If you can see this check that

           prev section up prev page next page

Technical Information

This page discusses the technical aspects of the linuxzoo site. It is partially a guide to people interested in how the site works, and partially a reference source for myself.

Overview

This site was designed to provide virtual computing resources to people interested in learning about operating systems. It uses cloud technology to supply virtual machines on demand to internet users, and can be completely controlled via a normal web browser over an internet connection. First set up in August 2004, it is probably one of the first cloud-based virtual systems to be built.

Originally the virtualised machines offered ran only using a Linux virtualisation system known as User Mode Linux. However since then the virtualisation world has moved on, and many virtual platforms are now available. Linuxzoo has also been updated, and now runs a large variety of backends, including qemu and dynamips. The site has been written using an Object-Oriented approach, and can be rapidly extended to new virtual backends.

When a user books and runs a virtual computer, that machine is known as a GUEST. The guest runs on one of a number of backend servers, which are known as SERVER NODES. This is all co-ordinated from a frontend server known as the GATEWAY.

The gateway server just handles management and communications. Server nodes are linked together using a virtual network build using tunneling software or private routers. Each guest is controlled by a daemon, which starts up and stops the guests on that node. Each time you connect to the server, it speaks to your node daemon, and controls you guest remotely.

The guest machines each seem to have disk space to run from, but actually this is just some special files in the node. The daemon sets these files up for you, and deletes them as and when required. In this way you can start with a freshly-installed system at the touch of a button, which is perfect for system administration tutorials where it is all to easy to mess your system up!

The nice thing about this architecture is the reliability and self-managing factors which is has. Machines can go down, guest or node machines can crash, networks can fail, but the system (should) regenerate itself quickly. It is self monitoring, and problems can usually be detected within a minute and corrective action completed within 3 minutes. If things get really bad nodes become isolated from the network, and the affected users are requeued for the next available guest on a different node.

The architecture was designed to be scalable. As of August 2011 we have 7 nodes. This can thoretically support approximately 134 guests, each with 512mb of virtual ram. In reality we have had up to 80 guests running simultantously without significant issues.

Machine topology: August 2011

146.176.166.1
linuxzoo.net
(gateway and web server)
Quad Dual-Core 2.33Ghz E5410,16GB
10.200.0.1
146.176.166.15
linuxzoo4
(Backup + Extra Guests)
Quad Dual-Core 2.33Ghz E5410,16GB
10.200.0.16 (20 guests (10.x.x.x))
       
 
                 
10.200.0.18
(146.176.166.16)
linuxzoo5
Server Nodes
Dual E5410,2.33GB,8GB
Guest IP 10.0.18.0/24
10.200.0.17
(146.176.166.17)
linuxzoo6
Server Nodes
Dual E5620,2.4GB,32GB
Guest IP 10.0.17.0/24
10.200.0.19
(146.176.166.41)
linuxzoo7
Server Nodes
Dual E5110,1.6GB,2GB
Guest IP 10.0.19.0/24
10.200.0.6
(146.176.166.11)
linuxzoo1
Server Nodes
Dual E5410,2.33GB,12GB
Guest IP 10.0.5.0/24
10.200.0.7
(146.176.166.9)
linuxzoo2
Server Nodes
Dual E5410,2.33GB,12GB
Guest IP 10.0.6.0/24
10.200.0.8
(146.176.166.10)
linuxzoo3
Server Nodes
Dual E5410,2.33GB,12GB
Guest IP 10.0.7.0/24
                 
Guests: 10.x.x.x
20 machines
Guests: 10.x.x.x
20 machines
Guests: 10.x.x.x
4 machines
(Development)
Guests: 10.x.x.x
20 machines
Guests: 10.x.x.x
20 machines
Guests: 10.x.x.x
20 machines

Each virtual machine is connected to its node via a "tap" device. In turn each node is connected to linuxzoo.net, either directly via a private switch and lan, or via an openvpn encrypted tunnel. From the linuxzoo.net gateway, packets then travel across the internet.

Security

The site was designed with security in mind. Typically in cloud computing systems there is a high degree of trust in the operator of each virtual machine. The operator's identity is known, and has been validated using their payment method. In this site virtual machines can be booked by anyone, without validation, so great care has been taken to avoid malicious users causing problems. Free users are basically sandboxed to the virtual network, with very limited web browsing access to the internet. All traffic is filtered and policed.

Tracking

The site is currently based at Edinburgh Napier University. Here we have two hardware firewalls between us and the real world. One of these firewalls has full packet logging which gives us perfect network logging. On the gateway we also have significant logging capabilities. The gateway logs are sufficient to link a user's IP with any network action which leaves or enters the gateway. If a user tries to hide the browser IP, then the system will not recognise that user when they try to log into their machine. The system will also handle NAT firewall users, although when multiple users connect from a single NAT trackability is reduced slightly under some circumstances. We also track web server requests and login requests. These logs are processed automatically and are accessible by the user in question through their login.

Future Work

This is a list of the things I have in mind to do on the system.


Linux tutorials: intro1 intro2 wildcard permission pipe vi essential admin net fwall DNS diag Apache1 Apache2
Caine 6.0: Essentials | Basic | Search | SysIntro | 5a | 5b | 5c | 6 | 7a | 7b | 8a | 8b | WebBrowserA | WebBrowserB | Registry | Browser
Digital Investigation: Editing | Email | Logs | Strength
Kali: 1a | 1b | 1c | 2 | 3 | 4a | 4b | 5 | 6 | 7a | 8a | 8b | 9 | 10 |
Useful: Quiz | Forums | Privacy Policy | Terms and Conditions
Site Links:XMLZoo ActiveSQL ProgZoo SQLZoo

Copyright @ 2004-2014 Gordon Russell. All rights reserved.