If you can see this check that
Technical Information
This page discusses the technical aspects of the linuxzoo site.
It is partially a guide to people
interested in how the site works, and partially a reference source
for myself.
Overview
This site was designed to provide virtual computing resources to people
interested in learning about operating systems. It uses cloud technology
to supply virtual machines on demand to internet users, and can be completely
controlled via a normal web browser over an internet connection. First set up
in August 2004, it is probably one of the first cloud-based virtual systems
to be built.
Originally the virtualised machines offered ran only using a Linux virtualisation system known as User Mode Linux.
However since then the virtualisation world has moved on, and many virtual
platforms are now available. Linuxzoo has also been updated, and now runs
a large variety of backends, including qemu and dynamips. The site
has been written using an Object-Oriented approach, and can be rapidly
extended to new virtual backends.
When a user books and runs a virtual computer, that machine is known as a
GUEST. The guest runs on one of a number of backend servers, which are known
as SERVER NODES. This is all co-ordinated from a frontend server known as
the GATEWAY.
The gateway server just handles management and communications.
Server nodes are linked together using a virtual network
build using tunneling software or private routers.
Each guest is controlled by a daemon, which
starts up and stops the guests on that node. Each time you connect to the
server, it speaks to your node daemon, and controls you guest remotely.
The guest machines each seem to have disk space to run from, but actually
this is just some special files in the node. The daemon sets these files up for
you, and deletes them as and when required. In this way you can start with
a freshly-installed system at the touch of a button, which is perfect
for system administration tutorials where it is all to easy to mess your system
up!
The nice thing about this architecture is the reliability and self-managing
factors which is has. Machines can go down, guest or node machines can crash,
networks can fail, but the system (should) regenerate itself quickly. It
is self monitoring, and problems can usually be detected within a minute
and corrective action completed within 3 minutes. If things get really bad
nodes become isolated from the network, and the affected users are requeued
for the next available guest on a different node.
The architecture was designed to be scalable. As of August 2011 we have
7 nodes. This can thoretically support approximately 134 guests,
each with 512mb of virtual ram. In reality we have had up to 80 guests running
simultantously without significant issues.
Machine topology: August 2011
146.176.166.1 |
linuxzoo.net |
(gateway and web server) |
Quad Dual-Core 2.33Ghz E5410,16GB |
10.200.0.1 |
|
146.176.166.15 |
linuxzoo4 |
(Backup + Extra Guests) |
Quad Dual-Core 2.33Ghz E5410,16GB |
10.200.0.16 (20 guests (10.x.x.x)) |
|
| |
| |
|
| |
| |
| |
| |
| |
| |
10.200.0.18 |
(146.176.166.16) |
linuxzoo5 |
Server Nodes |
Dual E5410,2.33GB,8GB |
Guest IP 10.0.18.0/24 |
|
10.200.0.17 |
(146.176.166.17) |
linuxzoo6 |
Server Nodes |
Dual E5620,2.4GB,32GB |
Guest IP 10.0.17.0/24 |
|
10.200.0.19 |
(146.176.166.41) |
linuxzoo7 |
Server Nodes |
Dual E5110,1.6GB,2GB |
Guest IP 10.0.19.0/24 |
|
10.200.0.6 |
(146.176.166.11) |
linuxzoo1 |
Server Nodes |
Dual E5410,2.33GB,12GB |
Guest IP 10.0.5.0/24 |
|
10.200.0.7 |
(146.176.166.9) |
linuxzoo2 |
Server Nodes |
Dual E5410,2.33GB,12GB |
Guest IP 10.0.6.0/24 |
|
10.200.0.8 |
(146.176.166.10) |
linuxzoo3 |
Server Nodes |
Dual E5410,2.33GB,12GB |
Guest IP 10.0.7.0/24 |
|
| |
| |
| |
| |
| |
| |
Guests: 10.x.x.x |
20 machines |
|
Guests: 10.x.x.x |
20 machines |
|
Guests: 10.x.x.x |
4 machines |
(Development) |
|
Guests: 10.x.x.x |
20 machines |
|
Guests: 10.x.x.x |
20 machines |
|
Guests: 10.x.x.x |
20 machines |
|
Each virtual machine is connected to its node via a "tap" device.
In turn each node is
connected to linuxzoo.net, either directly via a private switch and lan,
or via an openvpn encrypted tunnel. From the linuxzoo.net gateway,
packets then travel across the internet.
Security
The site was designed with security in mind.
Typically in cloud computing systems there is a high degree of trust in
the operator of each virtual machine. The operator's identity is known,
and has been validated using their payment method. In this site virtual
machines can be booked by anyone, without validation, so great care has
been taken to avoid malicious users causing problems. Free users
are basically sandboxed to the virtual network, with very limited web
browsing access to the internet. All traffic is filtered and policed.
Tracking
The site is currently based at Edinburgh Napier University.
Here we have two hardware
firewalls between us and the real world. One of these firewalls has full
packet logging which gives us perfect network logging. On the gateway we also
have significant logging capabilities. The gateway logs are sufficient
to link a user's IP with any network action which leaves or enters the gateway.
If a user tries to hide the browser IP, then the system will not
recognise that user when they try to log into their machine. The system will
also handle NAT firewall users, although when multiple users connect from a
single NAT trackability is reduced slightly under some circumstances. We also
track web server requests and login requests. These logs are processed
automatically and are accessible by the user in question through their login.
Future Work
This is a list of the things I have in mind to do on the system.
- Give users a CPU and network quota for the week.
- Store the student performance on the quiz questions
- Build the packet log continuously rather than every n days
- Provide incremental assessment system in additional to tutorials.
- Kick users with a machine but who are not using it.
- Convert COW images to tar files (and back again) for efficient user storage of files.
- Transport user changes to images between machines.
- Provide fedora core 3 as an image option.
- Provide gentoo as an image option.
- Give users a COW disk quota.