Versions Compared

Version Old Version 11 New Version 12
Changes made by

Howard Gilbert

Howard Gilbert

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Setting up the virtual network for the Sandbox is the most complicated configuration option. There are several possibilities, each with advantages and disadvantages. Since a particular developer with specific requirements may have special needs, we should review the options that were not selected and why. You may have different objectives.

The "NAT" option allows the VM to have direct access to the Internet through the host operating system. It is the easiest to configure, but it really works best for one VM. If you work very hard with the port mappings you could get two VMs running this way, but they would be configured strangely and this cannot simulate a CAS cluster.

The "bridge" option allows each VM to appear on the real network as a real computer. It needs a real Yale IP address, which involves bureaucracy with Network Operations. While there are certain development scenarios where you might want a test machine to be public, in most cases this is simply an invitation for some hacker to attack the VM and you often do not lock down the Sandbox as tightly as you would a real server.

The "Host-only Adapter" creates a virtual LAN.

First, we need to understand some basic Internet network terms. A private network connects some computers or virtual machines to each other, but not to the Internet or the outside world. If you connect computers at home to each other with an Ethernet switch but do not connect a router or a connection to an ISP, then you have a private network. To connect this private network to the outside world you add a cable or DSL modem and a "router" box, but these home routers use a protocol called "NAT". Your home has only one network address assigned to it by the cable or phone company, and all your browsers and mail clients on all your computers have to share it. NAT converts outbound requests from client programs in your home to server programs outside your home so that they all appear to the outside world to be coming from the one IP address managed by the router box. The NAT router connects to the outside service on behalf of the internal client program and it forwards traffic back and forth between the private network and the Internet.

VirtualBox can configure a VM to have a simulated Eithernet adapter that is backed by a NAT service on the host computer. This is a direct connection between the VM on the one end and the host computer on the other end. More than one VM can have a virtual Ethernet adapter that uses the NAT service, but the VMs cannot talk to each other. For that matter, they do not really talk to programs on the host computer either. They simply pass through requests from clients on the VM to servers somewhere on the Yale network or the Internet. From the VMs point of view (if you display network configuration with Linux administration tools) it sees a network with the VM at one end and a NAT router at the other end and nothing else on the network. Of course, the NAT router is connected to the outside world of real computers, but that is outside the router.

VirtualBox can also configure a VM to have a LAN adapter that is "bridged" to the real network of the host computer. The host, after all, has a wired or wireless LAN that connects it to the Yale network and through Yale to the Internet. Every real computer on the Yale network has to be assigned an IP address by Network operations. With a "bridged" LAN adapter, the VM acts like a real computer that shares the real network connection of the host computer. The downside is that the Yale network treats it as a second machine, which means it has to be registered with Network Operations and it has to be assigned its own IP address. This is typically more bureaucracy than anyone needs, although it is a good solution if you are running a Server operating system in your VM and you want other computers to be able to connect to it and use its services. CAS is a server of sorts, but developers generally do not need and in fact do not want other machines to connect to the CAS they are developing.

The VirtualBox "Host-only Adapter" creates a virtual private LAN. First, VirtualBox creates a dummy LAN connector on the host computer. In Windows you get a system dialog asking if you want to install a new device. It looks just like a real LAN adapter, only there is no hardware. Then VMs that are configured to use "Host-Only adapters" each get their own simulated LAN adapter hardware. VirtualBox connects the host computer and the VMs to each other as if all these simulated LAN adapters were plugged into a simulated Ethernet switch. The VMs can talk to the host and to each other, but VirtualBox does not create a NAT function.

There is actually a virtual LAN adapter that appears to the host computer as an additional Ethernet adapter connected to a separate network. The VMs that are configured to use "Host-only Adapter" then get connected to this virtual network. The result is essentially the same as plugging a real LAN adapter into your development computer, then connecting it to a small desktop Ethernet switch and plugging in real computers that are running instances of the Sandbox operating system.

...