LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Virtualization and Cloud (http://www.linuxquestions.org/questions/linux-virtualization-and-cloud-90/)
-   -   Virtualizing complex Windows environment under Linux QEMU (http://www.linuxquestions.org/questions/linux-virtualization-and-cloud-90/virtualizing-complex-windows-environment-under-linux-qemu-4175418378/)

Nick_C 07-24-2012 06:00 AM

Virtualizing complex Windows environment under Linux QEMU
 
Having a bit of trouble visualising how user authentication could work in the following senario:
  • Workstation virtualization - this is all on the same machine
  • Linux KVM/QEMU as the virtualization host partition
  • VM1 - Win 2008 R2 - Active Directory server
  • VM2 - Win 7 workstations, various
The Win 7 workstations can be started up after the Active Directory server so they can be joined to the domain. Now I am guessing that the Linux Host cannot be part of the Windows Domain because it starts up before the Active Directory server.

There are going to be some NTFS partitions which will need to be shared with the Win 7 VMs. Assume this will be done from the Linux Host using NTFS-3g to access them and Samba Server to make them accessible to the Windows clients.

Question is how user account authentication could work under this senario. Clearly what I want is for the user accounts to be authenticated against the Active Directory Server but how can we do that if the Linux Host is not part of the ADS?

acid_kewpie 07-24-2012 06:46 AM

It could be in the domain I guess, but it's really not common. You can use LDAP access to AD if you wish to provide access as well, usually after installing the schemas for unix on AD. In my experience a virtualisation host would have no reason to be in any domain context. It should be doing NOTHING other than running VM related activities, and I think you're at risk of making things more complicated than they should be.

Nick_C 07-24-2012 06:55 AM

Quote:

Originally Posted by acid_kewpie (Post 4736677)
It could be in the domain I guess, but it's really not common. You can use LDAP access to AD if you wish to provide access as well, usually after installing the schemas for unix on AD. In my experience a virtualisation host would have no reason to be in any domain context. It should be doing NOTHING other than running VM related activities, and I think you're at risk of making things more complicated than they should be.

Hi Chris,

Yes, I would prefer it if the VM Host did nothing other than running VMs, that would be ideal. Problem is I can't see how the Active Directory Server could get access to the other physical NTFS partitions on the host machine to serve them out to the Win 7 clients. What I need is some sort of disk partition pass-through but I don't think anything like that exists at the moment.

Nick

acid_kewpie 07-24-2012 07:00 AM

disk pass through? The VM's don't need to have a clue that they are virtualized at all. It shouldn't interfere. Each drive would be a vm image, or a san mount etc. Why would there be conventional physical NTFS partitions??

Nick_C 07-24-2012 09:45 AM

Probably because creating a file share on a Physical volume is the only way I know of making that volume available inside a VM.

> Each drive would be a vm image, or a san mount etc

Problem is I occasionally need to boot to a different OS and access these drives as physical NTFS volumes. Therefore I wouldn't really want to convert those partitions to vm images. Don't know about the SAN mount option though, not sure how that works. Could I somehow have the Linux VMHost making these NTFS voulmes available as SAN disks and then have the Win ADS connect to those and share them normally to the Win 7 clients.

Nick

jefro 07-24-2012 11:40 AM

Are you trying to boot to some partition and also then run it as a VM?


As stated above. A vm is to be treated just as if it were a real computer. All the rules apply. You don't need to start up the server first to use windows 7. You have to cache credentials or use a local logon or apply the ldap to the linux.

Nick_C 07-24-2012 02:19 PM

Perhaps I didn't explain fully:

Multi-boot server Win2k3/Win2k8/Hyper-V/soon to be installed Linux VM host. Also has a couple of disk drives with a number of NTFS partitions which are used by each of the different OSs.

Problem is how to make these NTFS partitions available to the Active Directort Server VM hosted within the Linux partition.

jefro 07-24-2012 02:37 PM

You make a directory or partition available by either or both of two means. One is to use the VM's ability to access partitions. Each VM has some way to integrate a local resource to the vm.

The other way is to use the partition just as any remote resource can be used. You mount it by some means in the host and then use network to access. Windows could share the resource by nfs, cifs/samba. ftp, tftp or webdav or other such as iscsi and more.

dyasny 07-24-2012 03:54 PM

ok, before you get into the technicalities, are you sure a single host will pull off the windows infrastructure servers as well as a set of VMs? This setup looks a lot like a typical VDI solution to me, so if that's really the case, I would suggest you look at some more advanced solutions instead.

In any case, you can script the AD server to start up first, poll it for it's services to come up (for example use dig in a loop until it's DNS replies), and after that kick off the start of the desktop VMs.

Nick_C 07-26-2012 08:54 AM

Quote:

Originally Posted by jefro (Post 4736997)
One is to use the VM's ability to access partitions.

but I'm sure last time I tried this only a whole disk drive, not just each single partition could be shared in Virtual Machine Manager.

Quote:

Originally Posted by jefro (Post 4736997)
The other way is to use the partition just as any remote resource can be used. You mount it by some means in the host and then use network to access

So does this mean using NTFS-3g then Samba to share there partitions. If so how can this work if the Linux VMHost cannot be part of the Windows domain? Alternatively is there some iSCSI way of doing this, I haven't tried out iSCSI yet so don't know what its capabilities are, for example can it make available an NTFS partition or does it again require the whole disk?


All times are GMT -5. The time now is 01:19 AM.