Setting up Host to Guest Network Communication in Oracle VirtualBox

I've been using Oracle VirtualBox (of former Sun Microsystems fame) to host my Virtual Machines ("VMs").

In this post, I use the following definitions

• Host: The laptop/desktop/system that hosts one or many VMs (Guests). This is typically the main system where the Virtual Machine software itself is installed that allows a VM to access and share the Host infrastructure.
• Guest/VM: The Guest or Virtual Machine that "runs on" the Host and which feeds off the Host computing infrastructure (CPU, RAM, HDD etc.). 

Once I get the everything installed and humming in the VM, it's sometimes inconvenient to keep switching between the Host and various Guests when I need to access applications or get other things done.

VirtualBox does provide an option to make things easier using a feature called "Seamless Mode". However, I primarily use my VMs to host server applications, most of which can be accessed, administered and configured using a web browser and development tools like SQLDeveloper, Eclipse etc.

Wouldn't it be nice to stay within the confines of the Host - including using the Host web browser, development tools and utilities without switching to the Guest?

A good way to do this is to configure the network in a way that it allows the Host and Guests to communicate seamlessly.

So how do we do this? In my example, the Host is a Windows 7 (Enterprise Edition, SP1) OS which has VirtualBox 4.2.18 installed and I have the following setup on a Guest/VM:

• Windows 2008 Server (R2 SP1)
• Oracle Database installed and configured on port 1521
• Oracle Enterprise Manager (accessible via a web browser) configured on port 1158

First, gather the following information

IP address of the Guest/VM: Access your Guest/VM OS command line and execute ipconfig.

Find a section similar to:

C:\Users\GuestUser>ipconfig

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : abc.def.ghi.jkl
   Link-local IPv6 Address . . . . . : fe30::f373:46d7:d443:915711
   IPv4 Address. . . . . . . . . . . : 10.0.2.15 This is the address you are looking for
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.0.2.2

Now, find the IP address of the Guest as seen by the Host: Access your Host OS command line and execute ipconfig. You will see information about all your network adapters, but you want to specifically find the VirtualBox adapter:

C:\Users\HostUser>ipconfig

Ethernet adapter VirtualBox Host-Only Network: This is the adapter you are looking for

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::da97:4432:gf05:785a%28
   Autoconfiguration IPv4 Address. . : 169.254.110.92 This is the IP you are looking for
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :

What this means is the Host communicates with (or "sees") the Guest/VM using 169.254.110.92 and your Guest uses 10.0.2.15 internally. This is important, because what it means is even though your Guest/VM thinks its IP is configured and set up as 10.0.2.15, this is not what your Host can "see" or access.

So now, we've got to make sure when we access the IP that the Host can "see", it should tell the Guest/VM that you want to access services that it hosts. To do this, we need to configure "Port Forwarding" in VirtualBox.

To configure this in VirtualBox, launch Settings > Network > Port Forwarding

Port Forwarding simply bridges the gap between the two IP addresses above. It receives the request on the address the Host can "see" (169.*), and patches it through the Guest IP address (10.*) and vice versa. I've used the port of 1158 since that's the port Oracle Enterprise Manager listens on within the Guest/VM. You can use 80 for example if you want to access a website hosted on your Guest/VM or 1521 if you want to access an Oracle Database etc.

Now, if you access this IP:Port using a web browser on your Host, you should be able to access the application hosted on your Guest/VM and you do not need to switch to your Guest/VM each time.

This is what you would see you your Host now:

If this doesn't work, it may be that you have an active firewall setup on your Guest/VM that is rejecting inbound requests. Remember - your Guest/VM is a full OS that behaves as if your Host is just another computer trying to access it and so if it has an active firewall, will protect itself against the Host.

To get through this, access your Guest/VM firewall

Now, create a firewall "allow" rule for this port (I called this rule "Oracle Database Enterprise Manager"). The rule should simply allow inbound connections requesting access. (You can start with allowing all IPs, but a recommended practice is to restrict it to the IP of the Host)

That's it!

I don't like accessing applications via IP that much (too many numbers to remember!). So, on my system I also configure a "forced DNS" on my Host. You don't need to do this if you are ok accessing via IP.

On your Host, Access your hosts file located at C:\Windows\System32\drivers\etc

Add something like this line and save the file:

169.254.110.92 guest.virtualmachine.com

What you've essentially done now is this:

• Host browser tries to access guest.virtualmachine.com
• The hosts file resolves this name to 169.254.110.92
• The request goes to the Virtual Host Adapter on 169.254.110.92
• VirtualBox looks at its "Port Forwarding" setting and patches the request to 10.0.2.15
• The Guest/VM firewall looks at the inbound connection and allows it through
• Your Host browser is now connected to application on Guest/VM

Mobile Security - An Enterprise View

A new post on mobile security.

