Introduction
Expand the capabilities of routers by alternative firmware, of course, interesting. However, sometimes there comes a time when adding another add-on leads to the fact that the already “soaked” router stops working stably. In this case, you will either have to give up some of the functions, or be prepared to fork out money to buy a more powerful router model, or even a ready-made solution in the form of a small server with pre-installed software. But why? It's enough just to take old computer and configure everything you need yourself. This is what we will do. You can, of course, pick up a file and turn a steam locomotive into a fighter jet, that is, install some kind of Linux distribution(along the way, be sure to rebuild the kernel, where would we be without this), and then take a long and tedious time to bring it to the desired state, screwing Webmin or something like that at the end.
We won’t split hairs and use the specialized distribution Zentyal. It has two important advantages for us. Firstly, it has a unified web interface for managing all the main server modules (routing, firewall, DHCP, mail, and so on). Secondly, it is based on Ubuntu, which means that the entire package base of this distribution is available to us. In fact, you can install all Zentyal components on Ubuntu from a special PPA repository. There is another, very similar product - ClearOS. Both distributions have different subscription options, but for us it will be enough free version. If you wish, and for relatively little money, you can get a little more features, which is more important for organizations than for the home.
⇡ Preparation
The recommended configuration for Zentyal for a PC that will play the role of a server is approximately the following: a Pentium 4 level processor, at least one gigabyte of RAM, an 80 GB hard drive and at least two network interfaces (we will be making a gateway). In reality, it all depends on your tasks. The network component consumes the least resources, so it’s quite possible to get by with some kind of “atomic” machine. If you plan to install an antivirus, mail, filter, and so on, then, perhaps, you need to take something more serious. It's logical that you need to buy wifi adapter(list of compatibles), if needed wireless network, but as an alternative, you can purchase an access point (bridge) - in some cases this is even better, since the server will probably be hidden in some quiet corner, that is, physically remote from where wireless clients gather. There’s no need to skimp on memory—it’s already quite inexpensive anyway. If desired, you can organize a RAID, but special meaning this one doesn't seem to be the case. Built-in or software solutions are not so reliable, and a hardware controller would probably be a waste of money in our case. And yet, it would be most reasonable to highlight a separate hard drive for data (“file dump”, torrent downloads, etc.) or even add a USB drive. It is better to connect it after installing the OS.
⇡ Installation of Zentyal
When the machine is prepared, you will need to download the required ISO image of the installer from this page. We burn the ISO onto a disc or write it onto a flash drive. Along the way, you can register with Zentyal and get a basic subscription to additional services by clicking on the Subscribe button on the same page. We include in BIOS loading from a removable drive or CD drive, insert our media with the system image and reboot. If you want, you can select Russian during installation. In the menu, select the first item (delete all disk) and press Enter.
The installation wizard will guide us through all the main points. The first thing you need to do is set up your keyboard.
One of network interfaces will look at the external network, and the other will look at the local network. By and large, it makes no difference which interface you assign to which role. In our example, eth0 will serve for local connection, and eth1 for Internet access.
If the installer was unable to determine your current time zone, then he needs a little help.
Then the installer will independently partition the disk, format it and install the base system. At the end you will be prompted to create a new account administrator.
After this, the remaining OS components will be installed and we will be prompted to reboot. At the same time, we will return booting from the hard drive to the BIOS.
⇡ Basic setup
Zentyal is managed through a web interface, which is similar to the interface of most routers. From local network it is available at https://ip_server/. After downloading, we are prompted to log into it using the administrator login and password that were specified during the installation stage. We can define one of the standard roles for the server (we need Gateway) or skip the setup and select all the necessary modules ourselves. This is done in the “Software Management” → “Zentyal Components” section. During installation, recommendations appear to install some other components that are not initially available. For example, when installing an antivirus and SAMBA (for sharing files over a network), it is recommended to enable the option to scan shared folders for malware. Already installed modules are enabled and disabled in the “Module Status” section. Please note that some services depend on each other - until you enable one of them, the other will not be available. Quick access information about the current state of the system and the start (restart) of basic services is available from home page web interface, also known as “Desktop”. In the upper right corner there is a “Save Changes” button, do not forget to click on it after changing the settings.
When installing some modules, the setup wizard will be launched. For example, to configure network connections. For the external interface, options are available to manually specify all settings or receive them via DHCP or via VLAN (802.1q) or ADSL (PPPOE). Alas, in at the moment There is no ready-made support for PPTP/L2TP, so beloved by our providers, and its implementation is not planned until the next release, which will be released in the fall. The simplest way out of this situation seems to be to buy a simple router (from 500 rubles), configure it to connect to the provider, register a static IP for the server and move it to the DMZ or completely forward ports to it. For the internal server interface, you must specify a static IP address and select a subnet mask. Then the settings can be changed in the “Network” → “Interfaces” section.
We will also need NTP, DNS, DDNS and DHCP modules. The first three are optional, but you can’t do without the last one if you don’t want to manually register network settings on all machines on the local network. In any case, a local caching DNS server, an external domain, and a local time server are useful. Just remember to enable synchronization with third-party NTP servers in the “System” → “Date/Time” section. At the same time, you can register static routes, for example, to access the resources of the provider’s local network.
Now let's get acquainted with the concept of objects and services in Zentyal. Objects are any devices on the network or groups of them (PCs, printers, NAS, and so on). Initially, lists of objects (groups) are created, to which the required IP addresses or address ranges are then added. You can also specify a MAC address for a specific host.
Services in Zentyal's understanding are ports or groups of ports and protocols. When creating a service, you can check the “Internal” checkbox if this port and protocol are used on the server (for example, port 21 for the Zentyal FTP server). Similar to objects, each service can include a whole list of ports/protocols. Services and objects can later be used in other modules such as a firewall, and they are needed only for more flexible and simpler network configuration.
In general, to activate DHCP, it is enough to set the same settings as in the first screenshot below. After this, you must add ranges of IP addresses that will be distributed to the machines - you can create several of them at once for different groups of devices. Static DHCP is implemented using objects. A little higher in our example, we created a list of wire objects, in which we specified several machines with IP and MAC addresses. So, we just need to add any list of objects in the “ Fixed addresses", so that computers from this list are assigned pre-specified IP addresses in accordance with their MAC addresses.
The firewall is divided into two logical parts. The first, the packet filter, is not so interesting, since it only allows you to configure the behavior of internal Zentyal services. The second part is the most common port forwarding.
As an example, let's open access to the Zentyal web interface from the outside by adding one rule to the “Filtering rules from external networks on Zentyal”.
Bandwidth distribution is configured in Gateway → Traffic Shaping. Naturally, this module must already be installed. First of all, in the “Interface Speeds” section, you need to indicate the maximum incoming and outgoing speeds according to your tariff. Speed control is based on the L7 filter system. In the Application Protocols section we can create and edit protocol groups. Then you need to add the necessary rules for each of the interfaces, setting the priority and setting the speed indicators. In particular, you can set a limit for each computer on the local network. The features of setting up QoS have already been discussed in this article - it is recommended to read the relevant section.
If you have several external channels for accessing the Internet (for example, two gateways or two ADSL modems, not necessarily with the same speed), then you can configure traffic balancing. In the “Network” → “Gateways” section these channels are registered, and for PPPOE and DHCP they are created automatically. For each external connection, you can specify a weight, that is, in fact, the priority of choosing a particular channel. If the speeds of the external channels are the same, then the weights should also be the same. Otherwise, the higher the priority number (greater than 1), and therefore the lower the speed, the less often it will be accessed. Balancing itself is based on rules in which you can specify through which gateway and what data will go. This is where objects and services will come in handy once again.
The presence of several gateways at once gives another advantage - the ability to automatic switching between them in case one of them stops working. But first, let’s get acquainted a little with the Zentyal event system. We are interested in the “Failover WAN” event, which must be enabled. Some events have customizable parameters, for example, you can specify the volume as a percentage free space on the hard drive, upon reaching which an alert will be generated. An event notification can be delivered to the administrator in several ways - for us, only RSS or a message in Jabber are relevant. At the same time, all event logs are recorded in logs, which can then be viewed in the appropriate section.
So, after enabling the fault-tolerant WAN, go to the “Network” section and go to the item called exactly the same. Here we add rules to check the health of each gateway by “ping” the gateway itself, any host, an HTTP request, or a DNS request. Immediately add a check launch interval and set the number of attempts. If a gateway fails the test, it is temporarily disabled until it is restored to functionality, and all requests are automatically redirected to another gateway(s).
Additional settings
If you decide to sign up for a basic subscription to Zentyal services, you should have received a login and password by email. Before connecting it, you need to generate certificates ( digital keys) in the “Certification Center”. We will need them later to create VPN connections to the server. For a root certificate, it is enough to indicate the name of the organization and its validity period. After that, in the “Subscription” → Server Subscription section, just enter the sent login and password. To be honest, there is no particular point in this - you can only look in demo mode at the features available in paid subscription options ( backup, managing a group of servers, remote updating, and so on).
