Wednesday, December 31, 2008

VMware, oh how I love virtual machines (and Linux)

I'm really getting to love virtual machines, except at work when the machines are blade servers running I-don't-know-what as a base OS connected to HP Blade Switches running who-the-F-programmed-this-train-wreck Layer 2 multipath chassis. Ugh. But that's another story for another time (and you can purchase IOS capable HP blade server switches and slide them right into the HP chassis. The new blade servers are configured in this way and they work splendidly. And they run IOS so you know how to do things like set up span ports without having to navigate some bizarre telenet command tree).

I digress. Yesterday at my favorite client on the Outer Banks I set up a new proxy server using wonderful free-as-in-speech Linux and it works spendidly. The company owner wanted to change the front desk Point of Sale computers into something more like a kiosk but he wanted the computers to remain able to visit "critcal" websites such as the Dare County government page so the employees could remain able find critical information about, say, evacuations of the island if a hurricane were knocking at the door.

This could have been accomplished using Content Adivor built into Internet Explorer (yes, the front desk machines run Winders.. sigh) but this approach would have required them maintain a list of "allowed" websites on each machine and adjust them as needed. In addition it would have done nothing to stop someone from installing another web browser (go Firefox!!) not to mention that Content Advisor is so easily bypassed it is just sad. But we're not talking about geeks running the front desk, mind you. These are retireees who do little more than contstantly do e-mail when they are supposed to be working and watching endless YouTube videos of their grandchildren.

So why not just set up a proxy server? I could block ports 80 and 443 outbound and allow only the proxy where I could build multiple levels of whitelists that would restrict users to specific websites. But there was a problem. The only machine that DID NOT run Windows was the office manager's Intel iMac. To complicate matters further that mac already ran a copy of Squidman that I use as a reverse SSH proxy to do remote support. Squidman is great but I'm not a fan of how the config files are maintained so I didn't want to go making that an unnesessarily complicated mess using Squidman to do all the proxying.

The solution was easy - install a new virtual machine using the already-existing VMware Fusion (which is currently running a XP virtual machine for reasons that I won't get into because it bothers me greatly). A quick download of the Debian netinstall ISO and a few clicks of the mouse and I had a fully functional, bare-bones Linux install. From there it was a simple 'apt-get install squid' (and ssh for remote login) and a vi of the /etc/squid/squid.conf and whitelist files and, poof, a fully functional proxy server was running.

Now it is time to find out if I squid supports the oddball color printer and assuming they do I'll have a print server running momentarily.

Linux as a server is just so darn easy to work with. True I could set up the print server on either a windows box or perhaps the Mac.. but why? Anything on Linux is so easily remotely supportable I can't see a reason not to set things up that way.

No comments: