[CLUE-Tech] Computer Lab Experiment
William
bkimball1 at yahoo.com
Sun Apr 25 11:26:09 MDT 2004
My employer has asked me to build a sample business-class network using Fedora Core 1 and the
following (spare) hardware:
eMachines Pentium II Celeron, 400MHz, 128M RAM, 4G HDD
Intel Pentium II, 450MHz, 128M RAM, 10G+3G HDDs
Intel Pentium III, 550MHz, 256M RAM, 10G+10G HDDs
Intel Pentium III, 600MHz, 256M RAM, 40G+60G HDDs
Between these machines -- and where compatible -- I can swap hardware around should I need to
recommission RAM or HDD space to fill any requirements. The network already has a Cisco router,
Windows NT 4.0 PDC (also manages DNS and WINS), and a Windows 2000 Server for publicly-accessibly
Web, FTP, and Newsgroups (and several Windows XP Professional workstations).
The software requirements for this experiment are specific. I am to provide:
A mail server using the latest Postfix that supports anti-virus, anti-uce, POP3, and web-based
interface.
A web server using the latest Apache that supports PHP, Perl, and JSP (via a bridged TomCat
installation if necessary).
A database server using the latest MySQL that will be accessible from all machines (including the
Windows 2000 Server box).
A chat server; no specific software requirement except that IRC Services are not wanted.
A log server that will receive and process logs from all other machines including a Cisco
perimiter router via logrotate and logwatch scripts.
This experiment has to go live for a test duration and an evaluation of performance, security, and
stability will be made at conclusion.
I am reasonably experienced with most of this software, but I want to get your input on allocating
the hardware before I start installing anything. I have created the following map to illustrate
my first take on this scenario:
For mail.experiment-lab.com: (Intel Pentium II, 450MHz, 128M RAM, 10G+3G HDDs)
Purpose(s) (External/DMZ machine):
Mail server
IRC server (private)
Rebuild from the ground up to sport:
RedHat/Fedora Linux (bare minimum Custom install) with:
Perl and the CPAN script
postfix2
vm-pop3d
popauth2 (a robust monitoring tool that I completely rewrote based on the popauth
pop-before-smtp utility)
ircd (no services; this is a private chat server)
bind9 (for local caching only; used heavily by postfix)
iptables
syslogd (routes all logging to inuyasha.experiment-lab.com)
vim
For kenshin.experiment-lab.com: (eMachines Pentium II Celeron, 400MHz, 128M RAM, 4G HDD)
Purpose(s) (External/DMZ machine):
Web server
FTP server
Rebuild from the ground up to sport:
RedHat/Fedora Linux (bare minimum Custom install) with:
Perl and the CPAN script
PHP (maybe, scripting calls should be pushed to shinji.experiment-lab.com)
Apache2 with (PHP and Perl support -- maybe) and the Apache-to-Tomcat (JK2) bridge (to support
.jsp calls from Apache -- forwarding to shinji.experiment-lab.com)
vs-ftp
webalizer
iptables
syslogd (routes all logging to inuyasha.experiment-lab.com)
vim
Add a web interface for web-based e-mail management
Requires IMAP, and this daemon may replace vm-pop3d (try to avoid replacing this POP3 daemon, if
possible)
Set up an automated backup facility to preserve:
All configuration files
All websites
For inuyasha.experiment-lab.com: (Intel Pentium III, 600MHz, 256M RAM, 40G+60G HDDs)
Purpose(s) (Internal/Protected machine):
Database server
Log server (including all Linux servers AND the Cisco perimiter router)
Mail sanitizer (AMaViSD-New, Anomy, Mail::SpamAssassin, and some anti-virus)
Rebuild from the ground up to sport (NO web server components):
RedHat/Fedora Linux (bare minimum Custom install) with:
Perl and the CPAN script
MySQL
AMaViSD-New
SpamAssassin
Some free anti-virus program that works with AMaViSD-New and provides free virus database
updates
Anomy
syslogd (configured to receive logging entries from all other machines on the local network)
iptables
logwatch
vim
Set up an automated backup facility to preserve:
All configuration files
Databases
Log Files (4-15 weeks worth)
For shinji.experiment-lab.com: (Intel Pentium III, 550MHz, 256M RAM, 10G+10G HDDs)
Purpose(s) (Internal/Protected machine):
Application server
Rebuild from the ground up to sport:
RedHat/Fedora Linux (bare minimum Custom install) with:
j2sdk
Perl and the CPAN script
PHP
Tomcat with the Apache-to-Tomcat (JK2) bridge (to support .jsp calls from Apache)
webalizer
iptables
syslogd (routes all logging to inuyasha.experiment-lab.com)
vim
Set up an automated backup facility to preserve:
All configuration files
All programming modules
I suspect that I'm not putting the hardware to its best use, but I like the distribution of
services into a Mail/Chat Server, Web/FTP Server, Database/Log Server, and Application Server.
However, because I've never designed a network of this scale before, I realize I may have made
some mistakes in how I've allocated the services.
What would you do?
Thanks all!
=====
William Kimball, Jr.
"Programming is an art form that fights back!" =)
__________________________________
Do you Yahoo!?
Yahoo! Photos: High-quality 4x6 digital prints for 25¢
http://photos.yahoo.com/ph/print_splash
More information about the clue-tech
mailing list