次の方法で共有

Ins and Outs of Virtual Server 2005 Administration and IIS

  • [アーティクル]

A very common belief about Virtual Server 2005 administration is that it requires IIS to be installed, either on the host machine itself or on the remote admin machine.

My day job has me spending lots of time testing and working with the internals of IIS, and I am also an avid user of Virtual Server 2005 since its internal pre-release beta days. So, I decided to investigate the details of this common belief and shine some light on what is going on beneath the covers.

Bottom Line

  • You DO NOT need to install nor use IIS to administer Virtual Server 2005
  • You DO NOT need to be at the Virtual Server 2005 machine to administer it
  • You DO NOT even need to be a local system administrator to be able to administer Virtual Server 2005 or its Virtual Machines

Yes, Virtual Server is highly flexible when it comes to administration possibilities, even if the currently shipping administration tool does not provide it. Virtual Server administration can be decentralized, delegated, and does not even require a web server for remote access. I know because I wrote a commandline tool that does this. :-)

Overview

Virtual Server introduces a COM based Administration API that is accessible by Windows Script Host, native code, and managed code.

The API exposes everything related to Virtual Server such as:

  • Create/Manipulate/Delete Virtual Machine (VMC files)
  • Create/Manipulate/Delete Virtual Network (VNC files)
  • Create/Manipulate Virtual Harddrives (VHD files)
  • Create/Manipulate other virtual hardware/peripherals like RAM, Floppy, DVDROM, IDE/SCSI Bus, SCSI Controller, COM ports, Parallel ports
  • Transition Virtual Machine state (start/save/pause/resume/off)
  • Assign Virtual Server Security
  • Lots of other miscellaneous features like CPU throttling per VM, virtual keyboard/mice, async event callbacks, etc for the type A admin

Helpful Reference

I found this great diagram inside of Virtual Server documentation (Virtual Server Technical Reference\How Virtual Server Works\Architecture\Virtual Server architecture) that gives a high-level glance at the logical pieces and connection protocols. The diagram's URL is: https://www.microsoft.com/technet/prodtechnol/virtualserver/2005/proddocs/images/vs_und_01c.gif

Details

Virtual Server 2005 ships with a native code EXE program named VSWebApp.exe which calls the native COM based API. VSWebApp.exe implements CGI/1.1 to read/parse input and provide HTML as output, so it naturally runs as a CGI executable on IIS to provide a web-based administration interface.

VSWebApp.exe is very nicely abstracted into logical layers and has no IIS-specific dependencies that I could find (the IO layer is pure CGI and abstracts the underlying platform away such that higher-level parts of the CGI do not worry about HTTP concepts like reading/writing entity body, retrieving/setting form parameters, HTML/HTTP encoding, etc).

Although I have not tried, VSWebApp.exe should run unmodified as a CGI on Apache for Windows. But, as I have alluded to earlier, you do not need a web server to administer Virtual Server. So, changing web servers is merely a exercise left to the reader. We can do one better by not needing the web server at all.

Virtual Server 2005 supports DCOM Remoting for its COM based API, and this support is registered within vssrvc.exe. This allows you to perform the aforementioned administration tasks against a remote Virtual Server by merely instantiating the COM object differently. In fact, VSWebApp.exe liberally uses this feature to "tunnel" and allow you to administer against a remote Virtual Server which does not have IIS installed.

Virtual Server 2005 introduces a simple internal security model. At a server-wide scope, you declare allow or deny ACL for a given user identity and the specified list of privileges, which include:

  • Modify - gives access to add Virtual Machine and Virtual Network configuration
  • Remove - gives accees to delete Virtual Machine and Virtual Network configuration
  • View - gives access to read Virtual Server and Virtual Machine configuration as well as view the Virtual Machine with VMRC
  • Change - gives ability to change these privileges in Virtual
  • Control - gives access to the COM interface itself. You cannot administer Virtual Server without it
  • Special - currently, I do not know what it does. It is available to be set via the administration API, but I have not found a way to make it persist.

Basically, you give "Control" access to allow someone to be able to use/administer Virtual Server, "Change" to give someone the admin bit, and the others are the usual Read/Modify/Delete permissions securing Virtual Machine and Virtual Networks. And since Virtual Machines are just files, you can also apply NTFS ACLs on the files to get more interesting and granular combinations.

For example, you can give a user "View" privileges, so they can theoretically view any Virtual Machine registered on the system... but you can set NTFS ACLs on the VMC, VNC, and VHD files such that they can only see and run certain Virtual Machines.

