Configuring Windows Virtual Machines to Support the eG Agent’s Inside View without the eG VM Agent

For the "inside" view, by default, the eG agent uses SSH/WMI (depending upon the virtual OS to be monitored) to communicate remotely with the virtual machines on the RHEV server and collect metrics. To establish this remote connection with Windows VMs in particular, eG Enterprise requires that the eG agent be configured with domain administrator privileges. Besides, the Inside View Using flag of all “inside view” tests should be set to Remote connection to a VM.

In addition, the following pre-requisites need to be fulfilled:

  1. The admin$ share will have to be available on the Windows guests
  2. The Windows Firewall should be configured to allow Windows File and Print Sharing.

The sections to come discuss the procedure to be followed for fulfilling the 2 requirements above.

Enabling ADMIN$ Share Access on Windows Virtual Guests

Enabling ADMIN$ Share Access on Windows 2000/2003 VMs

If the ADMIN$ share is not available on any Windows-based virtual guest, create the share using the procedure detailed below:

  1. Open the Windows Explorer on the virtual machine, browse for the corresponding Windows directory in the C drive, right-click on it, and select the Sharing option from the shortcut menu.
  2. If the admin$ share does not pre-exist on the Windows guest, then Figure 1 appears indicating the same.

    Figure 1 : The ADMIN$ share does not exist

  3. On the other hand, if the admin$ share pre-exists, Figure 2 appears. In such a case, first, remove the admin$ share by selecting the Do not share this folder option from Figure 2 and clicking the Apply and ok buttons. After this, you will have to repeat step 1 of this procedure to open Figure 1. Then, proceed as indicated by step 3 onwards.

    Figure 2 : Admin$ share pre-exists

  4. To create (or re-create) the admin$ share, select the Share this folder option from Figure 3, and provide admin$ share against the Share name text box (see Figure 3).

    Figure 3 : Creating the ADMIN$ share

  5. Next, to enable the eG agent to communicate effectively with the Windows guest, you need to ensure that the permission to access the admin$ share is granted to an administrative user (local/domain); also, the credentials of this user should be passed while configuring the eG monitoring capabilities - i.e., while configuring the VMware tests. To grant the access permissions, click on the Permissions button in Figure 3.
  6. By default, the admin$ share can be accessed by Everyone (see Figure 4). To grant access rights to a specific administrative (local/domain) user, select the Add button in Figure 4. When Figure 5 appears, select the domain to search from the Look in list. The valid user accounts configured on the chosen domain then appear in the box below. From this box, choose the administrator's account and click on the Add button to add the chosen user account to the box below the Add button.

    Figure 4 : Clicking the Add button

    Figure 5 : Selecting the administrative user to whom access rights are to be granted

  7. Finally, click the ok button. You will then switch to Figure 6, where the newly added administrator account will appear.

    Figure 6 : The administrator account granted access permissions

  8. Select the newly added administrator account from Figure 6, and then, using the Permissions section, grant the administrator Full Control, Change, and Read permissions.
  9. Finally, click the Apply and ok buttons in Figure 6 to register the changes.
  10. Once you return to the Properties window, click on the Security tab to define the security settings for the admin$ share (see Figure 7).

    Figure 7 : Defining the Security settings for the ADMIN$ share

  11. Here again, you need to add the same administrator account, which was granted access permissions earlier. To do so, click the Add button in Figure 7, pick a domain from the Look in list of Figure 8, select the said administrator account from the domain users list below, and click the Add button (in Figure 8) to add the chosen account. Then, click the ok button in Figure 8.

    Figure 8 : Adding the administrator account

  12. This will bring you back to Figure 7, but this time, the newly added domain administrator account will be listed therein as indicated by Figure 9.

    Figure 9 : The Administrator account in the Security list

  13. Finally, click the Apply and ok buttons in Figure 9.

Enabling ADMIN$ Share Access on Windows 2008 VMs

To enable the admin$ share on a Windows 2008 VM, do the following:

  1. Open the Windows Explorer on the virtual machine, browse for the corresponding Windows directory in the C drive, right-click on it, and select the Share option from the shortcut menu.

