On Fri, 2010-09-17 at 02:22 +0100, Anthony wrote:
> At home I've a fileserver PC and Ubuntu clients including one that's
> ended up needing to be left on 24/7. I'm thinking of moving the
> server's 2 disks to the always-on desktop box to save electricity. All
> PCs are on a wifi ADSL router using Cat5 and WPA, and we've an
> (untrusted) lodger. Backups are nightly between encrypted server disks,
> and approx weekly an incremental to an unencrypted USB drive which is
> locked away. [*]
>
> Have I thought of all the pros and cons, and how should I secure this
> arrangement (especially NFS)?
?switch to shares based on SSHFS
> Power: saves 25%
> same disk count, one less mobo
>
> LAN security: no change - is it enough?
> client login passwords; static client IPs;
> NFS exports to individual IPs;
> encrypted data disks; ssh with passwords
>
> Physical security: worse.
> fileserver is in the loft,
> PC and router are on the desk
>
> Noise: OK
> desktop gets 3 quiet Barracuda disks
>
> Speed: got a PCI-IDE card
> so each disk can be on its own channel
>
> Future expansion: costly
> will need to replace with larger disks.
> 2 channel PCI card => only add 1 more disk
>
> Stability: not sure.
> The 24/7 desktop has mostly run between power cuts so far. Apps are
> installed as needed mostly from universe and there's a spare PC for
> reboots e.g. learning grub2. Browser memory leaks eventually fill
> swap and fell the box: the browser could be run in a VM to avoid
> this.
>
> Bring on the advice please!
>
> Anthony
>
>
> * story in a nutshell; some features not yet implemented quite like
> that.
>
> --
> Please post to: Hampshire@???
> Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire
> LUG URL: http://www.hantslug.org.uk
> --------------------------------------------------------------
Hi Anthony,
A quick first thought - any way of moving the 24/7 tasks to the server
instead of decomissioning it?
Re security of shares - ?switch to shares based on SSHFS
Not a mass of advice, but a couple of quick ideas
Regards
Dan
