Best Practices For Infrastructure Upgrade?

An anonymous reader writes "I was put in charge of an aging IT infrastructure that needs a serious overhaul. Current services include the usual suspects, i.e. www, ftp, email, dns, firewall, DHCP — and some more. In most cases, each service runs on its own hardware, some of them for the last seven years straight. The machines still can (mostly) handle the load that ~150 people in multiple offices put on them, but there's hardly any fallback if any of the services die or an office is disconnected. Now, as the hardware must be replaced, I'd like to buff things up a bit: distributed instances of services (at least one instance per office) and a fallback/load-balancing scheme (either to an instance in another office or a duplicated one within the same). Services running on virtualized servers hosted by a single reasonably-sized machine per office (plus one for testing and a spare) seem to recommend themselves. What's you experience with virtualization of services and implementing fallback/load-balancing schemes? What's Best Practice for an update like this? I'm interested in your success stories and anecdotes, but also pointers and (book) references. Thanks!"

Re:Cloud Computing(TM)

Maybe the first question should really be: what's your budget?

Latest Trends

[Lally+Singh]

I've been looking at hp c3000 chassis office-size blade servers, which may serve as your production+backup+testing setup, and scale up moderately for what you need. Compact, easily manageable remotely, and if you're good about looking around, not terribly overpriced. Identical blades make a nice starting point for hosting identical VM images.

Re:Latest Trends

the eff is for fags looking for free music.

Re:Latest Trends

[Antique+Geekmeister]

Blade servers are very nice for more than, say, 8 servers purchased at a time. The built-in remote integration of better blade servers, the trivial wiring, and physical management are sweet. But the blade server itself becomes a single point of failure, much as a network switch can be, so it takes thought to install and manage them properly. And they cost, at last glance, roughly $500/blade for the chassis. Is this worth an extra $500/server on your budget? Not if your servers are quite modest and the person who racks the equipment is both competent and cheap.

Re:Latest Trends

[Z00L00K]

Any server that can offer a RAID disk solution would be fine. Blade servers seems to be an overkill for most solutions - and they are expensive.

And then run DFS (Distributed File System) or similar to have replication between sites for the data. This will make things easier. And if you have a well working replication you can have the backup system located at the head office and don't have to worry about running around swapping tapes at the local branch offices.

Some companies tends to centralize email around a central mail server. This has it's pros and cons. The disadvantage is that if the head office goes down everyone is without email service. But the configuration can be more complicated if each branch office has it's own.

It's also hard to tell how to best stitch together a solution for a specific case without knowing how the company in question works. There is no golden solution that works for all companies.

The general idea is however that DNS and DHCP shall be local. If they aren't then the local office will be dead as a dodo as soon as there is a glitch in the net. Anyone not providing local DNS and DHCP should be brought out of the organization as soon as possible. And DNS and DHCP doesn't require much maintenance either, so they won't put much workload on the system administration.

There are companies (big ones) that run central DHCP and DNS, but glitches can cause all kind of trouble - like providing the same IP address to a machine in Holland and in Sweden simultaneously (yes - it has happened in reality, no joke) - and the work required to figure out what's wrong when multiple sites are involved in an IP address conflict can cost a lot. And if you run Windows you should have roaming profiles configured and a local server on each site where the profiles are stored.

Local WWW and FTP servers - can work, but watch out too since you have to check out if it's for internal or external use. Do you really need a local WWW and FTP server for each site? I would say - no. And those servers should be on a DMZ. It can of course be one server servicing both WWW and FTP. The big issue with especially FTP servers if they are for dedicated external users is the maintenance of the accounts on those servers. Obsolete FTP server accounts are a security risk.

And if you run Windows I would really suggest that you do set up WDS (Windows Deployment Server). This will allow your PC clients to do a network boot and reinstall them from an image. Saves a lot of time and headache.

And today many users have laptop computers, so hard disk encryption should be considered to limit the risk of having business critical data going into the wrong hands. Truecrypt is one alternative that I have found that works really well. But don't run it on the servers.

Why?

[John+Hasler]

Why virtual servers? If you are going to run multiple services on one machine (and that's fine if it can handle the load) just do it.

Re:Why?

[MeatBag+PussRocket]

redundancy.

Re:Why?

[John+Hasler]

> redundancy.

+5 Funny.

Re:Why?

[lukas84]

Virtualization does not automatically imply redundancy, and VM-level high availability will not protect you against application failures.

Re:Why?

[nurb432]

Virtual was my first thought too.

Just p2v his entire data center first, then work on 'upgrades' from there.

Re:Why?

What a shame you can't even spell your own nick correctly. Tard.

Re:Why?

[nabsltd]

Just p2v his entire data center first,

This brings to mind one other big advantage of VMs that help with uptime issues: fast reboots.

Some of those old systems might have to be administered following "Microsoft best practices" (reboot once a week just to be safe), and older hardware might have issues with that, plus it's just slower. Add in the fact that VMs don't have to do many of the things that physical hardware has to do (memory check, intialize the RAID, etc.), and you can reboot back to "everything running" in less than 30 seconds.

Although you never want to reboot if you can avoid it, this one factor gives you some serious advantages. If you have to apply a patch that requires a reboot, you can do so just by making sure the server isn't being used right now, and it's likely that people won't even notice. Of course, you don't do this until after you have done the same thing on the test server, and know that the patch won't cause issues.

then work on 'upgrades' from there.

And the test environment is a big thing that VMs can provide to help those upgrades. Just p2v the system, then clone it to create the test version. Use snapshots and torture the test system as much as you want.

Re:Why?

[mysidia]

It creates a configuration nightmare. Apps with conflicting configurations.

Changes required for one app may break other apps.

Also, many OSes don't scale well.

In a majority of cases you actually get greater total aggregate performance out of the hardware by divvying it up into multiple servers. When your apps are not actually CPU-bound or I/O bound.

Linux is like this. For example, in running Apache.. after a certain number of requests, the OS uses the hardware inefficiently, and can't answer nearly as many requests as it should be able to. By dividing it into 4 virtual servers instead, for your 4 CPUs, you can multiply the number of requests that can be handled by 10 or 20 fold.

You may even think your CPU bound on Linux when you are not: load average may be high due to number of Apache processes that are contending with each other, and can create a false impression of high CPU or IO usage, when in fact, you have a bottleneck in the app/kernel's parallel processing capabilities.

Exchange is also like this.. better to scale out 2 virtual machines with 32gb a RAM and 4x3ghz CPUs dedicated to it each, than one server with 64gb RAM and 8x3ghz CPUs. The former is a beefy server but doesn't have much advantage from adding the extra resources. The two servers virtualized on one box may have much better performance than 1 physical server, if you are using Intel Nehalem CPUs and properly configure your VMs (i.e. you actually do it right, and perform all recommended practices including LUN/guest partition block alignment, and don't just use default settings).

Re:Why?

[mysidia]

That's where Windows 2008 MSCS, HAProxy, or Redhat cluster suite comes in.

For example, if you want a highly-available web service, you would have two VMware servers that you run a Webserver VM for on each server.

Then you would have a diskless load-balancer running HAProxy, to feet incoming web requests to a working web server.

For database services... you'd have a MySQL or MSSQL VM on each host, and a SAN or shared storage block filesystem with a GFS formatted LUN, and a Quorum disk (Linux) or Witness File share on a third physical host (for Windows 2008 MSCS), with clustering services configured so the SQL process is only active on the one host at a time, and only when quorum is met; if failure of another node is detected, a remaining node that can meet quorum will fence (KILL) the other VM, and then take over.

So in this manner, you can meet HA in a virtualized environment.

Although there are some considerations, like guest system clock accuracy, reliability of network connections to ensure an erroneous failure isn't detected during times of high load, and supported configurations for OS vendors' clustering capabilities

Re:Why?

[imgumbydammit]

Why virtual servers? If you are going to run multiple services on one machine (and that's fine if it can handle the load) just do it.

PCI compliance would require it.

Re:Why?

Sorry about your sense of humor. Maybe it will come back some day.

Re:Why?

[Nefarious+Wheel]

Why virtual servers? If you are going to run multiple services on one machine (and that's fine if it can handle the load) just do it.

Fast rollback for system changes for one thing (reboot the earlier version of the system disk), easier hardware upgrades (boot the virtual server image from a faster machine), better load balancing (see previous example). Even if your hardware:system instance ratio is best served 1:1 (a rare occurance) you could make an excellent case for going virtual.

Re:Why?

[Flere+Imsaho]

So when you need to reboot your POS Windows print spooler, you take down all the other services too? Visualise and separate out services - to a certain extent.

With a cluster of VM hosts you get hardware redundancy across all VMs. Running multiple VMs on one host is cheap and efficient, but it's too all-your-eggs-in-one-basket for me.

If your existing physical servers are buckling under the load, initially you can P2V your existing servers and run them as VMs on your hosts. That way you get a pain free hardware upgrade. Then plan for separation of services and rationalising the number of DB servers, etc. Of course you have to balance the cost of server an VM licences against the benefits of distributing servers (assuming Windows and VMWare here).

As usual, it's a trade off between cost, risk and functionality.

No need for a Windows Deployment server, we're using Fog with great results.
http://www.fogproject.org/

Re:Why?

[ckaminski]

And the beauty of snapshotting is that you don't even have to have a test server for simple fixes. Take snapshot, apply patches, everything works, discard snapshot in 3 days. Everything breaks, rollback snapshot. Try *THAT* with real hardware.

Re:Cloud Computing(TM)

[lukas84]

No, the budget questions comes later.

The first questions are: What are your businesses requirements regarding your IT infrastructure? How long can you do business without it? How fast does something need to be restored?

Starting with those requirements, you can start with possible designs that fit those solutions - for example, if the requirement is that a machine must be operational at last a week after a crash, you can build computers from random spare parts and hope that they'll work. If the requirement is that it should be up and running in two days, you will need to buy servers from a Tier 1 vendor like HP or IBM with appropriate service contracts. If the requirement is that everything must be up and running again in 4 hours, you'll need backups, clusters, site resilience, replicated SAN, etc. pp.

The question of Budget comes into play much later.

I'd say

[pele]

don't touch anything if it's been up and running for the past 7 years. if you really must replicate then get some more cheap boxes and replicate. it's cheaper and faster than virtual anything. if you must. but 150 users doesn't warrant anything in my oppinion. I'd rather invest in backup links (from different companies) between offices. you can bond them for extra throughput.

Re:I'd say

[The+-e**(i*pi)]

I doubt with only 150 people they would want to spend the money to have a server at every office in case that offices link went down. I agree wholeheartedly that the level of redundancy talked about is overkill. Also will WWW, mail, DNS, ... even work if the line is cut regardless if the server is in the building?

Re:I'd say

[hairyfeet]

But since we are talking about SEVEN year old machines he can actually just pick up some nice off lease machines, save a ton o' cash, and give them much better than they are running now. Here is a ten pack of dual Xeon servers for $1200 shipped. With something like that he could set up 2 in each office (so he has fail over) and at 2.4Ghz they have enough power to run VMs no problem.

With SMBs IMHO it is all about getting the best bang for the buck. They will typically keep machines for longer than larger businesses, so getting a decent amount of hardware now at a good price will help in the long run. With a good deal like this he can even have a couple of spares set up and ready in case of disaster recovery off site. Just load the latest image and off you go.

Dealing with plenty of SMBs over the years I have found to this be the main issue, as they simply don't have the budgets for the latest and greatest, and frankly they don't need the latest either. I have bought plenty of off lease gear from SurplusComputers and never had a bit of trouble. But for the setup he is talking about he might even be able to get by with just one in each office if he has a seriously tight budget. Maybe something like this. But he didn't say how many offices he has, nor how tight his budget is, so if he has more than a couple of branches to deal with he'd probably be better off with the 10 pack.

Sure we would all like new gear with nice support contracts to back them up, but in my experience most small companies just don't got the money, hence the 7 year old gear still in use. Better to get decent off lease stuff and have fail over than to only buy a single new machine because his budget is too tight. And if they are still running 7 year old gear I'm betting his budget ain't great to start with.

Re:I'd say

[onepoint]

if it works keep it running. You are correct in everything you point out. if anything, start first with a full replicated system setup, then a proper back up. next test the new systems, back up never seem to work on the first try so get the bug's worked out.

after this I have no real idea on what you need to do.

Re:I'd say

[The+-e**(i*pi)]

that is an awesome deal.
One thing to worry about with old P4 stuff is how much power it will use. Each of those uses probably $15 or more each month in electricity depending on where you live. It probably does not come out of your IT budget, but it still costs the company money.

Re:I'd say

[oatworm]

$150/month in a company with 150 employees is barely a rounding error, assuming it's even remotely profitable. That's $1/employee; assuming that this guy's in the US, they're standard-issue white collar drones, and he's not working in the Bay Area or anywhere else where salaries are distorted, they're probably each pulling in roughly $3000-4000 a month in salary alone, not including benefits or business payroll taxes.

Performance-per-watt becomes far more important when you're running a datacenter. When you're just getting an office network set up, who cares?

Re:I'd say

[hairyfeet]

While this is true, you have to look at the situation. As another poster pointed out at 150 employees that is a whole $1 per employee per month. And remember we are talking about a business trying to run their day to day on 7+ year old boxes. At that age the failure rate is getting pretty risky to be depending your business on. Better to eat a little extra power and have enough quality performance that you can have proper fail over and redundancy.

And by having that much server power he could even look into turning some of their older machines (which if they are running their servers on 7+ year old, you know the desktops can't be much better) into thin clients and save more money by not having to get rid of outdated hardware. Plus he doesn't have to have them all running 24/7, he could have them drop into low power mode when the loads are light. IIRC the P4 based Xeons were actually quite good about dropping into low power mode when not needed.

But if anybody else is looking for good quality off lease desktop/server gear with excellent service I would HIGHLY recommend surplus computers. I have done quite a bit of business with them over the years and never had a bit of trouble. Never any hassle when some UPS guy used a piece for a tire chuck, just pack it up and easy RMA. Good gear and cheap prices. great for setting up an SMB or SOHO. You're not gonna get gamer rigs or anything like that from them, but for office gear and servers they really have great service and prices for off lease equipment. And no I don't work there, I'm just a satisfied customer who likes getting a good value for his money.

Re:I'd say

[ComputerizedYoga]

I'm not sure I'm convinced that it's really a good idea replacing 7 year old hardware with 5-6 year old hardware. Especially given that a single slightly-inexperienced sysadmin doing the system installs and upgrades in question is probably going to have their hands full for a year or so just on the software side. By the time the first wave of upgrades is done with, you're looking at hardware that's older than the stuff you're trying to get rid of was when you started the process.

Further, old cpus have comically bad performance compared to the latest and greatest, with performance literally an order of magnitude worse than current tech. Moreover, they don't support a lot of things that new systems do. That 10-pack you list isn't going to support virtualization extensions that make virt compelling on modern hardware. They're not going to support enough ram to let you do useful virtualization, and they don't ship with enough headroom for any modern os running a decently well-utilized application stack to be very happy. They probably don't even support 64-bit.

If you want cheap throwaway hardware to make a test lab out of, off-lease/lifecycled hardware's great. If you're doing things that live in production space, you might as well just bite the bullet, lay out a bit of capex and do it right the first time.

Re:I'd say

[hairyfeet]

Hey, if they'll cut him a big fat blank check I'd be agreeing with you 110%, but I've been where he is at and that is almost NEVER the case! If he goes new he will be quite lucky to get ONE box, and it won't be anywhere near the top of the line, nor will they let him get anything more than a "bronze" level support contract, which lets face it nowadays is some guy in India reading from a script.

Now with something like that ten pack OTOH, he can run say 2 VMs per rack, yes they won't be as efficient as a new hottie, but it costs a hell of a lot less than a new hottie as well, he will have an easy way to set up fail over, in my experience the IBM blade servers are built like tanks so he shouldn't have any problems there, and at that price he can put a couple back as spares so if one dies at a bad time he has to just re-image and be up and back in the game.

But I agree with you 100%, if they'll cut him a nice check for say...ohhh $25k or so, then by all means get the nice new stuff with the support contracts. But sadly having worked for places much like that the odds that he will get more than $3-5k total is pretty slim. And that is for everything from OS down to cables. Remember the economy is in the crapper, and if this place has been running on 7 year old gear they probably aren't gonna be giving him the fat check to go shopping. But I agree, if they cough up the cash get new.

Re:I'd say

He said 150 people in offices, which implies employees or contractors--not 150 users. Having 150 employees does not equate to having no need for failover or redundancy. If they process a lot of transactions and do data mining, then their hardware needs could be quite large. I've worked in a 80 employee company with $2,000,000 in hardware. Many of the nodes were under very heavy load due to the large amounts of external web traffic, database lookups, and analytic calculations to perform. A 1 day outage could have meant $100,000 loss in revenue for that day. The question one should ask is what is the penalty if there is a 1 day outage: $1k a day = wake me in the morning, $100k a day = panic mode. The second question to ask is what is the long term ramification if there is a 1 day outage? Dropped or inaccurate financial transactions, legal issues stemming from failing to meet contractual obligations, loss of clients/users, negative press, complaints, etc.

Re:I'd say

[ComputerizedYoga]

It's still dumb. I don't want to belabor the point here, but just from a financial perspective, accounting only for power and cooling, if you look at the 2 year mark, it's better to buy a $7000 "new hottie" that draws 300 watts at the wall than to spend $1000 on ten "old crappies" that draw 200W/ea at the wall*. And that's not even beginning to look at things like labor hours, ownership costs in years 3-5, space, storage, downtime due to a lack of in-system redundancy, software licensing costs. This "total cost of ownership", which is potentially much larger than the sticker price of the system. Especially when the counter-case is based on assumptions that a certain brand of hardware and all components therein are made out of unobtainium.

*: when you do this calculation, I recommend $0.10/Kwh, 1:1 power to cooling cost ratio, assumption that you actually need the systems you're acquiring, and acceptance of the idea that a pair of 2.53ghz quad-core nehalems with 24 gigs of ram is more than a match for 40 early-netburst 2.4ghz xeons with 20 gigs of total ram.

Re:I'd say

[stilwebm]

Having managed old infrastructure boxes in the past, I know it's harder than it sounds. The reliability was rock solid, but as demands of the network grew - not only in numbers of nodes but the way the nodes were used - and security concerns mounted, it was no longer feasible to maintain the boxes as-is.

Compiler, library, and package management changes over that time period makes it difficult on *nix boxes and Windows support expirations likewise make it difficult in Windows land. You reach a point where the time invested to patch a system exceeds the cost of replacing the system. Additionally, the downtime from the patch process (good luck finding a decent staging server for something seven years old) offsets the purported reliability of the setup. Lose a major component on one of those machines and you'll get a crash course in starting over and modernization.

Re:I'd say

[hairyfeet]

Again I'd agree with you 110%, but what makes you think they are gonna cough up $7k? He'll probably get closer to $3k and at that price all he'll get is the equivalent of cheap ass consumer crap and "bronze" support. And as for the juice? That don't come out of the IT budget, praise Jebus!

Look, I take it you are one of the lucky bastards that have always got to work at a place that understands that good ain't cheap, that you gotta spend money to make money, yadda yadda yadda. sadly I have had many a job working for an SMB with just the kind of hardware setup this guy is talking about, and some even worse. They ALL expect miracles for a buck, and want you to be their personal Scotty that just "makes it happen". Of course we all know Scotty was a miracle worker because he lied his ass off to the captain, and jury rigged all over the place.

So unless this guy has another job already lined up so he can LOL when they tell him the budget he'll have to make do with the piddling amount they give him or pray that 7 year old crap don't go tits up. Since I have been in his loafers I know the value of having spares, of having fail over, and of having management look at you as the miracle worker. You see, in the end management won't notice that the boxes you got suck more juice than the new hottie (that they wouldn't give you the money for in the first place) all they will notice is you outfitted the whole place and came in under budget. Sad but true dude, sad but true.

