Host Machine If you plan to run several VMs, I recommend server-class hardware, or at least “gaming” machines. Effective cooling is essential, especially for the hard disks. With consumer-grade hardware, adding a high-capacity rear case fan is wise. You may also want to install a grill in front of the hard disk cage (or just drill a lattice of small holes). Some models are notorious for quickly baking hard disks, and can be obtained inexpensively. Modern low-end dual-core CPUs will run 2-3 VMs comfortably. Still, I recommend recent-vintage quad-core CPUs or better. CPU cores are a soft limit for VM capacity. I've run ten VMs on machines with single quad-core CPUs. Enable hardware virtualization support if your CPU supports it. It's an option in the BIOS configuration. Memory is a hard limit for VM capacity, and is currently quite cheap, so install as much as you can. That's especially important if you plan to run Windows VMs, which require more memory than Linux or BSD VMs. With a 64-bit OS, there's no 4GB memory limit. You also want fast storage. Go for SSDs if your budget permits. Otherwise, use RAID with multiple SATA disks. My favourite host has two 150GB 10Krpm WD VelociRaptors in Linux software RAID1. I also have hosts with four 1TB 7.2Krpm WD RE3 disks in RAID5 (which is faster) or RAID10 (which is more reliable). You may want to enable boot with degraded RAID. If you don't, and one of the disks fails, you'll need to boot with a LiveCD and repair the damage before it'll boot. If you just boot with degraded RAID, on the other hand, you may not realize that the RAID array is degraded until it entirely fails (which is too late). That's especially an issue if you use RAID5 for your boot partition, because you can afford to lose just one disk, rather than possibly two with RAID10. Speed kills, as they say. Although one network adaptor can be enough, I recommend at least two 1Gbps network adaptors. Intel adaptors are widely compatible, and conserve host CPU capacity. I recommend avoiding Realtek adaptors. Older Intel server-class PCIe x4 cards aren't very expensive, but some PCIe 1 cards don't work in modern PCIe 2 slots, so be careful. Host Operating System Linux is the best choice for the host OS, for five reasons. First, it's free and open-source. Second, its software RAID implementation is fast, efficient and reliable. Third, it doesn't waste host resources, and can easily be stripped down. Fourth, encrypted LVM provides flexible partition management, and native full-disk encryption (everything being encrypted except for the boot partition). Fifth, VirtualBox runs very well under it. It's wise to dedicate host machines to running VMs, and so it's OK to proceed without prior Linux experience. Ubuntu is a good choice for new Linux users. The Ubuntu Software Center simplifies package management. The alternate install ISO provides full access to Debian's disk partitioning tools (including encrypted LVM). As noted above, there is no 4GB memory limit with a 64-bit OS. Unless you have hardware that supports Unity, and resources to waste, I recommend Ubuntu 10.04.3 (“ubuntu-10.04.3-alternate-amd64.iso”). Installing Ubuntu is quite easy, even using the old-school wizard on the alternate install ISO. Create an install CD, and then boot your host machine with it. Just use the defaults until you reach the hostname screen. I typically combine OS name and computer model to avoid confusion (such as U10043x64R210). On the clock screen, I select “No” and set the time zone to UTC (bottom choice). On the disk partitioning screen, I select “Manual”. While the following may seem complicated, it's really not that bad. Read it through a few times, so you have a general idea of what you're doing, rather than just following the steps. Basically, you'll be creating two partitions on each disk: 1) a small one for the boot RAID array; and, 2) a large one for the RAID array that will be encrypted using dm-crypt, and then split into logical volumes (swap, root and home) using the Logical Volume Manager (LVM). Start with the boot-array partitions. Here are the steps for each disk: 1. create partition table (select disk, hit enter, and select “Yes”) 2. create small primary partition at beginning of each disk (a) select “FREE SPACE” line under disk (b) select “Create a new partition” (c) you want 300MB total boot space, so use these partition sizes i. 300MB for RAID1 ii. 150MB for RAID10 iii. 100MB for RAID5 with four disks(d) select “Primary” as partition type (e) select “Beginning” as location (f) under