Apr 17 2011

Cloud experiment: Minecraft

Published by at 7:29 am under Cloud,Family,Linux

I have two young boys who are addicted to Minecraft.  They wake up in the morning, log onto a Minecraft server, play as long as we’ll let them and then get back onto the servers as soon as we’ll let them.  I was a little concerned at first because I really didn’t know much about the game, but I discovered I had several adult friends in the security community who were also playing the game, so I was willing to let the boys play on a system a friend runs.  I don’t know about you, but it makes me feel a lot better about letting my kids play online when I know I can contact the administrator with a quick phone call or email.

Playing on someone else’s server is fun for the boys, but since Minecraft is a game of mining resources and constructing almost anything you can imagine, an eventual request came to build the boys their own server.  Minecraft isn’t very resource intensive, it’s a Java based program that runs pretty decently on a low end server, at least if you only have two or three people using the server at a time.  Since, like most geeks, I have several computers that are running 24/7 and have some spare memory, I was able to throw up our own home Minecraft server without too many problems.  And as Minecraft has matured and added plugins, I could give the boys additional capabilities and superuser access so they can give themselves whatever resources they want to build anything they want.  This kept them happy for a little while and gave me something to hold over their heads to get their homework done.  It’s a lot easier to deny them access to the server when you can shut it down in a couple of seconds.

The next step came when the boys told their cousin about Minecraft and he started playing as well. It’s a community game and they often play together on public servers, but the lure of having superuser accounts and just having control of their environment with their cousin was strong.  So the continuing plea of ‘Dad, can we make our Minecraft server public?” started.  With the continued reply of “No.” to go with it.  They tried several tactics, such as explaining the white and black listing capabilities of Minecraft, offering their cousin’s server instead if I’d tell them how to make it public, as well as several other plans that only a pre-teen could come up with.  All of which were still denied.

It’s not that I don’t want my sons to have their own Minecraft server, it’s just that the security of my home network is more important to me than them playing a game that necessitates poking a hole in my network to the outside world.  I’m a security professional and I know that despite that, I don’t know enough to lock down any program with 100% certainty once I’ve opened it up to the Internet.  I do not currently allow any services to be served to the Internet from my home network and I have no intentions of changing that in the near future.  I’ve also had several discussions that lead me to believe that while Minecraft doesn’t have any currently know publicly exploitable vulnerabilities, security is not a major concern of the developers and it’s only a matter of time before someone turns their full attention to rectifying the lack of exploits.  Especially considering how popular Minecraft has become.

I’m the kind of father who wants to give their kids as many geek toys as he can, first to test my own abilities and second to give them something to stretch their own capabilities.  Or perhaps it’s the other way around.  In either case, I wanted to give my kids what they wanted, a publicly accessible Minecraft server that was not part of my home network and did not put any of my resources at risk, however minor.  Which is when I realized I had a technology I’ve been meaning to learn more about and was just looking for an excuse to play with:  the Cloud!  I’ve been remiss in my duties as a geek and security professional in that I’d been reading about Cloud technologies, I’ve been listening to what others have to say and I’ve even given a talk about PCI in the Cloud, but I’d never actually signed up for a cloud service and created my own server because I didn’t have a real use for one.  Setting up a Minecraft server on Amazon’s EC2 this weekend became the perfect solution to both issues, giving the boys a Minecraft server that I didn’t care who connected to and giving me a chance to stretch a little and learn more about the technology that is on everyone’s lips this year (and probably the next several)

I’ll be honest, one of the things that made this easy is that I found a step by step guide to creating a Minecraft server on the Minecraft forums.  I’m including a copy of the guide in the extended post because I don’t want to take the chance of losing the information if something happens on the forums, an old habit of mine.  I’ll add a few of my own notes to it as well.  This was a huge help and probably cut my installation time by 3/4.

