Virtual IT Infrastructure Design
- Parallels Technology Network
RESOLUTION
I. Why a Virtual IT Infrastructure?
Efficient, effective IT infrastructures require constant organization and attention. Administrators must install and maintain multiple servers, configure networks, connect to the Internet, organize traffic accounting, create email services, and take care of the other seemingly endless array of tasks necessary to keep the business running smoothly.
What if these time-consuming and complicated processes could be streamlined? A Virtual IT Infrastructure (VITI) can help IT administrators consolidate servers and networks as well as simplify basic IT processes. Virtualization enables IT professionals to build small internal corporate networks with a full range of dedicated and secured services: boundary gateway for the Internet connection, DNS, DHCP, E-Mail, file storage and more – using only a single physical server.
By using Parallels Virtualization Technology in conjunction with Parallels Virtual Appliances, IT professionals can easily create complete, secure networks for small and medium businesses.
II. SMB IT Infrastructure
A typical IT infrastructure of a small-to-medium business (SMB) includes an external demilitarized zone (DMZ) and an internal corporate network (the Intranet).
An SMB's IT services can be divided into two major groups:
Services that can be used internally or externally
Services that can be used only internally
The DMZ contains:
DNS service
Mail service
Authorization service
VPN service (optional)
Web service (optional)
The Intranet contains internal-only services and workstations, including:
DHCP service
File service
Print service
Application (Terminal) service (optional)
Proxy service (optional)
Database service (optional)
Other services (optional)
This typical structure contains approximately ten physical servers, each dedicated to a different service, which requires a dedicated server resource. However, by leveraging the Parallels Virtualization Technology, IT administrators can consolidate all of the separate physical servers onto one single powerful server that will host several Parallels Virtual Appliances.
III. Basic VITI
A basic VITI is ideal for small businesses that simply do not have enough room to store multiple physical servers. A basic VITI is composed of five virtual appliances: Gateway, DNS Server, Mail Server, DHCP Server, and Storage. All five of these appliances are hosted on the same physical server.
There are three network segments in the VITI's configuration. (See the table below.) The Internet and Intranet segments are real segments and are connected to physical network interfaces. The third segment, DMZ, is a virtual segment and exists in a virtual machine (VM) only. The network segments are completely isolated from each other and do not interfere.
Network segment (type) | Address | PVA located in (network interface, IP address) |
|
|---|---|---|---|
The Internet (real) | any public IP assigned | Gateway (eth0, public IP) | |
Intranet (real) | 169.254.x.x | Gateway (eth1, 169.254.254.254) DHCP Server (eth0, random IP) Storage (eth0, DHCP or random IP) | |
DMZ (virtual) | 192.168.0.x | Gateway (eth2, 192.168.0.1) DNS Server (eth0, 192.168.0.2) Mail Server (eth0, 192.168.0.3) |
Any connections from DMZ and the Intranet to the outside world are hidden behind a single public Gateway IP address. By default, access from the Intranet to the Internet is granted for standard ports of WEB, ICQ, FTP, SSH and DNS. Any access to DMZ from the Intranet is allowed. External connections from the Internet to DMZ services are mapped to a specific PVA. For example, all SMTP packets are delivered to the Mail Server PVA. Any access from DMZ to the Internet is allowed.
Types of external connections supported by PVAs:
PVA Service | Protocol | Port Numbers |
DNS Server | UDP | 53 |
Mail Server | TCP | 25, 110, 143, 993, 995 |
PVA Hardware Resources Requirements
PVA | Memory (Mb) | HDD min (Mb) | HDD max (Mb) |
|---|---|---|---|
Gateway | 128 | 1024 | 1536 |
DNS Server | 32 | 512 | 576 |
Mail Server | 256 | 512 | 8704 |
DHCP Server | 32 | 512 | 576 |
Storage Server | 256 | 512 | 131584 |
Total | 704 | 3072 | 142976 |
Hardware requirements for this configuration:
- Intel Core 2 Duo processor with VT-X technology enabled
- 1 GB DDR2 memory
- The required capacity of hard disks depends on the number and types of PVAs you plan to install
- 2 physical network adapters
IV. How to Build a Basic VITI
The network has access to the Internet, DNS, DHCP, E-Mail, and file storage services. To build a basic VITI:
Choose a server with required hardware configuration.
Plug in a cable with the Internet access in the first network adapter and cable with the Intranet in the second adapter.
Install Parallels virtualization software. It is strongly recommended that you use a fault tolerance mechanism such as RAID1 (mirroring) for the PVAs' storage management.
Download the following PVAs from Parallels Virtual Appliances Directory:
Gateway PVA
DNS Server PVA
Mail Server PVA
DHCP Server PVA
Storage Server PVA
Copy these PVAs into a partition of the required capacity (minimum 3Gb).
Open the Gateway PVA VM configuration. Bind the first virtual network adapter to a first physical adapter that is connected to external line (the Internet) and the second virtual adapter to a second physical adapter that is connected to internal network (the Intranet). Start the PVA.
Bind the virtual network adapters in DHCP Server and Storage Server PVAs to the same internal physical network adapter for the Intranet connection. Start the PVAs.
Change the networking modes to Host-only Networking in both the DNS Server and Mail Server PVAs VM configuration, and start the PVAs.
Ensure that boot processes in all PVAs are completed and that the Administrator Interface URL is displayed on each PVA's text console.
Log into the Gateway PVA's Administrator Interface from Safari using Bonjour or the URL displayed by the PVA. Change network settings (IP address, mask, and default gateway). This enables the PVA to access the Internet using the settings provided by your ISP.
Log into the DNS Server PVA's Administrator Interface from Safari with Bonjour or the URL displayed by the PVA. Change the following network settings:
IP address: to 192.168.0.2
Network mask: 255.255.255.0
Broadcast: 192.168.0.255
Default gateway: 192.168.0.1
WARNING: Remember that the PVA's virtual network adapter is configured for Host-only Networking. You need to log into the Administrator Interface directly from the physical server. After changing PVA's IP address at steps 11 and 12, you cannot access the PVA from the Intranet until step 13 is complete.
Log into the Mail Server PVA as described above, and set the following network settings:
IP address: 192.168.0.3
Network mask: 255.255.255.0
Broadcast: 192.168.0.255
Default gateway: 192.168.0.1
DNS server: 192.168.0.2
Change settings of Parallels Host-Guest virtual network adapter in the physical server from being configured automatically by DHCP to the following static configuration:
IP address: 192.168.0.254
Network mask: 255.255.255.0
Log into the DHCP Server PVA, and set 169.254.254.254 as default network gateway address and 192.168.0.2 as DNS server IP address in DHCP Client Option configuration.
15. The Virtual IT Infrastructure is now complete! Now you can test it using any computer from the Intranet network.
By default, users will receive IP addresses from the 169.254.0.x range and have access to Internet, email, and file storage services. You can configure then E-Mail domains, mailboxes, DNS and any other settings as you want, using the PVA's Administrator Interfaces that can be browsed with Bonjour technology or with a direct URL from any workstation on the company's Intranet.
English
Chinese
French
German
Japanese
Russian
Spanish