01/13/051 Cheap, Easy Virtual Hosts for Web-Based Services Richard L. Goerwitz III.

Slides:



Advertisements
Similar presentations
About Me CTO, Individual Digital, Inc. (Startup) Author of ext/tidy, PHP 5 Unleashed, Zend Ent. PHP Patterns
Advertisements

Chapter 20 Oracle Secure Backup.
PlanetLab: An Overlay Testbed for Broad-Coverage Services Bavier, Bowman, Chun, Culler, Peterson, Roscoe, Wawrzoniak Presented by Jason Waddle.
Virtual Machine Technology Dr. Gregor von Laszewski Dr. Lizhe Wang.
1 Dynamic DNS. 2 Module - Dynamic DNS ♦ Overview The domain names and IP addresses of hosts and the devices may change for many reasons. This module focuses.
  Copyright 2003 by SPAN Technologies. Performance Assessments of Internet Systems By Kishore G. Kamath SPAN Technologies Testing solutions for the enterprise.
The Apache Web Server  Started in April 1996 as an open source multiplatform web server (Windows, FreeBSD, UNIX, and Linux compatible).  Now the world’s.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Apache : Installation, Configuration, Basic Security Presented by, Sandeep K Thopucherela, ECE Department.
SharePoint is only an application so it has to run on top of Windows Server Windows 2008 R2 SP1 or Windows 2012 Standard, Enterprise, or Data Center Still.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
VMware vCenter Server Module 4.
CVMFS: Software Access Anywhere Dan Bradley Any data, Any time, Anywhere Project.
Chapter 22 Web Hosting and Internet Servers Xuanxuan Su.
Securing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.
Talend 5.4 Architecture Adam Pemble Talend Professional Services.
Linux Operations and Administration
PROJECT IN COMPUTER SECURITY MONITORING BOTNETS FROM WITHIN FINAL PRESENTATION – SPRING 2012 Students: Shir Degani, Yuval Degani Supervisor: Amichai Shulman.
IT:Network:Applications Fall  Running one “machine” inside another “machine”  OS in Virtual machines sees ◦ CPU(s) ◦ Memory ◦ Disk ◦ USB ◦ etc.
31/10/2000NT Domain - AD Migration - JLab 2000 NT DOMAIN - ACTIVE DIRECTORY MIGRATION Michel Jouvin LAL Orsay
Windows Server MIS 424 Professor Sandvig. Overview Role of servers Performance Requirements Server Hardware Software Windows Server IIS.
VAP What is a Virtual Application ? A virtual application is an application that has been optimized to run on virtual infrastructure. The application software.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
A Practical Guide to Fedora and Red Hat Enterprise Linux Unit 10: Basic Apache Configuration and Management Chapter 26: Apache (httpd): Setting Up a Web.
Cloud computing is the use of computing resources (hardware and software) that are delivered as a service over the Internet. Cloud is the metaphor for.

26/4/2001VMware - HEPix - LAL 2001 Windows/Linux Coexistence : VMware Approach HEPix – LAL Apr Michel Jouvin
Tim Vander Kooi Systems
1 John Magee 9 November 2012 CS120 Lecture 17a: Publishing Web pages.
Work Report Presented by Sukant, Sanjay and Ganesh.
Practical Web Management Christopher Gutteridge IWMW 2009.
Yannick Patois – CVS and Autobuild tools at CCIN2P3 – hepix - October, n° 1 CVS setup at CC-IN2P3 and Datagrid edg- build tools CVS management,
Plesk for Windows Server Automation SWSOFT GLOBAL HOSTING SUMMIT 2006 Todd L. Crumpler May 30-June 1, 2006.
Cosc 4010 Sandboxing. Last lecture Last time, we covered chroot, which is a method to "sandbox" a problem. –Not full proof by any means. Many simple mistakes.
03/27/2003CHEP20031 Remote Operation of a Monte Carlo Production Farm Using Globus Dirk Hufnagel, Teela Pulliam, Thomas Allmendinger, Klaus Honscheid (Ohio.
MyPLC My Little PlanetLab Mark Huang
COMP1321 Digital Infrastructure Richard Henson February 2014.
Database-Driven Web Sites, Second Edition1 Chapter 5 WEB SERVERS.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
Support in setting up a non-grid Atlas Tier 3 Doug Benjamin Duke University.
Lieberman Software Random Password Manager & Two-Factor Authentication.
Tonido Cloud Private, Highly Scalable, Self-Hosted Cloud Storage/Sync Solution.
Apache Web Server Quick and Dirty for AfNOG 2015 (Originally by Joel Jaeggli for AfNOG 2007) ‏
Security monitoring boxes Andrew McNab University of Manchester.
Samba – Good Just Keeps Getting Better The new and not so new features available in Samba, and how they benefit your organization. Copyright 2002 © Dustin.
Sample School Website. What is wrong with the existing School Webspace Site? Can only host static pages – no dynamic content possible. Can not be edited.
Extra – Web Hosting/Server Intro Informatics Department Parahyangan Catholic University.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Facebook is a social utility that connects you with the people around you. Use Facebook to…  Keep up with friends and family  Share photos and videos.
High Availability Technologies for Tier2 Services June 16 th 2006 Tim Bell CERN IT/FIO/TSI.
Lecture 15 Page 1 CS 236 Online Evaluating Running Systems Evaluating system security requires knowing what’s going on Many steps are necessary for a full.
Aaron Corso COSC Spring What is LAMP?  A ‘solution stack’, or package of an OS and software consisting of:  Linux  Apache  MySQL  PHP.
Cloud Installation & Configuration Management. Outline  Definitions  Tools, “Comparison”  References.
APACHE INSTALL Linux: CentOS 6.5 WHAT IS APACHE Apache is an open source application which is governed by the GNU licensing for use and alteration of.
COMP1321 Digital Infrastructure Richard Henson March 2016.
Plesk 8 for Linux/UNIX Server Automation SWSOFT GLOBAL HOSTING SUMMIT 2006 Todd L. Crumpler May 30-June 1, 2006.
Berkeley Lab Software Distribution Site NLIT Dan Pulsifer - Engineering May 11 th, 2008.
UFIT Infrastructure Self-Service. Service Offerings And Changes Virtual Machine Hosting Self service portal Virtual Machine Backups Virtual Machine Snapshots.
Intro To Virtualization Mohammed Morsi
Web Technology Seminar
Chapter 7. Identifying Assets and Activities to Be Protected
Application or server monitoring
Apache web server Quick overview.
COP 4343 Unix System Administration
SUBMITTED BY: NAIMISHYA ATRI(7TH SEM) IT BRANCH
Virtualization overview
IIS.
Jerald Overstreet, GISP Server Portal SQL Manager Admin
Web Servers (IIS and Apache)
Presentation transcript:

