[ale] Virtual machine questions for public use machines

Alex Carver agcarver+ale at acarver.net
Sat Jan 24 15:07:43 EST 2015 

On 2015-01-24 11:57, JD wrote:
> On 01/24/2015 02:25 PM, Alex Carver wrote:
>> I'm going to try a virtual machine experiment in the next few weeks with
>> some spare boxes at work but I'm having trouble figuring a couple things
>> out.
>>
>> First, is it possible to have a setup where the host OS (Linux) has no
>> GUI (console at most) and the guest OS (Windows) is all GUI that can
>> completely take over the screen to appear as if it was the host OS?
>>
>> If that's the case, can this be configured to happen at boot (system
>> boots, at end of boot guest is running on the whole screen)?
>>
>> Is there a VM host that can accept a signal (by cron, ssh session, etc.)
>> to kill a guest?  This is to kill the guest at night, delete the guest
>> container file and then make a copy of an archived container to
>> essentially start from scratch every day.
> 
> I think so, but from a security and usability standpoint, perhaps having a
> server and remote desktop (rdesktop is nice enough) to that server would be
> easier. Plus it saves on MSFT licenses, CALs, to only have 1 MSFT box to
> maintain (even if you are wiping it nightly).
> 
> This way, your deployed Linux client can be a highly specialized, tiny, TinyCore
> image with only enough networking and rdesktop to get to the other machine.
> Heck, you could PXE boot into TinyCore.  Even autostart rdesktop in full screen
> mode ... though I don't know how to prevent folks from alt-tab mischief ... er
> ... or just override that in the WM settings to null.
> 
> Of course, you can run as many MSFT installs or a terminal server inside KVM.
> That's how I'd do it.  If there is physical access, there is risk.

Doing a remote server/client is too much for this need.  These are
public use surfing boxes for users in a lab that are waiting for various
processes/experiments to finish.  We already have several sitewide
licenses for various versions of Windows.  There are currently three
surfing boxes but a VM design would let us put in a few more to handle
busy days.

The boxes themselves will be firewalled off to only talk to the outside
Internet, unable to reach any internal host so security in that sense is
not an issue.  The machines are also "disposable" meaning that any
compromise just ends up being solved with a wipe and reinstall.  The
resetting guest is to keep the system flushed so that settings changes,
stray files or anything else (e.g. malware in the browser) is dumped.

More information about the Ale mailing list