Friday, July 25, 2008
Another PBX option and Network Mangement
When I came across that link I also noticed a PBX comparison:
Trixbox vs PBX in a flash vs Elastix
Elastix was a new one for me. The limited reviews I have read are very positive. I may want to put that into consideration.
Network monitoring is going to be a by-product of running this server. I have never really looked at what the monitoring options are but as it turns out there are a plethora of options. What started this? I saw this headline popup in my RSS reader: Network Monitoring with Zenoss: A Reluctant Administrator's Guide
It looks like OpenNMS, Zabbix, Hyperic, Pandora FMS, Argus, Collectl and Opensmart are just some of the solutions. All I know is I want something simple to install and use.
Wednesday, July 23, 2008
What Got It All Started
After doing a little research, it become pretty clear getting my hands on the Swedish Bubba Server would not be easy since they did not have a United States distributor and the currency exchange rate made purchasing a unit from a UK based supplier prohibitive. After learning this it begged the the question, could I make something similar at a lower coat and learn something in the process?
Today I was reviewing what applications the Bubba Server is running and learned they are now selling the second generation of the Bubba which unimaginatively is named the Bubba Two. Specs have beefed up:
SERVICES | BUBBA|TWO |
---|---|
Downloader (HTTP, FTP, TORRENT) | |
Itunes music streaming (Firefly/DAAP/Soundbridge) | |
UPnP media streaming (Mediatomb) | |
Squeezebox Streaming (Slimserver/Squeeze center) | Future firmware upgrade |
File server (HTTP, Samba, FTP, SCP) | |
Web server | (Lighthttpd) |
Webmail client | (Horde) |
Email Server (Dovecot, Postfix) | |
Fetchmail Server (Fetchmail) | |
Printer Server (Cups) | |
SSH connetion to internal Linux | |
Linux 2.6 + Debian Etch | |
Firewall | |
Router | |
Wireless access point | Planned |
DNS server | |
DHCP server | |
RAID 1 support with external eSATA disk(s) | Planned |
| |
HARDWARE | BUBBA|TWO |
Internal hard drive | up to 1TB SATA |
Internal memory | 256 MB DDR2 |
Processor | 333 MHz Power PC |
Network connectivity | 2 x 1000 Mbit/s |
USB 2.0 | 2 x 480 Mbit/s |
eSATA | Yes, 2 |
Power consumption** | 7-12W (disk dependent) |
Kensington lock slot | Yes |
Fan | No |
For a turnkey solution the new Bubba looks compelling but at $452 USD for the 1T version it is still out of my reach. I guess I am going to have to keep learning how I can put something together for myself and that is just fine with me. I relish the learning experience.
For the same amount of money I will be able to put together a much more powerful and flexible system that is nearly as thrifty with electricity. The only real drawback will be the lack of Bubba's consolidated web based configuration and management tools.
Monday, July 21, 2008
5 Reasons Why You Should Use VirtualBox Over VMware Server
I read a very concise post over at MAKETECHEASIER that outlined five reasons why VirtualBox is better than VMware Server. His five points were:
- File size - 20meg vs. 102meg (small is beautiful)
- Easier install due to pre compiled package available for download. (not a big deal for me)
- Speed Boost (faster is better)
- Remote File Sharing
- Integration with Host OS via ‘seamless mode‘. With this mode on, you can access the applications from the guest OS from the host’s desktop. (interesting from a system management point of view)
This was a much more in-depth look at the two virtualixation solutions. The overview at the end really struck a cord:
VirtualBox has the widest range of host system support and has the lightest hardware demands, and excels for single PC personal virtualization needs, but requires more UNIX/Linux command-line skills when used as server virtualization solution. VMWare 2.0 has an excellent web-management UI with the lightest client payload, but this comes at the expense of heftier hardware requirements for good performance and a fatter software drop on the server.
Friday, July 11, 2008
List Mania Continues
mOnOwall - Security
Smoothwall - Security
pfSense - Security
IPCop - Security
Endian - Security UTM
Comixwall - Security UTM
HTPC
MythDora
Mythbuntu
Knoppmyth
Freevo
MythTV
GeeXboX - Frontend Only
File Server
CentOS Server (roll own)
FreeNAS - File Server
Debian Server (roll own)
Web Server
Cherokee
Abyss
Virtualization
VMware
Virtual Box
VoIP
PBX In A Flash - SELECTED
- Ubuntu Servier was eliminated becuase it was twice the size of a Debian net install.
- Took Yvatta off the list because it is a little over the top for SOHO use IMO. mgrave while making a response to a Smith On VoIP article about the new Netgear WGR614L wireless router summarized what I has been thinking about Yvatta:
mgraves // Jun 30, 2008 at 9:01 pm
You are exactly right about this. It will attract very few. However, Vyatta while interesting and truly open source, is totally over-the-top for the kind of application suited hardware such as this. M0n0wall or pfSense are more in line with the target market. Also, pure open source. Well proven and very well supported.
- I need to see if a web server was added to FreeNas in a recent release. For some reason I think I saw something about this new feature. The website says "Add generic webserver service" under FreeNAS 0.69b1. Hummmm.....................................
Thursday, July 10, 2008
A Long VOSS Hiatus - I'm Back
So what did I do with the other 5+ rigs? I fixed them them up, loaded up linux (Puppy Linux 4 - Dingo to be specific), put a I want you linux sticker on the case and pushed them out to the local Goodwill where I hope they find happy new owners.
I have been fighting the urge to bring any new toys homes. Of course now that I have paired down my toy collection all these great Craigslist opportunities keep coming up........
I haven't been a total tech prude at home. I have been playing around with Madriva and I must say I am pretty impressed with it. I have never been a big fan of RPM based distros but the Spring 2008 version is very polished, has good hardware detection and a some well thought out software selections which have made me take a second look.
I also did a few Debian net installs and got comfortable with the process of installing various packages and figuring out which ones had the least amount of bloat.
After spending sometime mulling over my previous posts I made some decisions about which direction I want to go. I decided big monolithic solutions are not what I am after. They require lots of resources and install lots of features I do not have a need for nor do I want them cluttering up my system(s).
Power consumption and the physical size of the solution are still very important to me. Over the last few months a few pieces of hardware have caught my eye. The first one is the Chenbro ES34069 Mini-ITX server case. It looks great and has some very nice features:
ES34069 Specifications | |
Dimensions (w x h x d) | 260 mm x 140 mm x 260 mm 10.24" x 5.51" x 10.24" |
Hard Drive Bay | 4 x 3.5" SATA HDD (hot-swappable) 1 x 2.5" notebook HDD (internal) |
Optical Drive Bay | Slimline CD/DVD drive |
Expansion Slot | N/A |
Front Access | 2 x USB 2.0 SD/Mini-SD/MMC/MS card reader Power button Reset button |
Cooling System | 2 x 70 mm fans (rear) 1 x 60 mm fan (front: optional) |
Power Supply | Built-in 180W DC board External AC adapter (brick) |
Input | AC 100 ~ 240V |
Output | DC 19V @ 9.5A |
The second item of interest is the release of numerous low power components. I am particularly interested in the dual core version of the Intel Atom CPU that should be released sometime next month based on a recent article posted at DigiTimes. Initial reports on the single core version of the Atom processor have been mix at best but it will be interesting to see what upgrades occur over the next month or two.
I have also been looking at small fast web servers and I am interested in evaluating Cherokee and Abyss.
Tuesday, April 8, 2008
I Am Not Alone
I have no clue why I clicked on it because the post was titled The hidden world of Linux. I am glad I clicked on the link because it seems Konrad has been pondering some of the same things I have been mulling over. He has indicated he will make some additional posts due to the feedback and response he has received about his initial post.
Over at Tech Source From Bohol Jun talked about some Free/Open-source Television Software available today. I had seen most of them but I did not know about GeeXboX. From the GeeXboX website:
You may think that such a thing requires a new generation computer ;-) That's where you're wrong !! An old P2-400 with 64 MB of RAM will be quite powerful enough to let the magic play. Also, the GeeXboX ISO only takes about 7 MB on disc. And of course, the whole thing can be managed by a either a keyboard, a remote controller or a joystick, thanks to its full OSD (On Screen Display) Menu.
So, what are you still waiting for ?? Xmas ?
Just go to the Downloads section and enjoy ;-)
That is a very small Linux ISO. It almost looks BSD like! It might be a very good lightweight front end to play media files.
Tuesday, April 1, 2008
Heavy, Big, Bloated, Limiting and ICBMs
I am also getting the feeling that most of these solutions are big and require lots of resources. I picked up an AMD 1.1 GB Athlon machine off of craigstlist for free last week. It is a very nice box with 1 gig of RAM, Onboard RAID, Server Case and lots of other goodies. I just finished cleaning it up and replacing the CPU fan. I decided to load Untangled on it. I have had numerous problems getting Untangled to run on several other test machines, but everyone raves about it so I decided to try and put it on the new Athlon machine. I got it to work finally. It was not happy with a gig of RAM and a 20 GB hard drive during the initial install! I know this is not the speediest machine in the world, but it is no slouch and would be fairly happy running most open source software. This really confirmed my concerns about size and system resource consumption. This was even harder to swallow when I read about mOnOwall and pfSense users running the entire application on a CF card! Granted this is an apples and oranges comparison, but it highlights the vast differences in hardware requirements. Untangled looks like it would be a great UTM solution for a larger small or medium size business. It would be total overkill for my home needs. The proverbial ICBM to kill a fly situation.
I am biased towards Debian-based distros, so that is where I am leaning now. I do not know if Ubuntu Server or Debian would be better for the core. Ubuntu Server 8.04 with LTS will be out in three weeks so I am interested in the upcoming reviews. Debian, on the other hand, is much smaller, and from my research a much more stable server platform since Ubuntu is based on Debian unstable (Sid). I could run virtual machines for the solutions that cannot be rolled into the Debian-based distro.
BSD still amazes me with what can be accomplished in a mere MB of code!
Saturday, March 22, 2008
Clark Connect - Anyone Using it?
A few of the posts stood out and caught my attention and got me thinking:
From KeeWEE:
SME has my voteFrom Andrew:
Why?
