A different topic for this blog: infrastructure. I’ve written a couple of blogs about consuming Broadsoft XSI events on C# and I’ve had a couple of developers asking me to demonstrate what I’ve build. I actually showed the software on my development desktop but that didn’t feel right, so I looked for options and found plenty. I decided to go for a self-hosted environment using an Intel Core i5 NUC running Debian 8
At the end of the post you’ll know what I did to run a 64-bit headless Windows 7 installation as a VirtualBox guest on Debian version 8, installed on an Intel Core i5 NUC (16GB memory, 512GB SSD). There are no warranties, though.
First thing you should do is to get the NUC up to date, meaning a BIOS update. Use an USB stick to update the BIOS. You can find the BIOS software at the Intel DownloadCenter. The link I posted gets you to the download page for the D54250WYKH model, so make sure you’re accessing the page for the right model. Download the BIOS, copy the file to the USB disk, connect the USB disk to your NUC and start the update. This update takes about 10 minutes.
Time to install an OS. I used Debian 8. Why Debian? Well, I believe Debian is rock solid and I’m really impressed with their track record on updates. And I prefer apt.
In order to install the OS you’ll need to create a bootable USB drive. I downloaded the first Debian DVD image and used Rufus to create a bootable USB stick. That took about an hour. I guess the USB stick I used was pretty slow, or maybe I should’ve selected an internet installation. Plug the USB stick into an USB slot on the NUC and boot the NUC to start the installer. There will be a whole lot of questions and I assume you’ll be able to answer. I selected SSH server and standard system utilities when the installer prompted for a package group selection. I suggest you just read and consider the options. You are able to install additional packages later on, as you need them.
Login to the newly installed OS using root, disable the apt DVD sources and install VirtualBox. Verify the Virtual Box software version number and download the same version of the Oracle VM VirtualBox Extension Pack and the VBoxGuestAdditions ISO. Make sure you’ll be able to access from the NUC.
Install the extension pack from the command line using VBoxManage extpack install
. Switch to the user account that will create and start the guest and run VBoxManage setproperty vrdeextpack "Oracle VM VirtualBox Extension Pack".
You’ll not be able to connect to the guest using a Remote Desktop (mstsc) client when you decide to not install the extensions.
Ok, halfway there. Time to create a guest. Jonathan Perkin wrote an excellent post describing how to create a guest from the command line. I needed some changes and I’m following Jonathans’ style here, using $VM
. I suggest you perform changes prior to starting the machine.
Change …
$ VBoxManage createvm --name $VM --ostype "Windows2008_64" --register
to read$ VBoxManage createvm --name $VM --ostype Windows7_64 --register
when you’re installing a 64-bit Windows 7 host$ VBoxManage modifyvm $VM --nic1 bridged --bridgeadapter1 e1000g0
to readVBoxManage modifyvm $VM --nic1 bridged --bridgeadapter1 eth0
$ VBoxManage modifyvm $VM --memory 1024 --vram 128
to readVBoxManage modifyvm $VM --memory 4096 --vram 128
when you want your guest to run with 4GB of system memory and 128MB of video RAM
then add …
VBoxManage modifyvm $VM --cpus 2
when you want your guest to have 2 virtual CPU’sVBoxManage modifyvm $VM --vrdeport 5001
when you want to access your guest using RDP on TCP port 5001
Creating a guest is that simple, but it’s pretty useless without an OS installed on it. Double check the ISO you’re linking to the DVD drive (remember VBoxManage storageattach $VM --storagectl "IDE Controller" ... --medium /path/to/windows_server_2008.iso
) and boot the guest using VBoxHeadless -s $VM
. You should be able to view the installation after connecting your RDP client to port 5001 on your NUC. Finish the installation and shut the OS down. VBoxHeadless will stop, allowing you to “switch” the DVD.
Now install the Virtual Box Guest Additions to the guest by changing the ISO linked to your dvd drive. Change the filename using VBoxManage storageattach $VM --storagectl "IDE Controller" --port 0 --device 0 --type dvddrive --medium /path/to/VBoxGuestAdditions.iso
. Boot the guest and install the Guest Additions for Windows.
This covers the installation. I don’t permanently need this demonstration environment, so I intend to start the NUC when I need the environment. I don’t want to remember booting the guest, so I added the virtualbox autostart service. Here is what I did:
- Use this link to get a raw copy of vboxautostart-service.sh from the VirtualBox source code repository and copy the file to
/etc/init.d/vboxautostart-service
on your NUC. Verify the content of the script usingbash -n /etc/init.d/vboxautostart-service
and make sure it’s marked executable - Nikola Stojanoski wrote a post describing how to enable autostart of a guest. Be aware that
/etc/vbox
is a directory, not a plain file - Add autostop on each guest as well, making sure your machines are stopped when you shut the NUC down using
VBoxManage modifyvm $VM --autostop-type acpishutdown
- Enable the vboxautostart-service by running
update-rc.d vboxautostart-service defaults
as root.
You can secure the connection to the VirtualBox RDP server using TLS. I’m using easy-rsa and here’s what I did to enable TLS on the RDP service offered by VirtualBox:
- Find the openssl configuration file used by easy-rsa. It was named
openssl-1.0.0.cnf
on my system. - Open the file using your editor of choice and find the section named
usr_cert
. We’ll need to add additional key usage to the certificate. Add an extendKeyUsage section to the configuration:extendedKeyUsage=serverAuth,1.3.6.1.4.1.311.54.1.2
- Create a new client certicate. The Generate certificates & keys for 3 clients section contains the commands you need to create the keys and certificates. Move the newly created key file and copy the newly created server certificate plus ca certificate to the OS on your NUC
- Move the key and certificate to a directory of your choosing. I named the key
$VM.key
and the certificate$VM.pem
, so be sure to adjust as needed.
VBoxManage modifyvm $VM --vrdeproperty "Security/Method=TLS"
VBoxManage modifyvm $VM --vrdeproperty "Security/CACertificate=/home/bastb/rdp/ca.pem"
VBoxManage modifyvm $VM --vrdeproperty "Security/ServerCertificate=/home/bastb/rdp/$VM.pem"
VBoxManage modifyvm $VM --vrdeproperty "Security/ServerPrivateKey=/home/bastb/rdp/$VM.key"
- Import your CA certificate to the OS you’re using to start the RDP client. This should prevent one more warning, leaving only a warning regarding the CRL distribution point. I didn’t care too much about that and didn’t take care of it.
Here you are: the steps I took to run a demo environment using Windows 7 on VirtualBox. I didn’t consider support options anything non-technical for a second, so think this over before doing it yourself. Comments are appreciated, unless they’re about cheap replica’s, viagra, brides, or basically anything I consider to be spam.
By the way: wanna see this XSI backend? Contact me.