Want to build a safe secure redundant load balanced corporate infrastructure all inside one box?
Here are some simple DIY plans.
What is required is a dual nic server, with a installed virtual machine manager capable of supporting a virtual networks along with bridged connections to the intranet and internet.
Here is the diagram of the layout of your secure network:
The thinking behind this is to protect your servers from attacks from the internet. By passing all traffic from the first physical nic into a firewall virtual machine and then onto the virtual network prevents many common attacks, yet provides effective access to all resources from the outside and inside your corporation. The addition of a load balancer virtual machine allows the addition of multple http or mail servers to cover the demands. By adding a second virtual network for the database and http server it prevents bottlenecks on the main virtual network and secures the database server from outside attacks.
Some other ideas include having a VPN virtual machine to allow direct access from the primary physical nic to the secondary nic, bypassing the firewall and virtual network.
Here are some great pre made virtual images to use for your secure virtual network:
Virtual machines are not protected by any firewall software on the host operating system. The reason for this is that the virtual machines are essentially connected to the network at layer 2 while most conventional firewalls operate at layer 3 or higher (http://en.wikipedia.org/wiki/OSI_model). As such virtual machines should always have appropriate fire walling software enabled. If your guest operating system does not have firewall software readily handy (or you do not want to install a software firewall in the guest operating system) using Shared Networking under Virtual PC (as opposed to connecting the virtual machine directly to the network) will gain you a modicum of network security as - like with most NAT routing solutions - external network entities will be unable to communicate directly with your virtual machine. source
x86 virtualization has always been a fan of the rarely mentioned Sun “Project Blackbox”. The idea of having a fully virtualized portable datacenter is awesome. Being able to pull up to a work site, plug in electrical, cooling and data and it is up and running.
There are many posts in the past, and now it is time for a new one, with Video.
Sun does a full 6.7 earthquake on a running blackbox. The box survives, with minimal damage. A few loose screws and some dented fixtures. Not bad for an initial test.
For anyone not familiar with the project here is a video overview:
I just wanted to get the word out about a new contest I saw recently. As I myself may be entering the contest I don’t believe that I will infact release any more details about my ideas, but I would like to draw attention to the contest in hopes that other people may be intersted in entering.
AWS has just launched the AWS Start-Up Challenge, a contest for entrepreneurs and software developers that will award the winner $50,000 in cash, $50,000 in AWS credits, an investment offer from Amazon.com, and more. What are you waiting for? Submit your idea now.
Please read all the fine print before entering, as there is a great deal of it. The few quick notes which I saw, please read them yourself in case I didn’t understand them correctly is that is isn’t open to people making over 10 million per year or people using the free web services, such as ECS. I’m looking forward to playing around with the Elastic computing cloud and seeing how many parallels systems I can power up (depending on my budget). O the joys of a contest.
Here is a screenshot of the progress for the day. Microsoft has done a great job building a step by step tutorial for those of us who really are more IT Geeks and not programming nerds. This screenshot is a customizable Virtual Server control panel, which can control local and remote virtual servers.
I’m looking forward to adding more customization to it, and I see how this would be a powerful tool for a small hosting company or similar who want to script machine tasks, such as creation, suspension, and deletion.
Part 4 of the series is on the way. I hope to have it done shortly. I’m budgeting to pickup a external hard drive to export the Virtual Machine to from my laptop. I ran into a few strange problems when trying to install VMware Converter Version 3. I came across the following error:
After a little research I found out it was a networking issue. I don’t generally run windows file sharing and networking on my laptop beyond what I need to do web and ftp. So once I reinstalled windows file sharing, windows networking, and enabled all the services it installed without a hitch.
If you have installed VMware player, then you have a few new services. Now, I don’t like new services, and I really don’t like services that start automatically EVERYTIME I turn on my computer, but the kicker is, VMWare player isn’t smart enough to start them itself if they are stopped. So I’m stuck, do I let them run in the background constantly or do I start them up in the service manger every time. Nope, I, like any good sysadmin, wrote a batch file.
I have 2 batch files, Service start, and Service stop:
Pretty simple, just open notepad, paste the 4 lines of code into each file, and save onto your desktop or quick launch bar. I find this very helpful for dealing with poorly written software which doesn’t include it’s own service control functions. The other problem with VMware Player, if the services aren’t running, you don’t even get an error message. Causes some strange issues on reloading a paused image, where the networking was enabled the first time. So, VMware please add some better service support for your player software.
Weekend Post: Virtual Nics will be replaced with Virtual Wireless Nics
Imagine, where you walk into a coffee shop and connect to all the wireless networks. Or at your home, you setup separate SSID’s for you and your kids. What is the advantage to this? If you are in the coffee shop, the computer would self optimize to use the fastest route for any connection, or use multiple connections for faster downloads. The idea isn’t to just use multiple antennas and multiple base stations it is to use software driven technology. The laptop card could have a software driven card, where it would dynamically adjust for the band and style of connection. If you wanted to connect to your bluetooth phone or camera, or 802.11 or wimax. With software radio technology it would adjust automatically for your needs.
For the home, imagine a hand held phone, that floats from land phone to voip to wireless. This technology isn’t far off except that right now it requires multiple hard coded antennas. With a software antenna it could float between bans, and test other bans without dropping the connection.
Now with a corporate setting, such as a school, the standard wireless networks could be controlled by a single server, and software driven base stations. These stations would broadcast multiple SSID’s and allocate bandwidth as needed for the current load. When the students go home it could float the antenna power to the teacher SSID’s.
This diagram illustrates how virtualization could take advantage of this technology. By allowing each virtual machine to have it’s own wireless network could allowing for an amazing web equipment tester. Want to test out a wireless router with 15 clients? 100 clients? easy, just boot up all the virtual machines and run the test suite. Want to run your mac system and connect to your apple hotspot, and then connect your pc to a near by pc on a ad-hoc network? With virtual nics it will be possible.
Right now general virtualization “virtualizes” a standard Ethernet card. For this to work you would need to have the virtual machine have the virtual drivers on there for the device, but this isn’t too difficult we will start to see an range of devices require special alterations to the virtual machines to work.
For a medium sized business you could setup a secure terminal server. Each workstation would have a dedicated secure connection with a high speed wireless. This concept is more inline with the blade model, but it could be deployed on a virtual infrastructure easily.
The future of software-defined radio is huge. As we begin to use more and more bandwidths to cover our needs, having devices which can float around between digits would increase stability and usability. What will the future bring?
