MILLE-XTERM and LTSP
For security and administrative considerations, making isolated MILLE-XTERM components is possible. To gain the benefits of virtualization without performance drawbacks, Linux-VServer is the perfect alternative, although a few specific configurations are needed to install MILLE-XTERM inside a Linux-VServer. When installing a boot server in a vserver, it is not feasible to generate the initrd, unless the vserver has the CAP_SYS_ADMIN property set. The solution is to use a chroot on the host. Also, a user-space NFS server is used instead of the regular kernel-based nfsd. Finally, GDM on the application server will try to launch X inside a vserver, which is not needed. To correct this, append the --no-console option to the init script and it will listen only for network requests with no local host display.
When mastered, these few tricks allow you to add or remove application servers, copy existing application servers, back up and update them, and when satisfied with the changes, put them into production and duplicate them throughout the cluster, thereby elevating manageability to a higher level.
MILLE-XTERM can go further in a number of ways—beginning with security, or the lack thereof, as is the case of the XDMCP protocol. You can try it at home. Start an X session with Xnest and capture packets with ethereal. The following filter lets you view every keystroke typed:
x11.eventcode == 2
You could solve the problem with a local secure display manager that creates an SSH tunnel to encrypt the X11 traffic. Another possibility is to use OpenVPN between the terminal and the application server.
Almost every component of the MILLE-XTERM Project should be highly available. Work is in progress for the configurator (using slony replication for the PostgreSQL database). The boot servers (as well as the load balancer) will follow in order to have transparent failover (this can be achieved easily because their main functionality is as a read-only NFS server).
Optimizing the X protocol in order to save bandwidth is another interesting development. One can then use an X terminal with a simple broadband Internet connection. The next step for Linux terminals is NX/FreeNX. Last year, Linux Journal devoted five articles to the topic. NX clients would run locally on terminals, which would then require them to be added to the xtermroot in order to work.
Currently, more than 800 terminals are deployed with MILLE-XTERM at the Laval School District (one of the founders of the MILLE Project), and the plan is to deploy more than 1,000 additional terminals yearly (up to 75% of the existing computers will become X terminals).
We strongly believe that Linux terminals are the key solution that will allow school districts to provide a low-cost/high-quality desktop experience. With a cluster of Linux terminal servers, children can access the software they need to learn, create and be part of the Linux revolution.
The authors would like to thank the founders of the MILLE Project as well as the early adopters of the MILLE-XTERM solution:
Laval School District (www.cslaval.qc.ca): 800 terminals and still counting.
Mille Iles School District (www.cssmi.qc.ca): 300 terminals and still counting.
Grandes Seigneuries School District (www.csdgs.qc.ca): 100 terminals—pilot project.
Coeur des Vallées School District (www.cscv.qc.ca): 75 terminals—pilot project.
Affluents School District (www.csaffluents.qc.ca): pilot project.
Resources for this article: /article/9134.
Francis Giraldeau is an electrical engineer from the Université de Sherbrooke. He works for Revolution Linux while he completes his MSc degree in computer science. He has been devoting time and energy to the MILLE-XTERM Project for three years now. He can be reached at firstname.lastname@example.org.
Jean-Michel Dault (email@example.com) started his first Internet provider in 1994 using Linux. After a five-year stint at Mandriva, he is now cofounder and CTO of Revolution Linux.
Benoit des Ligneris completed his PhD in Physics at the Université de Sherbrooke where he developed his expertise in large systems (clusters) and scientific computing. He has been the chairman of the OSCAR (Open Source Cluster Application Resources) Project. He is now CEO of Revolution Linux.
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems
Join editor Bill Childers and Bit9's Paul Riegle on April 27 at 12pm Central to learn how to keep your Linux systems secure.
Free to Linux Journal readers.Register Now!
- New Products
- Security Hardening with Ansible
- diff -u: What's New in Kernel Development
- NSA: Linux Journal is an "extremist forum" and its readers get flagged for extra surveillance
- Monitoring Android Traffic with Wireshark
- New Products
- [<Megashare>] Watch Mrs Brown's Boys Movie Online Full Movie HD 2014
- Tech Tip: Really Simple HTTP Server with Python
- RSS Feeds
- ~Putlocker~2014 Watch Boyhood Online Streaming Full Movie