File: case-studies.html

package info (click to toggle)
user-mode-linux-doc 20060501-3.1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 2,360 kB
  • sloc: makefile: 38; sh: 13
file content (427 lines) | stat: -rw-r--r-- 20,221 bytes parent folder | download | duplicates (5)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"
    "http://www.w3.org/TR/REC-html40/loose.dtd">
<html>
<head>
   <meta content="text/html; charset=iso-8859-1" http-equiv="Content-Type">
<title>UML in the real world</title>
</head>
<body alink="#FF0000" vlink="#55188A" link="#0000EF" bgcolor="#FFFFFF" text="#000099">
<table border="0">
<tr align="left">
<td valign="top">
<table border="0">

<tr align="left"><td valign="top" >
<img src="http://user-mode-linux.sourceforge.net/uml-small.png" height="171" width="120"/> 
</td></tr>

<tr align="left"><td valign="top" bgcolor="#e0e0e0">
<font size="-1"><a href="http://user-mode-linux.sourceforge.net/index.html">Site Home Page</a></font>
<br>
              <font size="-1"><a href="http://uml.harlowhill.com">The UML Wiki</a></font>
<br>
              <font size="-1"><a href="http://usermodelinux.org">UML Community Site</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/roadmap.html">The UML roadmap</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/uses.html">What it's good for</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/case-studies.html">Case Studies</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/kernel.html">Kernel Capabilities</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/dl-sf.html">Downloading it</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/run.html">Running it</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/compile.html">Compiling</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/install.html">Installation</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/skas.html">Skas Mode</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/patches.html">Incremental Patches</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/tests.html">Test Suite</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/devanon.html">Host memory use</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/fs_making.html">Building filesystems</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/faq.html">Troubles</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/contrib.html">User Contributions</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/links.html">Related Links</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/todo.html">The ToDo list</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/projects.html">Projects</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/diary.html">Diary</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/thanks.html">Thanks</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/contacts.html">Contacts</a></font>
</td></tr>

<tr align="left"><td valign="top" bgcolor="#e0e0e0">Tutorials<br>
<font size="-1"><a href="http://user-mode-linux.sourceforge.net/UserModeLinux-HOWTO.html">The HOWTO (html)</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/UserModeLinux-HOWTO.txt">The HOWTO (text)</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/hostfs.html">Host file access</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/input.html">Device inputs</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/shared_fs.html">Sharing filesystems</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/fs.html">Creating filesystems</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/resize.html">Resizing filesystems</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/networking.html">Virtual Networking</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/mconsole.html">Management Console</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/debugging.html">Kernel Debugging</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/honeypots.html">UML Honeypots</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/gprof.html">gprof and gcov</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/xtut.html">Running X</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/trouble.html">Diagnosing problems</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/config.html">Configuration</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/slack_readme.html">Installing Slackware</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/arch-port.html">Porting UML</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/iomem.html">IO memory emulation</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/2G-2G.html">UML on 2G/2G hosts</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/lksct/index.html">Adding a UML system call</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/nesting.html">Running nested UMLs</a></font>
</td></tr>

<tr align="left"><td valign="top" bgcolor="#e0e0e0">How you can help<br>
<font size="-1"><a href="http://user-mode-linux.sourceforge.net/help-gen.html">Overview</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/help-doc.html">Documentation</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/help-userspace.html">Utilities</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/help-kernel-v1.html">Kernel bugs</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/projects.html">Kernel projects</a></font>
</td></tr>

<tr align="left"><td valign="top" bgcolor="#e0e0e0">Screenshots<br>
<font size="-1"><a href="http://user-mode-linux.sourceforge.net/net.html">A virtual network</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/x.html">An X session</a></font>
</td></tr>

<tr align="left"><td valign="top" bgcolor="#e0e0e0">Transcripts<br>
<font size="-1"><a href="http://user-mode-linux.sourceforge.net/login.html">A login session</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/debug-session.html">A debugging session</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/slackinst.html">Slackware installation</a></font>
</td></tr>

<tr align="left"><td valign="top" bgcolor="#e0e0e0">Reference<br>
<font size="-1"><a href="http://user-mode-linux.sourceforge.net/switches.html">Kernel switches</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/slack_readme.html">Slackware README</a></font>
</td></tr>

<tr align="left"><td valign="top" bgcolor="#e0e0e0">Papers<br>
<font size="-1"><a href="http://user-mode-linux.sourceforge.net/als2000/index.html">ALS 2000 paper (html)</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/als2000.tex">ALS 2000 paper (TeX)</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/slides/als2000/slides.html">ALS 2000 slides</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/slides/lca2001/lca.html">LCA 2001 slides</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/slides/ols2001/index.html">OLS 2001 paper (html)</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/ols2001.tex">OLS 2001 paper (TeX)</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/als2001/index.html">ALS 2001 paper (html)</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/als2001.tex">ALS 2001 paper (TeX)</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/slides/ists2002/umlsec.htm">UML security (html)</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/slides/lca2002/lca2002.htm">LCA 2002 (html)</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/slides/wvu2002/wvu2002.htm">WVU 2002 (html)</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/slides/ists_rt/ists_rt.htm">Security Roundtable (html)</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/slides/ols2002/ols2002.html">OLS 2002 slides</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/slides/lwe2005/LWE2005.html">LWE 2005 slides</a></font>
</td></tr>

<tr align="left"><td valign="top" bgcolor="#e0e0e0">Fun and Games<br>
<font size="-1"><a href="http://user-mode-linux.sourceforge.net/cgi-bin/hangman">Kernel Hangman</a></font>
<br>
              <font size="-1"><a href="http://user-mode-linux.sourceforge.net/sdotm.html">Disaster of the Month</a></font>
</td></tr>

</table>
</td>
<td valign="top" align="left">

<center>
            <h3>UML in the real world</h3>
          </center>

The purpose of this section is to let UML users describe what they're
doing with it and how they're doing it.  This eventually (when there's
a wider variety of cases here) will let everyone see the breadth of
UML applications, and provide people who are interested in a specific
use with the information needed to implement it.
<p>
If you have a use for UML that you'd like to share, write it up,
including the following information
<ul>
<li>
the problem that you're solving - and saying &quot;I'm doing this wierd
thing because I can&quot; is perfectly acceptable.  That's more or less
how UML came into existence.
</li>
<li>
how you're using UML to solve it
</li>
<li>
how well it's working, including solutions or workarounds to any
problems you encountered
</li>
</ul>
and <a href="contacts.html">send it in</a>.
<p>
This is intended to be a collection of HOWTO material at least as much
as it's intended to be an advertisement for UML, so it would
definitely be a bonus to include HOWTO-like step-by-step instructions.
It could either be hosted on this site or linked from here back to
your site.
<p>
<a name="UML as an augmented firewall"/><table width="100%" bgcolor="#e0e0e0">
            <tr>
              <td>
                <b>
                  <font color="black">UML as an augmented firewall</font>
                </b>
              </td>
            </tr>
          </table>
          <blockquote head="UML as an augmented firewall">
<b>
From : Jon Wright (jon at gate dot sinica dot edu dot tw)<br>
Date : 7 Sep 2001
</b>
<p>

I work for Prof Carmay Lim in the Institute of Biomedical Sciences,
Academia Sinica, Taipei, Taiwan
<p>
<a href="http://www.sinica.edu.tw">
http://www.sinica.edu.tw</a>
<br>
<a href="http://www.ibms.sinica.edu.tw/~jon">
http://www.ibms.sinica.edu.tw/~jon</a>
<p>

We're a structural and bioinfomatics group.
Basically on site we have about 10 Linux workstations, a 30 cpu beowulf,
and a couple of nfs fileservers all ip-masqed behind a single firewall.
<p>

We also have a group at National ChingHwa university at another city. We
need to provide access to our beowulf and other services to the students
but we don't want to allow direct connections to our firewall. Instead of
having direct connections to the firewall which if cracked gives access to
the internal network device and hence allows network sniffers, we boot a
UML kernel on the firewall itself and, using the slip networking (this was
set up 6 months ago - now we are looking at the tap interface), network the
UML kernel.
<p>

The host firewall accepts no syn packets at all on its external 
IP address. All syn packets must be directed to the UML kernel IP address
to be accepted.
<p>

The UML system offers sshd, hhtpd, anon-ftp (oftpd) to everywhere, the
firewall only offers sshd and squid to the internal network and nothing to
the external network.
<p>

Students use ssh to logon on to the UML kernel using a generic name such
as user001, From there they can issue a second ssh command to the
internal network machines (ssh -l fred 192.168.0.140). We don't use the
same usernames or passwords on the UML system as the internal systems so
if someone does get UML account details, it won't help too much for
guessing usernames/passwords for the internal machines. We don't even list
the internal machines in the hosts file. 
<p>

The firewall itself only allows connections from the UML machine to
internal machines on port 22 (set with ipchains) so if someone cracks the
UML machine they can not portscan the internal machines. The UML machine
does not contain a compiler, and many files/executables such as who, w,
ping, traceroute are read/write/execute for root only. We run tripwire
every night and email the report out, but we don't allow incoming email. If
fact, the host firewall only allows connections to the UML machine on
needed ports such as 22,80,21
<p>

The main purpose of the UML system is to provide a secure restricted
machine that offers limited external services and onward ssh connections
to our internal machines but does not allow any access to the network
devices themselves. (We don't allow loadable modules and we don't compile
hostfs)
<p>

Also being a 700mb file we can keep a compressed root file on cdrom and
use it to compare to the live one now and again and if need be restore
things using the host kernel.
<p>

All in all this is working very well for us at the moment. In fact, the
hardest part is organising all the ipchains rules on the host system so
that we limit what type of connections go where. For that we found
excellent help in the ipchains-howto, they used about 4 different
machines to provide firewall and external services while we saved on
hardware using one machine that worked as two. While other people can
probably pick some holes in this setup (I am not a pro ssyadmin) I haven't
seen any glaringly big holes - we have to allow the students access
somehow and having the external services on a system that does not have
direct access to hardware is a big bonus.
<p>

Many thanks for such a great tool

</blockquote>

<a name="An implementation of a teaching network with UML"/><table width="100%" bgcolor="#e0e0e0">
            <tr>
              <td>
                <b>
                  <font color="black">An implementation of a teaching network with UML</font>
                </b>
              </td>
            </tr>
          </table>
          <blockquote head="An implementation of a teaching network with UML">
<b>
Virtual Network Laboratory - Christchurch Polytechnic Institute of
Technology (CPIT),  New Zealand:  A detailed Case Study HowTo.
<p>
William McEwan (Scottish exile), School of Computing, CPIT, New
Zealand.
<br>
mcewanw at hermes dot chchpoly dot ac dot nz
<p>
8 September 2001 
</b>
<p>
&quot;A problem with teaching data communications in an educational
institution is that there is always an inherent danger of data comms
experiments interfering with the normal operation of the campus
network.  Many institutions have traditionally simply avoided much in
the way of practical data comms laboratory work.  With the growing
importance of internetworking in general this is obviously an
unsatisfactory situation.  With campus network infrastractures already
in place and centralised administration of IT established, it often
proves difficult (and expensive) to implement new network laboratories
that are sufficiently flexible and sufficiently isolated from the
normal campus&quot;. 
<br>
[The above is extracted from a paper presented by this author: McEwan,
W. (2001) &quot;Using Academic Research Methodologies to Improve the
Quality of Teaching: A Case Study&quot;. In Proc. Fourteenth Annual
Conference of the NACCQ, Napier, New Zealand: 83-93] 
<p>
Introduction
<br>
With the above problems in mind, I am in the process of creating a
virtual network laboratory, using uml virtual machines.  This work, at
the School of Computing, CPIT, NZ, is one of the key components in our
implementation of a &quot;data comms and operating systems&quot; teaching and
research laboratory.  The uml configuration currently in active use in
our data comms teaching is illustrated below 
(<a href="text/cpit.txt">text version</a>):
<img height="506" width="642" src="cpitnet.png">
The virtual network laboratory is implemented on a 1 GHz Pentium III
system having 384 MBytes of RAM and a 20 GByte hard disk. The host
operating system is Redhat Linux 7.1 with a 512 MB swap partition.  In
all, the virtual net consists of 20 virtual hosts sitting on 10
(sub)subnets connecting via one virtual router to our campus network
(and thence out to the Internet) as shown.  The CPIT campus has been
assigned a class B address space which is subnetted into class C
address ranges (i.e. subnet mask=255.255.255.0).  One of these /24
subnets has been allocated for this virtual lan server.  On the
virtual network side of this lan the range is further /28 subnetted as
shown (i.e. netmask=255.255.255.240). 
<p>
The current implementation uses the small debian uml root_fs.  Using
debian package manager (dpkg) I have additionally installed telnetd so
that students can log in remotely.  On the real host we have the
mindterm ssh client applet served by a running apache web server to
allow ssh login to that machine.  We also have the free weirdx X
server applet served from the same machine. It is a great combination!
I shortly intend experimenting with X and ssh using the uml Linux
RH7.1 pristine root_fs in place of the small debian one. 
<p>
One advantage of the above configuration, where one of the virtual
machines is used as a router, is that that machine can be configured
as a firewall effectively sandboxing the virtual network users into
the virtual lab (whilst allowing inward telnet or ssh traffic and
anything out as desired). 
<p>
<a href="cpit.html">Details of building the
network...</a>
</blockquote>

<a name="Automated testing of FreeS/WAN with UML"/><table width="100%" bgcolor="#e0e0e0">
            <tr>
              <td>
                <b>
                  <font color="black">Automated testing of FreeS/WAN with UML</font>
                </b>
              </td>
            </tr>
          </table>
          <blockquote head="Automated testing of FreeS/WAN with UML">
For quite a while, the FreeS/WAN project has been using virtual
networks of UMLs to test their code.  Michael Richardson gave a talk
at OLS 2002 on what they're doing and how they're doing it.  The
slides are available at 
<a href="http://www.sandelman.ca/SSW/freeswan/fsumltesting/">
http://www.sandelman.ca/SSW/freeswan/fsumltesting/
</a>.
</blockquote>


</td>
</tr>
</table>

<center>
<font size="-1">Hosted at </font>
    <a href="http://sourceforge.net">
    <img src="http://sourceforge.net/sflogo.php?group_id=429" width="88" height="31" border="0" alt="SourceForge Logo">
    </a>
</center>
</body>
</html>