kaapro.com - germany

Lets have a bit different blog entry today. The day started with full-on nerd stuff on gamescomm fair in cologne. 4 Huge halls presenting the latest and the greatest new games to come. Some really nice ones but way too many people to enjoy all that the fair could offer.
Once I got back to home I decided to explore a topic that had bugged be for a while: Can I connect my Mac via iSCSI to one of my Linux servers and how secure that connection would be.
The basic concept is that you need to have a target (aka server) and an initiator (client) for the connection. To get started with the setup I needed to explore the server part for starters. I had a Fedore Core 12 server at use so the target part was quite easy to build. I added RPMFusion to my repositories and installed iSCSItargets and kmod-iscsitargets to my system. I had some problems since my kernel version didn't match the availale packages so I ended up getting the packages from the project page and compiling them by hand. After getting the basics in place I created a small disk image for the setup using "dd if=/dev/zero of=/storage/lun1.img bs=1024k count=20000" and since I have an OS X initializing that for hfs+ using "mkfs.hfsplus -v test /storage/lun1.img ". Next step was to edit /etc/ietd.conf to get the LUN available via iSCSI. Important part was to create a Target setting with both IncomingUser and OutgoingUser in place so that the server and the client would need to authenticate agains each other. After this I only deeded to start the service "/etc/init.d/iscsi-target start" and I was ready from the server side
The Client side was a bit more tricky. Disk Utility does not have selection to manage iSCSI disks for some reason so I needed 3rd party software. GlobalSAN was a nice tool to do the job. Download, install and reboot and I was on my way. Go to System Preferences, GlobalSAN iSCSI and add portal with the address of your target server. In few moments I had a list of available targets. Selected the one I wanted to connect and went to Authentication settings to set the User and Target credentials. The drive appeared as mounted iSCSI device on my desktop.
The next problem was to secure the connection. Normally your iSCSI connections are on dedicated production network in your controlled datacenter but my setup was over the internet and as iSCSI does not have any transport encryption (that I know) available I needed to list my options. 1) have ipsec tunnel for the connection to encrypt the traffic 2) create an encrypted partition. Since I work usually via various vpn connections the ipsec was going to cause some problems, hence I chose to create an encrypted volume using TrueCrypt. I created the volume and mounted that as HFS+ to my mac. Traffic was now encrypted, the connection needed authentication and I even installed tripwire on the server to see local modifications on the test file so in the end I think I'm in quite good condition with the connection.
Problems that I will for sure have is on extending the volume and securing it from server failures. But as an experiment providing me deeper understanding of the technology I think I reached my goal!

Life is getting back to normal mode. Summer is over, work has started and so is planning for future. The last few weeks of July was dedicated to relaxing. I started my vacation by heading to Finland for a few days. First to Turku for Turku Modern festival and cruising in the Turku Archipelago in a party boat. The scenery there is beautiful and the people on the boat fully charged in dancing.
After Turku it was time for my brothers kids christening. It was actually the first time I meet the new born and he really was an angel. No crying, no nothing, just peaceful little kid. The day was just perfect! Sun was shining and the closest family gathered in my parents garden. The kid got a very good name: Miro Daniel!
Time in Helsinki continued for few more days. Sun was shining and we took couple of bike tours around the city. I had a chance to see quite a few of my friends and enjoy the Finnish summer. That didn't continue so long since we headed to Spain for a week.
Andalusia tour started in Malaga. After an extremely long flight (due to some strike in France) we got to our hotel and headed out to see what kind of place Malaga was. It was a nice small place that offered a good starting point for our tour. Some walking around the city center and some tapas and sangria to get us on the holiday mood works pretty well. Our full tour consisted of Malaga, Marbella, Gibraltar, Tarifa, Los Canos de Meca and Sevilla. Hopping from one city to another almost every day by car. Los Canos de Meca was the only place we staid for longer and it was worth it. Other places were a bit touristic but still nice. Good food and lots of sunshine with the best company ever got my mind of all daily things.
We started heading back from Spain on Wednesday and stopped over in Berlin for the rest of the week. Partying a bit, spending time with our friends and having late breakfasts. I think the best bit on this trip was the Spreepark in Treptower park. An old entertainment park that was abandoned some 10 years ago but never cleaned. Old rides were still there although on a restricted area so we had to be a bit careful not to get caught - exiting isn't it? :)
Returning from a perfect holiday with my lovely girlfriend to the daily business in Düsseldorf has been a bit rough. I'm still trying to find the motivation to do my work and I'm wondering why I'm not living under the same roof with Maija. Time with her is always so good. Perhaps the only way to get trough the autumn is to start planning my next steps.