Confidentiality, Integrity and High Availability with Open Source IT green

Confiden tialit y , In tegrit y and High Av ailability with Op en Source IT green Luciana Guimaraes This paper presents elements that f or m the structure of a net work of data using secure stable and mature tec hnologies that meet the requiremen t of having code free. The principle wou ld b e conflicting co de open T uesda y where he wa nts to keep maximum con trol o ver the data but is already evidence that open source does not hide the famous bac kdoor possible in closed systems code. Basearemos t his work experience gained in a real environmen t and using paravirtualization to sho w a situation mor e critical and now real in most companies, the vir tualization of servers. Categories and Sub ject Descriptors: k.6.3 [ Managemen t of Computing and Inform ation Systems ]: Softw are Management — softwar e sele ction ; J.7 [ Computers i n Other Sustems ]: Command and con trol; I.6.4 [ Computing Methodo logy ]: Mo del V alidation and Analysis; I.6.1 [ Simulation Theory ]: Types of simulation; D.4.6 [ Security a nd Protecti on ]: Cryptographic con trols; D.4.8 [ Performance ]: M easuremen ts, Op erational analysis, Simulation, Monitors General T erms: DRBD,XEN,HEA R TBEA T,OPENSOURCE Additional Key W ords and Phrases: Securit y , a v ailabili t y , cryptografia, database. 1. INTRODUCTION By working in a company whic h provides ser vice to the netw or k of municipalities m y company is s ub ject to a ny kind o f attack, either via the Internet, so cial attacks, as in our own Intranet and Extranet by p olitical enemies of o ur customers. Seeing this picture b egan to plan a wa y to keep information se c ur e as planned and lo cated most critica l p oint s in the s tructure, was nece s sary to create a map of where each risk manager should define o n a scale of zero to ten, on’vel criticality that the loss would hav e a certain app eal, b eing listed as resource s to Phone onia, the netw ork of data, the computers and printers do cuments in to folder s at’e fax equipment. In this article we p oin t o ut s olutions to all these p oints without it b eing necess a ry sp en t on pur c hase o f softw are and mor e imp ortan t with the use of technologies already established as s table in their sp ecialties. 2. METHODOLOGY 2.1 PLA TFORM OF T ESTS W e’ll la bora tory tests with the following equipmen t; Authors’ addresses: Luciana Guimares, Do cen ts, U niv ersity of Managerial Sciences UNA, Brazil - Minas Gerais-Belo hori zonte, 30570-310 Pe rm i ssion to mak e digital/hard cop y of all or par t of this material without fee f or p ersonal or classro om use provided that the copies are not made or distributed for profit or commercial adv antage , the A CM cop yright/serv er notice, the title of the publication, and its dat e app ear, and notice is given that copying is b y per m ission of the ACM, Inc. T o copy otherwise, to r epu bli sh, to p ost on servers, or to redistr i bute to l ists r equ ir es prior specific permi ssion and/or a fee. c  2008 ACM 1529-3785/2008/ 0700-0001 $5.00 ACM T ransactions on Computational Logic, V ol. 1, No. 1, May 2008, Page s 1–0 ?? . 2 · 2 units with the following c haracter istics, Cpu dual core 1.6GHz, 1GB RAM, 80 GB HD. The y will b e our pr imary and seconda ry servers. 2 units with the following characteris tics, 1.6 GHz Pentium CPU, 500 MB RAM, 40 GB HD. These units faram role of o ur esta is the work b eing with a Windows op erating system and another with Linux Debian. 1 Switc h 8/1 00 Mb/ s 2.2 THE ARCHITECTURE OF TH E PLA TF ORM OF TEST S 2.3 POSTGRESQL PostgreSQL is a powerful, relationa l databas e system open s ource. It has mo re than 15 years o f activity and developmen t of this architecture has a strong r eputation for reliability , data integrit y and a c curacy . It runs on a ll ma jor op erating systems, including Linux, UNIX (AIX, BSD, HP-UX, SGI IRIX, Mac O S X, Solaris, T ru64 ), and Windows. is fully compatible ACID has the full suppor t o f foreign keys, joins, views, trigg ers and stor ed pro cedures (in g o rivers la nguages). It includes mo re t yp es of data SQL92 and SQ L99, including INTEGER, NUMERIC, BOO LEAN, CHAR, V AR CHAR, DA TE, INTER V AL, and TIME ST AMP . It a lso supp orts stor - age of binary larg e ob jects, including ima ges, sounds or video. It supp orts native progra mming int er fa ces for C / C + +, Jav a,. Net, Perl, Python, Ruby , Tcl, O DBC, among others, and exceptional do cumentation. Wh y do es not the Postgresql and Mysql? Optei for using Postgresql b ecause it totally free and no matter the plat- form to be used. He has control of transactions is more mature and more stable and e a sier to restor e in c ase of panes in hardware. 2.4 SAMBA Samba is a service, us ed in UNIX-type op erating systems, whic h simulates a Win- dows ser v er, enabling management to b e done and file shar ing in a Micr o soft net- work. In version 3, Samba are not files and provides printing s ervices to v ario us clients Windows, but can also integrate itse lf with Windows Server Domain, b oth as a Primar y Domain Controller (PDC) or as a Domain Member . It may also be part of an Active Directory Domain. F r om r ecognized sta bility in the pro cess of linking different platforms. In will have an environment with Windows a nd Lin ux machines working only with a source of files / data. 2.5 NFS NFS - File System Netw or k (Netw ork File System). Proto col used to access the file systems on a netw ork. It is p ossible to moun t file systems of other ma c hines through this proto col. The NFS is faster and more stable than the SAMBA but do es not allow the interconnection be t ween Windows and Linux witho ut the need for the purchase o f a so ftw ar e clien t / s erv er to the side windos ther efore only b e used to in terco nnec t machines with Linux. 2.6 OPENSSH Op enSSH is a free version of the to ols of connectivity SSH uses techniques that users of the Internet can trus t. Op enSSH encrypting all tr affic (including pass- words) to effectively eliminate the eavesdropping, connection o f kidnappings and AC M T ransactions on Computational Logic, V ol. 1, No. 1, M a y 2008. · 3 other attac ks. Moreov er , pr o vides OpenSSH tunneling and v ario us metho ds of authentication, and suppo r ts all versions of SSH proto col. In cas e of connection betw een equipment and will need to prompt or graphica l environment we using SSH, SCP for the tr ansfer of data ov er the netw or k is encr y pted. 2.7 HEARTBEA T The pro ject Lin ux-HA (High-Av ailability Lin ux) fo cuses on res e arc h and implemen- tation of solutio ns for high av ailability (clustering) for Linux. The ma in comp onent of this pro ject in development is the hea r tbeat that works a s manag e r of the cluster and its r esources. As the na me indicates, sig nalling the presence (or abs ence) of contact w ith the no des of the cluster is made by sending heartb eats of small pack- ages address e d to all no des in the clus ter, whose confirmation of receipt b y each no de indicates the state that no de. This pro duct enters the mo del as a gua r dian of servers tracking any ser vice that is necessary . In our ar ticle we are monitoring the services of the database, ss h, ssl, http, https. 2.8 DRBD DRDB is a device desig ned to build blo cks of clusters o f high av ailability . This is done by mirroring a whole blo c k of the device via the netw ork. It will b e r esponsible for the replication of ea ch bit stor ed in the server’s main winchester 2.9 AP ACHE2 The Apa c he HTTP Pr o ject is a colla bora tiv e effort to develop softw are that aims to create the implementation of an HTTP server (W eb) a nd solid op en source. The pro ject is managed jointly by a gr oup of v olunteers lo cated a round the w or ld, using the Internet and the W eb to communicate, plan and de velop the server and its doc - umen tatio n. This pro ject is part of the Apache Softw are F oundation. In addition, hu ndre ds of users cont r ibute idea s, co de and do cumen tation for the pro ject. As more robust the security p oint of view we are using this version. 2.10 PHP5 PHP (a r ecursive acr o n ym for ”PHP : Hype rtext P r eproc e ssor) is a prog ramming language for computers in terpr eted, free and widely used to genera te dynamic con- ten t on the web. Despite being a lang uage of lear ning a nd easy to use for small dynamic simple scripts, PHP is a p o werful oriented langua ge the ob jects. Des pite being new we are using this to ol a s the PHP4 is not the ob ject o rien ted and is no longer b eing held and that is co mplica ting facto r b ecause we need to b e not only to this but with all pack ages a lw ays up dated with reg ard to the question less security . 2.11 SNORT Snort is a free softw are to prevent in v asions of the Netw ork (NIP S) and intrusion detection net work (NIDS) capable of carr ying o ut analysis of tr affic in real time ov er IP netw orks. Snor t runs of pro to col analys is, co n tent searching, a nd is com- monly used to a ctiv ely or passively blo c k a v ariety of attacks and crawls, such as buffer ov erflows, stealth p ort scans, attacks o n aplica e web, tracking the SMB, and attempts to simulation of SO , Among other characteristics. The softw ar e is used AC M T ransactions on Computational Logic, V ol. 1, No. 1, M a y 2008. 4 · mainly for preven tion of int r us ion, Snort ca n b e combined with other softw are, a s SnortSnarf, sguil, O SSIM, and the Ba s ic Analysis and Security Engine (BASE) to provide a visual repre sen tation of intrusion. With patches for the Snort it of- fers supp ort for packet strea m and vir us sc anning as ClamA V and with the SP ADE abnormalities in the netw ork can be fo und in lay ers 3 and 4 thro ugh analize histor y . 2.12 IPT ABLE It will b e r esponsible for the blo c king of service s , machin es and pack ages that ar e not allow ed to trav el on the net work. 2.13 XEN The Xen hyperviso r that provides a p ow erful, efficient and safe for use virtualization for x 8 6 CPUs, x8 6 64, IA64, Pow erP C and other architectures, ha s b e en used to virtualize a wide range of clients and op erating s y stems, including Windows, Linux, Solaris and several versions of the BSD o perating systems . It is widely r egarded as an attractive alter na tiv e to pr oprietary platforms a nd vir tualization hyperv isors for x86 platforms and IA64 . 2.14 EXT3 The ext3 (which means ”third extended file system”) is par t o f the new g eneration of mana gemen t systems, the Linux file. Its biggest adv antage is the supp ort o f journaling, which is to store infor mation on the transa ctions o f wr iting, allowing a rapid and reliable recovery in ca se o f sudden interruption (for e x ample, for lack of electricity). Use of this file system improv es the recovery of the file system in cas e of a n y sudden shutd own o f the computer, throug h sequential recording of data in the area o f metadata and access mhash of its dir ectory tree 3. RESUL TS OF TEST S 3.1 STRA TEGY OF TEST S W e set up the eq uipmen t as shown in the following sec tio ns and after that start the testing pro cess and cominucao using micr o -specific b enchmarks for this pur pose. W e c hos e a databa se and an application Postgresql testar mos PHP for the fall issue of reactiv ation of the equipment and chec king time to retur n to normal op erations, the ra te of tra ns fer to upgrade the base re