SL:Virtual Machines

Aus Doc-Wiki
Zur Navigation springen Zur Suche springen

Current state


  • tmgsim1 - dead
  • tmgsim2 - dead
  • tmgsim3 - dead
  • tmgsim4 - Available, Windows/Gwdg
  • tmgsim5 - power down, Roman Seibel
  • tmgsim6 - power down, Udo Burghardt - useable by everyone
  • tmgsim7 - power down, Ansgar Kellner
  • tmgsim8 - power down, Youssef Shehadeh
  • tmgsim9 - power down, Saleh Al-Shadly
  • tmgsima - Available, Udo Burghardt
  • tmgsimd - Available, Omar Alfandi + Arne Bochem

Additional infrastructure machines:

  • slgm - Gateway
  • zabbix3 - Monitoring attempt
  • vma1 - vmware assistant

Virtual Machines - Windows 7

Quad Core, 6 GiB Ram. 32 GB Disk, transparent access to AFS Storage.


Example walkthrough with a windows machine:

Windows 7 Professional 64 bit,  english
Internal name: win7sim1
Manually set IP Address to / 16 on the first run.  Update 07.2011: DHCP delivers
Because this would NOT work with Qualnet (only 172.22./16 as client address range has been bought) switch to bridged mode and to DHCP with DNS tmgsim1.tmg.loc
Disable IPv6
Enable ICMP in Firewall
Enable Remote Desktop with "any version"
Install Firefox
Microsoft: 2 Important Updates
Microsoft: 62 (!) Important Updates in several steps
Install Notepad++ 5.8.7
Install Updatechecker 1.038
Firefox: Prefbar 
Activate Windows. Licenses are available  from MSDNAA
Install KfW 3.2.2 32bit + 64bit
Install Network Identity Manager 2.0.102 32bit + 64bit
Install OpenAFS 1.5.78 64bit
Change Computer Name --> UG-UMINTMGSIM1 to join Active Directoy
(The DNS Name stays tmgsim1.tmg.loc though!) Update 07.2011:
Join Active Directory (one needs to be a Domain Admin to do so)

Granted Remote Desktop manually (no groups mechanism available in AD for this task) access to:

  • akellne
  • oalfand
  • shartung
  • staheri
  • yelhajj
  • geyu -- local user account, no Admin. (Local due to problems with UG-STUDENT.)
  • uburgha
  • gtest2 -- user only, no Admin
  • c.wehrberger
  • pmemarm

I've put these five user accounts into group ADMINISTRATORS! This way it is possible to log in with gwdg\username also for administrative tasks.

Please note that only one single user can run a Remote Desktop session at any given time. If you want to share a single virtual machine you need to create yourself a schedule...

Installed Qualnet 5.0.1 connected to license server. Tested usage from a remote site as described below.

Multiple-User access

  • it is possible to run applications in the background without being logged in: you may close the Remote Desktop window and leave everything running!
  • ONLY ONE user can have an established Remote Desktop connection at any given point in time.
    • when a second user tries to connect the first one will get a message box.
    • the first user has the priority. He may simply deny lo loose his connection.
    • if that first user is not watching his terminal then an automatically implied answer is "yes, loosing the connection is ok for me"!
  • there are ONLY TWO Qualnet licenses. You need to talk with each other to schedule usage of these.

Remote Access from outside

The system is reachable only from inside the Institute's LAN.

The Remote Desktop inside the guest is configured in the default manner, listening on standard port 3389.

You may login to (Staff only. Students and staff may use and forward any unused local port (e.g. 12345) to   (Updated 07.2011)

The result is the same: with this tunnel established it is possible to use the standard Remote Desktop application to connect to localhost:12345.

For Linux run something like this:

~$ rdesktop  -u gwdg\\username  -g1200x1000  -a16   localhost:12345


Someone should be responsible for keeping the system up-to-date!

  • Udo, 26.04.2011
Several Windows Updates
Firefox 3.6.13 --> 3.6.16 --> 4.0
IE 9
Notepad++ 5.8.7 --> 5.9
Java -->
  • Udo 07.2011 Network jumping --> 192.168.22.x



ESXi: once again Windows 7 Prof, english, 64bit, new installation because the Migration from the old Virtualbox-Containers is not as simple as expected...

Fresh Installation 
(was temporary, now
Qualnet 5.0.2
Integration in Gwdg / Active Directory
Enable Remote Access for individually picked accounts
Enable All ICMPv4 (for ping-Tests)

Remote Access is granted only for a few users:

C:\Users\lu>net localgroup "Remote Desktop Users"
Alias name     Remote Desktop Users
Comment        Members in this group are granted the right to logon remotely


The command completed successfully.

Administrator rights may be granted on demand ---> User:Burghardt

Roman Seibel:

Ubuntu 11.04 Natty Server, 64bit, 4GiB Ram, Dual Core, 16GB Disk


Ubuntu 11.04 Natty Server debian Squeeze, 32bit, 1GiB Ram, Dual Core, 8 GB Disk
  • useable by everyone, including OpenAFS $HOME
~$ ssh -p 22222's password: 
Linux tmgsim6 2.6.32-5-686 #1 SMP Sun Sep 23 09:49:36 UTC 2012 i686
ub@tmgsim6:~$ pwd

Ansgar Kellner:

Ubuntu 11.04 Natty Server, 32bit, 4GiB Ram, Dual Core, 12 GB Disk

Youssef El Hajj Shehadeh:

Ubuntu 11.10 Oneiric Server, 32bit, 2GiB Ram, Dual Core, 32 GB Disk
# host has address

Local accounts only (no ldap/kerberos/...)

Saleh Al-Shadley:

Ubuntu 11.10 Oneiric Server, 32bit, 1GiB Ram, 8 GB Disk


Udo Burghardt

02.2014: Linux simulation machine. Omar Alfandi / Arne Bochem

Requested configuration: 6GiB Ram + 100 GB disk -- this a "no backup" system.


  • 2 * Dual Core Xeon @ 2.4 GHz (= four cores)
  • 4 GiB Ram (6 GiB requested, will only deliver if machine does actually swap.)
  • 4 GB disk for operating system
  • 100 GB disk for simulation data, mounted on /srv

Though Ubuntu 14.04 is not finished yet I decided to give it a try

server-amd64-daily-build-20140207.iso has address

Local (installation-time) user: lu

echo "apt-get update && apt-get -d -y dist-upgrade">/usr/local/sbin/gu && chmod +x /usr/local/sbin/gu
apt-get dist-upgrade 2>&1 | tee -a /var/log/apt/apt-get-upgrade_$(date +%F).log
apt-get install htop jed mc lsof uptimed screen byobu molly-guard update-notifier-common exim4
apt-get install libnss-ldap libpam-ldap auth-client-config ldap-auth-client ldap-auth-config
apt-get install krb5-config  krb5-user krb5-multidev libpam-krb5 openafs-krb5 
apt-get install openafs-client openafs-krb5 nscd
id user # funktioniert
kinit user # funktioniert
aklog # funktioniert nun
scp* /etc/pam.d/
apt-get install libpam-afs-session
apt-get install libpam-ck-connector libpam-cap


~$ ssh pwd's password: 

Access restriction: access granted for all senslab user:

cat /etc/security/access.conf
+:senslab tmg admins:ALL                           

getent group senslab

Is the above list real??? Who is responsible for removing them??? -- tell Udo

root access granted via sudo:

getent group sudo


df -h |grep sd
/dev/sda1       3.9G  1.3G  2.5G  35% /
/dev/sdb1        99G   60M   94G   1% /srv


  • "ssh user@tmgsimd" takes very long to display the password prompt. Obviously it runs into a 30 second timeout. But what is it waiting for?

See also