lspeed.org

Okay, so I've made the site live again!

It's only taken about 18 months to convert from Windows :) Anyway I no longer have any Windows servers, and it's great.

So you'll notice I've logged in with my own user account this time... I never did get pw-kerberos working (actually, I got it working on a standard gentoo install, but not on hardened), instead I went with SASL. However that's not what I'm using for the website. In fact I've switched all externally accessible services over to using LDAP-backed OTP logins.

Let's see, what else is new?...

How about an overview of my completely overhauled network (server aspects):

• 2 back-end Gentoo servers do the following. Note that much of this is fault-tolerant (all except the last 4 items) with heartbeat as the cluster manager:
  
  • SAN (using DRBD and OCFS2)
  • redundant NFS
  • IMAP (Dovecot)
  • network monitoring (Nagios, Cacti, RANCID)
  • intranet system (MySQL, Apache)
  • identity management services (EJBCA, MIT-KRB5, OpenLDAP, FreeRadius, OTPD, SASL, Ypserv)
  • DNS (bind with ldap DLZ module)
  • DHCP
  • central syslog servers
  • serial console server (conserver, with 8-port serial card)
  • games servers (quake3-osp)
  • media center (MythTV)
  • network backups (Bacula, disk-to-disk-to-tape... with a 24 slot LTO-4 tape library)
• 2 front-end Gentoo servers. Again much of this is fault-tolerant (not the last 2):
  • SMTP (Exim)
  • web servers (Apache)
  • FTP
  • SSH gateway
  • IRC proxy
  • PBX (Asterisk... although I've not really set this up properly yet, it's on my todo list)
• 2 OpenBSD firewalls. Completely (statefully) fault-tolerant using CARP, PFSYNC, SASYNC etc:
  • NAT and firewalling
  • IPSec VPNs
  • OpenVPN
  • routing for DMZ and Wireless LANs
  • transparent web and FTP proxying
• A load of network kit (unfortunately most of these are single points of failure):
  • Extreme Summit 5i (core L3 switch)
  • Cisco 2950G-24
  • Juniper J2320 (border router, servicing dual ADSL lines)
  • cheap Linksys switch
  • Netgear WG302 AP
  • the aforementiond tape library... Dell TL2000 w/LTO-4 SAS drive
  • APC 3kW UPS
  • HP 10636 G2 rack
  • 24-port patch panel and 400m of CAT-6 around the walls of the flat (in trunking)

My desktop PC has remained much the same as it was when I last did a major upgrade in January 2007. Intel QX6700, 4GB RAM, nVidia 8800GTX. However I have recently got a new laptop which I'm really pleased with. It's a Samsung Q210... 12.1 inch 1280x800 screen, Core 2 Duo (P8400), 3GB RAM, 320 GB HDD, nVidia 9200M. It's tiny, quick, runs games and compiz-fusion, has lots of storage, and was relatively cheap.

As always I've still got lots to do (notably this website still resembles the default Joomla install rather too much!), but as you can see I've been busy over the past year and a half considering I've converted from Windows servers with Active Directory and Exchange.

Tags: network | update