Apr 17 2011
Cloud experiment: Minecraft
I have two young boys who are addicted to Minecraft. They wake up in the morning, log onto a Minecraft server, play as long as we’ll let them and then get back onto the servers as soon as we’ll let them. I was a little concerned at first because I really didn’t know much about the game, but I discovered I had several adult friends in the security community who were also playing the game, so I was willing to let the boys play on a system a friend runs. I don’t know about you, but it makes me feel a lot better about letting my kids play online when I know I can contact the administrator with a quick phone call or email.
Playing on someone else’s server is fun for the boys, but since Minecraft is a game of mining resources and constructing almost anything you can imagine, an eventual request came to build the boys their own server. Minecraft isn’t very resource intensive, it’s a Java based program that runs pretty decently on a low end server, at least if you only have two or three people using the server at a time. Since, like most geeks, I have several computers that are running 24/7 and have some spare memory, I was able to throw up our own home Minecraft server without too many problems. And as Minecraft has matured and added plugins, I could give the boys additional capabilities and superuser access so they can give themselves whatever resources they want to build anything they want. This kept them happy for a little while and gave me something to hold over their heads to get their homework done. It’s a lot easier to deny them access to the server when you can shut it down in a couple of seconds.
The next step came when the boys told their cousin about Minecraft and he started playing as well. It’s a community game and they often play together on public servers, but the lure of having superuser accounts and just having control of their environment with their cousin was strong. So the continuing plea of ‘Dad, can we make our Minecraft server public?” started. With the continued reply of “No.” to go with it. They tried several tactics, such as explaining the white and black listing capabilities of Minecraft, offering their cousin’s server instead if I’d tell them how to make it public, as well as several other plans that only a pre-teen could come up with. All of which were still denied.
It’s not that I don’t want my sons to have their own Minecraft server, it’s just that the security of my home network is more important to me than them playing a game that necessitates poking a hole in my network to the outside world. I’m a security professional and I know that despite that, I don’t know enough to lock down any program with 100% certainty once I’ve opened it up to the Internet. I do not currently allow any services to be served to the Internet from my home network and I have no intentions of changing that in the near future. I’ve also had several discussions that lead me to believe that while Minecraft doesn’t have any currently know publicly exploitable vulnerabilities, security is not a major concern of the developers and it’s only a matter of time before someone turns their full attention to rectifying the lack of exploits. Especially considering how popular Minecraft has become.
I’m the kind of father who wants to give their kids as many geek toys as he can, first to test my own abilities and second to give them something to stretch their own capabilities. Or perhaps it’s the other way around. In either case, I wanted to give my kids what they wanted, a publicly accessible Minecraft server that was not part of my home network and did not put any of my resources at risk, however minor. Which is when I realized I had a technology I’ve been meaning to learn more about and was just looking for an excuse to play with: the Cloud! I’ve been remiss in my duties as a geek and security professional in that I’d been reading about Cloud technologies, I’ve been listening to what others have to say and I’ve even given a talk about PCI in the Cloud, but I’d never actually signed up for a cloud service and created my own server because I didn’t have a real use for one. Setting up a Minecraft server on Amazon’s EC2 this weekend became the perfect solution to both issues, giving the boys a Minecraft server that I didn’t care who connected to and giving me a chance to stretch a little and learn more about the technology that is on everyone’s lips this year (and probably the next several)
I’ll be honest, one of the things that made this easy is that I found a step by step guide to creating a Minecraft server on the Minecraft forums. I’m including a copy of the guide in the extended post because I don’t want to take the chance of losing the information if something happens on the forums, an old habit of mine. I’ll add a few of my own notes to it as well. This was a huge help and probably cut my installation time by 3/4.
Signing up for all the Amazon Web Services was easy and only took about 30 minutes. I needed to sign up for these in any case for another project, but that’s someone else’s tale to tell when he’s ready. From that point on, the guide was spot on. I don’t think it was more than 30 minutes later that I had the boys personal Minecraft server up and running. As suggested, I chose a small, spot request instance of the default Linux installation, reserved an Elastic IP address, associated it and the server was up and running. I performed a few additional steps, like installing Bukkit and half a dozen plugins that the boys requested. Most of it was as easy as using wget to pull first bukkit and then the plugins and restarting server. I did have one minor problem in that one of the plugins was being hosted on a server using HTTPS and I had to modify the wget parameters, but that’s relatively minor to overcome.