    Figure 10 : Selecting the Share option from the shortcut menu

  2. Figure 11 will then appear. Click on Advanced Sharing in Figure 11.

    Figure 11 : Cicking on Advanced Sharing

  3. Select the Share this folder check box in Figure 12 that appears, enter admin$ against Share name, and click on the Permissions button in Figure 12, to allow only a local/domain administrator to access the folder.

    Figure 12 : Enabling the ADMIN$ share

  4. When Figure 13 appears, click on the Add button therein.

    Figure 13 : Clicking on the Add button

  5. To allow a domain administrator to access the folder, first, ensure that a valid domain is specified in the From this location box of Figure 14. If you want to grant access to a local administrator instead, ensure that the name of the local host is displayed in the From this location box. To change this specification, use the Locations button in Figure 14. Then, enter the name of the local/domain administrator in the Enter the object names to select text area, and click the ok button. 

    Figure 14 : Allowing a domain administrator to access the folder

  6. The newly added user will be listed in the Group or user names section, as depicted by Figure 15. Select this user, and then, check all the three check boxes under Allow in the Permissions for <user> section in Figure 15. Then, click the Apply and ok buttons therein.

    Figure 15 : Allowing full access to the local/domain administrator

  7. When Figure 16 appears, click on the Apply and ok buttons therein to register the changes.

    Figure 16 : Applying the changes

  8. Alternatively, by adding a new entry in the Windows registry, you can quickly enable the admin$ share. The steps for the same are discussed hereunder:

    • In Run prompt type regedit to open registry editor.
    • Browse through the following sub key:

      HKEY_LOCAL_MACHInE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

    • Create a new entry with the below information
    • Key Name : LocalAccountTokenFilterPolicy
    • Key Type : DWORD (32-bit)
    • Key Value : 1
    • Exit registry editor.

Note:

As with any change to the registry, ensure that the above-mentioned change is also performed with utmost care, so as to avoid problems in the functioning of the operating system.

Once the pre-requisites are fulfilled, you can proceed to use either of the monitoring models - Monitoring the RHEV Hypervisor or The RHEV Hypervisor - VDI Monitoring Model - to monitor the RHEV Hypervisor in your environment. The chapters that follow will discuss each of these models in detail.

Configuring Windows Firewalls to Allow File and Print Sharing

In the case of virtual machines operating on Windows XP/Windows 2003/Windows 2008/Windows Vista/Windows 7, the firewall on the guest should be explicitly configured to allow Windows File and Print Sharing services which are required for the eG agent on the ESX host to communicate with the guest operating system.

To achieve this, do the following:

  1. Open the Virtual Infrastructure Client console, and from the tree-structure in its left pane, select the guest OS (Windows XP/Windows 2003/W;indows Vista/Windows 2008/Windows 7) on which the firewall should be configured (see Figure 17).

    Figure 17 : Selecting the guest OS

  2. Follow the menu sequence: Start -> All Programs -> Control Panel (see Figure 18), and then double-click on the Windows Firewall option within. 

    Figure 18 : Opening the Windows Firewall

  3. Figure 19 then appears, with the General tab selected by default.

    Figure 19 : The General tab of the Windows Firewall dialog box

  4. Deselect the Don't allow exceptions check box as indicated by Figure 20.

    Figure 20 : Deselecting the 'Don't allow exceptions' check box

  5. Next, click on the Exceptions tab, and ensure that the File and Printer Sharing option is enabled (see Figure 21).

    Figure 21 : Enabling 'File and Printer Sharing'

  6. Then, click the Edit button in Figure 21 to open the ports required for the agent-guest communication. Ensure that at least one of the listed TCP ports are enabled.

    Figure 22 : Opening ports

  7. Finally, click the ok button to register the changes.

Once the pre-requisites are fulfilled, you can proceed to use either of the monitoring models - RHEV Hypervisor or RHEV Hypervisor - VDI - to monitor the RHEV Hypervisor in your environment. The sections that follow will discuss to configure and monitor the RHEV Hypervisor monitoring model in detail.