Wednesday Jan 21, 2009
Previous version of VirtualBox did not talk to directly to the Network Adapters in Windows but instead installed a virtual one. This led to some configuration issues that are documented here.
With the release of VirtualBox 2.1 we no longer need to use these virtual adapters. The install program for 2.1 will remove the virtual driver that previous version used and will allow direct access to the Network Adapters in Windows. This is a great update and all should rejoice!
Well what if someone actually built a demo assuming that virtual network interface was there? Today I got a call from an SE on our IDM team, because they upgraded to 2.1 and their IDM demo broke. After a bit of debugging, I discovered the demo works as a prepackaged VirtualBox VM. You then access the services running in the VM from your host operating systems. The demo assumes your host has the IP 192.168.100.100 and that the IDM VM has an IP of 192.168.100.101. Seems as though the IDM Demo guys, cleverly used the Virtual Network interface that installed with previous version of VirtualBox to give the Windows host an IP. While this was a very clever trick, and solved the problem of having to deal with getting the correct IP on the Windows host, obviously it no longer works with VirtualBox 2.1 because the virtual interface is gone!
My initial solution to the problem was to hard code the IP to the Ethernet Adapter in Windows. While not very effective for other uses of the system it would allow the demo to work. The catch here is that Windows network adapters only plumb up when they detect a link. Not very professional to walk into a customer and say you need to jack in to their network, don't even need an IP, just the link light to run your demo. Obviously this was not going to fly.
After some more research we found a Microsoft Knowledge Base Article that describes how to add a loopback interface that will plumbed up even without a network cable, thus allowing the demo to run.
If you have VM's that are hard coded to a fixed IP and you want to add a fixed IP to your Windows host, so that you can communicate with your VM's regardless as to if your Network Adapter has a link status, this Microsoft Knowledge Base Article is for you!
Technorati Tags: VirtualBox
Wednesday Jan 07, 2009
With the 4.0 release of Sun Ray Server Software we can use VMWare's desktop broker, View, to provide Windows desktops to our Sun Rays. This guide will explain how to do it!
Prep Work:
The following items need to be up and running before we can proceed with the SRSS 4.1 connector for View. If you are starting from scratch there is a lot of steps to get through. Most likely you will be asked to deploy in front of a working View environment and can skip most of the prep work.
Install of ESX (Directions)
Install of Virtual Center (Directions) - note 32 bit windows is required and do not install on the AD Server
Install of View Connector Server (Directions)
- note 32 bit windows is required and do not install on the AD Server
Install of XP with View Agent (Directions)
Install of Solaris 10 either on a separate box or a VM (Directions)
Install of Sun Ray Server Software 4.1 (Directions)
Configuration settings in View:
We need to make a couple of configuration changes to View. I recommend getting things working without SSL first, and then coming back and turning on SSL if your environment requires it.
First lets change View to accept non-ssl connections. Log into your View administrative website. Go to the configurations tab. Edit your global settings to turn require ssl to off. When you make the change View is going to state that it needs to be restarted. Hold off for now.
On the pop up screen un-tick require ssl
View by default tries to tunnel the connection. We need to change it to direct connect. In the View administrator, on the configuration tab you need to select your server and click on edit.
On the pop up screen. Click on direct connect.
At this point we need to restart the View service. You will find it in the Windows Service manager as VMWare View Connection Server.
Sun Ray Connector for VMware Virtual Desktop Manager(SRVDM):
Now that we have a working View environment and a working SRSS environment we can get to the steps to tie the 2 together. First we need to download SRVDM to our Sun Ray Server. The bits can be found here.
Install SRVDM:
# unzip srvdm_1.0.zip
# cd srvdm_1.0
# pkgadd -d Packages/Solaris_10+/i386/
accept the defaults and you should get a message that the install finished correctly.
Configure Kiosk:
We will use the web interface for the Sun Ray server to configure the Sun Ray server to present windows desktops.
Log into your web admin port http://<name of run ray server>:1660
The username is admin and the password is the one you gave it during set up.
Click on the advanced tab:
Then on the Kiosk Sub tab:
If you are setting up your Kiosk mode for the first time you will see a message about no Kiosk Mode settings. Click the edit button on the right. If you have kiosk mode setup already jump to the next step:
Change the session drop down to VMWare Virtual Desktop Manager Session.
We are going to start our tests without SSL turned on. In the arguments field add
-http -s <servername> and click on OK
At this point you will have a kiosk mode defined and then you will need to tell the server when to use it. This is accomplished by using the the System Policy to turn Kiosk Mode on for card users and non card users. Click on the System Policy Sub Tab on the Advanced Menu and then click on the enable check box for Kiosk Mode under both non card users and card users. Then click on the save button.
You will get a message saying the changes have been stored and you need to restart the server. Click on the link to switch to the servers tab.
Select your server and click on cold restart.
You should now have the VIew Login on your Sun Rays.
And yes after entering your credentials you will have a windows desktop on your Sun Ray. 
If you are need to enable SSL the steps can be found here. Remember to recheck the use SSL setting that we shut off above, and restart the View Connection service. Also remember to go back into the kiosk config and take out the -http argument and restart the Sun Ray Server.
Technorati Tags: Sun Ray, Virtualization, VMWare, Windows
Wednesday Jan 07, 2009
This entry assumes that you have a non ssl working SRVDM View environment. If you don't check out this entry on how to get one.
The SSL certificate that comes with the default install of View is not a valid one. You will get hostname mismatch errors if you use the VMWare clients, and you will not be able to connect through the Sun Ray client. In order to get the Sun Ray connector for VMWare View to connect we need to either move a valid certificate in place, or create a self signed one. The steps below can be found in the View Documentation.
Generate Certificate:
First lets create a self signed certificate. If you have a signed certificate already skip this step. On your VMWare View server start a command prompt and switch to the following directory:
C:\Program Files\VMware\VMware View\Server\jre\bin>
Once there execute the following command;
keytool -genkey -keyalg "RSA" -keystore keys.p12 -storetype pkcs12 -validity 360
You will be asked a series of questions which will be used to create your certificate. Make sure you remember what you make the password! Also the first question which is your name is somewhat misleading. It needs to be the name of the server.
Enable Certificate:
We need to move the certificate we created, keys.12, from the C:\Program Files\VMware\VMware View\Server\jre\bin to C:\Program Files\VMware\View Manager\Server\sslgateway\conf.
Next we need to create the file, C:\ProgramFiles\VMware\View Manager\Server\sslgateway\conf\locked.properties and insert the following 2 lines into it:
keyfile=keys.p12
keypass=<secret>
Where secret is the password you used to create the certificate above.
Restart the VMWare View Connection Server.
In the View admin site, in the event log you should see a line about using the keys.p12 file.
Now when you go back to your View site, through the web interface, you should be able to connect without getting name errors. Note you will still get an error about a self signed cert, but that is the only one you should get now.
Install the certificate on Sun Ray Servers:
The readme that comes with the SRVDM provides us a command on how to import the certificate into SRVDM. That is all well and good, if we have the certificate! When you go to the View Admin Site, you needed to add a security exception because it is a self signed certificate. If you have a non-self signed certificate, Firefox will automatically store the certificate for you. In either case the following steps using firefox can be used to get the certificate.
We can use firefox to export the certificate. The challenge is that since we are using a self signed certificate you can only do it while you are adding the security exemption. In firefox go to preferences. Click on the advanced tab, encryption, view certificates.
You should see your certificate, but notice the export button is grayed out.
We need to click on delete and start the process over to get our cert. Once the certificate is deleted, return to the View admin site. You will get the cert error again, and click on add exception. Click on Get Certificate, before clicking on confirm exception click on the view button.
Next we need to click on the details tab and then export
Name the cert and save it someplace appropriately. Close out the windows and confirm the security exemption to get back into the View website.
Now that we have the cert in hand we can import into our Sun Ray servers. First you need to copy (scp) the cert we just saved to the the Sun Ray server. Once there we need to run the following command changing VDM certificate to the file name you gave the cert during the export above. Also make sure to note the password you use.
#keytool -import -file <VDM certificate> -trustcacerts -v -keystore /etc/opt/SUNWkio/sessions/vdm/keystore
Next we need to edit /etc/opt/SUNWkio/sessions/vdm/vdm and insert the password
Line 17 has the word javaKeyStorePass, we need to add the password we set in the step above into the file.
NOTE! There is a typo that will prevent things from working. You must correct the typo with the following 2 commands:
#sed 's/trustStore=$javaKeyStorePass /trustStorePassword=$javaKeyStorePass /' /etc/opt/SUNWkio/sessions/vdm/vdm > /tmp/vdm
#cp /tmp/vdm /etc/opt/SUNWkio/sessions/vdm/vdm
We need to restart the kiosk sessions on the Sun Ray server. Since this a POC server and we have made lots of changes, I suggest doing a cold restart.
# /opt/SUNWut/sbin/utrestart -c
When the Sun Rays come back up, you should receive the VIew log in and be good to go.
If things are not working for you, one of my colleagues wrote a great blog entry about how to debug things which can be found here.
My same colleague also wrote an entry about how to get the certificate working in VDM versions prior to view which can be found here. Note the typo directions above are from this entry.
Technorati Tags: Sun Ray, VDI, Virtualization, Windows
|
|
|
|
Please add the Roller tag 'srvc'to be part of
Thanks for the guide, very useful! Just a quick qu...