You can't plunge into installing VMware Server on Linux without introducing yourself to VMware Server services and executables. They're your tools for establishing and managing security, networking, administration and other functions, as well as preparing hosts for virtual machines (VMs). Once you're acquainted with them, you'll need to get started with networking and RAID.
So, hop on board for this quick tour of these essential tools and processes. Let's start with the services, move into executables and finish up with networking and RAID.
VMware Server services
Here's the lowdown on key services:
- VMware Authorization Service
The VMware Authorization Service is what listens for incoming connections from local and remote VMware Server Console applications. It listens on port 902 for these incoming connections. The service also, obviously, authenticates users. This service's binary is located at "/usr/sbin/vmware-authd".
- VMware NAT Service
The VMware NAT Service is what allows VMs on the NATd networks to communicate with the public internet. This service's binary is located at "/usr/bin/vmnet-dhcpd".
- VMware DHCP Service
The VMware DHCP Service serves IP addresses to VMs on the server that are NATd or on private networks. This service's binary is located at "/usr/bin/vmnet-natd".
- VMware Registration Service
The VMware Registration Service is used to stop and start VMs and manages their connections. This server's binary is located at "/usr/sbin/vmware-serverd".
Executables are the action heroes inside VMware Server, and here are the key characters:
This application can be used to control VMware Server and the VMs from the command line. To learn more about this command simply type the following at a shell, "vmware-cmd". More information on this command can also be found at VMware's Website.
This binary is the process that hosts the actual VMs. The security context in which this command is run is very important and will be discussed later.
- Management User Interface (MUI)
Now deprecated in VMware VI3, the MUI is a way to interact with the VMware Server via a web browser. It is accessible via HTTP at
http://HOSTNAME:8222/and HTTPS at
https://HOSTNAME:8333/. SSL is enforced by default.
Physical host servers
At the bottom of the stack is the physical host server. One step above bare-metal is the host operating system, in this case Ubuntu 6.10 (Edgy Eft) Server.
VMware Server is made up of three primary components that are installed on top of the host operating system (OS). They are the registration service, the authorization service and the MUI. The registration service starts and stops VMs and controls client connections to the VMs. The authorization service authenticates incoming connections from the MUI and the VMware Server Console. The MUI lets users administer the VMs via a Web interface.
Before beginning, please unplug the server's Ethernet cables from their network ports. Most servers get hacked because they are installed in an unsecure state. Secure the server off the network and then restore its network connectivity at a later time.
Please note that this step is standard for me because I find myself installing Windows servers more often than Linux servers. I am fully aware that Ubuntu Linux installs with a sum total of zero ports open and is very secure. However, unplugging the server from the network while installing the server certainly will not hurt anything. If you want to leave the server plugged in, then I will not try and stop you. Be aware, though, that at a later step SSH will be turned on, and the only measure initially preventing anyone from logging into your server will be you having chosen a secure passphrase for your account.
If the server only has one network port, it would be very helpful to the server security to install a PCI Ethernet card to provide an additional network port. This will allow for a private management network interface and a public network interface for the virtual machines.
Many of the steps to facilitate a private management network interface discussed later in this document under the SSH and VMware sections. Out of all available NICs on the server, patch one of those NIC's Ethernet cables into a private network. The network does not need to have access to the public internet -- its sole purpose is to provide the server administrator with access to the server. If, for some reason, this cannot be accomplished, don't worry. It is still possible to create a private management network interface using the tools that Linux provides. A true, physical, private network is just a very nice added layer of security.
An oft overlooked part of configuring an application is its disk I/O requirements. More times than not, slow disk access is the culprit when it comes to errors with VMs rather than the usual suspects of CPU and memory. One way to ensure the best possible disk I/O (input/output) is to properly configure the server's RAID containers. The RAID configuration should be determined by the number of disks available to the server. Here is a handy list that you can use:
- 2 disks - 1 container, RAID-1 (mirror)
- 3 disks - 1 container, RAID-1 with hotspare
- 4 disks - 1 container, RAID-10
- 5 disks - 1 container, RAID-10 OR 2 containers, RAID-1 (system), RAID-1 with hotspare (data)
RAID-5 was not used because, although it is popular, there is a performance penalty for computing parity on every write. While everyone has their own RAID configuration preferences, the attempt was made to present a few configurations that will provide the best possible disk access times without sacrificing redundancy. The labels "system" and "data" indicate in which container the OS should be installed and the data (in this case, the VMs) should be stored, respectively.
Now you're ready for the next step: Installing Linux. This is the fun part!
About the author: Andrew Kutz is deeply embedded in the dark, dangerous world of
virtualization. Andrew is an avid fan of .NET, open source, Terminal Services, coding and comics.
He is a Microsoft Certified Solutions Developer (MCSD) and a SANS/GIAC Certified Windows Security
Administrator (GCWN). Andrew graduated from the University of Texas at Austin with a BA in Ancient
History and Classical Civilization and currently lives in Austin, TX with his wife Mandy and their
two puppies, Lucy and CJ.
This was first published in October 2007