Signing up for all the Amazon Web Services was easy and only took about 30 minutes.  I needed to sign up for these in any case for another project, but that’s someone else’s tale to tell when he’s ready.  From that point on, the guide was spot on.  I don’t think it was more than 30 minutes later that I had the boys personal Minecraft server up and running.  As suggested, I chose a small, spot request instance of the default Linux installation, reserved an Elastic IP address, associated it and the server was up and running.  I performed a few additional steps, like installing Bukkit and half a dozen plugins that the boys requested.  Most of it was as easy as using wget to pull first bukkit and then the plugins and restarting server.  I did have one minor problem in that one of the plugins was being hosted on a server using HTTPS and I had to modify the wget parameters, but that’s relatively minor to overcome.

I’ve been running our Minecraft server on Amazon’s EC2 for about 24 hours now.  I made it clear to the boys that this server is only going to be up when evenings and weekends, which turns out to be a good thing.  It’s not a huge cost, but in the past day this installation of Minecraft has cost me approximately $1.50 to run at a fairly low load, which could quickly add up to $40-50 or more per month.  If there were more people using it, if their cousin actually had a full Minecraft account and could play with them, and if I didn’t already have a Minecraft server running on the home network, I might be willing to pay that, but for the most part they’re going to have to live with the server only being available when I say it is.  I’m not an authoritarian … wait, no scratch that.  When it comes to my kids, yes, I am the authorities and my wife lets me say so.

All in all, this was a worthwhile project; it gave me some experience with the Cloud and specifically AWS.  I walked the kids through some sections of the installation, which taught us all a few lessons.  They get a Minecraft server they can share with their cousin and friends, without my having to open my network or pay an arm and a leg.  But I am realizing that it’s important to watch your Cloud instances or you’re going to end up paying a lot more than you thought very quickly.

Amazon EC2 Server Setup Guide

Postby joe9439 ยป Wed Mar 16, 2011 12:53 am

I’ve been running a small Minecraft server for a
couple weeks with just a couple of friends. I wanted to share my
knowledge about running a server on Amazon EC2. It’s really a great tool
for hosting Minecraft. Take my tutorial for what it is, a general
guideline. I’m by no mean a linux master.

Several advantages:
– no long term server commitment – pay as you go
– easily scalable – shut a server down and reboot it with more processing power and ram within minutes

save money – You can host a server just in the evenings or weekends
with your friends and not have to pay to run it 24/7 unless you chose
to.
– plenty of bandwidth – if you’re like me you’re limited to less
than half a megabit upstream at home which makes hosting a server
pretty much out of the question.
– easy backups – save your world easily anytime you choose into bootable server images.
– quick provisioning – get a server running within seconds or minutes.

I. Register for Amazon EC2

1. Go to aws.amazon.com and make an account.

2.
Read over all appropriate charges that you will incur. You’ll be
charged for bandwidth, disk io, the server itself, ebs volumes, etc.
There is a free tier for new customers but you will probably incur some
extra charges outside of that tier.

3. Understand pricing structure of EC2 servers. There are 3 pricing tiers. Servers are charged per hour of usage.

On Demand: Most expensive but pay as you go and guaranteed server time. Set up within seconds usually.

Reserved: Same as on demand but you pay for access to lower prices for 1 or 3 years with a one time fee.

Spot:
(what i generally use) based on bid for unused servers. Cheapest prices
of all. Set a maximum price you’re wiling to pay for server time and a
server is obtained through a bidding process. Usually costs 1/3 of price
of on demand instances. If current bid prices rises above your maximum
bid your server will be shut down and your data will be lost. I usually
bid 5x more than the current bid rate just to be safe. Your bid price
doesn’t effect the market price you will pay. So if you bid $1.00 an
hour and the market price was .30 you would still pay .30. If the price
per hour spiked to .50 briefly you’re server would still be running
since your maximum bid is high enough.

Spot instances can take a few minutes to set up whereas on demand and reserved generally take just a few seconds.

Typical server prices per hour for linux. As of March 2011.
Players per server instance type is an estimate and not a tested value.

Micro – don’t use. Too slow in my experience even for 2 people.

