Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > Apple Systems and Services > OS X > Mac OS X Server, Xserve, and Networking

Reply
 
Thread Tools Search this Thread Display Modes
Old Feb 8, 2010, 04:42 AM   #1
jgbr
macrumors 6502
 
Join Date: Sep 2007
Running OSX Server in a true Sandbox

I want to run OSX Server virtualised but completely independant to the host system and in a true box.

I am using a mac Pro, so can give it a dedicated CPU/RAM and Ethernet, any other recommendations : Ext HD?

I can not/do not want data leakage between the two systems. If i simply want to discard and loose logs of it forever, i just delete the image as such
jgbr is offline   0 Reply With Quote
Old Feb 8, 2010, 05:12 AM   #2
mcprobie
macrumors member
 
Join Date: Nov 2009
Location: Paradise Corrupt
Maybe VMware Fusion is any help to you ?
__________________
"Started thinking about what you said; about me obsessing; started obsessing about obsessing."
mcprobie is offline   0 Reply With Quote
Old Feb 8, 2010, 05:13 AM   #3
jgbr
Thread Starter
macrumors 6502
 
Join Date: Sep 2007
Yes i am using VMWARE but i want to sand box it further then that.

Dedicated Ethernet, obv allows IP, EXT HD is the only other idea? alongside CPU/RAM
jgbr is offline   0 Reply With Quote
Old Feb 8, 2010, 05:43 AM   #4
mcprobie
macrumors member
 
Join Date: Nov 2009
Location: Paradise Corrupt
Quote:
Originally Posted by jgbr View Post
Yes i am using VMWARE but i want to sand box it further then that.

Dedicated Ethernet, obv allows IP, EXT HD is the only other idea? alongside CPU/RAM
But how have you set up VMware ? Are you using NAT or Host IP only networking ... That way it is already seperate from your LAN.

You can put the virtual disk image on an external disk, no problem, but that doesn't "sandbox" it more because it is already a seperate file ...

Sorry if I'm not understanding your question.
__________________
"Started thinking about what you said; about me obsessing; started obsessing about obsessing."
mcprobie is offline   0 Reply With Quote
Old Feb 8, 2010, 05:59 AM   #5
jgbr
Thread Starter
macrumors 6502
 
Join Date: Sep 2007
I just want to ensure that the two machines are seperate in hardware and software.

Essenentally: Anyone looking in or tracing back to OSX server, will see OSX Server, not a Mac Pro/SL
jgbr is offline   0 Reply With Quote
Old Feb 8, 2010, 06:13 AM   #6
mcprobie
macrumors member
 
Join Date: Nov 2009
Location: Paradise Corrupt
Quote:
Originally Posted by jgbr View Post
I just want to ensure that the two machines are seperate in hardware and software.

Essenentally: Anyone looking in or tracing back to OSX server, will see OSX Server, not a Mac Pro/SL
I think basically it will show that it is only the OSX server ... One will not see the Mac Pro ... But, then again, if you have the mac address of the virtual NIC, you could look up the vendor, it will probably show it is a NIC from VMware ... Maybe if you change the mac address to something general this might help.

You could also set up a ipsec tunnel to your server, or a constant vpn tunnel.

But it is all useless if you put the OSX server on the same network as the Mac Pro though (same subnet).... Except for the vpn-tunnel.
__________________
"Started thinking about what you said; about me obsessing; started obsessing about obsessing."
mcprobie is offline   0 Reply With Quote
Old Feb 8, 2010, 06:17 AM   #7
jgbr
Thread Starter
macrumors 6502
 
Join Date: Sep 2007
Its all hidden behind a router anyway; so must traces just get the router address not the IP address.

Do you think giving it an dedicated HD and IP address is wise too?

SHould someone see past the router, it would still look like a seperate machine as the IP address would be different to the main Mac Pro SL address
jgbr is offline   0 Reply With Quote
Old Feb 8, 2010, 06:27 AM   #8
mcprobie
macrumors member
 
Join Date: Nov 2009
Location: Paradise Corrupt
No giving it a seperate HDD would not make any difference ... A different and/or fixed IP address is of course wise ... Definitely a different one then the address of your Mac pro (different subnet all together would be ideal ... But maybe that is not feasible?)

If the virtual machine is in the same subnet as your Mac Pro, potential hackers would scan the network and see both machines as seperate ... But still would see both machines.
__________________
"Started thinking about what you said; about me obsessing; started obsessing about obsessing."
mcprobie is offline   0 Reply With Quote
Old Feb 8, 2010, 06:31 AM   #9
jgbr
Thread Starter
macrumors 6502
 
Join Date: Sep 2007
so how would i put the Server on a dedicated subnet? im using airport extremes
jgbr is offline   0 Reply With Quote
Old Feb 8, 2010, 06:35 AM   #10
DoFoT9
macrumors P6
 
DoFoT9's Avatar
 
Join Date: Jun 2007
Location: CWB, Hong Kong
Send a message via AIM to DoFoT9 Send a message via MSN to DoFoT9 Send a message via Skype™ to DoFoT9
Quote:
Originally Posted by jgbr View Post
so how would i put the Server on a dedicated subnet? im using airport extremes
that could be done thru VMware itself (software), or by using another router to create a new subnet hardware-wise.
__________________
Official MacRumors IRC @ irc.krono.net #macrumors (Or http://kewlirc.net:9090/)
2012 2.5GHz Mac Mini Dual - 16GB RAM
Win8 PC - i5-3570k - 16GB RAM - SSD
DoFoT9 is offline   0 Reply With Quote
Old Feb 8, 2010, 06:36 AM   #11
jgbr
Thread Starter
macrumors 6502
 
Join Date: Sep 2007
a guide on how to do both would be idea

software is easier then going and buying another router
jgbr is offline   0 Reply With Quote
Old Feb 8, 2010, 06:39 AM   #12
mcprobie
macrumors member
 
Join Date: Nov 2009
Location: Paradise Corrupt
Quote:
Originally Posted by jgbr View Post
so how would i put the Server on a dedicated subnet? im using airport extremes
The way I would do it ... (this depends if you are going to use the Mac Pro for anything else of course) ... is change the IP-address of the Mac Pro so it is on its own subnet ... For example 10.10.10.1 ... Then only the virtual machine will be on the "production" network, this way the Mac pro is hidden and/but only accessible locally ...

Another option is have 2 NICs in the Mac Pro and dedicate one for a seperate subnet, but you will then have to have a second router or make the Mac Pro act as a router ... A bit more challenging to set up

{edit} .... Like DoFoT9 mentioned ... I'm second ... There are software based router systems to be found ... Mostly Linux based, they also have a firewall most of the time, but you could leave that open and just route stuff ... Or use NAT.
__________________
"Started thinking about what you said; about me obsessing; started obsessing about obsessing."
mcprobie is offline   0 Reply With Quote
Old Feb 8, 2010, 06:40 AM   #13
DoFoT9
macrumors P6
 
DoFoT9's Avatar
 
Join Date: Jun 2007
Location: CWB, Hong Kong
Send a message via AIM to DoFoT9 Send a message via MSN to DoFoT9 Send a message via Skype™ to DoFoT9
Quote:
Originally Posted by jgbr View Post
a guide on how to do both would be idea

software is easier then going and buying another router
i am not truely familar with vmware, sorry but maybe somebody else can help. i use parallels to emulate my OSs (more stable im my experience), but it cannot run OSX server

for software based, its all in the settings of the VM - ive confused myself now though, if you choose "shared networking" it creates a new subnet for the VM but its an extension of your actual computer. traceroutes would show the computer in the middle in this case.

ill sleep on it!
__________________
Official MacRumors IRC @ irc.krono.net #macrumors (Or http://kewlirc.net:9090/)
2012 2.5GHz Mac Mini Dual - 16GB RAM
Win8 PC - i5-3570k - 16GB RAM - SSD
DoFoT9 is offline   0 Reply With Quote
Old Feb 8, 2010, 06:40 AM   #14
jgbr
Thread Starter
macrumors 6502
 
Join Date: Sep 2007
guide to doing that in vmware fusion would be great
jgbr is offline   0 Reply With Quote
Old Feb 8, 2010, 06:43 AM   #15
jgbr
Thread Starter
macrumors 6502
 
