Closetbox2

From Technologia Incognita
Jump to: navigation, search

Preface

As an alternative look on the closetbox proposed by Chotee and others, and sharing many similarities especially in regards to services and software with that, I went with a different approach, more aimed at power users/hackers than something you could give to your aunt/nephew to install in their closets for little money.

Requirements

My set of requirements is different / more demanding:

  • Can use two DSL/Cable lines parallel, not using channel bundling but as a means to limit downtime by redundancy, and preserve low latency despite high traffic.
  • Must offer a DMZ or other means to isolate services, a sandbox that limits exposure of the LAN section should some 'private cloud' service be exploited.
  • In fact, I would like to even isolate cloud services from each other; so a dropbox or chat service compromise can not jeopardize email, for example.
  • Bonus points for possibilities to run honeypots, VPNs, in a fully isolated environment.

The core hardware

Using ARM devices proved a little difficult since I could not find any/many with two NIC's, let alone more. A router like Carambola2 with OpenWRT offers two NICs plus wifi. This had/has my interest until I found a low-power dual core x86 board with 3x Gbit LAN for 155 euros: PC Engines ALIX.APU1C:

  • Fully compatible with x86 so no OS change necessary
  • 1GHz AMD SBC with 2 cores & 2 GB RAM (non-expandable)
  • SATA, mSATA, SDcard, 3x Gigabit LAN
  • Mini PCIe Slots, Console port, GPIO pins
  • Virtualisation extensions, so can run KVM/Virtualbox etc.
  • Power consumption still only 6-12 watts

photo

This offers so much possibilities that I immediately ordered it. You can opt for running fully sandboxed machines as VMs, but also by adding small RasPi/Beaglebone-type machines to the DMZ NIC port. You have full flexibility. You have full I/O speed with this, unlike RasPi systems, and it is fully prepared for the >100Mbit fibre future with gigabit NICs.

Filling in the details

There are still some issues to be solved for my use case; like how to obtain the required fourth NIC. This can be done with an USB-based NIC, or by using VLANs. And the questions of which OS, which VM platform, which services, adding many additional SBC's or not. In the coming period I hope to find suitable answers to these questions. I will also need to install all these new private cloud solutions I'm unfamiliar with, and I look forward to work together with the Closetbox crew to tackle such issues, where we appear to converge.