We don’t want to have a billion servers each doing their own task – so what can we use as a solution? Server virtualization (or semi-virtualization or para-virtualization). This involves cutting down a server into mini servers that each have full customization. Our VPS at hostmysite is like this. So why would you want to do this? A few reasons actually.

-Localize exploits. Let’s say DNS gets exploited – the access gained would only be for DNS, and not for mail and web and everything else.

-Easy “upgrades,” backups and redundancy. Let’s say we start to use MySQL more and more, but the server can’t handle it. To upgrade (ignoring replication for this example) we could just turn off the virtual server (in essense lock files), move it to other server, drop it into another server that is setup to do virtualization, and turn it it on. Nearly no downtime, and you know it will work.

Anyhow, worth looking at. Here are some of the most mature linux virtualization packages out there:

http://openvz.org/ – This is the open source version of hostmysites VPS. The main difference is it isn’t setup for doing mass hosting (like, 1000 VPSs on a huge mainframe).

http://www.openvps.org/

http://linux-vserver.org/ – Very plain website, but there is news that the authors are pushing for this code to be included in the Linux kernal natively.

http://www.cl.cam.ac.uk/Research/SRG/netos/xen/ – I’ve heard rumors also about this being one of the most advanced.

http://www.vmware.com/ – The one and only. This is full virtualization so will contain the most overhead (some of the previous packages have almost no overhead, not even 1%). Oh yea, and this “costs” money.

My friend Ian told me about this originally, but my pen-testing cousin just send me the link as well. p2p VPN, w00t. Hamachi is a VPN alternative that does not have the normal router problems associated with IPSEC and PPTP vpns. That is good because of firewalls and nat and things like that.

http://www.hamachi.cc/

Status: ✅

The webapp server is running fine, but backups are important. Better yet, a hot computer is a great idea. To do this, I setup an older spare rackmount as a ’live’ webapp server, just in case. A duplicate LAMP was setup, web apps copied over SSH via rsync on a regular basis, and the icing on the cake: mysql replication.

So, if the dedicated webapp server dies a painful death, a quick change of IP for the webapp server in the internal DNS to the backup rackmount, and nobody will know anything happened.

So, you need a TFTP server for something? Cool, you must be doing something fun. I need a TFTP server to copy Cisco IOS images onto the routers; hopefully you are doing something cooler.

1. Enable TFTP in inetd.conf
   Open up /etc/inetd.conf and look for the following line:

kelvin@pluto:~$ vi /etc/inetd.conf

#tftp  dgram   udp     wait    root    /usr/sbin/in.tftpd  in.tftpd -s /tftpboot -r blksize

This is on line 72 for me (hint: in vi press ctrl+c, then :set number). Uncomment it. If you don’t have this line, bummer. Search for in.tftpd and use that as a substitute.

kelvin@pluto:~$ which in.tftpd
/usr/sbin/in.tftpd
kelvin@pluto:~$

2. Create the TFTP directory
   As you can see, we need the directory tftpbood. Create it.

 kelvin@pluto:~$ sudo mkdir /tftpboot 

3. Restart inetd

kelvin@pluto:~$ sudo kill -1 [inetd pid]

You can get the inetd pid by typing:

kelvin@pluto:~$ ps -aux | grep inetd 

Cheers.

Edit: A colleague in New Zealand was searching for something and stumbled upon this page. I gave him the tip that if you need to find the tftp server (or any service), you can do it based on port:

lsof -i :69

Status: ✅

Time has come to upgrade a few servers in the office. An older P4 2.8 was being used as a webapp server, and that needs to go. The resource utilization wasn’t too much of an issue, however the computer was aging. Plus, it wasn’t strictly built to host critical services, but since we grew so quickly, it is what was available. Additionally, the PDC was hosting user files and with these mounting in size, a dedicated file server is in order.

Oh, and Ian and I are on a strict budget, as usual.

Our trusty CDW shipped over two IBM rackmounts. Plenty of CPU and RAM to grow, the key feature that we were needing was hardware RAID1. With those shipped out, Ian screwed them into the rackmount and we started working on them. Both servers had Debian slapped on, and one then into a true LAMP server. On the LAMP server we also loaded up our ticketing system, and several IMAP based email accounts (good ol’ Dovecot).

On the other server was setup as a dedicated file server. For several reasons, including the strict budget, we synced Samba up to the 2003 PDC. Thus, all profiles (through file redirection) are mapped to the Samba box, which does auth via kerberos back to the PDC. Besides user profiles, several shared folders exist, and access is based on GPO. I must admit, Samba+Windows2003 is a very handy combo.

Status: ✅

I realized at the end of the 2005 school year that I was going to be two business credits short of graduating. Two! Understandable I think, since I had been working full time or over full time (one to four jobs) for the last three years. Plus, I changed my degree after the first year; not to mention I somehow crammed five years worth of credits in four years. Well, I arranged with one of my teachers (who had a great class, I must add) to guide me through the last two credits. The credits involved writing a paper regarding China and the Internet. A broad topic, I must admit.

The paper was a joy to research, write and edit. I explored many faucets I didn’t think I would, and realized that I mostly enjoy semi-technical writing. Through this paper I realized that technology in emerging countries is an interest to me, and I look forward to what this interest has in store for my future. You can download my paper (PDF) here.

Status: ✅

A network upgrade is in order, since we are depending more and more on our internet connectivity. Historically we have been using D-Link “Business Grade” equipment over DSL lines (decent bandwidth, but not 100% reliable, plus latency that is a little high). Time for an upgrade.

Since FiOS isn’t offered yet where our office is located, we had to settle on a T1. However, since both locations in the States will have T1s through the same company, the quality should be decent. Since I’m telecommuting now, my colleague organized what company to order the T1 through, and had the line installed. Since our offices are both quite small, there isn’t a need for any huge routers, we aren’t moving a tremendous amount of traffic. Then again, we do need a certain amount of features. Initially the T1 company almost required us to use their equipment (which was luckily discounted highly), and after we gave them our set of requirements, they gave us a pair of Cisco 1723s, which I was a little skeptical about. A Cisco technician came out and sort of set them up (enough for me to gain remote access at least). However, a slew of issues surrounded the 1723s. The routing wasn’t setup up quite properly, and the IOS was a little outdated.

Ultimately it turns out the routers weren’t right, and wouldn’t support our requirements (which was my guess in the first place). Oh well. A quick call to CDW and we had a pair of Cisco 1841s sent to Portland. After some widgetry magic (my knowledge of the Cisco CLI, to some degree at least) I got them both configured for their respective networks to run over the T1, then quickly setup NAT and then IPSec. Overall they run very smooth, and after installation they just have kept working.

So, there you have it. A quick network upgrade in two sites. Go Cisco.

Status: ✅

RATS, or Return Authorization Tracking System, is a way for us to handle RMAs.

The site uses modified TOES code (although cleaned up significantly) to track returns and warranty claims (and depending on which type of claim it, this determines which part of the U.S. the warehouse will be shipped). It categorizes where they order is going, the status of the order, which company the return belongs to and customer information. Nothing too complicated, although I’m contemplating integrating it with our website so customers can check the status of their returns online.

Welcome screen

Initiating a new return

Viewing the list of returns

Viewing the overall history of returns AND warranties

The detailed look of an item in history

The detailed look of a return item

Status: ✅

Kuala Lumpur represents a new adventure for me, and a new project. The goals were simple: update/clean the systems, upgrade the internet connection, give pseudo-voip capability and try to get them on the VPN.

Before leaving the states I had to make sure several things were in order. First, I needed to order the rotuer I was going to bring out with me. Next, I needed to make sure KL had arranged the appropriate DSL upgrades, and last: pretest the connection. Before leaving L.A. I had the opportunity to test the new router and have it connect to the VPN. All is good to go.

After arriving I solicited the help of a co-worker and we started updating the computers (making sure all service packs and updates were installed), and installing Firefox, Thunderbird and Skype. In the I.T. market we acquired several headset and webcams, hooked them up to appropriate managers’ computers, and linked managers in several offices together. Next I set forth trying to get the router setup. Part of my planning included making sure all voltages were accounted for, so when I arrived in KL an adapter was awaiting me. Unfortunately, either the adapter failed or the router was damaged in transit. We went into the I.T. markets and ordered a new, albeit lower grade, router. A few days later it arrived and I quickly got it installed. Several things needed to be changed with the ISP for the router to get on the VPN, so I had to connect it to the VPN remotely several weeks later. Alas, doing I.T. overseas is indeed a learning experience!

Status: ✅

Currently our ERP setup is a nightmare, both in stability, features and especially administration. A new solution is in order. After collecting goals/requirements we have begun researching, and even started testing some platforms. The “other half” of the IT department and I installed and tested Compiere today on a spare (albeit low performance) rackmount. For those of you (most) who don’t know, Compiere is an ERP solution that ties together all the faucets of a company under one hood. We are impressed with Compiere, but installation is a bit on the complicated side.

In the end, we opted for Compiere to be managed and hosted externally, yet we would still administer many aspects (regarding user interaction).