What are Virtual Machine Templates?

In vSphere, Virtual Machine Templates are:

  • Virtual Machines that cannot be powered on
  • Virtual Machines that cannot be modified

Templates are like gold images, you create a template and deploy multiple VMs from them. Templates configuration files use an extension VMTX (virtual machines configuration files have an extension VMX). There are two easy ways to create a template:

  1. Clone an existing virtual machine (VM) to a template.
    – Creates a copy of an existing VM and registers it as a template.
  2. Convert an existing VM to a template.
    – Unregisters existing VM and registers it as a template.

Workflow for modifying a template:

  1. First convert the template to VM
  2. Optionally, make changes to the VM hardware (increase RAM, disk size etc.)
  3. Power-on the VM and install any new applications or updates
  4. After installing the application and updates, shutdown the VM
  5. Now convert the VM back to a template

Deploying Virtual Machines from Templates and Guest Customization:

When virtual machines are deployed from the template, they will identical to the template, things such as Windows-SID and hostnames would same. If using static IPs, those would also be same. This can create software and network conflicts.

To avoid such network or software conflicts, its recommended to customize the VM Guest during the deployment process. For Guest OS customization of virtual machines deployed from templates, vCenter requires the following:

  • If the guest OS is Windows, you need VMware Tools and Sysprep utils to be installed within the templates:
    • You will need to copy Sysprep tools to vCenter for Windows 2000, XP & 2003. Starting with Windows Vista onward, Sysprep tools are part of the base OS install. Where to copy Sysprep utils, read the following KB#1005593 article
  • For Linux VMs/Templates, along with VMware toools, you will also need Perl to be installed within your templates.

Best Practice: Always create templates for powered off virtual machines. Do not clone templates from a powered on virtual machines.

What is vCenter Single SignOn?

  • It is very similar to an Active Directory Domain Architecture
  • It is an authentication broker
  • It configures a vsphere.local domain (in vSphere 5.1 the local domain was called as “system-domain”)

The Single Sign-on (SSO) Architecture part of vCenter in vSphere 5.5 has following features:

  1. It uses a Kerberos type (token based) authentication mechanism
  2. It uses a Secure Token Protocol for Authentication
  3. You can create one-way trust relationships with existing Windows Active Directory Domains or OpenLDAP domains
  4. You can have multiple such trust relationships defined. Being able to define multiple trust relationships is very useful in a cloud enabled era.

One of the important things that you should remember is (and hopefully that would remove a lot a confusion) this vCenter Single Sign-on infrastructure is only used for authenticating users/groups to vSphere Infrastructure and applications that integrate with vCenter. It does not provide authentication services for desktops or other desktop/user applications. Or to say more correctly it is not a replacement for Active Directory Domain. In fact it works as a complementary solution to authenticate Active Directory users/groups to vSphere infrastructure.

In Single Sign-on infrastructure the default Single Sign-on administrator user is administrator@vsphere.local. This user is an administrator on both the vsphere.local Single Sign-on domain and the vCenter Server inventory.

  • On  a Windows based vCenter Server System, you set the password for this user  (administrator@vsphere.local) during the installation of Single Sign-on.
  • On a vCenter Server Appliance (Linux based virtual appliance) the administrator@vsphere.local get created and defined during the initialization/configuration of the appliance.

What are Virtual Appliances?

Virtual Appliances are portable virtual machines. One can export a virtual machine as a virtual appliance, and then you can also import the virtual appliance back as a virtual machine.

Virtual Appliances are available either as a folder of files – OVF (Open Virtualization format) or as a single (tarball) file – OVA (Open Virtualization archive).

Why use Virtual Appliances?

Since you already have a existing virtual Infrastructure, you can use the same for running virtual appliances. Virtual Appliances are essentially a VM which is pre-installed with a Operating System (OS) and an application. Virtual Appliances are built is such a way that you just import the appliance and start using it with a minimal network and application configuration.

Advantages of Virtual Appliances:

Both physical and virtual will require a approval from the finance team. However after the finance approval, implementing a virtual appliance will require no more approvals.

  1. No need for approval from the data-center team for rack space
  2. No need for approval from the networking team for free ports on network switches
  3. No need for approval for power requirement
  4. No need for approval for air conditioning or cooling needs

All these approvals basically increase your deployment time to anything about 4-6 weeks, whereas if using a virtual appliance that comes down to about 2 hours. Other advantages of virtual appliances include:

  1. Standard off-the-shelf server hardware used for running virtual appliances
  2. Reduces AMC costs as one less hardware vendor to manage
  3. Easy to standardize on a single hardware vendor
  4. Improves return on your investment in hardware infrastructure

You can find several free and paid appliances available from various vendors. VMware has something called as VMware Virtual Appliance Marketplace. Several free Linux based opensource virtual appliances are available from Turnkey Linux. You can also build your own virtual appliances using the SUSE Studio. You can also find a free Linux based L3 switch appliance at VyOS. You can also find the excellent Monowall Firewall as a virtual appliance for vSphere.

Overall I believe virtual appliances are here to stay and the easy of management and deployment is what makes them a very attractive form factor.