Discussion:
[ubuntu-us-mi] Ubuntu Small Business Server CPU split
Mark
2009-01-02 23:43:55 UTC
Permalink
Hi Everyone,
As a small business owner, I have appreciated the benefits of Linux.
Alas, I have also been a bit envious of Microsoft's Small Business
Server. The idea of having everything rolled into one
distro/install... I know of a couple of basic ones for Linux, i.e.,
SME. However, this is a pretty basic one. I was thinking of one with a
bit more complex apps, i.e. LDAP, Samba, OpenGroupware and VTiger CRM
all on one CD/DVD.

At this point, the existing offerings, including Microsoft's, is doing a
one-box solution for firewall, DHCP, DNS and all of the network
utilities ALONG WITH the business apps, apache, etc. I am wondering if
a 2 box solution wouldn't be better; one to handle the network admin and
the other to handle the business apps; not sure where I would put LDAP
in the mix.

Is one box really powerful enough to handle everything? If not, how
would you distribute the software between a Network
Server/Firewall/Gateway and a Business Server. Is putting all of the
networking services on the same box as a the firewall a good idea? I
don't want a 12 box solution but how do we divvy everything up keeping a
reasonable speed and security?

Thanks in advance,
Mark
Rick Harding
2009-01-02 23:56:19 UTC
Permalink
Post by Mark
Hi Everyone,
As a small business owner, I have appreciated the benefits of Linux.
Alas, I have also been a bit envious of Microsoft's Small Business
Server. The idea of having everything rolled into one
distro/install... I know of a couple of basic ones for Linux, i.e.,
SME. However, this is a pretty basic one. I was thinking of one with a
bit more complex apps, i.e. LDAP, Samba, OpenGroupware and VTiger CRM
all on one CD/DVD.
At this point, the existing offerings, including Microsoft's, is doing a
one-box solution for firewall, DHCP, DNS and all of the network
utilities ALONG WITH the business apps, apache, etc. I am wondering if
a 2 box solution wouldn't be better; one to handle the network admin and
the other to handle the business apps; not sure where I would put LDAP
in the mix.
Is one box really powerful enough to handle everything? If not, how
would you distribute the software between a Network
Server/Firewall/Gateway and a Business Server. Is putting all of the
networking services on the same box as a the firewall a good idea? I
don't want a 12 box solution but how do we divvy everything up keeping a
reasonable speed and security?
This is just me, I think you might get a couple different answers, but I'd
have two boxes. One would be a light box that ran your dns, dhcp, firewall,
etc. This can be done easily with many of the firewall distros out there.
I'm a fan of the endian firewall package myself.

Then I'd have a real server, redundant storage, etc for the real work in
the business. You can put whatever you want on here, and I'd include ldap
in that.

So let's call it 1.5 servers :)

Rick
Jeff Hanson
2009-01-03 00:11:00 UTC
Permalink
Post by Mark
Is one box really powerful enough to handle everything? If not, how
would you distribute the software between a Network
It's a matter of load and network structure. Some hosted apps require
a lot of memory (IDS, content filtering), some require a lot of CPU,
and others require a lot of storage I/O. The less conflicting
requirements the better.

I have a server for my small office but use a separate system with
IPCop for basic network services. It's better for security to have
separate unrelated systems but it uses more energy and increases the
downtime since either one can fail. I have physically separate
networks for "household", public WiFi, a secure subnet for fixing
malware infected Windows systems, and another for future public
servers. This separation could also be achieved with a better
Ethernet switch and VLANs.

A small engineering company I do IT work for at one point had five
rather powerful servers with Windows Server 2003 (the owner dictated
the structure). One was for user home shares and shared data. One
for hosted apps for bug tracking and version control. One for
performing backups to a RAID5 array. One for externally-accessed
SharePoint. The last was a household server for family videos, etc.
The company had at most three employees. Obviously they were idle
99.999% of the time but the power company appreciates these types of
setups.
Mark
2009-01-03 00:26:43 UTC
Permalink
Post by Jeff Hanson
Post by Mark
Is one box really powerful enough to handle everything? If not, how
would you distribute the software between a Network
It's a matter of load and network structure. Some hosted apps require
a lot of memory (IDS, content filtering), some require a lot of CPU,
and others require a lot of storage I/O. The less conflicting
requirements the better.
A small engineering company I do IT work for at one point had five
rather powerful servers with Windows Server 2003 (the owner dictated
the structure). One was for user home shares and shared data. One
for hosted apps for bug tracking and version control. One for
performing backups to a RAID5 array. One for externally-accessed
SharePoint. The last was a household server for family videos, etc.
The company had at most three employees. Obviously they were idle
99.999% of the time but the power company appreciates these types of
setups.
This is the crux of the problem, the balance between all of the above. I
am trying to avoid the engineering company scenario for several reasons:
cost of hardware, energy costs, and server admin costs.

Do you think a small company, say 3-50 people can put it's file shares,
LDAP, database, internal webserver, AND secure email server all on one
machine? Oh... and I'd really like upgrade that "basic" email server to
a groupware solution to compete against Exchange.
Jeff Hanson
2009-01-03 00:50:04 UTC
Permalink
Post by Mark
Do you think a small company, say 3-50 people can put it's file shares,
LDAP, database, internal webserver, AND secure email server all on one
machine? Oh... and I'd really like upgrade that "basic" email server to
a groupware solution to compete against Exchange.
3-50 is quite a large range. If you are unsure what the needs are
then use virtualization. Throw it all on one system and if it's too
slow then move some of the VMs to another host. Essentially by
abstracting the hardware with VMs you can expand dynamically without
reinstallation or significant reconfiguration.
Mark
2009-01-03 01:12:30 UTC
Permalink
Post by Jeff Hanson
Post by Mark
Do you think a small company, say 3-50 people can put it's file shares,
LDAP, database, internal webserver, AND secure email server all on one
machine? Oh... and I'd really like upgrade that "basic" email server to
a groupware solution to compete against Exchange.
3-50 is quite a large range. If you are unsure what the needs are
then use virtualization. Throw it all on one system and if it's too
slow then move some of the VMs to another host. Essentially by
abstracting the hardware with VMs you can expand dynamically without
reinstallation or significant reconfiguration.
In a way, 3-50 is large range but it does define the whole class of
small businesses.

This is not necessarily for my company specifically but, rather, trying
to flesh-out a general spec for a generic SMB Distro. The ultimate goal
is to have a one or two disc package that a small business owner can
plop in a machine and have it "just run". Or, that IT shops can have to
mirror/ghost onto a new box for a new client; kinda like a standard LAMP
server. This is really just the first step in that ultimate goal; the
what goes where. Along the way will also be "how do we make this work
together 'Out of the Box'"; integration; and, someday, single common
user interface, a la eBox. I understand that even in a "just run"
environment, there is a fair amount of admin work, i.e. creating users
and groups, etc. but the goal is to limit the work to just that not to
customizing the glue.
Jeff Hanson
2009-01-03 01:48:45 UTC
Permalink
Post by Mark
This is not necessarily for my company specifically but, rather, trying
to flesh-out a general spec for a generic SMB Distro. The ultimate goal
is to have a one or two disc package that a small business owner can
plop in a machine and have it "just run". Or, that IT shops can have to
mirror/ghost onto a new box for a new client; kinda like a standard LAMP
server.
It's better to pick certain target markets first like retail, small
manufacturing, services, and non-profit. Then figure out what the
common apps are and define a meta package for them. Then create
another meta package for specific groups of packages for each target
market. LDAP and file sharing are obvious defaults but the others are
debatable. You'll need to have flexible options the end-user can
select like local vs. third-party web hosting and pre-configure web
editors for each scenario. With e-mail it's internal host vs.
POP/IMAP vs. web mail. With DHCP and DNS it's server based vs.
exiting ISP-supplied box. Accounting and payroll are the tough ones.
Of course there are occasional critical apps like AutoCAD you have to
work around (Wine pre-config maybe?).

Then there is the usual "it's different and I don't feel like learning
it" mentality. I almost had a conversion rejection by a customer just
because I couldn't find a replacement for a US flag wallpaper they
had. I had more complaints about that than the entire desktop change
from XP to Ubuntu.

Mark
2009-01-03 00:34:50 UTC
Permalink
Post by Jeff Hanson
Post by Mark
Is one box really powerful enough to handle everything? If not, how
would you distribute the software between a Network
I have a server for my small office but use a separate system with
IPCop for basic network services. It's better for security to have
separate unrelated systems but it uses more energy and increases the
downtime since either one can fail. I have physically separate
networks for "household", public WiFi, a secure subnet for fixing
malware infected Windows systems, and another for future public
servers. This separation could also be achieved with a better
Ethernet switch and VLANs.
I do the same at home. Do you have multiple green interfaces? If so,
how did you configure that.

Also, tell me more about the "secure subnet for fixing ... Windows". As
a side project, I am becoming the extended family IT guy and this would
be great for bringing in a machine to be fixed.
Jeff Hanson
2009-01-03 00:58:36 UTC
Permalink
Post by Mark
I do the same at home. Do you have multiple green interfaces? If so,
how did you configure that.
Actually they are "gray" interfaces:
http://www.ban-solms.de/t/IPCop-xtiface.html

It works but you have to reinstall it every time IPCop is updated (not
very often so not a major problem).
Post by Mark
Also, tell me more about the "secure subnet for fixing ... Windows". As
a side project, I am becoming the extended family IT guy and this would
be great for bringing in a machine to be fixed.
With the above add-on, set a Gray NIC to have normal DHCP services but
no access to Red (Internet) for anything. It can't access Green by
default but Green can access it. Basically any system on the secure
subnet can be accessed by Green for recovering files or RDC but they
can't connect out to anywhere to send pr0n spam or infect other
systems. They stay on the secure subnet until they've been wiped.
Loading...