DOCSLIB.ORG

Bladecenter, Linux, and Open Source Blueprint for E-Business on Demand

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Bladecenter, Linux, and Open Source Blueprint for E-Business on Demand Front cover IBM Eserver BladeCenter, Linux, and Open Source Blueprint for e-business on demand Discover open source projects to reduce cost and improve reliability Install and configure Linux and critical open source network services Learn best practices to implement reliable services George Dolbier Peter Bogdanovic Dominique Cimafranca Yessong Johng Rufus Credle Jr. ibm.com/redbooks International Technical Support Organization IBM ^ BladeCenter, Linux, and Open Source: Blueprint for e-business on demand July 2003 SG24-7034-00 Note: Before using this information and the product it supports, read the information in “Notices” on page vii. First Edition (July 2003) This edition applies to Red Hat Advanced Server 2.1. © Copyright International Business Machines Corporation 2003. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Notices . vii Trademarks . viii Preface . ix The team that wrote this redbook. ix Become a published author . xi Comments welcome. xi Chapter 1. About the book: Blueprint for building an e-business application for BladeCenter. 1 1.1 Building an e-business infrastructure . 2 1.1.1 Materials . 2 1.1.2 Objectives . 3 1.2 IBM eServer™ BladeCenter . 3 1.3 FAStT SAN storage. 3 1.4 BladeCenter business value . 4 1.5 Linux business value. 4 1.6 Open source business value. 4 1.7 Other references . 5 Chapter 2. Architecture: Solution overview . 7 2.1 Open source e-business infrastructure a modular approach . 8 2.2 All construction projects start with a pattern . 8 2.2.1 Industry standard e-business pattern: A three-tier infrastructure . 8 2.3 Blade servers . 8 2.3.1 The next evolutionary step in computing: Blade-based computing. 9 2.3.2 IBM eServer BladeCenter . 9 2.3.3 BladeCenter value . 9 2.3.4 When BladeCenter is not the right platform . 10 2.4 SAN storage . 10 2.5 Software stack. 10 2.5.1 High-level architecture . 10 2.5.2 Open source e-business software components . 11 2.5.3 Functional aspects . 12 2.5.4 Non-functional requirements. 13 2.5.5 Non-functional aspects . 13 2.5.6 Detailed software stack. 13 Chapter 3. Foundation . 17 3.1 Hardware. 18 3.1.1 Single CD-ROM, floppy drive, keyboard, video, and mouse. 18 3.2 Installing operating system instances . 18 3.2.1 PXE. 19 3.2.2 Red Hat Kickstart . 20 3.2.3 Sample Kickstart configuration for BladeCenter . 22 Chapter 4. Plumbing: Network infrastructure. 25 4.1 DHCP . 26 4.1.1 Background. 26 © Copyright IBM Corp. 2003. All rights reserved. iii 4.1.2 Building in fault tolerance . 26 4.1.3 Security concerns . 28 4.1.4 Conclusion . 29 4.2 DNS. 29 4.2.1 History . 30 4.2.2 Building a highly available DNS . 32 4.2.3 Conclusion . 34 4.3 LDAP. 34 4.3.1 LDAP servers . 35 4.3.2 LDAP concepts . 35 4.3.3 Working with OpenLDAP . 39 4.3.4 gq: A graphical LDAP browser . 45 4.3.5 Server authentication with LDAP . 52 4.3.6 Apache authentication with LDAP. 58 Chapter 5. Wiring: File services with Samba and NFS . 61 5.1 Working with Samba . 62 5.1.1 Required Samba packages. 62 5.1.2 Configuring Samba as a basic file server . 62 5.1.3 Adding Samba users. 63 5.1.4 Samba passwords . 63 5.1.5 Connecting to the Samba server using smbclient. 64 5.1.6 Connecting to the Samba server using smbmount . 64 5.1.7 Connecting to the Samba server from a Windows machine . 64 5.1.8 Automatically mounting a Samba directory at boot time. 64 5.1.9 Sharing additional directories . 64 5.1.10 For more information on Samba . 65 5.2 Working with NFS . ..
