MILLE-XTERM and LTSP
For security and administrative considerations, making isolated MILLE-XTERM components is possible. To gain the benefits of virtualization without performance drawbacks, Linux-VServer is the perfect alternative, although a few specific configurations are needed to install MILLE-XTERM inside a Linux-VServer. When installing a boot server in a vserver, it is not feasible to generate the initrd, unless the vserver has the CAP_SYS_ADMIN property set. The solution is to use a chroot on the host. Also, a user-space NFS server is used instead of the regular kernel-based nfsd. Finally, GDM on the application server will try to launch X inside a vserver, which is not needed. To correct this, append the --no-console option to the init script and it will listen only for network requests with no local host display.
When mastered, these few tricks allow you to add or remove application servers, copy existing application servers, back up and update them, and when satisfied with the changes, put them into production and duplicate them throughout the cluster, thereby elevating manageability to a higher level.
MILLE-XTERM can go further in a number of ways—beginning with security, or the lack thereof, as is the case of the XDMCP protocol. You can try it at home. Start an X session with Xnest and capture packets with ethereal. The following filter lets you view every keystroke typed:
x11.eventcode == 2
You could solve the problem with a local secure display manager that creates an SSH tunnel to encrypt the X11 traffic. Another possibility is to use OpenVPN between the terminal and the application server.
Almost every component of the MILLE-XTERM Project should be highly available. Work is in progress for the configurator (using slony replication for the PostgreSQL database). The boot servers (as well as the load balancer) will follow in order to have transparent failover (this can be achieved easily because their main functionality is as a read-only NFS server).
Optimizing the X protocol in order to save bandwidth is another interesting development. One can then use an X terminal with a simple broadband Internet connection. The next step for Linux terminals is NX/FreeNX. Last year, Linux Journal devoted five articles to the topic. NX clients would run locally on terminals, which would then require them to be added to the xtermroot in order to work.
Currently, more than 800 terminals are deployed with MILLE-XTERM at the Laval School District (one of the founders of the MILLE Project), and the plan is to deploy more than 1,000 additional terminals yearly (up to 75% of the existing computers will become X terminals).
We strongly believe that Linux terminals are the key solution that will allow school districts to provide a low-cost/high-quality desktop experience. With a cluster of Linux terminal servers, children can access the software they need to learn, create and be part of the Linux revolution.
The authors would like to thank the founders of the MILLE Project as well as the early adopters of the MILLE-XTERM solution:
Laval School District (www.cslaval.qc.ca): 800 terminals and still counting.
Mille Iles School District (www.cssmi.qc.ca): 300 terminals and still counting.
Grandes Seigneuries School District (www.csdgs.qc.ca): 100 terminals—pilot project.
Coeur des Vallées School District (www.cscv.qc.ca): 75 terminals—pilot project.
Affluents School District (www.csaffluents.qc.ca): pilot project.
Resources for this article: /article/9134.
Francis Giraldeau is an electrical engineer from the Université de Sherbrooke. He works for Revolution Linux while he completes his MSc degree in computer science. He has been devoting time and energy to the MILLE-XTERM Project for three years now. He can be reached at firstname.lastname@example.org.
Jean-Michel Dault (email@example.com) started his first Internet provider in 1994 using Linux. After a five-year stint at Mandriva, he is now cofounder and CTO of Revolution Linux.
Benoit des Ligneris completed his PhD in Physics at the Université de Sherbrooke where he developed his expertise in large systems (clusters) and scientific computing. He has been the chairman of the OSCAR (Open Source Cluster Application Resources) Project. He is now CEO of Revolution Linux.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Ubuntu Online Summit
- Devuan Beta Release
- The Qt Company's Qt Start-Up
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- May 2016 Issue of Linux Journal
- The US Government and Open-Source Software
- Open-Source Project Secretly Funded by CIA
- The Death of RoboVM
- New Container Image Standard Promises More Portable Apps
- BitTorrent Inc.'s Sync
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide