Seekbrain.com

Hey there,

Well, every few years or so I’m charged (or at least, I charge myself) with the responsibility of setting up our new rental premises with the most cost effective, efficient and clean solution to our day to day I.T. activities. My way of thinking is that, by setting all this up in a planned and carefully implemented manner we will be able to rely on the infrastructure just as much as we would if it was a “mission critical” component. Realistically, given that I am required to be able to fix a server onsite I rely upon my home network being up and running in the most efficient manner possible.

Subsequently, I thought it’d be pertinent to outline (for anyone else also endevouring on the task) what I did (am doing) when setting up my home network.

Requirements Engineering

Firstly we need to define some requirements of the end product:

• Reliable shared internet access with either automatic or manual failover to an alternate means of connectivity (ala iBurst Wireless or ick, !dialup!).
• A method of handing out IP addresses to all “dynamic” clients on the network. That is to say, we’re looking for a DHCP server.
• Optimisation of possible bottle necks associated with a home based broadband connection. DNS & HTTP caching come to mind.
• Reliable, fast central mail storage. This will be pulled from the internet servers into which the mail comes into, stored into users mailboxes and accessed by IMAP/POP3.
• Outbound SMTP relay setup as a smarthost relaying to the ISPs upstream SMTP server. This is mainly necessary because occasionally the upstream ISP may differ (if for instance the connection drops) and updating 1 smart host is much easier than updating numerous settings per machine.
• Web based access to the central mail storage.
• A large house wide storage system. This is primarily to accomodate a significant amount of “in development” stuff I work on (like PHP & MySQL RPMs for instance).
• Local DNS zone for local hostname resolution. I find it difficult to remember IP addresses so a DNS server is fairly essential (and it looks nice).
• Wireless internet access should be available throughout the house.

Ideally I’d also like the new setup to accomodate:

• Centralised authentication. Ie. House wide username/password combinations.
• Centralised home directories without risking long downtimes should a key server fail.
• Internal Network monitoring. This is purely to keep an eye on general statistics (like for instance disk space usage etc.) to avoid any disruptions.

Available Resources

As with any project we need to take stock of the equipment we have to complete this project. I’ll do my best to supply some pictures when I get my hands on a camera.

Storage/Development Server (Tethys)

2RU Chassis
P4 3.0 Ghz
2048MB RAM
2 x 300GB IDE (in software RAID1)
2 x 300GB SATA with 3ware 4006-2LP Hardware RAID1 Card

Gateway/Auxillary Server (Dione)

3RU Chassis (IBM Netfinity 4500R)
Dual P3 1Ghz (Coppermine core)
1024MB RAM
4 x 17GB SCSI (U160 bus width) in 2 seperate software RAID1 arrangements

Thin Client Server (Levity)

Minitower Case
P4 3.0 Ghz
2048MB RAM
2 x 120GB SATA drives in Software RAID1

This is my girlfriends PC. I use it to route between the upstairs and downstairs subnet. It also serves my Sunray 150 thin clients.
Spare (ex Gateway) Server 1 (Enceladus)

Dual P3 500Mhz (Katmai core)
512MB RAM
1 x 9GB SCSI2 (I THINK it’s 2)

Spare (ex Mail Server) Server 2 (Janus)

Single P3 450Mhz (Katmai core)
256MB RAM
1 x 8.5GB IDE HDD
2 x 10GB IDE HDD in Software RAID1

This server currently has the mail archives for all users on it. One of the objectives will be to make this server redundant.
Other than this there’s also a number of other “client” or “spare” machines. For the sake of simplicity I won’t bother mentioning them. They play no signficant role in the “house network” itself.

Physical Limitations

A number of physical implementation hurdles exist.

• The house is raised with all 24/7 server equipment to be kept downstairs. This is due to heat & noise reasons. Consequently, I’ve run 2 sets of CAT5 from the bottom of the house via an external wall cavity and into the study.
• Cabling abilities are limited since our new premises has woodfloors. Consequently, it’ll be necessary to conceal as much CAT5 cable as possible and, if required, bridge gaps with wireless.

Implementation Plan

Given all these requirements along with available hardware & limitations one can create a network deployment diagram with which to work from.

Effectively each machines role is as follows:

Dione

• NAT Internet sharing
• NIS authentication slave
• DNS zone slave
• Nagios Monitoring system
• DHCP Server

Tethys

• NIS Authentication Master
• DNS zone master
• Storage server
• Open Virtuozzo Host

Telesto

This is a VPS located on Tethys. By keeping the two seperate it means I can migrate to a standard system if I require. It also means that the instructions I supply will match perfectly (since a VPS acts like a completely seperate server).

• Mail Pull
• IMAP/POP3 Services
• SMTP Smart Host
• Horde
• Apache Virtualhost (for access to Horde)

Levity

As indicated this is a standard desktop machine. It does however have two ethernet interfaces which are used to route traffic from the downstairs subnet to the upstairs subnet.

• Middle man router
• DHCP server for .50 range (Upstairs subnet)

Conclusion

So there we have the overview of what I intend to complete within this guide. The next part will begin answering & implementing the plan as outlined above. Until next time, have fun!