If you can see this check that

           prev section up prev page next page

Technical Information

This page discusses the technical aspects of the linuxzoo site. I will add to this over time, and it is partially a guide to people interested in how the site works, and partially a reference source for myself.

Overview

This site makes use of User Mode Linux. This allows complete Linux installations to run as a process within another Linux installation (kind of a linux-in-linux scheme). The parent Linux is called the HOST, and the child process-based Linux is known as a GUEST. Users are allocated guest machines on a queueing basis.

The main server of this site just handles management and communications. Other servers act as HOSTS, and are linked together using a virtual network build using tunneling software. Each HOST is controlled by a daemon, which starts up and stops the GUESTS on that HOST. Each time you connect to the server, it speaks to your HOSTS daemon, and controls you GUEST remotely.

The GUEST machines each seem to have disk space to run from, but actually this is just some files in the HOST. The daemon sets these files up for you, and deletes them as and when required. In this way you can start with a freshly-installed system at the touch of a button, which is perfect for system administration tutorials where it is all to easy to mess your system up!

The nice thing about this architecture is the reliability and self-managing factors which is has. Machines can go down, GUEST or HOST machines can crash, networks can fail, but the system (should) regenerate itself over time. It is self monitoring, and problems can usually be detected within a minute and corrective action completed within 3 minutes. If things get really bad HOSTS become isolated from the system, and the affected users are requeued for the next available GUEST machine.

The architecture was designed to be scalable. When this document was written we had 80 GUESTS running over 8 different machines, and no sign of server bottleneck. Our plan is to have 100 GUESTS by September 2005.

Machine topology: April 2005

146.176.166.1
linuxzoo.net
(gateway and web server)
2.4Ghz Dual,1GB
10.200.0.1
   
 
              
10.200.0.4
(146.176.162.82)
uml2
hub
2.4Ghz,0.5GB
10.0.2.254
10.200.0.3
(146.176.162.83)
uml1
hub
2.0Ghz,2GB
10.0.1.254
10.200.0.6
(146.176.166.11)
linuxzoo1
hub
2.4Ghz,1GB
10.0.5.254
10.200.0.7
(146.176.166.9)
linuxzoo2
hub
2.4Ghz,1GB
10.0.6.254
10.200.0.8
(146.176.166.10)
linuxzoo3
hub (free users)
2.4Ghz,1GB
10.0.7.254
              
UMLs: 10.0.2.x
7 machines
UMLs: 10.0.1.x
15 machines
UMLs: 10.0.5.x
15 machines
UMLs: 10.0.6.x
15 machines
UMLs: 10.0.7.x
15 machines

Each UML is connected to its hub via a "tap" device. In turn each hub is connected to linuxzoo.net via an openvpn encrypted tunnel. From linuxzoo.net, packets then travel across the internet.

Security

The site was designed with security in mind, yet the focus was really on trackability rather than limiting what users could do. However, there are some firewall rules in place to stop some activities, including sending emails from the GUESTS.

Tracking

The site is currently based at Napier University. Here we have two hardware firewalls between us and the real world. One of these firewalls has full packet logging which gives us perfect network logging. On the gateway we also have significant logging capabilities. The gateway logs are sufficient to link a user's IP with any network action which leaves or enters the gateway. If a user tries to hide the browser IP, then the system will not recognise that user when they try to log into their machine. The system will also handle NAT firewall users, although when multiple users connect from a single NAT trackability is reduced slightly under some circumstances. We also track web server requests and login requests. These logs are processed automatically and are accessible by the user in question through their login.

Future Work

This is a list of the things I have in mind to do on the system.

Changelog:

Rather than version numbers and incremental changes, this changelog uses the date of the change.

26th April 2005

21st April 2005

29th March 2005

25th March 2005

7th March 2005

24th Feb 2005

17th Feb 2005

12th Feb 2005

Feb 2005


Tutlinks: intro1 intro2 wildcard permission pipe vi essential admin net fwall DNS diag Apache1 Apache2 MySQL1 MySQL2
Useful: Quiz Forums
Site Links:XMLZoo ActiveSQL ProgZoo SQLZoo