New home server

Building a new household server....

Like a lot of families these days, our household IT infrastructure has had to adapt as we all became more and more fond of computers for work, school and recreation.  With digital photograpy, ripping hundreds of CDs, describing our various activities and travels on web pages,  two teenagers and the heavy use of email, and the need to provide stable storage for homework and digital art, we've been playing catchup for a while.  This led us directly to designing and building a new server to handle storage of all the digital media, web-serving and email.  At the same time, I was tired of the whine from the surplus X1 rack-mount server I had stuffed in the closet, and decided to merge my home desktop and server together to reduce power consumption.  With some thinking we arrived at the following hardware design:

• Tyan 2865 motherboard - 4 SATA ports that worked w/ Solaris in compatibility mode, sound and an on-board nvidia gigabit ethernet chip, both supported by Solaris as these were the motherboards in the original Ultra 20s.
  
• 2 x 2.6 GHZ AMD CPU; this was rather more CPU than I originally planned, but sometimes things turn up...
• 1 GB ECC RAM, later upgraded to 2 GB.
• 4 x 500 GB Seagate drives for redundant data storage, plus a leftover 40GB IDE drive for root and a DVD-RW drive for movies and burning DVDs.
• NVIdia 6600 GT video card - available for a reasonable price and with good 3D graphics for playing with those video game ports to Solaris.  With the bundled NVidia OpenGL drivers in 55, the cool screen savers work out of the box, too!
  
• 450 W Antec power supply
• inexpensive second NIC for our external interface; I happened to have an $7 Gb Airlink card which uses the Realtek part; this works out of the box as well.
  
• A small case - I used an Antec Lanboy as they're small and light.  In retrospect, a larger case such as an Antec P180 would have been a better choice.  I do like the disk cooling on this design, though - the 120 MM (blue, heh) fan keeps the drive temps very moderate.
  

Well, this went together pretty easily (especially since I had my son do all the work...).  The software selection and configuration was actually considerably more effort than picking the hardware components and building the system.  We're now running:

• Solaris Nevada build 55
  
• the bundled Bind 9 for handling internal, DMZ and external views of our various domains.
  
• the bundled Apache 2.2 handles our various web pages and our 3 virtual domains.
• the bundled dhcp server handles DHCP service.  I configured this with dhcpmgr; since all the other machines in the house use DHCP there's little admin work to do anywhere else.  This is a real boon during the kid's LAN parties; things just work.
  
• The bundled Samba server provides NAS for the various Microsoft and Mac clients in the house.  With the latest OS-X builds, NFS works well enough to use; we may switch.  I use swat to configure Samba.
  
• Printing is provided by the stock lp and ipp-listeners aided by Samba for the kid's microsoft game platforms.  I configured this with printmgr.  We print to an HP1200 that has worked flawlessly for years w/ just a couple of toner changes.
  
• the bundled IPFilter provides carefully controlled port filtering on both the external and internal network interfaces.
  
• Dovecot (compiled from source) provides IMAP service for both our LAN and (with SSL) over the Internet.  This service is under SMF control so it starts automatically when the machine boots. I chose Dovecot since it also cooperates with Postfix to handle SMTP authentication.
  
• Postfix (compiled from source + Berkeley DBM libraries).  This provides SMTP service with TLS and AUTH needed to control relaying by family members using external connections.  The anti-SPAM features are also excellent and pretty easy to setup given the numerous how-to guides available on the web.  With Postfix I feel actually in control; I always had to rely on John Beck to customize my sendmail configuration.
  
• The unbundled SUNcry{r} encryption packages were needed to get the bundled OpenSSL libraries working correctly w/ TLS and Thunderbird. Darren Moffat promises to have the high grade support bundled into OpenSolaris soon.
  

So far things are working very well.  The 4x500 GB drives are in a RAID-Z configuration with ZFS; we can sustain 120 MB/sec or so reading or writing to the 20 odd filesystems configured on the single pool.  Samba works pretty well; we managed to feed 10 different files to 10 different clients at nearly 100Mb/sec apiece during one of the kids' Lan parties.  Dovecot in particular seems very fast on top of ZFS, and other than a glitch with my forgetting to set the maximum user mailbox size Postfix has been trouble free.  I use this machine as my desktop as well in the evenings.

 
What are we still thinking about changing? Well:

• My son wants a Ventrilo audio server for his Guild Wars games.  Another manifest, some more testing.
  
• I may add greylisting to our SPAM prevention techniques; this will require a bit more configuration work. We reject perhaps 700 SPAM emails per day for our small number of email users; we each still get a handleful each day.
  
• I'm going to add a Slim Devices Squeezebox to our stereo system; we outgrew the 200 CD changer some time ago.  That's another server to run, but we get access to the 65+ GB of music anywhere in the house.
  
• I'm thinking about adding a separate Ethernet interface to plug in the wireless router  This will let me experiment with more secure ways to configure wireless services.
• When ZFS root and boot is supported , I'll configure another pair of drives for a mirrored root pool using a SI3114 card. Right now we just back up the small root partition to our ZFS pool.
  

Posted at 03:53PM Jan 17, 2007 by barts in General  |  Comments[3]