Re:I'd say

[GWBasic]

if you really must replicate then get some more cheap boxes and replicate. it's cheaper and faster than virtual anything

Uhm, no. Physical-to-Virtual, also known as P2V, can turn an existing physical box into a VM with minimal or no downtime.

And the Key Factor is....

[VonSkippy]

Lets cut to the chase - how much MONEY do you have. It's all well to ask pie-in-the-sky questions, but then reality sets in and we find you can't afford it.

Why don't you start with what you CAN afford, and then go from there (cause you know that's what your PHB and Bean Counters are going to tell you).

Re:And the Key Factor is....

[lukas84]

Again, wrong approach. Ask the higher-ups what kind of availability they want. The cost is derived from their wishes.

Re:And the Key Factor is....

Excuse me Mr. CEO, but what kind of availability would you like? Umm let me think about that one...

Re:And the Key Factor is....

Scoff all you want, but CEOs are as likely (if not more likely) to understand compromise and Cost-Benefit Analyses as much as Joe Schmoe. If you explained to them that you could never guarantee 100% availability no more than the sales department could guarantee non-stop deal-closing, but that s/he's welcome to pick as many guaranteed 9s as s/he's willing to pay for, they'd probably understand and pick a number appropriate to their budget and business requirements (obviously you would be the one supplying dollar/uptime conversions).

Think about the complexity of duplication

[El+Cubano]

there's hardly any fallback if any of the services dies or an office is disconnected. Now, as the hardware must be replaced, I'd like to buff things up a bit: distributed instances of services (at least one instance per office) and a fallback/load-balancing scheme (either to an instance in another office or a duplicated one within the same).

Is that really necessary? I know that we all would like to have bullet-proof services. However, is the network service to the various offices so unreliable that it justifies the added complexity of instantiating services at every location? Or even introducing redundancy at each location? If you were talking about thousands or tens of thousands of users at each location, it might make sense just because you would have to distribute the load in some way.

What you need to do is evaluate your connectivity and its reliability. For example:

• How reliable is the current connectivity?
• If it is not reliable enough, how much would it cost over the long run to upgrade to a sufficiently reliable service?
• If the connection goes down, how does it affect that office? (I.e., if the Internet is completely inaccessible, will having all those duplicated services at the remote office enable them to continue working as though nothing were wrong? If the service being out causes such a disruption that having duplicate services at the remote office doesn't help, then why bother?)
• How much will it cost over the long run to add all that extra hardware, along with the burden of maintaining it and all the services running on it?

Once you answer at least those questions, then you have the information you need in order to make a sensible decision.

Re:Think about the complexity of duplication

[CharlyFoxtrot]

Parent is right. KISS : keep it simple & stupid, there's a reason some of those servers have been running for 7 years straight. Don't make the error of over thinking it and planning for more than your organization needs (fun though it may be.) You can overthink your way from a simple install to a Rube Goldberg Machine.

Re:Think about the complexity of duplication

[psych0munky]

Maybe this is asked elsewhere in these threads, but the one thing that seems to not be asked here is not just "What are the business requirements?", but also "What are your business application requirements?". While it may seem implied in the former question, IME, it is usually not addressed enough by simply asking the former. In asking the former, it seems that you get nice "businessy" answers like "we need Y application to be back up and running in X time". What it doesn't answer, is what are the requirements for Y application? Does it need to have internet connectivity, connectivity to a central database, or is it completely stand-alone? In the second case, unless you have a sufficiently advanced application (most aren't), simply putting an instance of Y application locally in case your link goes down, may not cut it if it does not have suitable "caching" mechanism to store data until the link comes back and then forward it on to the central DB.

I have seen many hardware upgrades "fail" even though the upgrade was technically successful. This was usually caused by the project team asking the right business questions, but forgetting to drill down and ask the right questions of the application providers (vendors or internal development staff).

I was actually involved in a Active Directory "upgrade" project where the project team was wanting not to simply upgrade AD to the latest version, but also refactor the directory structure (due to some really poor choices on the initial implementation which was causing daily grief for the maintainers of the information), without considering the impacts to the applications we had built in-house that were using AD for Authn and authz (most would've likely been able to handle the changes since they were fairly configurable in this regard). I raised this concern many times and almost everytime, it was ignored, or it was "yeah, we will consider that", and then it got dropped on the ground. Fortunately, just prior to implementation, the project got "put on the back-burner" and the project manager (a contractor) was let go due to "budget cuts". Hopefully when/if this gets traction again, we will actually look at what else besides the network and people's workstation login's will be affected.

I still struggle to understand what causes this rift between infrastructure people and development people (I have been on both sides, but mostly on the development side), as a poor application choice can severely restrict what can be done with a company's hardware, and inversely, a poor infrastructure choice can unexpectedly break an application.

However, if you are only a company of 150ish employees, hopefully you are still small enough to deal with issue quickly and efficiently (it seems to get worse as corporations get bigger).

balancing act

[TheSHAD0W]

Beware of load balancing, because it will tempt you into getting too little capacity for mission-critical work. You need enough capacity to handle the entire load with multiple nodes down, or you will be courting a cascade failure. Load balancing is better than fallback, because you will be constantly testing all of the hardware and software setups and will discover problems before an emergency strikes; but do make sure you've got the overcapacity needed to take up the slack when bad things happen.

Get someone experienced on the boat!

[lukas84]

You know, you could've started with a bit more details - what operating system are you running on the servers? What OS are the clients running? What level of service are you trying to achieve? How many people work in your shop? What's their level of expertise?

If you're asking this on Slashdot now, it means you don't enough experience with this yet - so my first advice would be to get someone involved who does. Someone with many people with lots of experience and knowledge on the platform you work on. This means you'll have backup in case something goes south and your network design will benefit from their experience.

As for other advise, make sure you get the requirements from the higher-ups in writing. Sometimes they have ridiculous ideas regarding they availability they want and how much they're willing to pay for it.

Re:Get someone experienced on the boat!

[TakeyMcTaker]

The main piece of missing information that annoys me is that part of the network service list that says "-- and some more." Half the services that were listed could be easily outsourced to any decent ISP, with cost depending on security, storage, and SLA requirements. ISP hosting or even colocation services give you cheap access to better redundant Internet links than your office will ever touch.

The other half could be done with a cheap firewall/VPN box at each site. In the age of OpenWRT, these boxes often have services like Multi-WAN, DNS, DHCP, SSL, VPN, and IDS built-in. Buy two of those, sync configuration, hook them up to a networked power switch, and script the power to shut off one and power up the other whenever a network service test fails. All that equipment is still less than the cost of a single 1U+ server with equivalent services, and any custom scripting would be for minor convenience functions -- not a service requirement. I find specialized hardware/firmware solutions are far more reliable than software/server solutions. They are also often cheap enough to keep an offline spare handy for emergency replacement.

Even a low-power retail NAS box could be used for complete network authentication, SSH, and SSL data services. It could probably serve an office up to 250 users, depending on simultaneous load -- 50 easy. Slap some cheap (less than $0.10/GB!) TB+ SATA drives in there, and you have multi-TB RAID storage per site, that can be rsync replicated to all nodes. Give each site their own cheap master storage node, replicated to each other. The rsync script(s) could be scheduled or event triggered, as needed. Netgear ReadyNAS boxes can also run Subversion/WebDAV/Autocommit/svnsync.

I'm betting the meat of these services are in that nebulous "and some more" area, and that those service requirements change everything.

Some brand names that carry one or more of the products mentioned above, and can be found in any Fry's or decent online store, without even having to deal with a sales rep:
Netgear
Linksys (now sometimes Cisco rebranded)
Dlink
Cradlepoint (3G/4G wireless backup!)
Apple (Airlink are surprisingly good routers!)
Qnap
Thecus
Sans Digital
Digital Loggers, Inc.
APC

I wouldn't ever recommend Buffalo, and 3Com might be on the list if HP had not bought them recently.

Re:Get someone experienced on the boat!

Agreed. Hire an enterprise architect for a fixed amount of work to consult. Say 3-4 weeks. There is no substitute for experience. At the end of that engagement, you should have an overall plan for all your upgrades for the main location and 1 or more satellite locations.

This is too complex for slashdot answers and you won't find the answer in a book or 10.

Anyone that claims this is easy enough to do yourself is talking out their ass. As an EA, I know I can't know everything related to this AND your specific situation.

Re:Get someone experienced on the boat!

[TClevenger]

IPCop on a white box is another option, and does excellent point-to-point VPN tunneling as well. You'd be hard-pressed to talk me into paying more for MPLS ever again.

Take your time

[BooRadley]

If you're like most IT managers, you probably have a budget. Which is probably wholly inadequate for immediately and elegantly solving your problems.

Look at your company's business, and how the different offices interact with each other, and with your customers. By just upgrading existing infrastructure, you may be putting some of the money and time where it's not needed, instead of just shutting down a service or migrating it to something more modern or easier to manage. Free is not always better, unless your time has no value.

Pick a few projects to help you get a handle on the things that need more planning, and try and put out any fires as quickly as possible, without committing to a long-term technology plan for remediation.

Your objective is to make the transition as boring as possible for the end users, except for the parts where things just start to work better.

Re:Cloud Computing(TM)

I disagree when you have a budget of 800$ and some shoestrings it eliminates a lot of questions ;)

Affordable SME Solution

[foupfeiffer]

I am still in the process of upgrading a "legacy" infrastructure in a smaller (less than 50) office but I feel your pain.

First, it's not "tech sexy", but you've got to get the current infrastructure all written down (or typed up - but then you have to burn to cd just in case your "upgrade" breaks everything).

You should also "interview" users (preferrably by email but sometimes if you need an answer you have to just call them or... face to face even...) to find out what services they use - you might be surprised to find something that you didn't even know your Dept was responsible for (oh, that Panasonic PBX that runs the whole phone system is in the locked closet they forgot to tell you about...)

Your next step is prioritizing what you actually need/want to do... remember that you're in a business environment so having redundant power supplies for the dedicated cd burning computer may not actually improve your workplace (but yes, it might be cool to have an automated coffee maker that can run on solar power...)

So now that you know pretty much what you have and what you want to change...

Technology wise, Virtualization is definitely your answer... and there's a learning curve:
    VMWare is pretty nice and pretty expensive.
    Virtualbox (I use) is free but doesn't have as many enterprise features (automatic failover)
    Xen with Remus or HA is the thinking man's setup

All of the above will depend on reliable hardware - that means at least RAID 1, and yes you can go with SAN but be aware that it's a level of complexity you might not need (for FTP, DNS, etc.)

Reading what you've listed as "services" it almost sounds like you want a single linux VM running all of those things with Xen and Remus...

Good luck, and TEST IT before you deploy it as a production setup.

Re:Affordable SME Solution

[TheLink]

Isn't vmware server free?

What I found is virtualbox doesn't allow you to reconnect network interfaces on a running machine to a _different_ network (real or virtual). Vmware allows you to do that. This might not be an issue for your environment.

Also vmware has each machine in all nicely in one directory, whereas virtualbox seems to put stuff in different directories. The vmware way makes it a bit easier to backup and restore machines.

Note: vmware server doesn't sign their drivers so you can't install it easily on certain windows O/Ses. This is not normally an issue if you can run Linux (which I think is a better platform as a vmware server host than windows).

Re:Affordable SME Solution

[Slashcrap]

Xen with Remus or HA is the thinking man's setup

Presumably the man is thinking "Holy shit, they only announced this last week and it's still pre-alpha. Am I fucking insane?".

The answer is yes, yes he is.

Re:Cloud Computing(TM)

[Foofoobar]

Note that he did say VMWare on a cluster. I have an idiot at my office trying to do VMWare all on one server and failing to realize this still creates one point of failure. If you are going to do virtualization, the only benefit comes when you invest in a cluster otherwise don't do it at all.

openVZ

[RiotingPacifist]

For services running on linux, openVZ can be used as a jail with migration capabilities instead of a full on VM,

DISCLAIMER: I don't have a job so I've read about this but not used it in a pro environment yet

Re:openVZ

[ckdake]

I do have a job and I have used OpenVZ in a production environment :) Scrapped 2 machines running VMware ESX, put OpenVZ on them, and we can handle over 3x the number of Virtual Machines ("containers" in OpenVZ land) on the same hardware without paying the cost of VMware licenses. Highly recommended.

Re:openVZ

[elronxenu]

I concur. OpenVZ is very lightweight. For a large number of small servers it saves on disk management because the OpenVZ instances' root directories are just a subdirectory on the physical server (and so they can share space in the same host partition). There's no dealing with virtual disk drives.

Re:openVZ

dude, you could always setup different things in the basement and practice on them.

Re:openVZ

[Lennie]

We use Debian with Linux-VServer but it's basically the same kind of thing. For a few years now they are moving this as general infrastructure into the Linux kernel (because OpenVC and Linux VServer are still 'third-party kernel patches'). I hope they'll get it done soon.

Re:openVZ

[ckaminski]

I agree, If KVM belongs in the kernel, then so does OpenVZ.

Re:openVZ

[Lennie]

Most infrastructure for it is already in the kernel, I actually tried it, it works mostly ok, it's called: Linux Containers:

http://lxc.sf.net/

Don't do it

Complexity is bad. I work in a department of similar size. Long long ago, things were simple. But then due to plans like yours, we ended up with quadruple replicated dns servers with automatic failover and load balancing, a mail system requiring 12 separate machines (double redundant machines at each of 4 stages: front end, queuing, mail delivery, and mail storage), a web system built from 6 interacting machines (caches, front end, back end, script server, etc.) plus redundancy for load balancing, plus automatic failover. You can guess what this is like: it sucks. The thing was a nightmare to maintain, very expensive, slow (mail traveling over 8 queues to get delivered), and impossible to debug when things go wrong.

It has taken more than a year, but we are slowly converging to a simple solution. 150 people do not need multiply redundant load balanced dns servers. One will do just fine, with a backup in case it fails. 150 people do not need 12+ machines to deliver mail. A small organization doesn't need a cluster to serve web pages.

My advice: go for simplicity. Measure your requirements ahead of time, so you know if you really need load balanced dns servers, etc. In all likelihood, you will find that you don't need nearly the capacity you think you do, and can make due with a much simpler, cheaper, easier to maintain, more robust, and faster setup. If you can call that making due, that is.

Re:Don't do it

[Cylix]

Actually it sounds like the system was designed to grow very large. The information provided does not indicate there are adequate alarms and documentation for when elements fail.

Re:Don't do it

...bbbut that would kill his plan to implement RDD (resume driven development) as part of his CAS (career advancement strategy).

Google(tm) Cloud

[ickleberry]

Outsource everything to "de cloud", because that way when everything fails spectacularly it isn't your fault.

Re:Google(tm) Cloud

[jabithew]

It is if you recommended outsourcing everything to the cloud.

Re:Google(tm) Cloud

[hesaigo999ca]

That's where you planting the seed in the bosses mind higher up from you goes a long way.
ie- You on a casual lunch with your superior, mention this great ad in the magazine about the outsourced
perspective and how it saved this other company a lot of money.
The bait is set, once the superior, mentions about it again, you email him the answer back with a note stating that the idea of outsourcing could be beneficial, but you would have to look into it, without mentioning any names.

If the shit hits the fan, you can always say that you were given directives to look into it, technically not your
fault because you are not the boss, the boss is the boss...and you do as the boss says.

Way to cover your *ss ace!

don't forget the network as well like the switche

[Joe+The+Dragon]

don't forget the network as well like the switches and maybe the cables as well. Also if you find any hubs get rid of then ASAP.

also for the servers they should be linked to each other with gig-e.

Re:Cloud Computing(TM)

[lukas84]

A lot of Windows software can make virtualization a necessity, since running certain components on the same machine may create an unsupported configuration or be a security nightmare. For example, a Terminal Server and DC on the same machine is a security nightmare.

Trying to make your mark, eh?

[GuyFawkes]

The system you have works solidly, and has worked solidly for seven years.

I, personally, am TOTALLY in agreement with the ethos of whoever designed it, a single box for each service.

Frankly, with the cost of modern hardware, you could triple the capacity of what you have now just by gradually swapping out for newer hardware over the next few months, and keeping the shite old boxen for fallback.

Virtualisation is, IMHO, *totally* inappropriate for 99% of cases where it is used, ditto *cloud* computing.

It sounds to me like you are more interested in making your own mark, than actually taking an objective view. I may of course be wrong, but usually that is the case in stories like this.

In my experience, everyone who tries to make their own mark actually degrades a system, and simply discounts the ways that they have degraded it as being "obsolete" or "no longer applicable"

Frankly, based on your post alone, I'd sack you on the spot, because you sound like the biggest threat to the system to come along in seven years.

These are NOT your computers, if you want a system just so, build it yourself with your own money in your own home.

This advice / opinion is of course worth exactly what it cost.

Apologies in advance if I have misconstrued your approach. (but I doubt that I have)

YMMV.

Re:Trying to make your mark, eh?

My thoughts exactly. The reason why IT is a lousy job is because unless you're going to deliver a fantastic improvement in features that will overjoy the customer, or resolve a drastic problem with reliability, anything other than complete invisibility is quite undesirable. After 7 years everyone is probably used to how things work and if you change anything and it doesnt work, you're going to be to blame.

While you may streamline and improve things that people dont see, they wont care even a little bit if it throws a rod and stops working.

Slowly and quietly replace the hardware thats too old to be reliable and where reasonable, change or upgrade software to improve reliability and fault tolerance.

Revolutionary change may result in a promotion and raise. Odds are it'll lead to lots of late nights, lots of stress, and a lot of angry users.

Re:Trying to make your mark, eh?

[bertok]

I, personally, am TOTALLY in agreement with the ethos of whoever designed it, a single box for each service.

...

Virtualisation is, IMHO, *totally* inappropriate for 99% of cases where it is used, ditto *cloud* computing.

I totally disagree.

Look at some of the services he listed: DNS and DHCP.

You literally can't buy a server these days with less than 2 cores, and getting less than 4 is a challenge. That kind of computing power is overkill for such basic services, so it makes perfect sense to partition a single high-powered box to better utilize it. There is no need to give up redundancy either, you can buy two boxes, and have every key services duplicated between them. Buying two boxes per service on the other hand is insane, especially services like DHCP, which in an environment like that might have to respond to a packet once an hour.

Even the other listed services probably cause negligible load. Most web servers sit there at 0.1% load most of the time, ditto with ftp, which tends to see only sporadic use.

I think you'll find that the exact opposite of your quote is true: for 99% of corporate environments where virtualization is used, it is appropriate. In fact, it's under-used. Most places could save a lot of money by virtualizing more.

I'm guessing you work for an organization where money grows on trees, and you can 'design' whatever the hell you want, and you get the budget for it, no matter how wasteful, right?

Re:Trying to make your mark, eh?

[GuyFawkes]

Get real, for 150 users at WRT54 will do DNS etc....

Want a bit more poke, VIA EPIA + small flash disk.

"buy a server".. jeez, you work for IBM sales dept?

Re:Trying to make your mark, eh?

[pe1rxq]

Is it so hard to not mix up dhcpd.conf and named.conf? Do you need virtualization for that?

Let me give you a hint: YOU DON'T

Re:Trying to make your mark, eh?

Poppycock. You can buy small form factor single core pc's for under $200, or even a refurbished 3-4 year old server box for close to the same price. Depending on the environmental and space considerations, you can pick the platforms to suit and keep the costs minimal. Shoot, even a $200 netbook would have more cpu power and storage than most 7 year old computers, generate little or no heat, and demand a fraction of the power. If this guy is smart, he can cut electrical costs and cooling costs substantially without changing a perfectly functional architecture.

