Best Practices for Creating a New Virtual Machine for Symantec Encryption Management Server (formerly PGP Universal Server) version 3.0 and newer
| Article:TECH186060 | | | Created: 2012-04-09 | | | Updated: 2013-05-07 | | | Article URL http://www.symantec.com/docs/TECH186060 |
Problem
As with any virtual operating system/appliance, Symantec Encryption Management Server (formerly PGP Universal Server) requires a virtual machine to be created on the host VMware ESX, ESXi, or vSphere Server. To do this, use the New Virtual Machine Wizard and select the Custom option.
Environment
VMware Hypervisor ESXi
VMware ESX 3.5 and newer
VMware Vsphere 5+
Solution
Guest Operating System
The Guest Operating System for Symantec Encryption Management Server (formerly PGP Universal Server) 3.0 and up should be set to Linux and the Version set to Red Hat Enterprise Linux 5 (32-bit) to ensure compatibility with, for example, the native VMware Tools.
Virtual CPUs
Symantec recommends configuring processing at least 2 virtual processors for Symantec Encryption Management Server. Sufficient power equivalent to a 3 GHz Intel Xeon must be dedicated to the Symantec Encryption Management Server Virtual Machine. VMware tools must be configured properly in order for Symantec Encryption Management Server to function properly, such as optimization of the Network Interface communications and guest OS to disk translation and to utilize the vMotion Capabilities ( vMotion is only supported with PGP Universal Server 3.2.1 and Symantec Encryption Management Server 3.3.0)
See also: Installing Native ESX VMware Tools on Symantec Encryption Management Server (formerly PGP Universal Server):
Memory
As a general guideline, it is recommended to configure a minimum of 4GB of RAM for small/medium environments such as Whole-Disk Only Environments and and 8GB for larger environments. Depending upon the use of Symantec Encryption Management Server (Email, Symantec Drive Encryption, Symantec FileShare Encryption), and the amount of users being managed by the server, these minimum requirements will most likely need to be increased. If there are any doubts as to what will be sufficient for a more specialized environment, please discuss the specific configuration with a Symantec Professional Services Engineer or Symantec Support.
Network
There is a limitation with the text based installer that Symantec Encryption Management Server uses which does not work with the vmxnet adapter type. Please select either Intel E1000 or else the Flexible adapter type. See TECH192173 for more information.
Hard Drive Space
•Small/medium environment - 50 GB minimum allocated to the VMware instance; 4 GB RAM dedicated to the VMware instance.
•Medium/large environment - 100 GB minimum allocated to the VMware instance; 8 GB RAM dedicated to the VMware instance.
Again, these are minimum requirements and may need to be increased based on use of the Symantec Encryption Management Server utilization and configuration settings.
SCSI Controller
Symantec Encryption Management server 3.3.0 and PGP Universal Server 3.0 and newer version requires the LSI Logic SCSI Controller to be used; this is the default. Where the LSI Logic Parallel and LSI Logic SAS controllers are listed, the SI Logic Parallel controller should be used. Please do not use the BusLogic controller since this could result in unusual/unexpected behavior.
VMware VMotion Feature
VMware vMotion is supported when using PGP Universal Server 3.2.1 or Symantec Encryption Management Server 3.3.0 and newer.
Versions of PGP Universal Server prior to 3.2.1 do not support the vMotion functionality with VMware ESX 4.0 or any other VMware versions.
Please see the following KB for more information:
Symantec PGP Universal Server VMware VMotion Support
Other Options
Please consult the Release Notes for any updated information for system requirements. The remaining options can be configured as necessary and Symantec recommends configuring the VMware Hardware as if configuring a physical server. Under-resourcing a virtual machine can cause the server to malfunction or behave unexpectedly, so please ensure proper resources have been allocated to Symantec Encryption Management Server. If there are any additional questions, please contact a Symantec Professional Services Engineer, Symantec Systems Engineer, or Symantec Technical Support.
Note: It is recommended to use NTP where possible as per VMware KB article 1006427:
If the VMware Host is using an internal NTP to keep time, then allowing the native VMware Tools to keep the time would not require an NTP server on Symantec Encryption Management Server to be configured as this will synchronize time with the Host. Clearly, in this scenario, it is important that the Host's time is accurate and this will probably mean using the NTP client on the Host.
If for some reason the native VMware Tools periodic time sync is being used, please do not use the VMware Tools time sync and NTP at the same time. These two services may conflict and can cause unintended problems with backups, clustering and other services.
|
|
Related Articles
Article URL http://www.symantec.com/docs/TECH186060
Terms of use for this information are found in Legal Notices
Thank you.