plic a ted, time of activ ation o f mirr or machine. Below enumeramos the metho dologies used for testing of tolerance is divided into t wo parts a nd using dis k s o r sys tem failure in L VM, one of the machines failed the ph ysic a l hardware and one of the ser v ers: Part 1 - PHP pro cessing. Part 2 - Pro cessing of the bank Postgresql. failed Server 1 Server 1 is running the v ir tual machines vm1 and vm2 Server 2 is the virtual mac hines running vm3 and vm4 Server 1 is off or has defects in op eration Heartb eat in Server 2 detects failure of the Server 1 Heartb eat b oo ts virtua l machines vm1 and v m2 in Server 2 Server 1 is restored AC M T ransactions on Computational Logic, V ol. 1, No. 1, M a y 2008. · 5 Heartb eat in Server 1 if communicates with a Heartb eat Ser v er 2 Heartb eat in Server 2 par alyzes the virtual ma c hines vm1 a nd vm2 Heartb eat in 1 Server vir tual machines vm1 b o ots and vm2 service returns to normal failed Server 2 Server 2 has v m1 virtual machines and vm2 Server 1 has s ubsubitem Ser v er virtual ma c hines vm3 a nd vm4 Server 2 is switched off or has defects in op eration Heartb eat in Server 1 detects failure of Server 2 Heartb eat b oo ts virtua l machines vm3 and v m4 in Server 1 Server 2 is restored Heartb eat in Server 2 would communicate with Hear tbeat in Server 1 Heartb eat in Server 1 par alyzes the virtual ma c hines vm3 a nd vm4 Heartb eat Server 2 b o ots in virtual machines vm3 and vm4 service returns to normal These tests were failures of toler ance will b e made as follows: Simulation of the failure of the server by stopping the service of hea r tbeat Sim ulating the failur e of the server 1, enter the following comma nd in the server 1: /etc/init.d/hea rtbeat stop Stop the server through its forc e d shutdo wn (pulling p o wer cor d from the) Stop the server through its dis engagement correct. (command ’shutdo wn’) 3.2 MOUNTING CONFIGURA TION AND THE ENVIRONMEN T Instal lation of the Linux op er ating system Debian Etch. On devices defined as servers. W e will b e using this distribution by the stable version av aila ble on the date of creation of this article. In this installation use pa rtitioning EXT3 for installatio n of data, and the division of HD in o ur a r ea o f 2 .7 GB to SW AP and the r e st of the unit for da ta. Instalation N FS. sudo aptitude install nfs-co mmo n nfs-server-kernel p ortmap Once installed the pa ck a g es edit /etc/exp orts and add the director ies to b e ac- cessed remotely , s e e the example b elo w: /u/usr 10.0.2.6 (rw, s ync) Above ar e sharing the directory /u/ usr only to the machine 1 0.0.2.6 allowing this writing and reading a nd forcing syncro nis mo betw een the t wo machines. Instal ling SAMBA. sudo aptitude install smbfs samba sa m ba-common smbclient Edit /etc/samba/smb.conf and observe the following parameter s: workgroup = XXXXXXX X server string = XXXXXXXX printcap name = /etc/printcap load printers = no so c ket options = TCP NODELA Y SO RCVBUF=8192 SO SNDBUF=819 2 dns proxy = no netbios name = pa drao netbios aliases = padrao map to guest = never os level = 9 9 AC M T ransactions on Computational Logic, V ol. 1, No. 1, M a y 2008. 6 · preferred master = no domain master = no wins supp ort = no dead time = 0 domain logons = no printcap name = cups printing = cups log file = / v ar/lo g/samba/log.