Testing confusa using a virtual machine image.

The following section describes how to import and run a preconfigured image of Confusa. The instance is in bypass-mode (thus bypassing the Feide-part), and you should not allow other hosts than the host-computer to connect unless you know what you are doing. You will also need a Comodo sub-account. This is the only part that is not fully configured as we don’t want to share our credentials with the world ;-)

The reason for providing a virtual image, is to make it easy to test out Confusa, to see how it can be configured, how it can be customized, branded, how admins can be managed etc. By doing this in a virtual server, you don’t run the risk of doing “something bad”. You also avoid the boring (and sometimes frustrating) work of installing, patching and configuring of the software.

Short introduction to virtualization.

Virtualization is when you set up a machine, for instance your desktop computer (or laptop if you’re feeling slightly masochistic), to run (multiple) servers. Each server will run as a “normal” server, believing that it is the only operating system on the machine.

This makes it simple to test out new software:

• You don’t “mess up” your computer. If a particular software requires lot of extra libraries to run, you not only have to install a lot of extra software, but you have to remove it when you’re done as well.
• You cannot always trust software you find on the ’Net. If you use a virtual machine to test it, and the software contains backdoors or other nasty things, you simply remove the virtual image and no harm can be done in the future.
• If the software is compromised and crackers gain access to your system, you can power down the vm without affecting other services. The vm-host will be unaffected, and the threat is eliminated.
• You spend a lot of time getting it to run, you configure it to perfection, only to realize that the software won’t be running on your desktop (or wherever you installed it). If you installed in a virtual server, you can simply move the image to another host and start the vm there. Voila! done.

Confusa and virtualization

The latter reason is the main motivation for providing a pre-installed image with Confusa. We know how to configure it, all you want to do, is to play with it.

To help you test Confusa, we have prepared an image of the latest stable release of Confusa. We use

virtualbox for our images:

• very user-friendly featuring a nice GUI, a wizard-like setup and the option of imporitng/exporting images.
• simple to administer port-forwarding (each host is hidden behind a NAT-network).
• rich set of CLI-commands for advanced users.
• runs on a multitude of platforms. A vm created on a debian-machine can be exported and set to run on a windows-machine.

Installing VirtualBox

The program and installation instructions can be found at: virtualbox.org

Finding and importing an image

A preconfigured image is available from download section. The versions are archived, check-summed and signed with the following PGP-key: 0xABF8E659

Download the archive and the detatched signature. To verify this, do the following:

gpg --recv-key ABF8E659
gpg --verify Casimir.tar.gz.sign Casimir.tar.gz

The result should be something like this:

$ gpg --verify Casimir.tar.gz.sig Casimir.tar.gz
gpg: Signature made Fri 26 Feb 2010 08:29:58 PM CET using DSA key ID ABF8E659

Once the image has been downloaded and verified, unpack it and import the image into VirtualBox (File → Import Appliance). You will be presented with a summary stating how much memory you want to assign to the server, how many CPUs, licensing etc.

Starting the server and configuring the network

1. start the server via the GUI
2. change default passwords (see the attached README in the package).
3. stop the server

The move on to configure the network

How to configure the network.

VirtualBox will, by default, manage the network for the hosts automatically. It will do so by giving each vm a local address (both IPv4 and IPv6), and then “hide” it behind a NAT-firewall.

To allow remote access to ports, you will have to tell VirtualBox which ports should go where. In this example we use port 2222 to address ssh (port 22) and 8443 to handle port 443 (SSL). We also assume that you haven’t changed the network-settings. Finally, we assume you imported the virtual image under the name ‘Casimir’

VBoxManage setextradata "Casimir" "VBoxInternal/Devices/pcnet/0/LUN#0/Config/ssh/HostPort" 2222
VBoxManage setextradata "Casimir" "VBoxInternal/Devices/pcnet/0/LUN#0/Config/ssh/GuestPort" 22
VBoxManage setextradata "Casimir" "VBoxInternal/Devices/pcnet/0/LUN#0/Config/ssh/Protocol" TCP

VBoxManage setextradata "Casimir" "VBoxInternal/Devices/pcnet/0/LUN#0/Config/apache2/HostPort" 8443
VBoxManage setextradata "Casimir" "VBoxInternal/Devices/pcnet/0/LUN#0/Config/apache2/GuestPort" 443
VBoxManage setextradata "Casimir" "VBoxInternal/Devices/pcnet/0/LUN#0/Config/apache2/Protocol" TCP

To affectuate this, you will (strangely enough) have to terminate all virtual servers running, and the restart the server(s).

Verify that you can log in remotely via ssh and that the server is accessible via https. If this is successful, you may want to shut down the server and start it in ‘headless mode’

VBoxManage startvm "Casimir" -type headless