Hi everyone,
Good to meet you all last night and big thanks to Clive for coordinating it for
us.
I spent a bit of time last night and this morning reflecting on Nigel’s
fileserver project for Nene Valley Railway (NVR). I thought it would be useful
for us to capture the project in a document to help guide us over the next few
weeks/meetings as we discuss and hopefully implement a solution. What follows
is a markdown formatted document that I believe we should all have input into
as it is unfinished and at the moment it is just one person's
opinion/experience/expertise and I’m sure you all have much to add and debate.
Beyond implementing a solution to NVR's file sharing problem I think it is
really important that this project provides a learning opportunity for all PLUG
members and I hope that it provides a basis for the revival of the PLUG.
Regards,
Russell
# Nene Valley Railway Fileserver
## Situation
Nigel Law is a member of the Peterborough Linux User Group (PLUG) and
works/volunteers (?) at the Nene Valley Railway (NVR). NVR have an existing
Windows PC which has been configured to share storage {“the Windows Share”)
amongst 15-20 Windows client machines on an internal LAN. “The Windows Share”
PC is administered by a computer business (“the admin guy”) and NVR doesn’t
have admin privileges on it. This means simple admin tasks such as file
cleanup, and adding_deleting users are not currently possible without the paid
support of “the admin guy”. “The Windows Share” is backed up to a Synology NAS
box (“the backup server”) however users do save data to their local machine
which is not backed up.
NVR wish to repurpose “the windows share” machine so that:
* users of the client machines are forced to save their data to the shared
storage which is backed up to “the backup server”
* simple admin tasks such as file cleanup, user administration etc can be done
without paid support from “the admin guy”
An NVR Board Member (“the Linux guy”) who has experience with OpenSUSE has
gained board approval to repurpose “the Windows Machine” to a bare metal
OpenSUSE Samba Server. This solves the cost associated with “the admin guy” and
allows NVR to do simple admin tasks themselves. However, this solution is less
than optimal as it doesn’t implement a Windows Policy that forces users of the
Windows Client machines to save data to “the Windows Server”. It also
introduces other problems associated with a “pet”, bare-metal server that has
been custom configured by one person ie. “the Linux guy” becomes “the admin guy
Version 2”.
## Considerations
* Cost - £0 or as close to as possible
* Hardware - reuses the currently available PCs
* Disaster recovery - Malware/Ransomware (it is a Windows environment after
all), fire, theft, flood
* Backup - Is data mission critical? Could operations continue if all data were
lost? Is the existing backup strategy suitable?
* Uptime - as high as possible without the cost of High Availability (HA). Even
99% uptime means 3.6 days of downtime per year
* Reporting - abnormal operation needs to be reported
## Objectives
* propose a solution that would be more robust than the bare metal OpenSUSE
system currently approved but the NVR board
* install and configure a suitable Linux distro onto Nigel’s development
machine so that it could be used in the NVR production environment
* document the install and config so that it can be replicated in production
and administered by someone else who wasn’t involved in the machine’s
commissioning
* test Nigel’s development machine with client windows machines (not sure how
we’d do this)
* provide a learning opportunity to members of PLUG
* provide a basis for the revival of PLUG
* **Stretch Objective 1:** Nigel to take the machine developed by PLUG to the
NVR board with or without support from PLUG members
* **Stretch Objective 2:** PLUG member(s) to assist with the installation,
config and commissioning of the PLUG solution (?)
* **Stretch Objective 3:** Provide a positive image of Linux to NVR ie. a
robust, cheap, performant and easy-to-administer system
## Proposal
* Install a suitable distro onto Nigel’s development machine
* Configure a RAID (hardware or software) array that can tolerate x disk(s)
failing (the choice of hardware or software RAID may influence distro choice)
* Configure SAMBA for file serving
* Configure SAMBA for Active Directory for Windows user admin and Windows
Policy enforcement
* Configure the distro to report abnormal system operations to include SMART
hard drive data, hard drive array degradation, memory usage, system Load, and
low free disk space, x, x, and x…. Reporting ideally should be to a mobile
phone(s) rather than email ie. less easy to ignore
* Implement a way to backup to “the backup server”
* Implement a 3-2-1 backup strategy with the current equipment
* Implement a pull rather than push backup strategy ie. “The backup server”
pulls data from “the windows share” machine rather than “the windows share”
machine pushing data to “the backup server”. This mitigates the risk of a
ransomware attack encrypting “the windows share” machine as well as “the backup
server”
*
## Suitable Distros
* Zentyal
* Pros:
* Ubuntu/Debian based
* Provides SAMBA Server
* Provides Active Directory Server
* Cons:
* No free version just a 45-day trial
* NethServer
* Pros:
*
* Cons:
*
* ClearOS
* Pros:
*
* Cons:
*
* Proxmox + other virtualised distros
* Pros:
*
* Cons:
*
* TrueNAS (previously FreeNAS)
* Pros:
* Linux-based version (TrueNAS SCALE) available
* Cons:
* Active Directory???
* unRAID
* Pros:
*
* Cons:
* .
* …
> On 6 Sep 2022, at 10:11, clive via Peterboro <peterboro@mailman.lug.org.uk>
> wrote:
>
> Nigel Law
--
Peterboro mailing list
Peterboro@mailman.lug.org.uk
https://mailman.lug.org.uk/mailman/listinfo/peterboro
