User Login      + Register  

VmWare Workstation  SecureOffice  xoops  29-Nov-2020 17:40  0  3587 reads

Table_of_Contents

1      About SecureOffice VmWare WorkStation

1.1                Economic Advantages of VmWare Workstation

1.2                Security Advantages of Using VmWare Workstation

1.3                Preparation Before Installing VmWare Workstation

1.3.1      Install VmWare Workstation on PC

1.3.2      Choose Services to Host

1.3.3      Choose VM OS and Distribution

1.3.4      Convert Existing PC to Virtual Machine

1.3.5      Create VM Directory on SecureOffice

1.3.6      Insufficient Disk Space for VM

1.3.7      Copy Virtual Machine to SecureOffice

1.4                Install SecureOffice VmWare Workstation

1.5                Configure SecureOffice VmWare Workstation

1.5.1      Configure Virtual Machine Network

1.5.2      Install VmWare Tools on Virtual Machine

1.5.1      Share Host PC Folders With VM

2      Troubleshooting Virtual Machines

2.1                VM Startup Problems

2.1.1      Licensing Problems

2.1.2      Vmware Kernel Module Problems

2.1.3      Virtual Machine Will Not Start

2.2                VM Network Issues

2.2.1      Basic VM Connectivity

2.2.2      Some VM Services Do Not Work

List of Figures

Figure 1:       Manage Virtual Machines

Figure 2:       Unconfigured Virtual Machine Entry

Figure 3:       Configured Virtual Machine Entry

Figure 4:       Xorg GUI

Figure 5:       VmWare Workstation Home

Figure 6:      VmWare Network Editor

Figure 7:      VmWare Tools ISO Image

Figure 8:      VmWare Add Shared Folder

Figure 9:       VmWare Services Started

Figure 10:       VmWare Network Editor

1      About SecureOffice VmWare WorkStation

VmWare Workstation is a premium (licensed, $) SecureOffice application which allows you to host multiple virtual machines which are virtual computers running any operating system and distribution you choose such as Linux or Windows.

SecureOffice VmWare Workstation is a port of VmWare Workstation so it can run on SecureOffice. Apart from the cost of VmWare Workstation for SecureOffice, VmWare Workstation is free to use for non-commercial users. Commercial users (to be in Vmware license compliance) must have or purchase a copy of Vmware Workstation Pro, described here.

Virtual machine hosting allows you to meet the following needs, for various usage scenarios:

  • Those who do not want to risk or trust third party service hosting providers with access to their files, database, access controls and users. Note that third parties are far more likely to comply with secret demands for your private information than you are, leaving you in a "no clue" position regarding countermeasures.
  • Those who do not trust third party email providers with access to their email records.
  • It is possible for SecureOffice to be configured to directly host websites, email and other internet services, without virtual machines. Choosing to do so means you would also have to manage security, antivirus and other updates, a tedious task and not recommended. If you wish to do so, search the internet for HowTo's. Using a standard virtual machine distribution with automatic updates to host services requires far lower maintenance.
  • Using a standard operating system virtual machine distribution to host services such as websites, email server, file servers has the advantages of automatic updates and low maintenance. Several modern Linux server distributions (most free) are compared here. The SecureOffice team uses and recommends Sme-Server.
  • Consolidating legacy servers, running on dedicated PC's as virtual machines under SecureOffice saves power. SecureOffice is capable of running multiple virtual machines simultaneously, limited only by performance of the hardware chosen to host SecureOffice.
  • Road Warriors can install SecureOffice / VmWare Workstation on their laptops and bring their entire secure network infrastructure with them, while simultaneously running their OS of choice as a virtual machine.

1.1                Economic Advantages of VmWare Workstation

VmWare Workstation running virtual machines(s) is far less expensive than using dedicated PC's to host services.

Consolidate and move your legacy servers from multiple high-power consuming PC's to low power SecureOffice hardware.

Running your applications under virtual machines means that when the underlying hardware becomes obsolete and needs to be replaced; your legacy applications can run on modern hardware under virtual machines, with no changes.