Mobile Security: An Enterprise View by Gilson Wilson

Oracle Fusion Middleware 11g: Identity & Access Management

In process of installing Oracle 11g Identity Manager. It leverages the Oracle Universal Installer (OUI).

Downloaded Package: ofm_iam_generic_11.1.1.3.0_disk1_1of1.zip

After extracting the zip file, when I execute setup.exe from the Disk1 folder, kept getting a prompt asking for the JDK/JRE location after which it would just shut down with no indication of reason for failure.

I did have JAVA_HOME, ORACLE_HOME, PATH environment variables updated - so wasn't sure what the reason was.

Anyway - found out that this is just a installer bug. It should work if you command prompt in to the Disk1 folder and execute this statement instead of launching setup directly.

setup -jreLoc c:\java\JDK

Google Search Fade-In: Privacy Issues

Ever wonder what the real reason could be for Google's Search fade-in effect? There have been arguments back and forth on aesthetics and animations etc.

My theory is that it allows Google to track your searches and build a better profile of it's users. How you ask?

Well - Google's "Web History" feature can be switched off making sure that your search habits are not tracked. However, if you are logged in to any of Google's services (like GMail, Picasa etc.) and then use Google search, your queries CAN be tracked..

Typically when I hit google.com and if I noticed that I'm logged in, I click "sign out" immediately and THEN search. But because of the fade-in effect, most people would type their search request in and later realize they were actually logged in. It's a pretty clever (and sneaky) way to make people search and not realize they are indeed logged in and therefore identifiable.

Shutdown/Startup scripts for Microsoft Exchange Server 2010

OS: Microsoft Windows Server 2008 R2 Enterprise (64-bit)
Microsoft Exchange Server 2010

Most of my work being in Identity Management, I usually try to load as many components as I can onto a single virtual machine instance. For example: Having Oracle Identity Manager alone doesn't help me much, unless I can test provisioning to Active Directory, Exchange, Oracle Database etc.

However, the downside is that each of these services typically use a LOT of memory and so I usually install them and shut them down till required. Most services (like an Oracle Database) are easy to bring up when necessary. However, I didn't find an easy way to shut down or start up Exchange services and so decided to write my own - especially since there are about 23 services that Exchange runs! I also didn't want to have a script shutting down each of the services individually.

From what I was able to analyze, the service hierarchy is as shown below.

• Microsoft Exchange Active Directory Topology Service
• Exchange Address Book Service
• Exchange Anti-Spam Update
• Exchange EdgeSync Service
• Exchange File Distribution Service
• IMAP4
• Mail Submission
• Mailbox Assistants
• Mailbox Replication
• POP3
• Protected Service Host
• Replication Service
• RPC Client Access Service
• Search Indexer
• Service Host
• Throttling
• Transport
• Transport Log Search
• Forms-Based Authentication Service
• Exchange Server Extension for Windows Server Backup
• Exchange Monitoring Service
• Exchange Information Store
• Exchange System Attendant

As you can see, just shutting down the AD Topology Service also shuts down 17 associated services with it. This leaves 5 other services to be shut down separately and allows me to write a simpler, smaller script file.

Type the following into notepad and save it as a .bat file and execute.

net stop MSExchangeADTopology /y
net stop MSExchangeFBA
net stop wsbexchange
net stop MSExchangeMonitoring
net stop MSExchangeIS
net stop MSExchangeSA

Memory usage with Exchange running: 1.09GB
Memory usage after Exchange was shut down: 552 MB

That saves me a cool half gig of RAM! :-)

Funny

Tip: Installing a 64-bit Virtual Machine Guest OS on a 32-bit Host

Most Operating Systems today are available in 64-bit editions – especially Server OSs. Some, like Solaris, have been truly 64-bit for ages right from their nifty SPARC processor.

So what does 64-bit mean exactly? It starts (as most things do) at the hardware level.

If the CPU is 64-bit, it just means that the CPU can address (and access) greater than 4GB of Memory (RAM). Of course, all this is pretty useless if you have a 32-bit OS installed on it.

Why? Well – if the OS is 32-bit, then all it can “see” is it’s limit of 4GB of addressable RAM - even if you have a lot more installed. So it, in turn, reports the 4GB to all the applications that sit on top of it. Think of this as an OS with 32-bit blinders on – where the OS doesn’t even know there’s more Memory installed.

This is, however, a simple description. I’m not going to go into all the details of what 64-bit computing offers in this post. I just want to cover an issue which I hit in setting up a 64-bit Guest Virtual Machine on a 32-bit Host.

