Skip to content
Tags

, , , , ,

Virtual Infrastructure – Tech.

by on February 26, 2010

Information on the Software
~~~~~~~~~~~~~~~~~
Following the advice and guidance from Martyn & Danny over at KGV, we appointed Novus (contact details at the end of this document) to supply and install a solution based on VMware vSphere & Quest vWorkspace.

The main infrastructure runs VMWare vSphere, whilst the provisioning of Virtual Machines, Thin Clients and Web Access is provided by Quest vWorkspace.

Information on the Hardware
~~~~~~~~~~~~~~~~~
We purchased 3 x Dell R710 Servers that have the following specification;

2 x Intel Xeon X5550 2.66Ghz Processors
32GB RAM
8 x 146GB SAS 15k 2.5″ Hard Disks
4 x 1GB On-Board Broadcom 5709 Network Cards

The drives are partitioned as;

2 x 146 {DataStore 01}
3 x 146 {DataStore 02}
3 x 146 {Data Store 03}

These servers all run VMware vSphere 4 and split across these 3 servers is all of our virtual desktops and Quest Virtual Servers (explained later) are located.

We also re-allocated an existing Dell PowerEdge 1800 to run as our VMware Management Server, the specification for this server is;

Dual Xeon 5050 3.0gz
4GB Ram
2 x 250 SATA HDD (Raid 1)
2 x 1GB LAN

Information on the Setup
~~~~~~~~~~~~~~~
The three Dell R710 servers all run VMware vSphere 4 and are accessed via the Management Server.

In addition to the management server, we have two (virtual) vWorkspace servers which handle desktop provisioning and web-based connections

1) virtual01 – Quest vWorkspace Broker
This is the server that allows us to provision desktops and allow access to the Virtual Desktops

2) virtual02 – Quest vWorkspace SecureIT/WEB-IT
This is the server that allows web-based connections from outside of the college

For allowing web-based access, we configured a FQDN of virtual.bsfc.ac.uk and obtained an SSL Certificate for this (provided by the Janet Certificate Service) – The SSL certificate was configured on our WEB-IT server and exported to Microsoft ISA.

We use Microsoft ISA to securely tunnel the connections from outside the college over to the internal WEB-IT server.

Day to Day Administration
~~~~~~~~~~~~~~~~
vCenter is the main interface for working with the VMware infrastructure, whilst we use the Quest Broker Server to provision desktop’s and allow access to the Virtual Desktops (from either local thin clients or via the Quest vWorkspace web interface).

The vWorkspace SecureIT/WEB-IT server does not really have much interaction – once it’s configured to talk to your vWorkspace broker, it happily sits there just passing the connections across.

Creating a Virtual Desktop
~~~~~~~~~~~~~~~
To get us up and running quickly, we took a snapshot of one of our existing Windows XP PC’s – this run’s the college standard disk image. We used the VMware converter tool to convert the local PC into a VMware image.

Once the PC had been successfully converted to a VMWare image, we used vCenter to configure various options and remove software / settings that we wouldn’t want the Virtual Desktops to have.

As with all of our college computers – the virtual desktops run Sophos Anti-Virus and are locked down via Active Directory Group Policies.

Provisioning Desktops
~~~~~~~~~~~~~
Once your VMWare XP Desktop image is at a level were you are happy to deploy, you need to convert it to a Template.

Once the image has been converted to a template, you can then provision your desktops – this is done on the Quest Broker Server.

In quick terms, we pick our template, tell it how many desktops we want to provision and then provision them. The servers are configured to automatically load balance the desktops between the 3 servers and between the 3 storage areas on each server.

If updates are required on the core XP Desktop image the template can be converted to a working machine and changes be made or software updated. Once complete it can be reconverted to a template and new Desktops provisioned from this updated template.

Allowing Internal Access
~~~~~~~~~~~~~~~
KGV Southport have graciously loaned us two Wyse unit’s for ‘Proof of Concept’. We have a Wyse S10 Thin Client Desktop unit and a Wyse X90 Laptop.

We setup and configured (with KGV’s assistance) the Wyse Device Manager and our DHCP server to allow thin clients to talk to our VMware infrastructure.

Configuring the X90 Laptop was very straightforward – I just had to alter the XP Embedded client to use our College WiFi and also set Internet Explorer to point to our Web-Interface. Once I rebooted the laptop it automatically loaded our vWorkspace web interface (attached WyseX90-Laptop.jpg).

I did however have to alter our vWorkspace broker to tell it that any internal requests should be run over HTTP whilst the external connections should still run on SSL.

Configuring the S10 was also straightforward – after I had configured Wyse Device Manager. altered some configuration files, and altered our DHCP server, I turned on the S10 and it automatically loaded our VMWare infrastructure (attached WyseS10-ThinClient.jpg).

I also had to make a change to the registry for vWorkspace which allowed the Wyse terminals to use our VMWare Infrastructure.

Allowing External Access
~~~~~~~~~~~~~~~
By Using Quest’s SecureIT/WEB-IT we can allow our users to get a full Windows XP desktop from home – this allows our users to have full (and SSL Secured) access to the college network. Users access the vWorkspace Login screen (attached vWorkspace-WebAccess.jpg) from https://virtual.bsfc.ac.uk/ and login with their college username and password – they are then automatically directed to an available Virtual Desktop in our BSFCFarm.

The main benefit of this, is that no data is stored on the users own device – all of the work and data is stored on the college network. Users also have the option of opening files from their own (local) computer inside the Virtual Desktop. We have also allowed staff to print to a central printer – so they can print documents from home and collect them when they come into college.

Comments
~~~~~~~
The system went in without any major problems and we are currently performing a testing phase ready for release to our learners.

We must also give continued thanks to Danny Caldwell and Martyn Coleman over at KGV who really helped us get to grips with this new system.

Purchased / Installed by;
~~~~~~~~~~~~~~~~
Tony Francis
Novus Group
t: 01260 292 500
tony.francis@novus.co.uk

Installed by; Andy Friar @ Novus.

Advertisement

From → Technical

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

«
»
Follow

Get every new post delivered to your Inbox.