Server Software
Showing 1 - 5 of 5 Results | Page 1 of 1 | 1
pfSense: A Router That Stands Up To Traffic
18-Aug-10 22:27
I've gone through hardware routers at the rate of about one a year, primarily cheap brands like D-Link and Airlink. They were inexpensive in dollars yet costly in terms of the time I spent wrestling with their limitations. They rarely locked up but were often a bottleneck. Streaming a TV show or sports event from the internet made my cable internet feel like dial-up. I kept buying newer models, hoping to find a satisfactory one.
Then I discovered software called Ipcop that can turn most any old computer into a gateway, firewall and DHCP/DNS server. All I needed to add was a second network card. The speeds climbed to what I expected. However, it made me hungry for more data from and control over this quasi appliance. For example, I still couldn't view the traffic and throughput in real time; nor could I adjust how much bandwidth was going to different applications.
Installation and Setup
I decided to try pfSense, a FreeBSD-based distribution that claims to do all this and more. Although BSD lacks some of Linux's support for the latest video and USB devices, that doesn't matter when you're building a machine dedicated to networking. And because the release 1.2.3 ISO image is a live CD, you can verify that your network adapters are recognized before you commit to installing it. The pfSense site has a set of screenshots showing the steps. The sequence may seem intimidating to a beginner. However, there's only a couple of decisions that require thought.
First, pfSense boots to a spartan black and white console with a numbered menu. Choose menu option 1 to assign your WAN and LAN interfaces. Your WAN interface is the one you'll connect to your modem and the public internet. The LAN interface is the one you'll attach to your computer or, if you're serving multiple computers, to a network switch or access point. Thus, the average user needs two network cards (or a network card in addition to your motherboard's built-in LAN port), and pfSense won't work without both of them available. pfSense will report the device names that it detects. In my case, I chose rl0 (a Realtek RTL8139 network adapter card) as the WAN interface, and lx0 (a built-in Intel network chip on the motherboard) as the LAN interface.
Only one more thing to do: select menu option 2 and define the LAN IP address. You can now ping other IP addresses on the internet and your private network to verify connectivity.
Next, I installed pfSense to the hard disk (menu option 99). pfSense only needs a few gigabytes space, so even a small hard disk will do. I chose the Quick/Easy install method, which automatically wipes, formats and partitions the drive. BSD systems don't use the MS-DOS kluge known as an extended partition. pfSense has you choose one primary partition for the entire OS, which is then subdivided into "slices" for the filesystem and swap. You don't have to worry about these details; the Quick/Easy install option takes care of them all, including the installation of a boot loader (bootblock).
A few minutes later, I was booting into my new system with the same black and white menu. I repeated the steps I had done during LiveCD testing to verify my settings. At this point, I could login from a web browser on another computer by using the IP address I had assigned (http://192.168.0.1). pfSense prompted me to run the Setup Wizard. There were about a half dozen text entry boxes to fill out, including my domain name, DNS addresses, timezone, and new admin password.
Performance and Features
That's all it takes to get pfSense up and running. I didn't have to define a single firewall rule. pfSense defaults to allowing all outbound connections initiated from your LAN and denying all inbound connections coming from the WAN. Users that want to open ports to the internet or deny certain types of activities can add their own rules. Typical home users won't need any.
I've only been using pfSense for a few days, but it's been absolutely stable and shows no risk of being overwhelmed. Its graphs display load and traffic history every which way, over hours, days, even months. On a Dell GX110 Pentium III (667 mhz) with only 256mb RAM, the CPU is rarely more than 5% busy, and RAM usage has never exceeded 25%.
One of the main advantages of pfSense over Ipcop is its ability to shape traffic precisely. My home phone service is from Vonage, and the voice quality can suffer when other traffic hogs the bandwidth. Many consumer routers offer a Quality of Service (QoS) feature, yet the user has little control over how it works. pfSense has an EZ Shaper wizard that addresses my VOIP problems. By answering the Wizard questions, it sets up traffic rules that divide up traffic into queues. While I did have to supply my download and upload speeds in Kbps (I got my numbers from Speedtest), the wizard managed the queue setup for me. For example, it asked me do I want to prioritize VOIP over other applications. If yes, it gives that queue a High priority. Moreover, pfSense let me specify how much bandwidth to guaranty for VOIP. I can also lower or raise priority for specific applications and services over standard ports. For peer-to-peer applications like bittorrent, I don't have to specify them individually. pfSense lets me toss them into a "p2pCatchAll" queue with Low priority.
pfSense provides the DNS and DHCP services you would expect from a router appliance. The DHCP server can convert dynamic leases to fixed ones. If you boot thin clients from the network, you'll appreciate the option to specify the server's IP address and filename.