%m max log size = 50 debug le v el = 1 security = share unix password sync = y es password level = 0 nu ll pas sw ords = yes encrypt passwords = true smb passwd file = / etc/sam ba/ sm bpasswd username map = /e tc/ sam ba/s m busers username level = 8 add machine script = /usr/s bin/adduser -n - r - g machines -c ” Sam ba machine” -d / dev/n ull -s /bin/false %u passdb back end = smbpasswd idmap uid = 1 6777216 -33554431 idmap gid = 16 777216- 3 3554431 template shell = /bin/false winb ind use default domain = no bind in terfac e s only = no hide dot files = no [Desenv] comment = XXXXXXXXX XXXXXXx path = /XXXXXXXX XX public = no browseable = yes guest only = no guest ok = yes writable = yes preserve case = No short preserve case = No directory mask = 0777 v alid user s = luciana create mask = 0 777 av ailable = yes Instal ling DRDB. The adv antage of DRDB8 o n SRDB7 a re: It allows resources to be master of b oth the time and can b e mounted with Permissions o f rea ding and wr iting. No w we will co mpile the mo dules from DRDB8 to b e lo aded into the kernel. F or this we need the pa c k a ges build-essential and kernel-headers-xen. Do int o the prompt; AC M T ransactions on Computational Logic, V ol. 1, No. 1, M a y 2008. · 7 sudo a ptitud e install drbd8-utils drbd8 -module-so urce drbd8 -source build-essential linu x- headers-xen sudo sudo m-a- i-module drb d8-source sudo update- modules sudo mo dprobe drb d This will compile the mo dules fo r kernel / drivers / blo c k / drbd.ko and will be used for this kernel. A configura tion pado was set up in / etc / drb d.conf Configuratio n: Edit o /etc/drb d.conf global usage- c o un t yes; common syncer rate 10M; resource r0 pro tocol C; handlers pri-o n- incon-degr ”echo o ¿ /pro c/sysrq - trigger ; halt -f”; pr i-lost-after-sb ”echo o ¿ /pro c/sysrq- trigger ; halt -f”; lo c al-io-error ”ech o o ¿ / proc/ sysrq-trigger ; ha lt -f”; outdate-p eer ” /usr/sbin/drb d-pe e r-outdater”; startup disk on-io- e r ror deta ch; net allow-tw o-primar ies; after-sb-0pri disconnect; after-sb-1 pr i disconnect; after- sb-2pri disconnect; rr-co nflict disconnect; syncer rate 10M; al-extents 257 ; on no de1 device /dev/dr bd0; disk /dev/sda3; address 1 92.168.0.12 8:7788; flexible- meta-disk in ter na l; on no de2 device / dev/drbd0 ; disk /dev/sda 3; a ddress 192.1 6 8.0.129:77 88; meta- disk in ternal; ”Allow-t wo-primaries” optio n that allows you to b e moun ted as master ”master” at the b eginning of our netw ork. Copy /etc/drb d.conf for o no de 2 and restart drb d with the following command. sudo / init.d / drbd r estart If y o u wan t to check the state r un the command b elo w sudo /etc/init.d/drb d status This should be the res ponse if everything is OK. drb d driver loa ded OK; device status: version: 8 .0.3 (api:86 /proto:86) SVN Revisio n: 2 881 build by ro ot@no de1, 200 8-01-20 1 2 :48:36 0: cs:Connected st:Secondary/ Secondary ds:UpT oDate/UpT oDate C r— ns :1 43004 nr:0 dw:0 dr :143004 al:0 bm:4 3 lo:0 p e:0 ua:0 ap:0 res y nc: used:0/ 31 hits:891 6 misse s :22 s tarving:0 dirty:0 changed:22 act log: used:0/ 257 hits:0 misses:0 starving:0 dirty:0 changed:0 replace the app eal to the master with the following command in equipmen t sudo drbda dm primar y r0 and check the status again sudo /etc/init.d/drb d status drb d driver loa ded OK; device status: version: 8 .0.3 (api:86 /proto:86) SVN Revisio n: 2 881 build by ro ot@no de1, 200 8-01-20 1 2 :48:36 0: cs:Connected st:Primary /Primary ds:UpT oDate/UpT oDate C r — ns:143 004 nr :0 dw:0 dr:14300 4 al:0 bm:4 3 lo:0 p e:0 ua:0 ap:0 res y nc: used:0/ 31 hits:891 6 misse s :22 s tarving:0 dirty:0 changed:22 act log: used:0/ 257 hits:0 misses:0 starving:0 dirty:0 changed:0 As you can see action is ”mas ter” in b oth of us device. And the drb d is now accessible on / dev /drbd0 File system AC M T ransactions on Computational Logic, V ol. 1, No. 1, M a y 2008. 