Setting up a highly available NFS server

As example, combined together, to set the password for the user "john" and the machine "My VM" to "secret", use this command: However, in the 3. Replace the IP address and the hostname in the following commands. The output shows that the IP address of the default entry is pointing to the virtual machine and not to the load balancer's IP address. Start the VM on the target host. Historically, RDP4 authentication was used, with which the RDP client does not perform any checks in order to verify the identity of the server it connects to. Since the XML machine settings file, into whose "extradata" section the password needs to be written, is a plain text file, VirtualBox uses hashes to encrypt passwords.

Make sure that the cluster status is ok and that all resources are started. It is not important on which node the resources are running. Lower versions do not set the permissions correctly and the installation will fail. The load balancer disconnects inactive connections after a configurable timeout.

Read SAP Note for more information. Some databases require that the database instance installation is executed on an application server. Prepare the application server virtual machines to be able to use them in these cases. Otherwise some of the steps below like configuring host name resolution are not needed. Reduce the size of the dirty cache. You can use every supported database for this installation. For a list of supported databases, see SAP Note Install the SAP NetWeaver database instance as root using a virtual hostname that maps to the IP address of the load balancer frontend configuration for the database for example nw1-db and Follow the steps in the chapter SAP NetWeaver application server preparation above to prepare the application server.

The output shows that the IP address of the default entry is pointing to the virtual machine and not to the load balancer's IP address. This entry needs to be changed to point to the virtual hostname of the load balancer. Make sure to use the same port in the output above and database name HN1 in the output above!

The following tests are a copy of the test cases in the best practices guides of SUSE. They are copied for your convenience. Always also read the best practices guides and perform all additional tests that might have been added. If the commands fail with FAIL: Insufficient memory, it might be caused by dashes in your hostname. This is a known issue and will be fixed by SUSE in the sap-suse-cluster-connector package. If you use SBD, Pacemaker should not automatically start on the killed node.

The status after the node is started again should look like this. Use the following commands to start Pacemaker on the killed node, clean the SBD messages, and clean the failed resources.

Create an enqueue lock by, for example edit a user in transaction su The commands will stop the ASCS instance and start it again. The enqueue lock is expected to be lost in this test. The enqueue lock of transaction su01 should be lost and the back-end should have been reset. Resource state after the test:. If you only kill the message server once, it will be restarted by sapstart.

Run the following commands as root on the node where the ASCS instance is running to kill the enqueue server. The ASCS instance should immediately fail over to the other node. Run the following command as root on the node where the ERS instance is running to kill the enqueue replication server process.

If you only run the command once, sapstart will restart the process. If you run it often enough, sapstart will not restart the process and the resource will be in a stopped state. Attach the ISO file that contains the operating system installation that you want to install later to the virtual machine, so the machine can boot from it:. If everything worked, you should see a copyright notice.

If, instead, you are returned to the command line, then something went wrong. You should now be seeing the installation routine of your guest operating system remotely in the RDP viewer. This allows for running virtual machines on a VirtualBox host that acts as a server, where a client can connect from elsewhere that needs only a network adapter and a display capable of running an RDP viewer. All you have to do is specify "Remote" or "Any" when setting up these rules.

Recent versions of uttsc , a client tailored for the use with Sun Ray thin clients, also support accessing remote USB devices. RDP clients for other platforms will be provided in future VirtualBox versions. Furthermore it is advisable to disable automatic loading of any host driver on the remote host which might work on USB devices to ensure that the devices are accessible by the RDP client. For each virtual machine that is remotely accessible via RDP, you can individually determine if and how client connections are authenticated.

Three methods of authentication are available:. The "null" method means that there is no authentication at all; any client can connect to the VRDP server and thus the virtual machine. This is, of course, very insecure and only to be recommended for private networks.

The "external" method provides external authentication through a special authentication library. VirtualBox ships with two such authentication libraries:. The default authentication library, VBoxAuth , authenticates against user credentials of the hosts. Depending on the host platform, this means:.

On Linux hosts, VBoxAuth. On Windows hosts, VBoxAuth. In other words, the "external" method per default performs authentication with the user accounts that exist on the host system. Any user with valid authentication credentials is accepted, i. An additional library called VBoxAuthSimple performs authentication against credentials configured in the "extradata" section of a virtual machine's XML settings file.

This is probably the simplest way to get authentication that does not depend on a running and supported guest see below. The following steps are required:. Enable VBoxAuthSimple with the following command:. To enable the library for a particular VM, you must then switch authentication to external:.

You will then need to configure users and passwords by writing items into the machine's extradata. Since the XML machine settings file, into whose "extradata" section the password needs to be written, is a plain text file, VirtualBox uses hashes to encrypt passwords. The following command must be used:. As an example, to obtain the hash value for the password "secret", you can use the following command:.

You can then use VBoxManage setextradata to store this value in the machine's "extradata" section. As example, combined together, to set the password for the user "john" and the machine "My VM" to "secret", use this command:.

Finally, the "guest" authentication method performs authentication with a special component that comes with the Guest Additions; as a result, authentication is not performed on the host, but with the guest user accounts. In addition to the methods described above, you can replace the default "external" authentication module with any other module.

For this, VirtualBox provides a well-defined interface that allows you to write your own authentication module. RDP features data stream encryption, which is based on the RC4 symmetric cipher with keys up to bit. The RC4 keys are being replaced in regular intervals every packets. Historically, RDP4 authentication was used, with which the RDP client does not perform any checks in order to verify the identity of the server it connects to.

Since user credentials can be obtained using a "man in the middle" MITM attack, RDP4 authentication is insecure and should generally not be used.

This way it is guaranteed that the server possess the corresponding private key. However, as this hard-coded private key became public some years ago, RDP5. The security method is negotiated with the client. This is the default setting.

The client must support TLS. The following example shows how to generate a server certificate. As the client that connects to the server determines what type of encryption will be used, with rdesktop, the Linux RDP viewer, use the -4 or -5 options. All connected clients see the same screen output and share a mouse pointer and keyboard focus. This is similar to several people using the same computer at the same time, taking turns at the keyboard.

The RDP client can select the virtual monitor number to connect to using the domain logon parameter -d.

If the parameter ends with followed by a number, VirtualBox interprets this number as the screen index. The primary guest screen is selected with 1 , the first secondary screen is 2 , etc. The Microsoft RDP6 client does not let you specify a separate domain name. If it is not, you may use any text as the username. Starting with VirtualBox 3. It is possible to increase the compression ratio by lowering the video quality. The VRDP server automatically detects video streams in a guest as frequently updated rectangular areas.

As a result, this method works with any guest operating system without having to install additional software in the guest; in particular, the Guest Additions are not required. On the client side, however, currently only the Windows 7 Remote Desktop Connection client supports this feature.

If a client does not support video redirection, the VRDP server falls back to regular bitmap updates. The quality of the video is defined as a value from 10 to percent, representing a JPEG compression level where lower numbers mean lower quality but higher compression. The quality can be changed using the following command:. These properties were introduced with VirtualBox 3. However, in the 3. Starting with version 3. This works regardless of the host operating system that is running on the hosts: Teleporting requires that a machine be currently running on one host, which is then called the "source".

The host to which the virtual machine will be teleported will then be called the "target" ; the machine on the target is then configured to wait for the source to contact the target.

The machine's running state will then be transferred from the source to the target with minimal downtime. On the target host, you must configure a virtual machine in VirtualBox with exactly the same hardware settings as the machine on the source that you want to teleport. This does not apply to settings which are merely descriptive, such as the VM name, but obviously for teleporting to work, the target machine must have the same amount of memory and other hardware settings.

Otherwise teleporting will fail with an error message. On the target host, configure the virtual machine to wait for a teleport request to arrive when it is started, instead of actually attempting to start the machine. This is done with the following VBoxManage command:. For example, use Start the VM on the target host. You will see that instead of actually running, it will show a progress dialog.

Start the machine on the source host as usual. When it is running and you want it to be teleported, issue the following command on the source host:. For testing, you can also teleport machines on the same host; in that case, use "localhost" as the hostname on both the source and the target host. In rare cases, if the CPUs of the source and the target are very different, teleporting can fail with an error message, or the target may hang.

This may happen especially if the VM is running application software that is highly optimized to run on a particular CPU without correctly checking that certain CPU features are actually present.

VirtualBox can display virtual machines remotely, meaning that a virtual machine can execute on one computer even though the machine will be displayed on a second computer, and the machine will be controlled from there as well, as if the virtual machine was running on that second computer. This article describes how to deploy the virtual machines, configure the virtual machines, install the cluster framework, and install a highly available SAP NetWeaver system. In the example configurations, installation commands etc. ASCS instance number 00, ERS instance number 02, and SAP.