Slashdot Mirror
Ask Slashdot: Little Boxes Around the Edge of the Data Center?
First time accepted submitter spaceyhackerlady writes "We're looking at some new development, and a big question mark is the little boxes around the edge of the data center — the NTP servers, the monitoring boxes, the stuff that supports and interfaces with the Big Iron that does the real work. The last time I visited a hosting farm I saw shelves of Mac Minis, but that was five years ago. What do people like now for their little support boxes?"
I make them with ticky tack.
Give me Classic Slashdot or give me death!
put them in VMs!
Not using a huge collection of physical boxes any more. Just set up a bunch of VM's and leave them to it.
Why not make one box a VM host and have your various support boxes VMs (except for the ones that NEED to be physical).
'nuff said.
take the cheapest intel atom board, add ram and the cheapest mass storage you can get (stick), done.
yeah yeah, your supplier might not have a 24con-atx 12v-adapter, but that's your problem.
I use virtual machines; very easy to schlep around if needed, very easy to launch/create a new one, etc. Linux vm's for anything needing scripting.
I guess it depends on the specifics, but sounds like jobs for VMs to me.
For those "little boxes" that you know won't be fully utilized or need extreme resources, I suggest getting a couple of decently sized servers, running some virtualization platform (vmware, xen, windows (lol), and using virtual machines.
The trend today seems to be a couple of fuck-you-powerful machines running a lot of virtual machines. (Kind of part of the reason Microsoft has been shitting their pants over VM ware, their licensing forces you to constrain your network design by artificial licensing)
Any low power box will do, really, if all you plan to do is run NTP or other minor services. Or, as others have pointed out, get one mid-range server and load it up with VMs for the various minor tasks you need to perform.
I don't work in a data center. But I think you might want to look at an HP Proliant MicroServer.
Basically it is an AMD laptop chipset on a tiny motherboard in a cunningly designed compact enclosure. The SATA drives go into carriers that are easily swapped (but not hot-swappable). It's quiet and power-efficient. It supports ECC memory (max 8GB) and supports virtualization.
http://h10010.www1.hp.com/wwpc/us/en/sm/WF06b/15351-15351-4237916-4237918-4237917-4248009-5153252-5153253.html?dnr=1
Silent PC Review did a complete review of an older model (with a 1.3 GHz Turion instead of 1.5 GHz).
http://www.silentpcreview.com/HP_Proliant_MicroServer
SRP is $350, but Newegg has it for $320 (limit 5 per customer).
http://www.newegg.com/Product/Product.aspx?Item=N82E16859107052
Newegg also has 8GB of ECC RAM for about $55, so you can get one of these and max its RAM for under $400.
I just got one and haven't had time to really wring it out, but I did do the RAM upgrade. Despite the tiny enclosure, it wasn't too painful to work on it, and I was impressed by the design. The Turion dual-core processor has a passive heat sink on it, and the single large fan on the back pulls air through to cool everything. (There is also a tiny high-speed fan on the power supply.)
I'm going to use this as my personal mail server. It's cheap enough and small enough that I plan to have at least one put away as a hot spare; if the server dies, I'll power it down, move the hard drives to the spare, and I'll have the mail server back up within 5 minutes. Not bad for a cheap little box.
lf(1): it's like ls(1) but sorts filenames by extension, tersely
Virtualized NTP is about the dumbest thing I've read on /.
Yes, worse than various conspiracy theories and fanboi wars.
No little unsupportable boxes here.
---- Booth was a patriot ----
Last generation's compute nodes. We keep some around for utility functions after decommissioning a large cluster.
Go get a GPS satellite receiver/time server. Actually, get two. Don't screw with time.
THEN, virtualize the rest of the stuff. Monitoring, syslogging, management, patchers, etc.
We've virtualized everything except for
- a Windows DC so that it stays up if the vmware datastores or SAN eats itself in a horrible way.
- The NIS server we have to use on our UX environment due to an ancient regulation. I'm not willing to put up HP-UX VMs for this right now, otherwise it'd be safe in a VM as well.
- Anything we can't virtualize due to licensing/contract/support issues. So our VOIP environments, phone call recording, access control systems for the doors,
My datacenter is getting a lot nicer to look at, and a lot easier to upgrade. I can shift servers or volumes all over the room so I can do live maintenance during the day.
My mom says I'm cool.
