Virtual Appliance Marketplace

Features

Collegiate:
Yes

One-line Description:
Network Attached Storage (NAS) virtualization for multiple CIFS/SMB and Unix/SSH servers

Filename:
TrellisNBA-1.0.zip

Size Compressed:
16

Allocated Memory:
160

Username:
root

Password:
must select at first boot

VMware Tools Installed?:
Yes

Operating System:
Gentoo Linux 2.6.16

Applications:
Samba 3.0.21c,
OpenSSH 4.2p1,
PHP 4.4.2,
minihttpd 1.19,
elements from FreeNAS 0.66,
Trellis File System

Description:
1. What does the appliance do, and what are its uses and benefits to the intended audience in the VMware community. The judging panel is interested to know what is unique about this appliance, why users will want to download and run it, and how they will use it.
The Trellis NAS Bridge Appliance (Trellis NBA) is an appliance that makes it easier to access files from one location (i.e., a client) even though the files may be stored on different computers, different file servers, and different operating systems. The servers might also be under the control of different systems admnistrators. With Trellis NBA, files can be accessed by applications and interactively as if they were local files.
In many organizations, different groups and departments have their own file servers and Network-Attached Storage (NAS). If a user must work with the data from different groups and departments, it can be convenient to unify the user's access and view of the different file servers into a single, virtual file system. This is sometimes referred to as NAS virtualization.
Some of the technical challenges in NAS virtualization include dealing with heterogeneous file system protocols, security, and different administrative domains. How can one implement NAS virtualization without requiring special privileges or changing existing protocols?
The Trellis NBA uses protocol bridging to virtualize different file servers while maintaining security (without requiring super-user privileges). Some key ideas behind protocol bridging include that the original protocols (e.g., CIFS/SMB, SSH) are not modified and the bridge appliance translates and maps the semantics of one protocol onto another. The use of a variety of caching strategies aids the bridging process.
By using a virtual machine appliance approach, any software installation steps that require privilege (e.g. installing a Samba server on a privileged port) are encapsulated within the appliance. A user can run the appliance without requiring special privileges. The appliance is lightweight enough such that one instance of the appliance/server can be created for each user. Or, different users can share the same appliance.
The Trellis NBA is unique in providing the basic NAS virtualization functionality (with future plans to expand the protocols that can be bridged) in a small, ready-to-use appliance, courtesy of a solid base of existing open-source systems (e.g., Linux, SAMBA, OpenSSH), VM virtualization (i.e., VMWare), and our research into security and distributed file systems (i.e., Trellis).
With the rising popularity of laptops (for which superuser/administrative privileges are given to user accounts, thus making them untrusted by many systems administrators) and home machines (also, untrusted), the ability to access remote files via a file system (instead of via copy-in/copy-out) is a commonly desired feature. The Trellis NBA allows a file system to span such systems, while only requiring basic privileges (e.g., SSH access, the ability to CIFS/SMB mount; no need for NFS mounts, or similar)
Below are four use-case scenarios to help explain situations in which the Trellis NBA can provide a solution.
Use-Case Scenario 1:
I have a Windows machine/client at home. Some of my files are on a server at work. My work does not allow me to mount my folders directly on my home machine (usually for security reasons). But, I can Secure Shell into the server at work. Trellis NBA allows my Windows client at home to mount my folders/files from work so that I can directly use them with my applications. My alternative is to use, say, WinSCP to copy the files from work to home, work with them, and then (remember to) copy them back. With Trellis NBA, I simply mount and use, like a normal file server.
Use-Case Scenario 2:
I have a Linux machine/client at home. Some of my files are on a server at work. My work does not allow me to NFS mount my folders directly on my home machine (for security and performance reasons). But, I can Secure Shell into the server at work. Trellis NBA allows my Linux client at home to mount my folders/files from work so that I can directly use them with my applications. My alternative was to use, say, Secure Copy to copy the files from work to home, work with them, and then (remember to) copy them back. With Trellis NBA, I simply mount and use, like a normal file server.
Use-Case Scenario 3:
I have either a Windows or a Linux machine/client. I need to access some files from Department A on their Windows server. I need to access some files from Department B on their Unix server. Specifically, the Unix server will not allow me to NFS mount the files because of security reasons. With Trellis NBA, I can set it up so that I can mount and access files from *both* servers with one step.
Use-Case Scenario 4:
My work involves multiple, separate groups. Some groups have their own backups and some don't have backups at all. With Trellis NBA, all my data appears under a single Windows drive or Unix directory, greatly simplifying the backup process.
---------------------------------------------------------------------------------
2. How was the appliance built, summarizing the steps involved. Describe what optimizations were made, for example any changes you made to the underlying operating system to optimize it for size or functionality, or any special application configurations you made that increase the usefulness of the appliance.
The appliance was built from a standard Gentoo Linux distribution. We had many excellent Linux distributions to choose from. Ultimately, we choose Gentoo because of its customizability especially given our concern for the size of the appliance.
Heavy components such as desktops and window environments were not built in to reduce size.
