Welcome to Atheist Discussion, a new community created by former members of The Thinking Atheist forum.

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Low Budget High Availability Network
#1

Low Budget High Availability Network
I work for a company owned by a small Native American nation. The tribe has several companies that specialize in different things. One that does logistics. One that does facilities support. One that does weather forecasting. Another that does security work. One that just provides back office support to the other companies. That kind of thing. Most of but not all of our business is with the government. 

Fucking Government IT security regulations are killing us. The expense has been astronomical. A couple of months ago the boss pointed at me and said, "Find a way to cut costs!" I wrangled a budget out him, got a lot of help from a couple of guys that don't know the first thing about systems administration, and we came up with this.

[Image: KZZ61LK.png]

[Image: BrThnJg.png]

[Image: 1RoLNrj.png]

A bunch of used hardware running open source software. We are still testing and it hasn't gone live yet, but we are hoping to move everything over to this hardware in a couple or 3 months. 

There are 6 separate networks. A guest network. One for VOIP. A redundant LAN. A redundant LAN that connects the servers to the SAN's. A management network that just connects management ports. And a separate security management network.  

We have two separate ISP's. WAN A  is a symmetrical 1 Gig fiber. WAN B is copper based 1 Gig down and 35 Meg up. The routers are Dell R610's running PFSense. The servers are Dell R710's running CentOS. They are setup as a high availability cluster with four Dell R510's configured as SAN's. Each of the 510's has 24 TB of drives, but each box is setup for for RAID 6 and there are two mirrored pairs so about 40 TB of usable storage. I don't even know what the hardware is for the security server. It is whatever we were using before we bought the Dell we are using now. It is running Security Onion. It is the master node and has a VM storage node for logging. Each of the routers and servers have a VM configured as a forward node for NIDS running Snort and Bro, and HIDS running Wazuh. The Security Onion master does the analysis. It integrates the Sguil, Squert, Kibana and CapMe tools into a single console. 

One the harder problems we are working on is each company's VM has to be a stand alone domain. That requirement is written in stone due to the kind of organization we are. While we employees often do things for multiple companies, the companies have to be completely separate entities. We can't even appear to look like divisions of the same company. 

Right now we have spent about $20,000 on hardware including memory upgrades, lots of additional NIC ports, and a dozen reconditioned 2200 VA UPS units. That's only about a month's worth of our current IT costs. If we can get it running, and keep it running (the later being harder for us than the former) we will replace all the hardware over the next couple of years with new stuff. The UPS units alone for that will probably run us $30,000. 

Anyway that's where we are going right now, but if any of you who got through this TLDR post have suggestions on how we should do things differently I'd be happy to hear listen. As I said this is all being setup by a a few guys with little to no experience in systems administration, and we are learning as we go...
Save a life. Adopt a Greyhound.
[Image: JUkLw58.gif]
Reply
#2

Low Budget High Availability Network
Simple question: if you have little to no experience, how can you even speak that acronym soup?
I don't have enough experience to add anything. Hurrah for using open source .
Reply
#3

Low Budget High Availability Network
We are learning as we go. I've spent a good bit of time hunting for cheap hardware and researching what tools to use. Rae and Mike are the ones that are actually implementing it.
Save a life. Adopt a Greyhound.
[Image: JUkLw58.gif]
Reply
#4

Low Budget High Availability Network
I am slowly wrapping my brain around it, and figuring out the whys. When I have something constructive I will send you a PM
The following 1 user Likes skyking's post:
  • PopeyesPappy
Reply
#5

Low Budget High Availability Network
I sort of wish I knew what the fuck you were talking about.

Oh well.  I'll just go have a glass of wine.
Robert G. Ingersoll : “No man with a sense of humor ever founded a religion.”
The following 1 user Likes Minimalist's post:
  • skyking
Reply
#6

Low Budget High Availability Network
(08-30-2019, 12:03 AM)Minimalist Wrote: I sort of wish I knew what the fuck you were talking about.

Oh well.  I'll just go have a glass of wine.

lol
Save a life. Adopt a Greyhound.
[Image: JUkLw58.gif]
Reply
#7

Low Budget High Availability Network
[Image: giphy.gif]
[Image: signature%20The-Ascension-of-Iweko.jpg]
The following 1 user Likes Dānu's post:
  • PopeyesPappy
Reply
#8

Low Budget High Availability Network
(08-29-2019, 08:38 PM)PopeyesPappy Wrote: Fucking Government IT security regulations are killing us. The expense has been astronomical. A couple of months ago the boss pointed at me and said, "Find a way to cut costs!" I wrangled a budget out him, got a lot of help from a couple of guys that don't know the first thing about systems administration, and we came up with this...

LOL... I have not the faintest notion of what any... all... of this post means mate.  But it looks, um, professional.

I think?     Big Grin
I'm a creationist;   I believe that man created God.
The following 1 user Likes SYZ's post:
  • PopeyesPappy
Reply
#9

Low Budget High Availability Network
As a software developer I try my best to only know enough about system administration to be dangerous.

My son was the sysadmin, and a mighty fine and intuitive one. If I had any problems I let him have at my keyboard for a few minutes and it was all made right. Half the time he wasn't even able to explain it. He'd go into a fugue state and type at what seemed like 200 wpm and windows were flying everywhere and then he was done.

I miss him for practical as well as emotional reasons ...
Reply




Users browsing this thread: 1 Guest(s)