No modern computer will run Windows XP or Windows 98 without a lot of work, finding and installing drivers (many will not exist). Running Windows XP and 98 is supported by VmWare Workstation.

If you in a situation where high investments have been made in applications that run on obsolete hardware, without using virtual machines, this investment becomes a dead loss and the applications must be re-developed to use modern hardware and operating systems.

1.2                Security Advantages of Using VmWare Workstation

Third parties hosting your information are far more likely to comply with secret demands for your private information than you are.

SecureOffice / VmWare Workstation is a compact, self-contained portable information hosting solution. If you are one step ahead of your predators, you, SecureOffice and your bug out bag can "cut and run", without losing or leaving valuable information behind. Within minutes, you can be anonymous, in an internet cafe hosting internet services for your fellow "conspirators" (peaceful cooperation for mutual self-interest) over VPN, untraceable.

Come the collapse, many internet service providers will be down and, the internet will no longer be global. Under these conditions, the prepared can set up local pockets of information civilization for their communities, such as news and communications.

Using mesh networking, a neighborhood watch network of IP cameras can be set up to "keep an eye on the perps".

1.3                Preparation Before Installing VmWare Workstation

To maximize usage time for trial licenses, it is recommended that requirements be prepared in advance, since they will take time. The following are required:

1.3.1      Install VmWare Workstation on PC

Prior to installing any virtual machines on SecureOffice, it is recommended to first get the virtual machine running on your PC.

Download free VmWare Workstation.

Install VmWare workstation on your PC. Additional installation instructions are located here.

1.3.2      Choose Services to Host

Since the target market of SecureOffice is small business, professional consultants and Single Operator Home Office (SOHO) applications, it is assumed that web site hosting, email services and file hosting is a basic requirement. Users will have to determine additional requirements and how to implement them.

1.3.3      Choose VM OS and Distribution

VmWare Workstation can run any x86 Microsoft OS from DOS and Windows 98 to current distributions.

VmWare Workstation can run any x86 Linux distribution.

It is assumed that Sme-Server (recommended) virtual machine will be installed and configured for SecureOffice / VmWare Workstation. SecureOffice can run multiple virtual machines, limited only by RAM, disk space and hardware performance.

If a Sme-Server virtual machine is chosen for initial SecureOffice installation, the same virtual machine can be used for services hosting. This avoids creating separate virtual machines for installation and hosting.

VmWare Workstation needs to be installed on your local PC and a Sme-Server virtual machine created and configured. Instructions for doing so are in the Sme-Server Virtual Machine section.

If another operating system and distribution is preferred over Sme-Server, the virtual machine installation and configuration will be similar to Sme-Server. Exact installation steps can be found on the internet for various virtual machine distributions.

SecureOffice instructions may exist for other virtual machines. Check (this site) HowTo->Virtual Machines.

1.3.4      Convert Existing PC to Virtual Machine

If you already have a legacy Linux / Windows PC that you wish to make into a virtual machine, to run under SecureOffice / VmWare Workstation, VmWare has a free tool to do this. Download a free copy of vCenter Converter, install it on the machine you wish to convert and follow the instructions available at the download link.

VmWare is not the only alternative for conversion. Other alternatives are discussed here. Searching the internet for your exact requirements will narrow the possibilities.

1.3.5      Create VM Directory on SecureOffice

After your virtual machine has been created, configured and, optionally, services such as web hosting and email tested, it is ready to be hosted by SecureOffice / VmWare Workstation.

Perform the following steps:

  • Shut down the virtual machine on your PC.
  • Choose, create and mount a location for your virtual machine(s). It is recommended to use "/home/data/Vmware/<YourVmName>" for individual virtual machine storage.
  • During SecureOffice install, the "/home/data" directory was created and partition "/dev/sda4" mounted on "/home/data". The size of the "/dev/sda4" partition depends on how much disk space was left over after the SecureOffice boot, root and swap partitions were created during initial SecureOffice installation. "/home/data" free disk space must be sufficient to contain all virtual machines you intend to host.
  • To determine free disk space on "/home/data", enter the following command in a SecureOffice shell: "df /home/data". The "Available" field displays how many 1K blocks are free. Divide this number by one million to determine how many gigabytes of free space exist on "/home/data".

If there is sufficient free space to contain the virtual machine disk size chosen at VM creation, plus several gigabytes of headroom, plus storage space required for other applications such as docker containers, create the virtual machine installation directory by entering the following command: "mkdir -p /home/data/Vmware/<Your_VM_Name>" and proceed to the copy virtual machine section.

1.3.6      Insufficient Disk Space for VM

Insufficient disk space means that the recommendations in the SecureOffice storage prerequisites section were not considered or your requirements have changed and, you need to increase the size of the disk, or add another disk. For performance reasons, it is strongly recommended to not use a USB connected disk. It will work, but will be slow, compared to internal mSATA or SATA disks.

To add more disk space, there are three options:

  • Repeat the entire SecureOffice installation and configuration process using a larger disk. Not recommended, all SecureOffice configuration to this point must be backed up and restored to the new disk or re-entered.
  • Add and mount an additional, larger hard disk. The procedure for doing this can be found in Install an Additional Hard Disk.
  • Transfer data from existing system disk to a larger disk. The procedure for doing so is in Replace System Disk.
  • Adding or replacing disks may result in changed disk enumeration order, requiring boot device reconfiguration.
  • If the new or replaced disk is to provide storage at "/home/data" (standard SecureOffice location for extras such as virtual machines), the new partition must be mounted on "/home/data" and the VmWare installation directory created. Follow the disk UUID identification and modify "/etc/config/fstab" procedures as outlined in Installing an Additional Hard Disk for mount instructions.
  • Once the new partition is mounted in "/home/data", create the VM storage directory by entering "mkdir -p /home/data/Vmware/<YourVmName>" and proceed to the next section.

1.3.7      Copy Virtual Machine to SecureOffice

Using WinSCP, login to SecureOffice. Ensure that the WinScp transfer method is set to "Binary", else WinScp will convert from Windows to Linux line-endings, corupting the virtual machine. Navigate to the source directory containing your virtual machine (left pane, on PC). Navigate to the virtual machines destination directory previously created (right pane, SecureOffice). Select the directory containing your virtual machine and drag it to the target directory on SecureOffice. You are now ready to install the SecureOffice VmWare Workstation application.

1.4                Install SecureOffice VmWare Workstation

Now that a virtual machine has been created and copied to the SecureOffice filesystem, SecureOffice VmWare Workstation can be installed and configured.

Follow the steps in Install Premium Content, selecting VmWare Workstation as the application.

Prior to proceeding, using a monitor connected to the SecureOffice video port, confirm that Xorg (Linux GUI) and not a command prompt is displayed. If Xorg is not running, use a new PuTTY session to login to SecureOffice, which should start the Xorg GUI.

1.5                Configure SecureOffice VmWare Workstation

During configuration, if behavior is unexpected (not according to this documentation), follow the instructions in TroubleShooting Virtual Machines.

Using the SecureOffice web GUI, navigate to "Services->Virtual Machines", The "Manage Virtual Machines" page will display, as shown below.

Figure 1: Manage Virtual Machines

In the text field, left of "Add", enter a name for your virtual machine. Press "Add". An entry for your new virtual machine will display, as shown below.

Figure 2: Unconfigured Virtual Machine Entry

Enter a decscription for your new VM, plus the full path to the vmware "vmx" file, for example "/home/data/Vmware/SmeServer-9.2/SmeServer-9.2.vmx".

The "Vmware Tools Installed" checkbox depends on whether or not VmWare Tools has been installed on the VM. Installation of VmWare Tools in a VM enables extra commands for VM remote control which are not used by SecureOffice VmWare Workstation. Users wanting to use additional VM control should consult the vmrun command reference.

The "Enabled" checkbox determines whether the virtual machine starts at boot.

The "Use GUI" checkbox determines whether the virtual machine runs headless (does not appear on console Xorg display) or, does have a display. "Use GUI" is recommended, since it allows Xorg console access to the virtual machine when the network is down and SSH console is not possible.

Select preferred options, then click "Save&Apply"

A fully configured VM entry is shown below.

Figure 3: Configured Virtual Machine Entry

As many virtual machines as desired can be added, limited by memory, storage space and SecureOffice hardware performance.

1.5.1      Configure Virtual Machine Network

Connect a monitor to the SecureOffice video port (VGA or HDMI). Connect a keyboard and mouse to SecureOffice. If there is no display, you will have to reboot SecureOffice to detect the monitor.

In the Xorg GUI, if VmWare Workstation is not running, right click anywhere and select "lxterminal" to start a console session. Within the console, enter "/etc/vmachines start". The virtual machine(s) that were previously configured should start. A screenshot (using NoMachine remote access) of the Xorg GUI logged into Sme-Server and Lxterminal (multi-tabbed console) is shown below.

Figure 4: Xorg GUI

If the virtual machine(s) do not start (takes some time), right click anywhere in the Xorg GUI and select "VmWare->VmWare Workstation". The VmWare Workstation main window, like below (for your virtual machine) will appear.

Figure 5: VmWare Workstation Home

Select "Open a Virtual Machine", navigate to where you installed your virtual machine and select the "vmx" file of your virtual machine and click "Open". Then click "Play virtual machine". The virtual machine should start.

In the Xorg GUI, right click anywhere and select "VmWare->Net Configuration". The virtual network editor window should appear, as below:

Figure 6:VmWare Network Editor

For the "vmnet0" settings, insure that "Bridged" is selected and select "Bridge To" "br-lan". Click "Save". This configures your virtual machine to use the SecureOffice LAN interface for its network.

In the VmWare Workstation window, right click on the network icon, select "Disconnect" and then, "Connect". The network icon should not have a red "x". If it does, the network configuration settings for your virtual machine need to be verified.

The VM LAN address can be determined logging into the VM console and entering "ifconfig" from within the virtual machine console. Communication with the host PC can be verified by entering "ping <SecureOffice LAN address>".

To confirm your network settings, using lxterminal, enter "ping <LAN address of your VM>". A response means that connectivity is established.

1.5.2      Install VmWare Tools on Virtual Machine

VmWare Tools enhances the functionality and performance of virtual machines and host interaction. For example, without VmWare Tools, shared directories between the host PC (SecureOffice) and the VM may not function (OS distribution specific). Some distribution such as Ubuntu use package "open-vm-tools" and do not require VmWare Tools. Check OS vm tools requirements before installing either package.

If the virtual machine is running, stop it by entering "shutdown now" at a command prompt. It may also be necessary to use "Virtual Machine->Power->Power Off Guest".

Start VmWare Workstation, select but do not start the virtual machine. Navigate to Virtual Machine->Virtual Machine Settings and select "CD/DVD". The VM settings window will display:

Figure 7:VmWare Tools ISO Image

Select "Connect at power on", "Use ISO image". Change the path of the ISO image (VmWare host dependent) to wherever file "linux.iso" is. For Vmware Workstation running on SecureOffice, the path is: "/usr/lib/vmware/isoimages/linux.iso" as shown above. Click "Save".

Start the virtual machine and use a SSH client (PuTTY) for console access.

Sme-Server only: The default installation of Sme-Server is missing packages "fuse.x86_64" and "fuse-libs" required by VmWare Tools. They must be installed prior to installing VmWare Tools. At a command prompt (SSH session recommended) within the VM, enter "yum install fuse.x86_64 fuse-libs" and follow the prompts.

To install VmWare Tools, follow these steps.

  • From a command prompt within the VM enter "mkdir -p /mnt/dvd" to create a mount point for the VmWare Tools virtual CDROM.
  • Enter "mount /dev/sr0 /mnt/dvd; ls /mnt/dvd" to mount and display the CDROM directory. If you have more than one CDROM in your VM, you will have to identify which device to use instead of "/dev/sr0".
  • The directory listing of "/mnt/dvd" will contain a file called "VMwareTools-<VERSION>.tar.gz" where "<VERSION>" varies. Copy this file to "/tmp/" and change directory by entering "cp /mnt/dvd/VMwareTools-<VERSION>.tar.gz /tmp; cd /tmp".
  • Decompress VmWare Tools by entering "tar -zxvf VMwareTools-<VERSION>.tar.gz; cd vmware-tools-distrib". This also changes to the VmWare Tools installation directory.
  • Start VmWare Tools installation by entering "./vmware-install.pl" and choosing default answers to all questions. VmWare Tools will install.
  • At the end of installation, an error may display: "Unable to start services for VMware Tools". If this happens, it is due to VmWare tools using an obsolete startup method for the "thinprint" service. To fix this, enter "mv /etc/init/vmware-tools-thinprint.conf /etc/init/vmware-tools-thinprint.conf_notused" and then restart VmWare Tools by entering "/etc/vmware-tools/services.sh start". All services should now start with "OK" status.
  • Sme-Server only: Enable vmware-tools autostart by entering "ln -sf /etc/vmware-tools/services.sh /etc/rc7.d/S90vmware-tools-services".

1.5.1      Share Host PC Folders With VM

Shared folder support is required for SecureOffice and VM's to share SSL certificates, so when certificates are updated (ideally, automatically by LetsEncrypt), the updated certificates are immediately available for the VM's and any secure (https) websites they host.

Shared folders are also useful as a mechanism for transferring files between SecureOffice and virtual machines.

This step must be performed after the VM is installed and running on SecureOffice, since the correct paths will not exist on your PC.

To enable a shared folder, using the SecureOffice VmWare player GUI (SecureOffice Xorg console), navigate to "Player->Manage->Virtual Machine Settings->Options->Shared Folders". Select "Always Enabled" and press "Add". The "Add Shared Folder" window will appear as shown below.

Figure 8:VmWare Add Shared Folder

Enter the "Host Path" (depends on host PC) and "Name" as shown above, press "Next". The shared directory will be "/tmp" on SecureOffice and "/mnt/hgfs/Temp" within the VM. This directory will be used for file transfer between SecureOffice and the VM.

If the VM requires SSL certificates (Sme-Server does), press "Add" again. Enter "/etc/ssl/domains" as the "Host Path". Enter "domains" as the "Name", press "Next". The shared directory will be "/etc/ssl/domains" on SecureOffice and "/mnt/hgfs/domains" within your VM. This directory is used for sharing SecureOffice SSL certificates with the virtual machine.

2      Troubleshooting Virtual Machines

The scope of this section is insuring that VmWare Workstation successfully starts the virtual machine, network connectivity is established and the ports required for VM public internet services are forwarded on SecureOffice firewall. Any other problems are internal to the VM and require consulting the documentation for the specific OS and distribution of the VM, such as Sme-Server.

2.1                VM Startup Problems

Symptoms: VmWare Workstation will not start virtual machine.

Causes: Licensing issues, vmware kernel modules not loaded, faulty virtual machine

Follow the steps in the following sections, in order, to isolate and fix problems.

2.1.1      Licensing Problems

Reveiw the steps in Diagnosing Licensing_Failures, to determine if VmWare Workstation is able to connect to the license server and has a valid license. Do not proceed until all licensing issues are resolved.

2.1.2      Vmware Kernel Module Problems

VmWare Workstation requires several VmWare kernel modules / services to be loaded in order to function.

To determine if the vmware modules are loaded, enter "lsmod | grep vm". The result should contain at least "vmmon", and "vmnet". No response indicates VmWare services are not enabled and started or an issue with VmWare modules.

To enable and start vmware services enter "/etc/init.d/vmwared enable; /etc/init.d/vmwared restart". If successful, you will see output similar to below.

Figure 9: VmWare Services Started

If any of the services in Figure 9 have status "failed", you will have to look at the newest versions of the following VmWare logfiles where "X" is an instance number to further diagnose the problem:

  • /var/log/vnetlib
  • /var/log/vmware-installer
  • /var/vmware-root/vmware-apploader-X.log
  • /var/vmware-root/vmware-authdlauncher-X.log
  • /var/vmware-root/vmware-modconfig-X.log
  • /var/vmware-root/vmware-netcfg-X.log
  • /var/vmware-root/vmware-player-X.log
  • /var/vmware-root/vmware-unity-helper-X.log
  • /var/vmware-root/vmware-usbarb-X.log
  • /var/vmware-root/vmware-vix-X.log
  • /var/vmware-root/vmware-vixWrapper-X.log
  • /var/vmware-root/vmware-vmis-X.log

If the above logfiles are unhelpful, you will have to search the Vmware knowledge database , selecting "Vmware Player" as the product and "kernel modules" as search term for further information regarding diagnosis and possible fixes for the modules which fail to load.

It is not expected that users will run into VmWare module problems apart from the vmwared service not being enabled and running. If all else fails, collect information regarding symptoms and what has been tried and post to the SecureOffice support forum.

Do not proceed until all problems in this area have been resolved and the result of starting VmWare services is according to Figure 9.

2.1.3      Virtual Machine Will Not Start

Ensure that the virtual machine will start using Windows Vmware Workstation (copy VM back to windows, if using PuTTY, be sure to select "Binary" file transfer) to eliminate a corrupt VM as a possibility. Not selecting "Binary" transfer mode during initial VM copy to the target host may be the issue.

VmWare Workstation maintains a logfile for individual virtual machines (vmware-X.log) in the virtual machine install directory (where the VM "vmx" file is located). Consult the logfile to determine and fix any problems.

Another issue which may prevent virtual machines from starting is IP address conflicts between (VmWare generated) "vmnet1" and "vmnet8" networks which are used for communication between virtual machines. Either alter the subnet addresses or, delete these networks if not required.

To do so, right click anywhere in the Xorg GUI, select "VmWare->Net Configuration". The VmWare network editor will appear, as shown below:

Figure 10: VmWare Network Editor

If the VM logfile is unhelpful, you will have to search the VmWare knowledge database, selecting "Vmware Player" as the product and "won't start VM" as the search term.

Another option is to search the internet for "VM distribution virtual machine" where "VM distribution" is the Linux or Windows OS of the virtual machine.

2.2                VM Network Issues

2.2.1      Basic VM Connectivity

If the VM is to provide public internet services, it must be configured with a static IP address on the SecureOffice local LAN. The VM address must be unique on the LAN, outside of the DHCP assignment range. If you intend to use docker, static IP addresses must be assigned above the DHCP assignment range, since docker assigns IP addresses starting at <LAN IP +1>. If two or more devices on the LAN have the same IP address, network communication will fail. Consult IP Address Numbering Plan for further information.

To determine if an IP address conflict exists, shut down all virtual machines by entering "/etc/vmachines stop" and then "ping <LAN address VM should be at>". There should be no valid ping response. If there is a valid ping response, the responding device at the LAN address or, the VM needs to be assigned a new IP address.

When the virtual machine was first configured, if it provides network services, it was assigned as static IP address on the SecureOffice LAN. If it was assigned a dynamic (DHCP) IP address, you can determine the address using command line interface from within the virtual machine, either from within VmWare Workstation, or a PuTTY session to the VM by entering "ifconfig".

The virtual machine needs bidirectional communication with SecureOffice LAN.

To test VM->SecureOffice communication, from a command prompt within the VM enter "ping <LAN address>", where "LAN address" is the base address of SecureOffice LAN, for example 192.168.10.1 (default).

To test SecureOffice->VM communication, from a command prompt within SecureOffice enter "ping <VM address>", where "VM address" is the assigned address of the VM on the LAN.

If both ping commands return a valid response, network communication with the VM is functional.

If either ping command fails, re-check the configuration in section 1.5.1 Configure Virtual Machine Network and ensure you have no VM Startup Problems.

2.2.2      Some VM Services Do Not Work

Determine the ports used by the failing service and insure they are forwarded to the correct VM IP address by the SecureOffice firewall. Follow Forward Firewall Ports instructions to do so.

Any other problems are VM specific. You will have to search the internet for "VM distribution virtual machine" where "VM distribution" is the Linux or Windows OS of the virtual machine. If using Sme-Server, consult the Sme-Server documentation, this site.

Rating 0/5
Rating: 0/5 (0 votes)
Votes are disable!
Print article
The comments are owned by the author. We aren't responsible for their content.

Technologies Used:

Design by: XOOPS UI/UX Team