back to article Help! We need to pick a platform for our desert adventure

Things have slowed down a bit in our efforts to build a super network-groomer for the remote Australian community of Willowra, because there's been a changing of the guard at the Wirliyajarrayi Learning Centre. While we wait for new staff to arrive and to help us out with some ping tests and better photos of the network …

  1. Long John Brass

    XenCenter may be a viable equivalent for ESXi

    VyOS is a handy dandy router distro with a built in squid proxy, dunno if it offers content manglement

    Another option may be to run FreeNAS which can run Linux VM's in a jail

    the Tested guys have a quick run down here http://www.tested.com/tech/500455-building-home-server-using-freenas/

    http://doc.freenas.org/9.3/freenas_jails.html

    Jails may be a better option given that they are lighter weight than either Xen, vmWare or VirtualBox

    1. Wzrd1 Silver badge

      A squid proxy can be used for filtering. Once, our DoD Websense license expired and we ginned up a squid proxy with crude filtering.

  2. xj25vm

    Keep it simple

    Hmm - it sounds more like you are trying to use the fanciest tech about in order to make it worthy of writing as many articles as possible about it - instead of concentrating on delivering a fully functional, practical and reliable product. If this is a bandwidth, access and budget constrained environment, just keep things as simple as possible. What is the point in using exotic stuff? Why use an Intel NUC? So that it is a pain to replace next year or the year after when Intel decides they can't be bothered any more? So that you have to ship in an external power supply for it from thousands of miles away when its own packs in? Oh - I forgot - it's a cute little shiny box </sarcasm>. It's a relatively new platform - it could well disappear off the market if it doesn't get traction. I mean, how much power do you really need? Why not use one of the passively cooled mini-ITX or micro-ATX motherboards with a Celeron J1800 or J1900 on board, shoved into a regular (even used) pc case with a bog standard power supply instead? And if you want reliability, use a 500W power supply - which is so oversized for the job that it will probably take 10 years until the caps will be worn down below the power usage requirements - instead of the psu blowing up after 2 years. The Intel NUC's haven't been designed for 24x7 duty. And the above mobo draws below 20W of power including the hdd.

    And fancy virtual machines? Don't get me started. When you set something up, remember that one day someone else will have to look after it, after you've moved on. The lower the skill set required, the more likely that it will have a long and useful life, instead of being binned as a loony idea which was impossible to keep going in practice. What's wrong with a bog standard setup, with the OS on the bare metal? Are you building some high-availability rig for some city bank?

    Think simple, think reliable, think well established technologies which are likely to be around for a long time, think parts availability (in the long term as well). If you want to do it right, stop being journalists and jump into the boring shoes of an engineer - you know, the unexciting types who quietly keep things going with a string and a ducktape.

    1. JonP

      Re: Keep it simple

      Why use an Intel NUC?

      I was wondering that too, then i noticed the large "The Register Willowra Expedition - in association with INTEL" advert just to the right...

    2. phuzz Silver badge

      Re: Keep it simple

      You do make a good point about power supplies, but I've not seen a Mini-ATX case that has a standard sized power supply. Personally I'd go with something that has an external power brick, as they're actually not that hard to replace. Between ebay and amazon you can find one that has the correct output and connector.

      1. Dan Paul

        Re: Keep it simple (Newegg!)

        Try Newegg, for the Corsair "Obsidian" Mini ITX Case. It handled a full size Radeon 280 Video Card and a 650 Watt full size modular power supply AND room for a Cooler Master self contained water radiator/cooler. Add a nice ASUS motherboard and the Intel processor of your choice. Now you have something fully rebuildable, reasonably small, lots of fans and cooling options and all airvents except the back ones are covered with screens.

        AND IT FITS FULL SIZED COMPONENTS!!!!!!

        http://www.newegg.com/Product/Product.aspx?Item=N82E16811139033&ignorebbr=1

      2. xj25vm

        Re: Keep it simple

        @phuzz - Mini-itx motherboards will fit happily in a standard box - as far as I know. Yes - it kind of misses the point of using the mini-itx format in the first place (except for the fact that many of them are fanless, which I think is a bonus) - but it keeps everything bog standard and easy to replace. Also, external brick type power supplies have no holes for ventilation, run hotter than normal power supplies and in my experience pack up sooner if used continuously (I'm guessing, most likely because of the heat).

    3. John Brown (no body) Silver badge

      Re: Keep it simple

      "Why use an Intel NUC?"

      I wondered that too. Apart from your helpful suggestions, another option is one of the HP microservers which are designed for 24/7 operation and cost the same or less than a NUC.

      EDIT: @JonP; Ah, I'd not noticed the Intel sponsorship either. That rules out an AMD powered HP box then.

      1. Simon Sharwood, Reg APAC Editor (Written by Reg staff)

        Re: Re: Keep it simple

        we've been up-front about the Intel sponsorship, I hope.

        1. xj25vm

          Re: Keep it simple

          Well - if Intel wants to sponsor - that's not a problem - why don't you convince them to provide you with some suitable hardware? Last time I checked they made some damn fine fanless mini-ITX motherboards - as an example.

  3. John H Woods Silver badge

    Story of my life ...

    Them: "We're starting a new project ... can you help us design a ... "

    Me: "Sure, that'll be a fun challenge ..."

    Them: "We've already committed to technologies X, Y and Z ..."

    Me: *sigh*

    A significant amount of technology is 'golfware' --- its role in your new project has been decided on not just before you or any other technical person has been approached, but before the decision makers have reached the 19th hole.

    1. John Brown (no body) Silver badge

      Re: Story of my life ...