Conclusion

By now, what I stated earlier should be clear.

  • You DO NOT need to install nor use IIS to administer Virtual Server 2005. Administration of Virtual Server requires you to manipulate its COM based API somehow, either via native code, managed code, or Windows Script Host. The product provides a web-based administration tool by default, but it does not preclude other administration forms. For example, I know of GUI and control panels using managed code being developed. Personally, I implemented a lightweight commandline VS administration tool using Windows Script Host in about 3,000 lines of code where I can create a newly configured Virtual Machine with a single commandline and about 8 switches.
  • You DO NOT need to be at the Virtual Server 2005 machine to administer it. Virtual Server supports DCOM remoting so that you can use the same COM based API but targetted at Virtual Server on a different machine. VSWebApp.exe also allows a HTTP-based front end (to hop across firewalls, for example) before using DCOM on that server to target another remote Virtual Server.
  • You DO NOT even need to be a local system administrator to be able to administer Virtual Server 2005 or its Virtual Machines. You just need to give the user identity Control and View privileges in Virtual Server as well as Read/Write privileges to the NTFS filesystem where the Virtual Machine / Virtual Network is stored.

For example, I exclusively run as non-administrator (i.e. just plain normal User) on all of my machines. I use my administrator account to install Virtual Server 2005, add my non-administrator user to Virtual Server with all privileges except Change, and then as non-administrator I can create/delete/view any Virtual Machine that my user identity has read/write access to the physical files that make up the Virtual Machine.

//David

Comments

  • Anonymous
    June 21, 2005
    The other day I was trying to administer or just author web page running as non-admin for FrontPage 2002 Server Extentions. It was impossible for me to achieve this. When running as local admin everything worked but when running as a normal user I would get the logon dialog and whatever password I would enter it would not log me into FrontPage Server. I got so frastrated that I remove FP 2002 Server Extentions.

  • Anonymous
    July 11, 2005
    Can you share your commandline VS admin tool written in WMI?

  • Anonymous
    July 11, 2005
    I do not have a WMI-based commandline VS admin tool to share.

    If you have specific questions about how to script Virtual Server Administration, I can try and answer that.

    //David

  • Anonymous
    November 01, 2005
    I installed Virtual Server 2005 Standard edition Win XP Pro SP2 and keep
    getting this error when I browse to
    http://localhost/VirtualServer/VSWebApp.exe?view=1 .
    I am logged in as Administrator.
    I uninstalled and re-installed but no luck.
    Virtual Server virtual web directory is located under Default WebSite in
    IIS. The virtual web folder points to C:Program FilesMicrosoft Virtual
    ServerWebSiteVirtualServer where VSWebApp.exe is present.


    The page cannot be found
    The page you are looking for might have been removed, had its name
    changed, or is temporarily unavailable.

    --------------------------------------------------------------------------

    Please try the following:

    a.. If you typed the page address in the Address bar, make sure that
    it is spelled correctly.

    b.. Open the localhost home page, and then look for links to the
    information you want.
    c.. Click the Back button to try another link.
    HTTP 404 - File not found
    Internet Information Services


    --------------------------------------------------------------------------

    Technical Information (for support personnel)

    a.. More information:
    Microsoft Support


  • Anonymous
    December 02, 2005
    Hi there ...
    i have a problem like i am not able access com api from vb6 ... or more specifically none of the function supported by IVMVirtualServer works ...
    i have included the refrence required that i needed to refer com api thru vb ...

    the error i get (say findvirtualmachine) is
    Run-Time Error -214703550 (80070542):
    Method FindVirtualMachine of object IVMVirtualMachine failed

    even i get the same error in python com

    am i missing something like initiating the server ...
    i dont know what it is .. and even the com api doc at msdn isn't much helping

    one more thing ... these thing with vbscript works absolutely fine ...

    i hope u can sort out my prob or may build me a way to tackle the problem

  • Anonymous
    December 04, 2005
    The comment has been removed

  • Anonymous
    December 21, 2005
    The comment has been removed

  • Anonymous
    February 14, 2006
    Hi everybody :-)

    This message is for Dmitry Polyakovsky: I don't know if it's too late or not (somehow) and if you've already gotten the answer to your problem, but I had the same one and to resolve it, I wrote the loopback address (127.0.0.1) in the url instead of "localhost". For me it worked so much better like that ;-).

  • Anonymous
    March 03, 2006
    The comment has been removed

  • Anonymous
    April 19, 2006
    Sharing files with host on Virtual server 2005.

    I would like to be able to share files with the host operating system. Just normal textfiles which i need to transfer between virtual server and the host.

    I installed the loopback adapter and used this as network adapter for a virtual network. When running the virtual server i am still not able to acces the host file system. I am not even able to ping the host from the virtual server and vice versa.

    I am not able to browse whe opening IE

    Any suggestions on what to do?

  • Anonymous
    April 19, 2006
    Benjamin - In general, I suggest reading and following the Virtual Server documentation on how to setup the loopback adapter and general networking documentation.

    One of the most common mistakes (after not creating a Virtual Network bound to the Loopback and configuring the Guest to use a Virtual NIC bound to this Virtual Network) is to fail to have the Loopback adapter on the Host and Virtual NIC in the Guest on the same TCP/IP Segment - i.e. basic networking 101.

    In other words:
    - set up the Loopback Adapter on the Host to have the following Static IP:
    192.168.1.1
    255.255.255.0
    - set up the Virtual NIC inside the Guest to have the following Static IP:
    192.168.1.2
    255.255.255.0

    And you should now be able to communicate from Host to Guest via 192.168.1.2 and Guest to Host with 192.168.1.1

    As for ability to browse the Internet with IE from the Guest - that is a separate network routing issue.

    I suggest visiting the Virtual Server Newsgroup because these are frequently asked questions and full-answers exist - use either NNTP reader like Outlook Express or Web-based reader:
    http://www.microsoft.com/windowsserversystem/virtualserver/community/default.mspx

    //David

  • Anonymous
    May 07, 2006
    My company is deploying exchange server 2003 Enterprise on six different virtual servers for six different forests.  What are some of the pitfalls when doing this?  I have read documentation supporting and not supporting exchange on VS 2005.  What are your thoughts?

    Thanks,

    Carrie McLeish

  • Anonymous
    May 12, 2006
    Carrie - since Exchange is heavily disk IO intensive and Virtual Machines do not help disk IO, I am not certain of the rationale to deploy Exchange on Virtual Machine.

    I believe Exchange 2003 SP1 is supported on Virtual Server 2005. This stuff is all documented on microsoft.com website, and you can also query microsoft.public.virtualserver newsgroup/community.

    http://www.microsoft.com/windowsserversystem/virtualserver/community/default.mspx

    //David

  • Anonymous
    May 12, 2006
    This article answered my question perfectly in all respects but one - How to install without IIS.  Clearly you do not need to use IIS to adminsister virutal server, but the tool you decribe - VSWebApp.exe - is contained within the executable download and you do not seem to be able to extract it without running the install.  Here's the Gotcha - the install won't run unless you have IIS running.
    Seems to me that means I need to install IIS in order to extract the file I want to use to run against my Apache server... no?
    Any workaround greatly appreciated. NickB

  • Anonymous
    May 12, 2006
    The comment has been removed

  • Anonymous
    May 13, 2006
    Errr... Thanks, I think.  I suspect your underlying assumption is that I was hoping for a quick and easy solution.  And you would be right.  I do not like the bundling approach which is taken in this instance, and as I am already running Apache on Wintel for a number of other reasons I guess I am just going to have to put some effort in. C'est la Vie!  Thanks again. NickB

  • Anonymous
    May 13, 2006
    I started typing this as a response to this blog entry and then decided that I was investing a little...

  • Anonymous
    May 13, 2006
    The comment has been removed

  • Anonymous
    May 24, 2006
    if you wish to install the VS without having IIS running just do not do a complete install do a CUSTOM install and remove the IIS portion.

  • Anonymous
    June 30, 2006
    The comment has been removed

  • Anonymous
    June 30, 2006
    ive also tried installing it after ive made the new site, but it still wont work >< help!

  • Anonymous
    July 01, 2006
    The comment has been removed

  • Anonymous
    July 14, 2006
    ok

  • Anonymous
    August 31, 2006
    I want to customize the Microsoft virtual server, what i want is the admin gui page it shows I want to customize that like I want to create 4 VirtualMachine at a time by running a VB script ,can u provide that script to me which take input  for creating many VMs at atime.

    please provide me the script. thanks
    mithu_manoj@yahoo.com

  • Anonymous
    February 18, 2008
    Yo don't need it, but it makes your life easier

  • Anonymous
    July 13, 2008
    Thanks to Barney, I solved the 0x80070542 problem by running dcomcnfg and change the default impersonate configuration. Thanks!