[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] teaching kids sys admin with VM's



Robert Arkiletian wrote:
On 1/17/08, Les Mikesell <les futuresource com> wrote:
Network wise, vmware can look like a separate box bridged to the NIC(s)
on the host (separate IP's on the same subnet) or the host can NAT so it
  only uses the host IP externally.

So I would prefer NAT to eth1 or bridged to eth0. So no service runs
on outside network. Can I as root restrict this choice? Or can they
choose since they are the owner of the VM.

You configure on the host side which NIC(s) to bridge and/or nat. Then these appear as virtual interfaces to the guest OS. The guest only sees the interfaces that you pre-configured on the host when you ran the vmware-configure.pl script (which you have to do when you ugrade the vmware software or the host kernel). There is also an option of 'host only' networking so the guests can see themselves and the host only like an isolated subnet which normally isn't useful for anything but testing. If you want tighter control you could use only that with iptables nat forwarding for anything you want to get out.

To go through the motions of installing a vmware guest, just have a copy of the install DVD iso image downloaded on the host, and when creating the new VM, connect the machine's CD to the iso image and boot from it. The default new machine bios will boot from the virtual hard drive first if it is bootable, but on the first boot that will fail and you'll boot from the install image. After an install makes the virtual HD bootable, you'll have to go into the virtual bios (hit f2 during boot just like a real machine...) and make the CD first in the boot order.

  One thing to watch security-wise is
that if you have NFS-exported home directories, anyone who can become
root on a client machine can impersonate anyone else and access their
files over NFS.


Rats! Forgot about that.  It's okay with my current setup since I
don't run a separate nfs server. But instead of running everything on
the server I was thinking about switching from ltsp to a diskless
client setup (100% local apps)
Since ddr2 ram is so cheap now and a c2d celeron e1200 is $55, one can
buy a nice cheap diskless client today. Problem is a diskless client
would need to mount home over nfs. Which rules out having a VM since
kids could change their uid in the VM.

It might be useful to also mount the home directories into the vmware machines - and/or some common space with pre-downloaded RPM's, etc. but you can do that with cifs, limiting it to only a single user's permissions established with a password at mount time.

--
  Les Mikesell
   lesmikesell gmail com


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]