Final Case Study

ISSC424CH2pg2.pdf

Home >Computer Science homework help > Final Case Study

PRINTED BY: Chandra Shrestha <mani.shrestha@hotmail.com>. Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission. Violators will be prosecuted.

• Click EditEdit to configure the speed and duplex settings for the

virtual switch.

• Click the NextNext button to continue.

13. At the Security SettingsSecurity Settings screen, select the security level for the

ESX Server machine and the network traffic generated by the ESX

Server. To use custom settings, check the Custom SecurityCustom Security check

box and click the NextNext button.

14. At the Custom Security ConfigurationCustom Security Configuration screen, customize the

security settings by choosing the proper options and click the OKOK

button.

15. After choosing security settings, click the NextNext button. A message

appears stating that configuration is complete. Click the OKOK

button to finish configuration.

VMware vSphere

VMware vSphere uses virtualization to convert data centers into

simplified cloud-computing infrastructures. Cloud computing is a

general term used to describe the providing of computing services via

a network connection such as the Internet. Physical hardware

resources across multiple systems are virtualized and become a

group, offering virtual resources to the data center. vSphere manages

large pools of infrastructure such as networking, CPUs, and storage as

a flawless dynamic operating environment.

The VMware vSphere client can be downloaded from the VMware

server’s Web interface. Figure 2-12Figure 2-12 is a diagram of VMware vSphere.

2-8

2-9

epub://jbo3j5mvummot87226ed.vbk/OPS/loc_003.xhtml#eid2183

Figure 2-12

VMware vSphere virtualizes physical resources together.

VMware vSphere Component Layers

The following are the component layers of VMware vSphere:

• Infrastructure services: These services are provided to abstract,

collect, and allot infrastructure resources and hardware. These

services include:

• VMware vCompute: Abstracts away from underlying discrete

server resources and collects and assigns these resources

across distinct servers to applications

• VMware vStorage: Allows for the efficient use and

management of storage

• VMware vNetwork: Simplifies and enhances networking

• Application services: These ensure scalability, availability, and

security. Some examples include fault tolerance and high-

availability (HA) applications.

• VMware vCenter Server: This offers a single control point for the

data center and provides services such as configuration,

performance monitoring, and access control.

• Clients: Users access the VMware vSphere data center through

clients like the vSphere client and Web access through a Web

browser.

VMware vSphere Components

The following are the components of VMware vSphere:

• VMware ESX and ESXi: The virtualization layer runs on physical

servers that abstract storage, processor, memory, and other

resources into multiple virtual machines. ESX can be embedded

into a server’s firmware, or it can be separately installed software.

There are two versions of ESX:

• VMware ESX 4.0 contains a built-in server console that is

available as an installable CD-ROM boot image.

• VMware ESXi 4.0 does not contain a server console and is

provided as either embedded or installed.

2-9

2-10

• VMware vCenter Server: This is the central point for provisioning,

configuring, and managing virtualized IT environments.

• VMware vSphere Client: This interface allows users to remotely

connect to ESX/ESXi or vCenter Server from any Windows PC.

• VMware vSphere Web Access: This Web interface allows access to

remote consoles and virtual management.

• VMware Virtual Machine File System (VMFS): This is a high-

performance cluster file system for ESX/ESXi virtual machines.

• VMware Virtual SMP: This allows a single virtual machine to

concurrently use multiple physical processors.

• VMware VMotion: This allows for the live migration of running

virtual machines from one physical server to another with

continuous service availability, zero downtime, and complete

transaction integrity.

• Storage VMotion: This enables the migration of virtual machine

files from one database to another without service interruption.

• VMware High Availability (HA): This offers high availability for

applications running in virtual machines. Failing servers are

restarted on other production servers that have sufficient

capacity.

• VMware Distributed Resource Scheduler (DRS): This assigns and

balances computing capacity dynamically across the pool of

hardware resources for virtual machines. It includes Distributed

Power Management (DPM) that helps to decrease the data center’s

power consumption.

• VMware Consolidated Backup: This is a centralized facility for

agent-free backup of virtual machines. It reduces the impact of

backups on ESX/ESXi performance and simplifies backup

administration.

• VMware vSphere SDK: This provides a standard interface for third

party and VMware solutions for accessing the VMware vSphere.

• VMware Fault Tolerance: This creates a secondary copy of the

original virtual machine, which becomes active when the primary

virtual machine becomes unavailable, providing continuous

availability.

• vNetwork Distributed Switch (DVS): This involves a distributed

virtual machine that spans the ESX/ESXi hosts, allowing for

increased network capacity and the reduction of ongoing network

maintenance activities. This way, virtual machines maintain a

consistent network configuration as they migrate across multiple

hosts.

