July 15, 2009

HOWTO: VMWare Server 2, Disable Web Server Interface

Here I am, back again with episode 2 of VMWare Server, if you've already read HOWTO: Install VMWare Server 2, I guess you've a linux server with VMWare 2 up and running.

First thing I did after my installation was to reboot the machine to see memory usage and look at security issues. With no surprise I've seen Virtual Infrastructure Web Access enabled and when using netstat -a to see opened ports I've seen few more ports opened by VMWare webserver interface (apache tomcat and catalina folks laying around), I've previously used VMWare Server on a Windows desktop machine and I've already seen it.

When I create a system I always adopt the golden rule: "If you don't have it, you don't break it" and I tend to build servers with the fewest services as possible, this is for saving memory resources, CPU cycles and getting top performances from the machine I've (Gentoo/Debian/Slack users know what I mean); and even: Closing TCP ports is my first task when I want to start to secure a site (the less ports opened, the best control you've)

As most of VMWare users I'm really upset with the web interface: it's ugly, slow and too classy, I always prefer the "dirty and fast" approach, VMWare management console (from version 1.x) was simple, beautiful and damn fast, when I've tried Virtual Server (from Microsoft) I've told: "I'll never use it, I hate web interface for these things". So when evaluating VMWare Server 2 i was impressed by fewer limitations, 64bit support and other things; but the web interface is one of the most important disadvantages

After a good search I've seen you can control VMWare Server with VMWare Infrastructure Client (VIC) used mainly by VMWare commercial products; as you can read from my previous post I'm not so happy about it because the client is windows only (at the moment), but at least is fast and you'll save hundreds of megs of RAM for Apache/Tomcat/Catalina web interface on the server side.

I've seen different methods to disable VMWare Server WebAccess, after reading init files here's my solution, I think it's the simplest, you only need to comment one line.

Locate your VMWare init script (/etc/init.d/vmware on Debian and Gentoo, a quite common name for other distros as well), here's original VMWare code:

service_vmware_mgmt() {
# See how we were called.
case "$1" in
start)
if [ "`vmware_product`" = "wgs" ]; then
echo 'Starting VMware management services:'
vmware_start_hostd
vmware_start_webAccess
#clean up output from webAccess
echo
fi
;;
stop)
if [ "`vmware_product`" = "wgs" ]; then
echo 'Stopping VMware management services:'
vmware_stop_webAccess
#clean up output from webAccess
echo
vmware_stop_hostd
fi
;;
restart)
"$SCRIPTNAME" stop && "$SCRIPTNAME" start
;;
*)
echo "Usage: "$BASENAME" {start|stop|restart}"
exit 1
;;
esac
}

Here's modified code:

service_vmware_mgmt() {
# See how we were called.
case "$1" in
start)
if [ "`vmware_product`" = "wgs" ]; then
echo 'Starting VMware management services:'
vmware_start_hostd
# vmware_start_webAccess
#clean up output from webAccess
echo
fi
;;
stop)
if [ "`vmware_product`" = "wgs" ]; then
echo 'Stopping VMware management services:'
vmware_stop_webAccess
#clean up output from webAccess
echo
vmware_stop_hostd
fi
;;
restart)
"$SCRIPTNAME" stop && "$SCRIPTNAME" start
;;
*)
echo "Usage: "$BASENAME" {start|stop|restart}"
exit 1
;;
esac
}

So just comment out one line (line 1191 on my file) when you see "vmware_start_webAccess" and you're set. I'll suggest you to keep function server_vmware_mgmt() running, just comment the line for disabiling web server startup

In this mode you'll save plenty of ram on server and avoid to use the webserver interface, Infrastructure Client is better and fast, if you work on guest machines as developer you'll notice the difference by accessing your machine through the VIC instead of the web interface

 

Hope it helps someone

Ben

Click Here!