In the “System” → Import/Export Configuration section, you can save and restore the current server settings. It is recommended to download the settings file and save it on another machine or removable storage device. You can also save the configuration in the Zentyal service. This is perhaps the only benefit from it, besides the ability to see whether the server is currently online, and automatic notification by mail if it suddenly goes offline.
Finally, the last thing that is recommended to be done during the initial setup is to update the system from the “System updates” section by clicking on “List of updates”, checking the required packages and then clicking “Update”. A little advice - it’s better not to select all the packages en masse, but to update them in small batches. An alternative option is to simply run two commands in the User Console:
sudo apt-get update&& sudo apt-get upgrade
Well, turn it on at last automatic update Software in settings.
Let's stop here, perhaps. In the next part we will look at creating groups and users, setting up a file hosting service, installing a torrent client and a number of other things.
If you have already made a strategic choice for yourself in favor of purchasing a server and creating your own IT infrastructure, then your next step will be choosing a specific server platform.
We have already told you how to choose a server for a small company, and this article is its logical continuation, from which you will learn exactly how to choose the server platform that suits you, how it will affect your business and why this choice is important.
You should read this guide because:
- You will be able to choose a server that will not only cope with its tasks, but also will not create excessive performance and extra costs to own iron.
- Not only will you optimize your costs today, but you will also ensure maximum return on investment and future-proof IT infrastructure.
Choice of three segments: Enterprise, SMB, SoHo
Today, the system of dividing server equipment into several segments according to its quality, reliability and purpose is quite widespread. It can best be formulated this way:
SoHo equipment is simpler, less expensive, and more suitable for solving simple problems. As a rule, productive and reliable IT infrastructure is not built from SoHo-level equipment, since it is better suited for home and office networks designed for light loads and capable of combining only a small number of hosts.
On the other hand, the realities are such that sometimes it will be more profitable for a small enterprise to use a small amount of Enterprise level equipment with all its high fault tolerance, sufficient scalability and an excellent level of service/technical support, while some relatively large enterprises will be able to save money on the SMB level – after all, the total cost of ownership of equipment and software is not limited to their purchase. It also includes the maintenance, maintenance and repair of equipment, plus, of course, losses from downtime. Well, huge corporations can create their own server and even data centers, combining equipment of all levels in their infrastructure.
To decide on the choice of equipment you need:
- Assess the risks. Your firm is no larger than SoHo level, but its turnover could easily be SMB or Enterprise level. How much will the downtime cost for the equipment you buy? Wouldn't it be more forward-thinking to acquire sufficient fault tolerance?
- Think about tomorrow. Even if today you are completely satisfied with something from the initial segment, then tomorrow your enterprise may grow, after which the problem of expanding the IT infrastructure and corresponding management of the entire server park will immediately arise.
Below we will also discuss what happens when you combine equipment manufacturers, as well as how to make your own infrastructure more sustainable. However, whatever path you choose, never forget about scalability.
"Big Three"
The main representatives of the segment are the well-known “Big Three”: Hewlett-Packard, IBM (Lenovo) and Dell, offering elite equipment designed to provide high performance, as well as the convenience of upgrading and managing the system as a whole, but not without its drawbacks. Their main disadvantage, undoubtedly, is the cost of purchasing this equipment, since the creation of such advanced equipment is far from cheap.
Each Troika vendor tries to create the most fault-tolerant and reliable system, thinking through every little detail. As a rule, these manufacturers strictly regulate the components supported (and accordingly tested) by their hardware, simultaneously distributing them in the “channel”. Therefore, each manufacturer has an entire ecosystem of its own software and hardware, the arbitrary replacement of which can lead to a loss in performance. But these restrictions are not laid down at the hardware level.
It is also worth remembering that one of the main advantages of these vendors is the service they provide (HP Care Pack, Dell ProSupport and IBM ServicePac). This is a very expensive service, available in several variations, some of which can increase the cost of equipment by one and a half to two times. At these costs, technical support specialists will be available 24/7 and their response time will not exceed several hours.
But technical support may well refuse assistance or a warranty if you contact them with a system in which components not approved by the manufacturer are installed. This defeats the purpose of saving.
Convenience and ease of managing your server fleet can also be achieved if you build the entire infrastructure on the platform of one manufacturer.
In addition to all of the above, expensive, powerful (and not always flexible enough) equipment from the Enterprise segment can provide its owner with excessive fault tolerance, performance and unnecessary services.
