Rangas : Administration
Grupės : Administration
Prisijungė : 1/27/2009
Žinutės : 670
Taškai : -2,112
Vieta : Vilnius
|
Appendix D:
Configure Virtual Server for Constrained Delegation
If you plan to store all of your resource files, such as virtual hard disk (.vhd) files and ISO image (.iso) files, on the computer running the Virtual Server service (Vssrvc.exe), you do not need to take additional configuration steps in order to begin using Virtual Server. If you store your resource files on a different computer, however, you must take additional steps to allow users to access the resource files. We will assume that the Administration Website and the Virtual Server service are installed on the same computer. (It is also possible that the Administration Website [VSWebApp.exe] is installed on a different computer than the Virtual Server service [Vssrvc.exe]. In this case, in order to allow users to access files on a remote computer, you must configure constrained delegation on the domain controller. This allows the credentials of the user who is logged on to the Administration Website to be passed to the computer that is storing the resource files, so that the user can access the files. In this scenario, you must use Integrated Windows authentication. Note that delegation does not work with Basic authentication.)
If the Administration Website and the Virtual Server service are installed on the same computer, it is only necessary to configure constrained delegation between the computer storing the resource files and the computer running the Virtual Server service.
Install Virtual Server 2005 R2 SP1
1. Complete the installation of Virtual Server as directed in Section 1 of this cookbook through step 3.
2. On the Configure Components page, either accept the default Website port value of 1024, or type a new value for the port, and then click Next. In this example we will use the default.
Select Configure the Administration Website to always run as the Local System account. This allows the most flexibility in accessing resources (particularly in a production environment).
Figure 124 Configure Components page
3. Complete the installation of Virtual Server as directed in Section 1 of this cookbook.
Allow Virtual Server to delegate user’s credentials
Next, allow the Virtual Server service to delegate the credentials of the logged-on user to another computer. This allows users to access resource files stored on a computer other than the one running the Virtual Server service.
1. On the domain controller, open Active Directory Users and Computers.
2. In the console tree, under DomainName, click Computers.
3. Right-click the computer running the Virtual Server service, and then click Properties.
4. On the Delegation tab, click Trust this computer for delegation to specified services only.
5. Click either Use any authentication protocol or Use Kerberos only.
6. Click Add, and then click Users and Computers.
7. Type the name of the computer storing your resource files, and then click OK.
8. From the list of available services, select cifs, and then click OK.
|
