Results 1 to 10 of 11
Well after about ~6 months of banging my head against the wall and learning tons and tons of stuff I now have no choice bu to give up on *nix ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 09-11-2012 #1
Here I sit broken hearted....
It is simply not possible to do everything I want in *nix with my current hardware. I have an Optimus (ptewy, cures and pox on the things) card.
I finally figured out to understand the how to hack the x-server turtorials. They're all half baked and half baked won't do. (But, that's not the fault of the folks who wrote the tutorials. They were doing the best they could in a bad situation.)
And BumbleBee won't do what I need either.
So I'm friggin stuck with doze as a base; which means the best I will be able to do is run the host and 3-4 VMs, instead of the host and 6-7 VMs b/c doze is such a resource hog.
I wouldn't consider the process wasted time as I learned a lot and some of the VMs were to be doze any way as I'll need to know mixed environments to get a yoab.
On the funny side though: Enough people (including me) have raised enough stink that it looks like Nvidia is finally going to support Optimus in *nix. Breaking news from around the web is linking to an e mail chain with one of their devs claiming to have a proof of concept driver and asking for help ironing out the wrinkles. But, I can't afford to waste any more time waiting.
I'll put all my VMs on seperate data partitions and if the *nix drivers every do come round I'll go dual boot.
I also have some old machines that I can use to "stretch" my network a bit. I have a netbook. I intend to make that one a headless VPN/Firewall/Proxy.
I have a quad core that should handle a *nix or XP base and 2-3 VMs. I also have an old dual core that if I go headless can probably handle a host and 1 VM.
So all told, minimum (counting hosts and VMs), I should be able to get at least 8 machines up and running on my network, maybe more. (Not counting the netbook, which is already dedicated in the plan.)
My goal is to simulate (on a small scale) an enterprise network. So I'll need a file / print server, a web server, an admin terminal and a user terminal; that's 4 machines. I was also thinking of including a honey pot, that's 5.
So my questions are this:
1) What else should I included to simulate a common enterprise network configuration to use as a test bed while I go through getting my certs.
2) Would I be better off using the doze host to admin the whole thing or using a *nix VM for that job?
3) Since most enterprise stuff is Redhat I was wondering if CentOS is "close enough" to learn what I need to do. Or if I should just bite the bullet and kick out for RHEL?
- 09-12-2012 #2
Out of all the gurus on this site nobody knows the basic structure of an enterprise network?
I talked to some of the IT guys at work. It suprised me that most of them could not give me a complete answer. Most of them refered me up to the executive suite. Like a securitie gord can just walk up to some high-falutin' exec and start pickin' their brain without getting frog marched off the site.
But, I did pick up some useful info between talking to them and surfing the web:
I'll need a domain controller that uses active directory. I can do that with samba. So, should the DC also be the network admin terminal? I think I'll use the physical machine to host a VM for print and file sharing b/c the only *nix drivers for my printers only work with really old versions of ubuntu. So I'll use that drive to store files as well. I'll put that on the quad core and give the DC/Host 2 cores and 2 GB RAM. I'll have capacity on that machine for at least one VM. Should the admin terminal be its own "seperate" machine or should I just fold those functions in to the DC Host? Or should it be run straight from the w7 host? In other words, in a mixed network in the work place what am I more likely to see: Doze being used to admin or *nix being used to admin?
I've got a copy of w7 Ultimate, so I should have access to pretty much anything needed to admin a network. Should I use that as the DC instead of *nix/samba?
I also found out that the NIDS will need to go on the first external point of contact. So I'll need to put that with the FW/VPN/Proxy. You guys think a headless netbook with an ATOM can handle that w/o bogging down my connection to the outside world? Or should I shift that over to the old dual core?
- 09-12-2012 #3Out of all the gurus on this site nobody knows the basic structure of an enterprise network?
I help when I can. Free advice from someone taking the time out of the kindness of their heart, well, ya gotta be patient.
This aint paid support.
- 09-12-2012 #4
I've been scouring the web and the smallest enterprise network configuartion diagram I've been able to find so far involved about a dozen machines total (only counting one of the user terminals). There's a lot that I'm just not going to have the capacity to replicate since I only have about 8 machines to work with (maybe 10 if I get really lucky). Or I'm going to have to figure out which functions to combine in to which machines to cram as much simulation as possible in to as few machines as possible.
I guess I could just wing it and start slapping stuff together, but I don't want to cook up some retarded monster that bears no resemblance at all to something that I might actually find out in the real world.
- 09-12-2012 #5
Most everyone that I have interacted with uses Windows Server as their server and not Windows 7. There are a few I have seen that have used Linux but they used Red Hat, Suse, or Ubuntu. Something with paid support.
Even the small businesses use some sort of Windows server if they opt for windows.
Linux User #376741
Code is Poetry
- 09-12-2012 #6
I understand the frustration, trust me. Just 10 years ago, Linux was a very different beast and it was very difficult to find drivers of any sort, let alone some advanced out of the ordinary hardware. Nowadays it's so easy we take it for granted. I'd suggest poking around on the Linux kernel developers mailing list and/or asking those guys where to look.
Look under mailing list
You can always use what works (Windows), while waiting for Linux to catch up.
- 09-12-2012 #7
I have 4 boxes to play with:
1) XPS L502X i7 (HT to 8 cores), 8GB RAM, Nvidia Optimus.
I have no choice but to use w7 as the host on this for now. I don't want to for lots of reasons. But if I use x server hacks to bypass the iGPU and export the x session to an external monitor through the dGPU then things get really wonky and buggy. And I can't use BumbleBee for this setup either b/c I can't run VMs on the dGPU under BB. And the iGPU just dosen't have the necessary resources to run a bunch of VMs all at the same time. So it will have a w7 host and 3-4 VMs. I'll push it as hard as I can without bogging the host or creating memory leaks. My disdain for doze grows daily. But, my intention all along was to create a mixed environment with some doze VMs. So I'll just have to live with going this route instead. (Say four machines total on the conservative side, maybe more.)
2) Lenovo IdeaPad z560 i3 (HT to 4 cores) 3GB Ram. I can run any *nix configuration on this no problem. I figure I'll do a host (3 cores / 2GB RAM) and 1 VM with 1 core and one GB RAM. (Two machines total.)
3) Inspiron 1501 Turion 64 dual-core / ATI on board. I can run most any *nix configuration on this no problem. I figure I'll do a host and one VM or just a host on this one. I'm not sure yet. I may use this one for the VPN/Firewall/Proxy/NIDS.
4) Acer net book with ATOM processor. This one can be headless or handle a lightweight *nix GUI distro. I'm not sure what to do with this one. I was thinking of using it for theVPN/Firewall/Proxy/NIDS. But, IDK if it can handle that much load, even headless.
So, worse case scenario I'm looking at ~8 machines total. Since this will just be my private test bed and carrying almost no load I figure all my VMs will be fine with 1 core and 1 GB RAM each.
Out of my available resources I'd like to get a combo VPN/Firewall/Proxy/NIDS, a domain controller, a file / print server, an admin terminal, a user terminal, a web server and a honeypot. That's 7 machines there, with 1 possible spare depending on how much of my hardware resources all of that consumes.
No matter how much I search I can't find any info on setting up a small scale test bed that emulates the core components of an enterprise class network. Does the above listed components pretty much cover the "core" of an enterprise network or am I missing something?
Also, I'm not sure how to allocate my hardware resources, virtual resources and what machines can / should be combined. Example: should the DC / admin terminal be the same or different machines (virtual or real)?
For the doze VMs I was going to DL some freeware pre-made VMs from VMWare. They have tons of them. They are based on pre-release / evaluation / demo versions of doze. So they can be pretty buggy at times. For that reason I want to use *nix for anything that will be mission critical and have the doze VMs handy for secondary roles / learning.
The really nice thing about this set up is that while I will be limited to about 6-8-10(?) machines running at any one time I have a lot of storage (about 4TB total). So I can create VMs out the wazoo, store them and "hot swap" them for different configurations.
But, I'm not sure of the following:
1) What all covers the "core" components of an enterprise class network.
2) Is CentOS close enough to RHEL for me to learn on or do I need to spend the money on actual RHEL.
3) How to allocate the resources that I have available.
4) The over all architecture of a small scale network designed to emulate the core of a much larger network.
5) What mix of doze / *nix components would most closely resemble a real world enterprise network with the resources I have available to me and still be reliable enough that I won't spend all my time recovering from crashes or chasing bugs. (In other words: I can't afford a "real" copy of doze server or whatever X, but I can probably get a free and buggy premade VM of it or make one myself. Or I can use my "real" copy of w7 Ultimate.)
Last edited by Steven_G; 09-12-2012 at 08:00 PM.
- 09-13-2012 #8
OK, the light bulb came on and I finally started getting some useful returns on my searches. This is what Iím thinking about trying to simulate. Itís my first stab at designing a network, so itís probably wrong. I also know that it will not be exactly like an enterprise network as I simply donít have the resources to pull that off. And yes, I know I can get a fully functional eval copy of doze server with a 6 months free license. But, I am building this to last me as a test bed as I put myself through school over the next 4-6 years. Iím sure that it will change a lot in that time. But, I have to get started somewhere and I really donít want to get in to it knowing that Iím going to have to build new servers in 6 months. Besides, since Iím new to all of this it might take me that long to learn how to build everything and make it all work.
The diagram below represents what I want to emulate, it is not a diagram of the actual virtual network / loopbacks / router / physical boxes /etc. And Iím simplifying so that it wonít look all wonky when I post. What I need to know is A) Is this completely retarded? B) Does it even remotely resemble an enterprise class network?
(Note: If I end up having to buy / build a cheap server to make all of this work then I will.)
Gateway (Router / Switch / VPN / Proxy / Firewall / NIDS / *nix)
Web Server (LAMP / *nix)
Domain Controller (*nix / Samba)
File / Print Server (W7 Ultimate) Ė Honeypot (*nix) Ė Backup Server (*nix)
Admin Terminal (*nix) Ė User Terminal (*nix) Ė User Terminal (doze?)
- 09-13-2012 #9
If your web server is public facing then I would put another layer of firewalls between it and the internal network and put it in a completely different subnet. That would put it in the wonderfully named de-militarised zone.What do we want?
When do we want 'em?
Doesn't really matter does it!?
The Fifth Continent
- 09-13-2012 #10
I have tons of notes and links that are starting to get really scattered and disorganized. I'd like to use the web server to create my own personl wiki for all of my notes and I'd like to be able to access it from anywhere. But, at the same time I don't want anyone else to be able to get in to it and I don't want it indexed. Since I don't really know what I'm doing yet I don't want to leave it open to the script kiddies (yet / maybe later). But I would like to be able to read / add to my notes from anywhere and run my own pen testing on it.
So it should look more like this?
Gateway (Router / Switch / VPN / Proxy / Firewall / NIDS / *nix)
Web Server (LAMP / *nix)
Firewall / Router / Switch (*nix)
Domain Controller (*nix / Samba)
File / Print Server (W7 Ultimate) – Honeypot (*nix) – Backup Server (*nix)
Admin Terminal (*nix) – User Terminal (*nix) – User Terminal (doze?)
In this configuration (or any other) does the VPN go on the gateway or the second switch?
Should the honeypot be closer to the outside world or do I want to bury it deep in order to add to the illusion of it being "good stuff"?
Where in this configuration should the mail server go? I just realized I've left that one out.
Last, but not least, how many of these functions can I combine to save on resourse but not end up looking nothing like a real world network?
Last edited by Steven_G; 09-13-2012 at 06:50 PM.