How to design my system? Global system + VMs (Security/Flexibility)
Linux - Virtualization and CloudThis forum is for the discussion of all topics relating to Linux Virtualization and Linux Cloud platforms. Xen, KVM, OpenVZ, VirtualBox, VMware, Linux-VServer and all other Linux Virtualization platforms are welcome. OpenStack, CloudStack, ownCloud, Cloud Foundry, Eucalyptus, Nimbus, OpenNebula and all other Linux Cloud platforms are welcome. Note that questions relating solely to non-Linux OS's should be asked in the General forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How to design my system? Global system + VMs (Security/Flexibility)
Hello,
I didn't know if this is correct here, because it is a mix between Virtualization - Installation(Desktop) - Security.
I have read about LUKS, but I don't know if it is too early to start considering it (maybe for the future).
I want to divide the HDD in the best possible way taking care of SECURITY - PERFORMANCE - FLEXIBILITY (probably all is impossible), but I am completely new to this.
I have experienced several problems combining grsec+virtualbox, so, I will need to change virtualbox with KVM (I have seen someone that make it works with grsec).
I don't know how to divide the workstation, I can differenciate four different tasks that I want to perform:
a) Free time: Reading emails (thunderbird) + surfing the Web + torrent + pdfs + latex + libreoffice + emacs
[Used everyday and 100% of the time]
b) Design: Gimp + Inkscape
[Used 1 of 15 days, but when used, for hours/days]
c) Developing: Java, PHP, Databases, CSS,... so, Apache, MySQl, Eclipse, Emacs
[Used everyday and 50-100% of the time]
d) Windows: specific apps and testing.
[Used 1 of 7 days, but when used, for hours]
So far, I am used to use archlinux with KDE + virtualbox with WindowsXP, and it is easy, but KDE is heavy and virtualbox doesn't work with grsec properly. I have discovered recently vagrant, and I don't know what would be the best approach.
I use emacs as my normal text editor for everything, and if I am going to divide in four different environments, maybe I will need to have a clone copy of emacs config in every env.
Global
---ArchLinux + grsec Kernel + iptables firewall + tomoyo
---Slim + awesome/xmonad
---KVM (shared folders for the different virtualmachines to connect globally to share resources if needed)
---Apps: thunderbird, firefox, torrents, okular (or others without KDE), latex, libreoffice, emacs?
***Q1) those apps are "heavy" and consume resources, but they are going to be used almost constantly, is it better this approach or create a different VM for them?
VirtualMachines for KVM
***Q2) Should be better to protect also every environment with a patched kernel with its own grsec?
------Design
---------ArchLinux vanilla (Security problems?)
---------Slim + awesome/xmonad
---------Apps: Gimp, Inkscape, video edition?
---------Problems: If I need other resources, surf web, edit text,... comfortable switch to global?
------Developing
---------ArchLinux vanilla (Security problems?)
---------Slim + awesome/xmonad
---------Apps: Use vagrant for different boxes for different developing environments, eclipse, emacs
---------Problems: If I need other resources, surf web, edit text,... comfortable switch to global?
------Windows
---------Win XP/7...
***Q3) I thought to use a really light global system to manage fluently all the different environments. What could be the best approach for my purpose?
***Q4) What is better considering both security ~ performance?
a) Global system with grsec + every VM with grsec
b) Global system with grsec + every VM vanilla
c) Global system vanilla + every VM with grsec
***Q5) If I want to use LUKS or truecrypt, what would be the best approach for my purposes? encryption of whole VM env?
I am not in a hurry, i accept every advice smile
Thank you in advance.
If it's all about security, performance and flexibility for the host machine have a read of my other post at http://www.linuxquestions.org/questi...tc-4175471441/. As a host I'd recommend CentOS latest version in a minimal install plus needed components (e.g. libvirt, iptables etc pp) since it's rock solid, stable and has good support from upstream RHEL. This may or may not host your shared drives as well.
Add VMs as you require. Depending on your needs a VM with a Linux install of your choice may be enough for your day to day needs, and if you want to keep things separate you can just install a basic VM and clone it one or more times to get multiple VMs.
If you want to use Windows guests install paravirtualized drivers for HDD, network, grafics for better performance.
In case you're unaware of it, this might be of assistance to you, at least from a potential design standpoint. It's a security by isolation setup via Xen hypervisor.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.