The DNS server was more flexible than the hardware router I used previously. I needed it to forward queries to a local DNS on my private subnet as well to the DNS upstream on the public internet. pfSense handled the requests transparently. All clients automatically used the pfSense IP as their sole DNS and received answers from it, regardless of where the requests were forwarded.
I've only scratched the surface of the feature set. In time, I'll explore the rest. Besides scheduling and syslogging, pfSense advertises an NTP daemon, Ipsec, OpenVPN, load balancing, and UPNP. You can enable or install packages for Snort intrustion detection, the Squid web proxy, HAVP/Clam anti-virus, and FreeSwitch telephony. Administrators can backup and restore the configruation from XML files, and install bug fixes and upgrades directly from the internet.
A Clear Difference
I'm very impressed with pfSense so far. I had expected a product thick with features but difficult to configure. Getting a working setup was almost trivial, thanks to the wizards. I don't have benchmarks, but subjectively the speed is faster and more consistent than when I used a hardware router. I also got a significant speed boost when I used Ipcop. The differentiating advantage of pfSense over Ipcop is that my Vonage phone calls are clearer. I could always hear the other party fine. Now, for the first time, the upload speed (from LAN to WAN) is reliable enough that my outbound voice doesn't periodically break up or get delayed.
Does pfSense make sense for you? It can't do everything that a Unified Threat Management (UTM) application can do, but what it does it delivers exceedingly well. Google around and you'll find people who swear that it can scale to support more demanding businesses. Commercial support is available, should you need it. Given how cheaply and quickly you can deploy a pfSense box, what have you got to lose?View comments for this article
Tracks: a To Do List for Getting Things Done
13-Feb-10 16:26
David Allen's Getting Things Done struck a chord with compulsive organizers as well as people struggling to bring order to their lives. The book was written at a time when Day Planners, paper and index cards were still common business tools. However, its principles haven't become obsolete. Just google "GTD" and you'll find many products and services claiming to implement it.
For me, the value of Allen's system -- it's more method than a strict methodology -- lies in a few common sense concepts to put you in control of your agenda:
- Getting your task list out of your head and into an external repository. You mind is then clear for productive thinking instead of worrying.
- Handling new incoming traffic -- usually e-mail -- by making a spot decision. Requests that can be handled in a couple of minutes are answered immediately. Everything else goes into a queue. Postponing time-consuming requests to later in the day keeps you from being distracted while satisfying all but your most impatient contacts.
- Focusing on "next actions" instead of trying to prioritize all the tasks as 1-2-3 or High-Medium-Low. For example, if you want to re-model your house, you could exhaust yourself just thinking about all the possible pre-planning steps. But if you pick just one of the initial steps you know you'll need, e.g. "Go to Home Depot and look at carpet samples", you'll be on your way.
- Regular review. Deferring work doesn't mean forgetting about it. Once a week or so, Allen suggests you go through your projects and decide what you'll work on now versus later. It's OK to punt stuff and sketch dream tasks that you may never get around to doing, if you set aside time once in a while to reassess them.
Now, I'm not a GTD zealot, but I've looked for software (SaaS or desktop install) that fulfills these goals. Very few products come close. Most are just glorified task lists where your list of to-do's quickly grows beyond your ability to manage it.
Tracks is a Ruby on Rails application that takes the GTD concepts seriously. If you're not already running Rails, you can install a pre-build environment like the Bitnami Rubystack.
What makes Tracks better than most to-do lists? It helps you narrow your focus by hiding what's irrelevant at the moment. One illustration: any task can be assigned to a Context as well as a Project. A Context is the general location or venue where you'll perform it -- e.g. Work or Home or, perhaps more specifically, Errand or Computer. Your to-do list is grouped by Contexts, so you don't waste time scanning tasks at times when you can't do anything about them. To further reduce the size of your lists, you can designate Projects as Hidden or Completed.
