Difference between revisions of "Closetbox2"
m |
m |
||
| Line 2: | Line 2: | ||
As an alternative look on the closetbox proposed by Chotee and others, and sharing many similarities especially in regards to services and software with that, I went with a different approach, more aimed at power users/hackers than something you could give to your aunt/nephew to install in their closets for little money. | As an alternative look on the closetbox proposed by Chotee and others, and sharing many similarities especially in regards to services and software with that, I went with a different approach, more aimed at power users/hackers than something you could give to your aunt/nephew to install in their closets for little money. | ||
| + | |||
| + | == Requirements == | ||
My set of requirements is different / more demanding: | My set of requirements is different / more demanding: | ||
| Line 8: | Line 10: | ||
* In fact, I would like to even isolate cloud services from each other; so a dropbox or chat service compromise can not jeopardize email, for example. | * In fact, I would like to even isolate cloud services from each other; so a dropbox or chat service compromise can not jeopardize email, for example. | ||
* Bonus points for possibilities to run honeypots, VPNs, in a fully isolated environment. | * Bonus points for possibilities to run honeypots, VPNs, in a fully isolated environment. | ||
| + | |||
| + | == The core hardware == | ||
Using ARM devices proved a little difficult since I could not find any/many with two NIC's, let alone more. A router like Carambola2 with OpenWRT offers two NICs plus wifi. This had/has my interest until I found a low-power dual core x86 board with 3x Gbit LAN for 155 euros: PC Engines ALIX.APU1C: | Using ARM devices proved a little difficult since I could not find any/many with two NIC's, let alone more. A router like Carambola2 with OpenWRT offers two NICs plus wifi. This had/has my interest until I found a low-power dual core x86 board with 3x Gbit LAN for 155 euros: PC Engines ALIX.APU1C: | ||
| Line 18: | Line 22: | ||
This offers so much possibilities that I immediately ordered it. You can opt for running fully sandboxed machines as VMs, but also by adding small RasPi/Beaglebone-type machines to the DMZ NIC port. You have full flexibility. You have full I/O speed with this, unlike RasPi systems, and it is fully prepared for the >100Mbit fibre future with gigabit NICs. | This offers so much possibilities that I immediately ordered it. You can opt for running fully sandboxed machines as VMs, but also by adding small RasPi/Beaglebone-type machines to the DMZ NIC port. You have full flexibility. You have full I/O speed with this, unlike RasPi systems, and it is fully prepared for the >100Mbit fibre future with gigabit NICs. | ||
| + | |||
| + | == Filling in the details == | ||
There are still some issues to be solved for my use case; like how to obtain the required fourth NIC. This can be done with an USB-based NIC, or by using VLANs. And the questions of which OS, which VM platform, which services, adding many additional SBC's or not. In the coming period I hope to find suitable answers to these questions. I will also need to install all these new private cloud solutions I'm unfamiliar with, and I look forward to work together with the Closetbox crew to tackle such issues, where we appear to converge. | There are still some issues to be solved for my use case; like how to obtain the required fourth NIC. This can be done with an USB-based NIC, or by using VLANs. And the questions of which OS, which VM platform, which services, adding many additional SBC's or not. In the coming period I hope to find suitable answers to these questions. I will also need to install all these new private cloud solutions I'm unfamiliar with, and I look forward to work together with the Closetbox crew to tackle such issues, where we appear to converge. | ||
Revision as of 03:42, 7 March 2014
Preface
As an alternative look on the closetbox proposed by Chotee and others, and sharing many similarities especially in regards to services and software with that, I went with a different approach, more aimed at power users/hackers than something you could give to your aunt/nephew to install in their closets for little money.
Requirements
My set of requirements is different / more demanding:
- Can use two DSL/Cable lines parallel, not using channel bundling but as a means to limit downtime by redundancy, and preserve low latency despite high traffic.
- Must offer a DMZ or other means to isolate services, a sandbox that limits exposure of the LAN section should some 'private cloud' service be exploited.
- In fact, I would like to even isolate cloud services from each other; so a dropbox or chat service compromise can not jeopardize email, for example.
- Bonus points for possibilities to run honeypots, VPNs, in a fully isolated environment.
The core hardware
Using ARM devices proved a little difficult since I could not find any/many with two NIC's, let alone more. A router like Carambola2 with OpenWRT offers two NICs plus wifi. This had/has my interest until I found a low-power dual core x86 board with 3x Gbit LAN for 155 euros: PC Engines ALIX.APU1C:
- Fully compatible with x86 so no OS change necessary
- 1GHz AMD SBC with 2 cores & 2 GB RAM (non-expandable)
- SATA, mSATA, SDcard, 3x Gigabit LAN
- Mini PCIe Slots, Console port, GPIO pins
- Virtualisation extensions, so can run KVM/Virtualbox etc.
- Power consumption still only 6-12 watts
This offers so much possibilities that I immediately ordered it. You can opt for running fully sandboxed machines as VMs, but also by adding small RasPi/Beaglebone-type machines to the DMZ NIC port. You have full flexibility. You have full I/O speed with this, unlike RasPi systems, and it is fully prepared for the >100Mbit fibre future with gigabit NICs.
Filling in the details
There are still some issues to be solved for my use case; like how to obtain the required fourth NIC. This can be done with an USB-based NIC, or by using VLANs. And the questions of which OS, which VM platform, which services, adding many additional SBC's or not. In the coming period I hope to find suitable answers to these questions. I will also need to install all these new private cloud solutions I'm unfamiliar with, and I look forward to work together with the Closetbox crew to tackle such issues, where we appear to converge.
