1. Welcome to the new MacRumors forums. See our announcement and read our FAQ

Running OSX Server in a true Sandbox

Discussion in 'Mac OS X Server, Xserve, and Networking' started by jgbr, Feb 8, 2010.

  1. macrumors 6502

    I want to run OSX Server virtualised but completely independant to the host system and in a true box.

    I am using a mac Pro, so can give it a dedicated CPU/RAM and Ethernet, any other recommendations : Ext HD?

    I can not/do not want data leakage between the two systems. If i simply want to discard and loose logs of it forever, i just delete the image as such
  2. macrumors member


  3. macrumors 6502

    Yes i am using VMWARE but i want to sand box it further then that.

    Dedicated Ethernet, obv allows IP, EXT HD is the only other idea? alongside CPU/RAM
  4. macrumors member


    But how have you set up VMware ? Are you using NAT or Host IP only networking ... That way it is already seperate from your LAN.

    You can put the virtual disk image on an external disk, no problem, but that doesn't "sandbox" it more because it is already a seperate file ...

    Sorry if I'm not understanding your question.
  5. macrumors 6502

    I just want to ensure that the two machines are seperate in hardware and software.

    Essenentally: Anyone looking in or tracing back to OSX server, will see OSX Server, not a Mac Pro/SL
  6. macrumors member


    I think basically it will show that it is only the OSX server ... One will not see the Mac Pro ... But, then again, if you have the mac address of the virtual NIC, you could look up the vendor, it will probably show it is a NIC from VMware ... Maybe if you change the mac address to something general this might help.

    You could also set up a ipsec tunnel to your server, or a constant vpn tunnel.

    But it is all useless if you put the OSX server on the same network as the Mac Pro though (same subnet).... Except for the vpn-tunnel.
  7. macrumors 6502

    Its all hidden behind a router anyway; so must traces just get the router address not the IP address.

    Do you think giving it an dedicated HD and IP address is wise too?

    SHould someone see past the router, it would still look like a seperate machine as the IP address would be different to the main Mac Pro SL address
  8. macrumors member


    No giving it a seperate HDD would not make any difference ... A different and/or fixed IP address is of course wise ... Definitely a different one then the address of your Mac pro (different subnet all together would be ideal ... But maybe that is not feasible?)

    If the virtual machine is in the same subnet as your Mac Pro, potential hackers would scan the network and see both machines as seperate ... But still would see both machines.
  9. macrumors 6502

    so how would i put the Server on a dedicated subnet? im using airport extremes
  10. macrumors P6


    that could be done thru VMware itself (software), or by using another router to create a new subnet hardware-wise.
  11. macrumors 6502

    a guide on how to do both would be idea

    software is easier then going and buying another router
  12. macrumors member


    The way I would do it ... (this depends if you are going to use the Mac Pro for anything else of course) ... is change the IP-address of the Mac Pro so it is on its own subnet ... For example ... Then only the virtual machine will be on the "production" network, this way the Mac pro is hidden and/but only accessible locally ...

    Another option is have 2 NICs in the Mac Pro and dedicate one for a seperate subnet, but you will then have to have a second router or make the Mac Pro act as a router ... A bit more challenging to set up :D

    {edit} .... Like DoFoT9 mentioned ... I'm second ;) ... There are software based router systems to be found ... Mostly Linux based, they also have a firewall most of the time, but you could leave that open and just route stuff ... Or use NAT.
  13. macrumors P6


    i am not truely familar with vmware, sorry but maybe somebody else can help. i use parallels to emulate my OSs (more stable im my experience), but it cannot run OSX server :(

    for software based, its all in the settings of the VM - ive confused myself now though, if you choose "shared networking" it creates a new subnet for the VM but its an extension of your actual computer. traceroutes would show the computer in the middle in this case.

    ill sleep on it!
  14. macrumors 6502

    guide to doing that in vmware fusion would be great
  15. macrumors 6502

    sounds like the best course of action is to just use the other NIC in the Mac Pro and Wing it. I am not too fussed it seeing the other machines on the network, just for it to think its a seperate machine.
  16. macrumors member


    I will see what I can deliver ... But it might take a while seeing I'm still at work :D
  17. macrumors P6


    using "bridged" mode using the other NIC would indeed make it appear as a separate machine. very easy to test for as im sure you know.

    ill fire up vmware tomorrow and see what i can do :) bed calls now.
  18. macrumors 6502


    The main objective is to make it look like a seperate machine, although most traffic traced would just come up as our public address not the internal one.

    I might give it a dedicated ip address far out from the other machines...to fool a looker even more.
  19. macrumors 6502

    its the tip of the iceburg as im assigning a dedicated mouse and keyboard via usb controller in vmware for it.lol
  20. macrumors P6


    you really do want it in true sandbox mode!!

    i just realised that parallels can run server versions of OSX - would you consider running parallels? i find it to be a much nicer and more stable experience.

    ok seriously, bed time! lol

Share This Page