/usr/share/doc/user-mode-linux-doc/html/case-studies.html is in user-mode-linux-doc 20060501-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 | <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"
"http://www.w3.org/TR/REC-html40/loose.dtd">
<html>
<head>
<meta content="text/html; charset=iso-8859-1" http-equiv="Content-Type">
<title>UML in the real world</title>
</head>
<body alink="#FF0000" vlink="#55188A" link="#0000EF" bgcolor="#FFFFFF" text="#000099">
<table border="0">
<tr align="left">
<td valign="top">
<table border="0">
<tr align="left"><td valign="top" >
<img src="uml-small.png" height="171" width="120"/>
</td></tr>
<tr align="left"><td valign="top" bgcolor="#e0e0e0">
<font size="-1"><a href="index.html">Site Home Page</a></font>
<br>
<font size="-1"><a href="http://uml.harlowhill.com">The UML Wiki</a></font>
<br>
<font size="-1"><a href="http://usermodelinux.org">UML Community Site</a></font>
<br>
<font size="-1"><a href="roadmap.html">The UML roadmap</a></font>
<br>
<font size="-1"><a href="uses.html">What it's good for</a></font>
<br>
<font size="-1"><a href="case-studies.html">Case Studies</a></font>
<br>
<font size="-1"><a href="kernel.html">Kernel Capabilities</a></font>
<br>
<font size="-1"><a href="http://user-mode-linux.sourceforge.net/dl-sf.html">Downloading it</a></font>
<br>
<font size="-1"><a href="run.html">Running it</a></font>
<br>
<font size="-1"><a href="compile.html">Compiling</a></font>
<br>
<font size="-1"><a href="install.html">Installation</a></font>
<br>
<font size="-1"><a href="skas.html">Skas Mode</a></font>
<br>
<font size="-1"><a href="patches.html">Incremental Patches</a></font>
<br>
<font size="-1"><a href="tests.html">Test Suite</a></font>
<br>
<font size="-1"><a href="devanon.html">Host memory use</a></font>
<br>
<font size="-1"><a href="fs_making.html">Building filesystems</a></font>
<br>
<font size="-1"><a href="faq.html">Troubles</a></font>
<br>
<font size="-1"><a href="contrib.html">User Contributions</a></font>
<br>
<font size="-1"><a href="links.html">Related Links</a></font>
<br>
<font size="-1"><a href="todo.html">The ToDo list</a></font>
<br>
<font size="-1"><a href="projects.html">Projects</a></font>
<br>
<font size="-1"><a href="diary.html">Diary</a></font>
<br>
<font size="-1"><a href="thanks.html">Thanks</a></font>
<br>
<font size="-1"><a href="contacts.html">Contacts</a></font>
</td></tr>
<tr align="left"><td valign="top" bgcolor="#e0e0e0">Tutorials<br>
<font size="-1"><a href="UserModeLinux-HOWTO.html">The HOWTO (html)</a></font>
<br>
<font size="-1"><a href="UserModeLinux-HOWTO.txt.gz">The HOWTO (text)</a></font>
<br>
<font size="-1"><a href="hostfs.html">Host file access</a></font>
<br>
<font size="-1"><a href="input.html">Device inputs</a></font>
<br>
<font size="-1"><a href="shared_fs.html">Sharing filesystems</a></font>
<br>
<font size="-1"><a href="fs.html">Creating filesystems</a></font>
<br>
<font size="-1"><a href="resize.html">Resizing filesystems</a></font>
<br>
<font size="-1"><a href="networking.html">Virtual Networking</a></font>
<br>
<font size="-1"><a href="mconsole.html">Management Console</a></font>
<br>
<font size="-1"><a href="debugging.html">Kernel Debugging</a></font>
<br>
<font size="-1"><a href="honeypots.html">UML Honeypots</a></font>
<br>
<font size="-1"><a href="gprof.html">gprof and gcov</a></font>
<br>
<font size="-1"><a href="xtut.html">Running X</a></font>
<br>
<font size="-1"><a href="trouble.html">Diagnosing problems</a></font>
<br>
<font size="-1"><a href="config.html">Configuration</a></font>
<br>
<font size="-1"><a href="slack_readme.html">Installing Slackware</a></font>
<br>
<font size="-1"><a href="arch-port.html">Porting UML</a></font>
<br>
<font size="-1"><a href="iomem.html">IO memory emulation</a></font>
<br>
<font size="-1"><a href="2G-2G.html">UML on 2G/2G hosts</a></font>
<br>
<font size="-1"><a href="http://user-mode-linux.sourceforge.net/lksct/index.html">Adding a UML system call</a></font>
<br>
<font size="-1"><a href="nesting.html">Running nested UMLs</a></font>
</td></tr>
<tr align="left"><td valign="top" bgcolor="#e0e0e0">How you can help<br>
<font size="-1"><a href="help-gen.html">Overview</a></font>
<br>
<font size="-1"><a href="help-doc.html">Documentation</a></font>
<br>
<font size="-1"><a href="help-userspace.html">Utilities</a></font>
<br>
<font size="-1"><a href="help-kernel-v1.html">Kernel bugs</a></font>
<br>
<font size="-1"><a href="projects.html">Kernel projects</a></font>
</td></tr>
<tr align="left"><td valign="top" bgcolor="#e0e0e0">Screenshots<br>
<font size="-1"><a href="net.html">A virtual network</a></font>
<br>
<font size="-1"><a href="x.html">An X session</a></font>
</td></tr>
<tr align="left"><td valign="top" bgcolor="#e0e0e0">Transcripts<br>
<font size="-1"><a href="login.html">A login session</a></font>
<br>
<font size="-1"><a href="debug-session.html">A debugging session</a></font>
<br>
<font size="-1"><a href="slackinst.html">Slackware installation</a></font>
</td></tr>
<tr align="left"><td valign="top" bgcolor="#e0e0e0">Reference<br>
<font size="-1"><a href="switches.html">Kernel switches</a></font>
<br>
<font size="-1"><a href="slack_readme.html">Slackware README</a></font>
</td></tr>
<tr align="left"><td valign="top" bgcolor="#e0e0e0">Papers<br>
<font size="-1"><a href="http://user-mode-linux.sourceforge.net/als2000/index.html">ALS 2000 paper (html)</a></font>
<br>
<font size="-1"><a href="http://user-mode-linux.sourceforge.net/als2000.tex">ALS 2000 paper (TeX)</a></font>
<br>
<font size="-1"><a href="http://user-mode-linux.sourceforge.net/slides/als2000/slides.html">ALS 2000 slides</a></font>
<br>
<font size="-1"><a href="http://user-mode-linux.sourceforge.net/slides/lca2001/lca.html">LCA 2001 slides</a></font>
<br>
<font size="-1"><a href="http://user-mode-linux.sourceforge.net/slides/ols2001/index.html">OLS 2001 paper (html)</a></font>
<br>
<font size="-1"><a href="http://user-mode-linux.sourceforge.net/ols2001.tex">OLS 2001 paper (TeX)</a></font>
<br>
<font size="-1"><a href="http://user-mode-linux.sourceforge.net/als2001/index.html">ALS 2001 paper (html)</a></font>
<br>
<font size="-1"><a href="http://user-mode-linux.sourceforge.net/als2001.tex">ALS 2001 paper (TeX)</a></font>
<br>
<font size="-1"><a href="http://user-mode-linux.sourceforge.net/slides/ists2002/umlsec.htm">UML security (html)</a></font>
<br>
<font size="-1"><a href="http://user-mode-linux.sourceforge.net/slides/lca2002/lca2002.htm">LCA 2002 (html)</a></font>
<br>
<font size="-1"><a href="http://user-mode-linux.sourceforge.net/slides/wvu2002/wvu2002.htm">WVU 2002 (html)</a></font>
<br>
<font size="-1"><a href="http://user-mode-linux.sourceforge.net/slides/ists_rt/ists_rt.htm">Security Roundtable (html)</a></font>
<br>
<font size="-1"><a href="http://user-mode-linux.sourceforge.net/slides/ols2002/ols2002.html">OLS 2002 slides</a></font>
<br>
<font size="-1"><a href="http://user-mode-linux.sourceforge.net/slides/lwe2005/LWE2005.html">LWE 2005 slides</a></font>
</td></tr>
<tr align="left"><td valign="top" bgcolor="#e0e0e0">Fun and Games<br>
<font size="-1"><a href="http://user-mode-linux.sourceforge.net/cgi-bin/hangman">Kernel Hangman</a></font>
<br>
<font size="-1"><a href="sdotm.html">Disaster of the Month</a></font>
</td></tr>
</table>
</td>
<td valign="top" align="left">
<center>
<h3>UML in the real world</h3>
</center>
The purpose of this section is to let UML users describe what they're
doing with it and how they're doing it. This eventually (when there's
a wider variety of cases here) will let everyone see the breadth of
UML applications, and provide people who are interested in a specific
use with the information needed to implement it.
<p>
If you have a use for UML that you'd like to share, write it up,
including the following information
<ul>
<li>
the problem that you're solving - and saying "I'm doing this wierd
thing because I can" is perfectly acceptable. That's more or less
how UML came into existence.
</li>
<li>
how you're using UML to solve it
</li>
<li>
how well it's working, including solutions or workarounds to any
problems you encountered
</li>
</ul>
and <a href="contacts.html">send it in</a>.
<p>
This is intended to be a collection of HOWTO material at least as much
as it's intended to be an advertisement for UML, so it would
definitely be a bonus to include HOWTO-like step-by-step instructions.
It could either be hosted on this site or linked from here back to
your site.
<p>
<a name="UML as an augmented firewall"/><table width="100%" bgcolor="#e0e0e0">
<tr>
<td>
<b>
<font color="black">UML as an augmented firewall</font>
</b>
</td>
</tr>
</table>
<blockquote head="UML as an augmented firewall">
<b>
From : Jon Wright (jon at gate dot sinica dot edu dot tw)<br>
Date : 7 Sep 2001
</b>
<p>
I work for Prof Carmay Lim in the Institute of Biomedical Sciences,
Academia Sinica, Taipei, Taiwan
<p>
<a href="http://www.sinica.edu.tw">
http://www.sinica.edu.tw</a>
<br>
<a href="http://www.ibms.sinica.edu.tw/~jon">
http://www.ibms.sinica.edu.tw/~jon</a>
<p>
We're a structural and bioinfomatics group.
Basically on site we have about 10 Linux workstations, a 30 cpu beowulf,
and a couple of nfs fileservers all ip-masqed behind a single firewall.
<p>
We also have a group at National ChingHwa university at another city. We
need to provide access to our beowulf and other services to the students
but we don't want to allow direct connections to our firewall. Instead of
having direct connections to the firewall which if cracked gives access to
the internal network device and hence allows network sniffers, we boot a
UML kernel on the firewall itself and, using the slip networking (this was
set up 6 months ago - now we are looking at the tap interface), network the
UML kernel.
<p>
The host firewall accepts no syn packets at all on its external
IP address. All syn packets must be directed to the UML kernel IP address
to be accepted.
<p>
The UML system offers sshd, hhtpd, anon-ftp (oftpd) to everywhere, the
firewall only offers sshd and squid to the internal network and nothing to
the external network.
<p>
Students use ssh to logon on to the UML kernel using a generic name such
as user001, From there they can issue a second ssh command to the
internal network machines (ssh -l fred 192.168.0.140). We don't use the
same usernames or passwords on the UML system as the internal systems so
if someone does get UML account details, it won't help too much for
guessing usernames/passwords for the internal machines. We don't even list
the internal machines in the hosts file.
<p>
The firewall itself only allows connections from the UML machine to
internal machines on port 22 (set with ipchains) so if someone cracks the
UML machine they can not portscan the internal machines. The UML machine
does not contain a compiler, and many files/executables such as who, w,
ping, traceroute are read/write/execute for root only. We run tripwire
every night and email the report out, but we don't allow incoming email. If
fact, the host firewall only allows connections to the UML machine on
needed ports such as 22,80,21
<p>
The main purpose of the UML system is to provide a secure restricted
machine that offers limited external services and onward ssh connections
to our internal machines but does not allow any access to the network
devices themselves. (We don't allow loadable modules and we don't compile
hostfs)
<p>
Also being a 700mb file we can keep a compressed root file on cdrom and
use it to compare to the live one now and again and if need be restore
things using the host kernel.
<p>
All in all this is working very well for us at the moment. In fact, the
hardest part is organising all the ipchains rules on the host system so
that we limit what type of connections go where. For that we found
excellent help in the ipchains-howto, they used about 4 different
machines to provide firewall and external services while we saved on
hardware using one machine that worked as two. While other people can
probably pick some holes in this setup (I am not a pro ssyadmin) I haven't
seen any glaringly big holes - we have to allow the students access
somehow and having the external services on a system that does not have
direct access to hardware is a big bonus.
