Archive for the ‘Servers on a budget’ Category



29
Jan

Open Source Firewall Appliance Round 2

A few years ago I blogged about using the Untangle firewall to replace a Sonicwall or similar firewall appliance.

Since then, Untangle has come a long way. I would like to revisit the untangle appliance as it has undergone numerous improvements, and in my opinion is now a fully capable replacement for an off-the-shelf firewall appliance.

Hardware update…

For a solid, and completely silent firewall for a business environment, here’s my current recommendation (Prices are for new components. Refurbished or used could result in a 30% – 50% reduction in price).
Server – ASUS rs100-x5/pi2: ~$300
Processor – Intel Core 2 Duo E7500: ~$105
RAM – 4Gb (2x2GB) DDR2667: ~$90
Hard Drive – WD RE3 or equivalent
(200 – 500GB) SATA: ~$100

Total cost is under $600. This would be comparable to a $3000+ Sonicwall or similar appliance and would be significantly more quiet.

If you need more ports, a quality 4 port PCI-E Ethernet card runs about $350. The $1000 tag on this server with 6 Ethernet ports is still a bargain. A quality single port Ethernet card would run around $75. Don’t use a desktop Ethernet card in a server like this and expect good performance, you need a quality 3com, Intel or other enterprise quality card.

This is still a low-end server, but is silent and would work well for a moderate sized office. If you have the budget and usage to require it, you could put this on a dual quad-CPU server and put 32Gb or more ram on it. Additionally for any datacenter usage, you don’t need to worry about sound, so a more robust server could probably be setup for the same cost.

Unlike most human related computer activities, packet inspection and other firewall activities are very processor intensive. The faster the processors, the better a firewall appliance will perform. If you do decide to build a Untangle or other firewall appliance, keep this in mind. Embedded processors like Atoms, or VIA’s are not a good match for a firewall, even through they are designed to fit in compact sized enclosures. They work well for what they’re designed to do, but they are not designed for this.

Current hardware recommendations are as follows:

CPU RAM DISK NIC
Minimum 800 MHz 512 MB 20 GB 2 (inline)
1-50 PCs P4 1 GB 80 GB 2+ NICs
51-150 PCs Dual Core 2 GB 80 GB 2+ NICs
151-500 PCs 2+ Cores 2+ GB 80 GB 2+ NICs
501-1500 PCs Quad Core x64 4 GB 80 GB 2+ NICs
1500+ PCs 4+ Cores x64 4+ GB 80 GB 2+ NICs

VPN

Something I didn’t discus in my last article was the VPN. Untangle comes bundled with openVPN. There is no limit other than that of your hardware for the number of VPN users your appliance can support. It is extremely easy to add, suspend and remove VPN users. VPN users are sent a custom key and connection for them to install on their computer. The VPN also supports site-to-site VPN allowing 2 or more offices to virtually share the same network no matter their distance from each-other.

Open VPN is much simpler than any VPN software I have used on either the client or host side. It makes VPN administration and setup a breeze. If you have used cisco, sonicwall or other VPN services, this will be a breath of fresh air in administration and setup.

Feature Improvements

When we started using Untangle, it was not designed to handle advanced protocols including some VPN services, and multi-protocol traffic like VOIP (Voice over IP) phone services.

I am happy to say that Untangle now fully supports multi-protocol traffic like VOIP or Ipsec. Some types of traffic will require custom configurations, but so far I haven’t found any sort of traffic that Untangle has problems with.

Untangle also now support firewall bypassing for high-availability applications, and supports a form of QOS (Quality of service). The QOS is very configurable, but still not quite a user friendly as other platforms. It is however usable despite some potential complicated setups. QOS is essential for running VOIP and other mission-critical applications. It can also be used to throttle down bandwidth eating services like online video.

OS Upgrades

Untangle is now offered in a 64bit operating system, something to satisfy the larger memory requirements for more robust servers. It is still a small custom Debian-linux build. The total install file size is around 500Mb, which is a fresh breath compared to the 3 – 4Gb sizes of many current Linux distributions.

There is also a Windows version for those who don’t have a dedicated server to run untangle on. In this case, Untangle works as a re-router, controlling the routing and traffic of a network, but on an existing windows XP computer.

Conclusion

Untangle has moved from an aspiring concept, to a true contender to established firewall appliances. At this point, I can’t see any reason why a business would spend the extra money on a Sonicwall or similar appliance. Pair this with OpenDNS, and you have a reliable system that can block websites on a DNS level, and a full featured firewall for spam, intrusion, phishing, viruses, and just about every other threat your users will encounter on the internet.

Untangle resources
Untangle Downloads (32bit, 64bit, and Windows)
Untangle guide (Wiki)
The Untangle Blog

If you don’t want to built an appliance yourself, there are plenty of approved untangle hardware vendors.

19
Jan

High-end Web Server for 2009 – Servers on a budget

This is the first guide in a new category called Servers on a budget. The aim of these articles is to help do it yourselfers build / configure servers at a reduced cost over retail.

The first server on a budget is a high performance web server. This server will support a large load and has substantial disk space for shared hosting, or for large disk requirements. There are several additional upgrades that can be used to further increase performance, namely using SCSI or SAS drives. The configuration listed below represents a quality price/performance level that will be sufficient for most hosting requirements.

Hardware

Qty Part Total Cost Cheaper Alternative Better Alternative
1 Tyan Tempest i5100X (S5375) Motherboard $320   Tempest i5400PW (S5397)
2 Intel E5410 Quad Core Processors $500 E5310 Processors E5440+ Processors
1 Areca ARC-1120 8 Port SATA Controller $410 Areca ARC-1110 4 Port SATA Controller Areca ARC-1680 8 Port SAS Controller
8 WD RE3 1TB SATA Hard Drives $1280 4 or 8 Seagate 1Tb or Lower SATA HD’s Seagate 10K or 15K SAS Drives
4 4GB DDR2 667Mhz ECC Registered RAM (16GB Total) $650 8GB DDR2 667Mhz ECC Registered RAM 32GB RAM, 64GB for i5400PW Motherboard
1 4U ATX Server Case w/600w Power Supply $200 – $300   Supermicro or other Hot Swap SATA w/redundant power supply
  Total: ~$3500 w/shipping  
         

If you were to go the SAS route instead of the SATA route which would greatly increase your database performance, you would be looking at about a $1500 to $2500 increase in price. You could easily save $500 or more by using smaller drives and reducing the RAM.

I don’t recommend using any lower performance CPU’s than the E5410’s. The 5405’s are lacking some of the features that 5410’s and up have. The 5410’s come in at a solid price and are very high performance CPU’s.

In the end with this above hardware, you end up with a very fast, and scalable server. It will have a 7.1TB RAID 5 array, or a 4TB RAID 10 array, and up to 32Gb or RAM. This server requires paired RAM and I always recommend getting the largest capacity RAM sticks available – 4GB in this case. 4GB sticks are reasonable priced at about $150 each. The Tempest i5400PW motherboard supports 64Gb of RAM using 4GB sticks. The Tempest i5400PW makes a fantastic dedicated database motherboard because it has 16 RAM slots.

For about $200 – $300 more, you can upgrade to a hot-swap server case. This will definitely make a more professional server and will be easier to manage hard drive failures and replacement. Supermicro and iStarUSA both make some really nice 8 bay SATA hot swap cases starting at about $350.

Green IT:
This is a reasonable Green server. It would be easy to reduce power consumption by using L54** series processors instead of E54** processors. Both motherboards listed above support the lower power L series processors. A very efficient power supply and high-efficiency hard drives would further reduce power consumption.

Comparable prices from mainstream manufacturers:
Dell: ~$6000 – $10000
HP: ~$7000 – $12000
IBM: ~$10000+
SUN: ~$10000+

It would be extremely difficult to find a new server for anywhere near the price of building this. Alternatively ASUS and Supermicro make some comparable motherboards in the same price range. I personally prefer Tyan boards, as they have always been extremely reliable for me.

Finding the parts:
All of the prices quoted above are for new components found by shopping around eBay and by using Google’s product search. You can probably find many of the hardware above refurbished or lightly used. Make sure in any case that you are buying from a reputable seller/company and that you get a valid warranty on everything, especially the hard drives!

Software:
This server is capable of running a variety of operating systems. For a web server, I recommend CentOS 5.x x64. It would also work well with another x64 Linux enterprise build, SUN Solaris x64, or Windows Server 2003 or 2008 x64. Whatever operating system you decide on using, make sure to use a 64 bit system, and make sure it supports the amount of RAM you plan on using. Some Windows Server OS’s restrict the amount of RAM the system will recognize.

Copyright © 2024 The Ecommerce Blog, Jamie Estep, All Rights Reserved · Theme design by Themes Boutique