8 · W e ca n now create the file system in / dev /drbd0 with the following command sudo mkfs.o c fs2 /dev /drbd0 This can be mounted simultaneously in both with the commands b elo w: sudo mkdir /drb d0 sudo moun t.o cfs2 /dev/drb d0 /drb d0 Now we hav e a syncr onismo b et ween storag e de v ices. Init script W e hav e to make s ure that, after restart, the system will s et dr bd r esources again to ”master” and mount a ”/ drb d0” b efore star ting the Heartb eat and Xen machines. Edit /etc/init.d/mountdrbd.sh drb dadm prima ry r0 mount.ocfs2 /dev/drb d0 /mnt make a symbolic link to exe c utable / etc/rc3 .d/S99mountdrbd.sh sudo c hmo de +x /etc/init.d/mountdrbd.sh sudo ln -s / e tc/init.d/moun tdrb d.sh /etc/ rc3.d/S99mountdrbd.sh In fact, this step can also be integrated to Hea rtbeat, a dding adequate resour ces for the setting. But as time is that v ai do with this script. Instal lation He artb e at2. Now we can install and configure the Heartb eat 2 sudo apt-get install heartb eat-2 heartb eat-2-gui Edit /etc/ha.d/ha .cf crm on bca st eth0 no de no de1 node 2 restart heartb eat2 com sudo /etc/init.d/heartb eat r estart 3.3 Sta rtup Edit the file / r oot/ c luster/bo otstrap.xml cluster pr operty set id=”b o otstrap” attributes nvpair id=”b o otstrap01” name=”tra nsition-idle-timeout” v alue= ”60”/ nvpair id=” bo otstrap02” name= ” default-resource-stickiness” v alue=” INFINITY”/ nvpair id=” bo otstrap03” name= ” default-resource-failur e-stic kiness” v alue=”-50 0”/ nvpair id=”b o otstrap04” name=”stonith-e nabled” v alue= ”true”/ nvpair id=”b o otstrap05” name=”stonith-a ction” v alue=” rebo ot”/ nvpair id=”b o otstrap06” name=”symmetr ic-cluster” v alue= ”true”/ nvpair id=”b o otstrap07” name=”no- quorum-po licy” v alue=”stop” / nvpair id=”b o otstrap08” name=”stop- orphan-resour ces” v alue=”tr ue ” / nvpair id=”b o otstrap09” name=”stop- orphan-actions” v alue=” true”/ nvpair id=”b o otstrap10” name=”is- ma naged-default” v alue= ”true”/ /attributes /cluster prop ert y set Load the file with the following co mmand sudo cibadmin -C cr m config -x /ro ot/cluster/b o otstrap.xml This will s tart the Cluster with the v a lues set in xml file AC M T ransactions on Computational Logic, V ol. 1, No. 1, M a y 2008. · 9 Setting up the device STO NITH Using the co mmand b elow the keys to create trust b etw een the servers. sudo ssh-keygen – sav e key under /r oot/ .ssh/* – don t give any passphr ase scp / roo t/.ssh/id rsa.pub no de2:/ro ot/.ssh/authoriz e d keys Now make sur e you can log on the ser v er 2 fro m the server 1 without us ing password. sudo ssh -q -x - n -l ro ot ” node2” ”ls -la” Stonith of configuring the s erv er 2 /ro ot/cluster/s tonith.xml clone id=”stonithclone” globally unique=”false” instance attributes id=”stonithclone” attributes nvpair id=”sto nithclone01” name=”clone no de max” v alue= ” 1”/ /attributes instance attributes primitive id= ”stonithclone” class= ”stonith” type=”e x ternal/ssh” provider=”heartb eat” op erations op name= ”monitor” interv a l=”5s” timeout=”20s ” prereq= ”nothing” id=”stonithclo ne- op01”/ op na me=”start” timeout= ”20s” prereq= ”nothing” id=”stonithclone-o p02”/ /op erations instance attributes id=”stonithclone” attributes nvpair id=”sto nithclone01” name=”hostlis t” v alue=” node1,no de2”/ /attributes /instance attributes /primitive /clone Load with the following co mmand sudo cibadmin -C - o re s ources -x /ro ot/cluster/ stonith.xml Xen the cluster r esour c es. Now we can add the virtual machine XEN in the cluster. Now we can add to the Xen virtual machine clus ter r esource. Lets say that we hav e a Xen to view the ma c hine called vm01. The cofigur ao and image files to keep us in vm0 1 /drb d0/xen/vm0 1/ in vm01.cfg and vm01-disk0 .img resp ectiv ely . Edit /ro ot/cluster/v m01.xml resource s primitive id=”vm01 ” class= ” ocf” type=” Xen” provider=”hear tbeat” op erations op id=” vm01-op01” name=”monitor ” interv al=”1 0s” timeout=”60 s” prereq = ”nothing”/ op id= ”vm01-op02” name= ” start” timeout=”60s” start delay=”0”/ op id= ”vm01-op03” name= ” stop” timeout=”30 0s”/ /op erations instance attributes id=”vm01” AC M T ransactions on Computational Logic, V ol. 1, No. 1, M a y 2008. 