I like SME too, as far as it goes, but am trying to add a RADIUS server and MySQL accounting to it. However in SME both come preconfigured for its server functions so adding further configuration means you have to 'reverse engineer' the built-in configurations a) to work out what you have to do and b) to make sure you're not inadvertently undoing something else. As a relative newbie I often wonder if it wouldn't be a lot easier starting from scratch with the 'standard configuration' that's in the documentation.
And as far as I can google - and according to SME's own forum - it's not even worth trying to have the FreeRADIUS GUI dialupadmin on any RHEL distro, and because of the 'non-standard' configurations of SME it's not recommended to use Webmin on it.
I'd guess ClarkConnect suffers from the same drawbacks - the difficulty and inadvisability of trying to further modify something that's already been modified by someone else - but I've never tried it and if it leaves the underlying OS in a purer state that SME it might better suit me.
From RainDog:
I'd guess ClarkConnect suffers from the same drawbacks - the difficulty and inadvisability of trying to further modify something that's already been modified by someone else - but I've never tried it and if it leaves the underlying OS in a purer state that SME it might better suit me.
When ClarkConnect was based on Fedora core2, it was outstanding in this regard. You could treat it like any other FC2 install. It was brilliant.
So much so that I had quite a task upgrading it - because of my mods being incompatible with theirs. So now I've gone back the other way running a very clean and unmodified CC 4.1 machine, and a separate linux work horse machine.
Its a pity because now my dedicated firewall is quite a powerful box and a 330 MHz Celeron would do the job.
It's all a matter of what you want to do. As a basis for small business servers I've had many successes with SME. Set and forget. Capable , secure etc.
What I dont recommend is messing too much with SME (or CC) builds to run custom application, you see tales of woe all though the discussion boards with attempts at webmin etc. SME does what it does very well. My preferred option is to set SMEs up in gateway server mode and use a second box or board for any specialist application given that most aren't particularly demanding the hardware expense is much less than the labour involved and you can still rely on the SME box for gateway security.
And as far as I can google - and according to SME's own forum - it's not even worth trying to have the FreeRADIUS GUI dialupadmin on any RHEL distro, and because of the 'non-standard' configurations of SME it's not recommended to use Webmin on it.
I'd suggest using a CentOS box for this it's getting a little off the SME path.
I'd guess ClarkConnect suffers from the same drawbacks
Same drawbacks yes. But those drawback are advantages in another's situation. SME and CC are rock solid quick setup configurations, in doing this they offer little for the experimenter.
cheers..
More about the thinking part on the next post.
Saturday, March 15, 2008
Astro Gets Fragged
Three camps have clearly formed:
BSD-based solutions: very lightweight and robust.
Debian-based solutions: Lots of options with the potential to roll my own (based on the number of tutorials I have seen on the web).
Red Hat-based solutions: Large file sizes are a concern, but there are many options that are well-known and robust.
Outstanding Decisions:
- Do I want to mix and match the best solutions or stay with the same distro base, therefore compromising on solutions, but knowing that management will be potentially easier in the long run?
- Roll my own solution (distro with packages) or use off the shelf distro solutions?
- Run multiple Virtual machines or lump all of the packages under one distro or hybrid?
- Pursue a home solution or a more robust SOHO solution (one computer vs. multiple physical machines)?
Debian Etch as Server
Debian Linux file and print server: NFS, CUPS, LPR |
Stream your music with gnump3d |
Simple local web server on Etch |
Web Server on Debian Etch |
Thursday, March 13, 2008
Simple Question on Software-Based Router
Hello people,
I have been looking into useing a software based router like Smoothwall or Freesco for my company.
From all the options, i'm leaning towards freesco unless someone here tells me i shouldn't with a god reason why. Basically i need the router for QoS for voip lines.
The questions i have a pretty simple. Is there a special way to install two NIC cards? or is it just as simple as plugging in a second one and installing the drivers.
Thanks
This response caught my eye:
Pfsense has my vote
Well I have tried a lot of those (Smoothwall 2, Smoothwall 3, Clarkconnect, Endian firewall, Astaro versions 6 and 7, IPCop, Monowall and Zeroshell) in my quest to be able to play COD4 while loading my line with torrents, and I have to give my vote to pfsense (using 1.2 RC4 at the moment). Traffic shaping is by far the best I've tried, at least the ping are satying low and no lag, web access remains very fast. The traffic shaping wizard is not bad to get started but needs a little tweaking depending on the services on your network.
I have setup many configurations at various client locations, and for simplicity I agree that Smoothwall is best for newbies, I have used it for a few clients (10 to 50 users) and it has been stable as a rock, easy to configure and maintain.
I have also used Astaro for a few clients, great product (not free) but overkill for home use and traffic shaping is poorly implemented. On top of that, if you have never setup a router/firewall before you will find it a bit more complex than the other ones to say the least.
Pfsense runs on a toaster almost, is fast and has no extra useless features unless you want to install optional packages.