01/13/051 Cheap, Easy Virtual Hosts for Web-Based Services Richard L. Goerwitz III

01/13/052 Are you... Flooded with requests for new web servers? –E.g., blogs, wikis –internal test boxes –sandboxes for classes, projects –front ends for apps (e.g., webmail) –dynamic/DB-driven sites for research –cross-institutional, collaborative sites

01/13/053 How Are You Responding? Buying lots and lots of hardware? –1U units –Blades –Re-purposed desktops Setting up virtual HTTP hosts? –Name-based (Apache) virtual hosts –IP-based virtual hosts Moving to virtual hardware? –VMWare –Other server virtualization solutions

01/13/054 Problems With These Responses Buying lots and lots of hardware: –Requires rack space, power, cooling –Costs $$; requires hardware, OS licenses –Means OS installs, more patching Setting up virtual HTTP hosts: –Creates two “single” points of failure –Offers “accounts,” not true sandboxes –Opens horrendous security holes Break-in on one vhost compromises all vhosts Users share single process space, database

01/13/055 More Problems Moving to virtual (VMWare) hardware: –Requires OS licenses, installs, patching, as with real servers –Uses as much disk space as real servers –Requires virtualization licenses and extra in-house expertise –Adds some virtualization overhead –(VMWare) performs poorly on fork/exec

01/13/056 What Have We Missed? Aha! We've missed one solution This solution requires: –Little (or no) additional hardware –Little additional disk space –Few (or no) additional OS licenses –No special virtualization software –No manual patching –No shared webservers or databases

01/13/057 Solution: Chrooted Hosts Unix programs may be chrooted, i.e., run from an alternate root directory Whole sets of programs may be run together from such a root directory Coupled with a basic filesystem, this alternate root can be made to look like a distinct “chrooted” host –Has its own /home, logging, daemons

01/13/058 Chrooted Web Hosts Look/act mostly like full web servers Offer relative security and isolation Serve as terrific sandboxes Can run Apache, database instances Can take remote SFTP xfers (SSHd) Utilize 400 meg apiece as a baseline Cheap!

01/13/059 But, but... Q: Don’t chrooted web hosts require a lot of time and skill to set up and maintain? A: Yes, and no –Setup mostly scripted at Carleton –Patching can also be automated –User credentials can be maintained centrally via LDAP

01/13/0510 But, but... (2) Q: Can't chrooted web hosts be “escaped,” compromising the parent host? A: Yes, but –Difficult (esp. with no /proc, suid stuff) –Requires some skill, compiler tools –Even so, unlikely—especially with strong monitoring and off-host logging

01/13/0511 But, but... (3) Can't one out-of-control chrooted web host impact the performance of all the others? A: Yes, and no –Sure, this can happen –But remember that daemons in chroots live in separate process space –So, a small cron job can go and auto-lower priorities of excessively busy processescron job

01/13/0512 How-To Part 1: Base Server Setup Install RedHat Enterprise Linux AS 2.1/3.x Add Apache, database, related modules Bind base server’s Apache, database, SSHd instances to base IP address Create virtual IP interfaces that chroots will later bind to (in a big batch) Create corresponding generic DNS names Set up LDAP authentication

01/13/0513 How-To Part 2: Template Setup (At Carleton this step is scripted) Run make_chrootenv utility –Reads list of software to go into chrootslist of software –Constructs master chroot template Check template to be sure it has all the desired software –Add software, recreate template as needed

01/13/0514 How-To Part 3: Host Setup Invoke copy_chrootenv utility to set up a new host –Bind to IP address set up earlier on –IP address should have a corresponding generic DNS name like WebHost-1...edu Create CNAME record for new host Add user accounts, software Verify SSHd, HTTPd, etc. startup

01/13/0515 Current Uses at Carleton Current uses for chrooted web hosts at Carleton include: –Blogs, wikis, webmailBlogswikiwebmail –Faculty projects Esternay –Various other one-off sites Caucus GIS (only viewable at Carleton)GIS

01/13/0516 Future Uses at Carleton Future uses of chrooted web hosts at Carleton may include: –Sandboxes for classes, student projects –More faculty projects –Cross-institutional, collaborative projects –On-demand hosts for anyone wanting a private dynamic and/or database-driven website

01/13/0517 Way Out Ideas Build a web interface that allows (e.g., faculty) to create chrooted web hosts on demand Automate setup, archiving, teardown of chrooted web hosts for classes Build a general interface for creating, archiving, and tearing down all chrooted hosts

01/13/0518 Conclusion Chrooted web hosts are not only cool; they've been a life saver: –Easy to set up, patch, maintain –Use little/no disk/rack space –Offer reasonable security –Cost virtually nothing –Help us greatly in meeting demand for web servers and web-based services

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.