The VMWare disk contains three partitions, a 85 MB boot partition that holds the kernel and boot loader, a 50 MB swap partition and a 7.5 GB root partition. We use GRUB to load the Linux kernel.
The root partition contains only those files necessary to support the appliance. Notable appliance utilities include a system logger (syslog-ng), a name service cache daemon (nscd), a DHCP client, and the VMWare tools suite. Other core packages include the mini-httpd SSL web server, PHP, the OpenSSH implementation of the SSH protocol, the Samba implementation of the CIFS/SMB protocol, and our custom bridging/caching Samba module.
To make the system as useful as possible it must be lean. Once all necessary packages were determined, they were copied to a second virtual disk. This disk then had GRUB added to it and was swapped in as the only primary disk. This allowed us to reduce the size of the appliance from several hundred MB to less than 20 MB compressed. The appliance has been optimized for both size and functionality. The appliance runs a name service caching daemon which will greatly reduce DNS load. The kernel does not contain any optimizations specific to a particular processor (for example: Athlon or Pentium); this will allow our appliance to run on the widest range of hardware.
--------------------------------------------------------------------------------
3. Detailed instructions to start using the Appliance and the location of any other documentation.
To begin using the appliance, boot it up. On the console, the user will required to provide a root password and password for the webGUI. The default username for the webGUI is 'trellis'. The webGUI password can be changed via the webGUI. For security, the root password can only changed on the console. Finally the IP address of the appliance is displayed to the console just before the login prompt. The IP address is determined by DHCP.
Once this basic setup is done, point a web browser to https://<ip address from console>. Please notice the 'https'. Simply login into the web GUI and follow the 3 steps that are in the left hand "Getting Started" menu. These simple steps are:
1) CREATE USERS AND GROUPS for the Trellis NBA appliance itself. These are the accounts that will be mounted by a client of the TNBA.
2) ADD SSH KEYS. One method of access to remote servers is SSH. We use ssh-agents and load keys into them to provide automatic access to remote systems.
Users securely provide private key files and passphrases to be loaded into SSH agents.
3) ADD REMOTE SERVERS. In this step, specify the remote systems that a user would like a created user to access by providing a fully qualified domain name of the server, a remote username and a share name or directory name. The user also chooses whether to use the SMB protocol (via Samba) or SSH to access the remote server. If they choose SMB, they must also provide your Samba password. If they choose SSH, the SSH keys provided in Step 2) will handle authentication.
Once these 3 steps are completed a user can access their remote directories. To begin browsing your remote directories, connect your CIFS/SMB client to the Trellis NBA Samba share. The share name on the appliance is called 'share'.
For Unix Users
To use smbclient: To use smbclient: smbclient -U <username on appliance> //192.168.107.200/share
To mount the Samba share: mount -t smbfs //<applicance_IP_address>/share <local_mount_point> -o username=<username_on_appliance> uid=<local_UNIX_uid> gid=<local_UNIX_gid> fmask=700
(e.g. sudo mount -t smbfs //192.168.107.200/share /mnt/smbvmr -o username=user1,uid=bill,gid=bgroup,fmask=700)
For Windows Users:
* From Windows Explorer, select Tools, Map Network Drive.
* Select "Connect using a different user name".
* Enter the username and password for the account you created in the web GUI.
* Use Folder: \<IP address from console>share
* If all goes well, you should see the mount point you created.
When a user lists the directory contents of the mount point they will see directories that correspond to each of the remote servers they specified above in Step 3). These directories behave like normal local directories, however by traversing and listing them they will see their remote files as if they were on the bridge appliance.
For example, the remote server myhome.mydomain.ca:/ accessed via the SSH protocol as user 'user1' would appear as a directory named
scp_user1@myhome.mydomain.ca
By cd'ing into that directory you will see the files on in the ROOT(/) directory on myhome.mydomain.ca. If the HOME directory were specified when the remote directory was set up, the directory name would be
scp_user1@myhome.mydomain.ca_ (note the underscore at the end).
and would access user1's home directory.
If the SMB protocol is specified the directory to access that server would be named
smb_user1@myhome.mydomain.ca_
The directory names are listed with the servers on the web GUI.
Once these steps are complete, users have access to their remote data as though it were local. Users can add and delete remote servers as their requirements change for however they are using Trellis NBA.
For documentation, there are similar instructions on the appliance itself under the Documentation menu. Also, you can check out the more comprehensive documentation on the Trellis NBA website: http://www.cs.ualberta.ca/~paullu/TrellisNBA/
-------------------------------------------------------------------------------
4. The names of any licensed operating systems, applications, or other components in your appliance, and the licenses (names or URLs) under which you are using them.
The main software components we are using are:
Gentoo Linux (kernel ver 2.6.16) - GPLv2
PHP-4.4.2 (http://www.php.net/license/3_01.txt)
mini_httpd-1.19 (http://www.acme.com/license.html)
Samba-3.0.21c (http://us4.samba.org/samba/docs/GPL.html)
OpenSSH 4.2p1 (http://www.openbsd.org/policy.html)
Trellis File System - GPL (http://www.cs.ualberta.ca/~paullu/Trellis/)
Our web GUI is based on FreeNAS (http://www.freenas.org/index.php?option=com_content&task=view&id=5&Itemi...)

Technical Specifications

Operating System:

Gentoo Linux 2.6.16

VMware Tools installed: No

Size: 16MB

Allocated Memory (RAM): 160

Applications Installed:

Samba 3.0.21c,
OpenSSH 4.2p1,
PHP 4.4.2,
minihttpd 1.19,
elements from FreeNAS 0.66,
Trellis File System

Virtual Appliance Account Information