Running OSX Server in a true Sandbox

jgbr · Feb 8, 2010

I want to run OSX Server virtualised but completely independant to the host system and in a true box.

I am using a mac Pro, so can give it a dedicated CPU/RAM and Ethernet, any other recommendations : Ext HD?

I can not/do not want data leakage between the two systems. If i simply want to discard and loose logs of it forever, i just delete the image as such

mcprobie · Feb 8, 2010

Maybe VMware Fusion is any help to you ?

jgbr · Feb 8, 2010

Yes i am using VMWARE but i want to sand box it further then that.

Dedicated Ethernet, obv allows IP, EXT HD is the only other idea? alongside CPU/RAM

mcprobie · Feb 8, 2010

jgbr said:
Yes i am using VMWARE but i want to sand box it further then that.

Dedicated Ethernet, obv allows IP, EXT HD is the only other idea? alongside CPU/RAM

But how have you set up VMware ? Are you using NAT or Host IP only networking ... That way it is already seperate from your LAN.

You can put the virtual disk image on an external disk, no problem, but that doesn't "sandbox" it more because it is already a seperate file ...

Sorry if I'm not understanding your question.

jgbr · Feb 8, 2010

I just want to ensure that the two machines are seperate in hardware and software.

Essenentally: Anyone looking in or tracing back to OSX server, will see OSX Server, not a Mac Pro/SL

mcprobie · Feb 8, 2010

jgbr said:
I just want to ensure that the two machines are seperate in hardware and software.

Essenentally: Anyone looking in or tracing back to OSX server, will see OSX Server, not a Mac Pro/SL

I think basically it will show that it is only the OSX server ... One will not see the Mac Pro ... But, then again, if you have the mac address of the virtual NIC, you could look up the vendor, it will probably show it is a NIC from VMware ... Maybe if you change the mac address to something general this might help.

You could also set up a ipsec tunnel to your server, or a constant vpn tunnel.

But it is all useless if you put the OSX server on the same network as the Mac Pro though (same subnet).... Except for the vpn-tunnel.

jgbr · Feb 8, 2010

Its all hidden behind a router anyway; so must traces just get the router address not the IP address.

Do you think giving it an dedicated HD and IP address is wise too?

SHould someone see past the router, it would still look like a seperate machine as the IP address would be different to the main Mac Pro SL address

mcprobie · Feb 8, 2010

No giving it a seperate HDD would not make any difference ... A different and/or fixed IP address is of course wise ... Definitely a different one then the address of your Mac pro (different subnet all together would be ideal ... But maybe that is not feasible?)

If the virtual machine is in the same subnet as your Mac Pro, potential hackers would scan the network and see both machines as seperate ... But still would see both machines.

jgbr · Feb 8, 2010

so how would i put the Server on a dedicated subnet? im using airport extremes

DoFoT9 · Feb 8, 2010

jgbr said:
so how would i put the Server on a dedicated subnet? im using airport extremes

that could be done thru VMware itself (software), or by using another router to create a new subnet hardware-wise.

jgbr · Feb 8, 2010

a guide on how to do both would be idea

software is easier then going and buying another router

mcprobie · Feb 8, 2010

jgbr said:
so how would i put the Server on a dedicated subnet? im using airport extremes

The way I would do it ... (this depends if you are going to use the Mac Pro for anything else of course) ... is change the IP-address of the Mac Pro so it is on its own subnet ... For example 10.10.10.1 ... Then only the virtual machine will be on the "production" network, this way the Mac pro is hidden and/but only accessible locally ...

Another option is have 2 NICs in the Mac Pro and dedicate one for a seperate subnet, but you will then have to have a second router or make the Mac Pro act as a router ... A bit more challenging to set up

{edit} .... Like DoFoT9 mentioned ... I'm second

... There are software based router systems to be found ... Mostly Linux based, they also have a firewall most of the time, but you could leave that open and just route stuff ... Or use NAT.

DoFoT9 · Feb 8, 2010

jgbr said:
a guide on how to do both would be idea

software is easier then going and buying another router

i am not truely familar with vmware, sorry but maybe somebody else can help. i use parallels to emulate my OSs (more stable im my experience), but it cannot run OSX server

for software based, its all in the settings of the VM - ive confused myself now though, if you choose "shared networking" it creates a new subnet for the VM but its an extension of your actual computer. traceroutes would show the computer in the middle in this case.

ill sleep on it!

jgbr · Feb 8, 2010

guide to doing that in vmware fusion would be great

jgbr · Feb 8, 2010

sounds like the best course of action is to just use the other NIC in the Mac Pro and Wing it. I am not too fussed it seeing the other machines on the network, just for it to think its a seperate machine.

mcprobie · Feb 8, 2010

jgbr said:
guide to doing that in vmware fusion would be great

I will see what I can deliver ... But it might take a while seeing I'm still at work

DoFoT9 · Feb 8, 2010

jgbr said:
sounds like the best course of action is to just use the other NIC in the Mac Pro and Wing it. I am not too fussed it seeing the other machines on the network, just for it to think its a seperate machine.

using "bridged" mode using the other NIC would indeed make it appear as a separate machine. very easy to test for as im sure you know.

ill fire up vmware tomorrow and see what i can do

bed calls now.

jgbr · Feb 8, 2010

Thankyou.

The main objective is to make it look like a seperate machine, although most traffic traced would just come up as our public address not the internal one.

I might give it a dedicated ip address far out from the other machines...to fool a looker even more.

jgbr · Feb 8, 2010

its the tip of the iceburg as im assigning a dedicated mouse and keyboard via usb controller in vmware for it.lol

DoFoT9 · Feb 8, 2010

jgbr said:
its the tip of the iceburg as im assigning a dedicated mouse and keyboard via usb controller in vmware for it.lol

you really do want it in true sandbox mode!!

i just realised that parallels can run server versions of OSX - would you consider running parallels? i find it to be a much nicer and more stable experience.

ok seriously, bed time! lol

Running OSX Server in a true Sandbox

macrumors 6502a

macrumors member

macrumors 6502a

macrumors member

macrumors 6502a

macrumors member

macrumors 6502a

macrumors member

macrumors 6502a

macrumors P6

macrumors 6502a

macrumors member

macrumors P6

macrumors 6502a

macrumors 6502a

macrumors member

macrumors P6

macrumors 6502a

macrumors 6502a

macrumors P6

Our Staff