These days, 64-bit edition OSs aren’t reserved for just servers, but are available right to the end user as well on personal Desktops and Laptops. Anyway, I had a need to setup a couple of virtual 64-bit OSs for testing on a 32-bit Host and hit an issue.

NOTE: If your CPU is 32-bit, ignore this post. This only works if your CPU is 64-bit and supports Virtualization Technology to begin with. Almost all 64-bit AMD and Intel processorts do support Virtualization Technology.

Problem: Unable to install a 64-bit Virtual Machine Guest OS on a 32-bit Host

My setup:

• CPU: Intel P9400
• Host OS: Windows Vista 32-bit
• Guest OSs (all 64-bit)
• Solaris 10
• Linux (Fedora Distro 12)
• Windows Server 2008 

Fix: Enable Virtualization Technology at the CPU

Details:

• Restart your computer and during bootup access the BIOS.
• Navigate to Virtualization Support > Virtualization and check the box to Enable Intel Virtualization Technology
• Boot up the Host OS
• Install the Guest OS

WebLogic: Basic Managed Server Setup

*All the random domains/URLs used here are setup on a private, local network for testing HelloWorld programs! So please don't try accessing any of them over the internet! :-)

OS: Linux / Fedora Release 12 / 64bit
WebLogic 10.3.2.0
JDK: Sun JDK 1.6.0_18

I assume that you already have WebLogic (and a JDK) installed at this point and now just need to setup a working instance to deploy applications etc. I've seen a lot of times where the server that runs the WLS Admin console is also used to host other applications as well rather than keep them separated because it's an easy setup. This can work, of course, but isn't a good idea for a few reasons:

• Eventually when you do need to run the applications in a distributed environment, it's not easy when your application sits on the same server as the Admin Server and you need to manage multiple instances, clusters, servers etc.
• Shutting down the server hosting the application will shut down the Admin Server as well
• It's better for application errors/exceptions, memory issues etc. in the application be restricted to the WebLogic server instance hosting the application alone rather than take down the WLS Admin console with it.

Ideally, it's nice to set it up this way (even in development):

• Admin Server: Leave this alone to manage all your WLS instances, servers, deployments, clusters etc.
• Managed Server(s): Should be a dummy node just reporting information back to home base (Admin Server) and do what it's supposed to do - serve up applications that you deploy on it.

I wanted to post this to show that it can be just as easy to setup WebLogic with a separate server for Administration and a separate Managed Server to host your application. This way you build and deploy applications in a distributed way on WLS right from the start.

In my setup, I have it installed under /usr/local/oracle/middleware/weblogic

Change your current working directory to where the WebLogic Server configuration script is located

cd /usr/local/oracle/middleware/weblogic/common/bin

Launch the Configuration Wizard and the first couple of screens should be self-explanatory.

./config.sh

The "Advanced Web Services Extension" is optional. I've enabled it for now. This typically just adds resources and services for Web Service development in the WLS domain - like adding a JMS queue in the default JMS etc.

In the following screen, make sure "Managed Servers, Clusters and Machines" is also selected. This will help setup the initial Managed Server separate from the Admin Server

The next screen basically asks for which ports the Admin Server will listen on.

You don't have to enable SSL here. It's just that I like having my development environment have "Production-like" environment settings so I can resolve any issues that might show up in a live system right from the start. There's no harm in setting up SSL at this point either - WLS just uses a sample certificate for SSL which is not trusted by an authorized CA (Certification Authority). I'll cover how to set this up in a later post.

This screen is usually the one left blank most of the time when the Admin Server (configured above) also double as the server where applications are deployed (not a good idea). You can click on "Add" and have as many Managed Servers as you'd like here. In a real-world scenario, these will probably have separate physical/virtual servers of their own. Yes - I've got SSL on this too :-)

We are not setting up a cluster in this exercise. Clusters are useful when you have multiple (as in more than one!) managed servers. We just have one here - so no need for a cluster setup.

Node managers are used to easily manage WLS servers across multiple servers. Once this is setup, you can remote start/stop servers from just your Admin Server and much more. Again, we just have one Admin and one Managed server in this exercise - so we don't need to set this up.

You can see in the summary that there's a nice, clean, separate setup of Admin and Managed Server.

Ok. So at this point, we have everything ready. Next step: Turn on the new WLS instances and see if they work. The directory that contains this new setup will be at /usr/local/oracle/middleware/user_projects/domains/GeneralDomain/ or similar.

Note: You do NOT need to start the servers in the sequence described below. Eventually, once you complete development and deployment of your application, all you will (hopefully) need to do is just start the Managed Server to serve up your application. Starting up the Admin Server would be done a few times when you need to administer the servers or applications etc.