Those support tasks don't exactly push hardware to its limit, and most of those tasks are the kind of thing that demands a bunch of redundant servers anyway.
Throw a bunch of "last generation" hardware at the task -- stuff from the "asset reclamation" pile. Leave a few more around as spares. Less disposal paperwork. Works just fine. By the time your last spare fails, you'll have a new generation of obsolete hardware.
--
I use several groups of paired 1 U pizza boxes, or as small a server class machine as I can get and still be neat and tidy in the rack. I give each host a primary IP address, then an IP address used for the services that box delivers. I feel free to stick a few services on each one if they can handle it, then stick those cluster IPs in a round robin DNS entry. So each host has a cluster IP that's active all the time, and in the event of an outage on one, the partner takes the cluster IP. In the cluster config, I give each IP a preference, so in normal conditions the cluster is active/active with both hosts working, and in a failure situation, one host takes both sets of IPs and chuggs on like nothing happened.
Sometimes this requires a little IP tables ruleset if your don't want to restart your services to reconnect to every listening IP if that service doesn't support adding listeners on the fly. Sometimes this requires two sets of configuration files for the service.
Most of the time, it just works, you set it up, and forget it. Write a short script that helps you quickly configure the cluster IPs and preferences, so you don't have to go back to offsite memory to build the next set of hosts. It works really well with services that are agnostic and just provide a stateless service. If the service requires some sort of state memory, well, just work it out.
To be fair, if someone cares enough about time accuracy to understand why that's a dumb idea, they should probably be using a GPS receiver instead of a PC.
For little boxes that deal with DNS, time, etc - put them in amazon. They're critical servers, but don't really need to be at your site. Put the primaries outside, and slaves on the inside. That way if you have an outage you can always repoint DNS to somewhere else...something you can't do if your primary DNS is on a dead network.
You have a crash cart with a KVM (for the rare occasions you need to locally access two or more machines simultaneously) and that attaches to all the specialized cables for interfacing with your blades or full size servers, make sure it has a shelf for holding drives/ram/batteries and a bin for more specialized PS2/USB to Server convertors. Otherwise you sit at your desk and remote into EVERYTHING: VMs, Linux, Windows, iLO/etc. - HEX
Horror & SciFi Erotic Nudes
ARM boxes, running many chips with a fraction of the power consumption
taking over a data center near you
NTP server is all about consistency. If it's running in a VM and can be delayed at the whim of the host, do you think it's going to be a very good source of time?
VMs
Bow before me, for I am root.
I think its apalling that we do that. Its a horribly expensive way to work in hardware but we do it because we can't be stuffed to deal with operating systems. Most likely a single box and OS instance could do it for you if it was set up correctly.
http://michaelsmith.id.au
You want consistently fast behaviour from your time servers. Don't mess with virtualizing them.
If you can't run it on your iPad, it's probably not worth running.
--Management.
rewriting history since 2109
I personally hate and despise people who put non-rackmount kit in racks...
We use various devices.. mostly all 1ru servers of various configs... for eg there are a couple of mini-itx 1ru servers we have that have e350 based mini-itx boards (i really love the e350/e450 boards)... not quite as cheap as the hp n40 microserver, but at least its a rack format.
Then we have a few that run virtualisation here and there for some tasks using kvm (some of those too have e350's in them as the e350's do have the virt'n extensions unlike the intel atoms)... we also have a few that run intel based i3/i5/i7 mini-itx boards... they're quite nice when you need some extra grunt...
some others are based on super micro boards as well though (which are quite cheap and run core i3/i5/i7 cpus rather the xeons). Then some others are old 1ru xeons we no longer need for server tasks...
These little boxes are very common around data centers.
I can't imagine trying to perform network management with a few mac minis so I'm assuming you're referring to a very small facility? Our new data center was built on 10-gig infrastructure and our NM is appropriately scaled--NetScout Infinistreams connected to Gigamon matrix switches. While the Gigamons were quite expensive they allowed us to utilize fewer Infinistreams while also providing some very cool functionality.
It look a long time for our upper management (those with the dollars) to come around to the notion that, in order to realize the full investment made in the data center, true network management needed to be baked in from the start.
Mac Minis are a good option. For me, it would depend on my environment. If it's Windows, then a few business-class workstations for administrative access and monitoring tools. If it's Unix or Linux, use the same class hardware (or even less for display-only devices) running whatever enterprise OS we're using. For OSX (are there any?) I'd go with Mac Minis or iMacs, but realize I could go the *nix route of my tools aren't OSX specific. I've read a few postings saying "just toss 'em all into a few VMs" and I agree, but for the administrator level access. When the proverbial stuff hits the fan, you need a few good standalone devices to remote or console in to these virtualized towers and figure out what the heck is going on.
Only the dead have seen the end of War. - Plato
At work (actual machine room), I've just been using old machines (obviously not running critical infrastructure there). At home, I got a raspberry pi to run bind, dhcpd, login, home automation and to wake up my home machines. But I haven't actually moved my dns services to it just yet.
We are using a couple Soekris boxes for some basic monitoring. They are lightweight atom processors with no active cooling and it's designed with networking in min. 4 Gig-E ports on the 6501, and you can get up to 8 more thanks to 2 PCI-E slots available in the rackmount version. Since we are using an mSATA SSD on the board we have no moving parts, so nothing mechanic to fail.
I don't know everything.
Depending on the number of systems being monitored, or what the task was, we would use one of three methods.
1. If the device required it's own hardware, a Supermicro 1U Atom system.
2. If the device could be a VM (such as a DNS or DHCP server in this case) it would be.
3. If the device could be a VM, but monitored other VM's, we would use a clustered install of the netmon software.
I think Supermicro makes a 1U twin system, and a 2U quad system. I believe these are available single socket, and should serve well. Given power budgets, usually re-using old hardware, depending on the age, can be a bad idea.
~Another anonymous coward
There aren't many good uses for "little boxes" in a datacenter. For the things you mention, there are dedicated devices, there are big boxes, and there are VMs hosted on big boxes.
1) Time - If you care enough to have your own time server, you don't want this on a generic "little box." If you actually care about accurate time, you'll want a CDMA/GPS/WWVB time device (assuming US, if outside the US use whatever is available for your locale). The easiest setup will be CDMA or WWVB, as long as you get a decent signal where the device sits. I've had good luck with End-Run Technology's gear. GPS works great for time, but won't typically get signal inside a datacenter so you have to run a lot of coax and mount and antenna on the roof, which your datacenter may or may not be OK with. CDMA relies on accurate time, and is usually synchronized directly to GPS, so you can consider it nearly as accurate while being a whole lot easier to set up.
If you don't care enough to buy a dedicated NTP device and are just looking for something to keep all your local gear in sync, a VM will work OK, though it's better to put it on a physical box with a real RTC. If you do host it virtual, make sure you disable any virtual time sync providers your virtualization platform may normally use, or else bad things happen (your NTP server syncs with the RTC on the host, the host syncs with the NTP server, they both drift).
For monitoring, if you have any real number of servers, you'll want it on its own beefy box. Decent monitoring is surprisingly resource-intensive. Any other "little boxes" (dhcp, administrative, etc) are a perfect use for VMs.
I like the same big boxes as are used for everything else. NTP server, running on a Mac Mini...really? Get a GPS-driven device that serves the purpose. They run an embedded OS, so they're very low-maintenance and straightforward, and they perform extremely well. As far as uptime/network/performance monitoring functions, these need to be at least as reliable as everything else. And the mainframe interfaces are awfully important...imagine how much good you'd be if you maintained you intellect but became paralyzed, deaf, mute, and blind all at the same time? If those fail, your big iron is a big anchor.
Don't skimp on the support infrastructure of a data center. Those systems impact everything.
For your security, this post has been encrypted with ROT-13, twice.
http://www.synertrontech.com/
Some are fanless that I use for linux boxes, some are rackmount with multiple motherboards per 1U case, and their prices are add-ons are cheaper than newegg.
Nope, don't work for 'em, just used their products for about 8 years now.
No idea about others here, but nearly all of our peripheral boxes got pulled into virtualization projects and the "private cloud" thing management bought into. Seems to increase reliability in our systems since they get "free" piggy back rides on high availability systems so one DC failure doesn't take down our even our semi-important systems. To access them we just fire up the VPN with two factor auth over wireless at Starbucks from our laptop/tablet/phone if we need to log in. Beats the hell out of sitting in the chill, roar or heat of the DC.
Not being smarmy, mind you (especially not to a first time submitter), but you are talking about infrastructure (DNS, NTP, kickstart and jumpstart servers, internal web servers, etc.). Except for the SPARC jumpstart server, all infrastructure is Linux based and runs on old Sun (Intel) boxes in sufficient quantities for redundancy. This stuff predates the wide acceptance of VMs; if we were to redo it, most of it would move to VMs. There have been NTP issues on VMs, so NTP would likely survive as two boxes also running something else to consume the spare cycles.
