VSSI Power Operator Role

Document version

See also EDMS 1264736. Document version may differ.

Glossary

You may need check the VSSI Centralized General Glossary.

Project’s introduction, virtualization and VMware vSphere Infrastructure

For a general introduction, check the initial “VSSI Technical Specification” (EDMS 1198039 ).

Also, more about Virtualization and vSphere infrastructure is described in “VSSI VMware vCenter Infrastructure”. It is recommended to take a look to that document. Also, it could be convenient check the “VSSI Operator Role” document, it is specially recommended taking a look to the sub-section “When Snapshots should be used”, in the section “Working with Snapshots”.

Another recommended lecture is the “vSphere Security Analysis applied to VSSI Project” (EDMS 1233517 ).

Introduction to VMware vSphere Client version 5 for VSSI Power Operators (Advanced Operator) role

This role is a normal operator role plus some administration privileges, included networking.

Take in account that, in vSphere, network privileges have to be given at datacenter level, so, a power operator user is going to see all the VMs of the datacenter, even those VMs that could not be managed by him.

What a VSSI Power Operator can do

This role is based in the VSSI Operator role, with several extra administration privileges. It is recommended to check the VSSI Operator role documentation.

See all the datacenter, but modify power status of some allowed VMs

Due to some given permissions, a power operator is able to see all the hosts and virtual machines in the datacenter, but this role could only manage the virtual machines with exclusive permissions to do it.

In the next image you could see that with the VM with permissions, the user could open a console and work with the machine:

To work with a VM, it is recommended to use a remote connection application (like SSH, VNC, rdesktop, Windows Remote Desktop). In this case, the user should be allowed in the domain or the operating system configuration.

Create a VM

This role gives to the user permissions to create a Virtual Machine, although those permissions are not going to imply to have automatically permissions over that VM (a power operator could create a VM, but to open a console or configure it later, some administrator has to give to this person console/management permissions for this VM).

To create a VM we could start using the File menu, or we could start also doing right click in some inventory intermediary node, upper the datacenter (not root node of the tree = vCS name, not leaf nodes = VMs).

After doing this, a wizard is going to appear. In the first window, we can choose create a typical or custom VM.

In the custom version, some extra elements could be configured:

• “Virtual Machine Version” (VMware internal configurations supported by the host)
• CPU configuration (number of virtual sockets and virtual cores per socket)
• Amount of RAM
• Kind of SCSI Controller
• Specific disk configuration options (the default option is create only a virtual disk, but the custom creation allow us to use an existing virtual disk, do not create a disk or even using raw device mappings).

Name of the VM

Storage where the VM is going to be located

Operating System to install (choose the right one or one with the same architecture, for example, Linux 2.6 32 or 64 bits; or a compatible one –option “other”)

Configure the Network Interfaces

Configure the disk size and the provisioning policy

In the part of the Disk Provisioning Policies, choosing “Thin Provision” (see highlighted area) is a good idea: the disk space is going to be taken at the time it is needed, and most of times never this disk space is not going to be used, but the OS needs to see this configuration to has a better performance.

Excepting if there are previsions to use it and this space has to be granted, “Thin Provision” must be selected.

Disk Provisioning Policies

Thick Provision Lazy Zeroed (default “flat virtual disk” format): creates a virtual disk in a default thick format. Space required for the virtual disk is allocated when the virtual disk is created. Data remaining on the physical device is not erased during creation, but is zeroed out on demand at a later time on first write from the virtual machine.

Thick Provision Eager Zeroed: a type of thick virtual disk that supports clustering features such as Fault Tolerance. Space required for the virtual disk is allocated at creation time. In contrast to the flat format, the data remaining on the physical device is zeroed out when the virtual disk is created. It might take much longer to create disks in this format than to create other types of disks.

Thin Provision: for the thin disk, it is provisioned as much datastore space as the disk would require based on the value that has been entered for the disk size. However, the thin disk starts small and at first, uses only as much datastore space as the disk needs for its initial operations.

An important details at this this point: if we want to change some settings (delete floppy disk, add an extra virtual Network Interface Card, change some of the wizard-selected configurations, etc), before accepting the option “Edit the virtual machine settings before completion” must be selected (see highlighted area).

Change VM parameters:

Add device

Depending on the device, to add many of them, the VM should be in a shutdown (only the devices that could be added in that state will be shown).

To add one device, in the VM right-click menu, the “Edit settings” option must be opened and, in the “Hardware” tab, we must press the “Add” button, to see next window:

Modify vCPUs + Cores

It is the second option in the previous screen. We can modify the virtual sockets or the number of cores per socket (see highlighted area).

Memory

Take in account the amount of RAM in the server, if there are plans to create new VMs and also the resources in the cluster (machines in with this VM could be restored, etc)

Disk

Like the previous chapter, check the disk usage prevision before giving a (thin provisioned) space, because if this space grows up a lot, the disc could be filled.

The recommendation is to use the local host datastore to operating system installation files, but use external scalable network storage to allocate data files or database files.

SCSI controller

LSI Logic SAS is the default and recommended option for most operating systems, although it must be checked before. If the OS installation is done using the OS-template wizard (see previous chapter, “VM creation”), the best option depending on the OS is going to be selected.

Floppy Disk

Although most servers now do not have a floppy drive, a virtual one comes as a default option when you create a VM. If the usage of some Floppy disk image is not planned, I recommend to delete this drive (is going to use virtual addresses, which is translated into memory reserved).

Optical Disk

Here you can choose if you want to mount/unmount a physical drive, an image or a client device when you start a VM or while it is running.

Take in account that accessing a “Datastore ISO File” implies to have datastore read permissions.

Also, if you want to start a VM using a drive file, you have to configure it using the VM BIOS. This could be configured in the VM properties, “Options” tab, in “Advanced” --> “Boot options” settings (see highlighted area in next picture). After doing this, you should configure the boot order in the vBIOS. You can keep this as a default option unchecking the “Connect at powe on” option in the “Hardware” tab, CD/DVD drive (see previous picture).

vNICs (Network Adapters) and Network Interfaces assignation

As you could see in the previous picture, while the VM is running, the Network Interfaces options could also only be connected or disconnected, removed, networks connection changed, but the MAC address could not be modified. For this, we must shutdown the VM or add another vNIC and configure the MAC manually (see highlighted areas), as you could see in the next picture.

MAC Address

If you are virtualizing a previous system, because of CERN MAC filter, this new automatically generated MAC address should be added in the computer properties at Network Operations site. If some MAC address is already registered, it must be configure as Manual and added in the VM options.

If you are using a GNU/Linux 2.6 or newer, or a Windows Windows 2008/7, the Adapter Type must be E1000. If you are using a Windows 2003/XP Pro 32 bit and you want to use this adapter type, probably you must provide a driver manually [1]: Microsoft did not provide the drivers in the initial releases.

USB Controller

If a USB device has to be used, an USB controller must be added.

The different adapter types are different emulated real know devices (Intel, AMD) or virtual automatically selection of one of those devices during the boot process (“Flexible” option, although this option fails with some Windows versions, like 7/2008). Look [4] for more info.

USB Device (USB port Pass-through)

Some USB port could be configured as a device pass-though, in this case, USB pass-through device, to be used directly with (and, by default, exclusively by) a VM.

Take in account that the USB controller has to be added before doing this operation. Also, the device must be connected before starting the device aggregation process.

Then the USB device must be found using the menus, as you can see in the next picture.

Take in account that this is not a fully hardware access, it uses the virtual layer and, for that reason, performance is not as high as real pass-thought [5]. If the performance is relevant, consider using VMware DirectPath I/O technology.