From a command prompt, change your current working directory to where all the start up scripts for the new domain are located.

cd /usr/local/oracle/middleware/user_projects/domains/GeneralDomain/bin

Starting the Admin Server

./startWebLogic.sh

You'll see a log messages scrolling on screen. Ignore any security notices about trusted certificates - all this is because SSL is enabled and we don't have a valid CA certificate deployed yet. Wait till you see something like this which indicates that the server has started up:

Server started in RUNNING mode

Starting the Managed Server

Start up another terminal window and navigate to the same directory as above. Then run the following command.
./startManagedWebLogic.sh ManagedServer http://hostname:7001

The hostname:port would be that of your Admin Server. Again, you will see a lot of log messages scrolling. You will also get prompted for the Username/Password you would use to boot up the server (This should be the same as what you entered during configuration above)

Enter username to boot WebLogic server:weblogic
Enter password to boot WebLogic server:
...
Server started in RUNNING mode

You might see a warning (not an error) similar to:

Unable to find a WorkManager with name weblogic.wsee.mdb.DispatchPolicy. Dispatch policy weblogic.wsee.mdb.DispatchPolicy will map to the default WorkManager for the application bea_wls9_async_response

The WebLogic documentation indicates that it can be ignored (of course). But like many of us, I'm sure we want to get to the bottom of these things! Work Managers are classes/modules that help a WebLogic server manage it's work (d-uh). It is deployed on the Admin Server by default - but not on any Managed Servers. My thought is if it something is NOT deployed on a Managed Server (that too on a clean install with nothing on it yet), then why should the Managed Server reference it? Anyway, I do have a workaround (covered below) to make this annoyance go away - but I'm still trying to find out what this is all about. If you know - let me know!

Anyway, at this point:

• hostname:7001 is where the Admin Server is listening for requests
• hostname:7002 is the secure port where the Admin Server is listening for requests
• hostname:7003 is where the Managed Server is listening for requests
• hostname:7004 is the secure port where the Managed Server is listening for requests

Access the WebLogic Administration console: Open a web browser and navigate to http://hostname:7001/console

NOTE: "console" itself is a web application that hosted on the Admin Server

You will get a screen as below.

Once logged in, navigate to Servers and you should see the newly setup servers up and running.

Now, to fix the Unable to find a WorkManager with name weblogic.wsee.mdb.DispatchPolicy.... warning that shows up during start up of the Managed Server.

In the WebLogic Admin console, navigate to Work Managers. You should see the weblogic.wsee.mdb.DispatchPolicy Work Manager configured. Click on it and then click on "Targets" and basically assign this Work Manager to the Managed Server as well and click "Save".

You should not see these messages anymore on start up.

Tips: Firefox on Linux

Some minor annoyances and their fixes

• OS: Linux / Fedora Release12 / 64-bit
• Browser: Firefox 3.5.8

Installing the Flash Player plugin

The Firefox browser included with Fedora 12 did not have the Flash Player plugin. This is probably because the 64-bit Linux version was still in alpha (as of this writing). Anyway, most of the information online for installation on Linux points to Mozilla directories that seem like the correct one, but really aren't (/usr/lib/mozilla, /usr/lib64/mozilla etc.). I should've been looking at the appropriate Firefox directory (d-uh). The lib vs lib64 thing also threw me off a bit.

Anyway, this is what worked for me:

1. Download the 64-bit Flash Player plugin for Linux. I found it at http://labs.adobe.com/technologies/flashplayer10/64bit.html. It should be packaged as a .tar.gz archive. Untar it and find the file called libflashplayer.so
2. Copy libflashplayer.so to /usr/lib64/firefox-3.5.8/plugins (Replace firefox-3.5.8 with whatever your Firefox directory is)
3. Restart Firefox and browse to any flash-enabled website.

If the plugins directory does not exist, create it.

Removing/Uninstalling Language packs

Firefox also includes a variety of language packs which I'm sure are useful for some people that speak Armenian, Greek, Slovenian and Tamil - but for the rest of us probably a big NOT. I wanted to get all the unnecessary packs out of the browser, but Firefox only allowed me to disable them through it's Tools > Add-ons > Languages option. The "Uninstall" option was always greyed out.

I realized that you need to be a superuser for this. So....

• Open a terminal window from Linux: Navigate to Applications > System Tools > Terminal (or any of the other 4 billion ways you can get a terminal window in Linux!)
• Switch to the root account: Type su at the prompt and enter the password for root when prompted.
• Start Firefox: Just type firefox at the prompt and it should start it up as the root account.
• From the Firefox menu, navigate to Tools > Add-ons > Languages and start uninstalling all the packs you don't need.