And, of course, you should understand that any servers fail and are often subject to unpredictable problems with compatibility and software updates. It’s just that the Enterprise segment is less susceptible to this and tries to provide everything necessary resources to resolve the problem as quickly as possible.
Choice from Troika
The competitive struggle between the members of the Big Three is already a very long-standing high-tech rivalry. The administration of any of these giants is practically a separate profession, so it is quite difficult to compare their advantages and disadvantages. In general they look like this:
To demonstrate these differences not only in words, but also in practice, let's look at several powerful servers from Troika in the 1U form factor, ideal for virtualization (and their used analogues - where you can find them):
Virtualization places the greatest demands on the computing power of a server, and the presence of a server for virtualization in a given manufacturer’s line-up is quite indicative. The most elegant solution, powerful and inexpensive, of those presented is offered by HP, although the Dell server is capable of more, but it also costs one and a half times more. The Lenovo server turned out to be the most expensive - it has fewer RAM slots, but quite powerful processors.
SMB or Enterprise?
Supermicro is a niche player
The main and most popular player in the SMB segment is the company Supermicro, which actually managed to implement a universal designer compatible with a wide variety of components. On this platform you can build anything from anything, and the assertion that its servers are less reliable and fail more often than Troika’s equipment always faces a lack of statistics and objections from an army of satisfied users of the brand. So it is precisely at the mention of Supermicro that the question arises - is it SMB or Enterprise? So far, more votes are being heard in favor of the first option, but maybe this is just the force of inertia of thinking?
Supermicro also has its own interface for managing servers in the absence of physical access These include IPMI, which, although it cannot boast the same rich functionality as Troika, can show system logs, adjust fan speed and provide access to iKVM Console Redirection.
Yes, there is no full support for remote firmware of some components on Supermicro platforms (for example, a discrete Raid controller or network card). Too much different hardware can be used in it, and in this case it is impossible to calculate all configuration situations, as is done in the Enterprise segment. But this is precisely what provides the flexibility of the platform, which Troika so lacks.
However, more than once we encountered situations where some individual parts of the platform - power supplies, ventilation, backplane - failed Supermicro. To achieve sufficient system fault tolerance solely on Supermicro, the infrastructure can be redundant by duplicating each server, and in total this may be cheaper than purchasing a similar platform from Troika. To be fair, it should be noted that this will double the costs of cooling, power supply and their maintenance in general.
Elementary logic suggests an obvious solution: important/critical services for the company are deployed on enterprise-level equipment (servers), less important ones - on SMB-level servers. Here, of course, everything should depend on the specific situation, and your decision should be based on the capabilities of your budget and risk assessment.
Another common life hack, which does not have the disadvantages of double power and cooling, is to use entire spare Supermicro servers for cold swapping, only removing not a separate power supply/drive, but the entire rack at once. Such a trick with equipment from Troika hardly makes sense.
We should also say a few words about Supermicro technical support. The company does not have a representative office in Russia, and technical support does not contact the end user. Don't be surprised if you have to wait a week or two for a response, and if your supplier fulfills warranty obligations with a long delay.
Again turning to specific examples, let us recall the powerful assembly of the virtualization server Supermicro Team Server R1-E54 (1U), 2xE5-4600 v2 (12 cores), up to 1024GB, 1400W power supply. It costs from 167,000 rubles, but at the same time, in terms of power and potential, it easily competes with the “Big Three”.
True, it will be expensive to buy such a server in a spare parts package. But the used server model we mentioned above for the same money can buy one for use and one for reserve - their power is comparable.
Fujitsu - one among strangers, a stranger among one's own
Today, the servers of the Japanese company Fujitsu, which is engaged not only in the production of server equipment, but also in the creation of supercomputers, have gained considerable popularity in the domestic market.
It is not yet as well-known as Troika or Supermicro, but its representatives claim that it ranks fourth in the global server market and first in the Japanese market (although, according to some sources, it is being squeezed out by NEC in the local market - in 13 Fujitsu on Japanese market there were 5% fewer servers on x86 processors than NEC). Fujitsu is eager to join the Big Three by all available means, trying not to concede in the fault tolerance of the equipment it produces, nor in scalability, nor in service.
Unlike SM, Futjitsu has a representative office in Russia and is trying to create a service as close as possible to that offered by Troika - Support Pack, which in its expanded form also includes 24-hour technical support, quick response, calling specialists and extending the warranty period. In addition, the company is also ready to enter into a Solution Contract with clients, providing support and configuration software in accordance with the needs of a specific project, monitoring of equipment by company specialists and recommendations for expanding or improving the infrastructure.
A powerful modern virtualization server Fujitsu Primergy RX2530M1 (1U), 2xE5-2600v3 (6 cores), up to 1536GB, 2 power supplies with a power of 450 W/800 W costs only 112,694 rubles. Bypasses according to possibilities RAM the corresponding Supermicro assemblies may be a little “sagging” in processor power, but they are relatively cheap, while the manufacturer claims “Troika” level fault tolerance.
Unfortunately, this brand simply does not have an established reputation in our country yet, so it is difficult to determine its position between Troika, which it supposedly follows all over the world, and Supermicro, which is supported by an entire army of fans with their wallets. Perhaps someone will see an opportunity when choosing this platform to save a lot of money simply by negotiating discounts with the company, but in this they will have to rely on their own business acumen.
To summarize what has been said
So, if the key parameter for you when choosing is fault tolerance, if you already understand that the system will definitely have to be scaled, and problems that arise will have to be solved as quickly as possible - choose from the Big Three. Most likely, Lenovo will cost the least; HP will certainly be able to find a good combination of cost and performance (and a strict limitation on hardware) - however, here you need to start from the specific tasks at hand.
If you want to save money and get powerful, productive equipment, you should think about a system based on the Supermicro platform, but in this case you will be faced with the task (quite, as we have shown, solvable) of ensuring fault tolerance. The same can be said if you do not have enough funding for Troika - in which case you can think about alternative platforms that are less represented in our country, but are valued in the world - for example, Fujitsu.
Add tagsSOHO networks: wireless equipment for home and small office
The sharp decline in the cost of RadioEthernet devices, which has been recorded recently, has made topical use similar equipment for home and relatively small office networks. We are talking about a segment called SOHO (an abbreviation of two phrases “Small Office” and “Home Office”). Reliability and security factors, as well as the ability to cope with additional load - and this is the specificity of such networks - are in the background. When choosing equipment in the SOHO segment, ease of setup and subsequent maintenance plays a decisive role. The issue of cost, of course, is also an important one.
Networks of this class, as a rule, are arranged according to a certain scheme, when the equipment is concentrated in a small area. Therefore, possible interruptions in its operation will not cause significant losses; maintenance personnel, in addition, can always quickly reach the equipment.
Considering that such networks are either maintained by people with low qualifications, or the responsibilities of the administrator fall as a social burden on the most “savvy” user, the importance of ease of setup and subsequent management cannot be overestimated.
A SOHO network, regardless of whether it is a home or a small office, is built according to a certain scheme. Let's look at it in more detail.
Network organization: diagram and features
The diagram shows that the network has an unmanaged switch, from ten to twenty user workstations, as well as one or two laptops. Mandatory network equipment this is also a server that, as a rule, combines the functions of a file storage, mail, proxy and print server, in addition to providing other services required depending on the situation. So, if we are talking about a home network, the server will most likely install a simple billing program that records the traffic consumption of each user individually. To connect a network to the Internet, you need a cable or DSL modem with an Ethernet interface that functions as a simple router.
From wireless point access requires the following capabilities:
Full support for the 802.11b standard;
Access control using MAC address;
WPA and WEP support (RSN support is also possible);.
802.11g support with more high speed data transfer.
When connecting, you also need to take into account that the switch must have the required number of ports, as well as several backup ports to provide for the possibility of increasing the number of connections.
All devices should be easy to configure using a web-based interface, designed to be serviceable by users with a general knowledge of networking.
Usage wireless technology when connecting users, it allows you to save money that is required to create a cable infrastructure. The time required to connect new users is reduced, and reshuffling in the office will also be faster. Downtime is dramatically reduced, as well as the costs that a company faces when moving to a new location. When building a local network, it is preferable to use Wireless Fidelity technology, which is often called Wi-Fi for short.
In addition, the use of Wi-Fi minimizes the “eternal” problem of a lack of free switch ports if network expansion is required. The problem is solved due to the fact that in this case only network equipment that everyone uses and servers can be connected directly to the switch.
We must not forget about the existence of another class of small networks that look very much like SOHO networks. Despite the external similarity, this class is a fundamentally different type of network. We are talking about remote offices large companies. The fundamental differences lie in the approach to the selection of equipment in combination with other requirements for it. In the foreground here are issues of corporate standards, since it is easier and cheaper to use equipment from one, or at most two, vendors. Issues of safety and reliability are also important here. Equipment maintenance is performed by highly qualified engineers, but they do it remotely, which also imposes its own requirements regarding the possibility of remote configuration.