Join Date: Sep 2007
sounds like the best course of action is to just use the other NIC in the Mac Pro and Wing it. I am not too fussed it seeing the other machines on the network, just for it to think its a seperate machine.
jgbr is offline   0 Reply With Quote
Old Feb 8, 2010, 06:45 AM   #16
mcprobie
macrumors member
 
Join Date: Nov 2009
Location: Paradise Corrupt
Quote:
Originally Posted by jgbr View Post
guide to doing that in vmware fusion would be great
I will see what I can deliver ... But it might take a while seeing I'm still at work
__________________
"Started thinking about what you said; about me obsessing; started obsessing about obsessing."
mcprobie is offline   0 Reply With Quote
Old Feb 8, 2010, 06:45 AM   #17
DoFoT9
macrumors P6
 
DoFoT9's Avatar
 
Join Date: Jun 2007
Location: CWB, Hong Kong
Send a message via AIM to DoFoT9 Send a message via MSN to DoFoT9 Send a message via Skype™ to DoFoT9
Quote:
Originally Posted by jgbr View Post
sounds like the best course of action is to just use the other NIC in the Mac Pro and Wing it. I am not too fussed it seeing the other machines on the network, just for it to think its a seperate machine.
using "bridged" mode using the other NIC would indeed make it appear as a separate machine. very easy to test for as im sure you know.

ill fire up vmware tomorrow and see what i can do bed calls now.
__________________
Official MacRumors IRC @ irc.krono.net #macrumors (Or http://kewlirc.net:9090/)
2012 2.5GHz Mac Mini Dual - 16GB RAM
Win8 PC - i5-3570k - 16GB RAM - SSD
DoFoT9 is offline   0 Reply With Quote
Old Feb 8, 2010, 06:48 AM   #18
jgbr
Thread Starter
macrumors 6502
 
Join Date: Sep 2007
Thankyou.

The main objective is to make it look like a seperate machine, although most traffic traced would just come up as our public address not the internal one.

I might give it a dedicated ip address far out from the other machines...to fool a looker even more.
jgbr is offline   0 Reply With Quote
Old Feb 8, 2010, 06:51 AM   #19
jgbr
Thread Starter
macrumors 6502
 
Join Date: Sep 2007
its the tip of the iceburg as im assigning a dedicated mouse and keyboard via usb controller in vmware for it.lol
jgbr is offline   0 Reply With Quote
Old Feb 8, 2010, 06:52 AM   #20
DoFoT9
macrumors P6
 
DoFoT9's Avatar
 
Join Date: Jun 2007
Location: CWB, Hong Kong
Send a message via AIM to DoFoT9 Send a message via MSN to DoFoT9 Send a message via Skype™ to DoFoT9
Quote:
Originally Posted by jgbr View Post
its the tip of the iceburg as im assigning a dedicated mouse and keyboard via usb controller in vmware for it.lol
you really do want it in true sandbox mode!!

i just realised that parallels can run server versions of OSX - would you consider running parallels? i find it to be a much nicer and more stable experience.

ok seriously, bed time! lol
__________________
Official MacRumors IRC @ irc.krono.net #macrumors (Or http://kewlirc.net:9090/)
2012 2.5GHz Mac Mini Dual - 16GB RAM
Win8 PC - i5-3570k - 16GB RAM - SSD
DoFoT9 is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Systems and Services > OS X > Mac OS X Server, Xserve, and Networking

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
thread Thread Starter Forum Replies Last Post
Running OSX Server behind NAT (no control over NAT) porterusaf Mac OS X Server, Xserve, and Networking 1 Mar 30, 2010 02:56 PM
Running OSX Server in a virtual machine Silas1066 OS X 5 Nov 26, 2009 10:27 AM
Benefits of running Osx server over standard? dmbfan41 Mac OS X Server, Xserve, and Networking 4 May 1, 2009 03:15 PM
OSX Server in a church/ministry environment? corbywan Mac OS X Server, Xserve, and Networking 1 Feb 4, 2008 08:41 PM
Do you run Mac OSX Server in a mixed network? finchna Mac Help/Tips 2 Apr 16, 2003 08:24 PM


All times are GMT -5. The time now is 11:27 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC