Archive for January, 2007

LTO and pf

January 30th, 2007

It became apparent that we had out ran our current tape drives ability to keep up with the load. Having attached storage helped the issues, but even then doing duplicate tape jobs during the day took forever and always required tape switching, which was doubled during the verify stage in BackupExec 10d. The two tape drives were an HP DAT72 and a DAT40.

It has finally become an issue since our new finance software spits out transaction logs and backup files all over the place. I needed a less than painful way to get the data backed up and off site. So I investigated the pricing on LTO drives. I was surprised to see the price drops since I looked into in the past. I settled on this:

http://www.cdwg.com/shop/products/d…aspx?EDC=960327

I got it in this morning and wasted no time getting it installed in the server and running a duplicate job. It backed up 120 gigs, including the verify stage in less than a few hours. While that might not be amazing speed, it’s worlds ahead of what I had been using. I can probably get all my data on one tape and still have time to kill before the backup to disk jobs get run at night.

I have got pf running on an OpenBSD 4.0 box right now. I’m using it as our firewall for our web based services sans for one, which I plan on moving this weekend. After which, I’ll continue to clamp down using scrubbing and more finite rule sets. Finally, I’ll add another box into the mix and make small pf cluster using carp/pfsync. But, so far so good. I find pf a whole lot less cumbersome than BorderManager in terms of configuration. Jumping around in filtcfg.nlm can get messy really quick.  I still plan to use BorderManager for our outbound http proxy requirements.  It’s still a great product.  I’ll be upgrading to 3.9 when it’s released.

No comments »

Posted in Network Operating Systems, Tools

More WebAccess and OpenBSD

January 18th, 2007

The fix for WebAccess that I mentioned before didn’t work, it merely put off the inevitable. There is an issue with that version of Tomcat. So I came up with a less than perfect solution. I did a quick online crash course with cron documentation and set a cron job to reboot the server every day at 4am. My long term plan is to copy the GroupWise domain directory elsewhere, flatten the box and reinstall with SLES 10, move the domain directory back over and finally install the agents again. Hopefully that sorts out my issues long term.

I just received my OpenBSD 4.0 CDs. I’m planning on using it for our firewall instead of BorderManager. I will keep BorderManager as our http proxy, but I want to move the firewall duties to, what I hope will be a pair of pf based firewalls which will be able to fail over in the event one fails. I’ve just been playing around with OpenBSD so far, but I like it. It’s not pretty like many of the more popular Linux Distros, but I’m going to be able to use it for the firewall and not worry about anything else. I don’t even have X running. Hell, I even had to install bash separate!

Like I mentioned above, I’m using BorderManager as our firewall software. It’s usable, but not easily setup for fail over. Also, adding filters is a clunky process and the rules themselves are less than readable as a whole. Pf just seems to use /etc/pf.conf. It can be as simple as two or three lines to get a usable firewall with required pass throughs for simple things like OpenSSH. On the project server, I’ve already did a quick configuration so I can get remote access through ssh. I’m looking forward to completing this project and plugging up the worrisome holes my current setup has.

Now if only people would just leave me alone and I can avoid meetings, I might actually be able to accomplish this!

2 comments »

Posted in Email, Network Operating Systems, Tools

Webaccess, and why I hate tomcat and java

January 11th, 2007

Ever since installing WebAccess 7.0.1 on SLES 9, it has been kicking out java memory errors after a non specific time and basically breaking tomcat. After a suggestion from a consultant at our local GroupWise User’s Group, I finally found where to actually specify the switch. You have to add a JAVA_OPT=” -Xms256m -Xmx256m”, or whatever memory you require to /usr/share/tomcat/catalina.sh. I tried it with 256 minimum, 512 max. That didn’t seem to do the trick. I just bumped it up to 1024 min and max. I’m crossing my fingers that sorts it out. Worst case, I can always set a cron job to stop and start tomcat every 4 hours!

As an aside, I check out boycottnovell from time to time. It’s a good way to catch up on non technical Novell news. Although most news bits and quotes are used as evidence that Novell is destroying Linux, becoming the new new(not a typo) SCO, or some other type of wrong doing. Granted, Novell has done some not so smart things from a PR point of view lately, but the conclusions offered by the editors are a stretch somewhat. Sometimes I wonder if upcoming world wide weather conditions are going to be cited as proof that Novell is screwing open source software.

No comments »

Posted in Email, Rants