Hope it helps you
Wednesday, March 12, 2008
EnGarde Is Eradicated
Tuesday, March 11, 2008
Pairings
Free/Open/NetBSD
mOnOwall - Security
Smoothwall - Security
pfSense - Security
Comixwall - Security UTM
FreeNAS - File Server
Red Hat/RHEL/Fedora /CentOS
Clark Connect - Security
Endian - Security UTM
IPCop - Security
PBX In A Flash - SELECTED - VoIP
MythDora - HTPC
SME Server - File Server
CentOS Server (roll own) - File Server
Debian/Ubuntu
Vyatta - Security
Untangle - Security UTM
Mythbuntu - HTPC
Knoppmyth - HTPC
EnGarde - File Server
Ubuntu Server (roll own) - File Server
Debian Server (roll own) - File Server
Slackware/Suse
Astaro - Security UTM
Independent Package / Application
Freevo - HTPC
MythTV - HTPC
VMware - Virtualization
Virtual Box- Virtualization
MikroTik RouterOS - This choice was eliminated because I cannot find a support community. The documentation is not as good as with other solutions.
eBox Platform - This choice was eliminated because the user forums and documentation need to be improved or edited. There does not seem to be much activity on the user forums. This platform, however, does look like it has a lot of promise.
Monday, March 10, 2008
UTM Minimum System Requirements
UTM Solutions - Minimum System Requirements
Astaro
Pentium III 900 MHz or compatible CPU
512 MB RAM
10 GB SCSI/IDE HD
Bootable CD-ROM SCSI/IDE
3 PCI-NICs (Internet, Local Net, Demilitarized Zone)
Comixwall
AMD64 or better CPU
512 MB RAM
Drive space unknown
Bootable CD-ROM
Endian
Pentium 500MHz or compatible CPU
256MB RAM
4 GB SCSI/IDE HD
CDROM An IDE, SCSI or USB CDROM drive is required for installation
Untangle
Pentium 800MHz or compatible CPU
512 MB RAM
2 NICs 3 for DMZ
CDROM drive is required for installation
Based on these minimum requirements, it looks like a UTM solution would require a separate system. Out of these, Endian looked the best due to its size and system requirements. Comixwall, the only BSD based UTM solution, also looks good, but the support community is not as well organized as with the other solutions.
I plan to start to looking at other security solutions soon, but I have already been able to eliminate one of them from contention:
Censornet - I eliminated it because it is primarily an open source Internet Web Filtering & Management solution, lacking many of the features of other security solutions under evaluation.
Sunday, March 9, 2008
Which is the BEST hardware Router/Firewall to monitor in/out traffic?
Or if you want something with a bit more power, build yourself a *nix distro router...take a mid-range P3 or higher, with 2x NICs...and install one of the many *nix router distros out there.
There are many of them out there...some stronger in certain areas than others, and a growing number that bring full UTM features (Unified Threat Management). These UTM features are the ones I'm really interesting in..and using at a few clients with good success. The UTM distros add antivirus scanning of all web, mail, and ftp traffic, as well as spam removal of web traffic. Some add ad/spyware blocking of browser traffic as well. And beefier intrusion detection via Snort.
Some of the basic *nix router distros....
IPCop...one of the more popular ones, has a big development/support community with lots of add-on packages.
You can add UTM functionality to it with the add-on called Copfilter
m0n0wall
Smoothwall
pfSense...built on m0n0wall...with stronger QoS features
Clark Connect is a cool distro for a small business, sort of an open source *nix version of Microsoft Small Business Server
vyatta
For some of the UTM distros....in addition to the Copfilter build of IPCop listed above....
Endian...one of my favorites..built on top of IPCop..with the features of Copfilter...bundled into one tight package
Comixwall
Astaro
Untangle...this one is fantastic...I've built a few...using them in production...very powerful. Lots of features...even blocking of IM traffic and peer to peer traffic.
On the basic distros...all you need is an older PC...P2 or so, moderate RAM, a pair of NICs..and you're good to go. For the UTM distros..you want a bit more power...mid range or higher P3, 512 megs of RAM...Untangle likes to go above 1.0GHz and a gig of RAM.
Well I guess I have even more options to check out now.....
Saturday, March 8, 2008
Going 103M over security
* Untangled - It has been getting good reviews but it seem like it wants lots of horsepower (Ram,CPU) to run well. I like the concept of a "virtual rack" of security tools with and easy to use GUI configuration tools.
* ClarkConnect
* IPcop
* Smoothwall
* mOnOwall
* redWall - I have eliminated redWall because it has not be updated in over 18 months and I have been unable to find many comments about it on-line. Reading some of the post at the redWall forums site gave me the impression the project is somewhat in limbo.
* Gibraltar - I eliminated Gibraltar because it is BIG (622 MB) Compare this this mOnOwall which is only 8MB! I also read several reviews saying it was hard to configure and install. The following feature looked pretty cool as pointed out at fsckin w/ linux “Anonymisation Gateway: The Gibraltar Anonymisation Gateway makes your overall network traffic anonymous and it makes sure you can surf in the internet anonymously.”
* Devil-Linux - I took it off the list because it just does not seem as polished and mature as the other solutions under consideration. This is a very competitive category with many well established players.
I read a good review of linux/bsd firewalls over at fsckin w/ linux:
Seven Different Linux/BSD Firewalls Reviewed
He tested the following solutions:He concluded his review buy selecting pfSense. Based comments after the review he has decided to update his review and compare several move firewalls.
I have a few new options to check out:
Thursday, March 6, 2008
I Want My MTV
Looking at the File Server category two distinct groups emerge:
Prepackaged servers - All have a web interface
EnGarde - Based on Red Hat
FreeNAS - Based on FreeBSD
SME Server - Based on CentOS
Roll your own server:
CentOS
Debian
Ubuntu Server
I am wondering if it would be best to start with a prepackaged server and after gaining some knowledge I could then roll my own after I really determine what I want/need. It is one thing to plan this all out but another to actually implement it for real.
I finally started to review HTPC and quickly eliminated a few options:
VDR does not look like a mature project and it does not look like much has been done to it over the last two years. Found no support group and little documentation.
LinuxMCE looks like an interesting project based on Kubuntu that has some maturity but has a lot of bells and whistles that I am not interested in like home automation, phone system and security system.
Sagetv is not free (as in beer or freedom) from what I can tell. That is too bad because it is a mature product with many features.
That leaves Freevo or MythTV and its many distro spin-offs like MythDora, Mythbuntu, KnoppMyth
A quick search reveled several sites that compared all three of these distros, a coupe of these were:
Three MythTV Linux distros compared
It looks like KnoppMyth's biggest drawback is a the inability to upgrade easily. Other website reviews tended to favor MythDora but there was no clear winner of which performs better.
Wednesday, March 5, 2008
Best on the Planet?
Another potential software solution getting good reviews is Untangle.Carlos Echenique over at PlanetX64 at the end of his review stated:
Price, performance, features, support and a killer interface all come together to produce a near perfect product. Ongoing development and a support team that listens to the needs of their customers makes the Untangle Platform your best bet for securing your network.
Scores:
Features: 4.95 out of 5
Interface: 5 out of 5
Performance & Support: 5 out of 5
Pricing: 5 out of 5
Total Score: 19.95 out of 20
PlanetX64 proudly awards Untangle Platform the Best on the Planet.
I had decided to take Annvix off the consideration list. Based on a review at linux.com and reviewing the on-line documentation. I do not think this would be the best first introduction to setting up and managing a server. I think I will require a little more hand holding than Annvix can give me based on my lack of knowledge.
Contenders still in the running:
VoIP
I have decided to choose PBX In A Flash as my VoIP solution. The Poor Man's Tech blog had a follow up post on PBX In A Flash vs. Trixbox and it gave several compelling reason to make a switch from Trixbox CE (which I use at work) to PBX In A Flash. I have been wanting to try this new asterisk based solution out and this seem like a great time to take the plunge.
Monday, March 3, 2008
List Fodder
I am torn becase VirtualBox is open source while VM is propritory code....
I am more intrested in PBX In A Flash based on a blog post over at Poor Man's Tech. I was aware of the trixbox phone home flap and that issue left a bad taste in my mouth fueling desires to find an alternative. (I am a current trixbox user)
I have not even looked at the HTPC solutions but hope to narrow the list soon.
I have added Debian as the basis for a potential file server and maybe more after reading some information posted at
About Debian Linux
Going to put security on hold right now until other solutions are narrowed down.
Thursday, February 28, 2008
Top 100 of the Best (Useful) OpenSource Applications?
Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates.
openSSHOpenSSH is a FREE version of the SSH connectivity tools that technical users of the Internet rely on. Users of telnet, rlogin, and ftp may not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other attacks. Additionally, OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions.
PuTTY is a free implementation of Telnet and SSH for Win32 and Unix platforms, along with an xterm terminal emulator.
VNC stands for Virtual Network Computing. It is, in essence, a remote display system which allows you to view a computing ‘desktop’ environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures.
Many people know from their own experience that it’s not easy to install an Apache web server and it gets harder if you want to add MySQL, PHP and Perl. XAMPP is an easy to install Apache distribution containing MySQL, PHP and Perl. XAMPP is really very easy to install and to use - just download, extract and start.
Some more potential solutions from as energetic article about home servers over at the Ferdy Christant blog:
GNUMP3d
A streaming server for MP3s, OGG vorbis files, movies and other media formats.
It is designed to be:
- Small, stable, portable, self-contained, and secure.
- Simple to install, configure, and use.
- Portable across different varieties of Unix, the GNU Operating System, and Microsoft Windows platforms.
A fast, free web server log file analysis program. It produces highly detailed, easily configurable usage reports in HTML format, for viewing with a standard web browser.
Wednesday, February 27, 2008
So why care about Windows viruses on Linux?
So why care about Windows viruses on Linux?
If you're running Linux, you are, in a practicality, immune from a Windows virus. So why would you want to bother scanning your files - files that won't work on your computer, anyway (except, for example, through Wine) - for viruses that have no effect on you? Well, the simple answer is, you wouldn't. But it is more complex than that. I'll explain.
Mail servers
The vast majority of Linux anti-virus programs run on mail servers. These are the computers that your mail client connects to when you want to send or receive an email. Since email is one of the main way viruses and trojan horses spread, these servers are the "front-line" in the battle to stop computer viruses. And, since so many of these servers run Linux, it's clear to see the need for a Linux program to detect Windows viruses. If you're running a mail server, whether it be for your home or office, you should definitely be using an anti-virus program to intercept any naughty files that might be trying to move in or out of your network via email.
File servers
Another place where you'd want to run an anti-virus program is on a file server shared my multiple users, even if you trust all of these users. File servers are basically repositories for data; some of that data might come to exist on your server through legitimate sources, but there's no way for you to know where each and every file originated. Running an anti-virus ensures that if someone uploads an infected file, say, downloaded from a Peer-to-Peer network, your file server will detect the threat and stop any other users from becoming infected.
It seems like ClamAV is the de facto standard when it come to open source anti-virus programs. I will have to take a look at it as a possible solution since windows boxes will have a need to connect to the file server.
More Support For RAID 10 (1+0)
I enjoy her easy to read and understand writing style. She confirmed many of the the things I discovered about RAID in a very concise one page overview.
I like to look at the the Tuxmachines website (one of my favourites) on a daily basis and I came across a link to another Carla Schroder article about RAID: Linux RAID Smackdown: Crush RAID 5 with RAID 10
Some of the highlights from the article:
- Most Linux installers support RAID 0, 1, and 5, but not 10.
- RAID 10 support is still marked as "experimental" in the kernel.
- RAID 10 is shorthand for RAID1+0, a mirrored striped array. Linux RAID 10 needs a minimum of two disks, and you don't have to use pairs, but can have odd numbers
- RAID10 provides superior data security and can survive multiple disk failures
- RAID10 is fast
- RAID10 is considerably faster during recovery— RAID5 performance during a rebuild after replacing a failed disk bogs down as much as 80%, and it can take hours. RAID10 recovery is simple copying.
- RAID5 is susceptible to perpetuating parity and other errors
- RAID 10s main disadvantage is cost, because 50% of storage is duplication. The redundancy in RAID5 peaks at one-third in a three-disk array, and reduces proportionately as you add disks.
-You can use two disks for practice, though on production systems you need four disks to get any real benefit.
Link to article: Linux RAID Smackdown: Crush RAID 5 with RAID 10
Tuesday, February 19, 2008
SLAMPP Sinks
Monday, February 18, 2008
Four More Cow Abductions
Still In The Running:
Out:
- Openfiler - Has not been updated in almost a year, not much traffic on support forums
- OpenNA Linux - Could never find the free ISO file, Seems like the company is primarily pushing their paid solutions
- StartCom - Too many RTFM type answers on the support boards
VoIP
Out:
Thisk Server - Lack of documentation and support
Home Theatre Personal Computer
Out of these choices I am leaning toward a MythTV solution based on limited research. This may wind up being a stand alone computer in my living room (front end / back end) or a split with the back end on the home server. and the front end being on the computer in the living room.
Saturday, February 16, 2008
Still Thinning The Herd
I still have been playing with virtualization software. I read a thread called Performance Evaluation of Xen Vs. OpenVZ on Slashdot that outlined some of the pro and cons of different virtualization software solutions.
There was a lot of bantering from the different software camps about how their chosen solution was better but one post stood out:
Linux has a lot of great VM options. VMware is a great free (cost) option, and KVM has become a great option very quickly. OpenVZ and VServer are interesting light weight OS "jail" virtualizations. They each have pros and cons, depending on your requirements and apps being used.
I'm setting up my "next generation" home linux server, and looking into the virtualization options for that. Probably a bigger factor than performance is the setup and manageability. I have found Xen to be pretty primitive compared to VMWare.. setup is a pain, documentation is spotty, and support is minimal. The one advantage of Xen is that you can (and often must) do everything with it from the command-line. The GUI tools are weak at best.
I am now leaning towards using VMWare server. But, I still need to do some testing with KVM.. articles I have read about it sound very impressive. KVM paravirtualization performance is supposed to be excellent. But, I don't know about management.
This pretty much sums up what I am looking for. I am looking for a KISS (Keep It Simple Stupid) solution. I think this should be true for all potential solutions. I want to keep good documentation, friendly/helpful user community and ease of administration at the top of my selection criteria.
Scratch Xen off the List.
Friday, February 15, 2008
Some Random Notes
I still have not clearly defined what this server will need to perform. A good list of some things I may want to consider was found at the ClarkConnect Comparing Software Editions Page.
I took Openfiler off the file server list because I could not find a 32bit version. It also appears the last release was put out almost a year ago.Applications with a web interface are very appealing from a ease of use and flexibility of administration aspect. I believe ClarkConnect, SME Server and FeeNAS have web interfaces.
Distributions like Ubunutu Server and Annvix have less appeal due to the amount of set-up and command line involved to get a working system. It would probably be a great Linux learning opportunity but I want to initially get something up and running that is simple before I more on to more complicated systems/projects.
Thursday, February 14, 2008
Mardi Gras, Cold and Virtual Machines
I installed VMware and Virtual Box. Based on some limited tinkering I like Virtual Box better because it is pretty intuitive to use (no I did not read the manual :>). I really like the feature allowing you to use a downloaded ISO image without having to burn the image onto a CD/DVD. You can create a virtual drive and install the ISO image on the drive very easily.
I ran a few distributions like DSL and SME Server in Virtual Box and I was able to see an immediate impact on system resources by watching the system monitor in Ubuntu 7.10 on my test computer system I named "Mule".
Based on this I guess I am going to need a pretty beefy processor and lots of memory. I keep hearing running two virtual machines per processor core is the general rule of thumb. Quad core is looking pretty good or two separate dual core machines? I am guessing my starting point for memory is going to be 4 Gigabytes and a motherboard with four ram slots at a minimum.