Load more

Recommended publications
  • Tree-Like Distributed Computation Environment with Shapp Library
    information Article Tree-Like Distributed Computation Environment with Shapp Library Tomasz Gałecki and Wiktor Bohdan Daszczuk * Institute of Computer Science, Warsaw University of Technology, 00-665 Warsaw, Poland; [email protected] * Correspondence: [email protected]; Tel.: +48-22-234-78-12 Received: 30 January 2020; Accepted: 1 March 2020; Published: 3 March 2020 Abstract: Despite the rapidly growing computing power of computers, it is often insufficient to perform mass calculations in a short time, for example, simulation of systems for various sets of parameters, the searching of huge state spaces, optimization using ant or genetic algorithms, machine learning, etc. One can solve the problem of a lack of computing power through workload management systems used in local networks in order to use the free computing power of servers and workstations. This article proposes raising such a system to a higher level of abstraction: The use in the .NET environment of a new Shapp library that allows remote task execution using fork-like operations from Portable Operating System Interface for UNIX (POSIX) systems. The library distributes the task code, sending static data on which task force is working, and individualizing tasks. In addition, a convenient way of communicating distributed tasks running hierarchically in the Shapp library was proposed to better manage the execution of these tasks. Many different task group architectures are possible; we focus on tree-like calculations that are suitable for many problems where the range of possible parallelism increases as the calculations progress. Keywords: workload management; remote fork; distributed computations; task group communication 1.
    [Show full text]
  • Toward an Automated Vulnerability Comparison of Open Source IMAP Servers Chaos Golubitsky – Carnegie Mellon University
    Toward an Automated Vulnerability Comparison of Open Source IMAP Servers Chaos Golubitsky – Carnegie Mellon University ABSTRACT The attack surface concept provides a means of discussing the susceptibility of software to as-yet-unknown attacks. A system’s attack surface encompasses the methods the system makes available to an attacker, and the system resources which can be used to further an attack. A measurement of the size of the attack surface could be used to compare the security of multiple systems which perform the same function. The Internet Message Access Protocol (IMAP) has been in existence for over a decade. Relative to HTTP or SMTP, IMAP is a niche protocol, but IMAP servers are widely deployed nonetheless. There are three popular open source UNIX IMAP servers – UW-IMAP, Cyrus, and Courier-IMAP – and there has not been a formal security comparison between them. In this paper, I use attack surfaces to compare the relative security risks posed by these three products. I undertake this evaluation in service of two complementary goals: to provide an honest examination of the security postures and risks of the three servers, and to advance the study of attack surfaces by performing an automated attack surface measurement using a methodology based on counting entry and exit points in the code. Introduction Contributions and Roadmap System administrators frequently confront the The paper makes two major contributions. First, problem of selecting a software package to perform a I undertake an in-depth discussion of the relative secu- desired function. Many considerations affect this deci- rity postures of the three major open source IMAP sion, including functionality, ease of installation, soft- servers in use today.
    [Show full text]
  • Design and Management of Email Service
    Design and Management of Email Service Source : homepage.ntu.edu.tw/~jsc/2005-mail.ppt Outline Introduction to the architecture and operation of SMTP Design of a suitable email system – Webmail solutions Postfix and simple configuration samples Spam and virus filtering Conclusion 2 Overview Electronic mail service has already evolved into one of the major Internet applications. It is not only fundamental, but also a must. Users may become impatient when mails were delayed, not to mention failed to access their emails. – Imagine we meet the situation of power failure or cut of water supply 3 Architecture of a Simple Mail System Consists of the following components – MTA - Mail transfer agent Sending and forwarding emails Server end – MDA - Mail delivery agent Delivering emails to recipients’ mailbox Server end – Pop3/Imap4 Daemons For users to download their mailboxs Server end – MUA - Mail user agent Reading and composing emails 4 Client end Architecture of a Simple Mail System Protocols Used for Mail System Protocols – For computer programs to communicate with each other – Similar to languages that human beings speak SMTP – Simple Mail Transfer Protocol – Too simple to provide any “advanced features” Authentication Authorization POP3 – Post Office Protocol version 3 – Simple IMAP4 – Internet Message Access Protocol version 4 – Fully compatible with internet message standards, e.g. MIME. – Allow messages to be accessed from more than one computer. – Provide support for online, offline, and disconnected modes. 6 – Multiple and share folders. Mail Forwarding Between Servers How to Find the Way to the Destination? How do we find the way to [email protected]? 8 DNS: The Key to All Internet Services Query DNS server by the address part of email address.([email protected]) 1.
