Difference between revisions of "Closetbox2"

From Technologia Incognita
Jump to: navigation, search
(Created page with "As an alternative look on the closetbox proposed by Chotee, and sharing many similarities especially in regards to services and software, I went with a slightly different appr...")
 
m
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
As an alternative look on the closetbox proposed by Chotee, and sharing many similarities especially in regards to services and software, I went with a slightly different approach, more aimed at power users/hackers than something you could give to your aunt/nephew to install in their closets.
+
== Preface ==
 +
 
 +
As an alternative look on the closetbox proposed by Chotee and others, and sharing many similarities especially in regards to services and software with that, I went with a different approach, more aimed at power users/hackers than something you could give to your aunt/nephew to install in their closets for little money.
 +
 
 +
== Requirements ==
  
 
My set of requirements is different / more demanding:
 
My set of requirements is different / more demanding:
 
* Can use two DSL/Cable lines parallel, not using channel bundling but as a means to limit downtime by redundancy, and preserve low latency despite high traffic.
 
* Can use two DSL/Cable lines parallel, not using channel bundling but as a means to limit downtime by redundancy, and preserve low latency despite high traffic.
 
* Must offer a DMZ or other means to isolate services, a sandbox that limits exposure of the LAN section should some 'private cloud' service be exploited.
 
* Must offer a DMZ or other means to isolate services, a sandbox that limits exposure of the LAN section should some 'private cloud' service be exploited.
 +
* In fact, I would like to even isolate cloud services from each other; so a dropbox or chat service compromise can not jeopardize email, for example.
 +
* Bonus points for possibilities to run honeypots, VPNs, in a fully isolated environment.
  
Using ARM devices proved a little difficult since I could not find any/many with two NIC's, let alone more. A router like Carambola2 with OpenWRT offers two NICs plus wifi. This had my interest until I found a low-power dual core x86 board with 3x Gbit LAN for 155 euros: PC Engines ALIX.APU1C:
+
== The core hardware ==
* Compatible with x86
+
 
* 1GHz AMD SBC with 2 cores
+
Using ARM devices proved a little difficult since I could not find any/many with two NIC's, let alone more. A router like Carambola2 with OpenWRT offers two NICs plus wifi. This had/has my interest until I found a low-power dual core x86 board with 3x Gbit LAN for 155 euros: PC Engines ALIX.APU1C:
* 2 GB RAM
+
* Fully compatible with x86 so no OS change necessary
* SATA, mSATA, SDcard
+
* 1GHz AMD SBC with 2 cores & 2 GB RAM (non-expandable)
* Gigabit LAN x3
+
* SATA, mSATA, SDcard, 3x Gigabit LAN
 
* Mini PCIe Slots, Console port, GPIO pins   
 
* Mini PCIe Slots, Console port, GPIO pins   
* Virtualisation extensions, so can run Virtualbox etc.
+
* Virtualisation extensions, so can run KVM/Virtualbox etc.
 
* Power consumption still only 6-12 watts
 
* Power consumption still only 6-12 watts
  
This offers so much possibilities that I immediately ordered it. You can opt for running fully sandboxed machines as VMs, but also by adding small RasPi/Beaglebone-type machines to the DMZ NIC port. You have full flexibility. You have full I/O speed with this, unlike RasPi systems, and it is fully prepared for the future with gigabit.
+
[http://www.pcengines.ch/pic/apu1c1.jpg photo]
 +
 
 +
This offers so much possibilities that I immediately ordered it. You can opt for running fully sandboxed machines as VMs, but also by adding small RasPi/Beaglebone-type machines to the DMZ NIC port. You have full flexibility. You have full I/O speed with this, unlike RasPi systems, and it is fully prepared for the >100Mbit fibre future with gigabit NICs.
 +
 
 +
== Filling in the details ==
  
There are still some issues to be solved for my use case; like how to obtain the required fourth NIC. This can be done with a USB-based NIC, or by using VLAN. The questions of which OS, which VM platform, adding many additional SBC's or not. In the coming period I hope to find suitable solutions to these questions. I will also need to install all these new private cloud solutions I'm unfamiliar with, and I look forward to work together with the Closetbox crew to tackle such issues.
+
There are still some issues to be solved for my use case; like how to obtain the required fourth NIC. This can be done with an USB-based NIC, or by using VLANs. And the questions of which OS, which VM platform, which services, adding many additional SBC's or not. In the coming period I hope to find suitable answers to these questions. I will also need to install all these new private cloud solutions I'm unfamiliar with, and I look forward to work together with the Closetbox crew to tackle such issues, where we appear to converge.

Latest revision as of 03:20, 7 March 2014

Preface

As an alternative look on the closetbox proposed by Chotee and others, and sharing many similarities especially in regards to services and software with that, I went with a different approach, more aimed at power users/hackers than something you could give to your aunt/nephew to install in their closets for little money.

Requirements

My set of requirements is different / more demanding:

  • Can use two DSL/Cable lines parallel, not using channel bundling but as a means to limit downtime by redundancy, and preserve low latency despite high traffic.
  • Must offer a DMZ or other means to isolate services, a sandbox that limits exposure of the LAN section should some 'private cloud' service be exploited.
  • In fact, I would like to even isolate cloud services from each other; so a dropbox or chat service compromise can not jeopardize email, for example.
  • Bonus points for possibilities to run honeypots, VPNs, in a fully isolated environment.

The core hardware

Using ARM devices proved a little difficult since I could not find any/many with two NIC's, let alone more. A router like Carambola2 with OpenWRT offers two NICs plus wifi. This had/has my interest until I found a low-power dual core x86 board with 3x Gbit LAN for 155 euros: PC Engines ALIX.APU1C:

  • Fully compatible with x86 so no OS change necessary
  • 1GHz AMD SBC with 2 cores & 2 GB RAM (non-expandable)
  • SATA, mSATA, SDcard, 3x Gigabit LAN
  • Mini PCIe Slots, Console port, GPIO pins
  • Virtualisation extensions, so can run KVM/Virtualbox etc.
  • Power consumption still only 6-12 watts

photo

This offers so much possibilities that I immediately ordered it. You can opt for running fully sandboxed machines as VMs, but also by adding small RasPi/Beaglebone-type machines to the DMZ NIC port. You have full flexibility. You have full I/O speed with this, unlike RasPi systems, and it is fully prepared for the >100Mbit fibre future with gigabit NICs.

Filling in the details

There are still some issues to be solved for my use case; like how to obtain the required fourth NIC. This can be done with an USB-based NIC, or by using VLANs. And the questions of which OS, which VM platform, which services, adding many additional SBC's or not. In the coming period I hope to find suitable answers to these questions. I will also need to install all these new private cloud solutions I'm unfamiliar with, and I look forward to work together with the Closetbox crew to tackle such issues, where we appear to converge.