Difference between revisions of "Closetbox2"
(Created page with "As an alternative look on the closetbox proposed by Chotee, and sharing many similarities especially in regards to services and software, I went with a slightly different appr...") |
m |
||
Line 1: | Line 1: | ||
− | As an alternative look on the closetbox proposed by Chotee, and sharing many similarities especially in regards to services and software, I went with a | + | == Preface == |
+ | |||
+ | As an alternative look on the closetbox proposed by Chotee and others, and sharing many similarities especially in regards to services and software with that, I went with a different approach, more aimed at power users/hackers than something you could give to your aunt/nephew to install in their closets for little money. | ||
My set of requirements is different / more demanding: | My set of requirements is different / more demanding: | ||
* Can use two DSL/Cable lines parallel, not using channel bundling but as a means to limit downtime by redundancy, and preserve low latency despite high traffic. | * Can use two DSL/Cable lines parallel, not using channel bundling but as a means to limit downtime by redundancy, and preserve low latency despite high traffic. | ||
* Must offer a DMZ or other means to isolate services, a sandbox that limits exposure of the LAN section should some 'private cloud' service be exploited. | * Must offer a DMZ or other means to isolate services, a sandbox that limits exposure of the LAN section should some 'private cloud' service be exploited. | ||
+ | * In fact, I would like to even isolate cloud services from each other; so a dropbox or chat service compromise can not jeopardize email, for example. | ||
+ | * Bonus points for possibilities to run honeypots, VPNs, in a fully isolated environment. | ||
− | Using ARM devices proved a little difficult since I could not find any/many with two NIC's, let alone more. A router like Carambola2 with OpenWRT offers two NICs plus wifi. This had my interest until I found a low-power dual core x86 board with 3x Gbit LAN for 155 euros: PC Engines ALIX.APU1C: | + | Using ARM devices proved a little difficult since I could not find any/many with two NIC's, let alone more. A router like Carambola2 with OpenWRT offers two NICs plus wifi. This had/has my interest until I found a low-power dual core x86 board with 3x Gbit LAN for 155 euros: PC Engines ALIX.APU1C: |
− | * | + | * Fully compatible with x86 so no OS change necessary |
− | * 1GHz AMD SBC with 2 cores | + | * 1GHz AMD SBC with 2 cores & 2 GB RAM (non-expandable) |
− | + | * SATA, mSATA, SDcard, 3x Gigabit LAN | |
− | * SATA, mSATA, SDcard | ||
− | |||
* Mini PCIe Slots, Console port, GPIO pins | * Mini PCIe Slots, Console port, GPIO pins | ||
− | * Virtualisation extensions, so can run Virtualbox etc. | + | * Virtualisation extensions, so can run KVM/Virtualbox etc. |
* Power consumption still only 6-12 watts | * Power consumption still only 6-12 watts | ||
− | This offers so much possibilities that I immediately ordered it. You can opt for running fully sandboxed machines as VMs, but also by adding small RasPi/Beaglebone-type machines to the DMZ NIC port. You have full flexibility. You have full I/O speed with this, unlike RasPi systems, and it is fully prepared for the future with gigabit. | + | This offers so much possibilities that I immediately ordered it. You can opt for running fully sandboxed machines as VMs, but also by adding small RasPi/Beaglebone-type machines to the DMZ NIC port. You have full flexibility. You have full I/O speed with this, unlike RasPi systems, and it is fully prepared for the >100Mbit fibre future with gigabit NICs. |
− | There are still some issues to be solved for my use case; like how to obtain the required fourth NIC. This can be done with | + | There are still some issues to be solved for my use case; like how to obtain the required fourth NIC. This can be done with an USB-based NIC, or by using VLANs. And the questions of which OS, which VM platform, which services, adding many additional SBC's or not. In the coming period I hope to find suitable answers to these questions. I will also need to install all these new private cloud solutions I'm unfamiliar with, and I look forward to work together with the Closetbox crew to tackle such issues, where we appear to converge. |
Revision as of 02:41, 7 March 2014
Preface
As an alternative look on the closetbox proposed by Chotee and others, and sharing many similarities especially in regards to services and software with that, I went with a different approach, more aimed at power users/hackers than something you could give to your aunt/nephew to install in their closets for little money.
My set of requirements is different / more demanding:
- Can use two DSL/Cable lines parallel, not using channel bundling but as a means to limit downtime by redundancy, and preserve low latency despite high traffic.
- Must offer a DMZ or other means to isolate services, a sandbox that limits exposure of the LAN section should some 'private cloud' service be exploited.
- In fact, I would like to even isolate cloud services from each other; so a dropbox or chat service compromise can not jeopardize email, for example.
- Bonus points for possibilities to run honeypots, VPNs, in a fully isolated environment.
Using ARM devices proved a little difficult since I could not find any/many with two NIC's, let alone more. A router like Carambola2 with OpenWRT offers two NICs plus wifi. This had/has my interest until I found a low-power dual core x86 board with 3x Gbit LAN for 155 euros: PC Engines ALIX.APU1C:
- Fully compatible with x86 so no OS change necessary
- 1GHz AMD SBC with 2 cores & 2 GB RAM (non-expandable)
- SATA, mSATA, SDcard, 3x Gigabit LAN
- Mini PCIe Slots, Console port, GPIO pins
- Virtualisation extensions, so can run KVM/Virtualbox etc.
- Power consumption still only 6-12 watts
This offers so much possibilities that I immediately ordered it. You can opt for running fully sandboxed machines as VMs, but also by adding small RasPi/Beaglebone-type machines to the DMZ NIC port. You have full flexibility. You have full I/O speed with this, unlike RasPi systems, and it is fully prepared for the >100Mbit fibre future with gigabit NICs.
There are still some issues to be solved for my use case; like how to obtain the required fourth NIC. This can be done with an USB-based NIC, or by using VLANs. And the questions of which OS, which VM platform, which services, adding many additional SBC's or not. In the coming period I hope to find suitable answers to these questions. I will also need to install all these new private cloud solutions I'm unfamiliar with, and I look forward to work together with the Closetbox crew to tackle such issues, where we appear to converge.