VMware Server provides a free and relatively easy entry into server virtualization, but some aspects of deploying it – particularly configuration – can be tricky. Even though the product is free, mistakes in the installation and security process can be costly. This guide provides instructions for installing, configuring (with a focus on high security), and maintaining a successful production instance of VMware Server on Microsoft Windows...
This is a eight-part series. In this section, I set the stage for the deployment guide and describe how VMware server works. In subsequent installments, I cover configuration, security, installing a guest operating system and more.
Consider this series a shortcut into the world of VMware Server on Windows Server 2003. It is a distillation of my own experiences with what works best and what does not in VMware Virtual Server deployment. VMware has its own 214-page manual, and I reference it frequently in this guide.
Two more housekeeping notes before I get started: If you run into any confusing acronyms or references, don't worry. Just check out the series' glossary and links guide. Also, my next series will be a guide to getting started with VMware Server on Linux.
When creating this guide, I worked on several assumptions:
VMware Server is being installed on a new or repurposed server. VMware can be installed on an existing server that has extra resources that you wish to better utilize, but this guide emphasizes ensuring the efficiency and security of VMware Server and the host operating system (OS), so I address the issue of an existing OS in each step.
If a step in this guide is not possible for your situation, then note the step for future deployments, skip it and move on. Several steps will require retuning an existing configuration, such as the section that deals with securing IIS on Windows. Again, you can choose to implement my suggestions or skip them.
I assume that top-flight security is on your agenda. Because VMware Server hosts many virtual servers, security is of paramount importance. This guide will help the reader create a bastion host.
Virtualization is often used to host virtual Web servers, so I assume that the server will need to be on the public Internet. Port forwarding and gateway appliances (like a Netscaler) can be limiting, especially if you want to share ports 80 and 443 to multiple virtual Web servers, and not every shop can afford an appliance like a Netscaler. I will discuss two (almost) free exceptions to this assumption later.
I assume that most systems administrators have a solid knowledge of Windows. This guide is designed for IT administrators new to VMware Server, not people new to IT administration. You'll find some handy tips and tricks for securing Windows, but I will not be telling you what RAID stands for or where to go to configure the Windows page file.
How VMware Server works
VMware Server is a hosted virtualization solution. It is not installed directly on a bare metal server. VMware Server must be installed on a server's existing OS, such as Microsoft Windows or Linux. This is in contrast to another one of VMware's server virtualization products, ESX and the open source virtualization solution, Xen.
Because VMware Server is burdened with the I/O overhead of an existing OS, it is not as efficient as a bare-metal hypervisor. On the other hand, it has a broad driver compatibility because VMware Server can use every hardware device compatible with the host OS. A bare-metal hypervisor typically supports only a limited number of devices since its control OS's kernel is not compiled with many device drivers (in order to keep the kernel small and fast).
Xen is special -- it is a bare-metal hypervisor, but it is designed such that it has broad hardware device compatibility. It relies upon driver domain operating systems, typically the OS in dom-0, but not necessarily, to provide device drivers.
Here is an overview of how VMware Server works.
At the bottom of the stack is the physical host server. One step above bare-metal is the host operating system, in this case Windows 2003 Server Standard Edition.
VMware Server is made up of three primary components that are installed on top of the host OS. They are the registration service, the authorization service and the management user interface. The registration service starts and stops VMs and control client connections to the VMs. The authorization service authenticates incoming connections from the MUI and the VMware Server Console. The MUI lets users administer the VMs via a web interface.
In part two, I describe these most important components and services of VMware Server.