LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Virtualization and Cloud
User Name
Password
Linux - Virtualization and Cloud This forum is for the discussion of all topics relating to Linux Virtualization and Linux Cloud platforms. Xen, KVM, OpenVZ, VirtualBox, VMware, Linux-VServer and all other Linux Virtualization platforms are welcome. OpenStack, CloudStack, ownCloud, Cloud Foundry, Eucalyptus, Nimbus, OpenNebula and all other Linux Cloud platforms are welcome. Note that questions relating solely to non-Linux OS's should be asked in the General forum.

Notices

Reply
 
Search this Thread
Old 07-20-2013, 11:06 AM   #1
Zzipo
LQ Newbie
 
Registered: Mar 2013
Posts: 28

Rep: Reputation: Disabled
How to design my system? Global system + VMs (Security/Flexibility)


Hello,

I didn't know if this is correct here, because it is a mix between Virtualization - Installation(Desktop) - Security.

I have read about LUKS, but I don't know if it is too early to start considering it (maybe for the future).
I want to divide the HDD in the best possible way taking care of SECURITY - PERFORMANCE - FLEXIBILITY (probably all is impossible), but I am completely new to this.
I have experienced several problems combining grsec+virtualbox, so, I will need to change virtualbox with KVM (I have seen someone that make it works with grsec).
I don't know how to divide the workstation, I can differenciate four different tasks that I want to perform:
a) Free time: Reading emails (thunderbird) + surfing the Web + torrent + pdfs + latex + libreoffice + emacs
[Used everyday and 100% of the time]
b) Design: Gimp + Inkscape
[Used 1 of 15 days, but when used, for hours/days]
c) Developing: Java, PHP, Databases, CSS,... so, Apache, MySQl, Eclipse, Emacs
[Used everyday and 50-100% of the time]
d) Windows: specific apps and testing.
[Used 1 of 7 days, but when used, for hours]

So far, I am used to use archlinux with KDE + virtualbox with WindowsXP, and it is easy, but KDE is heavy and virtualbox doesn't work with grsec properly. I have discovered recently vagrant, and I don't know what would be the best approach.
I use emacs as my normal text editor for everything, and if I am going to divide in four different environments, maybe I will need to have a clone copy of emacs config in every env.

Global
---ArchLinux + grsec Kernel + iptables firewall + tomoyo
---Slim + awesome/xmonad
---KVM (shared folders for the different virtualmachines to connect globally to share resources if needed)
---Apps: thunderbird, firefox, torrents, okular (or others without KDE), latex, libreoffice, emacs?
***Q1) those apps are "heavy" and consume resources, but they are going to be used almost constantly, is it better this approach or create a different VM for them?
VirtualMachines for KVM
***Q2) Should be better to protect also every environment with a patched kernel with its own grsec?
------Design
---------ArchLinux vanilla (Security problems?)
---------Slim + awesome/xmonad
---------Apps: Gimp, Inkscape, video edition?
---------Problems: If I need other resources, surf web, edit text,... comfortable switch to global?
------Developing
---------ArchLinux vanilla (Security problems?)
---------Slim + awesome/xmonad
---------Apps: Use vagrant for different boxes for different developing environments, eclipse, emacs
---------Problems: If I need other resources, surf web, edit text,... comfortable switch to global?
------Windows
---------Win XP/7...

***Q3) I thought to use a really light global system to manage fluently all the different environments. What could be the best approach for my purpose?
***Q4) What is better considering both security ~ performance?
a) Global system with grsec + every VM with grsec
b) Global system with grsec + every VM vanilla
c) Global system vanilla + every VM with grsec
***Q5) If I want to use LUKS or truecrypt, what would be the best approach for my purposes? encryption of whole VM env?
I am not in a hurry, i accept every advice smile
Thank you in advance.
 
Old 07-30-2013, 10:25 AM   #2
dt64
Member
 
Registered: Sep 2012
Distribution: RHEL5/6, CentOS5/6
Posts: 141

Rep: Reputation: 18
If it's all about security, performance and flexibility for the host machine have a read of my other post at http://www.linuxquestions.org/questi...tc-4175471441/. As a host I'd recommend CentOS latest version in a minimal install plus needed components (e.g. libvirt, iptables etc pp) since it's rock solid, stable and has good support from upstream RHEL. This may or may not host your shared drives as well.

Add VMs as you require. Depending on your needs a VM with a Linux install of your choice may be enough for your day to day needs, and if you want to keep things separate you can just install a basic VM and clone it one or more times to get multiple VMs.

If you want to use Windows guests install paravirtualized drivers for HDD, network, grafics for better performance.
 
Old 07-30-2013, 01:46 PM   #3
MCMLXXIII
Member
 
Registered: Aug 2012
Distribution: [Desktop] Debian Wheezy, [Laptop #1] Ubuntu 12.04, [Laptop #2] openSUSE 13.1, [Netbook] CentOS 6.5
Posts: 60

Rep: Reputation: Disabled
In case you're unaware of it, this might be of assistance to you, at least from a potential design standpoint. It's a security by isolation setup via Xen hypervisor.

http://en.wikipedia.org/wiki/Qubes_OS
http://qubes-os.org/trac
https://groups.google.com/forum/#!forum/qubes-devel

I'm in the process of learning a bit more about QubesOS myself, so thought this was appropriate to your inquiry.

EDIT (Added new link):

Thought this article was post-worthy as it highlights the new direction and features of Qubes and their next release, QubesOS 2.

http://theinvisiblethings.blogspot.c...yssey-hal.html

Last edited by MCMLXXIII; 07-30-2013 at 02:37 PM. Reason: Added new link to Qubes article
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Regarding /etc/system of Non Global Zones rajaniyer123 Solaris / OpenSolaris 3 10-23-2008 06:32 PM
how to use ati graphics chipsets in qemu/other vms without driver in guest system lomix Linux - Hardware 4 04-17-2008 07:54 AM
How to share a ZFS file system between a global zone and a non global zone? crisostomo_enrico Solaris / OpenSolaris 7 11-28-2007 08:20 AM
System Security Design rojoraider82 Linux - Security 6 12-13-2006 12:09 PM
Over-the-top System security (bulletproof system) Dralnu Linux - Security 7 05-24-2006 01:07 PM


All times are GMT -5. The time now is 03:48 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration