Question: is it possible to boot an existing system remotely, and if so how do you do it? The case I'm looking at is someone who wishes to just take the disk out of their desktop machine, and install it in a server someplace else in the building (for security reasons, it will be in a different secure environment), but boot from it over the network.
So they would have a diskless workstation booting from their existing hard drive, but remotely.
Is this possible? Or is there some way of doing something which comes to the same thing? I wondered also if the right way to go about this is xdcmp and remote login from a very basic desktop machine?
Any suggestions gratefully received.
Peter
On Sun, Sep 04, 2011 at 08:56:50PM +0100, Peter Alcibiades wrote:
Question: is it possible to boot an existing system remotely, and if so how do you do it? The case I'm looking at is someone who wishes to just take the disk out of their desktop machine, and install it in a server someplace else in the building (for security reasons, it will be in a different secure environment), but boot from it over the network.
So they would have a diskless workstation booting from their existing hard drive, but remotely.
I suspect that it would be horribly slow.
Wouldn't a more sensible approach be to have a disk on the desktop machine to boot from but to put all the files which they want to be secure on an NFS mounted disk on the server. I.e. simply make /home an NFS mount, a very common set-up.
They'd just have to be careful to ensure that everything that needs security *is* on /home.
Is this possible? Or is there some way of doing something which comes to the same thing? I wondered also if the right way to go about this is xdcmp and remote login from a very basic desktop machine?
That's a similar approach but would be slower.
Modern Linux isn't really designed to run across a network as X was originally intended.
Chris, does the slowness apply if over the LAN not over the Internet?
Take your point about /home on a share. I must look up how to do this, do you know any guides?
Peter
On Monday 05 September 2011 09:40:33 Chris G wrote:
On Sun, Sep 04, 2011 at 08:56:50PM +0100, Peter Alcibiades wrote:
Question: is it possible to boot an existing system remotely, and if so how do you do it? The case I'm looking at is someone who wishes to just take the disk out of their desktop machine, and install it in a server someplace else in the building (for security reasons, it will be in a different secure environment), but boot from it over the network.
So they would have a diskless workstation booting from their existing hard drive, but remotely.
I suspect that it would be horribly slow.
Wouldn't a more sensible approach be to have a disk on the desktop machine to boot from but to put all the files which they want to be secure on an NFS mounted disk on the server. I.e. simply make /home an NFS mount, a very common set-up.
They'd just have to be careful to ensure that everything that needs security *is* on /home.
Is this possible? Or is there some way of doing something which comes to the same thing? I wondered also if the right way to go about this is xdcmp and remote login from a very basic desktop machine?
That's a similar approach but would be slower.
Modern Linux isn't really designed to run across a network as X was originally intended.
On Mon, Sep 05, 2011 at 04:24:59PM +0100, Peter Alcibiades wrote:
Chris, does the slowness apply if over the LAN not over the Internet?
Well to an extent yes. A local hard disk is a whole lot faster than even Gigabit networking (assuming a modern SATA hard disk that is of course).
Take your point about /home on a share. I must look up how to do this, do you know any guides?
It's very simple, firstly you need to have nfs-kernel-server installed on the server (this is the name in Debian/Ubuntu).
Then on the server edit the file /etc/exports, comments in the file show you what's needed, on my server called dps I have:-
/ 192.168.1.1/24(rw,no_root_squash,async,no_subtree_check)
On the client just mount the nfs drive in /etc/fstab:-
dps:/ /dps nfs _netdev,auto
Obviously this mounts the *whole* of the / filesystem on dps so that clients can see it, in your case you'd replace / with /home.
Take your point about /home on a share. I must look up how to do this, do you know any guides?
It's very simple, firstly you need to have nfs-kernel-server installed on the server (this is the name in Debian/Ubuntu).
Then on the server edit the file /etc/exports, comments in the file show you what's needed, on my server called dps I have:-
/ 192.168.1.1/24(rw,no_root_squash,async,no_subtree_check)On the client just mount the nfs drive in /etc/fstab:-
dps:/ /dps nfs _netdev,autoObviously this mounts the *whole* of the / filesystem on dps so that clients can see it, in your case you'd replace / with /home.
Is it really wise to be using this as an example ?
Peter if you are going the NFS route DO NOT follow Chris's example or the data you are trying to secure will be even more open than if you had left the disk in the local workstation. Better to read some NFS howto's and see how to add the minimal security NFS can actually offer.
Actually if the data is that sensitive then I wouldn't use NFS period.
Look at mounting the volume with sshfs...it will be slower than the NFS mount but it at least has some security.
Chris...I think posting an example that exports to an entire subnet without clearly expressing this is the case, particularly when the original request stated that this was a request for help in securing data not making it more open is..perhaps...a little irresponsible :)
On Wed, Sep 07, 2011 at 09:16:35AM +0100, Wayne Stallwood wrote:
Take your point about /home on a share. I must look up how to do this, do you know any guides?
It's very simple, firstly you need to have nfs-kernel-server installed on the server (this is the name in Debian/Ubuntu).
Then on the server edit the file /etc/exports, comments in the file show you what's needed, on my server called dps I have:-
/ 192.168.1.1/24(rw,no_root_squash,async,no_subtree_check)On the client just mount the nfs drive in /etc/fstab:-
dps:/ /dps nfs _netdev,autoObviously this mounts the *whole* of the / filesystem on dps so that clients can see it, in your case you'd replace / with /home.
Is it really wise to be using this as an example ?
Peter if you are going the NFS route DO NOT follow Chris's example or the data you are trying to secure will be even more open than if you had left the disk in the local workstation. Better to read some NFS howto's and see how to add the minimal security NFS can actually offer.
I don't *think* he means secure as in confidential, I think he means secure as in safely backed up. At least that is my reading of the original question.
As my example was (fairly obviously) from a LAN and the security is outside the LAN.
Actually if the data is that sensitive then I wouldn't use NFS period.
Look at mounting the volume with sshfs...it will be slower than the NFS mount but it at least has some security.
Chris...I think posting an example that exports to an entire subnet without clearly expressing this is the case, particularly when the original request stated that this was a request for help in securing data not making it more open is..perhaps...a little irresponsible :)
As I suggest above my understanding of the original request was for 'securing' in the sense of not losing data, not confidentiality. If I have misunderstood that then, yes, I quite agree.
On 04 Sep 20:56, Peter Alcibiades wrote:
Question: is it possible to boot an existing system remotely, and if so how do you do it? The case I'm looking at is someone who wishes to just take the disk out of their desktop machine, and install it in a server someplace else in the building (for security reasons, it will be in a different secure environment), but boot from it over the network.
Is the disk *extra* to that server, or would the server be booting from that image too?
If the disk is extra, export it via iscsi and get the diskless workstation have a PXE linux boot image that mounts the iscsi disks.
So they would have a diskless workstation booting from their existing hard drive, but remotely.
Is this possible? Or is there some way of doing something which comes to the same thing? I wondered also if the right way to go about this is xdcmp and remote login from a very basic desktop machine?
That's what we used to do, in the good ol' days.
Any suggestions gratefully received.
Peter
main@lists.alug.org.uk http://www.alug.org.uk/ http://lists.alug.org.uk/mailman/listinfo/main Unsubscribe? See message headers or the web site above!
-
Brett Parker -
Chris G -
Peter Alcibiades -
Wayne Stallwood