2

Our devs want to use virtual computers for dev, but the sysadmins can't have server os's on the network. Is there a resource that talks about locking down the Virtual Computers so that they can

  • Authenticate against AD
  • Not have internet access
  • Have settings and configuration be controlled by the sys admins, not the user
  • Have intranet access to hit Visual Source Safe

Question #1: Are the requirements possible with a single configuration?

Question #2: What are some search terms to use to find out more?

Question #3: Is there a definitive resource / authority?

More details:

Scenario 1: SharePoint development requires Visual Stuido to be installed on the server directly. From there packages are rolled up and sent to a staging, then production server. The dev needs to be an admin on Win2k3, but no Internet access, but intranet access for the source control / backup solution would be good.

Scenario 2: GIS devs want to replicate bug reports on various workstation OSs (win2k, XP, Vista) and fix those bugs. They require access to Visual Source Safe, but don't need server operating systems. Internet access isn't crucial

Scenario 3: Web devs just want a platform to test the staging and public internet sites with more browsers and OS than are allowed in our baseline. These machines would require Internet access, but not Intranet access.

MrChrister
  • 325
  • 3
  • 14
  • "the sysadmins can't have server os's on the network" - Why is this? Here, almost every developer runs Server 03 or 08 as their development machine... – Tom Ritter Apr 30 '09 at 19:29
  • Rules. The rules clearly state that server's can't be anywhere but the server room. A policy that won't change despite the lack of logic. – MrChrister Apr 30 '09 at 19:30
  • btw. VSS - Ew!!!1!! If you can't have servers outside of the server room, you probably can't ditch VSS either I guess. – BIBD Apr 30 '09 at 19:40

3 Answers3

3

This is pretty standard and basically follows how you would deploy physical servers with the same parameters.

  • Deploy a solution using Xen Server, Hyper-V, or VMware ESX Server.
  • Configure networking where they are on a separate subnet/VLAN.
  • Configure that subnet/VLAN to only have access to internal resources.
  • Settings/configuration for the virtualized hardware are controlled by the hypervisor, so you're good there. If you mean OS configuration, that's self-explanatory.
K. Brian Kelley
  • 9,034
  • 32
  • 33
  • So this will allow for the dev to use the virtual machine from their desk, or do we have to put additional machines at each desk that needs it? – MrChrister Apr 30 '09 at 19:31
  • They all provide tools which allow for "desktop" access to the servers. Alternately, you can use Remote Desktop from their desks. – K. Brian Kelley Apr 30 '09 at 19:44
  • MrChrister - you could have the Dev's desktop hosting the virtual servers (I do for some of my test environments). However, if the having a server class OS on the network is a no-no, then you are still left with hosting it on a physical server in the server room. – BIBD Apr 30 '09 at 21:01
1

Your dev's are going to hate you :)

I would do that by putting the host server on a non-internet accessible network (this you should be able to accomplish by configuring your routers); just like you would do with a physical development server.

As I recall, with MS Virtual Server (and probably VM-Ware and other competitors) you can configure the access that a user has to the host environment (e.g., can they create a guest instance, alter, view, etc.). The rest of the configuration would be on the guest servers. If you want them to have admin access, then you can do that.

Alternately, you could create an entire environment as a guest on the host server with guest instance of an AD server, development server, multiple testing environments, and even their own VSS server; all within one box.

BIBD
  • 1,866
  • 10
  • 30
  • 44
  • I am a dev, and yes I hate our admins (or the policies they enforce, the SAs are pretty good people). VSS needs to be accessible for the team. One use of the virtual is for bug testing, and the devs want to hit the VSS. I have updated the original question with more facts. – MrChrister Apr 30 '09 at 20:37
0

We host all of our development systems in the server room. Why virtualize on the desktop?

Scott Alan Miller
  • 497
  • 4
  • 7
  • Visual Studio must be installed on the same server as SharePoint 2007 for development. We have determined that we can't share servers between the devs until the code hits the staging servers. (MS best practice for SharePoint development) – MrChrister Apr 30 '09 at 19:52