by February 4, 2007 0 comments

If your organization deploys virtualization servers or is planning to do so,
one of the key challenges involved is to allocate storage for the
Virtualization Server’s Resources. These resources include Virtual hard disks,
VM Configuration Files, and so on. The biggest storage consuming components,
here, are the Virtual hard disks. As these disks contain the guest OS and
applications, size of this can be quite huge sometimes. So keeping them on some
local storage in the server is not wise as it would eat up the space rapidly.

Imagine having created 15 Virtual Machines in your Server and that you have
allocated a fixed 20 GB HDD space each for every VM. This will result in 300 GB
of storage. Additionally, you might not have good backup capability in the
server so in case your server goes down, all your VMs will also become unusable.
So, the moral of the story is that if you are planning to deploy and use
Virtualization on a production network, it is wiser to save all its resources on

Direct Hit!
Applies To:
Network managers
USP: Save disk space on MS Virtual Server by saving contents
on a NAS
Primary Link: None
Google Keywords: Constrained delegation + virtual server

But if you are using MS Virtual Server 2005, there is a catch. It doesn’t
support reading its resources from a Network Share out of the box. You have to
do some configuration at the Domain level to let this happen. The reason for
this is simple. If you create a Network Share and give full rights to everyone,
the rights allowed include only read, write and modify. But as VM resources have
mainly virtual hardware such as HDD as its components, they also require I/O
level access to the share. And these rights are not allowed in general. In this
article, we tell you how you can allow the I/O level access.

Obviously, you will require is a machine that has MS Virtual Server installed, a
fileserver or NAS where you have a share with proper read-write and execute
writes and ample disk-free space.

We assume that you have a Windows 2003 ADS running in the network and the
FileServer/NAS and Virtual Server is the member of that domain.

To enable the Virtual
Server for delegation, you have to set the option mentioned in the
screenshot above while doing a Custom install of MS VS

Step 1: To make Virtual Server capable of reading resources from the NAS,
you need to do a custom installation of Virtual Server where you have to enable
the installation option which says ‘Run the Administration Website as the
Local System account’.

Step 2: Now, go to the Domain Controller and check whether it is
configured for a Microsoft Server 2003 native domain or not. And if it is not,
you have to raise the functionality level of the domain. You can do it by first
going to Administrative Tools>Active Directory Domains and Trusts. In the
window that opens, select and right click on the entry which shows your domain
name. In the right click menu, you will see the option which says “Raise
Domain Functionality level” click on it and the level will be raised.

But the point to be noted is that this process is irreversible and once done,
you can’t change it back to the pre-Windows 2003 functionality. The only way
to reverse the action is to re-create the domain. And once this setting is done,
your Windows NT 4 or older domain controller will not be able to work properly
with this Forest. So, before proceeding, be doubly sure. 

Step 3: Now you have to set Constrained Delegation between the NAS Box
and the Virtual Server so that it can get the I/O level rights over CIFS (Common
Internet File System) protocol. To do so, again go to the Domain controller and
open ‘Active Directory Users and Computers’ here, expand the domain and then
click on the ‘Computers’ option. You will see all the computers available in
the domain including your NAS box and the Virtual Server.

Now right click on the Virtual Server and click on Properties. And if you
have properly raised the functionality of the Domain, only you will see a tab
called Delegations. Click on this tab. Now, select the ‘Trust This computer
for Delegation for Specific Services’ radio button and just below this line
you will see two more options. Here select the one which says ‘Use any
authentication protocols’.

Now click on Add and a new window will open up. Click on ‘Users and
Computers…’ button. This will open up a search window from where you can add
any machine to the list. Search for the name of your NAS box and click on OK.
This will open up a list of all the services available on the NAS. Select ‘cifs’
and click on OK. Now apply the settings and you are done with the domain level

To allow IO level access rights to the n/w share, add Delegation for CIFS protocol to the NAS for VS

Configure virtual server
Now, the easiest way to configure the Virtual server to read resources from the
shared volumes is to set the default resource and search path of the virtual
server to the shared location. This will make sure that any resource files which
MSVS builds or searches for are first done in the shared folder.

To do so, first open up the configuration Web page of Virtual Server and then
go to the ‘Server Property’ link at the bottom left corner. Next select the
Search Paths link. A new page will open up. Now fill in the UNC path (absolute
path) of the share in both the fields and press OK.

Now on, your Virtual Server will be able to read and write resource files
directly from NAS.

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.