partition settings, choose use as “physical volume for RAID” (g) select “Done setting up the partition” Repeat the above steps for each of the other disks. Now create a second partition on each disk, using the remaining space. We will use them for a RAID array that will hold everything else except boot. Here are the steps for each disk: 1. select “FREE SPACE” line under disk 2. select “Create a new partition” 3. accept default size 4. select “Logical” as partition type 5. under partition settings, choose use as “physical volume for RAID” 6. select “Done setting up the partition” Repeat the above steps for each of the other disks. You should be back at the main disk partitioning screen. Configuring software RAID is next. Here are the steps for the boot RAID array: 1. select “Configure software RAID” 2. select “Yes” to “[w]rite changes to the storage devices and configure RAID” 3. select “Create MD device” (will be md0) 4. select desired RAID type 5. enter number of active devices (total disks less hot spares) 6. enter number of spares 7. check (using space bar) which partitions to use (boot ones) 8. click through back to main disk partitioning screen Now repeat that process to create md1 from the other set of partitions. We will encrypt that, and then use it for LVM. At this point, you should see two RAID devices on the main disk partitioning screen: “md0” being the boot array, and “md1” being the array for encryption and LVM. Let's do RAID device “md1” first. 1. select #1 line below main md1 line, and hit enter 2. choose use as “physical volume for encryption” 3. select “Done setting up the partition” 4. should be back at main disk partitioning screen 5. select “Configure encrypted volumes” 6. select “Yes” to “[k]eep current partition layout and configure encrypted volumes” 7. select “Create encrypted volumes” 8. check “/dev/md1” (using space bar) 9. select “Continue” and then “Finish” Now you'll be asked for your password. Use a complex one, and make sure you remember it, because there's no way to recover it if you forget. You should be back at the main disk partitioning screen, and should now see the encrypted volume “md1_crypt”. Now we configure logical volumes, as follows: 1. select #1 line below main md1_crypt line, and hit enter 2. choose use as “physical volume for LVM” 3. select “Done setting up the partition” 4. should be back at main disk partitioning screen 5. select “Configure the Logical Volume Manager” 6. select “Yes” to “[k]eep current partition layout and configure LVM” 7. select “Create volume group” and name it (such as “cryptovg”) 8. check “/dev/mapper/md1_crypt” (using space bar) 9. select “Continue” and then “Finish” Now you create your logical volumes. Although you can get fancy, I recommend just swap, root (“/”) and home. 1. select “Create logical volume” and name swap 2. set size as twice your installed memory 3. select “Create logical volume” and name root 4. set size as 10GB (to allow for many upgrades) 5. select “Create logical volume” and name home 6. set size as remaining space 7. select “Finish” 8. should be back at main disk partitioning screen Now you finish configuring your home volume, as follows: 1. select #1 line below main LV home line, and hit enter 2. choose use as “Ext4 journaling file system” 3. set mount point as “/home” 4. select “Done setting up the partition” Now you finish configuring your root volume, as follows: 1. select #1 line below main LV root line, and hit enter 2. choose use as “Ext4 journaling file system” 3. set mount point as “/” 4. select “Done setting up the partition” Now you finish configuring your swap volume, as follows: 1. select #1 line below main LV swap line, and hit enter 2. choose use as “swap area” 3. select “Done setting up the partition” Then, page down the main disk partitioning screen to your boot RAID array (“md0”), and finish configuring it: 1. select it and hit enter 2. choose use as “Ext4 journaling file system” 3. set mount point as “/boot” 4. select “Done setting up the partition” Finally, go to the bottom of the main disk partitioning screen, select “Finish partitioning and write changes to disk”, and (after checking for sanity) select “Yes”. The rest of the install process should complete with little input. Do not elect to encrypt your home directory, because that can conflict with encrypted LVM. VirtualBox Installation Two versions of VirtualBox are available. One is a GPL version. It's available from -https://www.virtualbox.org/wiki/Downloads/, and through the Ubuntu Software Center. The