Table_of_Contents
1 About SecureOffice VmWare WorkStation
1.1 Economic Advantages of VmWare Workstation
1.2 Security Advantages of Using VmWare Workstation
1.3 Preparation Before Installing VmWare Workstation
1.3.1 Install VmWare Workstation on PC
1.3.2 Choose Services to Host
1.3.3 Choose VM OS and Distribution
1.3.4 Convert Existing PC to Virtual Machine
1.3.5 Create VM Directory on SecureOffice
1.3.6 Insufficient Disk Space for VM
1.3.7 Copy Virtual Machine to SecureOffice
1.4 Install SecureOffice VmWare Workstation
1.5 Configure SecureOffice VmWare Workstation
1.5.1 Configure Virtual Machine Network
1.5.2 Install VmWare Tools on Virtual Machine
1.5.1 Share Host PC Folders With VM
2 Troubleshooting Virtual Machines
2.1.1 Licensing Problems
2.1.2 Vmware Kernel Module Problems
2.1.3 Virtual Machine Will Not Start
2.2.1 Basic VM Connectivity
2.2.2 Some VM Services Do Not Work
List of Figures
Figure 1: Manage Virtual Machines
Figure 2: Unconfigured Virtual Machine Entry
Figure 3: Configured Virtual Machine Entry
Figure 4: Xorg GUI
Figure 5: VmWare Workstation Home
Figure 6: VmWare Network Editor
Figure 7: VmWare Tools ISO Image
Figure 8: VmWare Add Shared Folder
Figure 9: VmWare Services Started
Figure 10: VmWare Network Editor
VmWare Workstation is a premium (licensed, $) SecureOffice application which allows you to host multiple virtual machines which are virtual computers running any operating system and distribution you choose such as Linux or Windows.
SecureOffice VmWare Workstation is a port of VmWare Workstation so it can run on SecureOffice. Apart from the cost of VmWare Workstation for SecureOffice, VmWare Workstation is free to use for non-commercial users. Commercial users (to be in Vmware license compliance) must have or purchase a copy of Vmware Workstation Pro, described here.
Virtual machine hosting allows you to meet the following needs, for various usage scenarios:
VmWare Workstation running virtual machines(s) is far less expensive than using dedicated PC's to host services.
Consolidate and move your legacy servers from multiple high-power consuming PC's to low power SecureOffice hardware.
Running your applications under virtual machines means that when the underlying hardware becomes obsolete and needs to be replaced; your legacy applications can run on modern hardware under virtual machines, with no changes.
No modern computer will run Windows XP or Windows 98 without a lot of work, finding and installing drivers (many will not exist). Running Windows XP and 98 is supported by VmWare Workstation.
If you in a situation where high investments have been made in applications that run on obsolete hardware, without using virtual machines, this investment becomes a dead loss and the applications must be re-developed to use modern hardware and operating systems.
Third parties hosting your information are far more likely to comply with secret demands for your private information than you are.
SecureOffice / VmWare Workstation is a compact, self-contained portable information hosting solution. If you are one step ahead of your predators, you, SecureOffice and your bug out bag can "cut and run", without losing or leaving valuable information behind. Within minutes, you can be anonymous, in an internet cafe hosting internet services for your fellow "conspirators" (peaceful cooperation for mutual self-interest) over VPN, untraceable.
Come the collapse, many internet service providers will be down and, the internet will no longer be global. Under these conditions, the prepared can set up local pockets of information civilization for their communities, such as news and communications.
Using mesh networking, a neighborhood watch network of IP cameras can be set up to "keep an eye on the perps".
To maximize usage time for trial licenses, it is recommended that requirements be prepared in advance, since they will take time. The following are required:
Prior to installing any virtual machines on SecureOffice, it is recommended to first get the virtual machine running on your PC.
Download free VmWare Workstation.
Install VmWare workstation on your PC. Additional installation instructions are located here.
Since the target market of SecureOffice is small business, professional consultants and Single Operator Home Office (SOHO) applications, it is assumed that web site hosting, email services and file hosting is a basic requirement. Users will have to determine additional requirements and how to implement them.
VmWare Workstation can run any x86 Microsoft OS from DOS and Windows 98 to current distributions.
VmWare Workstation can run any x86 Linux distribution.
It is assumed that Sme-Server (recommended) virtual machine will be installed and configured for SecureOffice / VmWare Workstation. SecureOffice can run multiple virtual machines, limited only by RAM, disk space and hardware performance.
