To get a screencast version of this tip, click here.
Want to give your IT security or administrator staff access to Windows applications right in their preferred Linux desktop environment? Follow this tip and you can easily do this without needing to set up an expensive and complex Citrix environment. Also, did I mention that the following solution can be set up using free software?
Many networks today are heterogeneous environments consisting of many different operating aystems that are both Windows- and Linux-based. This is especially true with the advancements in virtualization technology. If you want a new operating system, just create a virtual machine (VM) and install or download a pre-configured virtual appliance. It is well-documented that VMs are a boon to developers and system testers. However, they can be a big help to network and security administrators as well.
Many network and security administrators want to use Linux as their operating system of choice due to the abundance of open source security tools available for Linux. But they still may need to run some Windows-only applications. So, their choices are to run a separate physical system or run Windows XP Professional as a VM on VMware Virtual Server for Linux.
I think that running Windows as a VM on VMware sounds like the smart thing to do if system resources are not a problem. Yet, having been in IT support roles for a while, I know that users, even network and security administrators, do not like to stray from the environment that they are comfortable with. If a Linux user needs to run some Windows applications, that user may not want to switch over to a Windows environment to run them, even if it is a virtual one. You could attempt to run WINE but this does not work with all applications.
People tend to be more productive with a workflow that they are used to. Often, technical staff such as administrators, security experts and programmers don't have enough hours in the day to accomplish all of the projects that they need to. Having these people switch between environments is not very conducive to productivity. Why should they have to switch from a familiar and comfortable Linux environment just to run a few Windows applications?
What if there was a way to publish an application on the Linux desktop via a remote connection protocol like Remote Desktop Protocol? I know that this sounds an awful lot like Citrix and, in fact, what I am proposing is similar. However, Citrix is expensive and seems to be overkill for just a few network/security administrators' laptops or desktops. This recipe consists of a laptop/desktop running Linux in a GUI with VMware Server, a Windows XP Professional VM and a product called 2X Application Server for Windows Terminal Services. Once you are done, you will have a Windows XP Professional VM running as a service and loaded with any applications that you may need.
Before I go on with the solution that I have in mind, I will lay out a few disclaimers. The solution was tested on Ubuntu Linux 6.10 (Edgy Eft) with VMware Server Version 1.0.1 build-29996 for Linux. The VM was Windows XP Professional SP2 that was not a member of an Active Directory Domain and 2X Application Server 4.1 was used with the client version for Linux being 4.1. Also, the 2X Application Server product is meant for Terminal Servers running Windows 2000 Server or Windows Server 2003 and is not officially supported with Windows XP Professional Remote Desktop. Both Windows Server 2003 and Windows XP Professional use the same version of RDP, so it would stand to reason that the 2X Application Server product could work on a Windows XP Professional machine. Perhaps if enough people find this solution useful, 2X software might consider officially supporting it in a future product.
The solution itself is relatively easy to set up. On Ubuntu 6.10 (Edgy Eft) I followed the directions to download and install VMware Server for Linux. The process consists of downloading the appropriate Linux kernel Header package using "apt-get," and then running the VMware install script.
You'll want both a bridged (or NAT network card) and a host-only network card on your Windows XP Professional VM so that you're not on your host machine having a network connection to run the Windows apps. The bridged or NAT network card will be used for access to the external network. The host-only network card will be used as a pipeline for the 2X Application Server in order to publish applications on the Linux host machine's desktop.
Basically, when I ran the "VMware-config.pl" script, I set up a bridged network interface and a host-only network interface. For the host-only network interface I took the default network of 172.16.59.0/24. After this was set up, I proceeded to create a Windows XP Professional VM like I normally would.
After the Windows XP Professional VM was created, I downloaded and installed the 2X Application Server version 4.1. The free perpetual license is for five connections to the 2X Application Server. Since this is for local use between the Linux host machine and the Windows XP Professional VM, there will be only one connection. The installation is pretty straightforward. Just follow the on-screen directions and take the defaults. Remember, you have to be logged on as a user with administrator rights on the local machine. When offered, I chose "Single Terminal Server."
Once you finish, you can launch the Configuration Utility.