PCIx Device (Real Pass-trough: VMware DirectPath I/O)

If a PCI port must be used by a virtual machine, a slot could be completely dedicated to a VM. This pass-through is a real one, the port access it is not implemented over the virtualization layer, so, its performance is much better than the common USB port pass-through.

Take in account that using DirectPath I/O avoids the possibility of using some HA/backup features (most backup systems use snapshotting) for this VM.

Anyway, a backup could be done while the VM is in a shutdown state.

VMCI

If a high speed communication channel between the VM and ESXi is needed, this option could be enabled.

vGPU

Some parameters of the virtual GPU could be configured here.

If 3D graphics are required, the host should support 3D acceleration [6]. In that case, the checkbox should be enabled to be checked if it is desired.

Install Operating System with the CERN NICE installer

The process to install an OS is quite simple once you did it before, but maybe the first time it could be a bit confusing.

Take in account that this is a network installation, so, the VM should have a configured IP, for this, the MAC address should be registered in the CERN NetOps database, and an update or a new register introduction could take even half of a day to be updated (it has to be approved by the responsible person/s).

The process to install a VM is the following one:

Start the VM and the installation system

Press enter when the CERN network installation system appears, to choose the right NICE installer

Take in account that if you don not press the enter button in some seconds, the boot menu is going to try to start from HD. In this case, you will see the next picture and you should reset the VM in the menu.

Choose the right OS…

Example, SLC (Scientific Linux CERN) one

After choosing this option, the typical SLC install wizard is going to appear:

Example, Windows

You have to choose in the menu the right Windows architecture (not version), like is shown in next picture:

Take in account that NICE uses a GNU/Linux image to load the Windows installer, so, if you see the typical GNU/Linux boot messages, do not worry:

Configure the Hard Disk

First of all, we must “Create a System Partition”.

After this process, we must choose the new partition and press next.

Unknown computer model

With VMware, we could receive a warning message (unknown computer model). We do not need to worry about it, just accept it and continue:

Configure operating system: available vs. hidden options

By default, we only could install the standard/full supported CERN Windows:

If we want to install another version, we must press just behind the close button. Maybe we must try several times, but the ‘hidden button’ is there, where the cursor of the next screenshot is:

After this, a normal Windows installer is going to be released. On this example, a Windows 7 Professional one. You must proceed as always.

Example, expert OS system options

To install other operating systems, we must check the “Expert Operating System Install Menu” option.

Take in account that this option could install a non-supported CERN OS or could require an external license. This license or the way to get it is not included nor described on the NICE installer process.

Expert Menu for Operating Systems

Here you can choose the right operating system. If you are working in a network isolated from the internet, take in account that extra repositories could be not available.

In this example, this option will launch the Red Hat Enterprise Linux standard installer.

Citations and References

1. “Snapshot (computer storage)” (Wikipedia, The Free Encyclopedia) http://en.wikipedia.org/wiki/Snapshot_(computer_storage) [last access on 2013-01-28]
2. “About Virtual Disk Provisioning Policies” (vSphere 5 Documentation Center) http://pubs.vmware.com/vsphere-50/index.jsp?topic=%2Fcom.vmware.vsphere.vm_admin.doc_50%2FGUID-4C0F4D73-82F2-4B81-8AA7-1DD752A8A5AC.html [last access on 2013-02-01]
3. “On a Windows XP Professional 32-bit guest, the e1000 NIC driver is not automatically available even though the e1000 vNIC is supported (1016456)” http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1016456 [last access on 2013-04-23]
4. “Choosing a network adapter for your virtual machine (1001805)” http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1001805 [last access on 2013-04-23]
5. “ESXi: Why you should use vmDirectPath instead USB passthrough”: http://parkersamp.com/2011/01/esxi-why-you-should-use-vmdirectpath-instead-usb-passthrough/ [last access on 2013-04-23]
6. “ESXi 5 and 3D graphics for 3D Studio Max” http://communities.vmware.com/message/1822928 [last access on 2013-04-23]