Versions Compared

Version Old Version 6 New Version 7
Changes made by

Howard Gilbert

Howard Gilbert

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • The Virtual Machines appear to be real computers connected to a real but private network. You can interact with them as if they were actual computers and use all the regular network protocols (file sharing, SSH, FTP, HTTP, ...).
  • The VMs have assigned IP addresses and hostnames. The Sandbox VM comes with an /etc/hosts file that maps the names to IP addresses ("vm-ssoboxapp-01.web.yale.internal" is mapped to 192.168.137.1 for example). You should change your host computer "hosts" file (C:\Windows\system32\drivers\etc\hosts for example) to have the same mapping for the same names). CAS cluster configuration then works, and you can use http://vm-ssoboxapp-01.web.yale.internal/cas from a browser on the host computer to test access to the VM CAS, provided that JBoss is started with the parameter that binds it to "0.0.0.0" so it accepts requests from other machines (by default JBoss binds to the loopback address 127.0.0.1 and will only respond to local browser requests from on the same VM).
  • The VMs now have names and network configurations as close as possible to the DEV, TEST, and PROD clusters in the machine room.
  • However, the two VMs are invisible to anyone who is not on the host computer. No other machine can logon to them, or access their Web pages, or hack them.
  • Because the host computer is serving as a NAT router, the VMs can access the Yale network and Internet as clients. They can access the SVN server to commit changes or update source. They can download software updates from vendor sitesthe Red Hat site.
  • Because the virtual Host-Only network is invisible outside the host computer, two developers can be using the same Sandbox configuration on two laptops on the same Yale subnet and they do not interfere with each other. The 192.168.137.* addresses have no meaning on the Yale network.
  • If you happen to take the laptop home and use this configuration, there is no problem if the LAN address of the real Ethernet adapter is the 192.168.1.* range traditionally used by Linksys routers. The 137 subnet is distinct from the 1 subnet. However, if you use ICS at home instead of a separate router box and your home network is already 192.168.137.* then you better configure the VirtualBox Host-Only adapter to use a different subnet number than 137.
  • CAS requires AD to authenticate netids and passwords. Technically, it requires a configured LDAP server. You could create a dummy LDAP server on your host computer. Windows provides AD LDS, but you can use any LDAP server for this purpose. If you want to use the real AD and you need to do so from outside the Yale network, then you need to use a VPN to get access to any real Yale AD. In this case, you install ICS to share the VPN "LAN adapter" instead of the physical LAN adapter. This is sufficiently complicated that it is not recommended (Cisco Anyconnect is just not that reliable).

...