    [Show full text]
  • Untersuchung Von Techniken Zur Persönlichen E-Mail-Postfachverschlüsselung
    Fachbereich VI - Informatik und Medien Master-Arbeit von Benjamin Fichtner zur Erlangung des akademischen Grades Master of Engineering im Studiengang Technische Informatik - Embedded Systems Untersuchung von Techniken zur persönlichen E-Mail-Postfachverschlüsselung Erstprüfer: Prof. Dr. rer. nat. Thomas Scheffler Gutachter: Prof. Dr. rer. nat. Rüdiger Weis Eingereicht am: 04.03.2019 Kurzfassung E-Mails enthalten häufig sensible und schützenswerte Inhalte, die nicht für Dritte be- stimmt sind. Obwohl die E-Mail ein weit verbreiteter Kommunikationsstandard ist, er- füllt sie viele aktuelle Sicherheitsanforderungen nicht [Foster et al., 2015]. Eines der Probleme ist, dass E-Mail-Inhalte im Klartext auf den Servern des E-Mail-Providers ge- speichert sind. Dort haben berechtigte und unberechtigte Dritte eine dauerhafte Möglich- keit, auf diese zuzugreifen. Um das zu verhindern, wurde die sogenannte persönliche E- Mail-Postfachverschlüsselung entwickelt. Diese neuartige, serverseitige Schutzmaßnah- me speichert eingehende E-Mails verschlüsselt ab. Sie sorgt dafür, dass die verschlüssel- ten E-Mails ausschließlich durch den Nutzer bzw. dessen Passwort entschlüsselt werden können. In dieser Masterarbeit soll untersucht werden, ob der Einsatz von Postfachverschlüs- selungstechniken Auswirkungen auf den E-Mail-Server-Betrieb hat und wie sich die- se darstellen. Hierbei werden die vier Postfachverschlüsselungstechniken GPG-Sieve- Filter, MailCrypt, Scrambler und TREES miteinander verglichen. Dazu werden die ver- schiedenen Techniken analysiert, eine Testumgebung entwickelt, sowie eine Messreihe konzipiert und durchgeführt. Abstract In digital communication, e-mail is an indispensable means of communication. They often contain sensitive and protective content that is not intended for third parties. Alt- hough e-mail is such an important and widespread communication standard, it it does not meet modern security requirements [Foster et al., 2015].