If a Sme-Server virtual machine is chosen for initial SecureOffice installation, the same virtual machine can be used for services hosting. This avoids creating separate virtual machines for installation and hosting.
VmWare Workstation needs to be installed on your local PC and a Sme-Server virtual machine created and configured. Instructions for doing so are in the Sme-Server Virtual Machine section.
If another operating system and distribution is preferred over Sme-Server, the virtual machine installation and configuration will be similar to Sme-Server. Exact installation steps can be found on the internet for various virtual machine distributions.
SecureOffice instructions may exist for other virtual machines. Check (this site) HowTo->Virtual Machines.
If you already have a legacy Linux / Windows PC that you wish to make into a virtual machine, to run under SecureOffice / VmWare Workstation, VmWare has a free tool to do this. Download a free copy of vCenter Converter, install it on the machine you wish to convert and follow the instructions available at the download link.
VmWare is not the only alternative for conversion. Other alternatives are discussed here. Searching the internet for your exact requirements will narrow the possibilities.
After your virtual machine has been created, configured and, optionally, services such as web hosting and email tested, it is ready to be hosted by SecureOffice / VmWare Workstation.
Perform the following steps:
If there is sufficient free space to contain the virtual machine disk size chosen at VM creation, plus several gigabytes of headroom, plus storage space required for other applications such as docker containers, create the virtual machine installation directory by entering the following command: "mkdir -p /home/data/Vmware/<Your_VM_Name>" and proceed to the copy virtual machine section.
Insufficient disk space means that the recommendations in the SecureOffice storage prerequisites section were not considered or your requirements have changed and, you need to increase the size of the disk, or add another disk. For performance reasons, it is strongly recommended to not use a USB connected disk. It will work, but will be slow, compared to internal mSATA or SATA disks.
To add more disk space, there are three options:
Using WinSCP, login to SecureOffice. Ensure that the WinScp transfer method is set to "Binary", else WinScp will convert from Windows to Linux line-endings, corupting the virtual machine. Navigate to the source directory containing your virtual machine (left pane, on PC). Navigate to the virtual machines destination directory previously created (right pane, SecureOffice). Select the directory containing your virtual machine and drag it to the target directory on SecureOffice. You are now ready to install the SecureOffice VmWare Workstation application.
Now that a virtual machine has been created and copied to the SecureOffice filesystem, SecureOffice VmWare Workstation can be installed and configured.
Follow the steps in Install Premium Content, selecting VmWare Workstation as the application.
Prior to proceeding, using a monitor connected to the SecureOffice video port, confirm that Xorg (Linux GUI) and not a command prompt is displayed. If Xorg is not running, use a new PuTTY session to login to SecureOffice, which should start the Xorg GUI.
During configuration, if behavior is unexpected (not according to this documentation), follow the instructions in TroubleShooting Virtual Machines.
Using the SecureOffice web GUI, navigate to "Services->Virtual Machines", The "Manage Virtual Machines" page will display, as shown below.
Figure 1: Manage Virtual Machines
In the text field, left of "Add", enter a name for your virtual machine. Press "Add". An entry for your new virtual machine will display, as shown below.
Figure 2: Unconfigured Virtual Machine Entry
Enter a decscription for your new VM, plus the full path to the vmware "vmx" file, for example "/home/data/Vmware/SmeServer-9.2/SmeServer-9.2.vmx".
The "Vmware Tools Installed" checkbox depends on whether or not VmWare Tools has been installed on the VM. Installation of VmWare Tools in a VM enables extra commands for VM remote control which are not used by SecureOffice VmWare Workstation. Users wanting to use additional VM control should consult the vmrun command reference.
The "Enabled" checkbox determines whether the virtual machine starts at boot.
The "Use GUI" checkbox determines whether the virtual machine runs headless (does not appear on console Xorg display) or, does have a display. "Use GUI" is recommended, since it allows Xorg console access to the virtual machine when the network is down and SSH console is not possible.
Select preferred options, then click "Save&Apply"
A fully configured VM entry is shown below.
Figure 3: Configured Virtual Machine Entry
As many virtual machines as desired can be added, limited by memory, storage space and SecureOffice hardware performance.
Connect a monitor to the SecureOffice video port (VGA or HDMI). Connect a keyboard and mouse to SecureOffice. If there is no display, you will have to reboot SecureOffice to detect the monitor.
In the Xorg GUI, if VmWare Workstation is not running, right click anywhere and select "lxterminal" to start a console session. Within the console, enter "/etc/vmachines start". The virtual machine(s) that were previously configured should start. A screenshot (using NoMachine remote access) of the Xorg GUI logged into Sme-Server and Lxterminal (multi-tabbed console) is shown below.
Figure 4: Xorg GUI
If the virtual machine(s) do not start (takes some time), right click anywhere in the Xorg GUI and select "VmWare->VmWare Workstation". The VmWare Workstation main window, like below (for your virtual machine) will appear.
Figure 5: VmWare Workstation Home
Select "Open a Virtual Machine", navigate to where you installed your virtual machine and select the "vmx" file of your virtual machine and click "Open". Then click "Play virtual machine". The virtual machine should start.
In the Xorg GUI, right click anywhere and select "VmWare->Net Configuration". The virtual network editor window should appear, as below:
Figure 6:VmWare Network Editor
For the "vmnet0" settings, insure that "Bridged" is selected and select "Bridge To" "br-lan". Click "Save". This configures your virtual machine to use the SecureOffice LAN interface for its network.
In the VmWare Workstation window, right click on the network icon, select "Disconnect" and then, "Connect". The network icon should not have a red "x". If it does, the network configuration settings for your virtual machine need to be verified.
The VM LAN address can be determined logging into the VM console and entering "ifconfig" from within the virtual machine console. Communication with the host PC can be verified by entering "ping <SecureOffice LAN address>".
To confirm your network settings, using lxterminal, enter "ping <LAN address of your VM>". A response means that connectivity is established.
VmWare Tools enhances the functionality and performance of virtual machines and host interaction. For example, without VmWare Tools, shared directories between the host PC (SecureOffice) and the VM may not function (OS distribution specific). Some distribution such as Ubuntu use package "open-vm-tools" and do not require VmWare Tools. Check OS vm tools requirements before installing either package.
If the virtual machine is running, stop it by entering "shutdown now" at a command prompt. It may also be necessary to use "Virtual Machine->Power->Power Off Guest".
Start VmWare Workstation, select but do not start the virtual machine. Navigate to Virtual Machine->Virtual Machine Settings and select "CD/DVD". The VM settings window will display:
Figure 7:VmWare Tools ISO Image
Select "Connect at power on", "Use ISO image". Change the path of the ISO image (VmWare host dependent) to wherever file "linux.iso" is. For Vmware Workstation running on SecureOffice, the path is: "/usr/lib/vmware/isoimages/linux.iso" as shown above. Click "Save".
Start the virtual machine and use a SSH client (PuTTY) for console access.
Sme-Server only: The default installation of Sme-Server is missing packages "fuse.x86_64" and "fuse-libs" required by VmWare Tools. They must be installed prior to installing VmWare Tools. At a command prompt (SSH session recommended) within the VM, enter "yum install fuse.x86_64 fuse-libs" and follow the prompts.
To install VmWare Tools, follow these steps.
Shared folder support is required for SecureOffice and VM's to share SSL certificates, so when certificates are updated (ideally, automatically by LetsEncrypt), the updated certificates are immediately available for the VM's and any secure (https) websites they host.
Shared folders are also useful as a mechanism for transferring files between SecureOffice and virtual machines.
This step must be performed after the VM is installed and running on SecureOffice, since the correct paths will not exist on your PC.
To enable a shared folder, using the SecureOffice VmWare player GUI (SecureOffice Xorg console), navigate to "Player->Manage->Virtual Machine Settings->Options->Shared Folders". Select "Always Enabled" and press "Add". The "Add Shared Folder" window will appear as shown below.
Figure 8:VmWare Add Shared Folder
Enter the "Host Path" (depends on host PC) and "Name" as shown above, press "Next". The shared directory will be "/tmp" on SecureOffice and "/mnt/hgfs/Temp" within the VM. This directory will be used for file transfer between SecureOffice and the VM.
If the VM requires SSL certificates (Sme-Server does), press "Add" again. Enter "/etc/ssl/domains" as the "Host Path". Enter "domains" as the "Name", press "Next". The shared directory will be "/etc/ssl/domains" on SecureOffice and "/mnt/hgfs/domains" within your VM. This directory is used for sharing SecureOffice SSL certificates with the virtual machine.
The scope of this section is insuring that VmWare Workstation successfully starts the virtual machine, network connectivity is established and the ports required for VM public internet services are forwarded on SecureOffice firewall. Any other problems are internal to the VM and require consulting the documentation for the specific OS and distribution of the VM, such as Sme-Server.
Symptoms: VmWare Workstation will not start virtual machine.
Causes: Licensing issues, vmware kernel modules not loaded, faulty virtual machine
Follow the steps in the following sections, in order, to isolate and fix problems.
Reveiw the steps in Diagnosing Licensing_Failures, to determine if VmWare Workstation is able to connect to the license server and has a valid license. Do not proceed until all licensing issues are resolved.
VmWare Workstation requires several VmWare kernel modules / services to be loaded in order to function.
To determine if the vmware modules are loaded, enter "lsmod | grep vm". The result should contain at least "vmmon", and "vmnet". No response indicates VmWare services are not enabled and started or an issue with VmWare modules.
To enable and start vmware services enter "/etc/init.d/vmwared enable; /etc/init.d/vmwared restart". If successful, you will see output similar to below.
Figure 9: VmWare Services Started
If any of the services in Figure 9 have status "failed", you will have to look at the newest versions of the following VmWare logfiles where "X" is an instance number to further diagnose the problem:
If the above logfiles are unhelpful, you will have to search the Vmware knowledge database , selecting "Vmware Player" as the product and "kernel modules" as search term for further information regarding diagnosis and possible fixes for the modules which fail to load.
It is not expected that users will run into VmWare module problems apart from the vmwared service not being enabled and running. If all else fails, collect information regarding symptoms and what has been tried and post to the SecureOffice support forum.
Do not proceed until all problems in this area have been resolved and the result of starting VmWare services is according to Figure 9.
Ensure that the virtual machine will start using Windows Vmware Workstation (copy VM back to windows, if using PuTTY, be sure to select "Binary" file transfer) to eliminate a corrupt VM as a possibility. Not selecting "Binary" transfer mode during initial VM copy to the target host may be the issue.
VmWare Workstation maintains a logfile for individual virtual machines (vmware-X.log) in the virtual machine install directory (where the VM "vmx" file is located). Consult the logfile to determine and fix any problems.
Another issue which may prevent virtual machines from starting is IP address conflicts between (VmWare generated) "vmnet1" and "vmnet8" networks which are used for communication between virtual machines. Either alter the subnet addresses or, delete these networks if not required.
To do so, right click anywhere in the Xorg GUI, select "VmWare->Net Configuration". The VmWare network editor will appear, as shown below:
Figure 10: VmWare Network Editor
If the VM logfile is unhelpful, you will have to search the VmWare knowledge database, selecting "Vmware Player" as the product and "won't start VM" as the search term.
Another option is to search the internet for "VM distribution virtual machine" where "VM distribution" is the Linux or Windows OS of the virtual machine.
If the VM is to provide public internet services, it must be configured with a static IP address on the SecureOffice local LAN. The VM address must be unique on the LAN, outside of the DHCP assignment range. If you intend to use docker, static IP addresses must be assigned above the DHCP assignment range, since docker assigns IP addresses starting at <LAN IP +1>. If two or more devices on the LAN have the same IP address, network communication will fail. Consult IP Address Numbering Plan for further information.
To determine if an IP address conflict exists, shut down all virtual machines by entering "/etc/vmachines stop" and then "ping <LAN address VM should be at>". There should be no valid ping response. If there is a valid ping response, the responding device at the LAN address or, the VM needs to be assigned a new IP address.
When the virtual machine was first configured, if it provides network services, it was assigned as static IP address on the SecureOffice LAN. If it was assigned a dynamic (DHCP) IP address, you can determine the address using command line interface from within the virtual machine, either from within VmWare Workstation, or a PuTTY session to the VM by entering "ifconfig".
The virtual machine needs bidirectional communication with SecureOffice LAN.
To test VM->SecureOffice communication, from a command prompt within the VM enter "ping <LAN address>", where "LAN address" is the base address of SecureOffice LAN, for example 192.168.10.1 (default).
To test SecureOffice->VM communication, from a command prompt within SecureOffice enter "ping <VM address>", where "VM address" is the assigned address of the VM on the LAN.
If both ping commands return a valid response, network communication with the VM is functional.
If either ping command fails, re-check the configuration in section 1.5.1 Configure Virtual Machine Network and ensure you have no VM Startup Problems.
Determine the ports used by the failing service and insure they are forwarded to the correct VM IP address by the SecureOffice firewall. Follow Forward Firewall Ports instructions to do so.
Any other problems are VM specific. You will have to search the internet for "VM distribution virtual machine" where "VM distribution" is the Linux or Windows OS of the virtual machine. If using Sme-Server, consult the Sme-Server documentation, this site.
|
Technologies Used: