This is just a short installation report....
at work we evaluated the possibilities for secure internet access from a separate LAN. Our solution was to use a terminal server in our DMZ and a terminal client on the workstations.
In order to save license cost, we choosed gentoo linux as OS for the server and CygWin as terminal client. The server choosed was an IBM x445 wilth the following hardware:
16 x P4 XEON MP 2.0 GHz
64 GB RAM
IBM ServeRaid 4MX
2 x 36.4 GB System Disk (Raid1)
14 x 36.4 GB User Space (home1 and home2) in 2 Raid 5 configuration (2x6 + 2 spare)
The installation:
Getting all exited about the hardware I started the installation by booting the gentoo live CD.
After booting, Linux reported around 850 MB RAM and 3!!! CPUs....
... that was disappointing....
after several boot options and restarts I started to install gentoo with 3 CPUs and 850 MB of ram....
After bootstraping the system and configuring the kernel for x440 NUMA support with 64GB of ram, gentoo reported 16CPUs and 64GB of RAM. Now installing gentoo turns out to be fun.
Compiling a 2.6.x Kernel with the option -j works and takes around 45 seconds!!!
The installation went fine, compiling OpenOffice and KDE still takes a while, but in the end we ended with a system that serves as XDMCP server in our network and around 50 users are using the system at a time.
This means that we have 50 times a full featured KDE session up and running. The overall system load is between 3.5 and 6.5, which is acceptable with a 16 CPU server. Network load turns out to be around 100 MBit (with a GBit connection)
A bottleneck is the system partition. If multiple users are starting applications, the RAID1 does not deliver enough througput. We thought about a RAM disk of about 20GB and loading KDE completely into the RAM disk. This is not yet done, but will for sure solve the IO Problem. RAM is not an issue. 50 Users are using around 10GB of RAM only. That leaves 54 GB for the SysAdmin
The first big update:
The first big update was a disaster.
I did an emerge sync and then an emerge -Du world and nothing worked after that.
Our system is used via XDMCP and uses the GDM for this. During the update GDM changed the configuration files and all sessions where gone. All users where forced to use a gnome failsafe session during logon. What a disaster for 900 users....
Can you imagine the amount of calls I got ?????
I which the portage maintainers would put a warning on the packages during an emerge saying: WARNING: Configuration file change.... emerge will brake current configuration. No automatik migration possible!!!
After all, installation was like for a workstation. No special problems (except the need for a special Kernel config). GDM config has a problem specifying more that 100 XDMCP sessions allowed. The graphical frontend only allows 100 as the maximum number. We want to allow a maximum of 500 concurrent sessions. That requires manual config file changes, but this is acceptable.
Special tools that could be usefull for a system like this:
- a CPU time quota manager (look in /etc/security/limits.conf)
- a logon time quota manager
- a session grabber to watch a user session
- a more multi user aware emerge...
The most important thing is a CPU time quota manager. The sysadmin should have enough power to perform his tasks
If you have any questions, just mail me
ciao
Execute