    [Show full text]
  • Administration Guide Administration Guide SUSE Linux Enterprise High Availability Extension 15 SP1 by Tanja Roth and Thomas Schraitle
    SUSE Linux Enterprise High Availability Extension 15 SP1 Administration Guide Administration Guide SUSE Linux Enterprise High Availability Extension 15 SP1 by Tanja Roth and Thomas Schraitle This guide is intended for administrators who need to set up, congure, and maintain clusters with SUSE® Linux Enterprise High Availability Extension. For quick and ecient conguration and administration, the product includes both a graphical user interface and a command line interface (CLI). For performing key tasks, both approaches are covered in this guide. Thus, you can choose the appropriate tool that matches your needs. Publication Date: September 24, 2021 SUSE LLC 1800 South Novell Place Provo, UT 84606 USA https://documentation.suse.com Copyright © 2006–2021 SUSE LLC and contributors. All rights reserved. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or (at your option) version 1.3; with the Invariant Section being this copyright notice and license. A copy of the license version 1.2 is included in the section entitled “GNU Free Documentation License”. For SUSE trademarks, see http://www.suse.com/company/legal/ . All other third-party trademarks are the property of their respective owners. Trademark symbols (®, ™ etc.) denote trademarks of SUSE and its aliates. Asterisks (*) denote third-party trademarks. All information found in this book has been compiled with utmost attention to detail. However, this does not guarantee complete accuracy. Neither SUSE
    [Show full text]
  • English Arabic Technical Computing Dictionary
    English Arabic Technical Computing Dictionary Arabeyes Arabisation Team http://wiki.arabeyes.org/Technical Dictionary Versin: 0.1.29-04-2007 April 29, 2007 This is a compilation of the Technical Computing Dictionary that is under development at Arabeyes, the Arabic UNIX project. The technical dictionary aims to to translate and standardise technical terms that are used in software. It is an effort to unify the terms used across all Open Source projects and to present the user with consistant and understandable interfaces. This work is licensed under the FreeBSD Documentation License, the text of which is available at the back of this document. Contributors are welcome, please consult the URL above or contact [email protected]. Q Ì ÉJ ªË@ éÒ¢@ Ñ«YË QK AK.Q« ¨ðQåÓ .« èQK ñ¢ ÕæK ø YË@ úæ®JË@ úGñAm '@ ñÓA®ÊË éj èYë . l×. @QK. éÔg. QK ú¯ éÊÒªJÖÏ@ éJ J®JË@ HAjÊ¢Ö Ï@ YJ kñKð éÔg. QK úÍ@ ñÓA®Ë@ ¬YîE .ºKñJ ËAK. éîD J.Ë@ ÐYjJÒÊË éÒj. Óð éÓñê®Ó H. ñAg éêk. @ð Õç'Y®JË ð á ÔgQÖÏ@ á K. H. PAJË@ øXA®JË ,H. ñAmÌ'@ . ¾JÖ Ï .ñÓA®Ë@ éK AîE ú ¯ èQ¯ñJÖÏ@ ð ZAKñÊË ø X @ ú G. ø Q¯ ékP ù ë ñÓA®Ë@ ékP . éJ K.QªËAK. ÕÎ @ [email protected] . úΫ ÈAB@ ð@ èC«@ à@ñJªË@ úÍ@ H. AëYË@ ZAg. QË@ ,á ÒëAÖÏ@ ɾK. I. kQK A Abortive release êm .× (ú¾J.) ¨A¢®K@ Abort Aêk . @ Abscissa ú æJ Absolute address Ê¢Ó à@ñ J« Absolute pathname Ê¢Ó PAÓ Õæ @ Absolute path Ê¢Ó PAÓ Absolute Ê¢Ó Abstract class XQm.× ­J Abstract data type XQm.× HA KAJ K.
    [Show full text]
  • Introduction to Linux Virtual Server and High Availability
    Outlines Introduction to Linux Virtual Server and High Availability Chen Kaiwang [email protected] December 5, 2011 Chen Kaiwang [email protected] LVS-DR and Keepalived Outlines If you don't know the theory, you don't have a way to be rigorous. Robert J. Shiller http://www.econ.yale.edu/~shiller/ Chen Kaiwang [email protected] LVS-DR and Keepalived Outlines Misery stories I Jul 2011 Too many connections at zongheng.com I Aug 2011 Realserver maintenance at 173.com quiescent persistent connections I Nov 2011 Health check at 173.com I Nov 2011 Virtual service configuration at 173.com persistent session data Chen Kaiwang [email protected] LVS-DR and Keepalived Outlines Outline of Part I Introduction to Linux Virtual Server Configuration Overview Netfilter Architecture Job Scheduling Scheduling Basics Scheduling Algorithms Connection Affinity Persistence Template Persistence Granularity Quirks Chen Kaiwang [email protected] LVS-DR and Keepalived Outlines Outline of Part II HA Basics LVS High Avaliablity Realserver Failover Director Failover Solutions Heartbeat Keepalived Chen Kaiwang [email protected] LVS-DR and Keepalived LVS Intro Job Scheduling Connection Affinity Quirks Part I Introduction to Linux Virtual Server Chen Kaiwang [email protected] LVS-DR and Keepalived LVS Intro Job Scheduling Configuration Overview Connection Affinity Netfilter Architecture Quirks Introduction to Linux Virtual Server Configuration Overview Netfilter Architecture Job Scheduling Scheduling Basics Scheduling Algorithms Connection Affinity Persistence Template Persistence Granularity Quirks Chen Kaiwang [email protected] LVS-DR and Keepalived LVS Intro Job Scheduling Configuration Overview Connection Affinity Netfilter Architecture Quirks A Linux Virtual Serverr (LVS) is a group of servers that appear to the client as one large, fast, reliable (highly available) server.
    [Show full text]
  • Keepalived User Guide Release 1.4.3
    Keepalived User Guide Release 1.4.3 Alexandre Cassen and Contributors March 06, 2021 Contents 1 Introduction 1 2 Software Design 3 3 Load Balancing Techniques 11 4 Installing Keepalived 13 5 Keepalived configuration synopsis 17 6 Keepalived programs synopsis 23 7 IPVS Scheduling Algorithms 27 8 IPVS Protocol Support 31 9 Configuring SNMP Support 33 10 Case Study: Healthcheck 37 11 Case Study: Failover using VRRP 43 12 Case Study: Mixing Healthcheck & Failover 47 13 Terminology 51 14 License 53 15 About These Documents 55 16 TODO List 57 Index 59 i ii CHAPTER 1 Introduction Load balancing is a method of distributing IP traffic across a cluster of real servers, providing one or more highly available virtual services. When designing load-balanced topologies, it is important to account for the availability of the load balancer itself as well as the real servers behind it. Keepalived provides frameworks for both load balancing and high availability. The load balancing framework relies on the well-known and widely used Linux Virtual Server (IPVS) kernel module, which provides Layer 4 load balancing. Keepalived implements a set of health checkers to dynamically and adaptively maintain and manage load balanced server pools according to their health. High availability is achieved by the Virtual Redundancy Routing Protocol (VRRP). VRRP is a fundamental brick for router failover. In addition, keepalived implements a set of hooks to the VRRP finite state machine providing low-level and high-speed protocol interactions. Each Keepalived framework can be used independently or together to provide resilient infrastructures. In this context, load balancer may also be referred to as a director or an LVS router.
    [Show full text]
  • Combatting Spam Using Mimedefang, Spamassassin and Perl
    Combating Spam Using SpamAssassin, MIMEDefang and Perl Copyright 2003 David F. Skoll Roaring Penguin Software Inc. (Booth #23) Administrivia Please turn off or silence cell phones, pagers, Blackberry devices, etc... After the tutorial, please be sure to fill out an evaluation form and return it to the USENIX folks. 2 Overview After this tutorial, you will: Understand how central mail filtering works. Know how to use MIMEDefang to filter mail. Be able to integrate SpamAssassin into your mail filter. Know how to implement mail filtering policies with MIMEDefang and Perl. Know how to fight common spammer tactics. 3 Outline Introduction to Mail Filtering Sendmail's Milter API MIMEDefang Introduction, Architecture Writing MIMEDefang Filters SpamAssassin Integration Advanced Filter Writing Fighting Common Spammer Tactics Advanced Topics Policy Suggestions 4 Assumptions I assume that you: Are familiar with Sendmail configuration. You don't need to be a sendmail.cf guru, but should know the basics. Are familiar with Perl. Again, you don't need to be able to write an AI program in a Perl one- liner, but should be able to read simple Perl scripts. Are running the latest version of Sendmail 8.12 on a modern UNIX or UNIX-like system. 5 Why Filter Mail? The old reason: to stop viruses. The new reason: to stop spam and inappropriate content. Blocking viruses is easy. Block .exe and similar files, and test against signature databases. Blocking spam is hard, but becoming increasingly important. Organizations can even face lawsuits over inappropriate content. 6 Mail filtering is required for many reasons. In addition to the reasons given on the slide, you might need to filter outgoing mail as well to prevent virus propagation, dissemination of sensitive information, etc.
    [Show full text]
  • Rethinking Security
    RETHINKING SECURITY Fighting Known, Unknown and Advanced Threats kaspersky.com/business “Merchants, he said, are either not running REAL DANGERS antivirus on the servers managing point- of-sale devices or they’re not being updated AND THE REPORTED regularly. The end result in Home Depot’s DEMISE OF ANTIVIRUS case could be the largest retail data breach in U.S. history, dwarfing even Target.” 1 Regardless of its size or industry, your business is in real danger of becoming a victim of ~ Pat Belcher of Invincea cybercrime. This fact is indisputable. Open a newspaper, log onto the Internet, watch TV news or listen to President Obama’s recent State of the Union address and you’ll hear about another widespread breach. You are not paranoid when you think that your financial data, corporate intelligence and reputation are at risk. They are and it’s getting worse. Somewhat more controversial, though, are opinions about the best methods to defend against these perils. The same news sources that deliver frightening stories about costly data breaches question whether or not anti-malware or antivirus (AV) is dead, as reported in these articles from PC World, The Wall Street Journal and Fortune magazine. Reports about the death by irrelevancy of anti-malware technology miss the point. Smart cybersecurity today must include advanced anti-malware at its core. It takes multiple layers of cutting edge technology to form the most effective line of cyberdefense. This eBook explores the features that make AV a critical component of an effective cybersecurity strategy to fight all hazards targeting businesses today — including known, unknown and advanced cyberthreats.
    [Show full text]
  • Cyren's 2016 Cyberthreat Report
    2016 CYBERTHREAT Report AUTOMATED THREAT INTELLIGENCE: The Key to Preventing, Mitigating, and Identifying Cyber Breaches Introduction .................................................................................................4 The Cloud Sandbox Array: A New Tool Against Cybercrime .....................6 The Benefits of Big Data .......................................................................... 12 2016 Predictions....................................................................................... 14 Malware Newsmakers of 2015 ................................................................ 16 The Criminal Power of the Unknown ...................................................... 22 2015 Statistics: Android, Phishing, Malware, Spam ............................... 26 Table of Contents Table CYREN 2016 CYBERTHREAT REPORT 3 INTRODUCTION Lior Kohavi Chief Technical Officer, CYREN, Inc. There is a false perception that sophisticated attacks are too difficult to prevent and the only alternative is detection. But detection is NOT the new prevention. Cybersecurity professionals must make it their mission to STOP attacks, not just become proficient at detecting them. It's no secret that cybercriminals are willing to spend a lot of time and money to obtain the information they desire. And, the risk that these criminals will be caught and convicted is relatively low. Despite well-publicized botnet takedowns, like that of Darknode this past July, researchers estimate that less than 1% of cybercrimes receive a corresponding conviction.
    [Show full text]
  • BCIS 1305 Business Computer Applications
    BCIS 1305 Business Computer Applications BCIS 1305 Business Computer Applications San Jacinto College This course was developed from generally available open educational resources (OER) in use at multiple institutions, drawing mostly from a primary work curated by the Extended Learning Institute (ELI) at Northern Virginia Community College (NOVA), but also including additional open works from various sources as noted in attributions on each page of materials. Cover Image: “Keyboard” by John Ward from https://flic.kr/p/tFuRZ licensed under a Creative Commons Attribution License. BCIS 1305 Business Computer Applications by Extended Learning Institute (ELI) at NOVA is licensed under a Creative Commons Attribution 4.0 International License, except where otherwise noted. CONTENTS Module 1: Introduction to Computers ..........................................................................................1 • Reading: File systems ....................................................................................................................................... 1 • Reading: Basic Computer Skills ........................................................................................................................ 1 • Reading: Computer Concepts ........................................................................................................................... 1 • Tutorials: Computer Basics................................................................................................................................ 1 Module 2: Computer
    [Show full text]