Академический Документы
Профессиональный Документы
Культура Документы
Version 1.0.1
Trademark Acknowledgements
All trademarks and registered trademarks are the property of their respective owners.
Contents
Contents
1 2 3 4 5 6 7 8 9 10
Introduction to Citrix Web Self Service 4 Understanding Workspace 5 Managing Pools 8 Adding Users 10 Managing Role Based Access Control 13 Configuring Settings 17 Managing Appliance 19 Sharing VMs 20 Understanding Tags 22 Troubleshooting 24
XenServer Web Self Service is a Web based virtual machine management console for XenServer 5.6 and 5.6 FP1 versions. nIt enables Citrix XenServer administrators to: Delegate access to individual virtual machine guests to end-users, View consolidated virtual machine guests from multiple resource pools, Perform basic life cycle operations such as Start, Stop, Suspend and Reset on virtual machine guests, Remote login (VNC for Linux Guests and RDP for Windows Guests) to the virtual machine guests. XenServer Web Self Service users can view VM consoles, Start, Stop, Suspend and Reset their virtual machines. It also provides a way to meet communication needs between user and administrator to satisfy IT provider objectives. XenServer Web Self Service is packaged as a XenServer Virtual Appliance which can be imported into XenServer Pool. See XenServer Web Self Service Installation Guide for more details. Web Self Service manages XenServer tags to establish relationship between users and virtual machines in Citrix Xenserver Pool. XenServer Tags enable you to identify your resources in new ways. Tags are like keywords or labels, and they allow you to rearrange your view of resources within XenCenter depending on criteria that are important to you, such as application, location, cost center, owner, or lifecycle stage. Fore more information on tags, refer to Understanding Tags. After importing the Web Self Service, Login to the Web Self Service and follow the simple three steps to complete the setup process. 1. Add a pool. Refer to Managing Pools. 2. Add users. Refer to Adding Users. 3. Share VMs with user. Refer to Sharing VMs. You may follow the Installation Checklist section of the Admin Homepage. This document assumes that the reader is familiar with Citix XenServer technology.
Understanding Workspace
Workspace page appears as soon as you login to Web Self Service. It shows thumbnails of all VMs on XenServer pools added to Web Self Service. You can do all the power operations (Start, Shut Down, Reboot, Suspend) on these VMs and can interact with the console of the VM through either RDP or Web Console. When administrator adds a pool to be managed in Web Self Service, it discovers all the virtual machines visible to the pool automatically. The meta data and the thumbnail of each virtual machines are displayed in the workspace page. The virtual machine meta data includes: Memory, CPU, NIC, Storage, Tags, Other tags. Workspace screen has several screen elements which will allow you to share the VMs, search for VMs by their names and filter names by pool or users. The different screen elements of the Workspace page are as follows: 1. Search - You may search for the VM by its name or the OS associated with it.
Search
2. Filter - You can filter VMs in the Workspace by users or/and pools.
4. VM Interactive Operations - You can Start, Shutdown, Reboot, Shutdown and Suspend VMs. You can also interact with the console of the VM through RDP or Web Console directly from here. The VM should have XenTools installed to display all the IP addresses in RDP flyout menu.
Power operations
The homepage of the Web Self Service with all the screen elements. XenServer hidden VMs will also be visible to the admin user in Web Self Service.
Workspace
The left pane provides links to important functions Web Self Service. The left pane has Overview and Manage functions.
Overview
The Overview menu provides these links:
Workspace - Lists all the available VMs on the XenServer hosts configured in Web Self Service. VM Requests - This will show the pending VM requests of users. The admin may allocate VMs to them based on their requests. This can be disabled from the WebUI by the admin.
Manage
The Manage menu provides these links: Pools - This will list all the XenServer pools added to Web Self Service. Admin may add new pools, disable or delete existing pools. For more information on adding pools, refer to Managing Pools. Users - This will list the users that are added. You may individually add users or import all users registered with XenServer Active Directory. For more information on adding users, refer to Adding Users. Install Checklist - Assist you to complete your installation with the statuses and the descriptions of various steps. Task logs - Shows the chronological list of the events initiated by users. You may search or filter Task logs by user, pool name or status of the event. Settings - You can configure different aspects of the product like Workspace Page Settings, SMTP email and VM request settings. Appliance - You can perform different admin related tasks like backing up and restoring DB, collecting logs, configuring static IP address etc...
Managing Pools
XenServer pools added to the Web Self Service are listed under Pools. If you are using AD authentication, you will need to designate one of the pools as the Authentication Pool. You may later change the Authentication pool.