I’ve been running our Minecraft server on Amazon’s EC2 for about 24 hours now. I made it clear to the boys that this server is only going to be up when evenings and weekends, which turns out to be a good thing. It’s not a huge cost, but in the past day this installation of Minecraft has cost me approximately $1.50 to run at a fairly low load, which could quickly add up to $40-50 or more per month. If there were more people using it, if their cousin actually had a full Minecraft account and could play with them, and if I didn’t already have a Minecraft server running on the home network, I might be willing to pay that, but for the most part they’re going to have to live with the server only being available when I say it is. I’m not an authoritarian … wait, no scratch that. When it comes to my kids, yes, I am the authorities and my wife lets me say so.
All in all, this was a worthwhile project; it gave me some experience with the Cloud and specifically AWS. I walked the kids through some sections of the installation, which taught us all a few lessons. They get a Minecraft server they can share with their cousin and friends, without my having to open my network or pay an arm and a leg. But I am realizing that it’s important to watch your Cloud instances or you’re going to end up paying a lot more than you thought very quickly.
by joe9439 ยป Wed Mar 16, 2011 12:53 am
couple weeks with just a couple of friends. I wanted to share my
knowledge about running a server on Amazon EC2. It’s really a great tool
for hosting Minecraft. Take my tutorial for what it is, a general
guideline. I’m by no mean a linux master.
Several advantages:
- no long term server commitment – pay as you go
- easily scalable – shut a server down and reboot it with more processing power and ram within minutes
-
save money – You can host a server just in the evenings or weekends
with your friends and not have to pay to run it 24/7 unless you chose
to.
- plenty of bandwidth – if you’re like me you’re limited to less
than half a megabit upstream at home which makes hosting a server
pretty much out of the question.
- easy backups – save your world easily anytime you choose into bootable server images.
- quick provisioning – get a server running within seconds or minutes.
I. Register for Amazon EC2
1. Go to aws.amazon.com and make an account.
2.
Read over all appropriate charges that you will incur. You’ll be
charged for bandwidth, disk io, the server itself, ebs volumes, etc.
There is a free tier for new customers but you will probably incur some
extra charges outside of that tier.
3. Understand pricing structure of EC2 servers. There are 3 pricing tiers. Servers are charged per hour of usage.
On Demand: Most expensive but pay as you go and guaranteed server time. Set up within seconds usually.
Reserved: Same as on demand but you pay for access to lower prices for 1 or 3 years with a one time fee.
Spot:
(what i generally use) based on bid for unused servers. Cheapest prices
of all. Set a maximum price you’re wiling to pay for server time and a
server is obtained through a bidding process. Usually costs 1/3 of price
of on demand instances. If current bid prices rises above your maximum
bid your server will be shut down and your data will be lost. I usually
bid 5x more than the current bid rate just to be safe. Your bid price
doesn’t effect the market price you will pay. So if you bid $1.00 an
hour and the market price was .30 you would still pay .30. If the price
per hour spiked to .50 briefly you’re server would still be running
since your maximum bid is high enough.
Spot instances can take a few minutes to set up whereas on demand and reserved generally take just a few seconds.
Typical server prices per hour for linux. As of March 2011.
Players per server instance type is an estimate and not a tested value.
Micro – don’t use. Too slow in my experience even for 2 people.
32 bit instances
Small – up to 10 players
On demand: .085
Reserved: .03
Spot: .029-.031
Medium – up to 25 players
On demand: .17
Reserved: .06
Spot: .057-.063
64 bit instances
Large – unsure 75-100 players?
On demand: .34
Reserved: .12
Spot: .114-.125
Extra Large – 200 players?
On demand: .68
Reserved: .24
Spot: .231-1.00
II. Creating and setting up server
1. Create security group.
A. Navigate to security groups under ec2 in the aws console.
B. Create new group with name like minecraft so you know what it applies to.
C. Allow TCP Ports 22 and 25565 with source 0.0.0.0/0 on both.
2. Get elastic IP – Navigate to elastic IPs under ec2 and allocate new address.
3.
Create a key pair – ec2 servers don’t accept passwords to login via
ssh. You will need to create a key pair for use when logging in. Name
the key pair and download the file to somewhere you know where it is
like your desktop.
4. Create instance.
A. Determine how
many players you will want on your server. If more than 25 players will
generally be playing you will probably want a 64 bit server. If its a
small group of people go with 32 bit.