Once you're in the configuration utility, it is time to set up some "published applications" by going to the publishing section of the console. These applications will be accessed from Linux using the 2Xapplicationserver client.
Select "Add…" and you will be presented with a "Type" window. Select "Application."
In the next screen, an example of publishing Microsoft Excel 2003 is shown. In the name field, you can call the "published" application anything you like.
Keep in mind that Linux will be case-sensitive when naming the application in the client. When you click next, you will be presented with a filtering screen. This allows you to filter the application availability based on user or computer accounts. Since you will be the only one using the applications locally, don't select anything on this screen. Just click "Finish."
Congratulations, you have published an application! Now, make sure that Remote Desktop is turned on by right-clicking on "My Computer" and selecting "properties." Go to the "Remote" tab and make sure that "Allow users to connect remotely to this computer" is checked. By default, the user that is logged on will have access to this computer via RDP when the box is checked. If you would like to assign a different user, just click on "Select Remote Users…" and add the account there.
This is all you need to set up on the Windows XP Professional side to test your newly published application. In my test, I also published "cmd.exe" so that I could run the Windows command-line from my Ubuntu desktop. The next step is to install the 2X application server client for Linux.
When the "2xApplicationServerClient.tar.bz2" package is downloaded, unzip it with "tar xvjf 2xApplicationServerClient.tar.bz2". This will produce output similar to the screen below.
As you can see, this creates a directory structure for the 2X client. Later, you can move these directories into one of your $PATH directories or adjust the $PATH variable accordingly. For my test, I just ran everything from the default directories. Navigate to the "opt/2X/applicationserverclient/scripts" directory (cd opt/2X/applicationserverclient/scripts). Make the "install.sh" script executable by typing "sudo chmod 755 install.sh".
Then, run the "install.sh" script by typing "sudo ./install.sh".
Now, the client is installed. Navigate to "opt/2X/applicationserverclient/bin" and run the client by typing "./appserverclient". This will display a list of options for the client as seen partially in the screen below.
I connected to the published application using the host-only IP address (172.16.59.128, in my case) for the Windows XP VM. The command is:
./appserverclient –s ip address of 2X server –u username –p password –a name of application as defined in the publishing setup
This command could easily be put into a separate shell script for each application that you would like to run. This way, you won't have to type out the command every time. An example of Excel 2003 running on my Ubuntu desktop is shown below.
I have a terminal open showing the result of a "uname –r" command to show that this is running in Linux kernel version "126.96.36.199-generic". I also published "cmd.exe". An example of running "winver" (Windows Version Information) and "sol.exe" (solitaire) from the command-line is shown below.
Users, especially those who work in IT departments, can be particular about their desktop environment. They are used to a certain environment. With this solution, you don't have to interrupt your workflow by switching environments if you need to run Windows applications. If you want this capability every time you boot your Linux machine, just set the VM to start when the host machine starts. Then, you won't have to leave your Linux desktop and use the VMware console just to run Windows apps.
Editor's note: After reading this tip, an IT manager asked for more information, saying:
"Your article 'Running Windows as a VM on Linux with VMware Server' is great. I completed nearly every step, apart from actually running a program. You say: "I connected to the published application using the host-only IP address (172.16.59.128 , in my case) for the Windows XP VM."
How do I know my IP address? I have no clue how to find it."
Harley Stagner responded, saying:
"In the beginning of the article when you go through the vmware-config.pl script, it asks you if you want to set up a host-only network. If you did this, then there should have been a default network associated with choosing to set up the host-only network. In my case, that network was 172.16.59.0 with a subnet mask of 255.255.255.0 . By default, VMware uses its own DHCP server to assign IP addresses on its host-only network. 172.16.59.128 was the IP address that was assigned to my Windows VM (virtual machine).
"To check the IP address of your Windows XP VM, just start up the VMware console and confirm which virtual network card is on the host-only network. Do this by choosing VM > Settings from the top menu. One of the Ethernet cards listed for the VM should be host-only. Now, log into the Windows XP VM, and open a command prompt. Issue an "ipconfig" command to see the IP address of the corresponding host-only network card. This is the IP address that you will use to connect to the published application."