Thursday, April 15, 2010

Building an Open Source based Infrastructure

If you are a seasoned Linux/Unix Adminstrator, you already know how good it is to administer any Unix like Operating system because of its stability and reliability. Fixing any problems that arises will be routine, or if not, you can easily find help by posting into a particular application/service mailing list, no matter where you are and no matter what time is it. You will certainly get any clue if not the answer to the specific problem that you encountered.

With the stablity and reliability of an application, services, or the Operating System itself, and because of this, we have the luxury of enjoying our valuable time this world. It is also a great time to cut the cost off from the proprietary world. With that on mind, you can use those extra budget to hire some junior level IT staff and make employment, and not only that you created some jobs, you also help them understand the important role of Open Source systems not with what it can only do, but that this systems can also meet business objectives.

Once you have your objectives (IT) already defined, we can now start building the infrastructure using Open Source software. In this scenario, we will be configuring numerous Open Source based applications and services and we will also be going to scale them to be inline with IT objectives. Below lists the infrastructure servers that we will going to build and configure along the way.

We will first be going to configure our NFS server, as this server will be going to host our iso installer images (we will be using RHEL 5.4, but any Linux flavor will do. If you dont have a RHEL installer, you can use CentOS to follow the examples easily), eventually we will also install and configure the vsftp server for FTP and yum, this will further make the whole process of installing and configuring services on our next servers later on. 

Security is mandatory, so before this servers will be available online, we already must have IPtables and other access permissions already set in place.

Now its time to configure our Internet gateway using iptables and configure our caching proxy server using squid, a DHCP server using ISC DHCP.

As we are in the intention to cut cost not just on the software side but also in the hardware and server space footprint (this will also inturn lead to lower power and air-conditioning consumption), we will be utilizing the Xen virtualization software. IT's good to be green. :)

Next inline will be to install and configure our own internal caching only local DNS server, and Sendmail as our SMTP server.

Once we have our mailserver configured (sendmail), we will install and configure SpamAssassin and ClamAv services via milter so our users will not be spammed (well, this is not 100% true, but at least we will be able to minimize the situation to a significant degree).

We will also then need to configure our webserver using apache for web presence and web applications like webmail which we will be using roundcube.

A SQL server for our CMS (Drupal) and other valuable web applications, in this case we will be installing and configuring a MySQL server.

Then there comes the need for sharing files via a centralized fileserver in which we will be using Samba to let our *Windows* clients be able to use the centralized file server. We will also need to secure the server like the need for user authentication, antivirus and logging (we will need to audit/track users on the critical files). Linux clients will connect to the fileserver via nfs as usual, but they can also use samba if they want to.

We will also configure a soft PABX using asterisk, so staffs will be able to communicate where ever they are cheaply :). And we will also configure several softphones and integrate it to our asterisk PABX.

As to any business now, there will also be a need to deploy a VPN gateway for our mobile users/staffs that should be able to access resources from anywhere securely.

With all our servers currently up and running, and there be any need to scale the infrastructure, we will again use different Open Source software and techniques that are already proven and in production all over the world.

No comments:

Post a Comment