Wiki source for HServer


Show raw source

==== Halier Server idea ====

=== Preface ===

Most computer users use Windows as their operating system on their computers, but some users choose som variant of GNU/Linux. Users usually don't care about the operating system on the server. Administrators choose operating system on the servers, some administrators prefer Windows, some prefer GNU/Linux

If an administrator chooses Windows as his server operating system, he usually don't have to make any more choises. He just adds or removes server roles from his server using Microsofts tool for this. Every role he/she installs works together with his server by default. BUT if he/she wants to do something other than the Microsoft way, he will be on his own...

GNU/Linux systems on the other hand is very flexible, too flexible. An GNU/Linux administrator will have many descisions to make before he can start installing his server. He will have to choose a distribution, he will have to choose how to store his user data, how to authenticate his users, choose webserver, choose mail transfer agent, choose POP or IMAP-server. There are an huge amount of ways to do things. This is the strength of GNU/Linux (and the whole open source movement ).

I would like a GNU/Linux solution were I don't have to make all descisions. I don't say i would like GNU/Linux to become more like Windows, but I would like a better way to administer several GNU/Linux servers and clients.

=== My idea ===

This is how I would like a computer system to work.
Some of the things here are inspired by the way Active Directory works on windows servers.
My solution are based on the assumtion that there will be only GNU/Linux servers and no Windows servers, but both GNU/Linux clients and windows clients.

~- When an administrator installs a server he should only be faced some simple questions. Like: New or existing domain
~- When a client computer is installed, there should only be one question: Witch domain do you want to connect to? The client computer will then be under complete control of the domain server
~- If there is a domain server on the local network, it will be possible to install a client computer or a new server directly from the domain server by booting from the network (PXE, TFTP etc.. )
~- Windows clients will be installed by first installing using a traditional installation CD, and then installing an application suite to configure it and to connect it to the domain (Please note: Not an Active directory domain, a Halier domain! ) (Windows client may be installed unattended too: http://unattended.sourceforge.net/)
~- Once a domain is created, with at least one domain server, all administration will be performed with the domain administration software
~- Using the domain administration software, you will add or remove functions from all servers in your domain, all functions you add or remove are configured to work perfectly together with your domain without any further configuration (utopia?)
~- Using the domain administration software, you will confiigure all clients, including installing and removing software.
~- When user A loggs in to a computer for the first time, all the company wide software are configured to work with the domain. Like E-mail agents, network file systems mounted etc...


=== How will it work ===

The plan is to use existing software as far as possible (don't reinvent the weel).

~- [[http://www.ubuntu.com Ubuntu]] as base, use software packages for ubuntu as much as possible.
~- [[http://www.openldap.org OpenLDAP]] as directory service, for storage of account information, computer configuration and network configuration (All configuration in other words...)
~- MIT Kerberos 5 for authentification
~- [[http://www.isc.org/index.pl?/sw/bind/index.php BIND]] as nameserver. (Alternatives are djbdns or PowerDNS) Use together with ldap2dns for automatic generation of zone files from ldap. (OR: http://bind-dlz.sourceforge.net)
~- ISC:s DHCP as dhcp server.
~- [[http://www.postfix.org Postfix]] as MTA
~- [[http://www.openafs.org openAFS]] for file serving...
~- samba for file serving for windows computers. (I would like to only use AFS, but I dont think this is realistic )
~- [[http://httpd.apache.org/ Apache]] as http server.
~- Some sort of TFTP-server
~- [[http://www.courier-mta.org/imap/ Courier IMAP]] for IMAP and POP-service
~- Traditional tools for software administration in GNU/Linux systems. Like apt or yum.
~- Some sort of PKI, example: [[https://www.openca.org/projects/openca/ OpenCA]] or [[http://wiki.openxpki.org OpenXPKI]]

Other interesting software:
~- http://unattended.sourceforge.net/
~- http://unattended-gui.sourceforge.net/
~- http://mds.mandriva.org/
~- http://eol.ovh.org/winexe/
~- http://www.cynops.de/oss/CertNanny/

All server functions are configured with data from the directory service. If a computer is added to the domain, then BIND and the DHCP-server are updated accordingly.
If an additional DNS server is added to the domain, then all clients will automaticly use this one as well since the DHCP server(s) inform the clients about the new nameserver.
If the same function is provided by more than one server, they will be configured to work together by using load balancing, failover or what is suitable for the function in question.

== Example of functions a server might have ==
~- Domain-server (includes: DNS-server, DHCP-server, Directory server, TFTP-server)
~- Web-server (May include: Webmail, WIKI, Intranet software like eGroupware etc..)
~- Mail-server (Includes: MTA, POP-server, IMAP-server)
~- IM-server (jabberd2)
~- File-server (includes: AFS-server, Samba server )
~- Print-server
~- Backup-server (For performing domain wide backups)
~- Desktop server (For thin clients)
~- Diskless client server (for diskless but not thin clients)
Sub-functions like IMAP-server may be installed without installing the entire Mail function.
All servers and clients shall have a minimum set of software installed, like ssh-server

== Clients ==
==GNU/Linux clients==
There will be an agent running on all GNU/Linux clients, the agent will be responsible for checking the LDAP directory for changes and apply them.
The agent authenticate against the directory using kerberos and the computers machine account. (Principal host/fqdn@DOMAIN.TLD)
Responsibles:
~- Installing/removing software
~- Configure software acording to data in the directory

==Windows clients==
~- Software installation may be administred by [[http://www.wpkg.org WPKG]]
~- It is possible to achive the same function as you may with Microsofts group policy by writing some simple software.
~- Windows clients will have som basic set of software installed to make it work together with the linux servers (Example: AFS client)

WindowsHserverClient


=== finaly ===

This is my dream. I may however probably never make this come true by myself, perhaps if i get some help!
Interested? Send a mail to {{image alt="Linus" title="Linus" url="http://www.halier.net/le.png" }}

Feel free to make comments to this document.

===Useful tools===
[[http://directory.apache.org/studio/ Apache DS studio]]

===Useful documentation===
[[https://help.ubuntu.com/community/SSH/OpenSSH/Advanced?action=show&redirect=AdvancedOpenSSH Ubuntu documentation - AdvancedOpenSSH]]
[[https://help.ubuntu.com/community/SingleSignOn Ubuntu documentation - SingleSignOn]]
[[https://help.ubuntu.com/community/OpenLDAPServer Ubuntu documentation - OpenLDAPServer]]


---
CategoryProjects
Valid XHTML :: Valid CSS: :: Powered by WikkaWiki