I’ve been continuing to move vunerable systems behind the firewall. The latest was the GWIA. It gave me some issues. I’m not sure why, but it was choking on the receive threads, especially when the GWAVA digest ran in the middle of the day. I ran into a problem bumping it up though. I tried changing the setting in eDirectory. No go. I tried changing it in the gwia.cfg. No go. I checked the config of the GWIA using the built in command to output the configuration to the log screen and noticed that my /RD and /SD switches from the gwia.cfg were being processed, but shortly thereafter being overode with seperate /RD and /SD switches. I went to the bottom of the config file and sure enough, all the command switches were there, including the “rouge” thread switches. Once I bumped that up, I just watched the GWIA nlm console. Do you remember how CRT monitors connected to NetWare servers tended to have images burnt into them? That happened with my eyes. I close my eyes and see my GWIA. It’s disturbing. At any rate, the server survived the daily GWAVA digest. And the GWIA is behind the firewall, only talking on port 25/smtp as far as nmap and the outside world are concerned.
Archive for February, 2007
pf, clusters, and DST
February 14th, 2007I had a box running OpenBSD 4.0 and pf up and running. Eventually I took a look at pfsense. I installed it and before I knew it, I had set up a small two node fail over “cluster”. Setting up carp/pfsync is fairly easy. It also comes with all sorts of built in graphing tools, which is nice to see when you’re getting most of your traffic. I still have all inbound(requested web traffic) going through my BorderManager proxy. Eventually I’d like to have that behind the firewall as well for that extra layer of security and the ability to keep better track of our bandwidth usage.
I’ve been thinking about trying to come up with a cluster solution for file/print and our groupwise post offices. This would only be for staff and faculty. A fully equipped cluster and SAN solution for the entire student body would be very cost prohibitive. However, I have been thinking about an iSCSI solution for the faculty and staff. There are far less people in that group, but the ability to access network resources is far more critical. I called an iSCSI SAN maker and saw my dreams of this cluster come crashing down. Even iSCSI SAN appliances cost over $20k. I was brought to my attention that iSCSI without the appliance might still be an option. I’ll be talking to a network guy at another school district who has rolled out an iSCSI cluster on “pedestrian” equipment and see what is viable. If anyone has any experience with this, drop me a line.
I’m in the process of doing our DST stuff. Patching the NetWare servers with dstshift.nlm was easy, same with the Suse servers. Rolling out patches for our Windows workstations is proving to be slightly more difficult. I’m trying to set up a silent MSI based installer which takes the Microsoft patch and deploys it through the ZenWorks application launcher. I’ve heard that is frowned on by Microsoft. I’m going to have to do some testing to see if it really works. I’m going to have to patch the GWIA and WebAccess as well.
Posted in Desktop Management, Network Operating Systems, Tools