Pool details
The following options can be configured for every pool in Web Self Service. Edit - If the pool master IP address has changed, this allows you to provide the new pool master IP address. However, changing the pool master IP address here does not alter anything in the XenServer pool. Scan ISOs - Allows you to scan ISO files placed in the pool storage. Tags - This allows you to create new tags, replace an existing tag and delete tags for all VMs in a pool. Disconnect - Disabling a pool will prevent all users(including admin user) from viewing consoles of VMs that belong to the pool. The VMs will continue to run in XenCenter.
Remove - Deletes the pool from Web Self Service. Users will not longer be able to access VMs on this pool through Web Self Service once the pool is deleted. View Details - Lists the details of the pool like number and the details of the hosts in the pool, ISOs placed in the storage of the pool and so on. View Task logs - Shows all the tasks performed on the pool. View Diagnostics - Shows the diagnostics information of the pool.
Adding Pools
You may add XenServer pools to the XenServer Web Self Service by providing the Pool Master IP address and login credentials. If you are using Web Self Service with more than one pool, only one pool needs to be joined to the domain and designated as the Authentication Pool. Web Self Service will the use AD details of only this pool for authentication.
Adding Users
User authentication is configured either to use the built-in database or through XenServer Active Directory. This is done while setting up XenServer Web Self Service and cannot be changed thereafter. If you choose to use built-in database, you will need to manually create username and password for every user. If you choose to use the XenServer Active Directory Authentication, you will need to ensure that XenServer is joined to the Active Directory domain. Users can be added in XenServer Web Self Service only if they belong to the Active Directory Users in XenCenter either as a part of a group or an individual user.
10
You can configure Web Self Service to allow XenServer AD users to automatically login with their AD credentials without having to add each user in Web Self Service. You can enable auto-login from the Server Settings. In such a case, the user is automatically created in Web Self Service on first login. If the AD users are not configured to auto-login, the AD usernames should be added manually.
Managing Users
Once users are added or imported, they will be listed in the Users section of the Web Self Service. You may change the admin password. Changing admin password from here will not change the root password of the appliance. You will need to login to the appliance as root and change it from there using the command passwd.
11
You may disable or remove users from the Users list. If you Disable a user, that user will not be able to login to Web Self Service and the admin will not be able to share VMs with him. This user will be listed as Disabled in the Workspace of the admin user like shown below.
Disabled users
You may also view information about the tasks performed by a particular user and the VMs shared to him. If you are using Active Directory as the authentication mechanism and a user gets deleted in the XenServer AD, you will have to delete that user from the Web Self Service from here.
12
WSS Users acquire Web Self Service permissions through their assigned role in XenServer. Web Self Service leverages XenServer's Role Based Access Control (RBAC) which maps the roles defined for the Active Directory users in XenServer to Web Self Service roles. The following table summarizes the mapping of XenServer Roles to WSS Roles: XenServer Roles Pool Admin Pool Operator VM Admin VM Operator VM Power Admin Read Only No Role WSS User WSS Roles WSS Admin WSS Operator WSS User
Note: The user admin is the local admin who has "WSS Admin" role for all the managed pools in WSS. If the user has not role assigned in XenServer AD, the user gets the default "WSS User" role in Web Self Service.
13
The following table summarizes which permissions are available for each role. For details on the operations available for each permission, see Definitions of permissions. WSS Admin WSS Operator WSS User (on shared VMs)
Role Permissions
Pool Management
User Managemet View VMs in Workspace VM Access Control Change Auth Pool Logout active user sessions VM Basic Life Cycle Control Operations VM Change CD media View VM Consoles View All Task Logs Manage VM Requests Control Appliance Networking Backup and Restore Download Support Logs
14
Definitions of permissions
The following table provides additional details about permissions: Permissions Change Auth Pool Logout active user sessions Control Appliance Networking Allows Assignee To Add a pool Delete a pool Edit pool username, password Disconnect a pool Reconnect a pool Add a user Delete a user Change password of a user Enable a user Disable a user View VM Configuration details View VM history Share a VM with a user Unshare a VM from a user Change the authentication pool of the Web Self Service View active users logged in to Web Self Service Logout all active users sessions Start a VM Stop a VM Suspend a VM Resume a VM Reset a VM Eject a CD Attach a CD View VM Web Console View RDP Console View VNC Console View Thumbnails in Workspace Read all task logs Mark a request as read Mark a request as unread Configure IP Settings for the Web Self Service Change the Listening NIC of Web Self Service Change the hostname of the Web Self Service
Pool Management
15
Take a backup of Web Self Service Restore Web Self Service from a backup Download support log files
Note: If the same user has different roles across multiple pools, then, Web self service will honor permissions on pool based on the roles defined for that pool. For example, If the user "A" is a pool admin of Pool "P-A" and the same user is having "VM Admin" role for Pool "P-B", and if authentication pool is set to then pool "P-A", then, when user "A" logs into WSS, he can view all the VMs of "P-A" and only shared VMs from "P-B".
The user role can be seen on the right corner of their Web Self Service Web UI.
If you are using built-in database for user creation, all the users except the admin user will be allocated WSS User role.The admin user will have the Local Admin user role.
16
Configuring Settings
The configuration settings are divided into different functions.
Server Settings
Authentication Mode: Shows the authentication mechanism used for Web Self Service. This is configured at the time of installation and cannot be changed there after. Login Session Timeout: You may configure the session timeout for users. Allow Weak Passwords: Allows weak passwords for users.
VM Requests
Enable VM request feature: This enables users to place VM requests. Disabling this option will hide the VM Requests option from their page. Request Template: You can use the default VM request template or you can customize the default template. Enable and Save this setting to edit the default template from the Settings page. Since VM Request template customization is done by editing HTML, ensure that the HTML code change does not compromise security.
Email Notification
17
Send Email: Admin user will get email notifications when the users place VM requests. SMTP Server: Specify the SMTP server address that will be used for sending mails. SMTP Port: Specify the SMTP port number in the field. SMTP Login: Specify the login ID that will be used to login to the SMTP server. SMTP Password: Specify the password of the login ID that will be used to log in to the SMTP server. Admin's Email Address: Notifications will be sent to this address.
18
Managing Appliance
The Admin tasks are divided into Networking, Backup-Restore, and Support.
Server Information
Shows the current version of the appliance, time and lists all the user sessions.
Networking
Listening interface - Default configuration listens on all IP addresses associated with the virtual appliance.You can configure it to listen only on a preferred IP address. Interface - Allows you to configure the Web Self Service virtual appliance IP address as static or DHCP. Hostname - Change hostname for the Virtual Appliance.
Support
Support Logs - You can download the logs for the virtual appliance. It will also provide information about Database Type, Database Version, Linux Version, Schema Version, WebServer and Diagnostics of the appliance.
19
Sharing VMs
VMs can be shared to the users of XenServer Web Self Service by using the Share functionality from the Workspace page. For example: In the below given screenshot, the VM Windows Server 2003 is shared with users avinash, arun, subodh.
User tags
The sharing functionality is implemented in Web Self Service through tags in XenCenter. When you share a VM with a user in Web Self Service, a tag with the name of the user is created in the XenCenter. In the below given screenshot, the tags ssuser:avinash, ssuser:arun and ssuser:subodh are created in the XenCenter when the VM is shared with this user in Web Self Service.
20
If you remove or disable this tag from the VM in XenCenter, the VM is automatically unshared from the Web Self Service as well.
21
Understanding Tags
You can create tags and assign them to VMs in XenCenter. These tags are listed in the Details section Web Self Service.
Tags
Web Self Service uses tagging functionality in XenCenter to to indicate sharing of VMs to users in XenServer Web Self Service. XenServer Web Self Service automatically creates three types of tags in XenCenter. ssuser:<user> (e.g. ssuser:mark) - This tag indicates that the VM is shared to the specified user. If you remove this tag in XenCenter, the VM will no longer be shared to the user in Web Self Service. You may create tags for VMs in XenCenter with this format even if the user is not added to the Web Self Service. If this tag exists, the VMs are shared with the users when they are added. Dormant Users If the VM has a ssuser:<user> tag and <user> has not been added to in Web Self Service, this is shown as a Dormant user in Workspace. If you later add the user in Web Self Service, this tag will take effect and result in the VM being immediately shared to the user. In the below given screenshot, the VM is tagged with ssuser:anil but anil is not added as a user in Web Self Service. So anil appears as a dormant user for that VM. The admin may add anil as a user in Web Self Service and the VM gets shared to this user automatically.
22
Dormant tag
ssattrib:hide This tag indicates that the VM should be completely hidden in Web Self Service. This VM will not be shown in the Workspace even to the admin. ssattrib:disable - This tag indicates that the VM should be hidden from end-users in Web Self Service. This tag is added to the VM if the admin disables the VM in the Workspace. If you remove this tag in XenCenter, the VM will be enabled in Web Self Service. This feature allows admin user to remove VMs from the Workspace of non-admin users for maintenance activities like installing patches or recovering from virus attacks.
23
Chapter 10 Troubleshooting
Troubleshooting
10
The following tools and information help you to diagnose and troubleshoot possible Web Self Service issues.
Diagnostics information
Diagnostic information provides details about Appliance Memory Free/Used Memory, List of processes running in the VM (top output) and the page average response time for the last 5 mins. 1. In the Web Self Service Web UI, go to Appliance. 2. Click on View under the Support > Diagnostics section.
24
25
Chapter 10 Troubleshooting
Pool Diagnostics
26
4/25/2011, 6:15 PM
27