This AppNote provides information about deploying a Novell BorderManager 3.9 SP1 server on a Xen-based virtual machines platform, through different scenarios that might be useful for BorderManager users. The document covers adding multiple network adapters and installing BorderManager services.
Note: Novell is extending the support for BorderManager 3.9 SP1 on NetWare platforms that run on Virtual Machine on the XEN Platform of SLES 10 versions.
Table of Contents
Deployment Scenarios Tested
Deploying Novell BorderManager on XEN
Installing and Configuring a Virtual Host Machine on a XEN server
Installing Netware (OES) on the XEN Server
Installing Novell BorderManager 3.9 SP1
Deployed and Tested Scenarios
Some BorderManager users may want to deploy other application servers along with BorderManager services on the same hardware. This can be done by deploying BorderManager in a virtualization environment. This also allows multiple servers to share hardware resources, such as CPU, memory, hard drives, and network interfaces, thereby maximizing resource utilization and reducing server hardware costs. This document discusses BorderManager deployment on the XEN platform.
This AppNote is intended for:
– Users who want BorderManager services and another operating system on a single type of hardware (to reduce hardware cost and increase manageability).
– Users who want to deploy multiple BorderManager servers on same hardware. This includes scenarios where multiple HTTP proxy servers are deployed with proxy session failover, or where VPN and Proxy services are deployed on different BorderManager servers on the same hardware.
Note: This document does not contain any scalability or performance data about the number of BorderManager servers that can be deployed on a single instance of XEN platform, with reference to the hardware configuration.
The following deployment environment has been used in the scenarios explained in this document.
XEN server – on SLES 10SP1
OES (Netware) – 6.5 SP7
BorderManager – 3.9SP1
Processor – Intel Xeon 2.8 Ghz (IBM xSeries 335)
Memory – 2 GB
Two NIC cards
– Two BorderManager servers deployed on one XEN machine, in a single eDirectory tree configuration.
– One BorderManager server deployed along with another OS (SLED 10) on a single XEN machine.
It is assumed you know how to:
-Install SLES10-XEN server and configure and manage virtual machines.
– Install and configure Netware and BorderManager.
To deploy BorderManager on XEN, you must do the following:
1. Install XEN server and create a Virtual Machine
2. Install NetWare on the Virtual Machine.
3. Install BorderManager 3.9 and support pack SP1.
The next few sections discuss these steps in detail.
In order to deploy BorderManager on Virtual Host, you must first install SLES 10 SP1 operating system by selecting “Xen Virtual Machine Host Server” in the Primary Function Category during installation. For more information on Xen Virtualization, see: http://www.novell.com/documentation/vmserver/virtualization_basics/index.html?page=/documentation/vmserver/virtualization_basics/data/b9km2i6.html#b9km2i6
Figure 1 – Installing a Xen Virtual Machine Host Server
1. After you install the virtualization component, reboot the computer.
While rebooting, the GRUB boot loader menu displays a Xen menu option.
2. Select the Xen menu option to load the virtualization components and start the host desktop (domain 0) running the SUSE Linux operating system.
To Install Netware OS on XEN, you need to create a Virtual Host machine. To do this, follow these instructions:
1. From the virtualization host server desktop, go to YaST > Virtual Machine Manager > New > Forward.
Figure 2 – Creating Virtual Host Machine
2. On the “Installing an Operating System?” screen, select “I need to Install an operating system” and proceed.
Figure 3 – Installing an Operating System on Virtual Host Machine
3. For the type of operating system, select Novell Open Enterprise Server2 (NetWare) as the operating system and proceed. This will be the name of the Virtual Machine.
Figure 4 – Selecting the type of operating system to be installed
4. Summary Page: The Summary page shows you a summary of the virtual machine you are creating. You can click on any of the headings to edit the information.
5. Network Adapters: By default, XEN Server assigns one interface for the Virtual host. To have the second physical interface available for BorderManager Services, click on Network Adapter in summary page and add a new Virtual Network Adapter, then apply the changes.