What doesnt make sense is grossly overcomplicating things by trying to shove too much into some large scale platform and then further complicate it with a virtualization layer. We gave up mainframes and thin clients/fat servers didnt work for a reason.

Sure, its cool and technically challenging. Whats the business reason/driver for going the cool/challenging route again?

If the OP decides to quit 2 months after implementing his super cool setup because the job after that is completely boring, who can come in and grasp what he's set up and maintain/upgrade it? Another finicky tech guru that wants to play with the stuff on the job and gets bored and walks off a couple of months later?

Re:Trying to make your mark, eh?

[dbIII]

There's two ways of looking at these things.
To me a room full of dedicated machines each running a single simple thing due to the 1990s approach of replacing a server with a dozen shit windows boxes that can't handle much but are cheap screams "a dozen vunerable points of critical failure".
Even MS Windows has progressed to the point where you don't need a single machine per service anymore in a light duty situation. Machines are going to fail, you may be lucky and it could be after they have served their time and been sold off, but fans, power supplies or a pile of other components that will stop the machine delivering the service will fail someday. A couple of half decent machines with rendundant power supplies which will give you the option to have all of your services within a decent timeframe if one goes down is a far better option than a pile of critical points of failure depending on the reliability of $5 fans.
Such things are cheaper now than a roomfull of crap boxes.
Now if I was the story submitter I'd put together a plan to have a box or two that can take over any of those required services at short notice. Someday something will break, and it's better to have a box ready or a plan you can read at 2am instead of bumbling through. Of course, GuyFawkes would fire me for that while if he was doing it his way I'd simply try to talk him out of his NT3.51 philosophy. Where is he going to buy a WRT54 at 2am on a Sunday morning in 2015 anyway?

Re:Trying to make your mark, eh?

[DaMattster]

Having a separate box for each service is not necessarily a good idea. This is energy inefficient and you have a lot of wasted computing resources. That said, virtualization that has been done with little thought or planning is a disaster waiting to happen. I for one, would use Cirtix XENServer. Smaller services such as DNS, DHCP, and FTP can be collapsed into a virtualization server and dedicate one core to each service. If you are adventurous, you could use that same box for routing using OpenBSD. This makes much better use of a mutlicore server. More critical services such as WWW and E-Mail are best left on their own servers. A balance of techniques work better than an either or approach.

Re:Trying to make your mark, eh?

[dbIII]

Years ago the Microsoft DNS implementation had a very nasty memory leak and used a lot of cpu - you really did need a dedicated DNS machine for small sites and to reboot it once a week.
I think that's why people are still thinking about putting it in a virtual box so it can't eat all the resources, even for a pile of trivial services that a sparcstation 5 could handle at low load.

Re:Trying to make your mark, eh?

[bertok]

Poppycock. You can buy small form factor single core pc's for under $200, or even a refurbished 3-4 year old server box for close to the same price. Depending on the environmental and space considerations, you can pick the platforms to suit and keep the costs minimal. Shoot, even a $200 netbook would have more cpu power and storage than most 7 year old computers, generate little or no heat, and demand a fraction of the power. If this guy is smart, he can cut electrical costs and cooling costs substantially without changing a perfectly functional architecture.

What doesnt make sense is grossly overcomplicating things by trying to shove too much into some large scale platform and then further complicate it with a virtualization layer. We gave up mainframes and thin clients/fat servers didnt work for a reason.

Sure, its cool and technically challenging. Whats the business reason/driver for going the cool/challenging route again?

If the OP decides to quit 2 months after implementing his super cool setup because the job after that is completely boring, who can come in and grasp what he's set up and maintain/upgrade it? Another finicky tech guru that wants to play with the stuff on the job and gets bored and walks off a couple of months later?

$200 machine = no raid, no ECC memory, no hardware monitoring, no support for server OS-es, not to mention that most netbooks can't run 64-bit, which means the latest Windows server is Just Not An Option.

Good advice! Lets run ALL of our business critical functions off laptops just to avoid learning about new technology! Lets all run on mixed hardware and have to deal with drivers from fifty vendors!

You really don't understand what virtualization provides, so maybe you should read up on it a little bit before you go spouting off.

It's not hard, it's not "massively complex" unless you go out of your way to do it wrong, and it has nothing to do with mainframes or thin clients.

Virtualization isn't some "super cool" buzzword technology, it's a money saver. It reduces costs massively. It makes hardware maintenance an order of magnitude cheaper and safer. There's a reason everyone is switching to it.

If you can't keep up with technology, you shouldn't be in IT.

Re:Trying to make your mark, eh?

[bertok]

Years ago the Microsoft DNS implementation had a very nasty memory leak and used a lot of cpu - you really did need a dedicated DNS machine for small sites and to reboot it once a week.
I think that's why people are still thinking about putting it in a virtual box so it can't eat all the resources, even for a pile of trivial services that a sparcstation 5 could handle at low load.

In practice, everyone just builds two domain controllers, where each one runs Active Directory, DNS, DHCP, WINS, and maybe a few other related minor services like a certificate authority, PXE boot, and the DFS root.

I haven't seen any significant interoperability problems with that setup anywhere for many years.

Still, virtualization has its place, because services like AD have special disaster recovery requirements. It's a huge mistake to put AD on the OS instance as a file server or a database, because they need to be recovered completely differently. The last thing you want to be doing during a restore is juggling conflicting restore methods and requirements!

Re:Trying to make your mark, eh?

[rantingkitten]

Why does he need virtualisation for most of that? Just run multiple services on a single machine. It's not like dhcp and dns are all that resources intensive -- put both services on a machine, configure them, and start them. What's the advantage of virtualising that? Sounds like a lot of unnecessary overhead to me.

Depending on how heavy the load is, that same machine could probably handle postfix, apache, and some kinda ftp server too. That's more or less what you said anyway, but I don't get why you think it requires virtualisation. If a service starts misbehaving you just restart that service instead of rebooting the virtual machine.

Although, for 150 people, a WRT router running non-crap firmware (e.g., ddwrt or tomato) would probably suffice for dns and dhcp. There's a practically off-the-shelf solution for fifty bucks instead of mucking around with higher-end hardware and virtual machines.

Re:Trying to make your mark, eh?

[bertok]

Get real, for 150 users at WRT54 will do DNS etc....

Want a bit more poke, VIA EPIA + small flash disk.

"buy a server".. jeez, you work for IBM sales dept?

I'm responding to your comment:

I, personally, am TOTALLY in agreement with the ethos of whoever designed it, a single box for each service.

I recommended at least two boxes, for redundancy. He may need more, depending on load.

For a 150 user organization, that's nothing, most such organisation are running off a dozen servers or more, which is what the original poster in fact said. With virtualization, he'd be reducing his costs.

One per service is insane, which is what you said. If you wanted dedicated boxes for each service AND some redundancy, that's TWO per service!

Backpedaling and pretending that a WRT54 can somehow host all of the services required by a 150 user organization is doubly insane.

Re:Trying to make your mark, eh?

[AF_Cheddar_Head]

This guy has it right.

I do this kind of thing for a living, upgrading small military sites that support 50-100 users. Most of these sites haven't seen new hardware for several years and have a stand-alone AD. We provide new hardware and bring them into an integrated AD.

Start adding up the costs of VMWare, I know ESXi is free but you very quickly need/want the management tools of VSphere and they ain't cheap, and it is significantly cheaper to use not virtual boxes combining compatible services.

2-4 servers and a small Equallogic SAN can go a long ways towards providing what you need. Less than 50K in hardware and software licenses.

Depending on connectivity and redundancy requirements a DC at each site also providing internal DNS, DHCP and WINS (UGH!!) a mail server with a mail relay at the central office and a File and Print server should do it. VPN appliance (Cisco 5510) to put it all be a firewall at corporate.

I provide a bit more redundancy and security for the military sites but that's the basics.

Re:Trying to make your mark, eh?

[Robert+Larson]

I'd tend to agree here. Buy a couple of blades. Implement vSphere with DRS and HA and possibly FT. Centralize all these core services. HA/FT will provide the fault tolerance at the core. Then spend on buffing redundant network links for remote sites and/or network capacity as needed. Simplify simplify. Minimize the number of VMs providing core services. Put as much as you can into a cloud.

Re:Trying to make your mark, eh?

[h4rr4r]

Or use something other than Vmware.

Kvm + libvirt + virtmanager will most likely be fine for what you describe.

Re:Trying to make your mark, eh?

[syousef]

You literally can't buy a server these days with less than 2 cores, and getting less than 4 is a challenge.

Does it matter how many cores? They're cheap! 4 times the chance of failure is my only issue. In any case it sounds like he could combine services WITHOUT the overhead of visualization.

Even the other listed services probably cause negligible load. Most web servers sit there at 0.1% load most of the time, ditto with ftp, which tends to see only sporadic use.

Yes but it's the rest of the time that actually counts. It doesn't matter if you can handle low load periods if you can't handle high.

I think you'll find that the exact opposite of your quote is true: for 99% of corporate environments where actualization is used, it is appropriate. In fact, it's under-used. Most places could save a lot of money by virtualizing more.

Visualization has distinct advantages, and utilisation is certainly one advantage but if you require high availability and can't predict peak loads accurately (across all services simultaneously!) it may well not be appropriate. The bigger advantage of virtualisation is the ability to bring up your virtual machine on a completely different piece of hardware should your existing hardware fail. You can achieve similar without visualization, but I find that more compelling than the utilisation argument, which frankly is just a sales ploy for most cases.

I'm guessing you work for an organization where money grows on trees, and you can 'design' whatever the hell you want, and you get the budget for it, no matter how wasteful, right?

Yeah that's why they're using the same infrastructure for 7 years running, right?

I hate it when slashdot descends into this kind of childish petty character attack. It's not conducive to a reasoned discussion.

Re:Trying to make your mark, eh?

[LiquidRaptor]

Except that it not supported in a clustered environment by anyone. Even RHEL lists it as a tech preview. Not to say that each of those items isn't great, but as someone who has spent the last month implementing a RHEL VM host cluster, KVM just ain't ready for primetime. Xen while it really does have it's bad points, does work great though.

Re:Trying to make your mark, eh?

[Xeleema]

Where is he going to buy a WRT54 at 2am on a Sunday morning in 2015 anyway?

I seriously "LoL'd" at that one. If he was going to go that route, I know he could pick up quite a few in one chunk over on ebay. However, good point.

Re:Trying to make your mark, eh?

[dissy]

Wow... Did you just seriously recommend he purchase 50 servers for each location???

I, personally, am TOTALLY in agreement with the ethos of whoever designed it, a single box for each service.

25 services is next to nothing. A single domain controller has that running on a single box.

And you want him to break out each service to its own machine... with a second box for redundancy.

I guess I am happy that you have $20k+ to spend on two low end boxes for eg. just DNS. But that is stupid as hell.
Even worse that you are wasting a dual core 2ghz system for a NTP time sync server (Oh wait, two machines, like you said)

What waste. Waste of hardware, waste of electricity, waste of network port usage, and waste of time managing all of that.

Not to mention total lack of forethought in planning.

I mean, if your DHCP service server goes down, and has no fail over, then the 30 other machines you dedicated to 15 services that are also network related will not be used. Might as well put DNS on with DHCP since if one goes down the other will not help you one bit.
See how that works? that was 5 seconds worth of thought and saved your company $20k!

Imagine what would happen if you put more than seconds of thought into the problem, like hours or days worth of thought! It _could_ save you hundreds of thousands of dollars compared to your current recommendations.

Hell, with 150 users, you probably just spent 10 years worth of their IT budget for your one suggestion alone!

Re:Trying to make your mark, eh?

[BitZtream]

No, you need seperate servers for when the DHCP upgrade requires a conflicting library with the DNS servers which you don't want to upgrade at the same time.

THIS is where virtualization becomes useful.

On the other hand, my solutions is a couple of FreeBSD boxes with jails for each service. You could do the same with whatever the Linux equivalent is, or Solaris zones if you want. No need to actually run VMs.

Just run a couple boxes, seperate the services onto different jails. When you need to upgrade the core OS, do it on your backup box first, get all the services upgraded, switch it to your primary and repeat on the other.

Its not a matter of config files, its a matter of dependencies. If you've never run into a dependency conflict, you don't have much experience. Upgrading every service at the same time isn't always an option, sometimes newer versions in repositories are broken with regards to something you use or need.

Re:Trying to make your mark, eh?

[ComputerizedYoga]

Redhat just released a real full-on production competitor to vmware, called RHEV (redhat enterprise virtualization). Like ... last month. It's built on KVM, and designed to do a multi-host setup, with a management console and the more must-have multi-host virtualization features (incl. live migration).

Not saying it's without problems, but my office was in the beta and we're pretty much sold on it.

Basic rhel 5.4 kvm virtualization, yeah ... I'd lean away from that for at least as long as it took to absorb the contents of the virtualization guide...

Re:Trying to make your mark, eh?

No, you need seperate servers for when the DHCP upgrade requires a conflicting library with the DNS servers which you don't want to upgrade at the same time.

No, you don't need seperate servers for that neither. If there truly are conflicting libraries (truly conflicting, and still with the same name..) - then it should be easy enough to do some trickery with LD_LIBRARY_PATH. Bit fugly, of course, but you've got yourself a fugly mess already if you've got that kind of libraries on your system.

Hint: There's a version number behind the library name. Try 'ldd' on your binary, then look for the library. See symlilnks. See version numbers. See how easy it all is.

Re:Trying to make your mark, eh?

[cenc]

With out of the box firmware, likly no way.

I am not crazy about the WRT54, but I see no reason that a couple of routers flashed with tomato or similar firmware can not handle the load of 150 users for DHCP nad DNS. 150,000 computers on network yea you might have some issue, but 150 is really no big deal.

Considering the energy saving and cost of say under $50 a router, it makes it easy to throw more routers at the problem as needed.

What I found with a network for 150+ users is, about 80% of the dns lookups and such are for the same things. So with a cache of say even around 5000 addresses, you can save a lot of network resources. Nothing most $50 router can not handle.

   

Re:Trying to make your mark, eh?

[nevesis]

You seriously recommend a WRT54 for an *office* with 150 users?

That is truly the worst advice I've heard in months. Congratulations.

Re:Trying to make your mark, eh?

[Nefarious+Wheel]

Pardon my heresy - just making a point here - he could do well by virtualising on top of his existing equipment and end up with a few extra boxes to work with. Only if his budget is extremely limited, of course (agree with above posts on value of newer equipment, Linux based VM platform). But if he wants to make better use of what he's got with minimum disruption, VM'ing his existing boxes will very likely work for him.

Re:Trying to make your mark, eh?

[Nefarious+Wheel]

Virtualization isn't some "super cool" buzzword technology, it's a money saver. It reduces costs massively. It makes hardware maintenance an order of magnitude cheaper and safer. There's a reason everyone is switching to it.

Agree, with a small difference - I'd say there's a reason everyone has switched to it. It's pretty much mainstream technology now.

We've done server consolidation for people with only a few servers, and I've personally run a consolidation model for a public utility with several thousand servers.

The value we're getting is pretty much a minimum of 20:1 virtual:physical server ratio, with 40:1 more common and some environments running quite happily at 100:1. This is working, tested, and measured value improvement. And this is before you start considering the power savings, which can be rather extreme.

I'd say it's more of an "anti-buzzword", which has some real value to me (hearing damaged from the buzzing of server fans over far too many years).

Re:Trying to make your mark, eh?

No, you need seperate servers for when the DHCP upgrade requires a conflicting library with the DNS servers which you don't want to upgrade at the same time.

THIS is where virtualization becomes useful.

Your core services shouldn't be sharing code at runtime outside the kernel. DNS and DHCP are both easy to build as monoliths and much more secure and reliable that way (which is why some distros ship that way hello Red Hat).

I agree with everything else you said.

Every virtualization project I have ever encountered in real life was an expensive non-solution to a problem easily solved with virtualization. I have read about some that weren't, but never seen one in the Real World [tm].

DNS redundancy, for example, is unbelievably trivial.

Re:Trying to make your mark, eh?

[ckaminski]

The downside of virtualizing 3 or 4 boxes onto one is that you lose some amount of independence. If you lose one machine, you lose all of the hosted VMs, so you absolutely need some VM host high-availability.

But the beauty of the VM approach is it doesn't have to be an all-or-nothing: build a two-three host virtual host network, and migrate (p2v) your hosts as time permits. In the end your utilization goes up, your physical plant costs (capital+runtime expense) go down.

I'm biased - I've used virtualization for the better part of 10 years now, and I'm 100% sold on it. I've used it for big businesses and small SOHOs. The SOHOs are where the biggest value was seen (VMware Server).

I'm with you on the cloud. While the idea of the cloud is amorphous, the value of virtualization is not necessarily. You can certainly go overboard (SANs plus multiple cluster interconnects and networks), but you can get a decent two host redundant configuration for virtualization for under $1000. It'll require you to use Linux and Xen, but it's definitely doable.

Re:Trying to make your mark, eh?

[ckaminski]

As I've matured as an admin, I've gotten away from the multiple services per machine on all platforms (Linux and Windows), simply because of complexity. If I update or need to reboot for one service, I take *ALL* the services down. But having single-purpose appliances, I don't have that problem anymore.
Though early version of Windows made that behavior mandatory, it's still good practice to separate services.

What I'd really like is a nice server-based OpenVZ-style API that runs on Windows/Linux such that I can run my services as small atomicly-configured and managed bits. Oh but wait, I have OpenVZ and/or Xen to do that...

Re:Trying to make your mark, eh?

[ckaminski]

If virtualization is a buzzword, it's nearly a 12 year old one now (in the x86 space), and it's so mature EVERYONE is giving away their virtualization technology (Citrix/VMware/Microsoft).

The value it provides is *almost* incontrovertible.

Re:Trying to make your mark, eh?

[ckaminski]

And you've never had a service stop working in such a fashion that the only way to fix it is to reboot the whole damn box? Congratulations - you just stopped every service in the building.

I'm not saying it's likely or common, but it's happened.

Virus propogation - I'm not putting my email server with my database, nor my ftp server.

There's added complexity - but knowing that the box I'm working on is my FTP server ONLY, frees me from having to worry about side effects if I do X, or Y, or Z and whether it impacts Apache or Postfix or MySQL.

That's why we do it with single-service VMs - there's complexity either way. I just prefer service-isolation to your way.

-Chris

What 150 users?

[painehope]

I'd say that everyone has mentioned that big picture points already, except for one : what kind of users?

150 file clerks or accountants and you'll spend more time worrying about the printer that the CIO's secretary just had to have which conveniently doesn't have reliable drivers or documentation, even if it had what neat feature that she wanted and now can't use.

150 programmers can put a mild to heavy load on your infrastructure, depending on what kind of software they're developing and testing (more a function of what kind of environment are they coding for and how much gear they need to test it).

150 programmers and processors of data (financial, medical, geophysical, whatever) can put an extreme load on your infrastructure. Like to the point where it's easier to ship tape media internationally than fuck around with a stable interoffice file transfer solution (I've seen it as a common practice - "hey, you're going to the XYZ office, we're sending a crate of tapes along with you so you can load it onto their fileservers").

Define your environment, then you know your requirements, find the solutions that meet those requirements, then try to get a PO for it. Have fun.

Re:What 150 users?

[Dun+Kick+The+Noob]

I agree 150 users can be very little or a lot. Ran a few NT machines till 2004 with over 250 users on hardware i dont even recognize(honewell ball-less mouse 2 magnetic thingys) they worked just fine. Just threw away a farm for 50 users, had 1 server in the beginning but was seriously overloaded because once everyone heard of new hardware everybody poured in to use it. Damnation to single login policy. Understanding user behavior is more valuable than flipping through brochures. Usually 24 hour per second systat for 1 week should give u more than enough data

Re:What 150 users?

Depending on the offices and if they're their own, tapes may not be a good idea. In fact, many geoscientists ship data around on external hard drives. Tape is bad because not all locations have a tape drive or multiple drives for every tape format (let alone recovery software). Second is cost: Getting 1TB external drives are cheap. Third: you can work right off the drive if it's just a single user.

Re:What 150 users?

[painehope]

Yeah, done this too. Was referring to a few years back...like when 18GB SCSI drives were 600 USD each.

P2V and consolidate

[snsh]

The low-budget solution: buy one server (like a Poweredge 2970) with like 16GB RAM, a combination of 15k and 7.2k RAID1 arrays, and 4hr support. Install a free hypervisor like Vmware Server or Xen, and P2V your oldest hardware onto it. Later on you can spend $$$$$ on clustering, HA, SANs, and clouds. But P2V of your old hardware onto new hardware is a cost-effective way to start.

Re:P2V and consolidate

Wow! A completely sensible reply, on Slashdot.

This is exactly the route to go, though I'd go with the T- or R710's.

You've got to watch out on the I/O load, though. That will kill you far before memory or CPU. 2 CPU x 4 cores gives a tremendous amount of power, especially against 7 year-old hardware.

Do RAID 10. You might want to look at OpenFiler to use as an iSCSI target for backups.

Re:P2V and consolidate

Leave it to some asshole on slashdot to recommend server models, ram, and hard drive speed (!) without understanding a damn thing about anything.

Re:P2V and consolidate

[AF_Cheddar_Head]

Yeah go ahead and price P-to-V capability in VMWare, last I checked it wasn't in the free ESXi version.

Oh by the way make sure your hardware has Virtualization Support built in or 64-bit OS in the VM is out of the question.

Implementing virtualization in a production environment is not as easy or cheap as a lot of people seem to think.

I have implemented it and don't think it's the right choice for small one-man operation. A large data center absolutely but not the small branch office. Expensive, especially if you need hardware-level redundancy.

Re:P2V and consolidate

[Fulcrum+of+Evil]

Pretty much any hardware from the past 2 years does virtualization, especially poweredges. I second the big badass server, but I say get 2 in case one dies.

Re:P2V and consolidate

I'm totally with you on virtualization being over used.

That said, how do virtualization vendors get off selling 'P2V' services extra, when you can do the same thing using traditional imaging in which the image happens to get deployed on a virtual machine? Virtualization vendors want 'P2V' to appear magical so as to distract from the fact that, fundamentally, 'P2P' is equally plausible in most cases where P2V is possible for OS instance continuity across hardware updates.

Re:P2V and consolidate

[masdog]

VMWare converter is free, and it works with ESXi.

Check it out here.

Re:P2V and consolidate

[Alpha830RulZ]

Yup. If you want to make your dollar go further, strongly consider these guys. I have foudn there gear to be as good as Dell's, and their techs more knowledgable. For an office solution, possibly one or two of these would be a great way to start.

Re:P2V and consolidate

[GWBasic]

The low-budget solution: buy one server (like a Poweredge 2970) with like 16GB RAM, a combination of 15k and 7.2k RAID1 arrays, and 4hr support. Install a free hypervisor like Vmware Server or Xen, and P2V your oldest hardware onto it. Later on you can spend $$$$$ on clustering, HA, SANs, and clouds. But P2V of your old hardware onto new hardware is a cost-effective way to start.

Or, you can use Capacity Planner to determine what you really need.

Re:Cloud Computing(TM)

[lukas84]

Yes, but for example management wanting 24/7 2 hour up&running SLA and having hired a single guy with a budget of 800$ will not work - this is important to get sorted out early. Management needs to know what they want and what they'll get.

Re:don't forget the network as well like the switc

[simon13]

Yeah, I thought this was obvious, but until a few weeks ago our head office (which I only visit occasionally) had been using a non-switched hub to connect about 10 PCs together, plus the internet router. Big face-palm!! As soon as I realised that I went out and bought a $25 switch to replace it. Suddenly their database didn't experience slowdowns anymore. Surprise!

Upgrade vs Overhaul?

[turtleshadow]

Really what your being unspecific about is the difference between upgrade versus an overhaul.

From the floor up (power, cooling, cabling, footprint) is an overhaul.
If you want a phase approach or some other piecemeal approach still you have to consider each a small overhaul within a larger system.

7 year old equipment is likely not going to be cascaded so really your considering it as candidate for heart transplant which means building a some sort of life support while the new system (heart) is brought on line in parallel. This is very expensive in time, budget, and resources.

Your really going to know your business' processes over the course of more than a "business year" so as to do everything without problems.

Business moments like tax time, EOY reports, monthly invoicing periods, HR/payroll are to be expected and must still function.
Un predictables like supporting business audits (like having to pull up old records, on systems that no longer read them?) and changes in executive leadership also would impact an upgrade/overhaul.

At no time did you ever mention disaster recovery plan, regular offsite backup strategy or a business continuity plan. These are often overlooked or dealt with inappropriately during normal business times and should be verified prior to beginning. A major overhaul or upgrade could or ought to trigger any one of these at any moment.

I have been there, and I have been there when everyone in the room craps in their pants when the tapes have been found to be lost or unreadable or blank.

Re:Upgrade vs Overhaul?

[Nefarious+Wheel]

Really what your being unspecific about is the difference between upgrade versus an overhaul.

From the floor up (power, cooling, cabling, footprint) is an overhaul.

For the next stage up, where multiple floors-up are involved, you're talking to executives and you need to change your terminology to "Business Transformation".

Throw in a bit about "measurable carbon footprint reduction" and that's how you get the bucks for the water-cooled racks you've been eyeing, as well as the Travaglia-architecture security system ;)

Real question

[Sepiraph]

How did you get put in charge of such a project when it is obvious that you have no clue on carrying out the tasks?

Re:Real question

[ajlisows]

Seriously, there are people in charge of such projects that are far worse. I worked at a 600+ user company that had Network Admins that I wouldn't trust to load my Laptop with Windows XP, much less trust to implement any new systems. Typically, they tried to act busy to keep their jobs and hired expensive consultants any time actual work needed to be done. At least he is off asking about possible solutions. Everyone has their "First Time" foray as far as tech goes.

Re:Real question

[torune]

Obviously hired by someone more clueless than he.

Re:Real question

[Lennie]

Atleast he got one thing right. He didn't know what to do and asked someone (or actually lots of someones: slashdot)

Re:Real question

[maxume]

Of course, picking the correct answer involves many of the same knowledge and skill sets as knowing the right answer.

Re:Real question

[Flere+Imsaho]

Being inexperienced, asking the right questions, learning and planning carefully != having no clue.

If we all followed your line of reasoning, we'd all stay in our comfort zone and never grow our skills.

Re:Cloud Computing(TM)

That's not true. Running as a VM guest makes it easy to move an image to another machine as time and budget allow. Just because you don't have a cluster right now, doesn't mean it's stupid to go that path.

Re:Cloud Computing(TM)

[trevelyon]

Wow, someone who really seems to know what they are talking about. You sure you meant to post here? Couldn't agree with you more, requirements come first (although I've seen them often get revised down during the budgeting phase).

Simple and straightforward = complex

[sphealey]

So let's see if I understand: you want to take a simple, straightforward, easy-to-understand architecture with no single points of failure that would be very easy to recover in the event of a problem and extremely easy to recreate at a different site in a few hours in the event of a disaster, and replace it will a vastly more complex system that uses tons of shiny new buzzwords. All to serve 150 end users for whom you have quantified no complaints related to the architecture other than it might need to be sped up a bit (or perhaps find a GUI interface for the ftp server, etc).

This should turn out well.

sPh

As far as "distributed redundant system", strongly suggested you read Moans Nogood's essay "You Don't Need High Availability" and think very deeply about it before proceeding.

Re:Simple and straightforward = complex

[syousef]

As far as "distributed redundant system", strongly suggested you read Moans Nogood's essay "You Don't Need High Availability" and think very deeply about it before proceeding.

I agree that you shouldn't go for a HA solution if you don't need it, and that it is much more costly. However I've worked on a 6 9's availability (99.9999% uptime) system where we mostly met that target and sometimes it is needed and is worth doing.

Re:Simple and straightforward = complex

[Kjella]

FTFA: "there's hardly any fallback if any of the services dies or an office is disconnected."

So let's see if I understand: you want to take a simple, straightforward, easy-to-understand architecture with no single points of failure

Not that I agree with everything the article poster wrote, but in what world does "no fallback" == "no single point of failure"? Sure there's no one point of total catastrophic failure but I think he just described two single points of failure where all users would be without one service or one office without all services.

I'd keep the architecture, but I'd migrate it slowly to virtual servers running on a high-quality server. That would make the failure more severe, but would make it less likely to happen. The total number of failures should be 1/x where x is the number of servers you replaced. The more servers you have, the more you skimp on server features and quality not to mention the support to get them back and running quickly so that should bring it down further. Of course if it should fail then all services would fail, but there's usually dependencies - if you get an email which means you should do something on an intranet application then it won't work if either mail or web is down so in total a complete failure might not be so bad if you recover fast enough.

Then I'd get a second server, and work per service to make it as redundant as possible - some services may be easy with load balancing or automatic fail-over, others could be hot/cold spares that need recovering from backups etc. but do what you can, as time permits. Eventually you may reach a point where you have no single point of hardware failure. Network failure is much harder, if he can't handle fail-over and resynchronizing in the data center there's no way he'll be able to do it between branch offices. Check your SLAs, check out possibilities for redundant connections but leave anything else until you have full redundancy in your data center. At that point, you may realize that is more than sufficient.

Don't forget hosting

[Jon.Burgin]

Why have the headaches, why not have it hosted companies like Rackspace make it so easy and simple. You can also use there cloud services real cheap and easy setup a server in less than 5 minutes and only pay for the memory bandwidth you need, need more? just a few mouse clicks away.

Confuscious Say..

..if it aint broke..

Re:Confuscious Say..

[mabhatter654]

fix it till it's broke!

Re:Cloud Computing(TM)

[pe1rxq]

Also not completely true...

When your new cluster comes in and it is not the same architecture (e.g. Ultrasparc instead of your current x86 box) your not going anywhere with your shine VM.

You should make sure the application itself can be scaled, not the machine it is running on.
Sometimes that means using virtualization because the application is a bitch...
But a lot of applications can be scaled without virtualization.
The administrator that uses virtualization for his fileserver should be fired because he is incompetent. His data itself can easily be moved from his old single cpu box to the new SAN array.

Re:Cloud Computing(TM)

[mabhatter654]

Except of course that management ALREADY HAS that because they've been very lucky for 7 years. Why spend money for what works (never mind we can't upgrade or replace any of it because it's so old)

I think what the article is really asking is what's a good model to start all this stuff. Your looking at one or two servers per location (or maybe even network appliances at remote sites) We read all this stuff on Slashdot and in the deluges of magazines and marketing material...where do we start to make it GO?

Re:Cloud Computing(TM)

[mabhatter654]

not really, you can split your VMs between 2-3 servers and do the migrations manually in the beginning. Once you make the virtual images the hard work is done, even if you just run 2 images per server, you've saved money or increased reliability. Now that you have VMs you can reinstall from backup tapes to another configured server so you have a start at disaster recovery. Once that part is done it's a function of how much money you are allowed to throw at the solution (blades, clusters, sans, etc)

Check virtual load balancers

If you consider virtualisation and high availability check with vendor like Zeus (www.zeus.com) to get software version of load balancer (both local and global) that can run in virtual environment.

Maybe this is really a uni project

[natd]

What I see going on here, as others have touched on, is someone who doesn't realise that he's dealing with a small environment, even by my (Australian) standards where I'm frequently in awe of the kinds of scale that the US and Europe consider commonplace.

If the current system has been acceptable for 7 years, I'm guessing the users needs aren't something so mindbogglingly critical that risk must be removed at any cost. Equally, if that was the case, the business would be either bringing in an experienced team or writing a blank cheque to an external party, not giving it to the guy who changes passwords and has spent the last week putting together a jigsaw of every enterprise option out there, and getting an "n+1" tattoo inside his eyelids.

Finally, 7 years isn't exactly old. We've got a subsidiary company of just that size (150 users, 10 branches) running on Proliant 1600/2500/5500 gear (ie 90's) which we consider capable for the job, which includes Oracle 8, Citrix MF plus a dozen or so more apps and users on current hardware. We have the occasional hardware fault which a maintenance provider can address same day, bill us at ad-hoc rates yet we still see only a couple of thousand dollars a year in maintenance leaving us content that this old junk is still appropriate no matter which we we look at it.

Re:Maybe this is really a uni project

[bazorg]

It could be a completely different case. When the OP describes the base requirements as "include the usual suspects, i.e. www, ftp, email, dns, firewall, dhcp — and some more" we don't know if he's one of my clients who has received the bad news recently that the irritating and debilitating problem in the ERP he reported is not something my people will be able to fix. This is because he's been ignoring my advice for 5 years for upgrading the ERP software to a version that has not reached end of life status.Now, that piece of software needs that upgrade because nobody will fix it or put a warranty sticker on any workaround and since the users are raising a stink about it, for the first time in 7 years the IT people are actively involved in getting anything done on the Windows 2000 + SQL 2000 machines they have had there ticking along nicely for all this time. I certainly hope it is my client that is posting to Slashdot. If not I'll forward him this discussion ...

The fundamental mistake you're making...

[machinegestalt]

From your post, you not looking at this with the right perspective, not asking the right questions, nor asking them to the right people. You state that you have been put in charge of "maintaining" and never once mention anything about your company's predicted growth, development plans, future computation needs, near and long term service offerings, uptime requirements, security requirements or so forth. You have to do a requirements analysis that extends to between five and ten years and design a system that can grow seamlessly with your employer, meeting their current and expected needs in all pertinent areas.

If you can develop a system that does what is required on paper, the next step is to implement it in parallel with the existing system, and transition services and users over in phases. After all services have been transitioned, you can decommission the old infrastructure piece by piece.

Re:The fundamental mistake you're making...

[dbIII]

Personally I'd see planning for redunancy or replacement as a good exercise to see how things really do run instead of how they are supposed to run. Even if no hardware or software is actually deployed it means no nasty surprises when a paticular box does go down.

A possibly helpful response

I'm a systems admin at a small college with about 1000 desktop machines in the buildings. We were a strictly Sun/Solaris shop for a long time, but in the last couple years we've invested in some 1U dual processor Xeon boxes. These run Ubuntu Server and Xen. We're in the progress of moving services from physical Solaris servers to virtual Xen servers. Two x86 servers can basically replace our old 16 server Sun rack. We'll likely keep our storage array around for a while, but so far LDAP, email, and web services have been migrated. DHCP and DNS could easily be migrated and if you buy 2U servers with enough large hard drives, a seperate storage array probably wouldn't be necessary.

Re:A possibly helpful response

[Xeleema]

These run Ubuntu Server and Xen. We're in the progress of moving services from physical Solaris servers to virtual Xen servers.

You're running "Production" services on....Ubuntu...? For the life of me I could have sworn that was a "Desktop" oriented distribution.

Are you running Solaris x86 inside those Xen instances? Can you provide a few more details about your old and current setup? (Like what models of Sun servers were you replacing (and are you selling them)?

Re:Cloud Computing(TM)

The tension between budget and business requirements can be useful but it is largely a paper tiger. A budget without a business requirement is a recipe for failure. The budget can help you refine the requirement but ultimately if you cannot pay for what you require, you're not likely to be in business very long. Putting budget first is wasteful and likely to lead to a network that doesn't fit the needs of the business.

Understand the requirements first and plan to meet them. If there is extra budget then consider adding more or better hardware and services. If there is not enough budget; if the requirements are firm, the network plan efficient and the infrastructure has to be replaced all at once, then start looking for another job. Otherwise plan for replacements over several years.

Another arguement against

[omb]

Windoze

Re:Another arguement against

[oatworm]

To be fair, you probably shouldn't allow direct WAN-accessible SSH access to your Linux-driven OpenLDAP server, either. Allowing significant public access to applications hosted on the same box that all your user names and passwords are stored on (or replicated on, if you have more than one of said boxes lying around) might be a bit more secure on Linux than it is on Windows, but it doesn't mean it's a good idea.

Think of it this way - do you think it's a good idea to mix Gnome and directory services on the same box? Feeling a little uneasy right about now, right?? Okay, how about allowing users remote access to said server with sufficient permissions where they could log in, launch an X Window of some sort, and run OpenOffice on that server? Yeah, I wouldn't do it either if I could avoid it, which is the entire point of not mixing terminal servers and domain controllers.

Re:Cloud Computing(TM)

[mabhatter654]

Why would you buy a cluster not the same architecture? You don't know what you're talking about. VMs generally aren't used to change architecture like that. In a Virtualized Cluster the "OS" is just another data file too! Just point an available CPU to your file server image on the SAN and start it back up... that's smart, not lazy!

Most people need virtualization because managing crappy old apps on old server OSes is a bitch. The old busted apps are doing mission critical work, customized to the point the manufacture won't support them and management doesn't want to pay out for the new version... or the new version doesn't support the old equipment. The leading purpose for VMs is to get new shiny hardware with a modern OS and backup methods to segregate your old hard to maintain configurations to instances. Then the old and busted doesn't crash the core services anymore. Instances that used to be on dedicated, busted hardware that used to require a call-out can be rebooted from your couch in your jammies! (I vote VNC on iPhone as thee killer admin app!) VMs include backup at the VM level, so those old machines that refused to support backup can be backed up "in spite of" the software trying to prevent it.

One Box Per Service

[KalvinB]

Unless you have power problems or financial restrictions you're better off with dedicated boxes. I currently run 3 old computers. Ubuntu, Windows XP, Windows 2003 with Apache on XP running PHP sites and doing reverse proxy for the IIS server on the 2003 box. Ubuntu handles memcache. Because I'm not made out of money I'm going to virtualize all three systems onto one quad core system which will cost around $600 rather than $1800 for three new systems. It'll also cut down on power usage.

Slowness can be caused by any number of issues. An old harddrive can cause a system to be sluggish. Just imaging the existing systems onto brand new drives could make things better. Upgrading the network to 1Gbit or just making sure the switches you have are performing could help. Putting more memory into existing systems could also speed things up.

Make sure the power supplies are running well, fans aren't clogged with dust, and that proper cooling is in place.

If all else is not sufficient, progressively purchase new systems to replace old ones and give the old ones to charity after 6 months to make sure everything is good.

Re:One Box Per Service

[compro01]

just making sure the switches you have are performing

Or simply making sure they are switches. I've seen lots of old infrastructure that is still using hubs. Replacing those gives things a nice performance kick at minimal cost and effort.

Keep it simple

Lots of other people have already pointed this out, but I'll chime in: don't mess with what works.

Unless you have a huge influx of people coming in or a change in the way the network will be used, stick to the current set up. Do not go virtual or load balance and complicate things. That may even void your support contracts if you have any. Assuming you have to upgrade, try this:

1. Buy new servers for each service, just like it was before.
2. Buy at least one extra server. Maybe more.
3. Set up one new server at a time, keeping the old one on hand, in case something on the new server doesn't work perfectly. You should always always be able to revert back during the transition.
4. Make images of the new servers. Use clonezilla or something similar. Then, if one server dies, you have an image that can be transferred to a spare machine (see #2).

The big things here are that you should keep things simple, have a backup in case of hardware/software failure, and do one service at a time. That insures if something goes wrong, you know which server caused the problem.

services list...

[itzdandy]

www, ftp, email, dns, firewall, dhcp

decide what truly needs to be distributed. DNS, DHCP, firewall. What is likely not necessary to distribute WWW, FTP, email.

DNS can be replicated with BIND or you can do a DNS server that uses MySQL and replicate the mysql database. DHCP must run at each site but you need to decide if you want DNS updated with DHCP. If so, you need to decide if you want those hostnames available across the network. DHCP can update DNS when a client requests an address, DNS can then replicate between each sites DNS server and in the end, you could access that machine from anywhere on the network that is permitted by your firewall runes.

for firewall, consider just using iptables and a bash script to download the current config and then replace some placeholders in the file with the local IP information. I have done this where I keep a copy of the firewall config on an internat webpage and just download the file, sed out my LOCALIPADDRESS and WANIPADDRESS with the local IP, and write that data to iptables on a schedule with cron. That way you can make a broad change to the firewalls at each site in a single file.

email doesnt like to be distributed. consider simple keeping a hot spare, even at a remote site, using something like DRDB to keep the email store in sync. Because you already have DNS everywhere you can quickly adjust the DNS entries for the email server. Use low TTL numbers so downtime is minimized. Then you can ssh into the remote machine and mount the store, then start the email services and you are in business.

There's no such thing as generic best practice

[petes_PoV]

Only what's best for your specific situation.

Once you have met your legal and other regulatory minimum requirements, the rest of the upgrade programme is down to your decision makers. For example: some prefer not to implement hot-standby (relying instead on perhaps a third-party, or business insurance), some make it a 100% absolute requirement for each and every server they possess, you can't just make a statement in isolation, you'll need guidance from the people who control the money - as that's what it all boils down to.

Once you have the answers to two questions:

- what do you value

- how much are you willing to spend for what degree of risk

You can start to make plans. All the best practices I have come across appear to have been written by or for government departments where budgets are effectively infinite, and the worst possible scenario is to open yourself to criticism from your peers and rivals. In the real world neither of these conditions exist. Further, while it's not always good to re-invent the wheel, blindly following one scheme without understanding it's values, shortcomings or benefits means you will certainly not get the best value for your organisation and will not provide a solution that is best for their circumstances..

There is however one best practice you should follow: get everything (esp. from your own people) in writing - who said what, when and to whom.

Microsoft Essential Business Server

[VTBlue]

If you have heard of Small Business Server, Microsoft just released a 3 server solution for businesses of your size called EBS. It will do everything you just outlined including setting the foundation for branch office scenarios with redundancy. With EBS, you get SharePoint, Exchange, Fax serving, AD, DNS, DHCP, firewall, FTP, IIS for web serving all included. Because it is built on Windows Server 2008, you get access to all the services that it provides. It will be a huge leap in user experience for your end-users and you'll finally stop fire fighting and actually allow time to deal with the real IT/Business challenges.

Rather than pushing the features, the real work you need to do is to identify business requirements and map them to features, implementation costs, and upkeep costs.

Once you have a sane, self-managing system in place, you can start to role out self-service IT systems for your users so they don't bother you for password resets. Some would say that you're putting yourself out of a job by doing this, but if you play your cards right and plan out the technical and the social aspects of the project, you will really be a hero and you'll probably be seen in a more respectable light.

visit http://www.microsoft.com/ebs

Re:Microsoft Essential Business Server

[h4rr4r]

Someone please mod down the parent, he is an MS shill. Look at his posting history.

Astroturfers should not be welcome here.

Re:Microsoft Essential Business Server

[VTBlue]

Someone please mod down the parent, he is an MS shill. Look at his posting history.

Astroturfers should not be welcome here.

First of all, i'm not an Astroturfer. I work for Microsoft, yes, and all my posts make it pretty clear if you check my history. I am also an IT engineer. The post was talking about how to refresh an aging architecture. While many on this discussion are talking about virtualization, VMWare, moving from x86 -> UltraSPARC, how is showing the poster about a product that perfectly fits is need off topic? Bringing an old multi-server environment down to a automated and redundant 3-server solution is a great suggestion. This is a discussion forum, if I'm not following the rules, let me know, but don't hate just because I'm Microsoft. Here's a list of recent things we've done in the last year for the open-source community.

All PHP workloads supported under Windows Azure including Wordpress.com
MySQL supported in “cloud”
Expression Web supports PHP in for developers
Platinum Sponsor of Apache Foundation - $100,000
ASP.NET AJAX Library – Apache 2.0
wrote OAuth WRAP 0.9
openly released XML Seach Suggesions Format
openly released IE Web Slice Specification
openly released OpenService Format Specification
PHP Frameworks Treated as 1st Class Citizens on IIS 7
Free Eclipse support for Silverlight development
Linux code contribution for virtualization
Dedicated iPhone streaming support in IIS
openly released Outlook PST spec released
formed Microsoft - Red Hat form support partnership
Gave Apache Qpid code contribution
released PHP toolkit for ADO.NET Data Services
Dropped CAL requirement for Linux in virtualized workloads on Windows Server
released Live Services plug-in for Moodle released as GPLv2
C# and .NET CLI now under Community Promise
released .NET Micro Framework 4.0 – Apache 2.0
supported and released SAMBA contributions
OASIS approves nine WS* specifications

If you want to hate because the product sucks or its not an appropriate solution, argue the merits, don't flame me.

Someone please mod up the parent, i'm not off-topic and I happen have been a slashdot reader for over 10 years.

     

Re:Microsoft Essential Business Server

[lukas84]

EBS sucks. Really. It would be nice if you could just buy the bundle of the "full" products at the same price as EBS, but the way EBS is currently structured it's a nightmare.

Even SBS is an extremely complex product to handle, with lots of special cases to consider since a lot comes preintegrated and everything is a slight bit different compared to their standalone counterparts.

And as it is right now, SBS and EBS are outdated - both still ship with Exchange 2007 and WS08 and from what i've heard so far it will take months if not years till we see them both shipping WS08R2 and Exchange 2010.

If the OP is running Microsoft, EBS would be a bad choice.

Re:Microsoft Essential Business Server

[VTBlue]

EBS can be complicated if you doing a very complex services environment with many nodes, but for 150 people and for the services the poster is talking about I highly doubt there would be a blocker.

As far as SBS 2008, the product is meant to be used with no or only part-time IT staff. The box can be administered remotely and requires very little maintainence so I'm not sure what you're talking about.

Yes, with both products you get slightly older versions of server and Exchange, but its still probably years ahead of what the users are getting today with a seven y/o environment. Not everyone goes for the latest and greatest. That said, you can bet that the R2 version will come out in months, not years. I know this cause I work at Microsoft. Integration WS08R2 will be easy. Exchange 2010 will be easier than 2007 since it actually reduces system overhead and overall requirements.

The final thought on this is that if an IT manager were to wait to implement the latest and greatest, nothing would ever get done. At some point you make a decision and actually plan out a 3-5 year rollout strategy. Few things in IT happen overnight. If people considering EBS or SBS now are worried about using older tech, then purchasing Software Assurance along with it would give them upgrades to newer versions when they are released.

Re:Microsoft Essential Business Server

[Junta]

If you are in a purely technical role, then you may want to spend a little time away from your sales/PR people and marketing material. The recommendation or discussion of EBS may well be on topic, and as you say other specific branded technologies (many of which I think are inappropriate) are discussed, but it is less about the core content and more about the wording of your post. It sounds less like an informed user of the project and more like an infomercial. It's worrisome that even if you didn't say "I AM AN MS EMPLOYEE" that your post screams it for you (btw, I personally always declare first thing my employment bias when discussing my company, but I avoid participating in discussions about my company as much as possible as I know my perspective is skewed and may be inappropriate for most discussions).

The word choice and phrasing trended toward overly long and consist of buzz words more than I would expect most posts in this area to trend. You also took the opportunity to throw in other Microsoft branded services whereas the submitter didn't ask about them (AD, SharePoint, IIS). While others will throw in the phrases like 'vmware is useful for this' (I disagree that this is the case, but that's an opinion seen here, with the length and type of language roughly representative), they didn't say things like 'VMWare recently released their vSphere architecture which encompasses their ESX family of technologies together with the vCenter management solution to help you with your business requirements while acheiving lower TCO utilizing vMotion, HA, and FT features to drive your availability. You'll be able to provide your users with a next-generation experience that they want and you'll have more time to address forward-looking challenges. If you choose vSphere, you can focus on what is really important in your business and really be a hero!'. Yes some of the VMware recommendations may be astroturfing, but it doesn't stick out like a sore thumb.

Additionally, making a big point of password reset as a big feature to be captivated in the field of self-service seems odd, since that has been a long time feature of most every password system for a long time, and thus people have little reason to be impressed by it.

Re:Microsoft Essential Business Server

[Junta]

If you have heard of Small Business Server, Microsoft just released a 3 server solution for businesses of your size called EBS

Then if I haven't heard of Small Business Server, MS didn't release EBS? That's a cool trick.

Re:Microsoft Essential Business Server

[VTBlue]

seriously, do you have no other work than to troll a Microsoft guy trying to make a suggestion to use a product that will actually solve the poster's problem?

This whole post lacks information on the environment, userbase, company etc etc. Almost no one is giving any advice that is actionable.

Bottom line, this is a company with about a dozen servers serving 150 people. This is a low workload for thing the post cited. While everyone is talking about HA, virtualization, and everything else, what this guy is really asking is how should i think about consolidation and improved supportability. The guy is clearly clueless about modern IT or an amateur, so fundamentally according to Slashdot, it just makes sense for him to move to a Microsoft stack right? If he was an actual Linux guy, then he wouldn't have even posted such a silly question.

If the poster is reading this and you're thinking about virtualization as an option, you may consider Microsoft Hyper-V Server R2...its FREE as in beer and supports all workloads. But like Junta, virtualization is not the right move based on your described needs. Modern boxes can reliably handle the services you describe.

http://www.microsoft.com/hyper-v-server/en/us/default.aspx

Junta, get a life or start a blog about why Microsoft sucks...I'll even comment on it :) prick

Re:Microsoft Essential Business Server

[1s44c]

Junta, get a life or start a blog about why Microsoft sucks...I'll even comment on it :) prick

Wow, abuse from a Microsoft marketing drone. Now that's not good PR for Microsoft now is it?

Re:Microsoft Essential Business Server

http://www.microsoft.com/hyper-v-server/en/us/default.aspx

Peddle your third rate rubbish software elsewhere. There might be some PHB's somewhere that will fall for your bullshit sales pitch and your bullshit software.

Re:Microsoft Essential Business Server

[VTBlue]

we drones then to have a human side :)

Re:Microsoft Essential Business Server

If you want to hate because the product sucks or its not an appropriate solution, argue the merits, don't flame me.

You freely admit you work for a company that abuses the whole IT world. You are going to get flamed because you are by extension an abusive and deceitful slimeball.

You deserve to get flamed until the day you leave the evil empire and get a non-evil job you retarded monkey dropping.

Re:Microsoft Essential Business Server

[1s44c]

we drones then to have a human side :)

Syntax error, go reboot yourself.

Re:Microsoft Essential Business Server

[Junta]

seriously, do you have no other work than to troll a Microsoft guy trying to make a suggestion to use a product that will actually solve the poster's problem?

It's a weekend and I'm bored ;) More seriously, my intent was to explain to you how your wording comes off as a sales pitch rather than a viable recommendation coming from a technical guy. If you want to advocate MS solutions, fine (though I'm not personally a fan), but be aware that your current wording doesn't sound like the other participants in the thread, and sounds like astroturf. So while you may not be astroturfing you sound like it, and at the same time, there are probably VMWare astroturfers in the thread, but they don't sound like it ;)

Re:Microsoft Essential Business Server

[VTBlue]

if you wanna give me some more info, i can push your feedback to the product team. Can you tell me exactly where EBS sucks around "integration" ? The reason I ask, is that I'm really hard pressed to find any article, review, or customer who hates EBS or says it sucks. Your insight would be appreciated.

Re:Microsoft Essential Business Server

[lukas84]

There's a variety of reasons why i dislike EBS.

First of all, it changes several ways you "normally" administrate Windows systems - you need to use the EBS tools for most of the tasks, for fear of breaking some assistants.

That's the same as with SBS, except SBS setups are usually much less complex, which means using the normal admin tools isn't necessary as much.

To see why this is a giant problem, look at the EBS blog:
http://blogs.technet.com/essentialbusinessserver/default.aspx

Most of the postings there about fixing issues with EBS's automatic integration, which often doesn't work.

Also, look how many steps are necessary to get an SBS 2008 patched up and how much stuff can break during such a procedure. And then you'll need to fix all the stuff that comes pre-broken (BackConnectionHostnames, Sharepoint Search, IIS DCOM permissions, etc.)

Then there is EBS's security server, which comes with a product noone else uses - "Forefront TMG Medium Business Edition", which is basically a 64bit recompile of ISA 2006 that's compatible with Server 2008. This will force you to redesign your entire network around EBS - a mistake that was made with SBS 2003 (though it was optional there, and the option was removed in SBS08).

SBS has several limitations - some of them come from the "everything on one box" design, which is actually what customers want and thus an acceptable drawback.

EBS has the same level of limitations - which is why i don't like it. In my opinion, EBS should be reduced to a "license kit", that contains all of the EBS components at the same price, but leave all the integration and configuration stuff to a VAR, as a one-size-fits-all solution does not work in such environments as it does with SBS.

Probably forgo virtualization

[Junta]

If the administration 'team' has equal access to all the services today on disparate servers, I don't think virtualization is necessarily a good idea, the services can be consolodated in a single OS instance.

In terms of HA, put two relatively low end boxes in each branch (you said 7 year old servers were fine, so high end is overkill). Read up on linux HA which is free, and use DRBD to get total redundancy in your storage as well as a cheap software mirror or raid 5. Some may rightfully question the need for HA, but this approach is pretty dirt cheap at low scale.

Re:Probably forgo virtualization

[Junta]

And it *should* go without saying, but just in case: none of this excuses a good backup plan. HA strategies will dutifully replicate incoming data into all the redundant copies as fast as it can to recover from hardware/os/service death as fast as possible. This includes propagating an accidental deletion or corruption as fast as it can.

Something like ZFS or rsync with hardlinks for incremental is a good first line of defense, but you should have a backup plan with removable media that can be taken offsite and also means that no matter how bugged/fubar your backup solution is on tuesday, it can't possibly corrupt your monday backup.

Re:Probably forgo virtualization

[buchanmilne]

If the administration 'team' has equal access to all the services today on disparate servers, I don't think virtualization is necessarily a good idea, the services can be consolodated in a single OS instance.

Even if they all can run on the same OS instance, do you really want a large database query killing your DNS recursion. If they were separate VMs, then memory pressure on the database VM wouldn't impact the DNS VM (or, as much).

If you require different OSs for other reasons (e.g., some Windows, some Unix) then virtualisation is a requirement if you want to reduce box count.

In terms of HA, put two relatively low end boxes in each branch (you said 7 year old servers were fine, so high end is overkill). Read up on linux HA which is free, and use DRBD to get total redundancy in your storage as well as a cheap software mirror or raid 5. Some may rightfully question the need for HA, but this approach is pretty dirt cheap at low scale.

1)Just install CentOS, or the distribution of your choice that ships Red Hat Cluster and a suitable hypervisor
2)Install DRBD, cluster, and configure GFS on top of DRBD for storage of VM base images and VM configuration files
3)Choose Xen or KVM as hypervisor
4)Install VMs (Windows, Linux etc.) using the virt-manager GUI tool
5)See that you can now migrate VMs between physical servers without service interruption, and VM recovery can occur in seconds (if a physical server failed). CentOS probably won't have it quite yet, but Xen can now do real-time state replication, so in future even unplanned downtime on a physical machine will be without impact

If you can fit it in your budget (which you should be able to, having spent nothing on virtualisation software), buy decent servers which have remote management cards (e.g. HP iLO, Dell DRAC, Sun ILOM). Not only is it convenient (e.g. being able to boot into recovery remotely if you ever need it), but cluster operation will be more reliable if you use these for fencing.

While this may be a bit more complex than typical "Linux HA", the benefits are worth it. In an environment I was involved in until recently, we had a virtualisation cluster running VM pairs which were clustered. In the past 6 months, the virtualisation layer (including GFS, cluster on the physicals, Xen etc.) has not failed, while the clustered service running on the VMs has numerous times. The most likely action that will be taken to fix this is to remove the clustering between VMs, to rely almost exclusively on virtualisation for HA.

This might not be "Best Practice", but it can provide best of breed and bang for buck for a small investment of time, which can be recovered for the next site.

Re:Cloud Computing(TM)

[lorenlal]

I think what the article is really asking is what's a good model to start all this stuff. You're looking at one or two servers per location (or maybe even network appliances at remote sites).

I totally agree with your premise. In my experience taking something that appears to work (when you realize you've really just been lucky) requires some time to bring about the change that the business really needs.

Now, as for having two servers per location, that heavily depends on how those sites are connected. Are they using a dedicated line or a VPN? That's important since that'll affect what hardware needs to be located where. It's possible (even if unlikely) that some sites would only need a VPN appliance... But since the poster seems to want general advice:

VMWare ESXi is a pretty good starting place for getting going on virtualization. I've had a great experience with it for testing. When you feel like you've got a good handle, get the ESX licenses.

If SAN isn't in your budget, I still recommend some sort of external storage for the critical stuff... Preferably replicated to another site... But you can run the OS on local storage, especially in the early stages. But you'll need to get everything onto external storage to implement the VMotion services and instant failover. Get a good feel for P2V conversion. It'll save you tons of time when it works... It doesn't always, but that's why you'll always test, test and test.

As for the basic services you stated above (www, ftp, email, dns, firewall, dhcp):
Firewall (IMHO) is best done on appliance. Which should be anywhere you have an internet connection coming in. I'm sure you knew that already, but I'm trying to be thorough.
Email is usually going to be on its own instance (guest, cluster, whatever)... But I find that including it in the virtualization strategy has been quite alright. In fact, my experience with virtualization has been quite good except when there is a specific hardware requirement for an application (a custom card, or something like that). USB has been much less of a headcache since VMWare has support for it now, but there are also network based USB adapters (example: USBAnywhere) that provide a port for guest OSes in case you don't use VMWare.

Backup fabric/infrastructure

[mlts]

Don't forget that with all the shiny new servers, to have some sort of backup fabric in place for each and every one of them.

I'd focus on four backup levels:

Level 1, quick local "oh shit" image based restores: A drive attached to the machine where it can do images of the OS and (if the data is small) data volumes. Then set up a backup program (the built in one in Windows Server 2008 is excellent). This way, if the machine tanks, you can do a fast bare metal by booting the OS CD, pointing it to the backup volume, pointing out the new OS volume, click "restore", walk off.

Level 2, a network backup server: The server would be a machine with a large amount of disk, and a tape autochanger. It would run at the low end Retrospect or Backup Exec, upper end, Networker, ArcServe, or TSM. And it would do d2d2t backups, so grabbing the data from machines is fast so you can do the most with a backup window. Then, with the tape array, make a rotation system factoring offsites to Iron Mountain, as well as onsite backups. Of course, this server would handle archiving, perhaps with a dedicated DLT-ICE (or similar WORM tech) drive for backups that can't be tampered with.

Level 3, offsite strategy: If you need to have stuff up 24/7, consider a hot or warm site that can take over should something happen to the main site. Even if you don't need an offsite server room, you do need offsite backup storage and rotation planning. Usually this is Iron Mountain's domain, but it can't hurt to also have a tape safe on some leased company property only known by the top IT brass just in case.

Level 4, the cloud: Cloud storage is costly. There are also security issues with it. However, the advantage is that if your data center gets completely obliterated, the data is still accessible. I'd recommend having some form of encryption (PGP comes to mind, perhaps on the cheap, TrueCrypt containers), and storing your core business tax data (Quickbooks/Peachtree) here. You want to store what you need to recover the business, but you don't want to store too much because you are paying lots of cash for it. Last time I checked, for the cost per month you use a cloud provider for a terabyte of storage, an external 1TB drive a month was cheaper. But you are paying for cloud storage's SLA and relability.

I know backup fabric is usually the last thing on an IT department's minds, but it is VERY important, and may mean the company exists or doesn't exist when (not if) something happens.

Tailor this to your requirements and budget, of course.

Some possible goals

[giladpn]

You got a lot of posts pointing out the error of your ways; basically what people are saying - it sounds gung ho, there is no clear reasoning in the post justifying your shift.

Maybe they are a bit strong but note there is a lot of experience behind them.

Having said that, I would like to take a kinder gentler tone. Once you go through your fundamental reasons for wanting change, I'd suggest you choose ONE big thing that you want to do. Changing everything at once is usually not so hot.

So what could be a goal that would make your users happier and you a hero? Well, don't know, but I can tell what is typical in many such cases
- lowering capital costs (less spending on physical servers and their maintenance) while keeping everything running is one; cloud computing may help on that
- faster performance is one, but only in those places were users are actually complaining. Making a list of those places and fixing them one at a time would be an approach.
- new business needs is another one, but for that - leave everything that works alone and focus on solving very well the new business need. Your partners are your CEO, CFO, marketing etc...

For example, seems from your post that the overall architecture of the system is actually quite decent. So you may want to just repeat that same architecture in an updated way in a cloud computing approach, save some money and prepare for the next computing trend. If you decide that is for you, move one server at a time, arrange fail-over in the cloud, and prove one-at-a-time that it works as fast as the old stuff.

Bit of advice: don't just do virtualization without knowing why. If the business reason is economics, then jump over virtualization to the next trend, cloud computing. If it isn't economics, don't bother with virtualization at all.

Consider your goals and choose ONE. 'Nuff said.

Simple solution: vmware + amazon as a backup

[mveloso]

If you have external access at your offices, leave everything as-is. Image everything, and use Amazon as a backup machine. Simple, low-cost, and basically on-demand.

More info about the setup would be good, but if everything's been running, don't touch it - back it up.

Re:Cloud Computing(TM)

[symbolset]

where do we start to make it GO?

It can be helpful to engage an independent VAR. Not all, but some, offer presales assistance that includes needs assessment and design for free or at low cost. They do this with the hope that by demonstrating their technical prowess you will be more comfortable with buying from them, and in the hope that you'll engage their engineering teams for best-practice deployment consulting.

It sounds like the organization in the fine article doesn't have a lot of experience with this. Modern systems can be complex and a single configuration error can lead to downtime, wide-open security, and more. Ask slashdot is nice, but it's not a dialog with a certified professional with years of experience who's on your site and has spent some time understanding your network and needs.

Separate data centres

[David+Gerard]

At least for external services like www. Big red buttons do get pushed. I worked at one company where the big red button in the data centre got pushed, all power went off immediately (the big red button is for fire safety and must cut ALL power) and the Oracle DB got trashed, taking them off air for four days; their customers were not happy. They got religion about redundancy.

Redundancy is one of those things like backups, support contracts, software freedom, etc. that management don't realise how much you need until you get bitten in the arse by the lack of it. You clearly get it, which is good.

(I have a similar problem at present: an important dev machine has (a) no service redundancy (b) no disk redundancy. (b) is unlikely, (a) requires duplicating all services including a proprietary version control system onto another box. I'm going to have to switch on an old Ultra 60 that's been decommissioned. Argh.)

Some advice

[plopez]

1) don't screw up. This is a great opportunity to make huge improvements and gain the trust and respect of your managers and clients. Don't blow it.

2) Make sure you have good back ups. Oh you have them? When was the last time you tested them?

3) Go gradually. Don't change too many things at once. This makes recovering easier and isolating the cause easier.

4) Put together a careful plan. Identify what you need to change first. Set priorities.

5) Always have fall back position. Take the old systems offline, cut over to the new system. If the old system fails, rollback. And leave the old systems available for a while until you feel assured they are stable.

6) Don't drink the koolaid. Any product purporting to help migrations should be avoided unless people you trust have used it and/or you are very familiar with it.

7) Always remember point number 1. Being conservative and careful are your best tools.

Most of the poster don't 'get it'

[plopez]

The question is not about hardware or configuration. It is about best practices. This is a higher level process question. Not an implementation question.

Linux Vserver

[patrick_leb]

Here's how we do it:

- Run your services in a few vservers on the same physical server:
    * DNS + DHCP
    * mail
    * ftp
    * www
- Have a backup server where your stuff is rsynced daily. This allows for quick restores in case of disaster.

Vservers are great because they isolate you from the hardware. Server becomes too small? Buy another one, move your vservers to it and you're done. Need to upgrade a service? Copy the vserver, upgrade, test, swap it with the old one when you are set. It's a great advantage to be able to move stuff easily from one box to another.

Re:Linux Vserver

[Lennie]

Also the real reason is VServer or OpenVZ doesn't use any resources extra resources or require the right hardware like, Xen, KVM, etc. It's just a container like FreeBSD jails or Solaris containers.

Ofcourse, it's always the same OS.

Astroturfing..

[Junta]

If MS is going to astroturf, you need to at least learn to be a bit more subtle about it. That post couldn't have been more obviously marketing drivel if it tried. Regardless of technical merit of the solution (which I can't discuss authoritatively).

The post history of the poster is even more amusingly obvious. No normal person is a shill for one specific cause in every single point of every post they ever make.

To all companies: please keep your advertising in the designated ad locations and pay for them, don't post marketing material posing as just another user.

Re:don't forget the network as well like the switc

[oatworm]

Heh. I worked in a small office once where their backbone was a 24-port hub. Better yet, they were using thin clients for everything, so they were slamming that hub every single second of every single day. Once the hub was replaced, it was amazing how many of their "performance issues" disappeared...

Re:Cloud Computing(TM)

[mysidia]

And when you need it back up within 5 minutes, and no data loss (other than data that didn't occur due to downtime)?

Why all the VM hate?

[deadwill69]

I don't see what all the fuss is about vm's. It allows you to continue to run one service per "box" and cut down on the amount of servers. Using vm's has allowed us consolidate numerous slightly used, dedicated boxes. In turn, we have improved out fail overs with vmware's management console and snap shots saved to a SAN. Near instantaneous recovery without all the head aches. We still do tape and spinning disk backups depending on how critical the machine's mission. There are still a lot of services the best practices requires they have their own box: Infrastructure services being the critical one. All the rest do just fine virtualized. As for the remote offices, the should need more than slaved DHCP,DNS, LDAP/Active Directory, gateway, and a firewall unless your using the remote location for load balancing on web, connection redundancy, etc. We use an MPLS to one of our remote office for this ourselves. HTH, will

Re:Why all the VM hate?

[Junta]

The problem is Virtualization is a hammer, and too many people assume every problem to be solved is a nail. The (occasionally excessive) VM hate is to offset irrationally excessive VM love. Virtualization in some cases can be more expensive, less efficient, decrease performance needlessly, and incur more management complexity rather than reducing. It shines in aggregating platforms that are not similar enough to run on the same hardware concurrently and some simplifications when dealing with different administrative users with different permissions. It has a use just like it has had a use ever since it became commonplace in mainframes, it's just not the end-all, be-all of IT solutions as VMware wants the world to believe (VMware is not the only player in the game, but they are a one-trick pony and as such feel the need to frame everything as a virtualization problem moreso than other virtualization vendors).

If you have an email and webserver both running the same operating system on separate servers and wish to aggregate, Virtualization is not nearly as frequently the best option as proponents suggest. If the OS is commercially licensed, you incur increased cost for the extra instances. If using a commercial virtualization solution, you are paying extra for that platform. Instead of managing 1 os instance you must manage 3 os instances (the hypervisor platform and two guests in my example), incuring extra OS management overhead. If you have disparate OSes, that may be a valid place for virtualization. If your administrative staff is sufficiently convoluted that you need to give administrator privilege in a manner more fine grained than the chosen platform allows in a single instance, it can make sense (hosted servers and thin clients can make a lot of sense for this reason).

If your admin team is one to a handful of people with equal access serving a company of 150, consolidating services doesn't have to mean maintaining independent OS instances. Modern OSes have for a long time allowed for concurrent services to run at the same time with proper isolation, and yet many seem to think an smtp process and a caching nameserver *must* run on different 'systems'.

People seem to forget about application level failover. The 'hard' parts mostly have to be solved for HA virtualization case (redundant shared storage being a big part of that, and admittedly VMWare comes with a usable SAN filesystem and some other platforms don't come with that out of the box), most network services are sufficiently stateless that the same redundant storage configuration required for VM HA can be used directly with mere IP takeover for sub-10 second downtime at overall reduced cost. In Virtualization, without a heavily stripped down platform, the HA will be slower (except the admittedly nifty FT stuff, but that is a relatively tall order as implemented today) and more expensive. Some services persist state in a manner where it is unavoidable to shell out money to do HA at the application level, and then it may warrant an analysis of which approach is appropriate, but those services are in the significant minority.

Re:Cloud Computing(TM)

We've probably dropped ~20K (w/o licensing) in our VMWare ESX cluster. Basically it's the "poor man's version" because of all of our purchasing restrictions, but here's about what it is:

• Basically a box with some 15K SAS drives in RAID1+0. Cost ~$5k
• Server with some SATA 1TB drives again in RAID1+0. Around 5K as well
• 3x cluster nodes. Dual 771 with 8 or 16GB of RAM
• Management node running Win Server 08

It's not a super config, and a lot of people will argue that it's not a true setup, but it's sufficient for our needs. I think we hit 4% CPU utilization across all the nodes the other day.

With VMWare, watch the 2TB filesystem limit. We ran in to that with our SATA array. Basically you have to slice it in to 2TB chunks to get VMware to accept it as a datastore.

As far as networking goes, we have a couple of gigE switches running the traffic. Our SANs are redundant, as we clone all of the machines from our SAS "SAN" to our SATA. If the "production" SAN goes down we can start up the clone from the SATA box in minutes. After the primary SAN comes back up we can VMotion it across to the other data store.

Re:Cloud Computing(TM)

[turbidostato]

"Maybe the first question should really be: what's your budget?"

Maybe the first question should really be: you are in charge for the transition but you are clueless about how to do it. What the heck?

Re:Cloud Computing(TM)

[turbidostato]

"The tension between budget and business requirements can be useful but it is largely a paper tiger."

Yes indeed, but not because of the reasons you highlight. There is no tension between budget and requirements since budget is just a natural outcoming from the requirements themselves: you don't need 24x7 services; you lose XXX dolars per hour when the service is down. Once you factor in the risk management is wishing to take your budget is just a matter of a multiply: it's XXX dolars per downtime hour multiplied by the risk you are accepting. You lose 10.000 per downtime hour and you don't want to lose more than 100.000 on a risk you measured to have a 10% chance (a ten hours downtime)? Then your allowed front cost for this is 30.000 (for iron under three years amortization).

I'm used to hear about "I want uber-redundancy and 24x7 disponibility" "well, that'll cost you XXX" "But I can't pay that!" That means that you don't earn that much from that system. It's never "I can't afford it" but "it doesn't get me so much".

Information Technology Infrastructure Library

[nko321]

1) Thank you, thank you for thinking of best practices before taking serious action. 2) ITIL is your friend. http://en.wikipedia.org/wiki/Information_Technology_Infrastructure_Library When implemented deliberately and properly, ITIL makes an IT admin darn near *comfy*. Just remember that ITIL != bureaucracy, ITIL == Best Practices.

Combine some & keep some separate - find savin

[jvin248]

Assuming you have seven year old Microsoft OS boxes, then switching over to a fewer number of latest Linux OS boxes would be an improvement. Many of the services you list can run in the same Linux box just as happily - without VMing them. Others you may want a dedicated box (email server with big HDD arrays). For a small facility having only 150 users you've got a small budget and insignificant system loads.

However, if you want to make a more significant dent in operations, equipment costs and IT maintenance, look into client-server setups using LTSP.org - transfer all fat-client based 150 users to thin clients (stripped down current machines or new thin clients the size of desk phones) running on a few back-room servers. Switch over the office phone system to something like Asterisk etc. Look into FreeNAS and m0n0wall/pfSense. Set up a Drupal or Wordpress system to publish internal documents and/or to the Web. Lot's to keep you busy and productive besides those few old workhorses.

Re:Cloud Computing(TM)

[mysidia]

If there is extra budget then consider adding more or better hardware and services.

Shouldn't that be... if there's extra budget, think a little farther ahead, about how your requirements are likely to increase in the future?

So you can try to meet the anticipated future requirements earlier, to be more efficient, in saving money on delaying future upgrades that will otherwise be needed.

Re:Cloud Computing(TM)

[mysidia]

To have true high-availability, even 2 VMware servers isn't enough, you need a reliable shared storage system that both servers can access.

Even then, the storage chassis itself will be a central point of failure. To have true HA you need a pair of independent shared storage units with continuous synchronous replication and some reliable mechanism of failover.

But even without HA...

There are still benefits of running only on one server and using virtualization. Getting higher utilization of a smaller volume of hardware still saves money, since you aren't running 10 servers sitting at 10% load all the time.

You can run multiple OSes.

You can run applications that require their own OS install. For example: domain controller can run on its own without other apps running on the DC. The major apps have their own server

Finally, there are security benefits of isolating apps to their own server. If one server is compromised, it can be taken out of service without affecting the other apps.

You can run the bleeding edge server OS version only for the app that needs it, and run more stable code for other apps.

If one server crashes due to an OS bug, the others keep running.

The hypervisor itself is a thin OS, and if run on proper hardware is highly stable. Driver issues are unlikely to bring down your servers, especially when utilizing advanced CPU features such as processor VT and IOMMU which provide sophisticated I/O and device isolation functions.

Of course, your hardware is a single point of failure. But backups/disaster recovery is easier to manage in a virtual environment, you just VCB and regular copies of your VMDKs to a secondary piece of metal to prevent data loss.

Re:Cloud Computing(TM)

[mysidia]

Switching an existing deployment from x86 to UltraSPARC is nuts. Also, SPARC is dying, it's extremely unlikely your new cluster will be SPARC. Almost certainly you will pick x86, x86_64, or Itanium. Itanium is also a niche market, however, and it's unlikely your app will suddenly need it.

Better to in fact virtualize the fileserver. So you can run multiple things on the box. Virtualization basically guarantees you can move the application with minimal work, when you scale up the storage infrastructure later.

If you ever get a SAN, attach FC, iSCSI LUNs with the files to the fileserver, or serve a VMDK with the data from the NAS, problem solved. Let the SAN serve data to servers. Let servers serve data to users. Don't let users come within 100 feet of the SAN or other hard-to-upgrade device (security nightmare).

Re:Cloud Computing(TM)

[digitalchinky]

That's a little harsh don't you think?

There are untold numbers of us in this guys position. Asking slashdot is a damn good start at finding a new methodology. Everyone has an opinion, some of them quite intelligent, a few might even work. It's ok for the fortune 500 cube dwellers to jump on the phone and call in a long standing contractor to 'handle it' - the rest of us have to slog through the marketdroid crap and translate the latest buzzword infestations to human speak - then just hope we don't screw it up or waste money.

So far the best suggestions appear to be to figure out how critical things are first (which will shape the hardware requirements), budget second. All the while this is encompassed by the usual core job functions that still need to get done.

So rather than point out the redundant, how about using your fingers to provide a potential solution.

Re:Cloud Computing(TM)

[Xeleema]

But you can run the OS on local storage, especially in the early stages.

I would just like to point out that I've been in several environments where people "started out" with their virtualized servers on local storage, then moved them over to SAN.

Let me just say that unless you're willing to drop some *serious* coin on SAN, avoid this...unless you're going to run top-end EMC of some kind, and keep your virtualized servers down to 20 or so per SAN.

Basically, it comes down to this; ever see the throughput 30+ servers pull down from a dual-port fiber connection when they all boot?. It's ugly, my friend.

If you decide to go that route regardless, invest in at least 2 dual-port 4GB Fiber HBAs per host server. You'll be thankful in the long run.

Insurance...

[magusnet]

1) Buy a comprehensive insurance policy
2) Write a detailed implementation plan that you copied from a Google search
3) Wait the 3-6 months the plan calls out before actual "work" begins
4) Burn down the building using a homeless person as the schill
5) Submit an emergency "continuity" plan that you wanted to deploy all along
6) implement the new plan in one third the time of the original plan
7) come in under budget by 38.3%
8) hire a whole new help desk at half the budgeted payroll (52.7% savings)
9) speak at the board meeting: challenges you over came to saving the company
10) Graciously accept the position of CIO

(send all paychecks and bonuses to numbered bank account and retire to a non-extradition country) :)

Re:Insurance...

Yep! Worked for me.

Re:Cloud Computing(TM)

[Antique+Geekmeister]

So does a cluster, of course. The back-end storage array required for virtual host migration, or the Veritas clustering tools you may use for service clustering, also form single points of failure. And Veritas has historically been extremely unstable under load: it's often misconfigured, it's often mishandled entirely, and it often mistakes having a "high reliability filesystem" for having a highly reliable failover system, when that filesystem itself may be corrupted by the actual software. This is a very serious problem for Oracle systems, by the way. Far too many installers mistake "clustering" software for having a master/slave, and mistake master/slave setups for having actual backups.

Re:Cloud Computing(TM)

[magarity]

Except of course that management ALREADY HAS that because they've been very lucky for 7 years
 
Whoa there - so using this logic we can assume the company has no fire insurance, etc, because they've been lucky and not had their building burn down in 7 years? Managers might not understand technical issue but one thing managers worth the title CAN do is manage risk ie: balance cost of risk mitigation against risk. I can well imagine a company of 150 people that actually doesn't have any mission critical servers worth spending a lot on redundancy, etc. I can also imagine a company that has gotten lucky while at the same time, the IT person(s) haven't explained IT risks/costs in proper terms because they assume the managers just aren't technical.
 
The original questioner definitely needs to do a proper risk / cost analysis and present it to the managers. (But right now his "ideas" are WAY too vague and not business need driven) A prompt, proper analysis and plan/alternate plan(s) for risk and risk avoidance is going seriously wanted. It will CYA for that magic moment any day now when these 7 year old systems start failing.

Random thoughts

[buss_error]

One thing I'm struck by (over, and over, and over again) is just how frequently "solutions" to keep critical system from "ever failing" don't. I've personally witnessed a tens of multi-million dollar solution come crashing down due to a single failed server. And I'm not talking something that was whomped up in the back office by the team, I'm talking Major Vendors (you'd know the names if I could say them, but I can't; please don't ask), and by vendors that are not even given to being thought of as a simple lightweights (as some other, also nameless vendors are thought of). And in the case I'm thinking of, it wasn't a single point of failure. There were over two dozen other servers able to accept the virtual instance - but none did. So the whole house of cards came down. It was the final acceptance demo. Boy, was there a LOT of egg on faces.

About the only "highly available" services that I've really seen work are geo-seperated Xiotech sans, geo-separated Stratus systems - the old, old ones, running Motorola 680x0 chips, (8098 for example), IBM RS-6000's (with Oracle replicated databases), and (shudder) Sperry V-77's, hand built for wagering. (My GHU! People really still use Z80s!) My own private testing of 10 linux systems running in a cluster were more favorable than any major OEM's Windows/Intel solution, but as the creator of the demo, I can't claim to be completely unbiased. However, even with 5 of the 10 servers having had the power plug pulled (or SCSI card cable yanked, or in one memorable case, the mobo hit with a Taser - I hated that hardware and wanted to get rid of it), it did keep running just fine. Most times, the user did not have to authenticate again and the transaction was preserved, but a few tests, this didn't always work. The user had to log in again, and the transaction was rolled back and not completed.

I've never seen a "solution" put together with WinTel platforms that were absolutely reliable. They may be out there, but I've never witnessed one tested by the "Back Room Guys" that passed with flying colors. Perhaps this is because I'm stupid, ignorant, and can't construct a valid test. I'm open to being corrected... but so far, all I've ever heard are whines and nitpicks.

In a few cases, I wanted to tell the vendor "go put on your man pants and try again."

Re:Cloud Computing(TM)

[Xeleema]

Also, SPARC is dying

Beg your pardon, sir, but do you care to offer a citation for that reference? Perhaps a Netcraft confirmation of some sort?

Didn't think so....

For the record, it's just a tad over your head.

And for the record, SPARC isn't out of the game just yet...

...according to their 1st quarter results from FY2010, things are looking up.

whitewiz

I work with VMware daily, so I am biased but also experienced.
The problems you have currently;
-can't get replacement parts for 7year old servers
-if something fails you can't buy a server like the one you have to restore onto; the data is still retrievable it'll just take longer
-you have no like-hardware test environment

How a virtual environment will help you; lets say 2 current model servers and a piece of shared disk
-p2v is more efficient than re-installing on bare metal
-2 servers provide redundancy for ALL the virtual machines
-disaster recovery is now hardware independent
-you can snap-shot and roll-back upgrades that fail
-you can add more resources (cpu) by adding another server
-you can provision new virtual servers easily
-you can fix the hardware during business hours!

Go for the big iron

Personally I would recommend a mainframe implementation for the workloads you are suggesting.

If you're gonna over cook this, may as well go all in, eh

User-base, Teirs, and Planning

[Xeleema]

Two points have already been mentioned before;

1. What kind of users are we talking here? Globally diverse store managers? Scientists? Wall Street? Web developers? Each one of these groups will have different ideas of what "Reliability" means. Which brings me to;

2. Tiers. What are your critical (never-down) services? Typically this translates to cost; how much will a company-wide email outage cost you per day? Hour? Minute? DNS/DHCP/WINS (shudder) and all your "infrastructure" services will probably fall under this category. But which Applications do you provide, and what are the users expectations? This is a great chance to start having "User Group" meetings with the various sections of your user-base, and start fleshing-out requirements.

3. Plans. Everyone with a tie will love to see a black-and-white document outlining things like Backups, Disaster Recovery, Risk Analysis, Acceptable Use Policy, and so forth. However, most small networks (10-20 servers) don't have anything like this. Heck, even if it's "boot the old systems", it's still a plan. Write one up, use a template, Google has a few dozen last I checked.

4. Migration Plan. One thing you can bet on; if *anyone* non-IT has had free reign inside the network, there will be little files, scripts, cron jobs, applications, firewall settings, etc that have been tweaked and long forgotten. Before you "Decommission" anything, make sure it survives a reboot, and make an image of the filesystems.

Word from the wise; setup a Linux box somewhere with a good chunk of space and throw all of them on there, then make sure that system is backed up. Try to avoid mentioning this to anyone, as it increases the "awe" factor and cuts down on unnecessary retrieval requests

5. Blog, wiki-fy, etc. *Anything* that the users can take a look at and "see" what you're doing. Being an I.T. techie is like being a ninja; If you do your job right, no one even knows you're there. But screw up, and everyone will have a torch and pitchfork with your name on it. Sometimes having things out in the open will negate that (maybe they just bring flashlights, instead of actual torches).

6. Go Slow. Take a look at what servers you have, inventory what all is running on them, and guestimate how long it would take to set that up. Then multiply that by a Scotty factor and state that in your paperwork.

Remember, small-time IT guys seldom leave peacefully, they're typically ridden out on a rail. (This coming from someone who's been the exception to that, narrowly at times).

Re:User-base, Teirs, and Planning

[Xeleema]

Oh! And charts! Suits love charts!

Re:Cloud Computing(TM)

[asc99c]

This isn't impossible except for the official SLA bit, it's kind of how it's done in my office, and I suspect many others. We've got a number of servers all built with standard off the shelf components from an internet parts shop that happens to also be locally based. We've got one spare server, and if anything other than hard discs fail, we just move the discs into the spare server and switch it straight back on. If the hard discs fail, someone switches on the appropriate services on the spare and sets it going (it's got every service configured up but switched off).

Not necessarily saying this is a perfect idea - we recently had a run of hardware failures, which to me suggests that while you can build a server for £200, you probably shouldn't. We're now I believe looking at better standard motherboards, and proper hard discs for all the servers. It will push up the costs to about £400 / server, excluding KVMs which were got in the computer room budget. And it's all run by one person (thankfully, not me!)

Beware! The singularity is nigh!

[YourExperiment]

Services running on virtualized servers hosted by a single reasonably sized machine per office seem to recommend themselves.

If your services have started to recommend themselves, they have achieved self-awareness. My advice is to do whatever they ask, and try not to antagonise them.

Re:Cloud Computing(TM)

You need a mod point and I wish I had one.

Anyhow, you can estimate what load anonymous is dealing with - 150 users, 7 year old hardware and that it is not maxed out.

Providing nourishment

[dna_(c)(tm)(r)]

to feet incoming web requests

I think you meant "two feet incoming web requests", which probably means "manually submitted web requests" - mind you, I'm going out on a limb here, could mean roughly 61 cm.

Re:Providing nourishment

[troll8901]

"two feet incoming web requests", which probably means "manually submitted web requests"

Makes sense. If signals move at 10% of c, then the user would have typed the manual web request in 20ns, such that the signals would have spread over 2 feet of wire.

Or did you mean actual electron movement? According to this article and footnote, electrons move at 8.42cm/hr, therefore the user would have spent 7 hours to type the manual web request ...

Re:Providing nourishment

[Enigma2175]

to feet incoming web requests

I think you meant "two feet incoming web requests", which probably means "manually submitted web requests" - mind you, I'm going out on a limb here, could mean roughly 61 cm.

I'm fairly sure he meant "to feed incoming web requests". Now that I got that straight, I may need to track down that strange whooooshing sound above my head.

Re:Cloud Computing(TM)

[Mr.+Freeman]

When in the hell has management ever been reasonable? "Do X on a budget of less than half what you need, twice as fast as possible, I went to a training seminar, I know it can be done" seems pretty familiar.

You need time to plan...

Go Microsoft. Easiest way

Re:Cloud Computing(TM)

[lukas84]

Well, it's not like i've not got any clashes with out management (or even that of some of our customers), but i've found it to be the better approach to actually talk things through in the hope of getting a better understanding of both parties.

From my technical standpoint, it's very much important that management _exactly_ knows what they're getting for their money. This also means saying "No". Yes, you can lose customers if you don't promise them 99.999999999% availability for 50$ a month, but the real question if you actually wanted those customers in the first place - they may find some idiot which agrees to work with them, but that's their loss.

Even internally, as we also run our internal infrastructure, it's important to say "no" to unreasonable tasks and stupid ideas. Either management trusts you to actually do the job they've hired you to do, or they don't - then you'll need to find a new job.

Re:Cloud Computing(TM)

[ani23]

here what i would reccomend. not affiliated to any company in either way but its what worked for us. If you have money to spend Go with HP servers and Equaloggic or left hand San. Vmware ESX If Budget is tight ( I would do this either ways) get Dell Servers as hosts.(R710 with nehelams they work better than quad proc older procs) Sign up for sun startup essentials. you get more than 30% off retail Get their 2510 iSCSI SANS or 2530 SAS sans. they go for 8grand for 6 TB Have two copies in two locations running Vmware ESX

Re:Cloud Computing(TM)

[Lennie]

Even worse, statistically speaking the chance of failure will increase the longer things don't have a failure.

Everything will fail eventually. If something hasn't failed yet, the chance it will happen 'soon' increases.

Re:Cloud Computing(TM)

[Lennie]

VM's are not a security feature. More code means more bugs, which increases the chance of more security problems.

Keep it Simple

Buy 3 machines. Put all the services on each and put one in each of your 2 appropriate locations. Everything you list can run on a single Linux box,. Use the 3rd for your sandbox.

Don't over do it !!!

I have done this before !

Simple, 2 machines at the main site which will host all the services and be a backup up to one another.

Then 1 machine per each external site hosting all the services too.

Virtualization would only be recommended if security is crucial, and only for the services accessible from outside. But it's a complexity add-on !

Recommendation for system : Mac Mini Servers ! with Snow Leopard Server !

Ritchie

On your way out

[obarthelemy]

From your question, I'd say you're on the verge of a huge screw-up.

You must be young. Don't set out to make your mark. On the contrary, set out to make yourself entirely forgettable, which is what people want from their IT infrastructure.

First, look to replacing what's currently there, and nothing more. There don't seem to be any requests for added features.

If you can do that within budget, look at what is lacking. It may be ease of use, reliability, redundancy, backups, disaster recovery, speed, room to grow, features...

If you want to be really smart, do just what's asked of you, under budget, under deadline, with no hassle. But plan ahead for the next few requests, and document that. When those requests come up, you'll be able to turn back and said: I knew it, I planned for it already. THAT earns you points. Not trying to force any random feature that catches your fancy down management and users' throats.

Amen

[jnelson4765]

Creeping complexity was the bane of my last job - we went from a single-box mail system to a load-balanced front end separate from the mailstore because they wanted "disaster recovery" in case the Tier 1 datacenter we ran our rack of gear at lost all connectivity. Even though none of our customers paid for that level of uptime. It also had a lot more problems than the single-box solution - some that were extremely difficult to fix.

If you're worried about failover, and have the budget, VMWare ESX and VMotion, with a cheap replicated SAN, will give you what you're looking for for hardware redundancy. It's painfully expensive, but if they want redundancy, there's no way to do it short of paying a lot of money. Laying out the cost of that 99.999% uptime to management normally serves to get their expectations in line with reality - if they don't, then time to update that resume, because you'll get blamed for not delivering.

There is no such thing as high availability, easy to use software. It's all complex, and hiring people to work on that shiny new load balanced system just became more difficult - the vast majority of IT types don't have enterprise experience, and those with the experience are going to be working on similar systems for companies that pay a heck of a lot more. The easier you make your architecture, the easier it is to hire help.

Re:Cloud Computing(TM)

[gmccloskey]

mod parent up.

The first step is to find out what the business wants, and how much it is willing to pay. THEN you go out to find out what tech is appropriate/affordable to do it.

Ask the heads of each office, and the main business managers what they want the tech to do now, in a year and in three years. Do you have a business continuity plan that has to be allowed for. If you don't have a BC plan, now's a good time to have one done, before you buy a load of kit that may not do the job.

Once you have a list of business needs, and put them in a prioritised list (again the managers set the priority), you go out and look at what can do the job. Assuming you find a reasonable solution within budget, you need to plan the migration.

Protip: do not attempt to migrate everything in one go. Do it in steps, with breaks in between.

Proprotip: whatever your migration, be able to revert to the original solution in less than 8 hours - ie one working day.

Migration is the biggest gotcha - plan, plan and plan again. Do a dry run. Start with the least critical services. You do have backups, right? Fully tested backups, from ground zero? You do have all your network and infrastructure accurately and completely mapped out, and all configuration settings / files stored on paper and independent machines?

Both arguments for VM and KISS have their place - only you can decide. But when you do decide, make sure it's based on evidence, and will end up making the business better.

Don't forget Total Cost of Ownership - the shiny boxes may run faster, but will you have to hire two more techs to keep them running, or a new maintenance contract?

Don't forget training - for you, your staff and the end users. If you're putting shiney newness in place, people will need to know how to use it, and do their jobs at least as quickly as on the old solution. No use putting in shiny web4.0 uber cloud goodness, if the users end up spending an hour doing a job that used to take 5 minutes, because they don't know how to use it properly, or the interface doesn't easily work with their business processes.

good luck

Re:Combine some & keep some separate - find sa

[Lennie]

Can I suggest OpenVZ or Linux VServer ? If you do want to seperate them of maintainability. Not if it's overkill ofcourse (like DNS and DHCP can run fine on the same machine).

Re:Cloud Computing(TM)

[maestroX]

The question of Budget comes into play much later.

• No requirements have been specified, as you've already stated.
• No justification for the need of replacement have been specified other than age.
• No mention of the current users -- what do colleagues want/say/need, what obstacles do they perceive?

150 people depend on the questioner's responsibility for a living, and the post seems like he's into a new hobby.

The question of budget would seem paramount in this case.

Re:Cloud Computing(TM)

[NSIM]

Yes, but if you a requirement for 4-hour return service and they only give you an $800 budget, you should run screaming from the room ;-)

Re:Cloud Computing(TM)

[NotBornYesterday]

Virtualization isn't always done for redundancy. Virtualization all on one server makes perfect sense if the goal is server consolidation & energy savings. Just make sure that management understands that.

If you want a virtual environment

[zipherx]

If you want a virtual environment, witch in my experience is really easy to administer, you need some sort of SAN or iSCSI environment. Then you have a base for attaching the needed computing power to this storage solution. It will be costly to start up, mostly be course of the rather powerful switches you need to get. Those are easy 10K a piece.
We just set up a brand new virtual environment at my work (university it department serving about 5k people), the trick is really to get the infrastructure in place, network connectivity, and backbone/power redundancy etc. Then we are adding R710 Dell boxes, with 50GB ram(we are upgrading all 5 of them to 128GB next year) and 2x Quad core Xeons, those are cheap, only about 7k a piece. The processing power of those new Nahelem Xeons are awesome! Can definitely recommend.
For a not to expensive SAN i would recommend Dell's Equilogic boxes, they have all the new features, while being robust and built redundant (2 storage controllers, psu's etc), the basic box with 40TB is about 70k.

Since the main concern in my eyes are your aging hardware, you need to migrate one way or the other. Maybe just P2V'ing the old stuff to a vm is not desirable, if you need to update all software. Otherwise it is a easy way to move your old server in a convenient and safe way.

good luck.

Here is how I got some advice from a professional

[managerialslime]

Before you complete your plans for your upgrade path, you might want to hire a professional to review your infrastructure and assumptions. That is just what I did.

Before doing my upgrade, I wanted to be sure my infrastructure would be up-to-date with current standards. The following 2-part document first qualifies the person giving advice and then presents 25 questions I needed that person to answer.

(As each of the 254 questions are covered on the CISSP exam, a competent consultant should be able to guide you in the right direction.)

Feel free to adjust the estimates of person-hours for each task. The estimates below are for a company with about 50 servers, 50 network devices, and a WAN / MPLS covering a dozen offices across the US.

Good luck!

RFQ Goal: THE COMPANY desires to contract with a consultant who will, on an annual basis, review THE COMPANY’s compliance with its own security policies and standards. The consultant will summarize their findings in a brief report, including any recommendations for future improvement. In addition, as planning for a major upgrade is underway, additional recommendations for the upgraded system are expected.

Consultant Background: The consultant will be an individual skilled and experienced in this task. The consultant will have no less than five years experience in the information security field.

Credentials: The consultant must have at least one of the following credentials and furnish verification that the credential is current:

* Certified Information Systems Security Professional (CISSP)

* Certified Information Systems Auditor (CISA)

* Certified Information Security Manager (CISM)

Work to be Performed:

* THE COMPANY will send the consultant a Purchase Order authorizing the start of the engagement. Depending on consultant availability, the engagement is expected to take from four to ten weeks to compete.

* Supporting material review: Within two weeks of receiving a purchase order authorizing work to begin, the consultant will spend 6 to 8 hours reviewing any supporting materials provided by THE COMPANY (typically answers to prior security assessments) and developing follow-up questions.

* Estimated consulting time: 8 hours.

* Follow-up questions: Within four weeks of receiving a purchase order authorizing work to begin, the consultant will then email those questions to a designated contact at THE COMPANY and then read any answers that are returned.

* Estimated consulting time: 2 hours.

* Within six weeks of receiving a purchase order authorizing work to begin, the consultant will then spend up to 4 hours on-site at THE COMPANY’s data center, asking questions to validate readings.

* Estimated consulting and travel time: 8 hours.

* Within six weeks of receiving a purchase order authorizing work to begin, the consultant will use an industry standard tool of their choosing and at their cost, to attempt a penetration test of THE COMPANY’s system.

* Estimated consulting time: 16 hours.

* Within eight weeks of receiving a purchase order authorizing work to begin, the consultant will then use Microsoft Word to fill in a twenty-five question survey with their observations and recommendations and email their report to their contact at THE COMPANY. Any question not applicable to a security assessment may be left blank.

* Estimated consulting time: 2 hours.

* Within nine weeks of receiving a purchase order authorizing work to begin, the consultant will conduct a conference call reviewing their findings.

* Within ten weeks of receiving a purchase order authorizing work to begin, the consultant will The agrees to forward to THE COMPANY copies of all supporting documents and other working papers and products performed on behalf of THE COMPANY, and also provide THE COMPANY with an invoice for the amount agreed to in the Purchase Order. THE COMPANY will pay the invoice within fifteen days.

Re:Cloud Computing(TM)

[TheLink]

I have vmware machines on one server at home. There are still benefits even though it's not a cluster. So it's not that stupid.

It is easier to move the virtual servers to another machine or O/S. This is useful when upgrading or when hardware fails or when growing (move from one real server to two or more real servers). There's no need to reinstall stuff because the drivers are different etc.

You can snapshot virtual machines and then back them up while they are running. Backup and restore is not that hard that way. So even if you have a single point of failure, if you have recent image back ups, you could buy a machine with preinstalled O/S, install vmware, and get back up and running rather quickly.

And when power fails and the UPS runs low on battery, I have a script that suspends all virtual machines then powers the server down. That's more convenient too than setting up lots of UPS agents on multiple machines and hoping they all shutdown in time.

DB performance sucks in a vmware guest though, so where DB/IO performance is important, use "real" stuff. Things may be better with other virtualization tech/software.

Best Practice - Backup

[1s44c]

First back everything up.
Second test the backups.
Third ensure there is good monitoring on everything important.
Only then should you think about upgrades.

I can't believe nobody else has said this.

Are blades really such a good idea?

[TheLink]

In my uninformed opinion, blades are mainly a way for hardware vendors to extract more money from suckers.

They probably have niche uses. But when you get to the details they're not so great. Yes the HP iLO stuff is cool etc... When it works.

Many of the HP blades don't come with optical drives. You have to mount CD/DVD images via the blade software. Which seemed to only work reliably on IE6 on XP. OK so maybe we should have tried it with more browsers, than IE8, but who has time? Especially see below why you don't have time:

So far I haven't seen any mention in HP documentation that the transfer rate of the mounted CD/DVD image (or folder) between your laptop to the iLO software to a blade that you're trying to install stuff on is a measly 500 kilobytes per second. But that's what we encountered in practice.

Yes you can attach the blade network to another network and install it over the network, but if you can do that, doesn't that make the fancy HP iLO stuff less important? You might as well just get a network KVM right? That KVM will work with Dell/IBM/WhiteBoxServer so you can tell HP to fuck off and die if you want.

Which brings us to the next important point: Fancy Vendor X enclosures will only work with current and near future Vendor X blades. In 3-5 years time they might start charging you a lot more to buy new but obsolete Vendor X blades. Whoopee. What are the odds you can use the latest blades in your old enclosure? So you pay a premium for vendor lock-in and to be screwed in the future.

I doubt Google, etc use blades. And they seem to be able to manage hundreds of thousands of servers. OK so most of the servers might be running the same image/thing... So that makes it easy.

BUT if you are having very different servers do you really want them in a few blade enclosures? Then when you need to service that enclosure you'd be bringing down all the different blades...

Re:Are blades really such a good idea?

[Jaime2]

With the iLO advanced license, you can SSH into the management port and map remote CD images over http. It is much faster than using a client side mapping.

Blades are best if you are an organization that buys more than a handful of servers each year. The fact that the enclosures will be obsolete after this, or maybe the next, generation of servers turns out not to matter much. It is very easy to move a blade server between enclusures in the same rack. Just power it down, move its VirtualConnect profile to another slot in the same domain (usually a racks worth the enclosures), move the blade, and turn it back on. All of the WWNs and MAC addresses move with the blade. So, as you move from c-class blades to whatever is the next generation, just move a few servers to empty an enclosure and replace it with a new enclosure. Early in the lifespan as the number of c-class blade servers is growing there is no problem. Late in the lifespan when the number of c-class servers is shrinking, there is a very organized path to consolidating the server into a small number of enclosures.

The need to bring down all of the blades in an enclosure would be very rare. Every part of the enclosure except the midplane is redundant. Even firmware upgrades can be done without taking the system down. If you do have a need to service the midplane, it's easy to migrate the servers, one at a time, to another enclosure. If you have a disaster, it's easy to move the servers to any other enclosure and bring them up.

Re:Are blades really such a good idea?

[ckaminski]

As opposed to simply plugging in a 1U server, a network management cable, and a gigabit public network cable and two power cables.

Yup, I'll take that over a blade system any day. Nevermind wacky N+2 power-arrangements (like the IBM bladecenters) just to get true PSU redundancy.

You got me on the fiberchannel reconfig, though.

Disaster Recovery Solution

Instead of configuring a complicated redundant network for such a small amount of users, I think you would have better luck implementing a backup/disaster recovery service similar to this: http://www.zenitharca.com/

Happened with me

[Xamusk]

In the past I have worked in a place that had around the same problem as you say.

I had a very small budget, so I was hosting services on commodity PCs, with outdated systems, no virtualization (no dual cores back then), with as much as 3 to 4 services running in the same machine with no kind of sandboxing.

All was running fine.

Then, I got a small budget to buy a newer system. It was a Dual Core system, and I managed to get two hard drives which I put on simple mirroring RAID (low storage was the main problem that allowed me to buy new hardware). That's when the problems started arising.

I was young back then, and was seeing all the "good stuff" around to speed up machines, so I fell for that RAID thing, since it supposedly would almost double read time and automatically create backups. It ran fine until some weeks after I set it up, when some files simply "vanished" from the file server. Nobody knew where they were. I didn't know where they were or what happened, but since we were small, most files were stored in the users' workstations (even though that was not "a good practice (tm)"). Because each user had its own backups locally, we managed to get going without the files.

Then it happened again. Many files went missing again! But this time I noticed that some files (that vanished in the first incident) appeared again, and the missing ones now were the newer ones added after the first incident. So, I naturally traced it to the raid array and noticed it wasn't in sync. Then I saw that it was not mirroring correctly, and at each boot of the server the active drive could be "swapped".

In the end, I chose the simple path: I disabled RAID and used cron to daily backup from one drive to the other in the end of the day. Problem solved, everybody got happy. From what I've heard, this setup hasn't broken again (since nobody dared mess with it after I left). Lesson learned: follow Occam's razor ("The simplest answer is usually the correct answer."). By the way, as far as availability is concerned, all I had to do would be to get one of the drives to another machine and boot up, as I could do when a lightning fried the motherboard even with correct grounding and UPS.

Re:Happened with me

[Jaime2]

So..... you misinterpreted what RAID does (hint: it doesn't replace backups), misimplemented it and had problems. Therefore, you conclude that RAID is an unreliable technology that causes more problems than it solves, and you made your own similar solution that is simple, but only solves some of the problems that RAID solves.

I've never known anyone to have files disappear and reappear due to RAID problems. We have over 100 RAID arrays in our department running right now and have never seen this. The company as a whole has tens of thousands of RAID arrays and, as far as I know, we don't have this problem anywhere.

Re:Happened with me

[Xamusk]

Not really... the fact is that my budget didn't really allow that kind of backup, and each user was responsible for his/her own backups locally. Server-wise, I did my own backups of important files, though I wanted to have some sort of redundancy on hard drives in case of a hard drive failure, which would allow me a quicker return from downtime. I'd guess that's what the RAID (redundant array of inexpensive disks) term stands for.

The problem of files disappearing ended when I disabled RAID. It most probably started because it was software RAID, not hardware, though what caused it to unsync is still a mistery to me (even though I suspect a power outage or peak or something like that, like when a tree fell over a nearby transmission line). But the problem was very real, seen when comparing the directories of both the drives, where I could see different filesets.

Anyway, I do not pretend to say that RAID is a bad thing. It is good, if used correctly. Though it is still another layer of complexity, which can overwhelm someone who isn't used to it (I wasn't allowed any courses on RAID... hell, even on sysadmin stuff I wasn't formally taught, though I was the best the company had).

Re:Happened with me

[Jaime2]

RAID is taught in about a half hour of an introductory system admin class. The Wikipedia entry for RAID has more content than most classes. If the "complexity" of RAID overwhelms you, then please don't be a professional sysadmin. As for quick return from downtime, that is what backup is for. RAID is for online redundancy, meaning that your system won't fail in the first place if you have a component failure. Using RAID for anything else is likely to be less than successful.

Also, RAID is transparent to the file system. If you can list the directories of both drives independently, then you probably aren't using RAID correctly, even software RAID. The only way to see them both is to break the RAID array, at which point a comparison of the two becomes irrelevant.

Back to my original point. The original poster is asking for advice on how to protect his data and the availability of his services. Following your advice to avoid RAID because it is unneeded complexity would be a horrible mistake.

Re:Cloud Computing(TM)

[masdog]

Why would you split your dollars amongst vendors like that? If you're going to recommend vendors, at least try to keep everything within the same company or within strategic partnerships to maximize savings.

Here is another recommendation that might save more money: Dell Servers and Equalogics SANs. Since Dell owns Equalogics, you'll get additional cost savings if you have a halfway decent sales representative.

ModularIT

ModularIT is what you are looking for. Every service runs in a different virtual machine on one or more physical servers, there is a web interface and you can move machines between physical servers. Open source. Developers are friendly and based in Canary Islands (Spain).

Get your offsite squared away

Since it wasn't mentioned by the OP as being done, I'll assume it wasn't. Before you even touch anything in the office:

1) get secondary/ternary DNS set up offsite, and preferrably with 2+ different providers. There are many cheap (and even free) services to accomplish this such as DynDNS. It's cheap, it's easy, and it'll save your bacon if you **** up the primary while you're working. It may seem like overkill but at my ~80 person place I have a primary and secondary onsite, and utilize two inexpensive offsite services for backup secondarys.

2) get secondary/ternary MX "spool" hosting; again DynDNS for instance offers this cheaply as do many others. For the same reasons as above, if you screw up the primary mailserver you have automatic backup that will spool any incoming mail for you; at our place I have a primary and secondary onsite, and 2 spool (aka "forwarders") backups at MX level 30 at 2 different providers.

Now if you A) screw something up, or B) lose that internet connection you at least have something covering your buns for these critical, essential services. We also have an offsite IT email (a basic GMail account) with all participating employee personal email addresses in it, so that if SHTF and an office goes offline an IT person can log into the GMail from any computer and send an alert to the company that something is wrong.

Regardless of what you do with the onsite scenario, create offsite backup scenarios and CYA before anything else. And test them. :)

Infrastructure Overhaul

Your employer has put you in charge of an information systems infrastructure overhaul or upgrade and you are posting to /. asking for advice? Tell your employer to hire someone capable of doing their own research. What are you a MCSE?

Re:Cloud Computing(TM)

[nevesis]

It also saves on HW - assuming you are the one service per OS/instance type.

Go with simple.

[ricks03]

I too inherited an aging infrastructure, and have mostly replaced all of, well, everything, with mostly what you're talking about, so have faced some of the decisions you're looking at, and used VMWare for much of that upgrade.

Home Office (in this context): Dual vmware servers, each having generally the VM instances:
System:
Guest #1: Windows 2008: Domain controller, DHCP, DNS, WINS
Guest #2: CentOS: Radius
Guest #3: CentOS: WWW, FTP

Network a dual link running BGP, with VPNs to each of the remote sites, which have their own server for DNS (a slave) and DHCP (in case the VPN link is down).

Using VMWare for services that aren't redundant as well. All VMs back up to the other VMWare server (with Ranger) so I can bring up guest VMs if their VMWare server fails. Virtualization gives me very easy DR (instead of having to recover an OS, I only have to recover a VM), easy hardware upgrades (migrate the VM), and generally the services are redundant for OS and hardware maintenance so I can patch and reboot without disrupting most services.

More complex than that in practice, but you get the idea.

get good servers

(It's so sad to see all the egos and superiority complexes here.)

My only advice is to use a good brand of server hardware. We integrate our software product into Dell, HP and IBM servers, and in our experience (10's of thousands of integrations), IBM provides very poor quality products that take double the setup time, double the maintenance time and have double the failure rate of both Dell and HP. I have no preference between the other 2 brands. They are both quite good.

It's a pity IBM servers have such a good reputation. It really is undeserved.

Re:Cloud Computing(TM)

[mysidia]

Running under VMware means there is less code running that is subject to attack (smaller attack surface), because there are fewer apps per guest, and the risk of a bug in VMware itself is approximately equal to the risk of a bug in your CPU microcode, due to the application of VT.

Seven year old servers might be more reliable

[Nefarious+Wheel]

Actually, seven year old servers might be more reliable than modern units, due to construction being (just) before the advent of ROHS directive for construction of electronic equipment. Lead-free solders, whether appropriate or not, have problems with tin whiskers growing over time that can short out tiny components.

The cut-over point was Feb 2003 for the European Union with a number of other countries following suit shortly thereafter. ROHS-compliant Equipment built after that point may be subject to age-and-use related failures irrespective of whether there are rotating components or unstable environments involved.

Used equipment still running after 7 years? Will probably be reliable. Used equipment slightly newer than PP described? Borderline, I think. You'll have to consider hardware redundancy more carefully with the newer stuff.

Re:Seven year old servers might be more reliable

[dbIII]

Actually, seven year old servers might be more reliable than modern units

You've missed the point. Something will fail. I have gear older than that still running (eg. sparcstation10 as a print server for a plotter) but I don't depend on it running forever.
The tin whisker problem is bizzare since material scientists have known about it for around a century, but that was the risk taken to cut costs and you can get around it by using only small amounts of solder per joint.

Network Overhaul - Things To Consider

[jonnyboy3us]

I was put in your exact position four years ago with the current place I work with. Here's some things I suggest: 1- Make a plan. These things can't be fixed in a day. My boss, the CIO said, "Rome wasn't built in a day." He was right on with that one. It took me three years to get things to where they needed to be. One piece at a time. 2- Make sure you break things up and prioritize them. What is the 'oldest' equipment or the pain points? Is the network holding up? Connectivity is the most important part. Make sure you have your network running well before you mess with other parts of the system or put additional strain on the system. 3- Make sure you have the right people on board. I call this checks and balances. You need to have firepower behind your decisions, especially when it comes to making the budget. 4- Remember the phrase: KISS. Burn it in your mind... It means, keep it simple, stupid. Don't bow to salesman, brochures, 'white papers' or peer pressure. Experience and checks and balances are essential. And finally, be cautious and move slow. Systems don't all just fall apart at once. Once you're prioritized, gotten the right people on board and have your ducks in a row, things will run smothly. If managment gets in your way, refer back to the checks and balances you set up and force it down their throats. It's kind of sad to say that this is just like playing chess, but when management doesn't trust IT in general, you have to prove yourself. Following the above steps will help. Good Luck.

we just did this

[smash]

AS someone who has just done this in the past 18 months, I have this to say (also, i am not a vmware employee.... but :D)...

• Centralise everything in one building if possible (if they're just next door, run fibre for example) and get everything you can back to one server room that you can properly air condition, run backups for, etc. You may want to investigate terminal services, if you can't run fibre, to see if you can get as much as possible out of the field and back under control. Trying to look after remote servers on a limited budget sucks balls - the backups are painful, the physical environment often sucks (not enough AC, too much dust, remote employees who think they know how to fix stuff by just hitting the power switch, etc)
• Consider virtualising with something like ESX (or if you're a masochist, hyper-v). Yes, ESX licensing is a big chunk... however you can get much of the licensing cost back due to reduced hardware costs, reduced licensing costs in some circumstances (Windows datacenter for example is licensed per CPU, so you buy for say 8 cores and can run as many copies as you like under VM on those 8 cores).

• The benefits of virtualisation are massive. WE went from 25 physical servers down to 6, and I'm not done virtualising yet. All the existing hardware was old and due for both hardware and software refresh... 25x 3-4k AU for physical hardware worked out to be pretty damn close in terms of cost to 3 physical hosts, a SAN plus an ESX "acceleration pack" including virtualcenter. Benefits we got? SAN storage (instead of local disks everywhere), high availability (vmware HA, vmware FT if we need it later), roll-back to snapshot for failed upgrades, right-click cloning/deploy from template of VMs and down the track, the ability to add on VDI virtual desktops, etc.

  Another benefit is that we have standard virtual hardware everywhere. Never again do we need to rebuild an OS simply due to a hardware upgrade.

  With ESX, you need nowhere near as much hardware as you would for physical hosts. You can easily separate services out onto different VMs, and not pay as big a hardware cost due to ESXs ability to share memory pages between VMs running the same OS. Rather than running multiple services on one physical server, and having a run-away process kill everything on the server, you can split the task out into multiple VMs and use resource pools to ensure that any resource contention issues are taken care of.

  In short, we went ESX and I'm not looking back. Having the ability to upgrade the physical hardware (adding NICs and memory) at 10am during the day with ZERO downtime to the VM services (vmotion them off the single host I am upgrading then vmotion them back to upgrade the next host) running on top of the cluster is awesome.

Re:Cloud Computing(TM)

[drsmithy]

If you decide to go that route regardless, invest in at least 2 dual-port 4GB Fiber HBAs per host server. You'll be thankful in the long run.

Do you have any idea how much disk you need on the back end to exceed the throughput of even a single-port 4Gb HBA, for more than a second or two ?

There are a lot of places to spend money before worrying about how fat your server-side SAN connections are. A *LOT*. 99% of the time, a single 1Gb iSCSI port is more than enough from a performance perspective.

Re:Cloud Computing(TM)

[drsmithy]

If you are going to do virtualization, the only benefit comes when you invest in a cluster otherwise don't do it at all.

This is not true at all. Indeed, the benefits of virtualisation are such that even for a single service on a single server, it's generally better to make it a VM.

blades

[WhiteWiz]

I use blade servers every day and I love them. You are correct in saying that blade servers are not the right choice for every installation. We calculated that after 7 servers it is cheaper to buy a blade chassis than separate 1u servers. -blade servers don't work for any application that requires a special card (ie a T1 card for a VOIP server) -the CD rom etc collects dust for the 5 years after the OS is installed -iLo lets you attach the CD/DVD from the workstation you are iLo-ing from to the server to install the OS -you can also install from a USB CD -I can go 2 months between physical visits to our DataCenter. This is important if you have a HotSite or CoLocation for Disaster Recovery.

Only 150 people and you need multiple servers?

A single Mac Mini easily serves multiple (in my case 72) domains, e-mail/calendaring, VPN, DNS, FTP, chat, iPhone push notification, web services, SMB domain controller and more. I don't think the CPU utilization has ever gone over 10%. Easy to cluster together since it uses DoveCot for e-mail.

Unless you have an app that sucks CPU, you don't need a blade chassis. That kind of thing's for special-purpose apps, not generic infrastructure.

Re:Cloud Computing(TM)

[buchanmilne]

To have true high-availability, even 2 VMware servers isn't enough, you need a reliable shared storage system that both servers can access.

Even then, the storage chassis itself will be a central point of failure.

With Linux, DRBD, GFS and either KVM or Xen, you don't need shared storage, as DRBD does the replication for you between physical nodes, GFS does the "VMFS"-type concurrently accessible filesystem, and you get live migration free.

To have true HA you need a pair of independent shared storage units with continuous synchronous replication and some reliable mechanism of failover.

If you're looking at that level, most decent storage arrays have redundant controllers, you shouldn't need a second array for HA, mainly for DR (where D in DR stands for disaster, the kind where nothing in the vicinity of the first array works).

Re:Cloud Computing(TM)

[mysidia]

you shouldn't need a second array for HA

Until a power supply on the array blows up, taking both controllers, a critical control board, part of the backplane, or a bunch of the drives with it.

Many datacenters can't build out bladecenters

[Colin+Smith]

The biggest problem I've found with blades is that you can't fill a rack with them. Several of the datacenters I've come across have been unable to fit more than one bladecenter per rack. Cooling and power being the problem.

At the moment. A rack full of 1U boxes look like the highest density to me.

 

Re:Cloud Computing(TM)

[hesaigo999ca]

Spoken like someone who has had to experience all 3 formats themselves. I would mod you informative, but have no points left.

Re:Cloud Computing(TM)

[tirnacopu]

Anyone is clueless until they manage the first transition. I do wish schools - at any level - would offer such in-depth training, or all that companies would behave responsibly by sending their tech to specialised "seminars" or however they are called for important tasks where they know the employee is insecure in his/her knowledge before taking the plunge, but it doesn't work like this in the real world. Sometimes, you can attribute to malice what seems like incompetence.

Re:Cloud Computing(TM)

[kbielefe]

I might agree with you if this guy's question was about having trouble convincing his management to upgrade, but it isn't. They've already decided to upgrade even though it isn't broken yet, and they are asking for a plan to accomplish it. In my experience, companies proactive enough to do this are making their own luck.

I see a company who took a calculated risk of a possible occasional day of downtime, probably in exchange for getting up and running faster and cheaper. Now that they are in a position to do so, they are exiting that risk in a controlled manner. This company will now have their desired infrastructure and the advantages of having had cheaper infrastructure costs when it mattered most. The OP doesn't say. Maybe they have had problems with downtime, but the cost was obviously worth it or they wouldn't still be in business. The overly cautious often misattribute success to luck, when it was really a conscious assessment that assuming a risk would have more benefits than drawbacks.

 

Re:Cloud Computing(TM)

We have a hundred or so VM's on a 4 node ESX cluster attached to an EMC Clariion CX3-80 SAN with 8 2TB datastores (dual port 2/4GB FC connected). The same SAN also has another 6 or so physical 2 node clustered MS servers and a few TB in ATA for disk backups as well. That same mentioned setup is duplicated in four of our offices around the country. No performance issues at all from the MS or the ESX side. We are currently testing some 2 node ESX clusters for use in our remote offices with about 30 VM's on a HP 2012FC SAN. Its going good so far. If it works out which i think it will, we will be deploying about 10 setups just like it to replace our standalone ESX servers using local storage in those places. I don't know what our network managers hangup is with iSCSI but he refuses to even acknowledge that it is a valid usable alternative. We tested an HP left hand solution we borrowed from a vendor and it worked fine and met our requirements on paper and in our tests but he refused to commit to it and gave it back, the only reason he gave us was "It worked but I want FC, not iSCSI". Seems odd to be deploying new FC setups in 2009 for a "small" office but oh well, I'm only one of two people at the company that can does switch zoning so that's one up for me.

Re:Cloud Computing(TM)

[turbidostato]

"Anyone is clueless until they manage the first transition."

WRONG!!!

As stupid as saying that anyone is clueless until they manage the first brain surgery.

"it doesn't work like this in the real world."

And then you get the results you paid for.