[Cialug] Lots 'o questions....

Josh More morej at alliancetechnologies.net
Thu Jan 15 16:11:30 CST 2009


If you use Xen, Virtualbox or KVM, you'll likely not have as much a
problem with kernel updates.  You will, however, replace those issues
with networking and similar issues.

It's cutting edge technology, so expect to be cut, one way or another. 
Personally, I like VMware Server for servers, 'cause I've already been
cut by that one and the devil you know...



-Josh More, RHCE, CISSP, NCLP, GIAC 
 morej at alliancetechnologies.net 
 515-245-7701

>>> <jrnosee at gmail.com> 01/15/09 4:03 PM >>>
Thanks again for the input.

I should mention that the use of the RAID share is two-fold.
1.) It's a storage location for my backup and media files (though
notably
not the best solution).
2.) It would safeguard the media files against drive failure. (backups
would
already be safeguarded as they're on the PC and the RAID.
Any suggestions for a better/easier/more practical solution?

A question on running VM and updates.

In my previous attempts to run VM, I've always had a problem where if I
allowed the kernel to update via apt it would break VM and I would have
to
re-install.  Is there any way around this?

On Thu, Jan 15, 2009 at 3:51 PM, Daniel A. Ramaley
<daniel.ramaley at drake.edu
> wrote:

> If you intend to be able to move RAIDed drives to another machine and
> still access them, i'd suggest reevaluating the hardware RAID
decision.
> With hardware RAID, if the RAID controller isn't identical (same
> hardware and firmware revisions), there is no guarantee of it working.
> Software RAID is a bit more flexible; as long as you have a kernel
> version that is close it should be possible to read another system's
> disks. If you're really thinking of needing to remove RAID disks and
> make them work on another machine, i'd advise doing a lot of testing
> and playing with it prior to loading any data onto the RAID. Also,
> remember that RAID is not a backup. While there are certain hardware
> failures that RAID will protect you from (motherboard or controller
> failure being notable exceptions), it will not protect you from
> software or user errors (rm -rf ...).
>
> As far as the VM issues, more attacks against VMs are being discovered
> all the time. Running things in a virtual machine is adding more
layers
> of software, so of course it will be overall less secure than running
> on bare hardware. But for many applications the marginal difference in
> security is a worthwhile tradeoff to get the benefits that
> virtualization can give (fewer machines, lower overall power use,
> etc.). For a home server i'd say go ahead with virtualization, but
just
> be sure to keep up to date with security patches. But you should do
> that anyway, especially if running internet-facing services.
>
> On Thursday January 15 2009 15:36, jrnosee at gmail.com wrote:
> >Awesome.  I think that gets most of what I wanted to know.
> >
> >on the
> >If it's a RAID mirror then... maybe. Are you planning to use the
linux
> >software RAID driver? Get familiar with the mdadm commands. If you're
> > using a hardware RAID controller, then being able to rebuild your
> > RAID sometimes depends on having a compatible controller available.
> >
> >It's probably going to be a hardware RAID...I think.  I know once
upon
> > a time just having a controller card didn't always mean it was a
full
> > hardware RAID.  I bought a cheap SATA controller (probably Silicon
> > Image based) some time back that I'll probably use, but I forget
it's
> > capabilities.  I guess my question was whether or not I could access
> > the files without rebuilding the RAID or if it's even possible (i.e.
> > just plugging the one drive I grabbed into say an eSATA port on
> > another computer...worst case would be if all I had was a basic
> > windows computer available to me.  Say, at my parent's house.).
> >
> >And on:
> >Yes and no. Using a VM offers other vectors of attack... for instance
> >someone has demonstrated reading information directly from the CPU
> > buffers between VM's on the same machine.
> >
> >Is this something that can be executed from the exposed VM, or on the
> > host machine, and by exposing a VM am I inherently exposing the
host?
> >
> >Thanks again,
> >
> >Justin
> >
> >On Thu, Jan 15, 2009 at 3:12 PM, David Champion
> <dchampion at visionary.com>wrote:
> >> I can offer answers on some of these... see replies inline...
> >>
> >> -dc
> >>
> >> jrnosee at gmail.com wrote:
> >>> I've decided to take on a new endeavor and I'm looking for any
> >>> thoughts, suggestions, tips, etc. I can get.
> >>>
> >>> I'm going to set up a box running Ubuntu (not sure if it will be
> >>> server (or server w/ gui) or desktop yet).
> >>>
> >>> This box is going to be 2 things.
> >>>
> >>> 1.) VMware Server
> >>> Currently this runs my NSLU2 "slug" embedded linux development
> >>> environment.  I may also add a web/email server VM* (see below)
> >>> 2.) Media File and Backup Server
> >>> I'm going to set up a mirrored 500GB raid to hold multi-media
files
> >>> and backup files from my home windows pc's.
> >>>
> >>> The OS will either be on a separate drive, or the same drive as
the
> >>> VM's. The RAID will be a share as a whole (unless suggested
> >>> differently).  I want to make as much room available to this share
> >>> as possible.
> >>>
> >>> My primary questions involve the RAID as I've never set one up
> >>> before. There are 2 things I'm hoping the raid can do for me, but
I
> >>> don't know if it can, or how to set it up.
> >>> 1.) Pull 'n go in an emergency.  You know, the house is burning
> >>> down and I have time to grab...one drive tray from the server.  If
> >>> I pull out one of the two raid drives and my house goes up in
> >>> flames, can I just stick the drive in another computer later as a
> >>> single drive and get my files back?
> >>
> >> If it's a RAID mirror then... maybe. Are you planning to use the
> >> linux software RAID driver? Get familiar with the mdadm commands.
If
> >> you're using a hardware RAID controller, then being able to rebuild
> >> your RAID sometimes depends on having a compatible controller
> >> available.
> >>
> >>  2.) Windows/Linux accessable.  I'm going to be sharing to a
Windows
> >> PC.  I
> >>
> >>> want the linux OS to be able to read the drive too.  I'm going to
> >>> have large (4+GB) files on it and I know FAT32 won't go that big.
> >>> Should #1 happen, I may want to get at these files from a Windows
> >>> PC.
> >>
> >> The store's local filesystem format is irrelevant, you only care
> >> that the network file share is readable... which will probably
> >> either be Samba or NFS... unless you want to make an iSCSI share or
> >> something like that. Probably best to use a linux native fs, like
> >> ext3.
> >>
> >>  My other questions involves Security & VM's.
> >>
> >>> 1.) If I open up a VM to the web for webhosting and email, are my
> >>> other VM's and my host OS still safe from attack?  Sadly for years
> >>> I've pretty much sat myself behind a router firewall and lived
> >>> happily...I doubt that'll be enough sooner than later.
> >>
> >> Yes and no. Using a VM offers other vectors of attack... for
> >> instance someone has demonstrated reading information directly from
> >> the CPU buffers between VM's on the same machine.
> >>
> >>  Odd question out:
> >>> Going along with #2 from the RAID questions, is there any format I
> >>> can use on a portable drive that would store large (4+GB) files,
> >>> and be readable and writable in Linux and Windows?
> >>
> >> The linux fuseblock driver should be able to read & write NTFS
(I've
> >> been using it without any issues). You can also get linux
filesystem
> >> drivers for ext2 & 3, reiserfs and probably others for Windows. If
> >> you're worried about being able to plug it into any random Windows
> >> box and read it, you'll probably want NTFS.
> >>
> >>  Thanks,
> >>
> >>> Justin W. Richeson
> >>>
-------------------------------------------------------------------
> >>>-----
> >>>
> >>> _______________________________________________
> >>> Cialug mailing list
> >>> Cialug at cialug.org
> >>> http://cialug.org/mailman/listinfo/cialug
> >>
> >> _______________________________________________
> >> Cialug mailing list
> >> Cialug at cialug.org
> >> http://cialug.org/mailman/listinfo/cialug
>
> --
>
------------------------------------------------------------------------
> Dan Ramaley                            Dial Center 118, Drake
University
> Network Programmer/Analyst             2407 Carpenter Ave
> +1 515 271-4540                        Des Moines IA 50311 USA
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>



More information about the Cialug mailing list