Google Answers Logo
View Question
 
Q: Windows - Linux migration (quote for further work) ( No Answer,   1 Comment )
Question  
Subject: Windows - Linux migration (quote for further work)
Category: Computers > Operating Systems
Asked by: ivanv-ga
List Price: $25.00
Posted: 01 Nov 2006 10:36 PST
Expires: 01 Dec 2006 10:36 PST
Question ID: 779144
This question is only for you to quote your services for completing
all the work involved. If we're satisfied with your initial quote and
expertise, we'll open separate questions for each issue so you can
help us on each one (of course you'll discount the amount received
from this question).

Also, since you're going to interact with our servers, before each
task you'll first post on the respective question the list of actions
you'll be performing (in the spirit of Google Answers, so others can
benefit from it).

We're trying to migrate our existing network infrastructure from Windows to Linux.

It's a small network of less than 15 nodes. We have two servers in
which we want to distribute the network services as virtual machines.
Both are already doing that, but only one of them is serving the VMs
from Linux (using VMware Server).

Our estimated budget is around $500 USD, but if you don't agree, state
your reasons and your quote as a clarification. Regardless of this,
include why you believe you're the right person for this job.

Let me briefly describe our current setup:

(all VMs including the hosts are on Ubuntu 6.06 unless otherwise noted)

The first server "olimpo" has the following VMs (this one is still
running on Windows Server 2003):

* gea - File server (SAMBA, Subversion).
* paris - Web/application server (LiteSpeed, PHP, Ruby).
* poseidon - Database server (MySQL, PostgreSQL).
* zeus - Basic network services (DHCP, DNS, LDAP, Kerberos...).

The host has 2 NICs one going to the LAN (green zone) and another to
the DMZ (orange zone -for paris-).

gea, paris, and poseidon are already configured except for central
authentication (more on this below).

As for the second host server, "asgard":

* wraith - Firewall (iptables).
* stargate - Proxy server (squid) - I still don't know if this would
be better on the "wraith" VM.
* hera - Mirror of zeus to act as a backup in case zeus goes down,
needs maintenance, etc.
* chronos - To hold backups of server images, file server contents, and databases.

This host has 3 NICs, for the green, orange, and red zones. wraith is
connected to all three to provide routing to the DMZ (orange) and the
Internet (red).

Most of the work needs to be done on the zeus, wraith, and maybe
chronos (or so I think).

Please take into account that your expertise is needed, so we might
leave out stuff that's obvious to you, so don't think that what we're
asking for is strictly the only thing we'll need. Of course we'll
understand if you need more money if the case permits, but we won't
tolerate you trying to charge more for making small changes or changes
that are obviously needed to meet our requirements described below,
even if we don't specify that (for lack of knowledge in the area).

For example, if to do X you need to do Y, but we didn't specified that
because we didn't know, you have to know of that stuff in advance. So
feel free to ask for clarifications.

So this is what we need:

===== GENERAL

* Install the Webmin modules required for the configuration of the
software you're going to install/configure, or a specific web admin
tool (or some general guidelines on the configuration, with references
on the web).

* Configure all VMs to authenticate against the LDAP server.

* Review all VMs and make sure they're properly configured
security-wise: chroot jails, user permissions, processes running under
the right user, etc.

* Install agents from r-u-on.com to monitor connectivity and process status.

* On both hosts (olimpo & asgard): Configure a DVD burner and install
a command line program to burn discs.

===== ZEUS

* Configure DNS, DHCP, LDAP, and Kerberos to replace our current
Active Directory install. For LDAP, FDS is already installed, but not
configured. DNS and DHCP are also installed, and configured, but you'd
need to check the configuration and make adjustments as needed.

* You need to install and configure Kerberos and any other software
required to handle single sign-on from Windows and Linux desktops
(SAMBA maybe?).

* You will be given the domain, a list of users with temporary
passwords, a list of machine names with their MAC addresses, and the
desired IP range.

* You will configure DHCP to update the A records of machines
requesting an IP address.

* Configure DHCP to handle service addresses for DNS server, gateway,
and any other service that requires it.

* Configure printer shares for two Dell 5100cn laser printers
connected to the network.

===== WRAITH / STARGATE

* First advice us on wether we put the proxy server on a separate VM
(stargate) or include it on this one. We'll continue on the assumption
that one VM is enough for both services for now (firewall / proxy).

* Configure iptables to transparently route on all 3 zones.

* Configure the proxy to either:
  A) Allow unlimited Internet access to specific users. Only if you
can make it so the browser authenticates itself without asking the
user (single sign-on).
  B) Allow unlimited Internet access to specific IP addresses.

* Configure the proxy to allow access to everyone to specific web addresses.

* Configure a SMTP/POP3 -> SMTPS/POP3S tunnels to allow users to
access secure mail servers using a client that doesn't support secure
connections.

* Configure traffic shaping to give VoIP traffic the highest priority,
and specific users/IPs a higher than normal priority (but not over
VoIP traffic).

* Configure bandwidth throttling for specific services, users/IPs, and days/hours.

* Configure a DynDNS.com client to update our dynamic IP address to a custom host.

* Make our DSL (PPPoE) connection stay up all the time (auto "dial").

===== GEA

* Configure the SAMBA shares to authenticate against zeus. The same
for Subversion if possible.

===== PARIS, POSEIDON

* Just what's mentioned under "general".

===== HERA

* Configure this VM as a slave for all the services that zeus runs.

* Create a script on this VMs host so it starts the VM periodically,
and then the services inside the VM get synchronized with its master,
and finally it's shut down again. If you believe that simply copying
the VM files to this host (and keep them synchronized) would suffice,
state your reasons (and in this case you'd need to program a script
that would periodically copy the master VM over).

===== CHRONOS

* Create a script that periodically synchronizes the following data:
  - Subversion repositories and SAMBA shares from gea.
  - MySQL and PostgreSQL databases from poseidon.
  - VM images from this VM's host and from olimpo too. For backing up
itself (this VM), create a script on host zeus to back it up, and then
chronos can move it out of zeus.

* Provide scripts to restore backed up data with ease.

* Create scripts that routinelly pack backed up data ready to be burnt
to DVDs, and grant access to the host (asgard) so I can burn the data
from there.

* Create a SAMBA share on this machine to allow Windows desktops to
save backup images of themselves here.

===== CLOSING NOTES

Well, I think that covers it. If you have any advice whatsoever or a
request for clarifications, please don't hesitate.

We will ask the person that provides the most insightful "request for
clarification" to provide the answer to this "question" and then we'll
open other questions so you can get paid for your work (as GA $ tops
at $200).

WARNING: Please read carefully and avoid providing an answer until we
decide which one of you will do the work.

Thanks for applying!

Regards,
Ivan Vega R.

Clarification of Question by ivanv-ga on 01 Nov 2006 10:58 PST
I believe Kerberos needs a time server, so you'd need to configure
that on zeus and enable synchronization with a reliable server
available on the Internet.
Answer  
There is no answer at this time.

Comments  
Subject: Re: Windows - Linux migration (quote for further work)
From: poopydog-ga on 15 Nov 2006 10:55 PST
 
Just as an aside. You are correct that Kerberos DOES need a time
server. Your AD DC would normally do this and the slack can be listed
in the enterprise config.

I won't be able help with the move to linux but I wish all the best in
your endeavours!

Good luck!

Poopy.

Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you.
Search Google Answers for
Google Answers  


Google Home - Answers FAQ - Terms of Service - Privacy Policy