MILLE-XTERM and LTSP
For security and administrative considerations, making isolated MILLE-XTERM components is possible. To gain the benefits of virtualization without performance drawbacks, Linux-VServer is the perfect alternative, although a few specific configurations are needed to install MILLE-XTERM inside a Linux-VServer. When installing a boot server in a vserver, it is not feasible to generate the initrd, unless the vserver has the CAP_SYS_ADMIN property set. The solution is to use a chroot on the host. Also, a user-space NFS server is used instead of the regular kernel-based nfsd. Finally, GDM on the application server will try to launch X inside a vserver, which is not needed. To correct this, append the --no-console option to the init script and it will listen only for network requests with no local host display.
When mastered, these few tricks allow you to add or remove application servers, copy existing application servers, back up and update them, and when satisfied with the changes, put them into production and duplicate them throughout the cluster, thereby elevating manageability to a higher level.
MILLE-XTERM can go further in a number of ways—beginning with security, or the lack thereof, as is the case of the XDMCP protocol. You can try it at home. Start an X session with Xnest and capture packets with ethereal. The following filter lets you view every keystroke typed:
x11.eventcode == 2
You could solve the problem with a local secure display manager that creates an SSH tunnel to encrypt the X11 traffic. Another possibility is to use OpenVPN between the terminal and the application server.
Almost every component of the MILLE-XTERM Project should be highly available. Work is in progress for the configurator (using slony replication for the PostgreSQL database). The boot servers (as well as the load balancer) will follow in order to have transparent failover (this can be achieved easily because their main functionality is as a read-only NFS server).
Optimizing the X protocol in order to save bandwidth is another interesting development. One can then use an X terminal with a simple broadband Internet connection. The next step for Linux terminals is NX/FreeNX. Last year, Linux Journal devoted five articles to the topic. NX clients would run locally on terminals, which would then require them to be added to the xtermroot in order to work.
Currently, more than 800 terminals are deployed with MILLE-XTERM at the Laval School District (one of the founders of the MILLE Project), and the plan is to deploy more than 1,000 additional terminals yearly (up to 75% of the existing computers will become X terminals).
We strongly believe that Linux terminals are the key solution that will allow school districts to provide a low-cost/high-quality desktop experience. With a cluster of Linux terminal servers, children can access the software they need to learn, create and be part of the Linux revolution.
The authors would like to thank the founders of the MILLE Project as well as the early adopters of the MILLE-XTERM solution:
Laval School District (www.cslaval.qc.ca): 800 terminals and still counting.
Mille Iles School District (www.cssmi.qc.ca): 300 terminals and still counting.
Grandes Seigneuries School District (www.csdgs.qc.ca): 100 terminals—pilot project.
Coeur des Vallées School District (www.cscv.qc.ca): 75 terminals—pilot project.
Affluents School District (www.csaffluents.qc.ca): pilot project.
Resources for this article: /article/9134.
Francis Giraldeau is an electrical engineer from the Université de Sherbrooke. He works for Revolution Linux while he completes his MSc degree in computer science. He has been devoting time and energy to the MILLE-XTERM Project for three years now. He can be reached at email@example.com.
Jean-Michel Dault (firstname.lastname@example.org) started his first Internet provider in 1994 using Linux. After a five-year stint at Mandriva, he is now cofounder and CTO of Revolution Linux.
Benoit des Ligneris completed his PhD in Physics at the Université de Sherbrooke where he developed his expertise in large systems (clusters) and scientific computing. He has been the chairman of the OSCAR (Open Source Cluster Application Resources) Project. He is now CEO of Revolution Linux.
|Using tshark to Watch and Inspect Network Traffic||Aug 31, 2015|
|Where's That Pesky Hidden Word?||Aug 28, 2015|
|A Project to Guarantee Better Security for Open-Source Projects||Aug 27, 2015|
|Concerning Containers' Connections: on Docker Networking||Aug 26, 2015|
|My Network Go-Bag||Aug 24, 2015|
|Doing Astronomy with Python||Aug 19, 2015|
- Problems with Ubuntu's Software Center and How Canonical Plans to Fix Them
- Concerning Containers' Connections: on Docker Networking
- A Project to Guarantee Better Security for Open-Source Projects
- Where's That Pesky Hidden Word?
- Firefox Security Exploit Targets Linux Users and Web Developers
- My Network Go-Bag
- Doing Astronomy with Python
- Build a “Virtual SuperComputer” with Process Virtualization
- diff -u: What's New in Kernel Development
- Three More Lessons