[CoLoCo] XEN and QEMU

Kevin Fries kfries at cctus.com
Wed Jun 11 17:29:02 BST 2008 

On Wed, 2008-06-11 at 09:37 -0600, Ringo Kamens wrote:
> Thanks for all of that information! I have a few more questions. The
> reason I'm looking into this is to set up a tor secure desktop type
> thingey. Even though it's secure to run things through tor or a VPN or
> something, if there is a zero-day in Firefox then the remote attacker
> might be able to view the files on your drive and have something to
> identify you with or install a trojan or something. My idea would be
> to run a VM so even if firefox etc. had a zero-day, the attacker
> wouldn't be able to do anything because I would be running from a disk
> image. If I used xen, since I'm running a 64-bit vm on a 64-bit
> processor, it sounds like it would be faster. Would I still get that
> separation of the OSes I'm looking for?

Yes it would.  However, Xen is probably the hardest VM to set up.  Since
your needs are basically simple, and you are looking for a minimal
server, I would recommend Ubuntu Jeos, which is not Xen aware (does not
include the Xen aware kernel).  Instead, I would look to VMWare.

You can download the VMWare server from the repositories, but I have
often had trouble with them.  I usually just go to VMWare and download
it directly.  The current server version is 1.06 and you can download
the software at:

http://download3.vmware.com/software/vmserver/VMware-server-1.0.6-91891.tar.gz

If you want to manage the VMs easily, their web console is drop dead
easy to use.  You can also download it at:

http://download3.vmware.com/software/vmserver/VMware-mui-1.0.6-91891.tar.gz

Generally if you install the web console, it will allow you to download
and install the "thick client" or "control console" from the web login
page. You can also just download that to your CLIENT machine (i.e. not
the VMWare server).  The  client tools are able to be downloaded at: 

http://download3.vmware.com/software/vmserver/VMware-server-linux-client-1.0.6-91891.zip

All three download and installs are extremely straight forward, unzip
into a temp directory, then run the binary installer.  All in all, its
about a 20 minute install including download time (assuming DSL).

Now, once that is done, its time to set up a VM... but with VMWare,
someone has already done that.  VMWare has what is called appliances.
These are machines already set up in a Virtual Machine, ready to be
deployed.  You can find a minimalistic Ubuntu Hardy Heron Jeos server
with only the VMWare tools, and SSH-Server installed and setup at:

http://www.vmware.com/appliances/directory/1282

All you would need from there is to install your TOR router onto the
Ubuntu HH Jeos appliance.  The appliance will have plenty of room.  It
was configured to use 512MB of ram, and 8GB of hard drive.  I have had
Jeos running fast with minimal usage on 128MB/2GB in VMWare before, so
these settings are very reasonable.  Since the appliance uses expanding
disks, the image you download is only 192MB zipped.  Once unzipped,
expect it to be somewhere about 512MB, and will expand as needed to a
max of 8GB.  Jeos is tiny, and includes basically nothing, which is
perfect in a secured application such as an anonymity router.

Total time for setup should be approximately 1 hr.  My experience with
Xen tells me you will still be screwing with getting your host machine
setup correctly with Xen and its specialized kernels after 1 hr.

This solution is simple, clean, and extremely  straight forward.

Hope that helps.


-- 
Kevin Fries
Senior Linux Engineer
Computer and Communications Technology, Inc
A Division of Japan Communications Inc.

More information about the Ubuntu-us-co mailing list