Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Converting my office to [Gentoo] Linux...
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Gentoo Chat
View previous topic :: View next topic  
Author Message
AdamMil
n00b
n00b


Joined: 18 Apr 2002
Posts: 12
PostPosted: Thu May 23, 2002 12:22 am    Post subject: Converting my office to [Gentoo] Linux... Reply with quote
For those experienced sysadmins out there:

I've been running GNU/Linux for quite some time now, and recently converted to GNU/Linux from my own hacked-together "distribution". I feel inspired to try to convert my office (or at least the servers) to GNU/*nix, in the greatest way possible, using Gentoo Linux. I have a goodly amount of experience with basic security, administration, etc, but have never tried to take on a project of this magnitude. It's a small company here (maybe 5 workstations and 13 servers). I have been seeding the idea of migrating to a *nix based setup, and the other developers/network guys are turned onto the idea. However, management will surely shoot down the idea if the system ended up being more difficult to maintain or administer than the current Win2000-based network, or has other problems.

For those who don't want to read about the current setup, I'll briefly state my thoughts here, and hope that somebody will have some ideas or improvements. Then I'll describe the current setup.

1) The system will need a centralized method of authenticating users. My first idea was to have the files in /etc that deal with passwords be links to files on a central NFS mount. However, there may be PAM modules (or something else) to do this better, and I don't know about NFS locking issues (though two people changing their passwords at the same time is unlikely.. :). I'd like it to be as simple as possible (dealing with simple files over a database or LDAP server, for instance).

2) The system will need a way to centralize most libraries and applications. I think linking certain /etc files and the /usr tree to NFSs would be good enough, with server-specific applications in /usr/local. I'd also like to link /home over an NFS.

3) For remote administration, I was thinking of using sshd.

4) The servers connected to the internet (pretty much all of them...) should have some kind of soft firewall. iptables?

5) For backup, I think a nightly cron task running on the backup server would be sufficient.

6) For web development, I think Frontpage extensions on apache would be workable. Does anybody know of a CVS source-control plugin for Visual Studio 6 that would allow the developers to transparently use Visual Interdev on Windows 2000 with the Linux web and CVS servers?

7) Interop with the Win2k network would probably be done using Samba.

8) I'm probably missing something...

The current network is set up as follows:
There are 6 production servers (2 web, 1 database, 1 dns, 1 exchange, 1 domain controller) on a Qwest DSL line. Each server has two network cards, and both an external and internal IP. There are 5 development servers (1 web, 1 database, 1 dns, 1 exchange, 1 domain controller) on a Pacbell DSL line, each with two network cards. So there are three subnets.. the Qwest net, the Pacbell net, and the internal subnet. There are 2 other servers (1 phone server - routes telephone calls, and a server that can take the role of other servers in case of failure). The production and development servers are in two different NT domains (PROD and DEV, I'll call them).

Then, there are 5 workstations (5 actually used), each with an account on both domains. It's clear that the workstations will not be converted.. the other three people in the office would not put up with learning the GNU OS, and I don't know if anything could take the place of Exchange 2000, so there will need to be a hybrid system.
Back to top
View user's profile Send private message
klieber
Bodhisattva
Bodhisattva


Joined: 17 Apr 2002
Posts: 3657
Location: San Francisco, CA
PostPosted: Thu May 23, 2002 1:27 am    Post subject: Re: Converting my office to [Gentoo] Linux... Reply with quote
AdamMil wrote:
I feel inspired to try to convert my office (or at least the servers) to GNU/*nix, in the greatest way possible, using Gentoo Linux.


I would not run production servers on Gentoo. It's not ready for prime-time, yet (IMO). Not only are there still a lot of bugs being worked out, but portage really isn't all that fleshed out yet. It's slow, based on flat-files and doesn't have a lot of the querying features that RPM and/or apt do. I would use Debian or *BSD instead.

(I'm sure I'll get flamed for this and that's fine. Fact is, Debian and *BSD have both been around a lot longer than Gentoo and so they've had more time to mature)

AdamMil wrote:
However, management will surely shoot down the idea if the system ended up being more difficult to maintain or administer than the current Win2000-based network, or has other problems.


So let's see. You're going to convert over the company servers to what is still considered by many to be a rogue OS without management approval. Oh, that sounds like a good idea. Is your resume up-to-date?


AdamMil wrote:
1) The system will need a centralized method of authenticating users.


use PAM -- that's what its there for. If security is a big concern, use kerberos.

AdamMil wrote:
2) The system will need a way to centralize most libraries and applications. I think linking certain /etc files and the /usr tree to NFSs would be good enough, with server-specific applications in /usr/local. I'd also like to link /home over an NFS.


I wouldn't store /etc files on a remote server -- if you lose your network connection, you'll have no way to bring that server up. Look at something like rsync to sync up directories from a master configuration server

AdamMil wrote:
3) For remote administration, I was thinking of using sshd.


Good choice. If you need GUI support (for developers, or whatever) look at running VNC or simply X over ssh.

AdamMil wrote:
4) The servers connected to the internet (pretty much all of them...) should have some kind of soft firewall. iptables?


The network setup you describe below is a nightmare just waiting for a hacker. Get rid of the two NICs per computer and consolidate onto one or two firewalls, behind which all your servers/desktops reside.

AdamMil wrote:
5) For backup, I think a nightly cron task running on the backup server would be sufficient.


Look at Amanda. Much better and more robust than a home-grown cron job.

AdamMil wrote:
6) For web development, I think Frontpage extensions on apache would be workable. Does anybody know of a CVS source-control plugin for Visual Studio 6 that would allow the developers to transparently use Visual Interdev on Windows 2000 with the Linux web and CVS servers?


Not sure -- search google

AdamMil wrote:
8) I'm probably missing something...


Since you're still going to be using exchange, you'll need to set up some sort of pass-through authentication so your users can authenticate from a windows client against an unix box. Samba can use this, but I'm not sure how that would work with PAM and/or kerberos. Just something to be aware of.

Also, you don't say what kind of database you're running -- if it's SQL server, then you'll be staying on windows for that, as well.

Really your biggest problem appears to be the fact that you've dual-homed all your servers, rather than put them behind a firewall like they belong. You could get away with that if they were all linux and all running iptables, but you're going to (at the very least) still have an exchange server, and not putting that behind a firewall is just plain asking to be hacked.

I would dump the dual-homed, get two old P75 and set them up as firewalls; one on each DSL line. (you could do one firewall for both lines, but you better be a pretty good network guy)

Also, you say you have one DNS server and one domain controller. You really want at least two of each. And, because you're using Win2K, you really need to leave Win2K in charge of your DNS, rather than migrating it to linux. (yes, you can work around this, but Microsoft doesn't make it easy)

Finally, at the risk of sounding like a heretic, why move off of Win2K? You obviously can't move off it completely because of your dependance on Exchange. Win2K is actually a very stable OS and it likes to be in a homogenous environment. If you're going to try to cram linux in there for ideological reasons (and without management approval) I can't help but think that's a recipe for disaster.

hth


--kurt
_________________
The problem with political jokes is that they get elected
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Gentoo Chat All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy