apeared to be impossible (??!!) and access from LAn to the virtual installations running on a SME gateway is only limited. (I am using private server mode, could this be the reason, I guess not..)

(Tunneling in to the Virtual resorces via SSH works. An indirect logon via a local virtual Windows client using logmein.com also works.)

Would it be the right conclusion to say that virtualization on the SME server via the vmware contrib can only be done (with full access to the virtual installations) when SME server is running in server-only mode ??!! (So that the virtual installations is bridged over to the LAN network so they can be accessed like LAN resurses via LAN IP's)

Anybody that has a fully working solution for the "virtualization on the gateway" alternative ? 

(I wondering if the missing comunication from lan to the virtually installations actually is a routing problem ??)
« Last Edit: January 24, 2008, 03:09:58 AM by arne »
......

Offline arne

  • ****
  • 1,116
  • +0/-4
Re: Vmware - SME Windows virtual client - best practice.
« Reply #13 on: January 27, 2008, 03:27:33 PM »
Asterisk installed on a virtual server has been tested and it seems to be working quite well (has only been tested for private use and a rather small traffic load.)

The virtual Asterisk installation was done by just downloading the prebuilt vmware image for Astlinux, and then to configure this one. I then made a duplicate of this installation by just copying it over to another directory. It apears thet it is possible to have to identical configured virtual Astlinux servers installed at one SME server, so that the one can be there as a backup for the other. In this way it is possible to do all kind of testing without any risk as the virtual server instance that might be messed up can just be deleted and replaced by the backup copy.

Vhen running a virtual asterisk server, the complete installation and configuration procedure can now be reduced to just draging and dropping over a preconfigured virtual Astlinux server.

I guess it will work with the bigger and more complex Trixbox server but I have not tried. (But I think there is reasons to belive that the virtual Trixbox will not perform as well as the virtual Astlinux (that is only 68 MB big and runs from a virtual ram disk.)

As far as I can see virtualization is a very good idea for running server functions and software solutions that is not a part of the basic SME server design. The virtual server installations will not have any noticable impact on the stability or security of the SME server, at least as long as running in server-only mode.

When virtual servers crash and when they are messed up and instable, this will as a general rule not affect the stability of the underlaying SME server host operating system. In this way it is possible to do rather heavy modifications and experiments on virtual server while the underlaying operating system remains unchanged.

On the other hand - if virtualization is the the good and reasonable way of doing diverse things, the SME server can not be a gateway any more, it need to be installed like server-only, and it will need a dedicated firewall in front of it.

If virtualization is used as a basic prinsiple for an server, then it will be needed two PC's, one something like a Smoothwall in front and then the virtualization server, the SME server running in server-only mode and as a lan server. (Together with the virtual servers that will also be lan servers.)

If anyone would be able to come up with a soulution "how to run virtual servers at a SME server running as a gateway" it would be great ! (I actually does that myself, but I am not able to make communication to work to and from the virtual servers, running at the gateway, like it should. It would be no problem to install and start up a virtual Astlinux server on the SME gateway, but as long as it can not receive traffic neither from LAN or from Internet it can be used for nothing.)

I would believe that as a general rule virtualization is a bether approach than doing heavy modifications on the underlaying SME server operating system. 

Here is a lot of statements of how to do these things...

Hopefully I'm wrong on some of them, and hopefully someone could correct me, so it is possible to learn some more ..

There is some network options on the vmware console. Is there any way to set up things here so that the virtual server can communicate "as normal" also when running on a SME gateway ?    
......

Offline arne

  • ****
  • 1,116
  • +0/-4
Re: Vmware - SME Windows virtual client - best practice.
« Reply #14 on: January 27, 2008, 06:12:28 PM »
Problem about running virtual servers on gateway finally solved (I hope and believe).

What apear is the case it that the Vmware contrib by default installs one Vmware nat connection related to the external network adapter and one bridge related to the internal network adapter. The nat connection of the Vmware server and the nat connection of the Linux firewall is operating as two parallell and independent nat mechanisms, which make it all rather confusing.

What worked in the end was to install the virtual sme server on a sme gateway server as a virtual one card server-only installation and then only to brigde it over to the internal network adapter on the gateway. (Using the Vmware server console from a Win workstation.) When it is configured like this the virtual server vill not use the nat mechanism of Vmware server any more, it will change over to the nat mechanism of Linux/Sme server.

Doing it this way will mean that the default standard firewall of the sme server will be able to handle the virtual server like any other ordinary lan server, the port forwarding mechanism will work like normal, etc.

At the moment I am running one SME server gateway host system, one virtual Win 2000 workstation, one virtual sme server 7.3 for testing, one sme server 8.0 for testing, and one Astlinux telephony server, all in one single box and hardware, and connected directely to internet. All virtual installations is available from lan and also from internet via port forwarding as they were physical servers running at lan.

There is only one modification performed on the SME server-gateway host system, and that is the installation of the Wmware contrib. Firewall soultion is the unmodified SME standard firewall.

I such things could be discussed or explored on this forum it could also had been possible to discuss and develop a spesialized firewall soultion optimized for virtualization. But things are actually also working quite well as "standard".

What seems to be tha case is that the underlying sme server gateway operating system can be left unchanged, with default reliability and stability intact, while all (riscy) testing and modifications can be moved over to virtualization.
 
« Last Edit: January 27, 2008, 06:21:15 PM by arne »
......