Form following function?
Thursday, January 31, 2008
RAID Break and Making the Cut
Taking a break from storage I started to slim the file server list down and the follow potential solutions were cut from my list:
Miracle Linux - No English Documents Found
Nitix - Software is a trial version only
Server Optimized Linux - Only RAID 1 supported and limited documentation
TinySofa - No Documents Found
TupiServer - No English Documents Found
That leaves:
Annvix
Centos
EnGarde
FreeNAS
Openfiler
OpenNA Linux
SLAMPP Live CD
SME Server
StartCom
Ubuntu Server
Tuesday, January 29, 2008
Fakeraid, Softraid, Hardraid, Hell ???
It looks like a few of the big players in the hardware RAID business at the SOHO market level are:
3ware
ArecaHigh Point Technologies
LSI
Promise Technology
A quick look at Newegg revealed 361 RAID cards with prices ranging from $11.99 to $9999.99 Gulp.
I limited my search to a card that would support a minimum of four SATA II connections in a RAID 5 or 10 configuration. The cheapest new card I could find was a High Point RocketRAID 1740 PCI SATA I SATA II Controller Card that supported RAID 0/1/5/10/JBOD for $121.00
This is very doable for a small business solution but probably at the upper end of the price spectrum for most home applications.
Software RAID was starting to look good at this point. A little more digging revealed most of the people running open source software believe software RAID is the way to go based on the articles I read. Some of the reasons cited best summarized at Linux: Why software RAID?
Why prefer Linux software RAID?
- Potential for increased hardware and software biodiversity
- Kernel engineers have much greater ability to diagnose and fix problems, as opposed to a closed source firmware. This has often been a problem in the past, with hardware RAID.
- Disk format is public thus, no vendor lock-in: Your data is not stored in a vendor-proprietary format.
- A controller-independent, vendor-neutral layout means disks can be easily moved between controllers. Sometimes a complete backup+restore is required even when moving between hardware RAID models from the same vendor.
- Eliminates single-points-of-failure (SPOF) compared to similar configurations of hardware RAI
- RAID speed increases as host CPU count (multi-thread, multi-core) increases, following current market trends.
- Cost. A CPU and memory upgrade is often cheaper and more effective than buying an expensive RAID card.
- Level of abstraction. Linux software RAID can distribute data across ATA, SCSI, iSCSI, SAN, network or any other block device. It is block device agnostic. Hardware RAID most likely cannot even span a single card.
- Hardware RAID has a field history of bad firmwares corrupting data, locking up, and otherwise behaving poorly under load. (certainly this is highly dependent on card model and firmware version)
- Hardware RAID firmwares have a very limited support lifetime. You cannot get firmware updates for older hardware. Sometimes the vendor even ceases to exist.
- Each hardware RAID has a different management interface, and level of feature support.
- Your hardware RAID feature set is largely locked in stone, at purchase time. With software RAID, the feature set grows with time, as new features are added to Linux... no hardware upgrade required.
- Additional RAID mode support. Most hardware controllers don't support RAID-6 as Linux software RAID does, and Linux will soon be adding RAID-5E and RAID-6E support.
- Many ATA-based hardware RAID solutions either (a) fail to manage disk lifetimes via SMART, or (b) manage SMART diagnostics in a non-standard way.
Why prefer Linux hardware RAID?
- Software RAID may saturate PCI bus bandwidth long before a hardware RAID card does (this presumes multiple devices on a single PCI bus).
- Battery backup on high end cards allows faster journalled rebuilds.
- Battery-backed write-back cache may improve write throughput.
Let's just say I've been burned a few times in the past.
Anyway, soon I can finally migrate the data for this site and several others off my old (going on 6 years old) server in Ohio (happily running Software RAID).
In retrospect, I was adding complexity and a new point of failure to a system that had always worked fine in the past. I've learned my lesson.
During all of this I kept seeing how one should avoid FakeRAID. I had no clue what this was so I looked it up and found a reference to it at Wikipedia:
Hybrid RAID implementations have become very popular with the introduction of inexpensive RAID controllers, implemented using a standard disk controller and BIOS (software) extensions to provide the RAID functionality. The operating system requires specialized RAID device drivers that present the array as a single block based logical disk. Since these controllers actually do all calculations in software, not hardware, they are often called "fakeraids", and have almost all the disadvantages of both hardware and software RAID.
A more humorous description was over at Snowflakes in Hell:
Whoever decided that “FakeRAID”, which is a highly technical term used to describe the types of Serial ATA RAID appearing on some cheaper motherboards, was a good idea needs a severe beating. It appears that FakeRAID is just basically a BIOS hint, requiring the CPU on the machine to do the majority of the work with regards to creating and maintaining the array. I was trying to make Ubuntu do the FakeRAID thing on a server at work, but I think I’m just going to use the Linux software RAID, which seems to be the conventional wisdom these days anyway.
Now back to your regularly scheduled gun blogging.
I guess I will not worry to much about what RAID levels are supported by any particular motherboard during future purchasing decisions...Monday, January 28, 2008
More RAID Stuff
I will still look at RAID 5 but I want to move onto the Software vs. Hardware RAID issue. This could be a contributing factor on what RAID solution is ultimately chosen. It appears many think hardware RAID is the way to go but many in the open source community think software RAID is better.