Following the GTD emphasis on Next Actions, Tracks allows you to "star" a task to make it a priority. You can quickly filter by only starred tasks to get a list of what you want to work on right now. I find that I don't miss the ability to set multiple priority levels, because I usually have more than enough "level 1" tasks to work on at any moment. This constraint is also consistent with the spirit of GTD. By not providing fine-grained prioritization or progress indicators (a task is either done or undone, not X% complete), the application helps procrastinators avoid the unproductive exercise of constantly re-ordering the backlog, and encourages wishful planners to break complex tasks into smaller steps. When a project has no starred tasks, it's time to pick the next activity.
Like any competent task manager, Tracks lets you set due dates and manage items with recurring dates. In keeping with its goal of removing clutter, Tracks also allows you to define when to show tasks. For instance, if you need to return a library book in 3 weeks or take your car for an oil change, you probably don't need to be reminded about it until a few days before it's due. Incredibly, many task managers don't provide a Show date.
The tracks user interface color highlights tasks due in the coming week, and tasks that have aged without being completed. The UI has Web 2.0 features like the ability to edit items without pulling up a separate data entry screen. Forms appear in inline; you can drag items within some lists to re-order them; and items disappear as "done" when you check them off.
Tracks also provides an API and RESTful tools for setting and getting its data outside of the application. Simple feeds like RSS or a text list of your tasks are built-in. It's not difficult to write a script to download and e-mail yourself a daily to-do list. As a web app, it can also support multiple user accounts, although it has no collaboration features: all tasks are private to the owner.
Tracks uses tagging for any additional classifications you need. Say you want to filter a list of tasks that require help from your IT department. "IT" by itself is not a Project. You could add a tag called "IT" to those records and then search on the tag. In fact "starred" items are designated by these kinds of tags. Tags can be immediately added by typing them, and you can have multiple tags for any record.
What's not so great about Tracks? The application is a little sluggish on my home server. Perhaps there's a more optimal configuration for the web server (mongrel). It doesn't come with many useful built-in reports. And it hasn't added many new features in the past year, although there's a good forum to help you solve your problems. Still, I think it sets a good model for task managers. I'm currently writing my own task list app in Python, and it will borrow a lot of ideas from Tracks.
View comments for this article
Dokuwiki: Small Footprint, Big Features
12-Jan-10 00:02
Wikis are a valuable business tool. Even if you don't need them for collaboration, they enable you to share and broadcast information. I find that putting information on a wiki takes only a little longer than typing it in a word processor or sending it by e-mail. Unlike e-mail, the content doesn't disappear into mailbox archives. It's a living document, ready to be accessed and improved upon.
The Candidates
In my work as a product manager, I looked for a suitable wiki for a small business. My main requirements were:
- Lightweight enough to host anywhere. It should have suitable performance on any server, even a VM or my desktop during the development stage.
- Minimal maintenance. I want to spend my time writing for it, not managing its database.
- Easy to learn. I should be able to teach someone to use it in a few minutes. If they feel comfortable with it, they'll be more likely to use it and contribute to it.
- Revision history with rollback. The wiki will be open: every page changeable by anyone. Also, I'm going to be drafting documents in the wiki. I need edits saved at each stage so that I don't lose work, and can always see what's been changed.
- Media capable. Text and file attachments are not enough. The wiki should have a facility for embedding screenshots and videos as well as attachment links.
- Access restrictions through its own permissions system. I didn't want to beg time from IT to implement external authentication like LDAP.
- Free. The wiki would be a pilot project, a proof of concept. I needed to show that it would work before asking for any funding.
The "free" requirement meant I'd only be considering open source products. I looked at wikimatrix.org and found there were dozens of wikis from which to choose. I looked at reviews and recommendations and settled on two of them to try out: MediaWiki and Dokuwiki. Mediawiki is by far the best known. It's the engine that powers Wikipedia, and you'll find many sites that use it.
Life Without SQL
Despite the obvious advantages of Mediawiki -- huge community, many extensions -- I chose Dokuwiki. I found that it did everything I needed. Amazingly, Dokuwiki, does it all without a SQL database. Pages are stored as plain text files. A file-driven database is advantageous not only for backup (just use targz or zip tools), but also for offline document creation. Drag the files into the proper directories and they immediately show up on the wiki. If the wiki is hosted on a local area network, all you need to place content and media is your file manager. Dokuwiki is so compact compared to SQL-based wikis, it can even run from a small USB stick.
Out of the box, Dokuwiki provides user/group access controls. Pages can be edited in their entirety or by section, allowing more than one user to work simultaneously on the same document. Dokuwiki shows you differences between revisions, and lets you search your site with automatic indexing and page caching. You can extend Dokuwiki with dozens of plugins -- not nearly as many as Mediawiki, but enough to suit most needs. With a one-line command, you can turn a page into an image gallery or blog, allow others to comment, export to OpenOffice or start a slide show. Plugins are easily installed and updated through the administrative menu.Right For You?
Dokuwiki is ideal for a small business, a departmental wiki, or anything you need to maintain without IT resources. You can install it on either a server or your desktop. Its small requirements and file-based storage means you can copy it to a USB drive or notebook for offline reference. Converting existing documents to its syntax isn't very hard, thanks to the html2wiki tool. Should you outgrow it, the same utility will help you migrate to Mediawiki.
I've written a couple of tutorials on how to install Dokuwiki and customize its appearance and navigation.View comments for this article
Ruby for Rubes: Riding Rails With Bitnami stacks
02-Aug-09 23:14
Some nice applications for task and issue management are being written in the Ruby on Rails framework. I can even install them from Cpanel on my website. However, I had some reservations about Rails on shared hosting. The first issue was that I'd be competing for resources with hundreds of other sites on the same server. Performance was going to suffer. If the app consumed too much CPU time, the web host might throttle or suspend activity for my account.
The second concern was security. I couldn't store any content at my web host I wouldn't want stolen. (Everyone putting personal information on the public internet should assume (1) they will be hacked eventually, and (2) they may never learn about it until it's too late.)
But the showstopper was that I didn't know much about Ruby or Rails. I just wanted to use a couple of apps, not struggle setting up a working environment. At the same time, I wanted to be able to reconfigure and fix things easily. What I needed was something like the LAMP stack, but for Rails, something I could install quickly on my Windows desktop or a virtualized machine.
How could I get started with Rails apps, without getting de-Railed? My salvation was Bitnami stacks. They're executables that install everything you need to run a specific application. And they're available for Windows, Linux and MacOS. Bitnami already has three dozen pre-configured installers covering some of the most popular open source applications. There are social tools like blogs and wikis; development environments for Java, Python, Ruby, MySQL and PostgreSQL; and business apps for CMS, CRM, ECM, and BI.
Most Bitnami packagings give you a choice of two installers. The larger download is an all-in-one. It installs both the application and the underlying stack. The smaller files install just the application as a "module", and assumes you will install the respective Bitnami stack separately (LAMPStack, RubyStack, or DjangoStack for Python). Because I planned to install more than one Rails application, and they'd initially be running on my Windows desktop, I opted for separate downloads. Separate modules would allow the apps to share the same infrastructure (MySQL database, Mongrel server, etc.), and perhaps make for easier upgrades.
First, I installed the RubyStack. The installer took care of everything involved in getting the web server and database running on my localhost. Then I added the Tracks and Redmine modules. The only information I had to supply or confirm was database user names, passwords, and port numbers. Performance was reasonable under Windows XP and the RAM consumption was small (two Mongrel servers took only 50 mb each). And I could easily start up and stop the services when I needed them, using the icons installed on the standard menus.
Eventually, I installed the applications on a dedicated Proxmox/OpenVZ server. I downloaded the corresponding Linux packages. The Linux installers aren't graphical like the Windows ones. They assume you have some ability to install from a command line. I had to change the MySQL configuration file to create a symlink from /tmp/mysql.sock. However, there were no other major issues. As for upgrades, I've had no problems unpacking new point releases of Rails apps on top of a running installation.
Bitnami is an excellent choice for testing or virtualized environments on a desktop or a home server -- especially if you don't know much about the underlying language, be it PHP, Java, Python, or Ruby. If it doesn't work for you, de-installation is easy. Give it a try. You've got nothing to lose but wasted time.
View comments for this article
Proxmox VE: Efficient Virtualization
02-Aug-09 23:00
Virtualization platforms have drawbacks for light home use, although they're often free for single server installation. They may only be supported on specific hardware (VmWare ESXi, their configuration isn't simple (Xen), or they chew up a significant amount of CPU even when they're idle (VirtualBox). Often, they force you to pre-allocate all the RAM you might need when you start each virtual machine (VM). If you're running several VM's, you may run out of memory, or performance drags.
Wouldn't it be great if you could allocate memory only as the application needs it -- the way your OS manages conventional applications and services? And minimize their impact on CPU for applications that don't need a a GUI? For many server applications involving Apache and MySQL, you simply need the ability to run a few services in their own isolated environment. BSD has this capability using "jails". In the Linux world, similar virtualization is provided by hosting services offering Virtual Private Servers (VPS). For as little as ten bucks a month, you can rent your own space on their server. Unlike typical shared hosting, your virtualized environment is an almost complete Linux OS. You have root access to install most anything you want.
Many VPS hosts run OpenVZ, the open source basis of the Parallels Virtuozzo commercial product. OpenVZ uses a specially compiled Linux kernel. All the virtualized environments -- called "containers" -- run under the same kernel. By sharing the same kernel and underlying OS services, the drain of each VM on the system is minimized. Proxmox Virtual Environment (Proxmox VE) is a bare metal installer that can get you up and running with OpenVZ. Proxmox VE puts a Debian customized OpenVZ system on your drive and a nice web console to manage it. All you need is a dedicated box with a 64-bit CPU. In addition to VM's running under a common Linux kernel with OpenVZ, Proxmox can also spawn fully virtualized KVM machines running Windows or Linux.
To install, download and burn the ISO image to a CD. Proxmox will partition the entire disk using the Logical Volume Manager (LVM2), separating the root operating system from the space reserved for your VM's. Then log in with your web browser to create your first guest.
Each OpenVZ VM uses a template to unpack its initial files for each appliance you create. The template is stored in a standard targz format. Proxmox VE comes with pre-created templates for several basic distros (Debian, Ubuntu, CentOS, Fedora). The web based administrator console can download these appliances for you. Some templates have server applications added to the base install, like Drupal, Wordpress, and Joomla. The selection for these customized appliances is pretty limited; you're probably better off just installing a base template or rolling your own. You can also download templates from the OpenVZ project.
Once you have the template you want, you create your VM from the web console, assigning it a numeric ID, memory and disk space, network type (Virtual or Bridged), IP address and DNS domain and servers. I like to assign an IP address on my subnet that is the same as the ID, for example VM number 101 has IP address 192.168.0.101. Then click the Create button and Proxmox does the rest. If you prefer, you can use SSH and the command-line equivalent (vzcreate) to install the VM. Proxmox creates virtual ethernet connections and I can access each VM by its IP on the LAN.
Managing a Proxmox VE is trivial. You click buttons to start VM's, and you can designate which ones should start up automatically when the system boots. I run 3 or 4 round the clock. Because of Proxmox VE's common kernel approach and the fact that they're all just web and database servers, they rarely consume more than a few percent of CPU, the fan stays quiet, and the box stays cool. A scheduled backup UI is also provided. If I need to add software or change the configuration on any of them, I'll SSH to that VM and run apt-get or whatever command that distro uses to install its packages.
Limits on VM's in OpenVZ work a lot like restrictions for a multi-user system. You can set CPU limits and quotas on disk space -- for the entire VM, as well as per user or group -- at any time after install. OpenVZ uses beancounters to set maximums and minimums on RAM. I don't pretend to understand much of it. The takeaway is that no single VM is guaranteed all the memory you allocate to it. Depending on claims from other VM's, the system may have to diminish its RAM or even kill VM's to keep performance acceptable. I've never run into this situation. Clearly, you should consider it before overloading your server with simultaneous memory-hogging VM's.
I haven't experimented much with the KVM side of Proxmox, because I don't have much need to run Windows virtualized. KVM support is built into recent kernels It's reputed to be rapidly improving but is nowhere near the maturity of VmWare. I recommend that you read the Proxmox forums and judge for yourself. Some users say it's working well for running Windows Server. If you run a graphical VM, you'll appreciate that Proxmox lets you launch a window into it directly from the web admin tool, using Java to create a VNC-connected terminal.
Proxmox VE has proven to be stable for the stuff I want to run every day, and a wonderful way to try out new applications. I just create a new VM for the app with its own IP address, and install it alone with whatever supporting stack I need (Apache, MySQL, PHP/Python/Ruby etc.). If it's a keeper, I may add it to another VM that already has these servers. Otherwise, I destroy it without having to undo anything else.
In the next article in this series, I’ll look at an easy way to add server stacks and applications to your desktop, server, or virtualized machines.
View comments for this article
Showing 1 - 5 of 5 Results | Page 1 of 1 | 1
