Migrating off Vmware-Server, but where to?
    Derek Atkins 
    warlord-DPNOqEs/LNQ at public.gmane.org
       
    Fri Dec  3 09:05:33 EST 2010
    
    
  
Richard Pieri <richard.pieri-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> writes:
> On Dec 2, 2010, at 12:58 PM, Kent Borg wrote:
>> 
>> Good point. The day Larry might try to turn it off, the open source 
>> version will likely fork into its own world. It might even be viable. 
>> (How bad are the limits to the open source edition?)
>
> VirtualBox OSE lacks RDP and USB support, but it includes VNC which is not part of the closed-source version.
For my situation I don't need USB support.  I'm not sure what the
benefits are of RDP v. VNC, so I'm not sure how to choose.
> --Rich P.
Ben Eisenbraun <bene-Gk2boCrsRs1AfugRpC6u6w at public.gmane.org> writes:
> > 2. I use vmware-server's ACLs to create two non-admin classes of users:
> >    VM owner, and VM user.  A VM owner has the ability to minimally
> >    reconfigure a VM, power it up and down, etc.  A VM user has access to
> >    the VM console.  All of these users need to be able to perform these
> >    operations remotely from the VM Host, preferably without local
> >    shell/login access to the VM host (perhaps via a webapp?).
> 
> I'm not sure how to achieve this part.  I'm the creator, admin and user for
> all the VMs.  The closed source VB supports RDP to access the consoles of
> the guests and the open source version offers VNC for that functionality.
> I set up the closed source version, and it was eary to set up RDP to auth
> against LDAP/Kerberos.  phpvirtualbox has an RDP client built in.
Hmm.  But does it have a VNC client built in?  I think I'd rather use
the open source version so I don't get locked in again years down the
road.
> > 3. Users should not be able to see the existence of VMs to which they do
> >    not have access.
> 
> See in what sense?  In the management interface?  I don't believe that
> phpvirtualbox or the regular GUI have this level of ACL capability.
Well, in the vmware-server case there is only one interface.  You log
into the server webapp and you see ..  whatever you're allowed to see.
The features you're acl'ed to use show up in the menus, and those that
you can't don't.  So if you're the user of only one VM, when you login
to the webapp you only see that one VM in the list of guests you're
allowed to access.
> > 4. All remote access should be encrypted.
> 
> SSL for the HTTP bits and then you rely on RDP having built in encryption
> (which is apparently not wonderful).
What about VNC?
> > It looks like KVM is the winning hypervisor solution.  Is this correct?
> > What interfaces exist out there on top of KVM?  I've heard of "libvert"
> > but have not seen what actual UIs exist.  Are there other solutions?
> 
> It's libvirt, and it is the GUI.  Red Hat has a sponsored project called
> oVirt to offer a web interface to manage KVM farms.  I'm not sure how
> complete it is right now.
oVirt looks like it's a bit overkill for my situation, although in the
long long term it does look close to what I'd want.  If I was running a
virtualization farm then yes, oVirt would be great.  But for my
situation, where I just have one big machine, I'm not sure oVirt would
work.
For one thing, it seems to expect at least two physical machines.  One
machine with lots and lots of disk (to run iSCSI) and the management
system, and then another machine with lots and lots of CPU/RAM, to run
the managed host where it runs the guests.  It seems to want to run its
own mini-distro on the managed host.  I'm not sure about the management
system.  In my case this is all one physical machine, and I don't know
if I could really shoehorn it into working for me.  But if I do grow my
VM network it does look ideal.
Oh, one other requirement which wasn't explicit: this is a server
system, so VMs need to be able to start up automatically in the case of
a hardware restart.  This means I couldn't use something like
vmware-workstation, which is a pure desktop GUI.  I need something
that's meant to run on a headless server (even if, technically, the
system it's running on does have a console).
Thanks,
-derek
-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord-DPNOqEs/LNQ at public.gmane.org                        PGP key available
    
    
More information about the Discuss
mailing list