Currently eBrainPool works only under Linux and the below describes a brief overview on how it works on Linux. Other platforms will eventually be supported (with help from the community and you :) ).
- One of the main goals for eBrainPool is that you should be able to use software remotely but work on your local data. Data at both ends needs to be isolated. The host from where you are running software should not have access to your data and you should not be able to see or tamper with the data on the remote host.
- eBrainPool consists of a client application that runs on both the local and the remote end.
- This client application automatically discovers other ebrainers around you. These are the people who can share their software with you and vice versa.
- Discovery of and connectivity with, other eBrainPool clients is supported over different network topologies.
- Over LAN under Linux, Avahi / mDNS is used to discover other hosts. This has been tested over an olsr mesh network, however at that time there was a custom olsr plugin to broadcast discovery information. This is not required anymore and Avahi / mDNS should work fine over a mesh network too albeit with some configuration.
- Soon eBrainPool will run atop the decentralized and secure Retroshare network.
- To aid data isolation, the eBrainPool client creates and starts a sandbox based on the Linux Container technology (LXC).
- This sandbox shares only the binaries from the host system. It has an independent /home directory and the root file structure required under Linux is also independent. Ideally the /etc directory storing configuration information should also be independent in the sandbox, however in some cases this may need to be common, especially in the case of common system utilities without which the system will not run. This further isolation of the /etc directory is on going work. At the moment where things need to be shared, the permissions are altered to read-only so that this data can be read but not altered.
- At the remote end, a software that is being served from the remote end runs within this sandbox. Therefore it can see an independent and clean /home and other directories that have no data from the host.
- At the local end, only the data you want to work on gets mounted within the remote sandbox. This means that when you are using the remote software it gets to see only the data you actually want to work on. The remainder of your data is protected.
- The actual facility of using a remote software is provided by the X Window system. To be specific OpenSSH is used to create a secure connection with the remote end and to tunnel the X Window over it.
- X Window is network transparent. Which means the protocol innately provides for the facility for the software to run on one system but for its display to be on another device. This means that the host from which the software runs does not even see the applications user interface appear on their device and cannot interact with that instance. Therefore the user on the serving host can continue using his task independently. Neither side gets affected by the other.
- X Window is unlike other remote desktop protocols such as VNC and others that do a screen scrape or use other techniques to capture pixels from the screen and transfer them to the remote end. With these other protocols, the application shows up at the serving end too. This means that the user on the serving host can not only see what you are doing but cannot do any other work on the host independently.
- The x2go project further offers features to optimise bandwidth usage than that offered by standard X Window. eBrainPool uses x2go to offer this performance advantage along with the myriad of other features that it provides.
The above gives a brief overview on how eBrainPool currently works. Please read our blogs to keep abreast of recent development.