Domain Driven Architecture

Seamless Notebookcloud

Autor: Michael Jerger
November 4, 2014

Tags: notebook, virtualbox, infrastructure, vmware, firewall

Whoever has started to develop with virtual machines will know the advantages after a short time . A short list of these advantages is:

  • Instant IDE for software development projects: Configuring an IDE is very time consuming. These efforts however are hidden in most cases. After the first install there will be a long ramp-up time till each developer has reached good efficiency.
  • Freedom: from the underlying hardware and operating system used. Developing with Linux, although on company computers only Windows is installed? Or do you want to use a Windows environment on a Mac operating system? All this is possible.
  • Riskless work with different configurations: Who can claim that he can fearlessly try a Tool xy - just as a short test? Often there will be left over parts from such test installations - maybe there is a config-file left, a dll or some changed package dependencies. Using VMs you can easily snapshot or copy your VM. So a save reset always is possible.
  • Tests for large infrastructures: You develop client / server software , or want to integrate web services? Do you want to research bugs from your production system? By using VMs this is all possible on your own computer, mobile and usable on the go.

However... there are some negative aspects also.

  • You are working parallel on several development projects and you are running an own VM for every project. This makes sense from project view because configuration times can be reduced. From your personal perspective, naturally you are in need of e-mail and maybe your browser favorites in all these VMs. Do you really want to configure this in all project VMs again and again? And you'll also have to keep all these copies up to date.
  • Performance Overhead: Using VM, a global performance overhead has to be expected. The resulting performance loss is nearly 10%. On modern systems that's not noticeable - but for true hackers this knowledge might be relevant.
  • Online/ Offline - complexity of networking: Configuring VMs in a static network environment is the one side. But I'm using my laptop while traveling and I'd like to have an easy way to run servers on it, take VMs from the office along and after finishing a server configuration on the road I want to be able to use it in a static network.

To get all this is not so easy. A short recapitulation of the requirements:

  • VMs need a name and should run interchangeably in a static network as well as mobile.
  • For performance optimization and against the dilemma of e-mail and browser favorites I'd like to work with remote-X.

The solution I found is (example from my own network, jerger.org):

  1. As a firewall in the static network I'm using pfSense , an open-BSD based distribution. Fortunately, pfSense includes a DHCP sever and a DNS forwarder and moreover it's really fast to setup.
  2. The DHCP server inscribes automatically registered computers in the DNS forwarder. With this name resolution in a static network is working comfortably.
  3. In this way my notebook is integrated in my home network.
  4. VMware is automatically starting several net devices - to communicate with the outside of the network I'm using VMnet8:
    • VMnet8 is connected with the host (3.) network by NAT.
    • In VMnet8, VMware has its own DHCP server assigning adresses.
    • By using VMware, VMnet8 is automatically connected with all available network connections. With VirtualBox, switching on an adequate network connection has to be done manual.
  5. Now the real trick: I'm using a second pfSense installation named "virtualFirewall" in its own, small VM. I'm using this virtualFirewall as a comfortable DHCP-/ DNS-Forwarder-Duo. For this
    • pfSense allocates only 256M hard disc and 256M ram
    • the virtualFirewall has the same domain like the static network (jerger.org in my case)
    • "DNS rebinding protection" shouldn't be activated (see http://forum.pfsense.org/index.php?topic=36444.0)
    • WAN side will be connected with VMnet8 and LAN side with VMnet1 (6.)
  6. The Host-Only-Net will be served by the DHCP service of the virtualFirewall. Though it's necessary:
    • The DHCP server, automatically started by VMware, has to be deactivated (for VM-Fusion the configuration exists under /Library/Preferences/VMware\ Fusion/networking).
    • By using VMware VMs are directly accessible on host. By using VirtualBox a little correction is required. (view http://www.dedoimedo.com/computers/virtualbox-network-sharing.html).
  7. All VMs can be used mobile as well as in the static network - by the same name (and for this by the same certificate, the same configuration, e.g.)

Like this, comfortable mobile work is possible.... and since I enjoy jauntily configuring my servers on my notebook first and after that putting them into the net ... that's the way work makes happy.

For those more visual, some screenshots from the virtualFirewall ... enjoy imitating!