Figure 5 – Adding the second Virtual Network Adapter
6. Operating System Installation: Add a Virtual disk from which the NetWare OS must be installed. For example, if the installation is from an ISO image file, copy the ISO image of Netware into the local machine and create a disk selecting the ISO image. For more information, see: http://www.novell.com/documentation/vmserver/virtualization_basics/index.html?page=/documentation/vmserver/virtualization_basics/data/b9km2i6.html#b9km2i6
Figure 6 – Adding the Virtual Disk from which the installation will proceed
7. When you have finished entering all the information in the Operating System Installation page, click Apply to return to the Summary page.
8. If all the information in Summary Screen is fine, click OK.
Figure 7 – Summary Page of the Virtual Host Machine
8. Continuing the Installation: Proceed with the NetWare installation, following the instructions for installing OES NetWare.
Figure 8 – NetWare Installation on Virtual Machine
After NetWare Installation on XEN, the server is ready for BorderManager installation.
1. Copy the BorderManager build to the server, or mount the CD from where the installation must be done. Follow the installation instructions in Installing BorderManager 3.9 –
Figure 9 – Installing BorderManager 3.9
After installation, the BorderManager server is available for use. It can be accessed through iManager, ConsoleOne, NRM or the XEN Virtual Manage Machine Console as required.
Install the Support Pack service (NBM3.9SP1) to get the support of BorderManager service on XEN.
The following scenarios have been deployed and tested with BorderManager on a XEN machine.
Single Server Deployment
Purpose: To deploy a single BorderManager server along with another OS server (such as SLES10 or Linux Access Gateway or Windows). This deployment aims at better hardware utilization.
What was tested:
BorderManager Proxy services:
Forward – HTTP, FTP, Mail, DNS
Reverse – HTTP, FTP
Transparent – HTTP, Telnet
VPN Site-to-Site (2 servers) and Client-to-Site (NMAS, Certificate, PSK)
The Site-to-Site VPN tunnel was configured between BorderManager server deployed on XEN and a non-XEN platform.
Multiple Server Deployment
Purpose: To deploy multiple BorderManager servers in a single-tree environment on the same XEN server. This may be useful for users who want to segregate VPN and Proxy servers and still want to use the same hardware. This kind of deployment is beneficial, because when either the proxy or VPN server goes down, the other service will not be affected.
What was tested:
Proxy services on one virtual machine
VPN C2S and S2S service on another virtual machine. For S2S, this server was configured to connect to BorderManager Server on another XEN machine.
1. Editing the Properties of a Virtual Disk: For best performance, create each virtual disk from an entire disk or a partition. For the next best performance, create an image file but do not create it as a sparse image file. A virtual disk based on a sparse image file delivers the most disk-space flexibility but the slowest installation and disk access speeds.
2. NetWare installed from CD: If you are installing a para-virtual machine’s operating system from CD, you should remove the virtual CD reader from the virtual machine after completing the installation. That’s because the virtual machine assumes that the original CD is still in the CD reader, even if it is ejected. If it is ejected, the virtual machine cannot access the CD (or any other newly inserted CD) and receives I/O errors. For instructions on removing the virtual CD reader, see Virtual CD Readers in Virtualization: Configuration Options and Settingsfor more information.
3. HardWare Memory allocation: Set limits for the maximum and minimum amount of system memory to allocate to the host operating system (domain 0). For instructions, see Managing Domain 0 Memory.
4. Disable Powersave functionality on the host and all guest operating systems. On the host computer and other Linux computers, you can use the “chkconfig powersave off” command.
5. Close Virtual Machine Manager if you are not actively using it and restart it when needed. Closing Virtual Machine Manager does not affect the state of virtual machines. If left running, Virtual Machine Manager incrementally consumes domain 0 memory. With diminishing system memory in domain 0, virtual machine performance slows and then out-of-memory error messages start to appear in domain 0 and all virtual machines. Closing Virtual Machine Machine manager releases the additional memory it consumed.
BorderManager services, such as proxy, VPN, and filters can be deployed on a virtual host of a XEN server.
Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment. It just worked for at least one person, and perhaps it will be useful for you too. Be sure to test in a non-production environment.