      "before the decision makers have reached the 19th hole"

      Or worse, after they've spent waaaay more time at the 19th hole than the other 18 all put together.

    2. Simon Sharwood, Reg APAC Editor (Written by Reg staff)

      Re: Story of my life ...

      We're not committed: the shout-out was a fishing expedition as much as anything. But we'll stick with the NUC for a bit cos we've got some. We disclosed the sponsorship a couple of stories back, but also feel the NUC is fit for purpose.

  4. returnmyjedi

    Workbench 3.1

  5. x 7

    Intel NUC? Needs an mSATA drive. I thought the idea of this project was that it was cheap........And will the NUC take a decent sized (e.g 1TB) drive? Mine won't - paperwork said 250GB max

    1. Anonymous Coward
      Anonymous Coward

      Some variants of NUC support a 2.5" SATA drive so a 1TB wouldn't be a problem, although it would be preferable to have room for 2 drives and be able to use RAID1 to provide a bit of protection against a drive failing.

  6. John Robson Silver badge

    Have to agree with the above comments...

    There are better solutions. One of which is to get space at the other end of your "bit of string" so that the content filter isn't bandwidth limited.

    Then a local HTTP caching server with a decent DNS caching server (if you want to be mean then add a half second delay to "other" DNS traffic, to degrade it's performance and improve the apparent performance of the local DNS solution - there is no way you can override the hosts file on the local machine anyway)

    Of course with so much stuff being HTTPS nowadays you might find that the caching isn't as effective as you'd like...

    Run something over the weak connection to ensure decent utilisation - Something like VoIPbox (which is available on titchy (replaceable) hardware) could improve the observed performance of the network, particularly if you have a good amount of "small packet" traffic. The underlying software is available on it's own, but the productised version probably has support advantages.

    Heck, you could even go the whole hog and use the same vendor for a few things; CACHEbox will handle squid - potentially doing so at both ends, the remote end with a content filter (and maybe not even doing any actual caching?), the local one then doesn't need the constant filter updates; DNSbox does very well as a caching server... There are other vendors, offering similar packages...

    Then you just need a firewall - and there are plenty of options there, many of which have a much nicer interface than raw iptables (which is what *I* use, but I wouldn't foist it on others...)

    OK - I've just put 5 boxes in, to two locations. But they are relatively cheap, commodity hardware, with phone support and a company to post replacement boxes out (and collect the dead unit). Total space is less than 5U, possibly much less. Nice web interfaces, easy config backup/restore...

  7. Anonymous Coward
    Happy

    OK lets rewind...

    ..Is this a registered charity?

    If so you then can get yourself along to TT-exchange and get yourself some stupidly cheap licenses.

    If you DO decide to go windows, what about K9 protection on the pc's? Dead cheap, hosted in the cloud and rock solid.

    https://www.tt-exchange.org/partner_catalogues

    Or

    you could get Untangle running on a micro-itx box (dual NIC's required) and install the "Lite" versions + say webcache addon. Although the content filter is nowhere near as good as say K9's unless you use the paid for versions, it still does a much better job in my experience than the like of OpenDNS family filters, which is piss easy to get around.

    https://www.untangle.com/untangle-ng-firewall/applications

    1. x 7

      Re: OK lets rewind...

      "K9 protection on the pc's?"

      Not a piece of software I'd suggest.........the few times I've worked on machines with it installed its been a real PITA, making the PC net too unusable.

      1. Anonymous Coward
        Anonymous Coward

        Re: OK lets rewind...

        I've never had an issue on the many machines I've run it on, however I have found that you should allow the home page onto the allowed list as it can be laggy to start with.

  8. dc_m

    I have only played with it on demos, but I really like the look of untangle for web filtering purposes.

    http://www.untangle.com/

    1. Anonymous Coward
      Happy

      As posted above, I've and ITX with this (total cost about £60 from fleabay for the bits).

      The Lite version is OK, but is it is light. For example, torrent sites are not blocked and porn is hit and miss. So for torrents, feel free to manually add about 100 domains, to minimize the availability. It's a bit of a workaround rather than a fix. The paid for version is quite expensive for a annual running cost and is not really suited for this size set up.

      I'm still setting it up (this is a new set up, but used it in the past), so will need to try this little known trick (Google really do hide this)

      ...

      Turn on SafeSearch VIP

      To force SafeSearch for your network, you’ll need to update your DNS configuration. Set the DNS entry for www.google.com (and any other Google ccTLD country subdomains your users may use) to be a CNAME for forcesafesearch.google.com.

      We will serve SafeSearch Search and Image Search results for requests that we receive on this VIP.

      https://support.google.com/websearch/answer/186669?hl=en-GB

  9. pblakez

    KVM, virt-viewer, virt-manager on to of a base linux system

    Have you considered using KVM with virt-manager on a base Linux system

    have been trying this on debian mainly because we have to admin remotely a few systems and its great to have a full OS at the base of you system.

    KVM seems very light weight and easy to manage.

    As to the NUC's I see little problems with these, although bit more expensive, like the ability just to mail a small box to my clients already set up. personally using the Gigabyte Brix of which there is a model that supports 2.5 HDD/SSD.

    cheers pb...

  10. Fungus Bob

    Squid

    Definitely look at Squid for caching and http filtering. With a combination of block list and exception list you can make a web filtration system that gets up on its hind legs and walks. Once in another lifetime I had Squid blocking ads and porn for the company network, except for the owner's PC - just blocked ads for him (no way I was gonna tell the guy that signs my paychecks that he can't get his jollies).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like