Advertisment

Virtualization the NAS Way

author-image
PCQ Bureau
New Update

If your organization deploys virtualization servers or is planning to do so,

one of the key challenges involved is to allocate storage for the



Virtualization Server's Resources. These resources include Virtual hard disks,
VM Configuration Files, and so on. The biggest storage consuming components,

here, are the Virtual hard disks. As these disks contain the guest OS and

applications, size of this can be quite huge sometimes. So keeping them on some

local storage in the server is not wise as it would eat up the space rapidly.

Advertisment

Imagine having created 15 Virtual Machines in your Server and that you have

allocated a fixed 20 GB HDD space each for every VM. This will result in 300 GB

of storage. Additionally, you might not have good backup capability in the

server so in case your server goes down, all your VMs will also become unusable.

So, the moral of the story is that if you are planning to deploy and use

Virtualization on a production network, it is wiser to save all its resources on

a NAS/SAN.

Direct Hit!
Applies To:

Network managers



USP: Save disk space on MS Virtual Server by saving contents
on a NAS



Primary Link: None


Google Keywords: Constrained delegation + virtual server

But if you are using MS Virtual Server 2005, there is a catch. It doesn't

support reading its resources from a Network Share out of the box. You have to

do some configuration at the Domain level to let this happen. The reason for

this is simple. If you create a Network Share and give full rights to everyone,

the rights allowed include only read, write and modify. But as VM resources have

mainly virtual hardware such as HDD as its components, they also require I/O

level access to the share. And these rights are not allowed in general. In this

article, we tell you how you can allow the I/O level access.

Advertisment

Prerequisites



Obviously, you will require is a machine that has MS Virtual Server installed, a
fileserver or NAS where you have a share with proper read-write and execute

writes and ample disk-free space.

We assume that you have a Windows 2003 ADS running in the network and the

FileServer/NAS and Virtual Server is the member of that domain.

To enable the Virtual

Server for delegation, you have to set the option mentioned in the

screenshot above while doing a Custom install of MS VS
Advertisment

Configuration



Step 1: To make Virtual Server capable of reading resources from the NAS,
you need to do a custom installation of Virtual Server where you have to enable

the installation option which says 'Run the Administration Website as the

Local System account'.

Step 2: Now, go to the Domain Controller and check whether it is

configured for a Microsoft Server 2003 native domain or not. And if it is not,

you have to raise the functionality level of the domain. You can do it by first

going to Administrative Tools>Active Directory Domains and Trusts. In the

window that opens, select and right click on the entry which shows your domain

name. In the right click menu, you will see the option which says “Raise

Domain Functionality level” click on it and the level will be raised.

But the point to be noted is that this process is irreversible and once done,

you can't change it back to the pre-Windows 2003 functionality. The only way

to reverse the action is to re-create the domain. And once this setting is done,

your Windows NT 4 or older domain controller will not be able to work properly

with this Forest. So, before proceeding, be doubly sure. 

Advertisment

Step 3: Now you have to set Constrained Delegation between the NAS Box

and the Virtual Server so that it can get the I/O level rights over CIFS (Common

Internet File System) protocol. To do so, again go to the Domain controller and

open 'Active Directory Users and Computers' here, expand the domain and then

click on the 'Computers' option. You will see all the computers available in

the domain including your NAS box and the Virtual Server.

Now right click on the Virtual Server and click on Properties. And if you

have properly raised the functionality of the Domain, only you will see a tab

called Delegations. Click on this tab. Now, select the 'Trust This computer

for Delegation for Specific Services' radio button and just below this line

you will see two more options. Here select the one which says 'Use any

authentication protocols'.

Advertisment

Now click on Add and a new window will open up. Click on 'Users and

Computers...' button. This will open up a search window from where you can add

any machine to the list. Search for the name of your NAS box and click on OK.

This will open up a list of all the services available on the NAS. Select 'cifs'

and click on OK. Now apply the settings and you are done with the domain level

configurations.

To allow IO level access rights to the n/w share, add Delegation for CIFS protocol to the NAS for VS

Configure virtual server



Now, the easiest way to configure the Virtual server to read resources from the
shared volumes is to set the default resource and search path of the virtual

server to the shared location. This will make sure that any resource files which

MSVS builds or searches for are first done in the shared folder.

To do so, first open up the configuration Web page of Virtual Server and then

go to the 'Server Property' link at the bottom left corner. Next select the

Search Paths link. A new page will open up. Now fill in the UNC path (absolute

path) of the share in both the fields and press OK.

Now on, your Virtual Server will be able to read and write resource files

directly from NAS.

Advertisment