Some articles I need to read:
Linux Software RAID Vs. Hardware RAID
Monitoring and Managing Linux Software RAID
Friday, January 25, 2008
RAID 5 or 1+ 0 Continued
Sumarrizing from the BytePile Website :
RAID 5 - Most versatile RAID level
RAID Level 5 requires a minimum of 3 drives to implement
Advantages: Highest Read data transaction rate. Medium Write data transaction rate. Low ratio of ECC (Parity) disks to data disks means high efficiency. Good aggregate transfer rate.
Disadvantages: Disk failure has a medium impact on throughput. Most complex controller design. Difficult to rebuild in the event of a disk failure (as compared to RAID level 1). Individual block data transfer rate same as single disk.
Recommended Applications: File and Application servers ? Database servers ? WWW, E-mail, and News servers ? Intranet servers ?
RAID 10 - Very High Reliability combined with High Performance
RAID 10 requires a minimum of 4 drives to implement.
Advantages: RAID 10 is implemented as a striped array whose segments are RAID 1 arrays. RAID 10 has the same fault tolerance as RAID level 1. RAID 10 has the same overhead for fault-tolerance as mirroring alone. High I/O rates are achieved by striping RAID 1 segments. Under certain circumstances, RAID 10 array can sustain multiple simultaneous drive failures. Excellent solution for sites that would have otherwise gone with RAID 1 but need some additional performance boost.
Disadvantages: Very expensive / High overhead. All drives must move in parallel to proper track lowering sustained performance. Very limited scalability at a very high inherent cost.
Recommended Applications: Database server requiring high performance and fault tolerance?
This all sounds good but would I better be served (no pun intented) by a second file server or NAS? This could potential address the need for off site backups while eliminating the need for a RAID. Will or can i take advantages of the performace increases associated with a RAID?
Storage is cheap so a belt and suspenders solution may be a viable way to take care of all my data needs while capitolizing on any performace gains.
Before I started posing this blog I was eyeing the very hackable Buffalo 500GB LinkStation Live that runs Linux. It has been heavily discounted as of late and can be purchased for around $200 USD.
I would have to verify the following:
"In order to make this approach work, one of the two NASes must support scheduled backup to or from a networked drive. Most all NASes support backup to a USB attached drive and many do this trick with a networked share. But some drives support only attached drive backup."
Thursday, January 24, 2008
Which RAID Type? Hardware or Software?
The essential RAID primer
RAID Types - Classifications
Chipset Serial ATA and RAID performance compared
Why home RAID won't fly
Sorry about your broken RAID 5
Which RAID for a Personal Fileserver
RAID 0: This is a striped set, there is no redundancy. One drive goes, everything's gone. Usable space = 100%
RAID 1: This is a mirrored set. Typically this involves 2 drives. One drive is an exact copy of the second. If a drive fails, you replace it and rebuild the set. Life goes on. Usable space = 50%. Most IDE raid cards only support RAID 0 AND 1.
RAID 5: This is a striped set with parity. You get the performance associated with a striped set. Particularly on reads. If you have 4 drives, there are 4 stripes. 3 of those stripes are data stripes, the 4th is parity. Lose 1 drive and the parity information is used to rebuild the set. Usable space = (n-1)/n. To do this in hardware is typically fairly expensive.
For a file server, I'd use the combination of RAID 1 and striping known as RAID 1+0 or RAID 10.
The benefits are that you get the same protection as with RAID 1, but lose the speed penalty, all without needing special hardware or spare CPU power for expensive CRC calculations.
With a 4 drive RAID 1+0, you'll get read performance of 2x-4x a single drive, while writes will be from 1x-2x. In theory, that is. In reality, if using a RAID PCI card or motherboard solution hooked to the south bridge, you'll most likely max out the read speed.
Anyhow, it's a very cheap solution that doesn't tax your CPU too much even if done through software (like with a highpoint controller), and it does give you piece of mind.
The worst downside is that you will have to take the system down to change a drive (correct me if I'm wrong, but I've never seen a hot-swappable RAID 1+0 solution), and the performance before you do that will take a substantial hit.
Raid 4/5 is nice because it doesn't waste a lot of drive space, but it comes at the price of very slow writes, and very high CPU use unless you also get a hardware controller with an on-board CPU.
RAID 1+0 is the Cadillac of RAIDYet if you do choose to use RAID, I submit that for important data, RAID 1+0 should be your first choice. It offers good performance - not as good as RAID 5 on reads, but much better on small writes - and it is much more resilient than RAID 5 when you do have a disk failure.
A RAID 5 rebuild costs you about half your IOPS capacity as well as controller or CPU cycles. With RAID 1+0 a rebuild is a simple disk to disk copy which is as efficient and fast as you can get.
Because it mirrors, RAID 1+0 capacity is more expensive than RAID 5. For business critical data, RAID 1+0 gives the best combination of performance, availability and redundancy.
After this preliminary look at RAID it would seem RAID 5 or 10 would be the way to go. This would require a minimum of 3 or 4 disks respectively. Another alternative is RAID 1E which I plan on looking at in further detail