eBox Bundles Network Services in a Friendly Package
"A very complex technology to make network management simple." That's what the developers of the eBox platform promise small and medium sized organizations, and it's certainly an attractive idea.
It starts from the premise that all the software you need to run a network is available as open-source, but that getting all that software configured and running together can be quite tricky. So what if there was a management application with a simple web-based GUI that could install all the necessary software and do all the configuration and integration for you with just a handful of mouse clicks?
The eBox platform is designed to do exactly that, allowing "non-expert" administrators to configure and run network services including:
- file sharing
- content filter
- mail server and e-mail hygiene
- NTP server
- DHCP server
- printer server
- user management
- Jabber instant messaging server
on a server running Ubuntu.
The good news is that the eBox platform is completely open-source, licensed under the GPL and free to download, with an active community developing it and driving the project forward. The open-source software it controls includes:
OpenLDAP and Samba for user management (eBox also includes a primary domain controller to allow Windows machines to authenticate). Samba and CUPS for file and printer sharing and backup on a Window network. Postfix, SpamAssassin, ClamAV and Jabber to run an e-mail server with anti-spam and anti-virus software and a corporate Jabber-based instant messaging system. Squid, Dansguardian, Netfilter/Iptables and Iproute2 to run a firewall, with packet filtering, traffic shaping, and web content filtering. ISC DHCP, NTP. BIND, Apache, OpenSSL and OpenVPN to run network services like DHCP, DNS and NTP, a web server, and a VPN to connect roaming users to the network or to connect two office networks together.
eBox is built in a modular fashion, so it is only necessary to install the modules controlling the services you are interested in running.
To get an idea of how eBox can simplify what would otherwise be fairly complicated configuration routines, let's take the example of OpenVPN, the open source VPN system which is famously tricky to set up manually .
The first step is to create a couple of certificates, which is handled by eBox's Certificate Manager module. All that's needed is to fill in a couple of text boxes and click on the "Issue" button to issue the appropriate certificates.
Then it's on to the VPN module to set up OpenVPN. (Thanks to the integration and error handling built in to eBox, if you try to set up OpenVPN without first setting up the certificates you need you'll be directed to the Certificate Manager module before you can go any further.) Setting up the eBox machine as an OpenVPN server is a simple matter of providing a few details such as a port number and subnet to work on and adding checks to a handful of options (such as allowing client-to-client connections, or eBox-to-eBox tunnels) if you want to activate them.
To make things even easier, eBox creates Linux (and OS X) or Windows bundles which can be used to install OpenVPN client software plus all the necessary configuration files onto the external computers which you want to be able to use the VPN.
And that's pretty much it. eBox completely shields the administrator from the underlying OpenVPN software, making configuration deceptively simple. Each time you save the changes you have made in the eBox GUI, the configuration changes are made to the underlying applications or services which are then restarted.
This simplicity does come at a cost, however: eBox doesn't provide control over every configuration parameter that an application or service offers, and this could be frustrating to experienced administrators. Having said that, eBox can be customized fairly easily to overcome this: the software is written in Perl, and modules can be modified or new modules added by anyone with appropriate skills.
Firstly, eBox is a free management application which runs on an Ubuntu server, while both Smoothwall and Astaro offer paid-for standalone appliances and charge annual subscriptions. And while eBox offers some security features, the emphasis is more on network services than security. (For example, it does not include an intrusion detection module whereas both Smoothwall and Astaro use Snort to provide this type of security.)
The main downside to eBox is its poor documentation. There's a developers guide, a user's guide and an installation guide, but these have been translated from Spanish into fairly basic English. Here's an example: "It may be needed to route explicitly traffic by a certain gateway, to do so, you should use the multigateway rules which mark the packets to be delivered through the gateway selected." This isn't intended to be a criticism of the volunteers who give their time to translate the document - but it's worth bearing in mind because reading software documentation can be a struggle at the best of times, and poor English only compounds the difficulty.
If you are interested in trying eBox out you can install the packages on an existing Ubuntu box from Synaptic, or download the eBox installer, which installs Ubuntu Hardy Heron plus eBox and all its dependencies onto a bare machine. There's also an eBox live CD which enables you to test out eBox without installing any software.