B. Go to the ec2 dashboard and
click “create instance” I generally use the basic amazon 32 bit AMI for
my server so that’s what I would recommend. Again, use 64 bit if you’re
planning on running a larger server. By using 64 bit, though, you won’t
have access to the cheaper small and medium tiers should you chose to
downsize your server at a later date. You want to chose an AMI with EBS
since EBS is persistent, meaning if your server reboots for any reason
your data will still be there.
C. Chose your instance type and
payment method. I would suggest requesting a spot instance since it’s
MUCH cheaper. Just set a bid at 3-5x the current price and you should be
pretty well protected if the current price fluctuates any.
D. Use default kernel and disk id
E.
On the next step next to name just put in a name that will easily
identify your server. This is just incase you have multiple servers
running you can identify which is which.
F. Select your existing minecraft key pair you set up earlier as well as your minecraft security group.
G. Launch instance
H. After your instance is running go to elastic IP page and associate elastic IP with the instance
5. Log into instance
Windows
A. Download Putty
B. Enter your elastic IP
C. use keygen which is included in the putty install to change .pem into the putty format .ppk. /*Note, it’s PuttyGen with the Windows installation of PuTTy*/
D. Associate the key with putty under shh and security options.
E. Connect
Mac
A. Open terminal
B.
Navigate to the directory with the key pair file you downloaded
earlier. To do this type in cd and then the directory. (ex. “cd desktop”
for desktop)
C. Type “ls” to list files on your desktop or other folder
D. Type “chmod 400 yourkeyname.pem”
E.
Go to AWS management and view your running instance. Right click on it
and click connect. Under the prompt that comes up copy and paste the
text displayed under “enter the following command line”. It should look
something like this “ssh -i macminecraft.pem
root@ec2-50-17-202-58.compute-1.amazonaws.com”. Change the root right
before the @ symbol to ec2-user. Copy and paste this into the terminal.
F. You should be connected through ssh in your terminal at this point.
6. Setting up Minecraft on the server
I’m using the 32bit Amazon AMI. I’m not sure how this differs on different AMIs.
A. In terminal/putty type “wget http://www.minecraft.net/download/minecraft_server.jar”
B. To run server enter “java -Xmx1024M -Xms1024M -jar minecraft_server.jar nogui”
C. You should now be able to connect to your server using your elastic IP
/* I installed Bukkit, which changes the startup script needed. You can find the full installation guide for Bukkit on the wiki */
/* You will have to leave an SSH window open with Minecraft running. There’s some discussion in the mailing list of how to do this. I didn’t want to have it as a background process, since it’s harder to interact with */
7. Saving server/backing up server
Saving
a server in its current state is really easy in ec2 and is one of the
reasons i love ec2 so much. If you don’t want to pay to run a server
when you and your friends aren’t on then don’t. It gives you complete
control.
Simply right click on a running instance and click
“create image (EBS AMI)”. When your server is saved into an AMI it can
be started easily at the that point. Once you’re AMI is created it’s
safe to terminate your instance. Your data is safe.
To launch a
previously saved AMI navigate to AMIs and right click “launch instance”
and your server will pick up where it left off.
Tips:
- you can not boot from a snapshot. Always save as an AMI.
-
always release your elastic IP address after you shut down your server
or you’ll be charged .01 per hour for an unassociated IP. You could
decide to keep the IP of course if you didn’t want to distribute a new
one everytime you started a server.
Credit: This man is awesome http://www.youtube.com/watch?v=x-3BEcNrhuQ
Now you know how to do it. I don’t want to see anyone else using Hamachi!!!
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
A couple of comments. First, there are several hosting companies out there that will host a Minecraft server for a fixed coast that is much less than the 40-50 you might be looking at with EC2. One that has come recommended to me is MinecraftBox.net (http://www.minecraftbox.com/); their lowest tier (up to 5 players) is only 6 bucks a month and has a Mumble voice server built in. As much as I enjoyed setting up my own EC2 service, I realized I couldn’t compete with hosted solutions especially when you consider bandwidth costs.
Second, in the guide byu joe9439, he suggests using elastic IPs to access the server. This is a nice way of doing things if you require a constant IP (which he won’t have anyways as he suggests releasing it after each use), but Minecraft will accept host names in the IP box instead of just an IP. Knowing this, I set my server to use DynDNS (via ddclient) and just distributed the DynDNS host name.
