Deploying a VMM 2008 Self-Service Portal
|Previous||Table of Contents|
|Understanding and Configuring VMM 2008 User Roles|
A VMM 2008 Self-Service Portal is a web site on which authorized users are able to manage existing virtual machines and also create new virtual machines based on pre-configured templates.
Self-Service Portals may be installed on any server within the domain, including servers running the VMM Server component, but excluding the domain controller.
This chapter of VMM 2008 Essentials will cover the installation, configuration and management of a VMM 2008 Self-Service Portal.
Installing the VMM 2008 Self-Service Portal
The VMM 2008 Self-Service Portal is supported on all editions of Windows Server 2008 and Windows Server 2003 SP2. Amongst the requirements for the Self-Service Portal are the Internet Information Service 6.0 (IIS) feature which must be installed prior to installing the portal. In addition, on Windows Server 2008 systems the IIS 6 Metabase Compatibility and IIS 6 WMI Compatibility roles must also be installed prior to installing the portal.
As with the other VMM components, the Self-Service Portal is installed using the VMM 2008 setup wizard which can be launched either from the VMM 2008 installation media, or the trial download. Once Setup is running, click on the VMM Self-Service Portal option and wait while some temporary files are copied. Read and accept the licensing terms and conditions, make a Windows Experience Improvement Program selection if prompted to do so, and run the prerequisites check. If any problems are reported by the check, resolve the issues and re-run the check until it passes successfully. Any problems will be accompanied by step-by-step instructions on how to resolve the corresponding issue.
Once the prerequisites check has passed, select a destination folder into which the files should be installed, or use the default location provided. The next screen provides the option to configure the following Web Server settings:
- Virtual Machine Manager Server - The fully qualified domain name of the system running the VMM Server to which the Self-Service Portal will connect to manage virtual machines on behalf of portal users.
- TCP port for communication with the server - The TCP port to be used by the portal when communicating with the VMM Server. The default value of 8100 should not be changed unless the VMM Server was specifically configured to use an alternate port.
- TCP port for the Self-Service Portal - The port by which users will connect to the Self-Service Portal via their web browsers. The default of port 80 will avoid the necessity for users to specifically enter a port number along with the portal URL but may conflict with other web sites served by the web server. If this is the case, specify another port, or use a host header (see below).
- Host header required for portal access - Host headers allow more than one web site to share a single IP address and web server. If the VMM Self-Service Portal is sharing the web server with other web sites, the host header which distinguishes traffic for the portal from traffic for the other web sites must be specified here.
Once the installation is complete, the next step is to configure a Self-Service User Role and add portal users as members of that role.
Creating a Self-Service Portal User Role
Before users are able to access a VMM Self-Service Portal they must first be added as members of a Self-Service User Role (for more details of VMM user Roles refer to the chapter of this book entitled Understanding and Configuring VMM 2008 User Roles). User roles are configured from the VMM Administration Console (see A Guided Tour of the VMM Administrator Console for details on how to launch this console).
Once the console is running and connected to the appropriate VMM Server, select the Administration view by clicking on Administration in the view pane located in the bottom left hand corner of the console window. With this view selected, click on the User Roles item in the Administration pane in the top left hand corner. Doing so will display the current list of configured user roles as illustrated in the following figure:
A new Self-Service User role is created by clicking on the New user role link located in the lower section of the Actions pane. This selection will display the Create User Role wizard as shown in the following figure:
The wizard's initial screen requires a name for the new role, an optional description and the type of role (Delegated Administrator or Self-Service User). Select Self-Service User and click Next to proceed. The next screen allows the list of members of the role to be defined (new members may be added and existing members removed after the role has been created by following steps outlined later in this chapter). Click the Add... button to display the Windows Server 2008 Select Users, Computers or Groups dialog.
Identify the users to be added to the role, separating multiple names with semi-colons if necessary and click Check Names to validate the existence of those users. Click OK to add the users to the role and click Next to proceed to the Select Scope screen. On this screen, select the hosts for which members of this new role are to have permission, followed by the Next button.
The Virtual Machine Permissions screen shown below controls the actions members of the role are able to perform on virtual machines.
Deselect any permissions that are not to be granted to members of the role and click Next to proceed to the Virtual Machine Creation settings screen. Self-Service Portal users are only allowed to create new virtual machines if the Allow users to create virtual machines option on this screen is selected. If selected, users are then only able to create virtual machines from specific templates which are added here. If no templates are specified, users will be unable to create new virtual machines. Detailed information on the creation of virtual machine templates is provided in the Creating and Managing VMM 2008 Virtual Machine Templates chapter of this book:
The Virtual Machine Permissions screen also allows a quota point limit to be specified. There is not necessarily a one to one correlation between virtual machines and quota points (although by default VMM does assign one quota point to a virtual machine template). The number of quota points assigned to a virtual machine may be modified by selecting the template, clicking on Properties and selecting the Settings tab.
The number of quota points which should be assigned to a virtual machine created from a template will depend on the hardware resources configured for that template. A template containing a hardware configuration with large memory and CPU resource requirements, for example, is likely to be assigned a higher number of quota points in order limit the number of virtual machine instances that can be created through the Self-Service Portal. Once the specified quota limit is reached for the Self-Service User role, additional virtual machines cannot be created until enough virtual machines belonging to the user role are shut down to free up the number of quota points required by the new virtual machine.
Clicking Next proceeds to the Library Share screen where the library shares to which members of the role are allowed to store virtual machines is displayed. To prevent users from storing virtual machines in a library, deselect the Allow users to store virtual machines in a library option.
Finally, click Next, review the Summary screen and click Create to create the new Self-Service User role. Once the new role has been created, the users should now be able to access the Self-Service Portal.
Accessing a VMM Self-Service Portal
The Self-Service Portal may be accessed by members of a Self-Service User Role using a web browser. The URL used is a combination of the name or IP address of the server hosting the portal and the TCP port number specified during the VMM Self-Service Portal installation. For example, to access a portal on a server called winserver-2 using TCP port 8080, the following URL would be used:
When a browser connects to the portal, the following login screen appears requesting the credentials of an authorized user:
Once valid credentials have been entered, the Self-Service Portal main page will appear.
Managing Virtual Machines using the VMM Self-Service Portal
Once a member of a Self-Service user role has logged into a Self-Service Portal, the main screen appears listing all currently available virtual machines as shown in the following figure:
The actions that the user is able to perform on the virtual machines are dependent on the permissions assigned to the user role. For example, if permission to shut down virtual machines was denied to the user role this option will not be available to role members within the portal.
In the case of running virtual machines, a connection may be established to the virtual machine's desktop by selecting the machine from the list and selecting the Connect to VM link in the Actions pane. Once selected, a Remote Control Session browser window will appear containing the desktop of the selected virtual machine:
Creating New Virtual Machines using the VMM Self-Service portal
As previously discussed, Self-Service User Role members may create new virtual machines from within the Self-Service Portal only if the role has permission to do so and templates have been configured for use by the role's members. Assuming these criteria have been met, a new virtual machine is created by clicking on the New Computer link located under Create on the right hand side of the portal web page. Once this selection has been made, a new browser window containing the New Virtual Machine web page will appear as illustrated below:
To create a virtual machine, select a template from the list provided (if none are listed then templates will need to be added to the user role from within the VMM Administrator console). Once a template has been selected, enter a name for the new virtual machine, a computer name for the guest operating system and an administrator password. Clicking the Create button will begin the virtual machine creation process.