Re: [squid-users] Recommended Hardware for my setup
On 14.06 11:39, Jason Williams wrote: I do have a 'desktop' type box with the following specs on it: -1.8ghz Athlon CPU -1gig DDR Ram -1 80 gig IDE drive. Nothing fancy, but it might work. I'd like a 1U solution, but if this fits the bill, it is something I definitely could work with. I priced a Dell Power Edge 750, with a 2.4ghz, 512mb RAM, 40gig drive, 1U for about $500. If I can avoid that, I will though so i can save some cash. both should be enough, however I'd advise a bit more RAM for both cases, expecially if you are going to do more than just proxying there. The CPU is not that important, unless you have large ACL lists and can't optimize them, or don't do _hard_ content filtering. I'd prefer the first configuration and it should be enough for squid and filters too. -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Chernobyl was an Windows 95 beta test site.
Re: [squid-users] Recommended Hardware for my setup
Matus UHLAR - fantomas wrote: On 14.06 11:39, Jason Williams wrote: I do have a 'desktop' type box with the following specs on it: -1.8ghz Athlon CPU -1gig DDR Ram -1 80 gig IDE drive. Nothing fancy, but it might work. I'd like a 1U solution, but if this fits the bill, it is something I definitely could work with. I priced a Dell Power Edge 750, with a 2.4ghz, 512mb RAM, 40gig drive, 1U for about $500. If I can avoid that, I will though so i can save some cash. both should be enough, however I'd advise a bit more RAM for both cases, expecially if you are going to do more than just proxying there. The CPU is not that important, unless you have large ACL lists and can't optimize them, or don't do _hard_ content filtering. I'd prefer the first configuration and it should be enough for squid and filters too. I just double checked the first configuration here. 1.8ghz CPU 1.5gig DDR RAM. 80 gig IDE Drive (although, curious enough, FreeBSD only sees 33gigs of it.) Anyway, I might go with that solution. Nothing fancy, but shoud suffice.I may try and build a similar box for backup purposes. BTW, anyone here use additional plugins for web/content filtering? Something like: http://www.safesquid.com http://dansguardian.org I need something to block against all the spyware crap that can instantly be installed on users machines. Drives me nutz. Thanks, Jason
Re: [squid-users] Recommended Hardware for my setup
Denis Vlasenko wrote: IMHO: ~1GHz CPU will be enough. The bigger your disk cache, the more RAM you'll need. My on-disk cache size is 377,400,741, RAM usage is: PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND 20383 squid 16 0 27548 22M 800 S 0.0 9.2 43:05 0 squid Feel free to extrapolate. Unless your company insists on having blazing download speeds with multiple downloads from many machines, you can get away with fairly ordinary disks. Typically it is limited by speed of external link. -- vda Thanks for the suggestions. I do have a 'desktop' type box with the following specs on it: -1.8ghz Athlon CPU -1gig DDR Ram -1 80 gig IDE drive. Nothing fancy, but it might work. I'd like a 1U solution, but if this fits the bill, it is something I definitely could work with. I priced a Dell Power Edge 750, with a 2.4ghz, 512mb RAM, 40gig drive, 1U for about $500. If I can avoid that, I will though so i can save some cash. Besides Squid, i'm looking for additional content/web filtering ideas. the two im currently looking at are: http://dansguardian.org/ http://www.safesquid.com/home/portal.php?page=5 If anyone has other's they like, im all eyes. Thanks, Jason
Re: [squid-users] Recommended Hardware for my setup
Unless you are planning to run on hardware that has been around for a while, I would say it makes no difference in performance using SCSI or IDE with 70 users. Or 300 for that matter. For security reasons you might want to set up som kind of disk mirroring. There are a few hardware options both for SCSI and IDE mirroring, and S-ATA of course. You can choose whichever you find most attractive. Keep in mind that IDE disks rarely can be hotswapped. And last, make a fictional disk failure.. Do you know what to do if a disk fails? How would you even know it has failed if the system is still running just fine? Some questions to keep in mind.. :) /Andreas Jason Williams wrote: Greetings everyone. After a long hard fought battle, I finally have received permission to run squid on our network. I've always run squid on my home network (with great success) and now im looking to do it in the corporate world. With that, I was hoping to get some type of idea on hardware needs and possible some suggestions on where to buy/get my hardware. Ok. Company is around 70 people currently. Growth is very real possibility. Coupled with using squid, I will also be using: http://dansguardian.org/ For web content filtering. (And won't I come out smelling like roses when I show them we don't have to pay $15k for a web content system!) That's it for now. Squid + web content filtering. I know squid uses more memory than CPU power. what about disks? SCSI? IDE? does it matter? Obviously, I would like good performance, but prefer security over performance. Thanks everyone. Cheers, Jaso
RE: [squid-users] Recommended Hardware for my setup
-Original Message- From: Jason Williams [mailto:[EMAIL PROTECTED] Sent: Friday, June 10, 2005 2:14 PM To: squid-users@squid-cache.org Subject: [squid-users] Recommended Hardware for my setup Greetings everyone. After a long hard fought battle, I finally have received permission to run squid on our network. I've always run squid on my home network (with great success) and now im looking to do it in the corporate world. With that, I was hoping to get some type of idea on hardware needs and possible some suggestions on where to buy/get my hardware. Ok. Company is around 70 people currently. Growth is very real possibility. Coupled with using squid, I will also be using: http://dansguardian.org/ For web content filtering. (And won't I come out smelling like roses when I show them we don't have to pay $15k for a web content system!) That's it for now. Squid + web content filtering. I know squid uses more memory than CPU power. what about disks? SCSI? IDE? does it matter? Obviously, I would like good performance, but prefer security over performance. Thanks everyone. Cheers, Jaso http://www.squid-cache.org/Doc/FAQ/FAQ-3.html#ss3.1 and http://wwwcache.ja.net/servers/squids.html Sure, it might be old information, but gives you an idea... Spend your money on quality parts. For so few users, the speed of the parts is not going to be too important. Any Pentium II based system would (likely) be more than enough to handle the load placed by 70 concurrent users. Memory is certainly important, but most of your cache is going to wind up on disk. Chris
Re: [squid-users] Recommended Hardware for my setup
Thanks guys for your input. I was hoping to find some type of 1U server with a decent CPU, good ram and good disk(s). Because of the setup I would be running and knowing that I will begin with 70 users and grow to 100 over the course of about 6 months, I was trying to plan for that as well. I have thought about looking at ebay, because the server I need, doesn't need to be all powerful. Just realiable, with good RAM and disks. I appreciate it. Cheers, jason Andreas Pettersson wrote: Unless you are planning to run on hardware that has been around for a while, I would say it makes no difference in performance using SCSI or IDE with 70 users. Or 300 for that matter. For security reasons you might want to set up som kind of disk mirroring. There are a few hardware options both for SCSI and IDE mirroring, and S-ATA of course. You can choose whichever you find most attractive. Keep in mind that IDE disks rarely can be hotswapped. And last, make a fictional disk failure.. Do you know what to do if a disk fails? How would you even know it has failed if the system is still running just fine? Some questions to keep in mind.. :) /Andreas Jason Williams wrote: Greetings everyone. After a long hard fought battle, I finally have received permission to run squid on our network. I've always run squid on my home network (with great success) and now im looking to do it in the corporate world. With that, I was hoping to get some type of idea on hardware needs and possible some suggestions on where to buy/get my hardware. Ok. Company is around 70 people currently. Growth is very real possibility. Coupled with using squid, I will also be using: http://dansguardian.org/ For web content filtering. (And won't I come out smelling like roses when I show them we don't have to pay $15k for a web content system!) That's it for now. Squid + web content filtering. I know squid uses more memory than CPU power. what about disks? SCSI? IDE? does it matter? Obviously, I would like good performance, but prefer security over performance. Thanks everyone. Cheers, Jaso
Re: [squid-users] Recommended Hardware for my setup
On 6/10/05, Jason Williams [EMAIL PROTECTED] wrote: After a long hard fought battle, I finally have received permission to run squid on our network. I've always run squid on my home network (with great success) and now im looking to do it in the corporate world. With that, I was hoping to get some type of idea on hardware needs and possible some suggestions on where to buy/get my hardware. Your choice of hardware will be dictated to a great extent by your choice of operating system, and might also be influenced by your budget and your employer -- in my case, corporate purchasing mandates that we we buy from Dell, so I use the Dell PE1850 for smaller critical boxes. With just 70 employees, even the lowly PE750 would be overkill. My first recommendation for the corporate world is to plan on purchasing two identical machines and operate either behind a load-balancer or with a reliable failover solution -- if you use Proxy Automatic Configuration (PAC) instead of transparent proxy, you can even have the clients themselves do both load-balancing and failover in the PAC script. I know squid uses more memory than CPU power. what about disks? SCSI? IDE? does it matter? Obviously, I would like good performance, A server built with Ultra-320 SCSI using 15KRPM drives will give insanely good drive performance, plus SCSI drives can offer enhanced reliability, longer warranties, and hot-swap. While a SCSI-based server may be considerably more expensive than IDE or SATA, take into consideration that they also tend to be higher-end all around, with dual power supplies, lights-out data center features, etc. ... but prefer security over performance. My solution to get the utmost security (at the cost of performance) is to run Squid on OpenBSD under systrace. This restricts the system calls the Squid app can make. Systrace is also available for other OSes: http://www.systrace.org/ Ok. Company is around 70 people currently. Growth is very real possibility. You mentioned the number of employees, but not the available bandwidth or the current average and peak traffic volumes for desktop web browsing. It'd help to have an idea of the current and historical browser activity, in terms of requests-per-second and bytes-per-second. Having statistics will also be useful in proving how the savings in time and bandwidth that come from serving cached content, and from blocking undesirable content. Plus management likes colorful easy to read graphs. Think USA Today. Coupled with using squid, I will also be using: http://dansguardian.org/ For web content filtering. (And won't I come out smelling like roses when I show them we don't have to pay $15k for a web content system!) I personally would *NOT* be comfortable using dansguardian to block web browsing in a business setting, but that's just me. I suppose if you were to take logs of your current traffic and whitelist all the domains which look like they have any possibility of being important to your employees getting their jobs done, dansguardian *might* be acceptable. Maybe. Kevin Kadow
Re: [squid-users] Recommended Hardware for my setup
Kevin wrote: Your choice of hardware will be dictated to a great extent by your choice of operating system, and might also be influenced by your budget and your employer -- in my case, corporate purchasing mandates that we we buy from Dell, so I use the Dell PE1850 for smaller critical boxes. Very good point. I left that out by mistake. My first two choices for OS would be FreeBSD or OpenBSD. I am very familiar with both and run a few of them on our company network doing a variety of tasks With just 70 employees, even the lowly PE750 would be overkill. Just saw that one on dell. Starts at about $550. Comes with 256mb RAM. Suggestion to upgrade more? Maybe 512 at the least, 1gb at best? CPU is fine. Single 40gb SATA drive. should be sufficient. My first recommendation for the corporate world is to plan on purchasing two identical machines and operate either behind a load-balancer or with a reliable failover solution -- if you use Proxy Automatic Configuration (PAC) instead of transparent proxy, you can even have the clients themselves do both load-balancing and failover in the PAC script. Yes. That is what I originally had in mind. Assuming I have the budget to buy two machines (hopefully I do), i would doing something very similar. A server built with Ultra-320 SCSI using 15KRPM drives will give insanely good drive performance, plus SCSI drives can offer enhanced reliability, longer warranties, and hot-swap. While a SCSI-based server may be considerably more expensive than IDE or SATA, take into consideration that they also tend to be higher-end all around, with dual power supplies, lights-out data center features, etc. My solution to get the utmost security (at the cost of performance) is to run Squid on OpenBSD under systrace. This restricts the system calls the Squid app can make. Systrace is also available for other OSes: http://www.systrace.org/ Yes. I like systrace and especially OpenBSD. You mentioned the number of employees, but not the available bandwidth or the current average and peak traffic volumes for desktop web browsing. Well, we have a T-1 currently. One of my current tasks is to measure our bandwidth usage. It definitely needs to be cutback. The CEO was very nice in letting users surf freely for awhle. However, after a recent nasty incident, the door will slam shut on that very soon. Hence, the go ahead on my long awaited squid proxy server. It'd help to have an idea of the current and historical browser activity, in terms of requests-per-second and bytes-per-second. Having statistics will also be useful in proving how the savings in time and bandwidth that come from serving cached content, and from blocking undesirable content. Plus management likes colorful easy to read graphs. Think USA Today. All Very good points and items I definitely plan on mentioning to the board. I personally would *NOT* be comfortable using dansguardian to block web browsing in a business setting, but that's just me. I suppose if you were to take logs of your current traffic and whitelist all the domains which look like they have any possibility of being important to your employees getting their jobs done, dansguardian *might* be acceptable. Maybe. Is there another plugin of some sort that works in conjunction with squid for web content filtering? I've come across another one called http://www.safesquid.com I really need some type of addition to squid to filter out crap and ensure it doesn't get on my users computers (spyware...). Since most of our vendors websites use only IE, I am unable to switch others to something like Firefox. So, im stuck Kevin Kadow Thanks, Cheers, Jason
Re: [squid-users] Recommended Hardware for my setup
On 6/10/05, Jason Williams [EMAIL PROTECTED] wrote: Thanks guys for your input. I was hoping to find some type of 1U server with a decent CPU, good ram and good disk(s). Because of the setup I would be running and knowing that I will begin with 70 users and grow to 100 over the course of about 6 months, I was trying to plan for that as well. I have thought about looking at ebay, because the server I need, doesn't need to be all powerful. Just realiable, with good RAM and disks. Given these specs, you might look at the HP Proliant DL145, low-end models show up on eBay at around $1300. On 6/10/05, Chris Robertson [EMAIL PROTECTED] wrote: Spend your money on quality parts. For so few users, the speed of the parts is not going to be too important. Any Pentium II based system would (likely) be more than enough to handle the load placed by 70 concurrent users. Memory is certainly important, but most of your cache is going to wind up on disk. The key words for your server search are quality and redundant. When my job is riding on the service being up, I want a name brand system, two identical units, and all the (automatic) redundancy the company can afford. Kevin Kadow
Re: [squid-users] Recommended Hardware for my setup
On 6/10/05, Jason Williams [EMAIL PROTECTED] wrote: Kevin wrote: Your choice of hardware will be dictated to a great extent by your choice of operating system, and might also be influenced by your budget and your employer -- in my case, corporate purchasing mandates that we we buy from Dell, so I use the Dell PE1850 for smaller critical boxes. Very good point. I left that out by mistake. My first two choices for OS would be FreeBSD or OpenBSD. I am very familiar with both and run a few of them on our company network doing a variety of tasks With just 70 employees, even the lowly PE750 would be overkill. Just saw that one on dell. Starts at about $550. Comes with 256mb RAM. Suggestion to upgrade more? Maybe 512 at the least, 1gb at best? CPU is fine. Single 40gb SATA drive. should be sufficient. There's one nasty problem with the PE750 and OpenBSD -- if you go with the SATA drives, the onboard controller is not supported in DMA mode, so you would need to put a supported PCI controller in one of the two slots. The embedded Intel 'em' controllers available on most Dell machines are good gigabit Ethernet controllers. The Broadcom 'bge' NICs found on a few Dell products are less well regarded. My first recommendation for the corporate world is to plan on purchasing two identical machines and operate either behind a load-balancer or with a reliable failover solution -- if you use Proxy Automatic Configuration (PAC) instead of transparent proxy, you can even have the clients themselves do both load-balancing and failover in the PAC script. Yes. That is what I originally had in mind. Assuming I have the budget to buy two machines (hopefully I do), i would doing something very similar. I'd almost go so far as to say it'd be better to purchase and deploy two cheap Squid servers than one really good one :) You mentioned the number of employees, but not the available bandwidth or the current average and peak traffic volumes for desktop web browsing. Well, we have a T-1 currently. One of my current tasks is to measure our bandwidth usage. It definitely needs to be cutback. The CEO was very nice in letting users surf freely for awhle. However, after a recent nasty incident, the door will slam shut on that very soon. Hence, the go ahead on my long awaited squid proxy server. You'd be hard pressed to find a server which isn't up to saturating a T1. Is there another plugin of some sort that works in conjunction with squid for web content filtering? I've come across another one called http://www.safesquid.com This is the first I've seen of this product. Interesting, and cheap. I really need some type of addition to squid to filter out crap and ensure it doesn't get on my users computers (spyware...). Since most of our vendors websites use only IE, I am unable to switch others to something like Firefox. So, im stuck I stop the most annoying spyware with a combination of router ACLs and blocking the spyware domains in my caching nameserver. You can address a subset of spyware by upgrading your desktop AV (Symantec, McAfee, etc) to add their host-based spyware protection.