10 · attributes nvpair id=” vm01-attr01” name=”xmfile” v alue=”/ drbd0/x en/vm01/vm01.cfg” / nvpair id=”vm0 1-attr02” na me=”target role” v alue=” started”/ /attributes /instance attributes meta attributes id=”vm01-meta 0 1” attributes nvpair id=”vm0 1-meta-attr01” name=”allow migrate” v alue=”true”/ /attributes /meta attributes /primitive /resour ces Load this file with the following co mmand. sudo cibadmin -C - o re s ources -x /ro ot/cluster/ vm01.xml T r acking to ols. With the command ”cr m mon” you can track the inclusion of resource s and in the cluster. sudo crm mo n Refresh in 14s... The result of this comma nd will b e: ===== ======= Last updated: F ri Jan 25 17:26:1 0 2 0 08 Current DC: no de2 (839 72cf7-0b56-4 299-8e42-69b3411377a7) 2 Nodes co nfigured. 6 Resources co nfigured. ===== ======= No de: no de2 (839 7 2cf7-0b56-4 299-8e42-69b3411377a7): online No de: no de1 (6bfd2aa 7 -b132-410 4-913c-c34ef03a4dba): online Clone Set: sto nithclone stonithclone:0 (stonith:external/s sh): Star ted no de1 stonithclone:1 (stonith:external/s sh): Star ted no de2 vm01 (heartb eat::ocf:Xen): Started no de2 There is also a GUI av aila ble (gra phical to ol). T o use it just set a password fo r the user ”ha cluster” with the following command and r un the co mmand ”hb gui” sudo passwd hacluster password re t yp e password sudo h b gui & 4. ANAL YSIS OF R ESUL TS The fac t work with L VM facilitated the mirroring of machines but the total security was not achiev ed b ecause when we hav e to s a ve the records in the course mirroring lost the last reco rd a nd the bank needed to make the rollback. But the resumption of serv ic e in the even t of the fall of the main se r v er was made in seconds not cr eating inconv enience to user s of the net work. Although the p erformance was higher with the us e of XE N no details in this article bec ause this item is not the purpo se of it. AC M T ransactions on Computational Logic, V ol. 1, No. 1, M a y 2008. · 11 5. CONCLUSION Lo oking up the sequence of se rv ers religamento of the structure is made entirely stable and secure even in tests in Part 1 where only in pro cessing memory was b eing implemen ted in P HP in the second machine (Server 2), after the fall co ntin ued smo othly . In practical terms only at the end of the business can religar the main server (Server 1 ) again b ecause o f the time sy nc hronizatio n b et ween the tw o high and for implying in the netw or k for several minutes. REFERENCES Xen system htt p://en.wikip edia.org/wiki/Xen W e start with installi ng Xen Hyp ervisor and bo ot with Xen-kernel. http://wiki.xen-br.org/index.php?t itle=Xen-ha M. L. Massie, B. N. Chun, and D. E. Culler. T e ganglia di stributed system: design, implemen- tatiosn, and exp erience. Parrallel Computing, 30(7):817-840, July 2004. Z. Pan, X. Ren, R. Eigenmann, and D. Xu. Executing mpi programs on virtual machines in a int ernet s haring system. In 20th In ternational Parallel and Distributed Pro cessing Symp osium (IPDPS 2006). IEEE, 2006 D. Plunner. An ethernet address r esoluion proto col. RFC 826, Nov. 1982. Q. Snell, A ¿ Mikler, and J. Gustafson. NetPIPE: A Net wo rk Pr oto col Inde p en ten t Performance Ev al uator. 1996. K. Adams and O. Agesen. A comparison of softw are and hardware tech niques for x86 virtu- alization. In ASPLOS- XII: Pro ceed ings of the 12th inte rnational conference on Ar c hitectural support for programming languanges and op erationg s yste ms, pages 2-13, N ew Y ork, NY, USA, 2006. ACM Press. M. P . Boufleur, G. P . Koslovski, and A .S. Charo. Av aliao do uso de xen em ambien tes de alto desempenho. In W orkshop em Sistemas Computacionais de Alto Desemp enho WSCAD 2006, pages 141-147, O uro Preto - MG, 2006. AC M T ransactions on Computational Logic, V ol. 1, No. 1, M a y 2008.