• Host profiles: This simplifies host configuration management

through user-defined policies. Host profile policies check

compliance to standard host configuration settings across the data

center.

• Pluggable storage architecture: This is a multipath I/O framework

that allows storage partners to enable their array asynchronously

to ESX release schedules.

Physical Topology of a vSphere Data Center

A VMware vSphere data center includes the following physical

components:

• Computing servers: These are industry-standard x86 servers that

run ESX/ESXi on bare metal. Computing servers are called

2-10

2-11

standalone hostsstandalone hosts in a virtualized environment. To provide a

pool of resources in the virtual environment, similarly configured

x86 servers can be grouped with connections to the same storage

subsystems and network.

• Storage networks and arrays: Storage technologies such as iSCSI

SAN arrays, Fibre Channel SAN arrays, and NAS arrays are used to

meet data center storage needs. Storage arrays are shared among

groups of servers using storage area networks. This results in a

pool of storage resources.

• IP networks: Multiple Ethernet network interface cards (NICs)

provide reliable networking and high bandwidth to the VMware

vSphere data center.

• vCenter Server: This provides a single point of control to the data

center, with services such as performance monitoring,

configuration, and access control. Resources from individual hosts

are connected by vCenter Server, which shares them among

virtual machines. This is done by managing the assignment of

resources to the virtual machine and the assignment of virtual

machines to computing servers. vCenter Server allows for the

utilization of advanced vSphere features such as VMware

VMotion, VMware Distributed Resource Scheduler (DRS), and

VMware High Availability (HA).

• Management clients: Many interfaces such as VMware vSphere

Client, vSphere Command-Line Interface, Web access, and

vSphere Management Assistant are provided by VMware vSphere

for virtual machine access and data center management.

Figure 2-13Figure 2-13 shows the physical topology of a vSphere data center.

epub://jbo3j5mvummot87226ed.vbk/OPS/loc_003.xhtml#eid1684

epub://jbo3j5mvummot87226ed.vbk/OPS/loc_003.xhtml#eid2326

Figure 2-13

These are the physical components of a vSphere data center.

VMware Consolidated Backup

The VMware vSphere storage architecture enables VMware

Consolidated Backup, which provides a centralized facility for LAN-

free backup of virtual machines. Consolidated Backup works in

conjunction with a third-party backup agent residing on a separate

backup proxy server (not on the server running ESX/ESXi). It does not

require an agent inside the virtual machines, so it provides a simple

2-11

2-12

backup solution with low overhead. VMware Consolidated Backup is

shown in Figure 2-14Figure 2-14.

Figure 2-14

VMware Consolidated Backup backs up data to a separate server.

Adding a Virtual Machine by Importing a Virtual Appliance

A virtual machine can be added to a host after connecting to the host

machine. One or more virtual machines can be imported or created

on a single host. A new virtual machine can be built manually, or a

virtual appliance can be imported from the VMware Web site. A

virtual appliance is a prebuilt virtual machine with an operating

system and applications already installed. The vSphere Client’s

epub://jbo3j5mvummot87226ed.vbk/OPS/loc_003.xhtml#eid2336

Getting StartedGetting Started tab, shown in Figure 2-15Figure 2-15, facilitates both options.

Figure 2-15

Go to the G e t t i n g S t a r te dG e t t i n g S t a r te d tab in vSphere to add a virtual machine.

VMware recommends importing a virtual appliance as the first virtual

machine. To add a virtual machine by importing a virtual appliance,

users can follow these steps:

1. In the Getting StartedGetting Started tab, click Import a virtual appliance.Import a virtual appliance.

2. Choose VA MarketplaceVA Marketplace and then click Next.Next.

3. Choose a virtual appliance from the list and click DownloadDownload

now.now.

4. Click NextNext and follow the on-screen instructions.

epub://jbo3j5mvummot87226ed.vbk/OPS/loc_003.xhtml#eid2347

After the virtual appliance is imported, users can follow these steps:

1. Use the ConsoleConsole tab in the vSphere Client to power on the virtual

appliance and view it.

2. Press Ctrl+Alt to release the pointer from its control.

3. From the inventory, right-click the virtual machine and select

Open ConsoleOpen Console to view the console in fullscreen mode.

VMware vCenter Server

VMware vCenter Server provides centralized management for data

centers. It aggregates physical resources from multiple ESX/ESXi hosts

and presents a central collection of simple and flexible resources for

the system administrator. The following are the components of

VMware vCenter Server, shown in Figure 2-16Figure 2-16:

• User access control: This enables the administrator to create and

manage different levels of access for different users.

• Core services: These are the basic management services for the

virtual data center, including:

• Virtual machine provisioning

• Host and virtual machine configuration

• Resource and virtual machine inventory management

• Alarms and events management

• Task scheduler

• Consolidation

• vApp

• Distributed services: These extend vSphere capabilities beyond a

2-12

2-13

epub://jbo3j5mvummot87226ed.vbk/OPS/loc_003.xhtml#eid2458

single physical server. Some of these services include VMware

VMotion, VMware DRS, and VMware HA. Distributed services

allow these solutions to be configured and managed from vCenter

Server.

• Plug-ins: These are applications that add additional functionality

and features. They can be installed on top of vCenter Server. Plug-

ins include:

• VMware vCenter Converter

• VMware Update Manager

• vCenter Server interfaces: These integrate vCenter Server with

third-party applications and products. There are four key

interfaces:

• ESX management: Manages each physical server in the data

center by interfacing with the vCenter Server agent

• VMware vSphere API: Interfaces with third-party clients and

VMware management clients

• Database interface: Stores information such as host

configurations, virtual machine configurations, resource and

virtual machine inventory, events, alarms, performance

statistics, user permissions, and roles by connecting to

Microsoft SQL Server, Oracle, or IBM DB2

• Active Directory interface: Obtains user access control

information by connecting to Active Directory

2-13

2-14

Figure 2-16

These are the components of VMware vCenter Server.

vCenter Server Installation

Before installing vCenter Server, administrators must make sure the

following prerequisites are met:

• Obtain an installation DVD or download the installation ISO

image.

• Ensure that the hardware meets the hardware requirements of

the vCenter Server.

• Upgrade the existing Virtual Center installed on the machine.

• Ensure that Network Address Translation (NAT) is open between

the vCenter Server system and the hosts it manages.

• It may be beneficial to install the bundled SQL Server 2005

Express database on one of the operating systems.

• Ensure that the connection between the domain controller and

machine is working during the installation.

• The computer name should not be longer than 15 characters.

• The actual computer name and the DNS name should be matched.

• Ensure that the system is not an Active Directory domain

controller.

• The domain user account of systems running vCenter Server

should have the following permissions:

• Log on as a service

• Act as part of the operating system

• Member of the administrators group

• A Windows server hosting the vCenter Server system should be

assigned a static IP address and hostname.

• If Windows Server 2003 SP1 is installed with vCenter Server, the

2-14

2-15

disk for the installation directory must be in NTFS format.

• The system must belong to a domain rather than a workgroup.

To install vCenter Server, a user follows these steps:

1. Open the installation program.

2. Click vCenter Server.vCenter Server.

3. Select the language for the installer and click OK.OK.

4. Click the NextNext button on the WelcomeWelcome screen.

5. Check the I agree to the terms in the license agreementI agree to the terms in the license agreement

check box, and click the NextNext button.

6. Enter the username, organization name, and vCenter Server

license key, and click the NextNext button.

7. Choose the database type to be used:

• If using the bundled database, click Install a Microsoft SQLInstall a Microsoft SQL

Server 2005 Express instance.Server 2005 Express instance.

• If using an existing database, click Use an existingUse an existing

supported databasesupported database and choose the database from the list

of DSNs (database source names). Click the NextNext button after

typing the username and password for the DSN.

8. Provide the administrator name and password to be used, and

click the NextNext button.

9. Check the Use SYSTEM AccountUse SYSTEM Account check box and click the NextNext

button.

10. Accept the default destination folders and click the NextNext button.

11. Click the Create a standalone VMware vCenter ServerCreate a standalone VMware vCenter Server

instance or join groupinstance or join group button and click the NextNext button.

12. If in a group, enter the domain name and LDAP port number of

any remote vCenter Server system and click the NextNext button.

13. Accept the default port numbers for all the components, or enter

custom port numbers, and click the NextNext button.

14. Click the InstallInstall button.

15. Click the FinishFinish button.

Security for ESX Server 3i Systems

All VMware virtual machines are isolated from one another, which is

unnoticeable to the guest operating system. Even a user with an

administrative or kernel system-level access on a guest operating

system cannot break the isolation layer to access another virtual

machine without rights openly granted by the ESX Server system

administrator.

Isolation of the multiple virtual machines provides security during

hardware sharing and ensures uninterrupted performance and the

virtual machines’ ability to access hardware. A guest operating system

crash has no effect on:

• The ability of users to access other virtual machines

• The ability of operational virtual machines to access the resources

they need

• The performance of other virtual machines

Virtual machines share physical resources such as CPU, memory, and

I/O devices, but the guest OS cannot detect any device other than the

virtual devices made available to it. All access to physical resources

takes place through the VMkernel. With the help of the virtual switch,

2-15

2-16

virtual machines can communicate with other virtual machines

running on the same ESX Server host. They can also communicate

with the physical network with the help of a physical network

adapter.

Figure 2-17Figure 2-17 shows the isolation of virtual machines.

Figure 2-17

Every virtual machine is isolated from other virtual machines running on the same hardware.

Recommendations for Securing VMware ESX

The following are some recommendations for securing ESX:

• Always use firewall and antivirus software for the console

epub://jbo3j5mvummot87226ed.vbk/OPS/loc_003.xhtml#eid2608

operating system (COS).

• Use VLANs to segment the physical network.

• When installing ESX, use the highest security level.

• Do not allow root level access over SSH, and use secure

commands.

• Disable or stop all unnecessary services in the COS.

• Keep ESX patched to the most current version.

• Secure guest operating systems.

• Use vCenter Server to control user-level access.

• Document and monitor configuration changes.

Chapter Summary

VMware ESX partitions servers into virtual machines, reducing

hardware and power requirements.

VMware ESX Server provides resource management services and

a service console that provides bootstrapping, management, and

other services.

The ESX Server architecture is responsible for allocating available

hardware resources to multiple workloads on a remote network.

The VMware virtualization layer virtualizes the hardware

environment and physical resources so that they are accessible to

multiple users without any interference.

Review Questions

What is the VMware infrastructure?

2-16

2-17

____________________________________________________________________

_________________

____________________________________________________________________

_________________

____________________________________________________________________

_________________

____________________________________________________________________

_________________

How can VMware save an organization money and time?

____________________________________________________________________

_________________

____________________________________________________________________

_________________

____________________________________________________________________

_________________

____________________________________________________________________

_________________

What is VMware ESX?

____________________________________________________________________

_________________

____________________________________________________________________

_________________

____________________________________________________________________

_________________

____________________________________________________________________

_________________

What is the VMware ESX Server architecture?

____________________________________________________________________

_________________

____________________________________________________________________

_________________

____________________________________________________________________

_________________

____________________________________________________________________

_________________

What are the key elements of VMware ESX Server’s design?

____________________________________________________________________

_________________

____________________________________________________________________

_________________

____________________________________________________________________

_________________

____________________________________________________________________

_________________

What is virtual machine isolation?

____________________________________________________________________

_________________

____________________________________________________________________

_________________

____________________________________________________________________

_________________

____________________________________________________________________

_________________

How does virtual machine isolation provide security?

____________________________________________________________________

_________________

____________________________________________________________________

_________________

____________________________________________________________________

_________________

____________________________________________________________________

_________________ 2-17

2-18

Hands-On Projects

1. Install VMware ESX Server 3.

Navigate to Chapter 2Chapter 2 of the Student Resource Center and

click on the link to download VMWare ESX Server 4.

Launch the ESX Server 4 installer.

Press Enter to install VMware ESXi.

Press F11 to accept the terms and conditions.

Press Enter to select a disk and continue.

Press F11 to confirm the installation.

Press Enter to reboot the system.

Click Configure PasswordConfigure Password to set a new password.

Provide a new password to prevent unauthorized access to

the host machine and press the OKOK button.

Disable Configure Lockdown ModeConfigure Lockdown Mode and press Enter so that

remote users are not prevented from logging into the host

machine using the root logon name.

Click Configure Management NetworkConfigure Management Network and press Enter to

view and modify the host’s management network settings.

Click Restart Management NetworkRestart Management Network and press Enter to

restore networking.

Click Test Management NetworkManagement Network and press Enter to

perform a brief network test.

Click Disable Management NetworkDisable Management Network and press Enter to

epub://jbo3j5mvummot87226ed.vbk/OPS/loc_003.xhtml#eid1660

disable the management network.

Click Configure KeyboardConfigure Keyboard and press Enter to select the

layout type for the keyboard of the host machine.

Click View Support InformationView Support Information to view the serial number,

license serial number, and SSL thumbprint.

Click View System LogsView System Logs and press Esc to view messages,

configuration information, and the Management Agent.

Click Restart Management AgentsRestart Management Agents and press Enter to

disconnect all remote management software.

Click Reset System ConfigurationReset System Configuration and press Enter to revert

the software to its default settings.

Click Remove Custom ExtensionsRemove Custom Extensions and press Enter to

remove all custom extensions.

Press F12 to shut down or restart the host machine.

Open a Web browser and type http://http:// followed by the internal

IP of the server machine as the URL and press Enter.

Download the vSphere Client installer from the VMwareVMware

ESXi WelcomeESXi Welcome page.

Install the vSphere Client.

Provide the IP address/hostname, username, and password to

log into the vSphere Client.

Click System LogsSystem Logs to view the log entries.

Click InventoryInventory and then Create a new virtual machine.Create a new virtual machine.

Select the configuration type for the virtual machine and click

Next.Next.

Select the guest operating system for the virtual machine and

click Next.Next.

Specify the virtual disk space and provisioning policy for the

virtual machine and click Next.Next.