[TriLUG] Server design help request

[Thunder Bear]

On Wednesday, October 2, 2002, at 11:27 PM, Mike Mueller wrote:

> Is it possible to host  1 or more domains with very little traffic, an
> experimental mail list, a mail server, file and printer sharing, and an
> Internet gateway using a cable modem and a single AMD Duron 700Mhz 
> with 128MB
> and 10G disk (shared file system requirements are small)?

In a nutshell, yes, assuming the "very little traffic" bit is true.

It amazes me the speed of the hardware that is available today, and how 
much people think they need to perform the most basic of tasks.  Of 
course, our hunger for raw performance grows to consume faster hardware 
almost as soon as it comes out.  Not being satisfied with static HTML, 
we start using RDBMS back end with perl or PHP on the front end to 
deliver dynamic content.  The Mailman developers are heading towards a 
model where each message that goes out can (optionally) be 
individualized for the recipient.

The machine you're talking about is a pretty fast box.  Little light on 
RAM, but otherwise a nice box.

> What are the risks
> with this approach?

There is the old saying about putting all of your eggs in one basket.

Also I am concerned that you say this machine will be a "gateway".  Am 
I also to assume it is going to be a firewall?  That opens up a whole 
new realm of risks and no-no's.

> If more boxes were available, how would the services be
> split up?

What would I do?

Gateway goes on a dedicated box.  Low end Pentium perhaps (like a 
Pentium 60 to 133 or something in that ballpark).

Print jobs can, if you are doing lots of color graphics, really suck up 
disk i/o (and capacity in /var/spool) for a short period of time.   If 
this sounds like the kind of stuff you'll be doing, consider an older 
box with at least 4GB of space set aside for your print spool.  If 
you're mostly printing plain text, don't bother spinning this off.

In any case, the gateway functions are my biggest concern.

 From a security standpoint, I'd recommend a very secure box with 
nothing but syslogd listening, and even then only to your duron.  
Configure your server to send a copy of all syslog events to your 
syslog server.  This is primarily for forensic purposes if/when you get 
owned.

Thunder Bear
Tribal Shaman
The Great Upchuckee Nation

IMPORTANT: This email is intended for the use of the individual 
addressee(s) named above and may contain information that is 
confidential, privileged or unsuitable for overly sensitive persons 
with low self-esteem, no sense of humour or irrational religious 
beliefs. If you are not the intended recipient, any dissemination, 
distribution or copying of this email is not authorised (either 
explicitly or implicitly) and constitutes an irritating social faux pas.

Unless the word absquatulation has been used in its correct context 
somewhere other than in this warning, it does not have any legal or no 
grammatical use and may be ignored. No animals were harmed in the 
transmission of this email, although the kelpie next door is living on 
borrowed time, let me tell you. Those of you with an overwhelming fear 
of the unknown will be gratified to learn that there is no hidden 
message revealed by reading this warning backwards, so just ignore that 
Alert Notice from Microsoft.

However, by pouring a complete circle of salt around yourself and your 
computer you can ensure that no harm befalls you and your pets. If you 
have received this email in error, please add some nutmeg and egg 
whites, whisk and place in a warm oven for 40 minutes.