Goal:cLearn how to access VMware virtual machine using VMWare server management console.
- Learn how to configure a LVS cluster using a set of VMware virtual machines.
- Learn how to secure a web site using client digital certificate.
Assignment
Date: 4/3/2006
Due Day: 4/20/2006
Related documents:
Description:
Part1 . LVS configuration.
- A customized Fedora Core 5 Test 3 VMWare virtual machine was set up on windom for you. The virtual machine has <login>fc5t3 as its ID and use your SID as the root password. It does not allow remote root access with ssh. An account with your CS login with your SID as password was created on this virtual machine. Once you find out the IP address allocated to the virtual machine using ifconfig etho command. You can access the machine using ssh with that account.
- Note that this virtual machine is for your cs526 lab exercises. Do not use it for other purpose unless you obtain approval.
- You can remote access your virtual machine using VMware management console.
- At school, you can use the VMware management console on those 5 pcs facing the wall to EN143 or Windom (a Dell Optiplex 680 workstation in EN149 to the right EN143 door)
- On Windom, login in as a CS Unix machine user and type in "vmware-console" as command as select local machine as option. Select the virtual machine with <login>fc5t3.
- On the five PCs faciing the wall to EN143, just click on the WMware server icon and it will prompt you to enter the machine (in our case choose windom), and CS login and passwrod to access the virtual machine lists on windom server. Select the virtual machine with <login>fc5t3.
- At home, you can download the VMWare management console as one of the software modules in VMware Server beta package http://www.vmware.com/programs/8/serverbeta.do. Just register as a user and download VMware Server Windows client package or download VMware Server Linux client package.
- For window client, there are three software packages in the zip file (21.4MB).
Install COM and Perl scripting API modules first.
- Windows VMware Server Console (.exe)
- COM scripting API for Windows (.exe)
- Perl scripting API for Windows (.exe)
- click on your virtual machine <login>fc5t3 and select the Start this virtual machine or the play green button.
- Note that the current system is configured for any legitimate user to view and share editing the same virtual machine. Therefore your classmates and me can be watching every move you did on your virtual machines! The screen images are synchronzied.
- Once you login to FC5t3, you verify you can ping cs.uccs.edu with NAT. If not, try "service network restart" and see if your dhcp client gets IP address from the dhcpd of the vmnet emulator. Use "yum update mod_ssl" so that you have ssl.conf on your /etc/httpd/conf.d directory for setting up secure web site.
-
X in 192.168.x.0/24
Designated subnets no. |
Name |
2 |
Baswell, Michael Gary |
3 |
Cook, Jason Fredrick |
4 |
Dasaraju, Sireesha |
5 |
Gandhi, Chirag Shrikant |
6 |
Gerschefske, Michael Scott |
7 |
Gray, Justin Matthew |
8 |
Khaleel, Osama Mohammad |
9 |
Lefevers, John William |
10 |
Leung, Ming Kit |
11 |
Marquez, Patricia Carmen |
12 |
Opferman, Nicole Alisha |
13 |
Patwa, Ankur Maheshbhai |
14 |
Shenoy, Dinesh Tekate |
15 |
Sterling, Nicholas Van |
16 |
Summers, Sarah Ann |
17 |
Yoo, James Hyoyun |
- Before you run the virtual machine, make sure you login using ssh to windom and cd to "/opt/vmware/cs526class/<login> directory
- There you will find two directories. xpup contains virtual machine files for your xp client machine. Under fc5cluster, there are four directories contains those for virtual machines of your lvs cluster (fc5t3/director, rs1, rs2, and rs30.
- You should go to each of these directory and edit the configuration file, with .vmx extension.
- Only change the displayname attribute. For example replace "chowrs1" with "jfcookrs1" if your login is jfcook.
- From home, you need to first connect to uccsvpn (voyager.uccs.edu) before running the vmware server client console. This is due to the windom machine only accepts connection from machines with 128.198.0.0/16 UCCS network address.
- After you change the displayname, from the vmware server console you can open the virtual machine, and select "browser" to pick the virtual machine in vmware/cs526class/<login> directory to start. The unique display name allows server to identify the virtual machines.
- Try to configure your machines with the 3rd bytes of their IP address to have the above assigned value, therefore we will not collide with each other when running simultaneously.
- For example, Jeff Cook's fc5t3 director machine will have 192.168.3.1 and 10.0.3.1 as the IP addresses for its eth2 and eth1 interfaces.
- For each machines in the cluster, you modify the ip address using ifconfig and change the password.
- On your fc5t3 lvs director, you need to edit the natwrr.sh shell script to configure the lvs nat cluster. You need to change the VIP address from 128.198.61.61 to 10.0.X.1 and change the IP addresses of the three real servers. Once it is modified, run the script with "./natwrr.sh" command
- On the xpup machine, you can go the network connetion panel to change the IP address and gateway address to 10.0.x.10 and 10.0.x.1 accordingly. You can then use its browser to access lvs classter by entering "http://10.0.x.1/" Here x is your assigned subnet number. By clicking the reload button of the browser, you can observe how different real serers are used to serve the request based on the configured scheduling discipline.
- Take a screenshot of the web browser access the lvs cluster. Save it in your cs526 web site.
- I encourage you to try different weight for natwrr.sh and also modified natwlc.sh to use the weighted least connection scheduling.
- Leave the lvs cluster configured with weight least connection scheduling.
- Alway suspend the machine after you are done with your experiment, since we only have 4GB (not much) memory.
- When you are done with your experiment, email me the screendump of the web browser with access of the web cluster, your the weights you used for wls, and the answer of the following question.
- Question A: In what cases wlc perform better than wrr? Describe a simple case that highlights that.
Part 2 (optional/recmmended): Secure Web Access Using Client Digital Certificate (strongly encourage those who did not go through this)
- Follow the step in http://cs.uccs.edu/~cs526/secureWebAccess/secureWebAccess.htm to create server certificate and personal digital certifiate, and set up the apache web server with secure certificate-based access.