<p>
Many thanks for such a great tool
</blockquote>
<a name="An implementation of a teaching network with UML"/><table width="100%" bgcolor="#e0e0e0">
<tr>
<td>
<b>
<font color="black">An implementation of a teaching network with UML</font>
</b>
</td>
</tr>
</table>
<blockquote head="An implementation of a teaching network with UML">
<b>
Virtual Network Laboratory - Christchurch Polytechnic Institute of
Technology (CPIT), New Zealand: A detailed Case Study HowTo.
<p>
William McEwan (Scottish exile), School of Computing, CPIT, New
Zealand.
<br>
mcewanw at hermes dot chchpoly dot ac dot nz
<p>
8 September 2001
</b>
<p>
"A problem with teaching data communications in an educational
institution is that there is always an inherent danger of data comms
experiments interfering with the normal operation of the campus
network. Many institutions have traditionally simply avoided much in
the way of practical data comms laboratory work. With the growing
importance of internetworking in general this is obviously an
unsatisfactory situation. With campus network infrastractures already
in place and centralised administration of IT established, it often
proves difficult (and expensive) to implement new network laboratories
that are sufficiently flexible and sufficiently isolated from the
normal campus".
<br>
[The above is extracted from a paper presented by this author: McEwan,
W. (2001) "Using Academic Research Methodologies to Improve the
Quality of Teaching: A Case Study". In Proc. Fourteenth Annual
Conference of the NACCQ, Napier, New Zealand: 83-93]
<p>
Introduction
<br>
With the above problems in mind, I am in the process of creating a
virtual network laboratory, using uml virtual machines. This work, at
the School of Computing, CPIT, NZ, is one of the key components in our
implementation of a "data comms and operating systems" teaching and
research laboratory. The uml configuration currently in active use in
our data comms teaching is illustrated below
(<a href="text/cpit.txt">text version</a>):
<img height="506" width="642" src="cpitnet.png">
The virtual network laboratory is implemented on a 1 GHz Pentium III
system having 384 MBytes of RAM and a 20 GByte hard disk. The host
operating system is Redhat Linux 7.1 with a 512 MB swap partition. In
all, the virtual net consists of 20 virtual hosts sitting on 10
(sub)subnets connecting via one virtual router to our campus network
(and thence out to the Internet) as shown. The CPIT campus has been
assigned a class B address space which is subnetted into class C
address ranges (i.e. subnet mask=255.255.255.0). One of these /24
subnets has been allocated for this virtual lan server. On the
virtual network side of this lan the range is further /28 subnetted as
shown (i.e. netmask=255.255.255.240).
<p>
The current implementation uses the small debian uml root_fs. Using
debian package manager (dpkg) I have additionally installed telnetd so
that students can log in remotely. On the real host we have the
mindterm ssh client applet served by a running apache web server to
allow ssh login to that machine. We also have the free weirdx X
server applet served from the same machine. It is a great combination!
I shortly intend experimenting with X and ssh using the uml Linux
RH7.1 pristine root_fs in place of the small debian one.
<p>
One advantage of the above configuration, where one of the virtual
machines is used as a router, is that that machine can be configured
as a firewall effectively sandboxing the virtual network users into
the virtual lab (whilst allowing inward telnet or ssh traffic and
anything out as desired).
<p>
<a href="cpit.html">Details of building the
network...</a>
</blockquote>
<a name="Automated testing of FreeS/WAN with UML"/><table width="100%" bgcolor="#e0e0e0">
<tr>
<td>
<b>
<font color="black">Automated testing of FreeS/WAN with UML</font>
</b>
</td>
</tr>
</table>
<blockquote head="Automated testing of FreeS/WAN with UML">
For quite a while, the FreeS/WAN project has been using virtual
networks of UMLs to test their code. Michael Richardson gave a talk
at OLS 2002 on what they're doing and how they're doing it. The
slides are available at
<a href="http://www.sandelman.ca/SSW/freeswan/fsumltesting/">
http://www.sandelman.ca/SSW/freeswan/fsumltesting/
</a>.
</blockquote>
</td>
</tr>
</table>
<center>
<font size="-1">Hosted at </font>
<a href="http://sourceforge.net">
<img src="http://sourceforge.net/sflogo.php?group_id=429" width="88" height="31" border="0" alt="SourceForge Logo">
</a>
</center>
</body>
</html>
|