other, "VM VirtualBox", which contains non-GPL features, is available from -http://www.oracle.com/technetwork/server-storage/virtualbox/downloads/ (or by adding the VM Extension Pack from -https://www.virtualbox.org/wiki/Downloads/ after installing). I prefer VM VirtualBox. Use the 64-bit version, if possible. Include the Add-ons when you install. It's very straightforward. Creating Test VM Create a test VM using the same ISO file that you used for the host machine. If you name it "UbuntuTestx64", VirtualBox will select the correct OS and version. Just use the defaults for memory, and virtual hard disk type, location and size. On the final summary screen, review and hit "Create". Now you need to add the OS install ISO. Click "Storage" in the Details area on the right side, Then click on the CD icon (named "Empty") under "IDE Controller", Then click on the CD icon to the far right of "CD/DVD Drive", and select "Choose a virtual CD/DVD disk file". Navigate to wherever you put your Ubuntu install ISO, and select it. Then click "OK" to exit the settings screen. Now double click on your VM, and go through the install process as described above. This time, though, you don't need to partition manually. You can select the encrypted LVM option, if you like. After finishing the install, as the VM starts to reboot, click "Devices" (at the top) and then "CD/DVD Devices", and then select "Remove disk from virtual drive". Open Firefox, and test your Internet connection. Then shut down the VM, using the start/stop icon at the upper right. Now, through the main VirtualBox screen, explore the VM's settings. Under "General/Advanced" settings, set "Shared Clipboard" to "Disabled" (for security). Under "System/Motherboard" settings, deselect "Enable absolute pointing device" (unless you have one, such as a tablet). If your host machine supports it, select "Enable PAE/NX" under "System/Processor" settings. Under "Storage" settings, make sure that the CD/DVD drive is empty. Under "USB" settings, deselect "Enable USB Controller" (for security). Now run the VM again to make sure that it still works. You can click "Devices" and "Install Guest Additions" if you like. VirtualBox Networking Options Play with the adaptor options under "Network" settings. Under "Advanced", the default adaptor type is "Intel PRO/1000 MT Desktop". Don't change that unless you know why you want to. You can also edit the MAC address, and configure port forwarding. But not now. By default, the adaptor is attached to "NAT", which means that it's NATed to the active host adaptor, using VirtualBox's built-in DHCP server. That is, the VM is firewalled. It can access LAN (and the Internet, if it's available via LAN) but will not accept incoming connections. Another option is attaching it to "Internal Network". If the VM is a router/firewall (such as pfSense or OpenWRT) which has two network adaptors, you can attach one to host LAN via NAT, and the second to an internal network. That way, you can route traffic from host LAN through the VM to the internal network. By default, all VMs on that network I'll say more about that in the sections on pfSense and Tor gateway VMs. A third option is attaching it to "Bridged Adapter". If you select the active host adaptor, the VM will have the same local IP address and connectivity as the host machine. You can also bridge to another host network adaptor, and put the VM on a different LAN. If the VM is a router/firewall (such as pfSense or OpenWRT) which has two network adaptors, you can attach one to host LAN ("input LAN") via NAT, and bridge the second to another LAN ("output LAN"). That way, you can route traffic from input LAN through the VM to output LAN. I'll say more about that in the section on pfSense and Tor gateway VMs. The fourth option is attaching it to "Host-only Adapter". That creates a virtual network adaptor on the host, and connects it and the VM to an internal network. If the VM is a router/firewall (such as pfSense or OpenWRT) which has two network adaptors, you can bridge one to LAN, and attach the second to the host-only adaptor. That way, you can route traffic from LAN through the VM to the host machine. I'll say more about that in the section on pfSense and Tor gateway VMs. Edit1: I fixed an error about making "VM name and hostname the same," I was testing the install steps in a VM, and had a brain fog attack. Edit2: I added sections on VirtualBox installation, creating a test VM, and VirtualBox networking options. Creating pfSense VMs will be next (in another topic).