DOCSLIB.ORG

Towards Trustworthy Virtualisation: Improving the Trusted Virtual Infrastructure

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Towards Trustworthy Virtualisation: Improving the Trusted Virtual Infrastructure Towards Trustworthy Virtualisation: Improving the Trusted Virtual Infrastructure Carl Gebhardt Technical Report RHUL{MA{2011{10 17 March 2011 Department of Mathematics Royal Holloway, University of London Egham, Surrey TW20 0EX, England http://www.rhul.ac.uk/mathematics/techreports Towards Trustworthy Virtualisation: Improving the Trusted Virtual Infrastructure Carl Gebhardt Thesis submitted to the University of London for the degree of Doctor of Philosophy Information Security Group Department of Mathematics Royal Holloway, University of London October 2010 Declaration These doctoral studies were conducted under the supervision of Dr. Allan Tomlinson. The work presented in this thesis is the result of original research carried out by my- self, in collaboration with others, whilst enrolled in the Department of Mathematics as a candidate for the degree of Doctor of Philosophy. This work has not been submitted for any other degree or award in any other university or educational establishment. Carl Gebhardt October, 2010 2 To everyone who believed in me. 3 Acknowledgements My heartfelt thanks to my supervisor Dr. Allan Tomlinson for his guidance, en- couragement, patience and dedication over the past three years. I found in you an excellent supervisor and also a good friend. I would like to also thank my examiners, Professor Chris Mitchell and Professor Andrew Martin for taking the time to examine my thesis. I gratefully acknowledge the financial support of the ISG and Professor Keith Mar- tin in helping to organise funding. I would like to thank my fellow post-graduate students in the Information Security Group for many helpful discussions. I must also thank Professor Kenny Paterson for his support and guidance. I am also extremely grateful to Adam Davison and Laura Nequest for proof-reading my thesis. Additionally, I would like to thank Chris I. Dalton, Richard Brown, Boris Balacheff and the rest of the System Security Lab for fruitful collaborations during and beyond my time at Hewlett-Packard's System Security Lab. Finally, I would like to thank my family, and especially my parents, for their support and encouragement throughout my education. Thank you for allowing me to be a free spirit and giving me the freedom to pursue my own ideas and goals, even if they seemed dangerous at times. I would also like to thank my girlfriend Amanda Castillo for her patience and support during so many late nights. 4 Abstract Modern commodity platforms have become easy targets, which are increasingly plagued by malware exploiting legacy design weaknesses. Malware often abuses the large and feature-rich computing base, which forms the basis of modern commodity systems and inherently has to be trusted. In recent years, research has suggested employing machine virtualisation technology to provide isolation where commodity systems fail to do so. On one hand, hardware machine virtualisation support on commodity systems is a very recent technology, and with its novel technology al- lows for new creative security solutions. On the other hand, machine virtualisation changes many previous security assumptions about a platform and therefore creates new challenges itself. This thesis investigates machine virtualisation and trusted computing technology and outlines how those technologies could be utilised to move towards a more trust- worthy virtualisation infrastructure. To achieve this, the thesis has been divided into three main parts. In the first part of this thesis, we describe how the hypervisor's Trusted Computing Base could be reduced and, with new hardware advances, could be further strengthened. To achieve this, we reassess the definition of the Trusted Computing Base and illustrate how segregation of different code blocks could be enforced by hardware protection mechanisms. In the second part, we propose a novel scheme to protect the integrity and confi- dentiality of storage in a virtualised infrastructure. We discuss the implementation of a prototype for a secure, flexible and transparent virtual disk image. We base our concepts on trusted computing, utilising the Trusted Platform Module to efficiently deliver integrity assurance to virtual disk images, as well as enabling the owner to retain control over the disk image throughout its life-cycle. 5 In the third part, we present a flexible architecture that enables a platform user to benefit from the advantages of a fast booting system and a full-featured mainstream Operating System at the same time. The prototype builds on newly available machine virtualisation and trusted hardware features increasingly available on commodity systems. Moreover, this design enhances the concept of an instant-on system with secure, trustworthy and policy enforced compartments. In this thesis, we find that a sensible trusted virtualisation layer requires more protection guarantees than simply the combination of Trusted Computing and virtu- alisation building blocks. We therefore start with the basic foundations to increase the trustworthiness of the lower hypervisor level; in the second part we build up on the previous layer to provide trusted storage in a virtualised environment. The final part embraces the preceding concepts and combines the latest hardware ma- chine virtualisation and trust technologies to deliver a more robust virtualisation infrastructure. 6 Contents 1 Introduction 18 1.1 Motivation . 18 1.2 Contribution . 20 1.3 Thesis Organisation . 21 1.4 List of Publications . 23 I Background 24 2 Virtualisation 25 2.1 Introduction . 26 2.2 Historical Overview . 26 2.3 Taxonomy . 29 2.3.1 Emulation, Simulation and Virtualisation . 31 2.3.2 Formal Requirements . 32 2.3.3 Hypervisor and Virtual Machine Monitor . 33 2.4 Machine Virtualisation . 35 2.4.1 Intel x86 Architecture . 36 2.4.2 Hypervisor Implementations . 38 2.4.3 Memory Virtualisation . 40 2.4.4 Device and I/O Virtualisation . 41 2.4.5 Summary . 44 2.5 Security Discussion . 45 2.6 Summary . 48 3 Trusted Platforms 49 3.1 Introduction . 50 3.2 Trusted Computing . 50 3.2.1 Historical Overview . 51 3.2.2 Trusted Platform . 52 7 3.2.3 Trusted Computing Base . 54 3.2.4 Trusted Platform Module . 54 3.2.5 TPM Functional Overview . 61 3.2.6 Static Root of Trust for Measurement . 62 3.2.7 Dynamic Root of Trust for Measurement . 64 3.3 Discussion . 67 3.4 Summary . 71 II Problem Definition and Related Work 72 4 Problem Definition 73 4.1 Trusted Virtualisation . 74 4.1.1 Motivation . 74 4.1.2 Requirements . 76 4.2 Challenges . 78 4.2.1 Isolation Issues . 78 4.2.2 Trusting the Hypervisor . 80 4.2.3 Management Domain . 81 4.2.4 Platform Limitations . 83 4.2.5 I/O Device Sharing . 87 4.2.6 Virtualising the TPM . 88 4.3 Discussion . 91 4.4 Related Work . 94 4.4.1 Virtualisation and Isolation . 94 4.4.2 Trusted Computing . 97 4.5 Summary . 99 III Improving the Trusted Virtual Infrastructure 100 5 Separating Trusted Computing Base with Hardware 101 5.1 Introduction . 102 5.2 Motivation . 103 5.3 Background . 104 5.3.1 Trusted Computing Base . 104 5.3.2 Ring Protection . 105 5.4 Trusted Computing Base for HVMs . 108 5.4.1 HVM Protection Rings . 108 5.4.2 Code Separation . 109 8 5.5 Usage Scenarios . 111 5.5.1 Inter VM Communication . 112 5.5.2 Virtual Private Networks . 113 5.5.3 Legacy Virtualisation . 114 5.5.4 vTPM Implementation . 115 5.5.5 ACPI . 116 5.5.6 Policy Control . 117 5.6 Considerations . 118 5.6.1 Performance . 118 5.6.2 Development Effort . 118 5.6.3 Device Sharing . 119 5.7 Discussion . 119 5.8 Summary . 120 6 Trusted Virtual Disk Images 121 6.1 Introduction . 122 6.2 Motivation . 123 6.3 Security Requirements . 124 6.3.1 Threats . 124 6.3.2 Design Goals . 125 6.4 Trusted Virtual Disk Images . 126 6.4.1 Assumptions . 127 6.4.2 Ensuring Confidentiality . 128 6.4.3 Integrity Protection . 129 6.4.4 Creating Integrity Metrics . 131 6.4.5 Policy Model . 135 6.4.6 Software Enforcement . 135 6.4.7 Metafile . 136 6.5 Life Cycle . 139 6.5.1 Initialisation . 139 6.5.2 Deletion . 139 6.5.3 Backup . 140 6.5.4 Sparse Format . 140 6.5.5 Migration . 141 6.5.6 Snapshots . 141 6.6 Security Analysis . 142 6.7 Considerations . 145 6.7.1 Fragmentation . 145 9 6.7.2 Performance . 146 6.7.3 Swap-space . 146 6.8 Usage Scenario . 146 6.9 Discussion . ..
Load more

Recommended publications
  • HTTP-FUSE Xenoppix
    HTTP-FUSE Xenoppix Kuniyasu Suzaki† Toshiki Yagi† Kengo Iijima† Kenji Kitagawa†† Shuichi Tashiro††† National Institute of Advanced Industrial Science and Technology† Alpha Systems Inc.†† Information-Technology Promotion Agency, Japan††† {k.suzaki,yagi-toshiki,k-iijima}@aist.go.jp [email protected], [email protected] Abstract a CD-ROM. Furthermore it requires remaking the entire CD-ROM when a bit of data is up- dated. The other solution is a Virtual Machine We developed “HTTP-FUSE Xenoppix” which which enables us to install many OSes and ap- boots Linux, Plan9, and NetBSD on Virtual plications easily. However, that requires in- Machine Monitor “Xen” with a small bootable stalling virtual machine software. (6.5MB) CD-ROM. The bootable CD-ROM in- cludes boot loader, kernel, and miniroot only We have developed “Xenoppix” [1], which and most part of files are obtained via Internet is a combination of CD/DVD bootable Linux with network loopback device HTTP-FUSE “KNOPPIX” [2] and Virtual Machine Monitor CLOOP. It is made from cloop (Compressed “Xen” [3, 4]. Xenoppix boots Linux (KNOP- Loopback block device) and FUSE (Filesys- PIX) as Host OS and NetBSD or Plan9 as Guest tem USErspace). HTTP-FUSE CLOOP can re- OS with a bootable DVD only. KNOPPIX construct a block device from many small block is advanced in automatic device detection and files of HTTP servers. In this paper we describe driver integration. It prepares the Xen environ- the detail of the implementation and its perfor- ment and Guest OSes don’t need to worry about mance. lack of device drivers.
    [Show full text]
  • How to Create a Custom Live CD for Secure Remote Incident Handling in the Enterprise
    How to Create a Custom Live CD for Secure Remote Incident Handling in the Enterprise Abstract This paper will document a process to create a custom Live CD for secure remote incident handling on Windows and Linux systems. The process will include how to configure SSH for remote access to the Live CD even when running behind a NAT device. The combination of customization and secure remote access will make this process valuable to incident handlers working in enterprise environments with limited remote IT support. Bert Hayes, [email protected] How to Create a Custom Live CD for Remote Incident Handling 2 Table of Contents Abstract ...........................................................................................................................................1 1. Introduction ............................................................................................................................5 2. Making Your Own Customized Debian GNU/Linux Based System........................................7 2.1. The Development Environment ......................................................................................7 2.2. Making Your Dream Incident Handling System...............................................................9 2.3. Hardening the Base Install.............................................................................................11 2.3.1. Managing Root Access with Sudo..........................................................................11 2.4. Randomizing the Handler Password at Boot Time ........................................................12
    [Show full text]
  • Deep Compression
    COVER STORY Cloop DEEPBlock device compression COMPRESSION with the cloop module KYRO, photocase.com KYRO, The cloop module lets you manage compression at the block device 512 bytes), and they are usually used for random access storage like ramdisks, level. Read on to learn how Knoppix and other Live CDs fit all that CD-ROMs, floppy disks, hard disks, and hard disk partitions. software on a single disc. BY KLAUS KNOPPER Filesystems are a logical representa- tion of ordered data that is often present loop is a kernel block device block-based devices. If you look into the on a block device. A filesystem turns raw module used in Live CDs such output of ls -l /dev, you will easily recog- data into the familiar directory/file view. Cas Knoppix. The cloop module nize these devices by the prefix – c for The mount command is the bridge be- allows the system to read compressed character-based and b for block-based tween a block device partition and its data, usually from a file, thus creating devices – at the beginning of the output projection into a mount point directory. compressed virtual disks. Using cloop, line (see Listing 1). a Linux installation of about 2GB fits on Character-based devices, such as tape Cloop: A Compressed a single 700MB CD-R disc. In this article, drives, mice, and gamepads, provide se- Loopback Block Device I look at how cloop works and provide quential, character-by-character access One block device included in any Linux some insight into general kernel struc- to data.
    [Show full text]
  • QEMU Version 4.2.0 User Documentation I
    QEMU version 4.2.0 User Documentation i Table of Contents 1 Introduction ::::::::::::::::::::::::::::::::::::: 1 1.1 Features :::::::::::::::::::::::::::::::::::::::::::::::::::::::: 1 2 QEMU PC System emulator ::::::::::::::::::: 2 2.1 Introduction :::::::::::::::::::::::::::::::::::::::::::::::::::: 2 2.2 Quick Start::::::::::::::::::::::::::::::::::::::::::::::::::::: 2 2.3 Invocation :::::::::::::::::::::::::::::::::::::::::::::::::::::: 3 2.3.1 Standard options :::::::::::::::::::::::::::::::::::::::::: 3 2.3.2 Block device options :::::::::::::::::::::::::::::::::::::: 12 2.3.3 USB options:::::::::::::::::::::::::::::::::::::::::::::: 23 2.3.4 Display options ::::::::::::::::::::::::::::::::::::::::::: 23 2.3.5 i386 target only::::::::::::::::::::::::::::::::::::::::::: 30 2.3.6 Network options :::::::::::::::::::::::::::::::::::::::::: 31 2.3.7 Character device options:::::::::::::::::::::::::::::::::: 38 2.3.8 Bluetooth(R) options ::::::::::::::::::::::::::::::::::::: 42 2.3.9 TPM device options :::::::::::::::::::::::::::::::::::::: 43 2.3.10 Linux/Multiboot boot specific ::::::::::::::::::::::::::: 44 2.3.11 Debug/Expert options ::::::::::::::::::::::::::::::::::: 45 2.3.12 Generic object creation :::::::::::::::::::::::::::::::::: 54 2.3.13 Device URL Syntax ::::::::::::::::::::::::::::::::::::: 66 2.4 Keys in the graphical frontends :::::::::::::::::::::::::::::::: 69 2.5 Keys in the character backend multiplexer ::::::::::::::::::::: 69 2.6 QEMU Monitor ::::::::::::::::::::::::::::::::::::::::::::::: 70 2.6.1 Commands :::::::::::::::::::::::::::::::::::::::::::::::
    [Show full text]
  • Smaller Flight Data Recorders{
    Available online at http://docs.lib.purdue.edu/jate Journal of Aviation Technology and Engineering 2:2 (2013) 45–55 Smaller Flight Data Recorders{ Yair Wiseman and Alon Barkai Bar-Ilan University Abstract Data captured by flight data recorders are generally stored on the system’s embedded hard disk. A common problem is the lack of storage space on the disk. This lack of space for data storage leads to either a constant effort to reduce the space used by data, or to increased costs due to acquisition of additional space, which is not always possible. File compression can solve the problem, but carries with it the potential drawback of the increased overhead required when writing the data to the disk, putting an excessive load on the system and degrading system performance. The author suggests the use of an efficient compressed file system that both compresses data in real time and ensures that there will be minimal impact on the performance of other tasks. Keywords: flight data recorder, data compression, file system Introduction A flight data recorder is a small line-replaceable computer unit employed in aircraft. Its function is recording pilots’ inputs, electronic inputs, sensor positions and instructions sent to any electronic systems on the aircraft. It is unofficially referred to as a "black box". Flight data recorders are designed to be small and thoroughly fabricated to withstand the influence of high speed impacts and extreme temperatures. A flight data recorder from a commercial aircraft can be seen in Figure 1. State-of-the-art high density flash memory devices have permitted the solid state flight data recorder (SSFDR) to be implemented with much larger memory capacity.
    [Show full text]
  • Building a Self-Contained Auto-Configuring Linux System On
    Building a self-contained auto-configuring Linux system on an iso9660 filesystem Klaus Knopper [email protected] ¡ http://www.knopper.net/knoppix/ Abstract Bootable CD-Roms with a small Linux rescue system in business card size [1, 2] or regular size live demonstration CDs [3] are becoming popular re- cently. Also, some of the commercial Linux distributors as well as non-profit Open Source groups are developing self-running demos that are preconfigured for certain hardware, or contain a configuration frontend. Knoppix (Knopper’s *nix) is an attempt to not only create a fully featured rescue/demo system on a single CD, but also to unburden the user from the task of hardware identi- fication and configuration of drivers, devices and X11 for his or her specific hardware. The resulting product is supposed to be a platform CD with a stable GNU/Linux base system, that can be used to customize static installations for a specific purpose. Goal: Creating a fully functional and usable Reducing space limitations by compression Linux system running completely from a sin- The core system of about 200 MB (uncompressed) is gle CD currently based on the popular RedHat [4] distribution A frequently asked question asked by people who ”just and contains all basic commands and tools for a generic want to have a glance” on Linux to check out how use- Linux system. That leaves, on a standard 650 MB CD- ful it could be for them is, ”How can I test Linux with- Rom, over 400 MB for custom applications, which can out having to change anything on my computer?”.
    [Show full text]
  • Building Embedded Linux Systems with Buildroot
    Embedded Linux Conference Building embedded Linux systems with Buildroot Thomas Petazzoni Free Electrons http://free-electrons.com/ 1 Free Electrons. Kernel, drivers and embedded Linux development, consulting, training and support. http//free-electrons.com Rights to copy © Copyright 2009, Free Electrons [email protected] Document sources, updates and translations: http://free-electrons.com/docs/buildroot Corrections, suggestions, contributions and translations are welcome! Attribution ± ShareAlike 3.0 Latest update: Apr 28, 2009 You are free to copy, distribute, display, and perform the work to make derivative works to make commercial use of the work Under the following conditions Attribution. You must give the original author credit. Share Alike. If you alter, transform, or build upon this work, you may distribute the resulting work only under a license identical to this one. For any reuse or distribution, you must make clear to others the license terms of this work. Any of these conditions can be waived if you get permission from the copyright holder. Your fair use and other rights are in no way affected by the above. License text: http://creativecommons.org/licenses/by-sa/3.0/legalcode 2 Free Electrons. Kernel, drivers and embedded Linux development, consulting, training and support. http//free-electrons.com Leveraging free software Thousands of free software packages are available and can be leveraged to build embedded systems With free software You have control over the source Bugs can be fixed New features can be added Your system can be customized In theory, the system designers and developers have a lot of flexibility thanks to free software However, leveraging the existing free software packages may not be very easy.
    [Show full text]
  • Smaller Flight Data Recorders{
    Available online at http://docs.lib.purdue.edu/jate Journal of Aviation Technology and Engineering 2:2 (2013) 45–55 Smaller Flight Data Recorders{ Yair Wiseman and Alon Barkai Bar-Ilan University Abstract Data captured by flight data recorders are generally stored on the system’s embedded hard disk. A common problem is the lack of storage space on the disk. This lack of space for data storage leads to either a constant effort to reduce the space used by data, or to increased costs due to acquisition of additional space, which is not always possible. File compression can solve the problem, but carries with it the potential drawback of the increased overhead required when writing the data to the disk, putting an excessive load on the system and degrading system performance. The author suggests the use of an efficient compressed file system that both compresses data in real time and ensures that there will be minimal impact on the performance of other tasks. Keywords: flight data recorder, data compression, file system Introduction A flight data recorder is a small line-replaceable computer unit employed in aircraft. Its function is recording pilots’ inputs, electronic inputs, sensor positions and instructions sent to any electronic systems on the aircraft. It is unofficially referred to as a "black box". Flight data recorders are designed to be small and thoroughly fabricated to withstand the influence of high speed impacts and extreme temperatures. A flight data recorder from a commercial aircraft can be seen in Figure 1. State-of-the-art high density flash memory devices have permitted the solid state flight data recorder (SSFDR) to be implemented with much larger memory capacity.
    [Show full text]
  • Filesystems in Livecd
    Filesystems in LiveCD J. R. Okajima 2010/12 In the majority of cases, LiveCD uses Squashfs, tmpfs, and AUFS. This report compares usage of squashfs with others to implement LiveCD. Ancient Age A long long time ago, there was an approach to implement LiveCD by “shadow direc- tory”. It may be a rather old name but used very widely. For example, when we have source files under src/, and if we build it under the directory for multiple architec- tures, then we will need to remove all the built files for each build. It is a waste of time. In order to address this problem, make another directory obj/, create symbolic links under it, and build under obj/. This is the shadow directory approach. All the built object files are created under obj/ and the developers do not need to care about the difference of the build directory. LiveCD implemented by this approach (readonly FS + tmpfs + shadow dir) suc- ceeded to redirect the file I/O, eg. read from readonly FS and write to tmpfs, but it brought huge number of symbolic links. Obviously it was not the best approach. Squashfs and AUFS Later LiveCDs adopt a stackable filesystem, eg. Unionfs or AUFS. They both intro- duce a hierarchy to mounting filesystems, and mount a writable filesystem transpar- ently over readonly filesystems, and provide essential features of redirecting file I/O to layers and internal copy-up between layers which enables modification the files on the readonly filesystems logically. Since readonly filesystems can be specified more than one, LiveCD can handle them as an application packages such like compiler package, office suite.
    [Show full text]
  • O'reilly Knoppix Hacks (2Nd Edition).Pdf
    SECOND EDITION KNOPPIX HACKSTM Kyle Rankin Beijing • Cambridge • Farnham • Köln • Paris • Sebastopol • Taipei • Tokyo Knoppix Hacks,™ Second Edition by Kyle Rankin Copyright © 2008 O’Reilly Media, Inc. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (safari.oreilly.com). For more information, contact our corporate/institutional sales department: (800) 998-9938 or [email protected]. Editor: Brian Jepson Cover Designer: Karen Montgomery Production Editor: Adam Witwer Interior Designer: David Futato Production Services: Octal Publishing, Inc. Illustrators: Robert Romano and Jessamyn Read Printing History: October 2004: First Edition. November 2007: Second Edition. Nutshell Handbook, the Nutshell Handbook logo, and the O’Reilly logo are registered trademarks of O’Reilly Media, Inc. The Hacks series designations, Knoppix Hacks, the image of a pocket knife, “Hacks 100 Industrial-Strength Tips and Tools,” and related trade dress are trademarks of O’Reilly Media, Inc. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and O’Reilly Media, Inc. was aware of a trademark claim, the designations have been printed in caps or initial caps. While every precaution has been taken in the preparation of this book, the publisher and author assume no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein. Small print: The technologies discussed in this publication, the limitations on these technologies that technology and content owners seek to impose, and the laws actually limiting the use of these technologies are constantly changing.
    [Show full text]
  • Proxmox VE Administration Guide Ii
    PROXMOX VE ADMINISTRATION GUIDE RELEASE 7.0 July 6, 2021 Proxmox Server Solutions Gmbh www.proxmox.com Proxmox VE Administration Guide ii Copyright © 2021 Proxmox Server Solutions Gmbh Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled "GNU Free Documentation License". Proxmox VE Administration Guide iii Contents 1 Introduction 1 1.1 Central Management....................................... 2 1.2 Flexible Storage......................................... 3 1.3 Integrated Backup and Restore................................. 3 1.4 High Availability Cluster..................................... 3 1.5 Flexible Networking........................................ 4 1.6 Integrated Firewall........................................ 4 1.7 Hyper-converged Infrastructure................................. 4 1.7.1 Benefits of a Hyper-Converged Infrastructure (HCI) with Proxmox VE.......... 4 1.7.2 Hyper-Converged Infrastructure: Storage........................ 5 1.8 Why Open Source........................................ 5 1.9 Your benefits with Proxmox VE.................................. 5 1.10 Getting Help........................................... 6 1.10.1 Proxmox VE Wiki..................................... 6 1.10.2 Community Support Forum................................ 6 1.10.3
    [Show full text]
  • Secure Boot Cds for VPN HOWTO Secure Boot Cds for VPN HOWTO Table of Contents Secure Boot Cds for VPN HOWTO
    Secure Boot CDs for VPN HOWTO Secure Boot CDs for VPN HOWTO Table of Contents Secure Boot CDs for VPN HOWTO.................................................................................................................1 Jeffery Douglas Waddell jefferydouglaswaddell (at) gmail (dot) com...................................................1 1. Introduction..........................................................................................................................................1 2. Theory..................................................................................................................................................1 3. Technologies........................................................................................................................................1 4. Implementation....................................................................................................................................1 5. Maintenance.........................................................................................................................................1 6. Advanced Issues...................................................................................................................................1 7. Features................................................................................................................................................1 8. Troubleshooting...................................................................................................................................1
    [Show full text]