fredag 15. januar 2010

Building the ultimate home IT system. (Part 1)

This is the first part of a series of blog entries describing my journey with setting up the perfect home IT system, consisting of several physical boxes including desktop machines, a set-top box and a server with virtualization. Through this series of blogentries i will describe several alternative technologies that that you can use too incorporate:

  • Virtualization (libvirt/KVM)
  • File server (Samba/FTP/NFS)
  • Software RAID (RAID1, RAID5)
  • Logical Volume Manager (LVM)
  • Central authentication (LDAP)
  • Media center (xbmc/boxee)
  • Firewall w/qos (smoothwall/ipcop)

I will try to give a detailed description of the system as a whole, and my experience of how it works as a unit. But I will also go into the implementation of the different individual services, but not in too great detail.

Planning your system.

As depicted in the above image, this was my inital plan of my home system. 

netsrv is the physical machine who is running all the virtual computers (netvpn, netmisc, netfiler, netldap and netfw). The reason why i have divided all the system's services in this way is mainly due to flexibility. Where if one of the virtual computers breaks, I only have to reinstall that single virtual pc and it's services. This generates some overhead on processing power of the server, but all within acceptable range.

You guessed it, this machine handles the LDAP server in addition to a webfrontend for managing ldap records. ldap enabled client machines like Desktop Computers, netmisc, netfiler and netxbmc will lookup this machine to retrieve user and group information to decide access to files and directories as well as system access when logging in (only available on the Desktop Computers).

This machine takes care of all shared storage, and can be accessed through NFS, Samba and FTP. NFS uses ldap information natively, and samba and ftp can be configured to use ldap.

Contains my miscellaneous services. Mainly rTorrent for downloads and flexget for rss aggregation. Configured in such a way that all users in the torrent group, can upload torrents in a rtorrent watch directory, and access downloaded data (all residing on netfiler).

Is connected to my living room TV and handles all my entertainment media, like music, movies, series and pictures. This machine has the storage and backup area on netfiler mounted locally through the NFS protocol. However, xbmc does also support the smb/cifs and ftp protocol. It also provides ldap replication, in case the netldap server should break or be unavailable.

Using OpenVPN, im trying to configure an easy way to access all the services on the local network from outside my firewall.

With an installation of smoothwall or ipcop im hoping that i can achieve a secure local network and QoS (Quality of Service). QoS gives you the power to control network communication in regards of what user applications should be a high and low priority. So for example, say your playing an online game, but you are also downloading a couple of torrents, to make sure the game runs as smoothly as possible. You can tell the firewall to prioritize your network traffic higher than the network traffic of the download. 

Desktop Computers 
A set of desktop computers who authenticate users through ldap either directly (linux users) or indirectly with samba (windows users). The desktop computers should have access through NFS, Samba or FTP to a backup area and a storage area. The backup area consists of two partitions on two separate disks mirrored with software raid and added under LVM for flexibility. The storage area is a fault-tolerant software RAID5 added under LVM.  Access to these shared resources are defined through ldap groups, so if user1 is in the group backup, user1 should be able to write to the backup area.

Getting down and dirty.
This was all I had time for today. But ill be back soon with the dirty details on how I implemented these different open systems to create the ultimate home IT system. As you can see it's not something one can do within a hour or two.

Ingen kommentarer:

Legg inn en kommentar