RE: Help needed with server setup at work
- From: "Ted Mittelstaedt" <tedm@xxxxxxxxxxxxxxxx>
- Date: Wed, 25 Apr 2007 03:34:36 -0700
-----Original Message-----
From: owner-freebsd-questions@xxxxxxxxxxx
[mailto:owner-freebsd-questions@xxxxxxxxxxx]On Behalf Of Rico Secada
Sent: Monday, April 23, 2007 10:48 AM
To: questions@xxxxxxxxxxx
Subject: Help needed with server setup at work
Hi.
At work we have a bunch of NFS servers. The servers provide the
home directories for all the employees client machines.
Most of the employees mount their home dirs manually, but some
are mounted using scripts. Employee John knows he belongs to NFS
server 1, and emplyoee Britney knows she belongs to NFS server 3
and so on.
Now due to new conditions
Without saying what these new conditions are, you aren't giving much
that anyone can give advice on.
I have to set up a new system from
which ALL employees are able to mount their home directories from
their homes (where they live). Since I only have one IP address
at my disposal, I need to set up some kind of union system in
which all home directories apear as they live on just one server.
Besides that I have to figure out what kind of security I need to
use. I have been thinking about AFS.
About the union thing I first thought of somehow union mouting
all the different home directories on a single machine which then
serves as the access point, but I am affraid if that particular
machine crashes, then no one can get to their files.
Your going about it in exactly the wrong way and in a very insecure
manner, in my opinion.
If you have a situation going where the building that all these employees
are working in that contains them, their workstations, and their
servers, is going to be vacated, such as a kind of virtual company
scenario, then ASSUMING that the employees ALL have high-speed
connectivity (DSL, Cable, or whatever) of at least a megabit,
then the safest and most trouble-free way of doing it is to have
ALL employees setup with their ISP's to have static IP addresses,
amd then put hardware VPN firewalls at each employee's home and
setup dedicated lan2lan VPNs that are permanently up all of the
time. Linksys sells a very nice VPN firewall, the RV042, that is
fantastic for this job. This will allow you to manage all employee
computers just as if they were all in the now-missing building.
This is particularly important as you can install patches, monitor
for intrusion attempts, etc. It also moves the ickyness of the
VPN client software away from the employees computer, simplifying
that system. At the central hub where all the servers remain, you
can easily setup a firewall that only allows VPNs in from the
designated remote IP addresses.
If however the need is for only periodic access, then investigate
a remote control solution. I would recommend setting up a bastion
host that is on your single public IP address, and a VNC server
on it. Employees can use one of many VNC clients (there's even
one for palm OS I belive) and go from their homes to the bastion
host, then from the bastion host, xterm to their desktop systems.
Putting a union NFS server up is just asking for trouble, particularly
if you aren't restricting access to it via IP address.
Ted
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"
- References:
- Help needed with server setup at work
- From: Rico Secada
- Help needed with server setup at work
- Prev by Date: RE: postfix question
- Next by Date: Re: How do I forward old root emails from the root mailbox to my address?
- Previous by thread: Help needed with server setup at work
- Next by thread: Mount an iso image?
- Index(es):
Relevant Pages
|
