A few days ago the topic “Kiosk mode” came up at the official VMware Community Forum. When I wrote that I had implemented such a system about a year ago I was asked to explain what i did in more detail.
So, here it is, the whole story about what I did how and why, and what I would do in another way today.
First of all I apologize for the delay, but writing it all down took more time than I expected 🙂 I also didn’t want to write the same text to all the people who asked seperatly, so I decided to write it into my blog. Yeah, finally some real content. Sorry for all the guys who can’t read the rest of the blog because its all german. Maybe I need to write everything twice or switch to english completly 🙂
So, have fun with the text, feel free to comment on it, and be aware that everything I describe here worked for me and will not necessarily work in your environment. Don’t blame me when stuff breaks at your place! 🙂
And so it begins…
A customer wanted to replace a whole bunch of PCs with Thinclients, simply to force his employees to have all data on the servers for security reasons. Well, the Thinclients we tested didn’t support a specific application, so we needed to think of a more innovative way. Running a VM on every computer came to mind very quickly, even though it would mean buying a VMware Workstation license for each pc. But how to lock down the host itself? The employees should not be able to copy data from the network to any portable media, or import own data to the network.
Since Windows is almost impossible to lock down completly without any third party software, and takes up much of the hosts resources, we decided to use linux as a host OS. It’s quite easy to strip and lock down, and it even saves the costs of 2 windows licenses per computer. We used gentoo, simply it was the set distro of choice in the company I worked for these days.
So I built a small gentoo system on one of the computers as a proof of concept. I just installed enough packages to be able to start X and get network connectivity, and VMware Workstation which was also available as a “prebuild” package – perfect. The next step was to hide the linux system from the user. There should be no need to interact with linux itself, the system should behave just like any other windows system, except for the fact that everything you change on the local harddrive is gone when you reboot or shut down.
Quite easy thing to do with linux 🙂
The first step is of course to make the computer boot just from the local hard disk, which ican be done with a few bios settings (dont forget to set a bios password though, you don’t want your users to explore the wonders of the bios, do you?). The next step is to disconnect any floppy or cd drives, just to be sure. What’s not available by a physical connection can’t be tricked into a usable device. Then you should disable all USB/Firewire/etc modules on the Linux system (and/or disable them in the computers bios) – either make your own kernel which does not include the drivers at all (see the note about the floppy and cdroms), or put them in udevs blacklist so they don’t get loaded automaticly.
At this point we have a computer which will boot linux from the internal hard drive, and nothing else. Don’t forget to set a boot loader passwort, we don’t want the users to be able to pass funny stuff to the kernel and boot into single user mode.
Now to VMware workstation. All filenames and locations are the gentoo ones, other distros will use other names and locations. For example, whats /etc/conf.d/local.start in gentoo will be /etc/rc.local in RedHat. But you’ll get the point 🙂
I assume you have a working workstation image of the VM which is perfectly in shape to do what you expect it to do, meaning for example Windows XP is installed, has already joined the domain, all applications are installed etc. I copied that image to the local hard drive for performance reasons. In my case the VM was set to non persistant mode, because the customer wanted his employees to learn about data storage the darwin way. If they save the data on the local harddrive (of the VM) and come back to work tomorrow, everything will be gone. After a few times they will have learned eventually. Of course i configured the VM not to have any sound device, nor a cdrom or floppy drive.
So, now about VMware itself. If you start the workstation with vmware -X -q /path/to/the/vmxfile.vmx it will start in fullscreen mode (-X) and will quit when the VM is powered off (-q). Exactly what we need for the kiosk system. So, just write a little script for that job, maybe call it “startvm.sh” If you configure this script to be the default window manager for all users (with gentoo its defined in /etc/rc.local) every time you run X with startx your VM will start in fullscreen mode. Since its no real windowmanager there is nothing the user can taskswitch to, or get a xterm running etc. We’re getting closer to the kiosk system 🙂
The missing part is the automatic startup of X and the VM when booting the computer, and shutting down the computer right after the VM is powered down. Just edit the /etc/conf.d/local.start (with RedHat its /etc/rc.local iirc), and insert “startx” and “shutdown”. This will cause the computer not to present a login promt, but to fire up X and the VM – no questions asked. Since the commands in local.start are processed one after another the script stops as long as VMware is running. When the user shuts down the VM linux continues with the local.start file and finds the shutdown command. So, basicly linux never reaches the point where it has completly started. It’s a dirty trick, and i am sure there are better ways to do that, but well, it worked for me 🙂
Now we have the following behavior:
– computer starts
– boots into linux
– X windows starts
– WMware Workstation starts
– the VM starts
– the user can login into the windows VM
– the user works (hopefully) 🙂
– the user logs off
– VMware Workstation shuts down
– all modified data within the VM is lost
– the computer shuts down
The “perfect” kiosk system with VMware. No need for the user to know anything about linux, it’s just like a normal windows pc. It just takes a little longer to boot, and the user sees a cute pengiun while waiting for the windows logo to show up.
Ok, all of this happened about a year ago, so what would I make different today?
– obviously use the VMware Player instead of buying a Workstation license for each PC
– not use Gentoo, but CentOS. Yes, Gentoo rocks and i use it on every computer i own, but a rpm/deb based distro would be easier to maintain in this scenario.
– maybe try central storage for the VM images
I would NOT:
– use VMware Ace. It looks like a good way to distribute images in such a scenario, but it needs a windows host system. Also, its quite more expensive than my solution, especially if you use VMware Player 🙂
Ok, thats it for today. I hope the text answers all your questions about how to setup such a kiosk system, even though i didn’t give a real step-by-step howto. It’s better if you understand the concept behind it, so you can add bits and pieces you need for your implementation and are able to actually maintain and improve it.
Fell free to leave a comment or ask questions 🙂