32 bit instances
Small – up to 10 players
On demand: .085
Reserved: .03
Spot: .029-.031

Medium – up to 25 players
On demand: .17
Reserved: .06
Spot: .057-.063

64 bit instances
Large – unsure 75-100 players?
On demand: .34
Reserved: .12
Spot: .114-.125

Extra Large – 200 players?
On demand: .68
Reserved: .24
Spot: .231-1.00

II. Creating and setting up server

1. Create security group.
A. Navigate to security groups under ec2 in the aws console.
B. Create new group with name like minecraft so you know what it applies to.
C. Allow TCP Ports 22 and 25565 with source 0.0.0.0/0 on both.

2. Get elastic IP – Navigate to elastic IPs under ec2 and allocate new address.

3.
Create a key pair – ec2 servers don’t accept passwords to login via
ssh. You will need to create a key pair for use when logging in. Name
the key pair and download the file to somewhere you know where it is
like your desktop.

4. Create instance.
A. Determine how
many players you will want on your server. If more than 25 players will
generally be playing you will probably want a 64 bit server. If its a
small group of people go with 32 bit.
B. Go to the ec2 dashboard and
click “create instance” I generally use the basic amazon 32 bit AMI for
my server so that’s what I would recommend. Again, use 64 bit if you’re
planning on running a larger server. By using 64 bit, though, you won’t
have access to the cheaper small and medium tiers should you chose to
downsize your server at a later date. You want to chose an AMI with EBS
since EBS is persistent, meaning if your server reboots for any reason
your data will still be there.
C. Chose your instance type and
payment method. I would suggest requesting a spot instance since it’s
MUCH cheaper. Just set a bid at 3-5x the current price and you should be
pretty well protected if the current price fluctuates any.
D. Use default kernel and disk id
E.
On the next step next to name just put in a name that will easily
identify your server. This is just incase you have multiple servers
running you can identify which is which.
F. Select your existing minecraft key pair you set up earlier as well as your minecraft security group.
G. Launch instance
H. After your instance is running go to elastic IP page and associate elastic IP with the instance

5. Log into instance
Windows
A. Download Putty
B. Enter your elastic IP
C. use keygen which is included in the putty install to change .pem into the putty format .ppk.  /*Note, it’s PuttyGen with the Windows installation of PuTTy*/
D. Associate the key with putty under shh and security options.
E. Connect

Mac
A. Open terminal
B.
Navigate to the directory with the key pair file you downloaded
earlier. To do this type in cd and then the directory. (ex. “cd desktop”
for desktop)
C. Type “ls” to list files on your desktop or other folder
D. Type “chmod 400 yourkeyname.pem”
E.
Go to AWS management and view your running instance. Right click on it
and click connect. Under the prompt that comes up copy and paste the
text displayed under “enter the following command line”. It should look
something like this “ssh -i macminecraft.pem
root@ec2-50-17-202-58.compute-1.amazonaws.com”. Change the root right
before the @ symbol to ec2-user. Copy and paste this into the terminal.
F. You should be connected through ssh in your terminal at this point.

6. Setting up Minecraft on the server
I’m using the 32bit Amazon AMI. I’m not sure how this differs on different AMIs.
A. In terminal/putty type “wget http://www.minecraft.net/download/minecraft_server.jar”
B. To run server enter “java -Xmx1024M -Xms1024M -jar minecraft_server.jar nogui”
C. You should now be able to connect to your server using your elastic IP

/* I installed Bukkit, which changes the startup script needed.  You can find the full installation guide for Bukkit on the wiki */
/* You will have to leave an SSH window open with Minecraft running.  There’s some discussion in the mailing list of how to do this.  I didn’t want to have it as a background process, since it’s harder to interact with */

7. Saving server/backing up server
Saving
a server in its current state is really easy in ec2 and is one of the
reasons i love ec2 so much. If you don’t want to pay to run a server
when you and your friends aren’t on then don’t. It gives you complete
control.

Simply right click on a running instance and click
“create image (EBS AMI)”. When your server is saved into an AMI it can
be started easily at the that point. Once you’re AMI is created it’s
safe to terminate your instance. Your data is safe.

To launch a
previously saved AMI navigate to AMIs and right click “launch instance”
and your server will pick up where it left off.

Tips:
– you can not boot from a snapshot. Always save as an AMI.

always release your elastic IP address after you shut down your server
or you’ll be charged .01 per hour for an unassociated IP. You could
decide to keep the IP of course if you didn’t want to distribute a new
one everytime you started a server.

Credit: This man is awesome http://www.youtube.com/watch?v=x-3BEcNrhuQ

Now you know how to do it. I don’t want to see anyone else using Hamachi!!!

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

25 responses so far

25 Responses to “Cloud experiment: Minecraft”

  1. Enekkon 17 Apr 2011 at 8:20 am

    A couple of comments. First, there are several hosting companies out there that will host a Minecraft server for a fixed coast that is much less than the 40-50 you might be looking at with EC2. One that has come recommended to me is MinecraftBox.net (http://www.minecraftbox.com/); their lowest tier (up to 5 players) is only 6 bucks a month and has a Mumble voice server built in. As much as I enjoyed setting up my own EC2 service, I realized I couldn’t compete with hosted solutions especially when you consider bandwidth costs.

    Second, in the guide byu joe9439, he suggests using elastic IPs to access the server. This is a nice way of doing things if you require a constant IP (which he won’t have anyways as he suggests releasing it after each use), but Minecraft will accept host names in the IP box instead of just an IP. Knowing this, I set my server to use DynDNS (via ddclient) and just distributed the DynDNS host name.

  2. Martinon 17 Apr 2011 at 8:50 am

    Thanks for the information Enekk. I’ll take a look at MinecraftBox.

    I like the solution of using an elastic IP while I’m learning EC2, but I agree, it’s not necessary long term.

    Thanks again for the feedback. – M

  3. ND Geekon 17 May 2011 at 7:04 am

    Not a Minecraft player or anything so if I’m misunderstanding how the server piece works (or if this suggestion is already part of the mailing list discussion), I apologize…but a quick *nix tip to avoid leaving an SSH session open: use screen (http://www.gnu.org/software/screen/). You can open a screen session from your SSH connection, open minecraft, disconnect the screen session, and close your SSH session. The app isn’t running in the background, and can be accessed from a new SSH session in the future by reattaching the screen session.

  4. Carrie Murpheyon 28 Oct 2011 at 2:03 pm

    Hi, I’m so glad I found your post on this issue. My son is nine years old and loves to play Minecraft like your boys. I too use it to make sure his grades stay up and his homework is done. He is tired of playing by himself and has been begging me to find a server to play on. No one in the house is really interested in playing. My husband is a security analyst for HP but likes to play Second Life. He has an OpenSim server that is only on our home network.

    I don’t feel it is safe to let him play just anywhere. He has friends at school that I could get on a server. At least I now know where to start.

  5. Martinon 28 Oct 2011 at 4:15 pm

    Carrie,

    Glad this was helpful. We’re taking the boys to MineCon next month, it’s their birthday and Christmas presents combined.

    My eldest is asking to install Hamachi on a server since that’s the easiest way to create a VPN between the two systems. I’m not a big fan of the idea as a security professional.

    Martin

  6. Cindi Barneson 11 Nov 2011 at 9:02 am

    Thank you for this post. My 13yr. old son has been hosting a server for approximately a year now for a himself and a about 8 of his friends, and I have trusted him that he knew what he was doing and that he did all the necessary research needed to not expose himself, or our family to any security problems. Well…this morning at breakfast he said, “I made my server public last night on a gaming blog and had over 20 people on my server and it was so much fun.” I nearly had a heart attack!!! He has been begging me to make it public for months and I told him he could only let friends play on it until I did some further research to find out how he could make it public securely and if I needed to purchase anything for security purposes. After the heart attack…lol, I started searching the web for help on what to do and came across your post. It was very informative but I would love to be able to chat with you about some of my questions. Is that possible? Thanks so much for taking the time to write this article.

  7. Micheleon 14 Nov 2011 at 8:11 pm

    Thanks for the post, but much of it is over my head. We are a “mac” household and my son has been playing on a public server with friends from school. What exactly are the risks of him doing this and is there anyway for him to continue without putting our system at risk?
    Appreciate any feedback.

