Xen Setup for Access Manager



Novell Access Manager 3 requires multiple machines to get all the components installed and configured (an Admin Console, an Identity Server and an Access Gateway, at minimum). Requiring multiple machines to test or demo the software can be cumbersome. With SuSE Linux Enterprise Server 10 Support Pack 1, the XEN virtualization platform has become solid and provides support for a large series of OS's used by Access Manager.

Although not supported (VMWare GSX is the only virtualization platform supported at the current time), XEN does work and perform well when allocated the appropriate resources (see Access Manager 3 minimum requirements for disk space and memory). This document describes how to set up a SUSE Linux Enterprise 10 server for XEN virtualization support, and how to get Access Manager components running on that platform.


1. Get the SLES10 SP1 code. The latest code has many XEN improvements, in terms of stability, performance, and administration.

2. Install the Hypervisor and Tools package available from the Virtualization section of Yast2.

This installs the all the XEN packages and kernel updates required to get XEN going.

Once done, the 'Create Virtual machines' option will be available under the Virtualization section of Yast2.

Click to view.

Figure 1

Figure 1 - Create Virtula Machine option

3. Install the virt-manager package from Yast2. This package will allow you to administer the virtual machines from a UI.

4. Modify the Boot Loader so that the Xen kernel boots. You may need to add Dom0_Mem to the command line if Windows running as a virtual host, and you would add a value of 512MB or great if needed. SLES VMs do not need this, so I left the default mode going.

Click to view.

Figure 2

Figure 2 - Boot Loader settings

5. Reboot the server and make sure that the XEN OS is booted.

cashell:~ # uname -a
Linux cashell #1 SMP Thu May 17 14:00:09 UTC 2007 x86_64 x86_64 x86_64 GNU/Linux

6. Run Yast2 and click the Virtualization tab.

Here you need to run the Create Virtual Machines application.

Click to view.

Figure 3

Figure 3 - Create Virtual Machine application

7. Select the Operating System you want to Install (SLES9 or SLES10 for Access Manager Devices). There are a number of pre-selected OS's, although you can create your own, and Access Manager runs on both SLES9 SP3 and SLES10 platforms.

Click to view.

Figure 4

Figure 4 - Installing an OS

Click to view.

Figure 5

Figure 5 - OS Type

8. Having decided on the OS, you need to define the VM attributes, such as:

  • Where will you boot from

  • How much memory will you allocate

  • How many interfaces will you need to enable

  • Whether the OS will be para-virtualized

Note that para-virtualized OS's will run much faster, but only certain OS' can be para-virtualized (SLES10), so I recommend this for Access Manager.

Click to view.

Figure 6

Figure 6 - Summary

Note: You can install from a local ISO image, from a local CD/DVD, or even remote images across the network (as shown below).

Click to view.

Figure 7

Figure 7 - OS Installation

Once the OS has finished installing, you should be able to view its state from the Virtual Machine Manager. Running this application, you will get real-time stats regarding the running OS's, including CPU utilization, memory allocation, etc. You can also double-click any of the running Vms to physically access the VM. For example, in the screenshot below, the Domain-0 OS is the host OS that is running on the main screen; the SLES10 OS is running in the right-hand window.

Click to view.

Figure 8

Figure 8 - SLES VM Console and Virtual Machine Manager

On this new Virtual Machine, you can now install all Access Manager devices. Installing the Admin Console and Identity Server are simply a matter of installing the CD into the drive, or manually copying the install files (incl. the install.sh) to the Virtual Machine.

9. Once done, cd to the Access Manager install directory and run the install.sh script.

Installing the Access Gateway

Once the Admin Console and IDP servers are installed above, the Access Gateways must be installed. The Access Gateway installation must include the OS as shipped on either the Linux (SLES9 SP3) or Netware (Netware 6.5 SP5) platforms. Using the Linux Access Gateway (LAG) as an example here, the following screenshots show what is required when creating a virtual machine to get the LAG installed successfully.

1. Select the option to install an operating system.

Click to view.

Figure 9

Figure 9 - Install an OS

2. Define SUSE Linux Enterprise Server 9 as the type of OS ? this is the platform the LAG is based on.

Click to view.

Figure 10

Figure 10 - Type of OS

3. When creating the virtual disk, be sure to create at least a 10GB disk size, or else the installation will fail.

Click to view.

Figure 11

Figure 11 - Virtual Disk - Hard Disk

4. Create a CD-ROM virtual disk device for this virtual machine and point to the LAG ISO object that ships with Access Manager. For simplicity I copied this over to the Host machine first (/root directory) and referenced it locally.

Click to view.

Figure 12

Figure 12 - Virtual Disk - CD-ROM

5. Set up the disks so as to boot off the CD-ROM or ISO image you are pointing to. To do this, make sure that the CD-ROM device is the first disk device in the list (you'll need to select it and click the Up button).

Click to view.

Figure 13

Figure 13 - List of disks

6. Make sure the following settings are enabled:

  • Virtualization method = Fully virtualized (it's SLES9 SP3-based, which does not support para-virtualization)

  • Memory settings = 1GB initial memory with a 2GB maximum memory setting (I didn't have much memory below and gave it values that make it work, but quite slowly)

Click to view.

Figure 14

Figure 14 - Summary

Once you click OK, the Linux AG installation screen will pop up, displaying the option to do the Standard or the Advanced install.

Click to view.

Figure 15

Figure 15 - LAG Installation


The SUSE Linux Enterprise 10 Support Pack 1 XEN platform is a very useful environment to be able to demo or test Access Manager 3 without requiring multiple machines. It is not currently supported as a hardware platform for production environments.


How To-Best Practice
Comment List