Best Practices for Creating a New Virtual Machine for Symantec Encryption Management Server
|Article:TECH186060|||||Created: 2012-04-09|||||Updated: 2013-11-04|||||Article URL http://www.symantec.com/docs/TECH186060|
As with any virtual operating system/appliance, Symantec Encryption Management Server (previously PGP Universal Server) requires a virtual machine to be created on the host VMware ESX, ESXi, or vSphere Server. To do this, use the New Virtual Machine Wizard and select the Custom option.
VMware Hypervisor ESXi
VMware ESX 3.5 and newer
VMware Vsphere 5+
Guest Operating System
The Guest Operating System for Symantec Encryption Management Server 3.0 and up should be set to Linux and the Version set to Red Hat Enterprise Linux 5 (32-bit) to ensure compatibility with, for example, the native VMware Tools.
Symantec recommends configuring processing at least 2 virtual processors for Symantec Encryption Management Server. Sufficient power equivalent to a 3 GHz Intel Xeon must be dedicated to the Symantec Encryption Management Server Virtual Machine. VMware tools must be configured properly in order for Symantec Encryption Management Server to function properly, such as optimization of the Network Interface communications and guest OS to disk translation and to utilize the vMotion Capabilities ( vMotion is only supported with PGP Universal Server 3.2.1 and Symantec Encryption Management Server 3.3.0)
See also: Installing Native ESX VMware Tools on Symantec Encryption Management Server:
As a general guideline, it is recommended to configure a minimum of 4GB of RAM for small/medium environments such as Whole-Disk Only Environments and and 8GB for larger environments. Depending upon the use of Symantec Encryption Management Server (Email, Symantec Drive Encryption, Symantec FileShare Encryption), and the amount of users being managed by the server, these minimum requirements will most likely need to be increased. If there are any doubts as to what will be sufficient for a more specialized environment, please discuss the specific configuration with a Symantec Professional Services Engineer or Symantec Support.
There is a limitation with the text based installer that Symantec Encryption Management Server uses which does not work with the vmxnet adapter type. Please select either Intel E1000 or else the Flexible adapter type. See TECH192173 for more information.
Hard Drive Space
- Small/medium environment - 50 GB minimum allocated to the VMware instance; 4 GB RAM dedicated to the VMware instance.
- Medium/large environment - 100 GB minimum allocated to the VMware instance; 8 GB RAM dedicated to the VMware instance.
Again, these are minimum requirements and may need to be increased based on use of the Symantec Encryption Management Server utilization and configuration settings.
Symantec Encryption Management server 3.3.0 and PGP Universal Server 3.0 and newer version requires the LSI Logic SCSI Controller to be used; this is the default. Where the LSI Logic Parallel and LSI Logic SAS controllers are listed, the LSI Logic Parallel controller should be used. Please do not use the BusLogic controller since this could result in unusual/unexpected behavior.
VMware VMotion Feature
VMware vMotion is supported when using PGP Universal Server 3.2.1 or Symantec Encryption Management Server 3.3.0 and newer. Versions of PGP Universal Server prior to 3.2.1 do not support the vMotion functionality with VMware ESX 4.0 or any other VMware versions.
Please see the following article for more information: www.symantec.com/docs/TECH186064
Please consult the Release Notes for any updated information for system requirements. The remaining options can be configured as necessary and Symantec recommends configuring the VMware Hardware as if configuring a physical server. Under-resourcing a virtual machine can cause the server to malfunction or behave unexpectedly, so please ensure proper resources have been allocated to Symantec Encryption Management Server. If there are any additional questions, please contact a Symantec Professional Services Engineer, Symantec Systems Engineer, or Symantec Technical Support.
Note: It is recommended to use NTP where possible as per VMware KB article 1006427:
If the VMware Host is using an internal NTP to keep time, then allowing the native VMware Tools to keep the time would not require an NTP server on Symantec Encryption Management Server to be configured as this will synchronize time with the Host. Clearly, in this scenario, it is important that the Host's time is accurate and this will probably mean using the NTP client on the Host.
If for some reason the native VMware Tools periodic time sync is being used, please do not use the VMware Tools time sync and NTP at the same time. These two services may conflict and can cause unintended problems with backups, clustering and other services.
Article URL http://www.symantec.com/docs/TECH186060