  8. Martinon 15 Nov 2011 at 6:55 am

    I don’t know of any vulnerabilities in MineCraft that would allow someone to attack a player through a MineCraft server at this time. I’d be more worried about some of the sites your son may be browsing in order to learn about the game. As long as your family is using safe browsing practices, such as keeping your browser and operating systems up to date, you shouldn’t have too much to worry about.

    http://www.staysafeonline.org/

    Martin

  9. GSon 21 Dec 2011 at 12:29 am

    Hi
    I was also interested in finding out what risks there are to home computer security by playing on a server. My son has a friend with a whitelisted server. He claims this is safe but as our knowledge is limited in this area, we are not so sure. I have read that if you are the owner of a server there may be security holes, what if you are simply playing on a server?
    Would appreciate some advice. Thanks

  10. huh.on 11 Jul 2012 at 9:03 am

    There isn’t any great risk to simply playing on a server.

  11. Leson 15 Oct 2012 at 9:06 am

    Great information, mostly over my head!
    What if I simply take my son’s laptop off the Home Network, will that keep our other laptops safe in case his server is hacked?

  12. minecraft forums online serverson 14 Nov 2012 at 11:59 pm

    Download And Enjoy Minecraft Mine Today And You Will Turn into a Enthusiast right away

    If you are a computer and also game lover then minecraft my very own is one
    thing you should try the hands out. At first written in Espresso by creator
    Markus “Notch” Persson, minecraft is now readily designed for PC as well as
    Android mobile phone. Such is the interest in the game that you will be connected in no time.
    Several a long time will certainly pass and you will not recognize that you’ve also ended up actively enjoying this sandbox online video sport. Minecraft downloads available have become available for many – Windows, Mac as well as Linux.

  13. MicheleOnlineon 17 Nov 2012 at 9:30 am

    My 13 year old twin boys have been asking the same thing. Been playing on public and friends servers for a few years, and they have been asking for their own server…which I refused, until just today they came to me with http://www.gizmoservers.com/ since one of their friends has had success with that server. I want them to have control over their server, but like you said, keep my system safe.

    Your post was super-helpful! I think we’ll try out gizmos on a month-to-month basis and see how it pans out (24/7 access for up to 18 people, bukkit support and addins for $12.00 seems good to me). I like the idea of consistent billing and only a month-to-month commitment…but I’ll update here if I find any down side!

  14. Cbjon 11 Feb 2013 at 1:04 pm

    Im 13 years old and want my own minecraft server is there a way to convince my mom to let em have one so far she has said no because of security issues and peolpe hacking our home network is there a way to avoid that?
    Please help

  15. Ryanon 16 Oct 2013 at 7:52 pm

    Im 12 years old, owned 9 servers in the past (Mostly bungeed to each other) and I am just saying- Letting a kid own a minecraft server will teach them responsibility. I have actually made money off of my servers in the past and after about a month of uptime they were paying for themselves and I would always have enough money to upgrade them. But hosting a minecraft server is dangerous if its on your own connection. I bought mine from fluticshosting and god Ddosed multiple times by some angry kid who got banned for hacking, cheating, exploiting and breaking manny rules. After 2 months of playing I was having fun creating my own plugins, dealing with the issues of the server (which can teach kids problem solving skills) And dealing with the issues isn’t always a pain! I would need to double check my permissions folder to make sure there wasn’t even one tiny error in this 5000 word file. That has taught me to double check schoolwork and stuff like that. Owning a minecraft server can teach you lots of skills from coding to art to web design. In a minecraft server if your server doesn’t look nice, people wont play it. If you have errors in it, people wont play it. But you need to teach your kids about the minges and trolls of minecraft. It is too easy to hack minecraft, but theres a solution to that. Its a plugin. But you will need to invesitgate when you think someone is Xray hacking. Teach your kids not to EVER give /op to anyone. Trust me… I know. 90% of the people asking for /op are there to mess up your server. I learned that lesson on my first server, where I didn’t even have backups. (Another reason to go with flutics, easy backups) A guy changed my world into lava. But from that I have learned. It will teach your child life skills that are needed to be have great success in life, it is true that 90% of new servers drop out within the first month because of how complicating it is to get it working. By the seccond year of your child owning server(s) they will probably already be coding their own little java plugins. But you need to be careful with the transactions that you make with your server (Making someone pay for in game items, or abilities.) If you do allow your child to get money off of it, make sure it all goes where they promised. Also a good thing to do is before making a transaction over $25 ask to join a skype call with a parent/guarding to confirm the child has permission. My friend owned a server and got a $500 donation, spent it all on upgrades then found in his paypal the next day he was at -500$ because a stolen credit card was used.

    This may be useful for picking out a server for your child

    25-30 Players on, constant: Cost: Around $30 per month, 2gb of ram needed
    1-10 Players on, constant Cost: Around $6 per month, 500-700 mb of ram needed
    The one above is usually the logical thing to start out with- and work your way up. Your child at first will probably struggle to keep the server at a constant 5 people (I did at first) then half a year in will learn the tricks and make it nicer and get a constant 30 on.
    30-50 Players on, constant 4 Gb of ram needed, about $40 a month
    50+ Players on, constant will cost you about $60. I know a guy that has a constant 1500 on and payes about 1000 per month. But he makes it all back in donations. Look up woodycraft.net

  16. Martinon 16 Oct 2013 at 9:29 pm

    Ryan,

    Thank you for the excellent comment. I agree with all your comments about how owning a minecraft server can teach responsibility to a teen, but when I created the server for my kids, that wasn’t quite my goal. My goal was actually to teach myself something about how to use Amazon AWS and documenting the experience. I work in computer security and wanted to know how to use Amazon’s cloud services as well as creating a step by step guide, something I hadn’t done in quite some time.

    My children could probably use some experience growing up and if they show interest in setting up some other sort of server, I might let them now. They still play minecraft from time to time, but mostly on a friend’s server back in California.

    Thanks again for the comment Ryan.

    Martin

  17. Abhishekon 08 Nov 2013 at 7:03 am

    Great explaination.
    I was able to deploy minecraft application in Jelastic cloud and this article helped to understand the depth-
    http://blog.jelastic.com/2012/11/08/play-minecraft-in-the-cloud/

  18. Someoneon 09 Sep 2014 at 12:05 pm

    I have a different problem. My school doesn’t allow us to go on servers because it opens up the network to potential security risks. Is there any way to fix this so kids like me can play on servers with the schools permission? If so, I’d thank you very much.

  19. Martinon 09 Sep 2014 at 10:06 pm

    There are minimal security problems with running a plain, vanilla install of Minecraft on a local server, or even when connecting to the same on a remote server. But when you start implementing all the mods that can make a minecraft server really fun, this becomes less and less true. I haven’t heard of anyone actually being compromised because of a rogue mod, but that doesn’t mean it won’t happen.

    The real issue your school is probably worried about is simply the administration of their systems. They don’t have the time to understand minecraft and I don’t blame them. Sorry, but you’re going to have to live within their constraints and play MC when you get home.

  20. Someoneon 18 Sep 2014 at 3:55 am

    Here is the thing; I have told my school about the problem and they have told me it has to do with just security and that if I find a way around the security, they will change it. I do not use any mods. If there is any way to do it and it can be done, they will fix it.

  21. Someoneon 18 Sep 2014 at 4:53 am

    My school will fix it if it can be done. Minecraft servers come from port 433. If you can help, that would be great. I just need to find a way to make there be no security problems.

  22. Someoneon 18 Sep 2014 at 4:55 am

    My school will fix it if it can be done. Minecraft servers come from port 433. If you can help, that would be great. I just need to find a way to make there be no security problems. Thanks.

  23. Someoneon 18 Sep 2014 at 5:30 am

    The thing is that my school only cares about security. We just need to figure out how to make it secure. If you can figure that out, I can play again. Thanks.

  24. Hi.on 18 Sep 2014 at 5:49 am

    This is Someone. My school doesn’t care about that stuff. My school only cares about security.

  25. Hi.on 18 Sep 2014 at 3:51 pm

    This is Someone. My school doesn’t care about that stuff. My school only cares about security. Thanks.

Trackback URI | Comments RSS

Leave a Reply

%d bloggers like this: