Slashdot Mirror
Open Source Tools in Data Centers
An anonymous reader writes "There is a nice presentation on the L.A.S. Linux site entitled "Managing Data Center Functions with Open Source Tools" which was presented at Comdex 2003. It covers everything from IPtables to OpenNMS. As well as covering some less known but nice tools like NeDi, which lets you easily manage Cisco routers and swiches from a web browser."
in the enterprise datacenter has to be Cisco Enterprise Printing System of CEPS for short. With CEPS Cisco has over 10K printers in thousands of sites around the world with only 2 print admin's!! CEPS is based around SAMBA and CUPS and allows windows, linux, and unix clients to print to printers in a way that is unmatched for redundancy in any other product commercial or otherwise. Remote print servers can take over controll of print queues quickly in the event of a print server failure and queues can be rerouted to a new print device should a physical printer fail all without client reconfiguration! Cisco was nice enough to give the system back to the world. They have a sourceforge project available for anyone interested.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Admit it. With the exception of Apache, Samba is the number one reason that Linux (and BSD, too!) has been able to invade the datacenters of companies the world over.
:)
Without Samba, Linux et al would be in a much less pretty position.
Perhaps we should call it Samba/GNU/Linux?
Kudos to the Samba Team, Tridge, and all Samba developers/testers/users!
The linux hacker
you want user mode linux
google for it, mighty isp owner
I would include Zabbix to the Monitoring and Administration section. This is out-of-the-box application that takes care of monitoring of our network consisting of more than 400 nodes. It is not as mature as Nagios or MRTG, but its stability and feature set makes it extremely useful. Native high-performance agents cover most of platforms: Solaris, AIX, HP-UX, MS WIN, Linux, *BSD, OS X. Could be installed in a 5 minutes, this is big advantage over Nagios or OpenNMS.
OpenBSD has PF - a really cool packet/nat/authentication/bandwidth limiter/port forwarding system that is really, really, cool
You can do clever things, like allow a certain amount of bandwith for sombody, but if they log in, the bandwith limit disappears.
Or parse the spam blackout litsts and block all incoming packets from them (spam trype networks have more that their fair share of crackers)
All withouht crypic config files.
I *REALLY* hope, for Linux's sake, that after FreeBSD ports PF (to replace their IPF), a Linux port will be forthcoming.
IPTables is just fine for simple firewalls, but PF has a much more sane syntax, and it can handle really complex networks without a headache.
PF is sooo good - it's worth learing a bit of OpenBSD to get it. If you're good at Linux - it will take to half a day to learn all you need to get PF on OpenBSD working, and that includes installing OpenBSD.
It's not hard at all - I came from a Windows background and dident even know VI and it only took me three days to learn enough about OpenBSD to get it working.
Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.
Another tool to monitor a Cisco-based or other networks is JFFNMS
:)
It can monitor TCP Ports, Network cards, CPU, Memory, Disks, all using standard SNMP, with no client side scripts.
You can integrate it with your OSS using various RPC methods, everything is stored in MySQL or PostgreSQL.
Its very extensible too...
Javier
It's my own project.
- Smells Like Open Source Code
Another tool of use is the Cisco Transport Controller...we use this to monitor a fiber network up in MA.
FreeBSD's chroot jails are a much better and more efficent solution
UML has a number of differences when compared to chroot environments.
On the other hand, UML is good enough to fool even the hackers (I have had UMLs hacked and the hacker didn't realize they were in a virtual).
We run public webservers, and mailservers on UML. We are at the point where we just assume that you use one UML per application. The manageability of running single-application servers is just too good to pass up.
"I would contribute a lot of this money myself towards a 100% open-source, stable, secure distribution specifically made for web hosting."
Would always could but never did. I've seen this type of comment made so many times, but it's rare to see someone actually put money where their mouth is.
I've been using NMIS (http://sins.com.au/nmis) for about 2 years and it's better than any commercial NMS I've seen and used. Even our management turned down the likes of OpenView and Patrol in favor of it (of course cost helped that as well :). It's got it quirks, and isn't very modular unless you know perl reasonable well, but oob in a cisco network it's great with support for other vendors slowly growing. The developers are supportive via their email list as well. If you're in the need of an monitoring platform and your PHB's aren't afraid of open source apps, NMIS should definately be given a look.
--mb
Knowledge is power. Power corrupts. Study hard, be evil.
With all the recent security issues surrounding open source (Debian, anyone), I would think twice about using open source in my data center.
Please get a clue. The Debian compromise was because of a lost password. Every OS/App is equally vulnerabne to this.
When it comes to centralized management of your IT assets, Microsoft products are unbeatable. An excellent reason to be an MS only shop, IMHO.
Now I get it, you're trolling. MS may have some good tools, if you need point-and-drool and don't try to do anything the system or tool was not explicitly designed to do.
In my case, I admin a research lab with 12 workstations and two servers, all running GNU/Linux. I spend no more than 15 minutes per week on routine admin tasks, all of it from home. I can also remotely install any software the researchers need. The only reason I ever need to physically go there is to replenish the office supplies (toner, paper, bsank CDs). That sort of a setup would be difficult, if not impossible, with an MS-only setup.
You may try Xen http://www.cl.cam.ac.uk/Research/SRG/netos/xen/
In one sense, hacking a virtual is as good as hacking the real thing. On the other hand, hacking a virtual is quite dangerous on the part of the hacker.
/proc/cpuinfo and a bunch of device setups are unique to UML, most hackers have no clue and trudge on blindly. If you want to be more "stealthy" and setup a honeypot, the honeypot /proc and /dev filesystems change all the names to match a "normal" physical server. If your purpose is a "honeypot", you will probably need to only run a single UML with enough memory to seem realistic. Even then, if the hacker knows the internals of Linux, he can tell, altough it might require writing/loading a kernel module to see that the address space is not quite right.
UML virtuals have the ability to log a bunch of stuff "outside" the virtual. This can include keystroke logging on devices (including the pty's that ssh allocates). Plus you have a 100% sniffable network from the outside and the "owner" of the UML can "give" the virtual to the hacker at almost no cost and watch and learn.
If you are concerned about a hacker launching a DDOS using your virtual, this can happen, but you can also stop or mitigate it without tipping your hand against the hacker. You can firewall the virtual from the host side and silently block all (or most) of the attacking packets. You can even rate-limit the damage that they can do with 'tc'.
The amazing thing about getting a UML hacked is that most hackers don't even realize they are being watched. While
Here is the closed source competition: Microsoft OTG Reduces Print Servers--From 30 Down to 4--By Consolidating with Windows Server 2003.
Quote: "Here's the story of how they consolidated print servers from 30 servers running Windows NT Server to only four servers running Windows Server 2003 Enterprise Edition."
I'd be curious to hear peoples experiences with OpenNMS compared to Nagios.
Looks pretty good in OpenCavity though. Check it out, it's 100% open source, as you will immediately recognize.
And openNMS does what exactly? There's a vague description on the website, but its not terribly helpful. Screenshots anybody?
i'll second that. It looked like complete shit, and i pretty much closed the window with in seconds. Piss poor web design.
Lawyers, MBA's, RIAA? A jedi fears not these things!
I've been reading the Open Source Network Administration book by James Kretchmar (review here in fact) and its been a really good read. Really applicable to the subject in my opinion.
Just my $.02 on the subject.
"On a scale from 1 to 10, people are stupid"
Wait, didn't Paul Russell write Netfilter/Iptables?
SPAM/VIRUS/WORM SCANNING
amavis - http://amavis.org/
qmail-scanner - http://qmail-scanner.sourceforge.net/
dspam - http://www.nuclearelephant.com/projects/dspam/
The authors of the LAS should have mentioned Cricket.
Which is a much evolved performance trending system. For those looking to trend data from routers, switches, firewalls, servers, sensors, files. Cricket offers a very flexible configuration method. It is all in perl, so very easy to support, extend and integrate. It includes a grapher, a collector and a configuration system.
It does what it does well.
The system also offers easy integration with event management systems open-source or not. It scales well to a great number of devices.
Plus a brand new version just came out! Get it while it is hot.
http://cricket.sourceforge.net
You might want to look at FreeVSD ( http://sourceforge.net/projects/freevsd/ ). It used to be a commerical package and many ISPs have used it over the years. It hasn't been updated in a few months though since the company went under in Jan. 2003.
It has all your virtual server stuff and even has a web interface to manage everything as well, like the creation of new virtual servers, etc.
I don't see why the Open Source community couldn't pick up on it and update it for the last releases of Linux distributions. Everyone keeps saying that they would pay to help develop an Open Source virtual server program, well here is your chance to do so with a working program.
If you are looking for a web hosting control panel then you also might want to look at Vishwakarma (http://kandalaya.org/vishwakarma.shtml). It is a nice package and has been around for awhile with a nice web interface and even has support for reseller, and user management options.
But no one wanted to set up GSS or Kerberos 5 years back, so it never caught on.
/net/machine/share...
Lot more complicated than
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
No, you want vserver. It is more flexible and powerful than FreeBSD's jail and just as efficient (only a system call away).
r p.qc.ca/miscprj/s_context.hc
http://vserver.strahlungsfrei.de/tiki-index.php
http://www.linux-vserver.org/
http://www.soluco
my company uses netbackup for all out backup needs we have evaluated many options, but find due to lack of support from other vendors when used with non supported solutions, OSS is not a feasible solution. Our company is a 99.9% solution provider and if something breaks there must be a chain of monetary responsibility. Veritas gives us the support we need and all of our other vendors support netbackup. we do have a couple linux servers but for the most part we are a sun environment, which takes us full circle to supported configurations and a 4 hour service window.