VMware Cloud Community
Bolgard
Contributor
Contributor
‎08-11-2007 04:49 AM
Jump to solution

New VMWare Server installation - host operating system?

Hello everyone,

So, the world of virtualizing servers with all its benefits have just been opened for me. I'm planning to do a test install on one of my production servers in the next few days, but I have some questions I need answers to first. Glad if you could help me out!

First, I thought VMWare Server was an operating system communicating directly with the hardware, but what I can read from the documentation that does not seem to be the case. I seem to need some kind of host operating system. As I only have one Windows Server 2003 license on each server, I do not like the idea of using that as a host operating system because then that license will be "wasted" (I would rather run Windows Server 2003 as a virtual machine). So, I figured I will go with a linux dist as the host operating system. My question is as follows: What dist would be best, considered I will ONLY run VMWare Server on it? I want as much of my hardware resources as possible on my virtual machines, not on the host OS.

Also, when I'm past the above fence, I'm thinking of setting up a virtual network for my virtual servers. Like this: a linux virtual server running only a firewall. A database server running linux and MySQL behind that, together with the Windows Server 2003 running IIS and a mailserver. I would then want the firewall to NAT the ports needed to access the IIS and web server, and completely hide the database server. Is this possible? Is it a good solution? Security issues? What about security on the host OS?

And last: if I use only the VMWare Server (ESX Server?), what license applies? Which tools do I need to manage my virtual servers, and what licenses applies to them?

If you can sort these things out for me, I'm ready to dive into the world of virtualization! Thanks in advance!

0 Kudos
1 Solution

Accepted Solutions
admin
Immortal
Immortal
‎08-12-2007 11:04 AM
Jump to solution

Secure the host with a firewall (iptables), and then secure each guest with a firewall (iptables or windows firewall) or put them behind a NAT/firewall like you said - if you're using bridged networking each guest is like a real physical machine network wise and isn't protected by the hosts firewall - the other choce is to put an external firewall in front of the lot, host and guests, then use real IPs for the guests.

View solution in original post

0 Kudos
12 Replies
admin
Immortal
Immortal
‎08-11-2007 05:52 AM
Jump to solution

VMware Server is the free VMware product and is a hosted product, my current personal favorite Linux distro is CentOS 5. If you're familiar with RedHat flavoured Linux distros it's an obvious choice.

Any distro will work though, if you prefer Debian-flavour setups Debian Etch is pretty good.

VMware ESX is VMware's top level paid-for product and is an Operating System in itself, which is probably where you got confused with VMware Server being a bare-metal product.

Your virtual NAT setup should work just fine, obviously it's more work to setup than using straight bridged networking but saves having an external firewall.

For managing VMware Server it comes with a Remote Consokle utility which is free and a Web Managment Interface which you can download and install seperately (called the MUI) which is also fere. These should be sufficient if you're just managing one host, if you're going to have lots of VMware Server hosts it might be worth investing in Virtual Centre 1.4 which can manage multiple Server hosts simultaneously - but it's not cheap.

Good luck with your project. Smiley Happy

Regards,

Alex

esiebert7625
Immortal
Immortal
‎08-11-2007 06:50 AM
Jump to solution

Here's some good guides to read for more info, once you get started with whatever option you choose these forums are a great resource to get help from.

VMware Versions compared - http://www.petri.co.il/virtual_vmware_versions_compared.htm

Choosing between VMware Server and ESX Server - http://www.virtualization.info/2006/12/choosing-between-vmware-server-and-esx.html

Vmware Infrastructure Architecture Overview - http://www.vmware.com/pdf/vi_architecture_wp.pdf

Pricing, Packaging & Licensing Overview - http://www.vmware.com/pdf/vi_pricing.pdf

Fyi…if you find this post helpful, please award points using the Helpful/Correct buttons.

-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=-

Thanks, Eric

Visit my website: http://vmware-land.com

-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=-

Bolgard
Contributor
Contributor
‎08-12-2007 01:48 AM
Jump to solution

Thanks both of you, good information!

One last question before I do this: most of my machines use Windows OEM-licenses, am I allowed to install these as a virtual machine aswell?

EDIT: After reading through some of the links in the post above I have to add the question again about security on the host OS. Will the host OS be exposed? Will I need a firewall on both the host OS and then on a virtual machine behind the host OS? What's the usual setup here?

(I decided to go with Ubuntu 6.06. In the VMWare documentation it says Ubuntu 6.06 is supported on x64 hardware, which I have.)

Thanks again!

Message was edited by:

Bolgard

0 Kudos
admin
Immortal
Immortal
‎08-12-2007 05:39 AM
Jump to solution

I believe OEM licenses are OK to use in VMs now but it is a slightly grey area. Have a read of these VMware MS licensing FAQs.

http://www.vmware.com/solutions/whitepapers/msoft_licensing_wp.html#c4282

And the update in section F: http://www.vmware.com/solutions/whitepapers/msoft_addendum.html#c5829

You may need to tweak your .vmx file to get the OEM license to activate.

http://travisepperson.blogspot.com/2007/03/fun-with-virtualization-and-oem.html

As for your other question, yes the host OS is exposed and ideally should be firewalled just like a regular Linux box, the same goes for each guest, they are effectively the same as individual physical servers and should be treated as such.

0 Kudos
Bolgard
Contributor
Contributor
‎08-12-2007 09:20 AM
Jump to solution

But if I setup an internal network with virtual servers as I specified above I do not need seperate firewalls for each server, right?

Thanks for the information!

0 Kudos
admin
Immortal
Immortal
‎08-12-2007 09:33 AM
Jump to solution

Correct your NAT box / router VM will be providing the firewall for the other guests. You will however still need to firewall the host.

0 Kudos
Bolgard
Contributor
Contributor
‎08-12-2007 09:44 AM
Jump to solution

Thanks for the quick reply.

Will it be enough to secure the host with a firewall? It could protect the internal servers aswell?

0 Kudos
admin
Immortal
Immortal
‎08-12-2007 11:04 AM
Jump to solution

Secure the host with a firewall (iptables), and then secure each guest with a firewall (iptables or windows firewall) or put them behind a NAT/firewall like you said - if you're using bridged networking each guest is like a real physical machine network wise and isn't protected by the hosts firewall - the other choce is to put an external firewall in front of the lot, host and guests, then use real IPs for the guests.

0 Kudos
Bolgard
Contributor
Contributor
‎08-12-2007 01:50 PM
Jump to solution

Thanks for all help!

Do you virtualization pros think there's any point in running the database server seperated from the web server if they're on the same machine anyway?

0 Kudos
Ken_Cline
Champion
Champion
‎08-12-2007 05:31 PM
Jump to solution

any point in running the database server seperated from the web

server if they're on the same machine anyway?

Simplification of configuration

Ease of moving to separate physical machines if you need to in the future

What if your web server needs to have a particular service pack or patch applied that causes problems for your database server (or the other way around)?

You can clone the web server VM in case you need to stand up another instance

Ken Cline VMware vExpert 2009 VMware Communities User Moderator Blogging at: http://KensVirtualReality.wordpress.com/
0 Kudos
Bolgard
Contributor
Contributor
‎08-13-2007 03:21 AM
Jump to solution

Good points!

I'll have a go installing VMWare Server and VMWare MUI on Ubuntu tonight, thanks for all information and help!

0 Kudos
kripsio
Contributor
Contributor
‎08-17-2007 05:06 PM
Jump to solution

Hi all, it's my first post!

I've read the follow documents quoted by mittell

http://www.vmware.com/solutions/whitepapers/msoft_licensing_wp.html#c4282

And the update in section F: http://www.vmware.com/solutions/whitepapers/msoft_addendum.html#c5829

and I've a couple of question:

\- there is online a microsoft document that explain \_what_ PC OEMs can do?

\- can I sell to a customer a debian host pc with vmware workstation license with a preinstalled xp system oem licensed? And if motherboard or other component broken off may I bring or sell a new pc to customer and restore virtual OEM appliance or it is a license vilolation?

Thanks in advance.

0 Kudos