Open Source Tools in Data Centers

An anonymous reader writes "There is a nice presentation on the L.A.S. Linux site entitled "Managing Data Center Functions with Open Source Tools" which was presented at Comdex 2003. It covers everything from IPtables to OpenNMS. As well as covering some less known but nice tools like NeDi, which lets you easily manage Cisco routers and swiches from a web browser."

My favorite use of OS

[afidel]

in the enterprise datacenter has to be Cisco Enterprise Printing System of CEPS for short. With CEPS Cisco has over 10K printers in thousands of sites around the world with only 2 print admin's!! CEPS is based around SAMBA and CUPS and allows windows, linux, and unix clients to print to printers in a way that is unmatched for redundancy in any other product commercial or otherwise. Remote print servers can take over controll of print queues quickly in the event of a print server failure and queues can be rerouted to a new print device should a physical printer fail all without client reconfiguration! Cisco was nice enough to give the system back to the world. They have a sourceforge project available for anyone interested.

Samba is King of the Free Software World

[the+man+with+the+pla]

Admit it. With the exception of Apache, Samba is the number one reason that Linux (and BSD, too!) has been able to invade the datacenters of companies the world over.

Without Samba, Linux et al would be in a much less pretty position.

Perhaps we should call it Samba/GNU/Linux? :)

Kudos to the Samba Team, Tridge, and all Samba developers/testers/users!

Re:Samba is King of the Free Software World

[Rick+the+Red]

I'm not so sure. Yes, from an administration standpoint it's far easier to make the server (Linux) conform (Samba) to the client (Windows) than it is to force all the clients to conform (NFS) to the server, but if Samba did not exist I believe NFS would have stepped in and filled the gap. Samba has reduced the need for a good open NFS client for Windows, but I'm sure someone would have written one if Samba did not exist.

Indeed, I predict that someone will write one should Microsoft succeed in shutting down Samba (via patents or whatever -- you know killing Samba is on their to-do list).

Missing software

I would include Zabbix to the Monitoring and Administration section. This is out-of-the-box application that takes care of monitoring of our network consisting of more than 400 nodes. It is not as mature as Nagios or MRTG, but its stability and feature set makes it extremely useful. Native high-performance agents cover most of platforms: Solaris, AIX, HP-UX, MS WIN, Linux, *BSD, OS X. Could be installed in a 5 minutes, this is big advantage over Nagios or OpenNMS.

JFFNMS

[szysz]

Another tool to monitor a Cisco-based or other networks is JFFNMS

It can monitor TCP Ports, Network cards, CPU, Memory, Disks, all using standard SNMP, with no client side scripts.

You can integrate it with your OSS using various RPC methods, everything is stored in MySQL or PostgreSQL.

Its very extensible too...

Javier
It's my own project. :)

Re:Open source in the data center?

[El+Cubano]

With all the recent security issues surrounding open source (Debian, anyone), I would think twice about using open source in my data center.

Please get a clue. The Debian compromise was because of a lost password. Every OS/App is equally vulnerabne to this.

When it comes to centralized management of your IT assets, Microsoft products are unbeatable. An excellent reason to be an MS only shop, IMHO.

Now I get it, you're trolling. MS may have some good tools, if you need point-and-drool and don't try to do anything the system or tool was not explicitly designed to do.

In my case, I admin a research lab with 12 workstations and two servers, all running GNU/Linux. I spend no more than 15 minutes per week on routine admin tasks, all of it from home. I can also remotely install any software the researchers need. The only reason I ever need to physically go there is to replenish the office supplies (toner, paper, bsank CDs). That sort of a setup would be difficult, if not impossible, with an MS-only setup.

Re:vservers

[DDumitru]

In one sense, hacking a virtual is as good as hacking the real thing. On the other hand, hacking a virtual is quite dangerous on the part of the hacker.

UML virtuals have the ability to log a bunch of stuff "outside" the virtual. This can include keystroke logging on devices (including the pty's that ssh allocates). Plus you have a 100% sniffable network from the outside and the "owner" of the UML can "give" the virtual to the hacker at almost no cost and watch and learn.

If you are concerned about a hacker launching a DDOS using your virtual, this can happen, but you can also stop or mitigate it without tipping your hand against the hacker. You can firewall the virtual from the host side and silently block all (or most) of the attacking packets. You can even rate-limit the damage that they can do with 'tc'.

The amazing thing about getting a UML hacked is that most hackers don't even realize they are being watched. While /proc/cpuinfo and a bunch of device setups are unique to UML, most hackers have no clue and trudge on blindly. If you want to be more "stealthy" and setup a honeypot, the honeypot /proc and /dev filesystems change all the names to match a "normal" physical server. If your purpose is a "honeypot", you will probably need to only run a single UML with enough memory to seem realistic. Even then, if the hacker knows the internals of Linux, he can tell, altough it might require writing/loading a kernel module to see that the address space is not quite right.