The machines you use to connect to the mock mainframe should be
inexpensive, easy to maintain and, from a security point of view,
expendable.
4.2. Linux Terminals
The Linux Terminal Server http://www.ltsp.org (LTSP)
lets you use old hardware to put together bare-bones computers without hard
disks that run as thin clients. These machines are cheap, quiet, quick to
set up, and once they are running, require just about zero maintenance
(unless, say, a fan breaks). The LTSP has taken all kinds of awards and is being used in situations far more demanding than a small mock mainframe for your home. For example, Orwell High School in England used LTSP machines and IBM Blade Servers for their complete system (see
http://www.cutterproject.co.uk/Casestudies/orwell_high_school_cutter_case_study.php ). If you are going to have terminals that are in use constantly, it is hard to see how this would not be the best solution.
Required hardware. More likely than not, somewhere in your cellar or
garage (or wherever you keep the stuff your partner lovingly calls "all
that crap"), you probably have a hopelessly outdated mainboard and
processor that you've been saving because you never know. Well, guess what.
If you are using a 100 Mbit ("Fast") Ethernet network, stay above a 486DX;
a Pentium II should be fine. See if you can scrape together about 32 MByte
of RAM. You'll need a floppy drive for the initial phase. You'll also need
a decent graphics card and a monitor — "decent" doesn't necessarily mean a
AGP graphics card with 128 MByte RAM, it means a clear, crisp picture.
The only thing you have to pay slightly more attention to is the network
card. Find one that has a socket to plug ROM chips in: a "bootable" network
card. You can get away with one that doesn't have the socket, but then you
have to keep booting from the floppy. We'll also need the unique number
(Media Access Control or MAC number) of the network card. On good cards,
it is included on a little sticker on the board and looks something like
this:
If you can't find it on the card, try booting the system with a Linux
rescue floppy or any other kernel. The number should be displayed during
boot when the card is detected.
Add a keyboard and a case and that's it. Notice we don't have a hard disk,
let alone a CD-ROM. With the right kind of fans for the power supply and
the processor, you have a very quiet machine.
How they work.
The LTSP home page has an in-depth technical discussion of what happens
when the system powers up. In brief, human terms:
When turned on, the Linux Terminal, like any other computer, looks around
to see what it has been given in way of hardware. It finds a network card
with a MAC and notices that it has a floppy with a boot disk (or a boot
ROM in the network card.) It starts the boot program. This in effect tells
the Linux Terminal:
Got your MAC? Good. Now scream for help as loud as you can.
|
The terminal's call goes through the whole (local) network. On the mock
mainframe, a program called dhcpd (Dynamic Host Configuration Protocol
Server Daemon) is listening. It compares the MAC the terminal sent to a
list of machines it has been told to take care of, and then sends the
terminal an answer that includes an IP address and a location where the
terminal can get a kernel. The terminal then configures itself with its
new name.
Using some more code from the boot program, the terminal starts a program
called tftp (Trivial File Transfer Protocol, a stripped-down version of
the venerable ftp. This downloads the kernel from the host machine. The
terminal then boots this kernel.
Like every other Linux system, the terminal needs a root filesystem.
Instead of getting it from a harddisk, it imports it from the mock
mainframe via NFS (Network File System). If the terminal has very
little memory, it can also mount a swap partition this way. The terminal
then starts X, connects to the mock mainframe via xdm, and throws up the
login screen.
This all happens amazingly fast. If you turn off all of the various BIOS
boot checks on the terminal and boot off of an EPROM in the network card
instead of a floppy, it happens even faster.
Running dhcpd, tftpd, and nfsd on the mock mainframe is a
security risk you might not be willing to take. In the chapter on Support
Machines, we'll show a way of getting around this.
Setting up the software. On the server (mock mainframe) side, you need to
install nfsd tftpd, and dhcpd, which your distribution should include
as standard packages.
Leave their configuration files untouched for now. The LTSP configuration
and installation programs will do most of the work for you. Some files you should be aware of:
- /etc/dhcpd.conf
Provide the IP address of the terminal, the hostname, the IP address
of the mock mainframe, the MAC of the terminal, and the default
gateway. Check to see if the kernel pathname is correct.
- /opt/ltsp/i386/etc/lts.conf
These options control the terminal itself.
- /etc/hosts
The names of the Linux Terminals and their IP addresses must be
listed here. Further down, while describing the network, we'll
introduce a systematic naming convention to make this easier.
- /etc/hosts.allow
Though not mentioned in the current LTSP documentation, you probably
will have to add the following lines to this file:
rpc.mountd : <terminal> : ALLOW
rpc.mountd : ALL : DENY
where "<terminal>" is the terminal's IP address. This tells the host
to allow the terminal to mount the NFS file system.
Creating a boot floppy for the Linux Terminal is usually trivial. Armed
with your type of Ethernet card, go to the website mentioned in the LTSP
documentation (currently Marty Connor's
ROM-O-Matic Website http://www.rom-o-matic.net/,
and follow the instructions for a boot
floppy. This should produce a file of a few dozen kilobytes that you can
then put on a floppy and boot from. Later, when you are sure that your
hardware configuration is not going to change and your setup works, replace
the floppy by an EPROM that you plug into your Ethernet card.
If you have a more modern motherboard on your Terminal machine, you might be able to get around all of this by selecting "PXE" (Pre-eXecution Environment), "MBA" (Management Boot Agent) or "Network" from the boot sequence (CMOS) menu.
Using the terminals. Just how many Linux Terminals can one mock mainframe
support? The LTSP documentation gives the following example:
It's not unusual to have 40 workstations [Linux Terminals], all running
Netscape and StarOffice from a Dual PIII-650 with 1GB of ram. We know
this works. In fact, the load-average is rarely above 1.0!
|
(This part of the documentation was written in March 2002, hence the
reference to Netscape, an ancestor of Mozilla FireFox. StarOffice is a
commercial variant of OpenOffice.org.)
Linux Terminals will probably require some user education. People who have
only ever used Windows tend to have trouble visualizing a system where the
graphics layer is not only independent from the rest of the operating
system, but can also be accessed from multiple screens. The best way to
explain this is with examples. One trick that people new to X just love is
when programs start on one terminal and then appear on a different one. To
enable this (but only in a safe environment!), sit
down at a terminal and type
where "<host>" is the name of the mock mainframe. Then, move to a different
terminal and start a program such as xeyes or xroach:
xeyes -display <terminal>:0 &
|
The eyes should appear on the first terminal's monitor, providing endless
amusement for all. When you are done explaining what happened, remember to
retract the privileges again on the first terminal with
You can also use this example to point out why it is dangerous to use the
xhost command.
Another question that usually comes up is the speed of Linux Terminals.
One nice way to demonstrate this is to run a series of screen savers from
the xlock suite. For example
xlock -inwindow -mode kumppa
|
or more generally
xlock -inwindow -mode random
|
Though the results will depend on your hardware, this usually takes care of
any doubts.
If you are using a desktop such as KDE that allows you to shut down the
computer when you log off, make sure that this function is disabled.
Otherwise, your users will shut down the mock mainframe when trying to get
out of the terminal. Tell them to just turn off the power once they have
logged out. Older users will feel a sense of nostalgia, and younger users
will stare at you as if you have gone mad. Such is progress.
4.5. X Server Programs
As a final way of connecting to the mock mainframe, there are "X server"
programs that run under different operating systems (remember, the X server
powers the terminal side of things). These let you log onto Linux machines
with an operating system that does not natively run X.
Most X servers for Windows cost money, in some cases a lot of money. The
single Cygwin http://cygwin.com/xfree/, which
ports X (and GNU tools) to Windows machines.
If you have an Apple computer with OS X, you are in better shape. For OS 10.3 "Panther", you need to install the X11 package from the installation disks. Then, with any text editor, create an executable bash shell script such as:
#!/bin/bash
/usr/X11R6/bin/X -terminate -query "<HOST>" :1
exit
|
Note the window number is :1, because :0 is used by Aqua. Do not use the X11 Server in
/Applications/Utilities/X11.app/Contents/MacOS/X11, as this doesn't understand the -query command: Apple doesn't seem to want people to run remote Aqua sessions. Then, tell the firewall what you are up to (you do have the firewall on, don't you): In SystemPreferences -> Sharing -> Firewall create an new entry "X
Window System" for Port 6001 (not: 6000). Then, move the shell script icon to wherever you want to keep it. To start an X session, click on the icon. An "EXEC"-icon called "X" will appear in the Dock. Click on this. Enjoy your connection. To get out again, press Command-Option-a. (Note: This has not been tested with Mac OS X 10.4 "Tiger")
You can also check the XDarwin http://www.xdarwin.com/ project. XDarwin is an Apple version of the X Window System that sits on the Darwin
operating system — a variant of BSD — that is the core of OS X.
(There is one GPL X Server written in Java you might try:
Weirdx http://www.jcraft.com/weirdx/,
though the author points out it is not made for heavy loads.)
In this chapter, we have examined terminals that will give you a GUI
(graphical user interface). If you are tough enough, you can also hook up
a text terminal to your mock mainframe and access the system via a CLI
(command line interface). This option is covered further down.