FreeBoo: an Open Architecture for Network Dual Boot
Administrating large installations of computer desktops requires many tedious system reparations due to software updates, hardware fixes, user mistakes and viruses. To reduce costs, some enterprises adopt restrictive IT politics. But, if your business cannot afford a highly secure and restrictive environment, and you want to provide your many users with dual-boot capacity, desktop administration privileges and the possibility to execute a large amount of different software, you probably are using Rembo.
This article presents FreeBoo, an open architecture that provides you with a dual-boot system of secure desktop images. FreeBoo is based on network boot, provides image restoration and allows hot boot. With FreeBoo, any malicious software installation done on a desktop by a previous user can be overwritten seamlessly.
Many IT departments' efforts are dedicated to the time-consuming task of repairing end-user desktops. For this task, most IT systems use open-source imaging systems that exist today, such as SystemImager, partimage, FileZilla, clonezilla, Frisbee, rsync, rdiff-backup, ADIOS and so on, or their commercial equivalents, including Norton Ghost, Active, True Image and Image. All these tools create a compressed image of a client's hard drive data and save it in case a future data recovery is necessary. An image is the complete copy of a filesystem, and it usually is stored on a backup server. When image changes are small, incremental backup is used to improve performance.
Imaging systems use well-known IETF protocols to transfer data from client to server or vice versa. They also include many functionalities for image management, with easy-to-use GUIs. IT departments in charge of large installations also use them to clone OS images onto several identical computers and to update systems with new patches.
In general, this software requires a high level of expertise, works basically on-demand and runs with a client program. This last feature is very important, because it assumes that the client computer is executing with specific conditions. Typically, this means the client always executes the same operating system.
At our university, computer labs can boot either MS Windows or Linux operating systems, and students select the desired partition using Rembo. Other PC-compatible dual-boot options include Norton BootMagic, OSL2000 or the MSTBOOT commercial systems and the GRUB open-source software solution. But, none of these tools can dual boot from the network.
Rembo is the only existing tool that provides the option of restoring any of the computer's saved images. And, very important, once the image is recovered, the computer boots it directly. Rembo is a commercial evolution of the open-source BP Batch Project, recently integrated into the IBM Tivoli suite. Rembo introduces local disk caches for fast image restoration, is able to use multicast messages and can be programmed using the Rembo-C scripting language.
FreeBoo is proposed as an open-source, alternative solution to Rembo. Instead of open-source software, FreeBoo is an architecture built from many existing open-source programs. In fact, the number of new lines of code is insignificant. We have written only eight simple scripts and have used the urldecoder script authored by Heiner Steven. Figure 1 shows the global picture. The open protocols used include TFTP, DHCP, HTTP and NFS. And, the open-source code, running either on the server or client includes PXELinux, rsync, partimage, Apache, Netcat, links2 and gensplash. In Figure 1, you can see which program is executed at each computer site (client or server).
To illustrate the use of FreeBoo, let's assume the following scenario: ten or more desktops connected by LAN with a remote, non-accessible server room, using a PXE-compliant NIC. The desktops boot in three phases, as shown in Figure 2. The first phase is similar to a thin-client boot. In the second phase, the user selects a boot option, and the necessary image data is sent to the client. Finally, in the third phase, the client computer boots the user-selected OS.
|diff -u: What's New in Kernel Development||Sep 04, 2015|
|Android Candy: Copay—the Next-Generation Bitcoin Wallet||Sep 03, 2015|
|The True Internet of Things||Sep 02, 2015|
|September 2015 Issue of Linux Journal: HOW-TOs||Sep 01, 2015|
|September 2015 Video Preview||Sep 01, 2015|
|Using tshark to Watch and Inspect Network Traffic||Aug 31, 2015|
- diff -u: What's New in Kernel Development
- Using tshark to Watch and Inspect Network Traffic
- Problems with Ubuntu's Software Center and How Canonical Plans to Fix Them
- The True Internet of Things
- Android Candy: Copay—the Next-Generation Bitcoin Wallet
- September 2015 Issue of Linux Journal: HOW-TOs
- Firefox Security Exploit Targets Linux Users and Web Developers
- Concerning Containers' Connections: on Docker Networking
- Where's That Pesky Hidden Word?
- A Project to Guarantee Better Security for Open-Source Projects