Deploying Novell BorderManager 3.8 as a Virtual Host in a VMware Environment
Novell Cool Solutions: AppNote
By Aruna Kumari, Gaurav Vaidya
Digg This -
Posted: 20 Dec 2006
This AppNote provides information about deploying Novell BorderManager 3.8 server on VMware platform through different scenarios which might be useful for Novell BorderManager users. The document also covers the tips for configuring network interfaces for Novell BorderManager services.
Note: Novell is extending the support for Novell BorderManager3.8 SP5 on Netware platforms that run on VMWare ESX Server 3.0.1 and VMWare ESX Server 2.5.1 versions. This support will also be extended to Novell BoderManager 3.9 which will be available in first half of 2007.
Some Novell BorderManager users may want to deploy other application servers along with Novell BorderManager services on the same hardware. This can be done by deploying Novell BorderManager in a virtualization environment. This also allows multiple servers to share hardware resources, such as CPU, memory, hard drives, and network interfaces, thereby maximizing resource utilization and reducing server hardware costs. This document discusses Novell BorderManager deployment on VMware platform.
This AppNote is intended for:
- Users who want Novell BorderManager services and another operating system on a single hardware (to reduce hardware cost and increase manageability).
- Users who want to deploy multiple Novell BorderManager servers on same hardware. This includes scenarios where multiple HTTP proxy servers are deployed with proxy session failover, or where VPN and Proxy services are deployed on different Novell BorderManager servers on the same hardware.
Note: This document does not contain any scalability or performance data about the number of Novell BorderManager servers that can be deployed on a single instance of VMware, with reference to the hardware configuration.
The following deployment environment has been used in the scenarios explained in this document.
VMware ESX server - 2.5.1
OES (Netware) - 6.5 SP6
Novell BorderManager - 3.8 SP5
Processor - Intel Xeon 2.8 Ghz (IBM xSeries 335)
Memory - 2 GB
Deployment Scenarios Tested
- Two Novell BorderManager servers deployed on one VMware machine, in a single eDirectory tree configuration.
- One Novell Bordermanager server deployed along with another OS (SLES9 SP3) on a single VMware machine.
It is assumed you know how to:
- Install VMware ESX server and also know how to configure and manage virtual machines.
- Install and configure Netware and Novell BorderManager.
Deploying Novell BorderManager on VMware
To deploy Novell BorderManager on VMware, you must do the following:
1. Install and configure VMware ESX server.
2.Install NetWare on VMware ESX Server.
3.Install Novell BorderManager 3.8.
The next few sections discuss these steps in detail.
1. Installing and Configuring VMware ESX Server
In order to be able to deploy Novell BorderManager on VMware, you should first install VMware ESX Server. For more information on how to install VMware ESX, see:
Novell BorderManager requires multiple interfaces for services such as VPN and Proxy, and multiple virtual switches are required to use multiple interfaces.
Configuring and Loading Multiple Physical Adapters
By default, VMware ESX Server assigns one interface exclusively for the VMware service console, which leaves only one physical interface for Novell BorderManager. To make a console interface available for the virtual machine (NetWare), these interfaces should be shared between the virtual machine and the VMware Service Console.
Let's assume there are two interfaces: one has to be configured in shared ('s') mode and another in virtual machine ('v') mode. To enable sharing mode, run the following command on the console of VMware machine to enable multiple interfaces for virtual machines:
Note: This command is available only on VMware ESX 2.5.x Server and is deprecated for ESX 3.x.
Configuring Virtual Switches
Users must configure multiple virtual switches on VMware ESX server in order to use multiple interfaces. To configure virtual switches,
1. Access the VMware Management interface by opening a browser and typing the following at the address bar:
http://<VMware Console IP address>
2. Select Options > Network Connection.
3. Click Virtual Switches, then click Add.
For our example, we have added two virtual switches as shown in Figure 1.
Figure 1 - Configuring virtual switches
Installing VMware Remote Console
To install a guest operating system, use VMware Remote Console on a different system than where you installed the ESX Server. Follow the instructions in the VMware documentation (http://www.VMware.com/support/pubs/esx_pubs.html) to install and start the Remote Console on a Linux or Windows workstation. Then connect to the virtual machine that you created, as shown in Figure 2.
Figure 2 - VMware Remote Console
2. Installing Netware (OES) on the VMware ESX Server
1. Add a new virtual machine on VMware server. To do this, follow the instructions in the VMware documentation to create a new virtual machine on VMware.
2. Select Novell NetWare 6 as the intended guest operating system during the virtual machine configuration.
3. While configuring the virtual disk, select the disk mode setting as Persistent so that the changes are immediately and permanently written to the virtual disk.
4. To start the installation, open the VMware Remote Console and insert the NetWare 6.5 CD 1 (Operating System) into the CD-ROM drive. Then click Power On to start the virtual machine.
5. Proceed with the NetWare installation, following the instructions for installing OES NetWare.
Troubleshooting the Network Interface
There may be problems in detecting second virtual interfaces using "hdetect" after OES is installed. To get the second interface recognized:
1. Shut down the OES virtual machine.
2. Edit the virtual machine hardware detail and add a new device (a network adapter as shown in Figure 3).
3. Associate each network adapter to the appropriate virtual switch.
Figure 3 - Adding a network adapter to a Netware virtual machine
3. Installing Novell BorderManager 3.8
After the NetWare virtual machine is ready for Novell BorderManager installation, follow the installation instructions in "Installing Novell BorderManager 3.8." (http://www.novell.com/documentation/nbm38/inst_admin/data/anecsfw.html)
After installation, the Novell BorderManager server is available for use. It can be accessed through iManager, NWAdmin, or VMware Remote Console as required.
Figure 4 - Installing Novell BorderManager 3.8
Deployed and Tested Scenarios
The following scenarios have been deployed and tested with Novell BorderManager on a VMware machine.
Single Server Deployment
Purpose: To deploy single Novell BorderManager server along with another OS server (such as SLES10 or Linux Access Gateway). This deployment aims at better hardware utilization.
What was tested:
- Novell BorderManager Proxy services:
- Forward - HTTP, FTP, Mail, DNS
- Reverse - HTTP, FTP
- Transparent - HTTP, Telnet
- VPN Site-to-Site (2 servers) and Client-to-Site (NMAS, Certificate, PSK)
The Site-to-Site VPN tunnel was configured between Novell BorderManager server deployed on VMware, and non-VMware Novell BorderManager server.
Multiple Server Deployment
Purpose: To deploy multiple Novell BorderManager servers in a single-tree environment. This may be useful for users who want to segregate VPN and Proxy servers and still want to use the same hardware. This kind of deployment is beneficial because when either the proxy or VPN server goes down, the other service will not be affected.
What was tested:
- Proxy services on one virtual server
- VPN C2S and S2S service on another virtual server. For S2S, this server was configured to connect to Novell BorderManager Server on another VMware machine.
Proxy Session Failover Deployment
Purpose: To deploy multiple HTTP proxy servers on same hardware (VMware) and configure session failover among them. These VMware virtual machines were deployed behind an L4 switch to provide load balancing and failover. The authentication agent was configured on a separate hardware.
What was tested:
- Session failover between multiple proxies and between local and remote authentication agents.
Support for VMware ESX 3.x Server
Novell BorderManager 3.8 SP5 was successfully installed on VMware ESX 3.0.1 server. The following functionalities have been tested:
- Novell BorderManager 3.8 SP5 installed along with SLES9SP3 on same hardware (two virtual machines).
- HTTP proxy with and without authentication (Single client accessing web server through proxy).
- VPN Client-to-Site service using NMAS authentication to access protected network.
Novell BorderManager services, such as proxy, VPN, and filters can be deployed on VMware ESX Server as a virtual machine.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com