Web Self Service Admin Guide

Citrix XenServer Web Self Service Admin Guide

Version 1.0.1


Version: 1.0.1

Copyright and Trademark Notice

Use of the product documented in this guide is subject to your prior acceptance of the End User LicenseAgreement. A printable copy of the End User License Agreement is included on your product installation media.

Information in this document is subject to change without notice. Companies, names, and data used inexamples herein are fictitious unless otherwise noted. No part of this document may be reproduced ortransmitted in any form or by any means, electronic or mechanical, for any purpose, without the expresswritten permission of Citrix Systems, Inc.

© 2010 Citrix Systems, Inc. All rights reserved.

All trademarks and registered trademarks are the property of their respective owners.

Trademark Acknowledgements


Citrix Systems, Inc.

Contents

Citrix Systems, Inc. 3

Contents

1 Introduction to Citrix Web Self Service 4

2 Understanding Workspace 5

3 Managing Pools 8

4 Adding Users 10

5 Managing Role Based Access Control 13

6 Configuring Settings 17

7 Managing Appliance 19

8 Sharing VMs 20

9 Understanding Tags 22

10 Troubleshooting 24

Chapter 1 Introduction to Citrix Web Self Service


Introduction to Citrix Web Self Service 1

XenServer Web Self Service is a Web based virtual machine management console for XenServer 5.6and 5.6 FP1 versions.

nIt enables Citrix XenServer administrators to:

· Delegate access to individual virtual machine guests to end-users,

· View consolidated virtual machine guests from multiple resource pools,

· Perform basic life cycle operations such as Start, Stop, Suspend and Reset on virtual machineguests,

· Remote login (VNC for Linux Guests and RDP for Windows Guests) to the virtual machineguests.

XenServer Web Self Service users can view VM consoles, Start, Stop, Suspend and Reset theirvirtual machines. It also provides a way to meet communication needs between user andadministrator to satisfy IT provider objectives.

XenServer Web Self Service is packaged as a XenServer Virtual Appliance which can be importedinto XenServer Pool. See XenServer Web Self Service Installation Guide for more details.

Web Self Service manages XenServer tags to establish relationship between users and virtualmachines in Citrix Xenserver Pool. XenServer Tags enable you to identify your resources in newways. Tags are like keywords or labels, and they allow you to rearrange your view of resourceswithin XenCenter depending on criteria that are important to you, such as application, location, costcenter, owner, or lifecycle stage. Fore more information on tags, refer to Understanding Tags.

After importing the Web Self Service, Login to the Web Self Service and follow the simple threesteps to complete the setup process.

1. Add a pool. Refer to Managing Pools.

2. Add users. Refer to Adding Users.

3. Share VMs with user. Refer to Sharing VMs.

You may follow the Installation Checklist section of the Admin Homepage.

This document assumes that the reader is familiar with Citix XenServer technology.


Citrix Systems, Inc.5

Understanding Workspace 2

Workspace page appears as soon as you login to Web Self Service. It shows thumbnails of all VMson XenServer pools added to Web Self Service. You can do all the power operations (Start, ShutDown, Reboot, Suspend) on these VMs and can interact with the console of the VM through eitherRDP or Web Console.

When administrator adds a pool to be managed in Web Self Service, it discovers all the virtualmachines visible to the pool automatically. The meta data and the thumbnail of each virtualmachines are displayed in the workspace page.

The virtual machine meta data includes:

· Memory,

· CPU,

· NIC,

· Storage,

· Tags,

· Other tags.

Workspace screen has several screen elements which will allow you to share the VMs, search forVMs by their names and filter names by pool or users. The different screen elements of theWorkspace page are as follows:

1. Search - You may search for the VM by its name or the OS associated with it.

Search

2. Filter - You can filter VMs in the Workspace by users or/and pools.

Chapter 2 Understanding Workspace


Filter

3. Share - You may share the VM with other users.

share and disable

4. VM Interactive Operations - You can Start, Shutdown, Reboot, Shutdown and Suspend VMs.You can also interact with the console of the VM through RDP or Web Console directly fromhere. The VM should have XenTools installed to display all the IP addresses in RDP flyoutmenu.

Power operations

The homepage of the Web Self Service with all the screen elements. XenServer hidden VMs will alsobe visible to the admin user in Web Self Service.

Workspace

The left pane provides links to important functions Web Self Service. The left pane has Overviewand Manage functions.

Overview

The Overview menu provides these links:



· Workspace - Lists all the available VMs on the XenServer hosts configured in Web Self Service.

· VM Requests - This will show the pending VM requests of users. The admin may allocate VMs tothem based on their requests. This can be disabled from the WebUI by the admin.

Manage

The Manage menu provides these links:

· Pools - This will list all the XenServer pools added to Web Self Service. Admin may add newpools, disable or delete existing pools. For more information on adding pools, refer to ManagingPools.

· Users - This will list the users that are added. You may individually add users or import all usersregistered with XenServer Active Directory. For more information on adding users, refer to AddingUsers.

· Install Checklist - Assist you to complete your installation with the statuses and the descriptionsof various steps.

· Task logs - Shows the chronological list of the events initiated by users. You may search or filterTask logs by user, pool name or status of the event.

· Settings - You can configure different aspects of the product like Workspace Page Settings,SMTP email and VM request settings.

· Appliance - You can perform different admin related tasks like backing up and restoring DB,collecting logs, configuring static IP address etc...

Chapter 3 Managing Pools


Managing Pools 3

XenServer pools added to the Web Self Service are listed under Pools. If you are using ADauthentication, you will need to designate one of the pools as the Authentication Pool. You maylater change the Authentication pool.

Editing Pool information

Pool details

The following options can be configured for every pool in Web Self Service.

· Edit - If the pool master IP address has changed, this allows you to provide the new pool masterIP address. However, changing the pool master IP address here does not alter anything in theXenServer pool.

· Scan ISOs - Allows you to scan ISO files placed in the pool storage.

· Tags - This allows you to create new tags, replace an existing tag and delete tags for all VMs in apool.

· Disconnect - Disabling a pool will prevent all users(including admin user) from viewing consolesof VMs that belong to the pool. The VMs will continue to run in XenCenter.



· Remove - Deletes the pool from Web Self Service. Users will not longer be able to access VMson this pool through Web Self Service once the pool is deleted.

· View Details - Lists the details of the pool like number and the details of the hosts in the pool,ISOs placed in the storage of the pool and so on.

· View Task logs - Shows all the tasks performed on the pool.

· View Diagnostics - Shows the diagnostics information of the pool.

Adding Pools

You may add XenServer pools to the XenServer Web Self Service by providing the Pool Master IPaddress and login credentials.

If you are using Web Self Service with more than one pool, only one pool needs to be joined to thedomain and designated as the Authentication Pool. Web Self Service will the use AD details ofonly this pool for authentication.

Chapter 4 Adding Users


Adding Users 4

User authentication is configured either to use the built-in database or through XenServer ActiveDirectory. This is done while setting up XenServer Web Self Service and cannot be changedthereafter.

If you choose to use built-in database, you will need to manually create username and password forevery user.

If you choose to use the XenServer Active Directory Authentication, you will need to ensure thatXenServer is joined to the Active Directory domain. Users can be added in XenServer Web SelfService only if they belong to the Active Directory Users in XenCenter either as a part of a group oran individual user.



XenServer Active Directory

You can configure Web Self Service to allow XenServer AD users to automatically login with their ADcredentials without having to add each user in Web Self Service. You can enable auto-login from the Server Settings.

In such a case, the user is automatically created in Web Self Service on first login. If the AD usersare not configured to auto-login, the AD usernames should be added manually.

Managing Users

Once users are added or imported, they will be listed in the Users section of the Web Self Service.You may change the admin password. Changing admin password from here will not change theroot password of the appliance. You will need to login to the appliance as root and change it fromthere using the command passwd.

Chapter 4 Adding Users


Users screen Web Self Service configured with AD

You may disable or remove users from the Users list. If you Disable a user, that user will not beable to login to Web Self Service and the admin will not be able to share VMs with him. This userwill be listed as Disabled in the Workspace of the admin user like shown below.

Disabled users

You may also view information about the tasks performed by a particular user and the VMs sharedto him.

If you are using Active Directory as the authentication mechanism and a user gets deleted in theXenServer AD, you will have to delete that user from the Web Self Service from here.



Managing Role Based Access Control 5

WSS Users acquire Web Self Service permissions through their assigned role in XenServer. WebSelf Service leverages XenServer's Role Based Access Control (RBAC) which maps the roles definedfor the Active Directory users in XenServer to Web Self Service roles. The following tablesummarizes the mapping of XenServer Roles to WSS Roles:

XenServer Roles WSS Roles

· Pool AdminWSS Admin

· Pool OperatorWSS Operator

· VM Admin

· VM Operator

· VM Power Admin

· Read Only

WSS User

· No RoleWSS User

Note: The user admin is the local admin who has "WSS Admin" role for all the managed pools inWSS. If the user has not role assigned in XenServer AD, the user gets the default "WSS User"role in Web Self Service.

Chapter 5 Managing Role Based Access Control


The following table summarizes which permissions are available for each role. For details on theoperations available for each permission, see Definitions of permissions.

Role PermissionsWSS

AdminWSS

Operator

WSSUser

(on shared VMs)

Pool Management þ ý ý

User Managemet þ ý ý

View VMs in Workspace þ þ þ

VM Access Control þ þ ý

Change Auth Pool þ ý ý

Logout active user sessions þ ý ý

VM Basic Life Cycle ControlOperations þ þ þ

VM Change CD media þ þ þ

View VM Consoles þ þ þ

View All Task Logs þ þ ý

Manage VM Requests þ þ ý

Control Appliance Networking þ ý ý

Backup and Restore þ ý ý

Download Support Logs þ þ ý



Definitions of permissions

The following table provides additional details about permissions:

Permissions Allows Assignee To

Pool Management

· Add a pool· Delete a pool· Edit pool username, password· Disconnect a pool· Reconnect a pool

User Managemet

· Add a user· Delete a user· Change password of a user · Enable a user· Disable a user

View VMs in Workspace· View VM Configuration details· View VM history

VM Access Control· Share a VM with a user· Unshare a VM from a user

Change Auth Pool· Change the authentication pool of the

Web Self Service

Logout active user sessions

· View active users logged in to WebSelf Service

· Logout all active users sessions

VM Basic Life Cycle Control Operations

· Start a VM· Stop a VM· Suspend a VM· Resume a VM· Reset a VM

VM Change CD media· Eject a CD· Attach a CD

View VM Consoles

· View VM Web Console· View RDP Console· View VNC Console· View Thumbnails in Workspace

View All Task Logs · Read all task logs

Manage VM Requests· Mark a request as read· Mark a request as unread

Control Appliance Networking

· Configure IP Settings for the Web SelfService

· Change the Listening NIC of Web SelfService

· Change the hostname of the Web SelfService

Chapter 5 Managing Role Based Access Control


Backup and Restore

· Take a backup of Web Self Service· Restore Web Self Service from a

backup

Download Support Logs · Download support log files

Note: If the same user has different roles across multiple pools, then, Web self service will honorpermissions on pool based on the roles defined for that pool. For example, If the user "A" is a pooladmin of Pool "P-A" and the same user is having "VM Admin" role for Pool "P-B", and ifauthentication pool is set to then pool "P-A", then, when user "A" logs into WSS, he can view allthe VMs of "P-A" and only shared VMs from "P-B".

The user role can be seen on the right corner of their Web Self Service Web UI.

If you are using built-in database for user creation, all the users except the admin user will beallocated WSS User role.The admin user will have the Local Admin user role.



Configuring Settings 6

The configuration settings are divided into different functions.

Server Settings

· Authentication Mode: Shows the authentication mechanism used for Web Self Service. This isconfigured at the time of installation and cannot be changed there after.

· Login Session Timeout: You may configure the session timeout for users.

· Allow Weak Passwords: Allows weak passwords for users.

Workspace Page Settings

· Auto Refresh: You can configure the browser refresh rate of the Workspace webpage.

· Thumbnails: You can disable thumbnails on the Workspace page. Disabling thumbnails willreduce load on the virtual appliance.

· Thumbnail expiry time: VM thumbnails will expire and will not be displayed after this timeinterval. A new thumbnail will be fetched only if the user is viewing the Workspace.

· Details Column (Default): You may remove VM details like RAM, network, disk space, IPaddress etc from the user homepage.

· Sharing Column in Workspace for Non Admin: You may show sharing related information fromthe user homepage.

VM Requests

· Enable VM request feature: This enables users to place VM requests. Disabling this option willhide the VM Requests option from their page.

· Request Template: You can use the default VM request template or you can customize thedefault template. Enable and Save this setting to edit the default template from the Settings page.Since VM Request template customization is done by editing HTML, ensure that the HTML codechange does not compromise security.

Email Notification

Chapter 6 Configuring Settings


· Send Email: Admin user will get email notifications when the users place VM requests.

· SMTP Server: Specify the SMTP server address that will be used for sending mails.

· SMTP Port: Specify the SMTP port number in the field.

· SMTP Login: Specify the login ID that will be used to login to the SMTP server.

· SMTP Password: Specify the password of the login ID that will be used to log in to the SMTPserver.

· Admin's Email Address: Notifications will be sent to this address.



Managing Appliance 7

The Admin tasks are divided into Networking, Backup-Restore, and Support.

Server Information

Shows the current version of the appliance, time and lists all the user sessions.

Networking

· Listening interface - Default configuration listens on all IP addresses associated with the virtualappliance.You can configure it to listen only on a preferred IP address.

· Interface - Allows you to configure the Web Self Service virtual appliance IP address as static orDHCP.

· Hostname - Change hostname for the Virtual Appliance.

Backup and Restore

· Backup database - Allows you to back up the pre-packaged Web Self Service file baseddatabase and the security related files at any point in time. Once you have taken a backup, youare advised to download the backup file and archive for future use.

· Restore database - Allows you to upload the backup file created in the previous step. This willonly restore the database and will not alter the states of XenServer pool or VMs.

Support

· Support Logs - You can download the logs for the virtual appliance.

It will also provide information about Database Type, Database Version, Linux Version, SchemaVersion, WebServer and Diagnostics of the appliance.

Chapter 8 Sharing VMs


Sharing VMs 8

VMs can be shared to the users of XenServer Web Self Service by using the Share functionalityfrom the Workspace page.

For example: In the below given screenshot, the VM Windows Server 2003 is shared with users avinash, arun, subodh.

User tags

The sharing functionality is implemented in Web Self Service through tags in XenCenter. When youshare a VM with a user in Web Self Service, a tag with the name of the user is created in theXenCenter. In the below given screenshot, the tags ssuser:avinash, ssuser:arun andssuser:subodh are created in the XenCenter when the VM is shared with this user in Web SelfService.



Tags created in XenCenter

If you remove or disable this tag from the VM in XenCenter, the VM is automatically unshared fromthe Web Self Service as well.

Chapter 9 Understanding Tags


Understanding Tags 9

You can create tags and assign them to VMs in XenCenter. These tags are listed in the Detailssection Web Self Service.

Tags

Web Self Service uses tagging functionality in XenCenter to to indicate sharing of VMs to users inXenServer Web Self Service. XenServer Web Self Service automatically creates three types of tagsin XenCenter.

· ssuser:<user> (e.g. ssuser:mark) - This tag indicates that the VM is shared to the specifieduser. If you remove this tag in XenCenter, the VM will no longer be shared to the user in Web SelfService. You may create tags for VMs in XenCenter with this format even if the user is not addedto the Web Self Service. If this tag exists, the VMs are shared with the users when they areadded.

Dormant Users

If the VM has a ssuser:<user> tag and <user> has not been added to in Web Self Service, this isshown as a Dormant user in Workspace. If you later add the user in Web Self Service, this tagwill take effect and result in the VM being immediately shared to the user.

In the below given screenshot, the VM is tagged with ssuser:anil but anil is not added as a userin Web Self Service. So anil appears as a dormant user for that VM. The admin may add anil asa user in Web Self Service and the VM gets shared to this user automatically.



Dormant tag

· ssattrib:hide – This tag indicates that the VM should be completely hidden in Web Self Service.This VM will not be shown in the Workspace even to the admin.

· ssattrib:disable - This tag indicates that the VM should be hidden from end-users in Web SelfService. This tag is added to the VM if the admin disables the VM in the Workspace. If youremove this tag in XenCenter, the VM will be enabled in Web Self Service. This feature allowsadmin user to remove VMs from the Workspace of non-admin users for maintenance activities likeinstalling patches or recovering from virus attacks.

Chapter 10 Troubleshooting


Troubleshooting 10

The following tools and information help you to diagnose and troubleshoot possible Web Self Serviceissues.

Collecting Log Files

1. Login to the Web Self Service Web UI as admin.

2. Go to Appliance.

3. Click Download under the Support > Support Logs section.

4. Save the file XenServer Web Self Service_logs_YYYYMMDDHHMMSS.gz.

Alternatively, you may also login to the Web Self Service appliance console from XenCenter, thenzip contents of:

· /var/log/sse directory,

· /root/ssedata directory.

Diagnostics information

Diagnostic information provides details about Appliance Memory Free/Used Memory, List ofprocesses running in the VM (top output) and the page average response time for the last 5 mins.

1. In the Web Self Service Web UI, go to Appliance.

2. Click on View under the Support > Diagnostics section.



Tracking Web Self Service Performance using XenCenter

Performance tab in XenCenter

Pool Diagnostics information

Click on Pool > <select pool> > View Diagnostics from the flyout of pool name. This information inthe Web Self Service Web UI is useful to understand:

· When network connection is lost and when recovered?

· Change is Pool Master IP address;

· Change in credentials;

· When was pool disabled and enabled ?

· Other intermittent errors.

Chapter 10 Troubleshooting


Pool Diagnostics

Task Log information

This information in the Web Self Service Web UI is useful to understand:

· Lists down various admin/user initiated tasks and its statuses.

· If the task resulted in error, then, if it is interpretable by WebSS, then a valid message is given.

· Otherwise, the Error code returned by XenServer is displayed.

Task log screen



This page is intentionally left blank.

4/25/2011, 6:15 PM

Web Self Service Admin Guide

Documents

Transcript of Web Self Service Admin Guide