Thanks for the information Enekk. I’ll take a look at MinecraftBox.
I like the solution of using an elastic IP while I’m learning EC2, but I agree, it’s not necessary long term.
Thanks again for the feedback. – M
Not a Minecraft player or anything so if I’m misunderstanding how the server piece works (or if this suggestion is already part of the mailing list discussion), I apologize…but a quick *nix tip to avoid leaving an SSH session open: use screen (http://www.gnu.org/software/screen/). You can open a screen session from your SSH connection, open minecraft, disconnect the screen session, and close your SSH session. The app isn’t running in the background, and can be accessed from a new SSH session in the future by reattaching the screen session.
Hi, I’m so glad I found your post on this issue. My son is nine years old and loves to play Minecraft like your boys. I too use it to make sure his grades stay up and his homework is done. He is tired of playing by himself and has been begging me to find a server to play on. No one in the house is really interested in playing. My husband is a security analyst for HP but likes to play Second Life. He has an OpenSim server that is only on our home network.
I don’t feel it is safe to let him play just anywhere. He has friends at school that I could get on a server. At least I now know where to start.
Carrie,
Glad this was helpful. We’re taking the boys to MineCon next month, it’s their birthday and Christmas presents combined.
My eldest is asking to install Hamachi on a server since that’s the easiest way to create a VPN between the two systems. I’m not a big fan of the idea as a security professional.
Martin
Thank you for this post. My 13yr. old son has been hosting a server for approximately a year now for a himself and a about 8 of his friends, and I have trusted him that he knew what he was doing and that he did all the necessary research needed to not expose himself, or our family to any security problems. Well…this morning at breakfast he said, “I made my server public last night on a gaming blog and had over 20 people on my server and it was so much fun.” I nearly had a heart attack!!! He has been begging me to make it public for months and I told him he could only let friends play on it until I did some further research to find out how he could make it public securely and if I needed to purchase anything for security purposes. After the heart attack…lol, I started searching the web for help on what to do and came across your post. It was very informative but I would love to be able to chat with you about some of my questions. Is that possible? Thanks so much for taking the time to write this article.
Thanks for the post, but much of it is over my head. We are a “mac” household and my son has been playing on a public server with friends from school. What exactly are the risks of him doing this and is there anyway for him to continue without putting our system at risk?
Appreciate any feedback.
I don’t know of any vulnerabilities in MineCraft that would allow someone to attack a player through a MineCraft server at this time. I’d be more worried about some of the sites your son may be browsing in order to learn about the game. As long as your family is using safe browsing practices, such as keeping your browser and operating systems up to date, you shouldn’t have too much to worry about.
http://www.staysafeonline.org/
Martin
Hi
I was also interested in finding out what risks there are to home computer security by playing on a server. My son has a friend with a whitelisted server. He claims this is safe but as our knowledge is limited in this area, we are not so sure. I have read that if you are the owner of a server there may be security holes, what if you are simply playing on a server?
Would appreciate some advice. Thanks
There isn’t any great risk to simply playing on a server.
Great information, mostly over my head!
What if I simply take my son’s laptop off the Home Network, will that keep our other laptops safe in case his server is hacked?
Download And Enjoy Minecraft Mine Today And You Will Turn into a Enthusiast right away
If you are a computer and also game lover then minecraft my very own is one
thing you should try the hands out. At first written in Espresso by creator
Markus “Notch” Persson, minecraft is now readily designed for PC as well as
Android mobile phone. Such is the interest in the game that you will be connected in no time.
Several a long time will certainly pass and you will not recognize that you’ve also ended up actively enjoying this sandbox online video sport. Minecraft downloads available have become available for many – Windows, Mac as well as Linux.
My 13 year old twin boys have been asking the same thing. Been playing on public and friends servers for a few years, and they have been asking for their own server…which I refused, until just today they came to me with http://www.gizmoservers.com/ since one of their friends has had success with that server. I want them to have control over their server, but like you said, keep my system safe.
Your post was super-helpful! I think we’ll try out gizmos on a month-to-month basis and see how it pans out (24/7 access for up to 18 people, bukkit support and addins for $12.00 seems good to me). I like the idea of consistent billing and only a month-to-month commitment…but I’ll update here if I find any down side!
Im 13 years old and want my own minecraft server is there a way to convince my mom to let em have one so far she has said no because of security issues and peolpe hacking our home network is there a way to avoid that?
Please help