NTP is not real-time, so a few ms here or there of delay is not a problem. A stand-alone server is overkill. Why wouldn't you set a low-priority service on a VM? Though it is stupid to dedicate a whole VM for it, as it can run as a service on just about anything (routers, and such, though having your authentication server as NTP helps keep down time mismatch errors that can cause authentication issues.
Learn to love Alaska
My datacenter uses Arista gear for top-of-rack and core switching. It's a large cloud-style environment with each rack acting as its own "pod" with self-contained services, so any one pod can be moved to any zone of any of our datacenters with minimal fuss.
Small services like NTP, in-pod DNS, sFlow relay, monitoring, puppet (some of it anyways) and small unixy management tools we just run in the Aristas themselves. They're Fedora-core linux based switches that will run those things happily and do a great job feeding those services to their pods.
As far as NTP, the core pair on the main backbone gets their own GPS inputs, then all the top-of-racks sync to the core pair. Works out quite nicely.
We don't have any management or service boxes. Everything is appliances (cisco/HP) or off site (exchange, CRM). Our AD servers act as the time servers for the hosting environment. We don't want to manage anything else as it all takes away from the bottom line and eats fairly expensive rack space.
Or using both GPS and atomic clocks.
It can be done.
Ultimately if you need time more accurate than within a few seconds, you should be using a GPS fed stand alone time server anyway. If you are just running NTP so everyones desktop clock is the same and the log files match up.. VM will work fine.
This Atom D525 Box:
http://www.zotacusa.com/zboxsd-id13.html
( about $200 ) works well once provisioned with RAM, HD and CentOS 6.
For more throughput( about 4x ), this I3-based box runs very well for about $400:
http://www.zotacusa.com/zbox-id82.html
Tiny, well made and reliable.
-- kjh
NTP servers are NOT about consistency, they are about making badly designed protocols, such as NFS, capable of limping, instead of just falling on their face.
If the requests on these protocols used a client timestamp for the client's idea of the current time, then the server on receiving the request could look at its idea of the current time, and arrive at a delta before it actually did anything other than enqueue the request locally.
Then when the server responded with a non-"now" timestamp in any client response, it could apply this delta to the response value, and as far as the client was concerned, it and the server would have synchronized ideas of "now", without resorting to all of this NTP BS or worrying about clock drift, or anything.
I lobbied very strongly to try to get this fixed in NFSv4; maybe we will get our collective heads out of our butts by NFSv5.
Here are the things network teams needed to much for Virtualization scheduleds and are the first to come back up when the switch/router power is restored.
1 x GPS TIME SERVER MASTERING FOR ALL SWITCH ROUTERS to Provide NTP to the CLIENTS.
2 x TACACS SERVERS FOR SWITCHS , ADMIN VPN, RSA 2 FACTOR... BLAH.
2 x DNS SERVERS BEHIND THAT SERVER AS MASTERS ( to SLAVES BEHIND THE F5s)
2 x ADMIN VPNs (JUNO, CISCO ASA)
2 x CONSOLE SERVERS to everything.
2 x CONFIG SERVERS, IOS, DOCUMENTATION STORES TFTP FTP SFTP
2 x SECURITY SERVERS THAT LET YOU IN THE DOOR
n x HVAC, POWER MONITORING, GENSET TOOLS.
2 x SYSLOG SERVER with local HHD.
2 x JUMPBOX with REAL OUT OF BAND BANDWIDTH (CABLE MODEM, CELL MODEM, VT100 in office space....sucks to work in a dark HOT DC)
1 x TIMECLOCK with cardstock because this is going to take a while.
All should have the least number of transfer switches(evil beasts) and should be at the base of the A and B sides of the Power Plan.
If by "big iron", you mean "IBM Mainframes or similar kit", then your question has meaning.
If by "big iron", you mean "lots of irritating PCs that I think I can add up into a supercomputer because all problems are amenable to parallel solutions", then your question is meaningless.
Assuming the second, you are much better off just using identical hardware for everything, since it will mean you have the components on hand should anything go wrong, and it will mean that you have a single maintenance SKU. In the long run, that's going to save you a hell of a lot more money than having one or two specialty boxes per rack of set of 8 or 16 racks, since it means you don't lose 8 or 16 racks worth of your "big iron" everytime one of your cheap little specialty boxes fails.
Why even have a dedicated server for NTP? It's not as if it's the bad old days of Win NT and one service per box due to memory leaks. If you've got special hardware for an external time source that can be hooked up to an existing server, because the actual software to hand out time consumes buggerall resources. It consumes so little that redundancy is a matter of just configuring whatever machines you've already got to be as many NTP servers as you want just at a lower stratum than whatever you really trust. They'll keep time reasonably well for a fairly long time while the custom time source is off.
...I don't want it in my datacenter. If you have no budget for non-revenue-generating boxes for services like DNS, NTP, etc. then upgrade the server hardware you tore out of production after the last upgrade cycle with SSDs and low-wattage processors & put it back into service for your internal needs.
Otherwise get a few Dell R210s or some other small cheap rack server with an IPMI 2.0 BMC and get on with your business. Any money saved by buying "mini-PCs" (or whatever you want to call them) for any datacenter computing hardware you plan to rely upon at all will be burned the first time you have to drive to the datacenter and physically babysit some cheap machine because it didn't have IPMI.
"And they all look just the same"
The use of discreet machines allows for a machine to be specialized for a task. Sometimes you just need fast number-crunchers for special types of numerical problems, and GPUs work well. Other times, tasks can be parallelized so a distributed computing model works well. For the accessory infrastructure of NTP, DNS, and forth, reliability is more important than CPU mips or memory bandwidth. Take the high-end servers of yesteryear, one that would have been put out to pasture, and use that for such things. Debian on an old HP LP1000r makes a nice DNS server. BUT make sure that things which actually wear out, such as hard drives, batteries and fans, have some redundancy. If a battery is used, replace it with a fresh one. Unless it has been in a well-filtered environment for its pervious lifem vaccum the insides and then apply some grease for the fan motor bearings (in that order, not the reverse) to keep the beast going for another ten years or longer.
Install an OS which is well-proven and a version that will receive updates for a long time. For instance, if you are running Ubuntu used the LTS releases. Install only the software needed for the task, and simple remote administration and updating - you probably don't need a compiler, web server, etc. Keep up with critical security patches, automating the task if you can. rsyslog to a remote machine, just the messages that are important. Make sure that logs are rotated on the machine, so that the drive won't fill up.
Create a maintenance calendar. login and check up on the system to be proactive about degradation issues - at least once a year, I'd say. Your server room should be filtered, but that doesn't mean it's not worth checking to see what the dust level is every few years. Make sure the machine is properly labeled and documented - so that no one comes along later and says "What's this old thing still doing here?", and unplugs it.
Write 'Kilroy was here' and the date on the inside of the case, so that future generations will be amused when they come to clean out the dust in fifty years.
Answer: VMware VMs.
"Flyin' in just a sweet place,
Never been known to fail..."
That is assuming you can get a GPS signal to where your computer is located - I've seen absolute CRAP reception in many buildings (even putting the GPS receiver ON the inside of the windows, if there is film on them, you commonly will see zero or only 1-2 birds in the constellation, not enough to get a consistent lock for most receivers) and running a pulse trigger or USB down from the roof usually isn't an option (although sometimes it is).
Have you noticed how slashdot is getting stupider?
Why does it suck so much nowadays?
Maybe it's because moderation declines fast when there are less eyeballs per story, or something...
Use 2 or 3 redundant low power enterprise class servers. Setup vmware or similar with automatic failover, and make all those "little boxes" into virtual machines. The benefit is that you can easily rehost the services even to your production vm solutions in an real emergency. Having them as separate VM's gives the same benefit of having them as separate little boxes (i.e. restarting the ntp server only affects ntp services, not you email as well). You have the added benefit of being able to easily deploy upgrades by simply cloning the existing VM, patching/updating the service in the clone, shutdown the original VM, and if you have a problem, simply turn the original one back on.
We were all warned a long time ago that MS products sucked, remember the Magic 8 Ball said, "Outlook not so good"
One-off boxes become a huge time sink, usually at the absolute worst possible time to do so. With two very viable options with Xen and ESX, put the time and care into setting up a stack with the nifty features you want -- redundancy options, ability to move VMs from one server to another, monitoring, out of band management, RAID, etc.
Then you can set up the little management hosts, set up a VM for each one of those "little things", and also come up with a single way of deploying your operating systems so you can punch VMs out on demand. Both Windows and Linux have ways of doing this, and you can even script VM creation, too.
VMs also let you pretty much side-step the drive issues that will plague old hardware ... that will show up at the wrong time.
Anything Mac is a joke for data center operations since they considered the XServe. You shouldn't need to go to the colo just to power-cycle something, ever. Hardware failure will get anyone (a dead drive or a bad DIMM can ruin anyone's day), but if it doesn't have IPMI/iLO/whatever you call your out-of-band management tool, it shouldn't be used for any infrastructure service at all. You want to have a mac mini set up as a user terminal to check email or whatnot, fine. But don't stick NTP or DNS on hardware that you can't full control elsewhere.
We have our core routers sync with public NTP servers (NIST and Naval Observatory). Everything else (servers, phones, ect) goes to two sets of Core routers for time. Dont' see the need for a separate box for NTP.
If you care enough to use a GPS receiver instead of a network time source, you should also care enough to get the antenna on to the roof... We have many such time sources controlling timing in the basements of buildings, but the antenna always ends up on the mast.
A few ms on incomming and outcomming lags won't hurt it at all. A few ms on incomming lag without a few ms on the outcomming lag (like what happens when your VM is sent to swap) will completely destroy it's accuracy.
Rethinking email
NTP is probably a bad idea for virtualization, but most other services it's fine. You can have redundant VMs, or at least snapshot them to another host, to bring them up easily in the event of a failure. And as has been said, you can stack some services into the same instance, For example you could stick munin, mrtg and nagios on one VM. If you're serious about your monitoring though, you've got a monitoring system in there, plus one offsite. This way if the internet connection to the rack goes down, or the monitoring system in the rack goes down, you'll get notified. A distributed nagios system would work well for that. You could even get a cheap micro instance at AWS for the offsite monitoring box, or just run it from the office.
I don't operate a datacenter, but for virtualized servers in an office, I always enable the NTP server functionality in the hypervisor, have it sync to a stratum-1 time source, then advertise that address via DHCP and DHCPv6 for my guests and workstations (and visiting cell phones) to use. Being the definitive time source, I also tell the hypervisor to automatically set the clock on the guests, then give a virtualized AD domain controller (if any) the PDC FSMO role to set the Windows domain time. I have sites with two or three hypervisors running NTP, and it seems to work well. Not sure if it will scale to your environment, OP, but it may be worth mulling over.
The NTP algorithm tries to characterize each time source and use the predicted network latency to arrive at the "true" time. If the NTP server response latency is delayed randomly due to running in a VM then it gives results that are not as accurate.
If you're trying to correlate logs down to the microsecond on multiple machines this can be a problem.
Same here, they do great serial console. The machine has no moving part, so it should be quite reliable over time. The weak point is the power supply, though: we replaced a lot of them
We use them with a tweaked NetBSD that boot from flash and uses a RAM disk as root
If your hypervisor is "randomly delaying" your hosts then you have a deployment problem that you need to fix. That's not how it should work unless you've given your NTP VM the lowest possible priority.
You make several posts on here about this being a bad idea but you have absolutely no data or citations to back it up.
Or you could get one of these: EndRun Technologies CDMA Network Time Server
I bought 2 of these 7 years ago. They use time from local cell towers. Accurate to better than 10 microseconds. No cell phone account required. They are pretty much plug and play. I disabled network login (serial port login can be used). No exposure to hacking, the only thing it responds to are NTP requests. Options for TCXO, OCXO and Rubidium clock backup in case of loss of cell towers. Got a cell signal on 6th floor of 13 floor building inside interior computer room (no windows, at least 50 feet from nearest exterior wall).
then reserve memory and CPU for the NTP server, and it will never be swapped.
If only there was a way to manage memory in a hypervisor! Oh wait there is!
Pretty easy to avoid swap if you are capable of reading documentation.
Curious: have you actually tried virtualizing NTP or do you just think its a bad idea without any experience?
I virtualize ntp for UNIX (build cluster and lab farm) and domain controllers for Windows (which acts as a time server for our 5000 or so desktops at work). Both Microsoft and VMWare explicitly support doing timekeeping functions in their associated hypervisors so long as you follow their guides. No problems whatsoever.
There is also the cost implication.
many companies charge you licenses based upon the CPU Capacity (speed and cores). Running an application in a 2 CPU VM will often save you several hundred thousand $$$$ when compared to the 16core monster used in the underlying system.
IBM, Oracle, SAP etc all seem to use this pricing model.
Mind you waiting until your suppliers Q4 to make the purchase/renewal can also save you loads-a-money as well.
Yes. Cell towers are often much easier to use (better building penetration, more visible sources, etc.) and are at least as good a timing source as the average GPS receiver (stationary transmitters at near-field ranges). Even if you don't trust them to have the right time they're highly reliably oscillators; if they weren't it would be impossible to synchronize phones to them.
Virtualisation is great, but there are a few things that cause horrible chicken/egg problems if you virtualise them.
So I'd reserve at least two separate boxes to "do infrastructure". DNS, NTP, remote logging, trap receiving, bastion, and so on. You simply plunk a unix on them and put the individual services in jails or the local equivalent. Don't even need much in the way of performance, so any old 1U box will do fine. Heck, a soekris or an alix board will do. Those are short enough that you can stick'em in any old wiring closet too. Great for geographically dispersing.
If you're stumping up for infrastructure that can host hundreds of VMs, then of course that is enough capacity to also run "little boxes", but it'd be stupid to not also shell out the little extra to make your infrastructure robust, instead of risking hypervisor dependencies on not-yet booted VMs in your private cloud, or whatever you'd call it. "Seems to work" is not enough: Turn off the entire datacentre and then try and cold boot it, remotely. If it's fully virtualised including necessary basic supports, it'll take more time and trouble than if you don't virtualise the pillars on which you built up the rest.
If all I had was exactly two boxes, I'd still run NTP and local DNS next to the hypervisor, not under a guest. NTP in particular; I've had my fill of (windows) boxes claiming to be stratum two yet being off by two minutes because they only update once a week. Of course, on a virtualised unix it'll be much less, but I don't want to find out the hard way the VM distorted the timekeeping in unexpected ways later, so this is one thing that needs its own box. There are similar scenarios for the other basics, but I'll leave them as an exercise. The gains of virtualising, saving a bit on hardware and power, simply do not outweigh the trouble when you can least afford it.
The little boxes will make you angry.
systemd is Roko's Basilisk.
If you care enough to put an antenna on the roof, then you should also care enough to pay attention to good grounding principals.
Grounded coaxial-fed antenna on roof == lightning rod. Period.
Without precaution and planning, the device responsible for dissipating that lighting (when, not if, it happens) will be your precious local Stratum-1 NTP source.
It's never hard to get grounding done right, but it's not always obvious, and it never happens by itself.
Kid-proof tablet..
There's a black one,
And a white one,
And one with a bit of shite on.
But you can't put your muck in our dustbin by the ash grove.
Or something like that.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Oh yeah, also consider OpenVZ VMs (OK for ntp too), or libvirt/KVM VMs. The Dell R210-II will quite happily run a load of those...
For bootstrapping and security, I imagine. If there's a cold outage, or an extended spike in network traffic, or a misconfiguration on a switch that blocks all network traffic for a few minutes, a few services will need to be working without depending on anything else when everything else is brought online. That might be master NTP, master DNS, master LDAP, or as stated monitoring (so you can see what actually went wrong in one place). And you could run all of them on one box, with two or three similar as backup, but the point of the question is that you don't need a 64-CPU SPARC box for those services even in a large datacenter; and even if you ran it on a 4-CPU x64 blade, that would be harder to find in the dark or with alarms going off than a standalone box.
If the people weren't made of ticky-tack, maybe they would have planted one or two fucking trees as prophylaxis against bleeding eyes.
Seriously, it's been 60 years, Millions of people look at that every day, fix it already.
They feared that it could be used to suppress protest or support unpopular rule.
This has to be the most obtuse Ask Slashdot in a long time.
Has OP been under a rock?
---Up Up Down Down Left Right Left Right B A START
You know how I know you know fuck all about Virtualization in 2012?
---Up Up Down Down Left Right Left Right B A START
I don't run anything close to a datacenter, so this probably is not applicable to anyone with more than 20 servers, but I run my ntp service on parts attached to a wooden 2x4 (just because I can). It's an arm 800 MHz cpu and keeps very accurate time. Most of our DNS and DHCP is on sheevaplug style 'boxes'. They don't keep accurate enough time for me...
Last time I worked in a company that actually had a for real datacenter was about 13 years ago, and they just used whatever was lying around. Most of the support boxes were HP desktops or UltraSparc workstations that had been repurposed. All of their critical infrastructure stuff was running on those refrigerator-sized Sun boxes that I wasn't allowed to touch.
Why not use a Raspberry Pi as an NTP server?
I've worked in many datacenters over the years. I want to follow up on my previous posts, where I recommend discrete, reliable legacy boxes for NTP and DNS. I want to make it clear that I don't think you should just pick up any old spare box, throw an OS on it, and be done in half an hour. That may work at home or in your hackshack, but in a professional environment, it isn't good enough. These services are part of the foundation upon which the datacenter is built. If the foundation is weak, no structure built on it will have a long life. These services and the machines that provide them are noticeable only in their absence, when all hell is breaking loose. Running a good datacenter requires proactive maintenance and planning. Just because things are running smoothly is no excuse for the operator to play endless games of solitaire waiting for a drive to fail so he can hot-swap it. Everything needs to be planned, documented, updated, and monitored. consumer-grade hardware just won't make the grade in critical infrastructure. Sure, that old PC MAY last twenty years, but that is not good enough. In a major data center, downtime is lost money, often lots of money. Spend money now to save later. Oh, I know, politicians these days want to cut down infrastructure spending so they can lower taxes and balance the budget deficit, but type of thinking leads to rash decisions that are penny-wise and pound-foolish.
Think of a fire station. Those guys just don't sit around playing cards, waiting for the next fire. They spend time at the station making sure their equipment is clean, in good shape, and exactly where it needs to be so when the call does come, they can perform. Run the datacenter in a similar way.
GPS antennas don't tend to stick up any further than any of a number of other protrusions on the roof of a normal building. If your building doesn't normally get hit by lighting, then the GPS antenna will not change that in any way.
That said, proper grounding is always important and I would never argue against doing so.
Not everybody is time maniacs. I have seen many cell towers off 1000ms. They have highly accurate oscillator but the ntp time sources go out and nobody updates the cell tower ntp client for a year or more. They usually update it when it gets above the 1000ms threshold although because things start to screw up.
Are you guys are saying I could still use them as a tick source even if they are off? Sounds interesting...
Everything I write is lies, read between the lines.
Security logging.
If EventX happens on Box1 and EventY happens on Box2, I'd like to see which happened first, etc. I can correlate that with networks sniffs, firewall logs, etc. If all are on damn near the same millisecond, then I can walk the trail. If one is 3 seconds off, or a minute off, etc., it gets fuzzy.
If DoorA opens at Time1 and CameraX sees something at Time2...
If I have two GPS time boxes (with two weeks of time retention/accuracy in case of signal loss), I can have something that should stand up in court.
If I have a home built box, or hope that pool.ntp.org was working perfectly as well as my connection to it, during a time that an event happened that puts us in court, it might not stand up.
My mom says I'm cool.
What an argument you came out with!
I can't say that never happens, because it does... Mutually exclusive librares are already rare, you needing two versions of them at the same time... I've seen it like once or twice, never on a server (I've installed Linux way more times on desktops than servers, so that's not unexpected), and can be mitigated by choosing a stable distro like Debian or just recompiling the one package that is giving you trouble.
In my experience, it's way more common that a service refuses to share a port than library incompatibilities.
Rethinking email
It doesn't matter how far it sticks up.
For that matter, it doesn't even matter if it's a direct hit: Inductance is a bitch who will fry the strangest things, given an opportunity to do so.
That you seem to think that just because it doesn't stick up further than other protrusions makes any meaningful difference in the context of the reliable systems that are the entire purpose of TFS means that you don't fully understand the concept.
Over here in the real world, things aren't so cut-and-dry. Lightning is not a completely rational phenomenon, and one must take extraordinary means in order to reliably survive its appearance -- especially with outside antennas.
Meanwhile, please don't hang a GPS (or any other) antenna on any building in which I have gear that I am responsible for until you learn another thing or three: While I'd love to have a local stratum-1 timesource, I don't want your shit breaking mine.
Kid-proof tablet..
All I can do is laugh... I agree proper grounding is important, as is surge protection. I also know for a fact that you are completely out to lunch with your paranoia.
No. I just work with antenna systems for a living. I have seen my share of gear that has been fried due to crude assumptions about lightning.
Please Motorola R56 a read before you accuse me of being paranoid.
Kid-proof tablet..