Embed Size (px)
DESCRIPTION
BSD Success Stories, circa 2004
Citation preview
S U C C E S S S T O R I E S
11 Success stories with BSD
Adventures in BSD
How BSD Keeps Me Sane
FreeBSD at Shannon Medical Center
BSD in a Panic
You Haven’t Had E-mail Since When? FreeBSD saves a dot-org, and maybe me, too!
A FreeBSD Success Story (and DragonflyBSD too)
BSD In a Microsoft Office
Museum Guardian
OpenBSD Saves the Day
A FreeBSD Implementation
Open Source Software in Co-operation Ireland
BSD
The BSDs have earned a reputation for stability, security, and performance. That'sno accident. Their Unix heritage provides the power. Careful attention to detailand correctness on the part of their developers provides the finesse. This hasproduced highly-reliable systems that are easy to administer, flexible to any task,and compatible with tens of thousands of pieces of open source software.
No wonder BSD is a popular choice with ISPs and the basis for Apple's Darwin!
The BSDs are also proving themselves popular with both sysadmins and userslooking for alternatives to expensive, proprietary, and inflexible operatingsystems. This collection of BSD Success Stories—written by ordinary users--shows just a few of the many ways in which the BSDs solve real problems all day, every day.
Introduction
Adventures in BSD by Michael Josefsson
2
I am sometimes asked “Why do you useFreeBSD?” My usual ‘auto-response’ is“Because it is the best!” While I truly thinkit is the best, this reply does not reallyanswer the question. I hope this article will better explain my feelings.
Way back in 1994 I became the manager ofa hardware laboratory at my old University. I was to manage the labs in all aspects, fromcomputers down to data sheets, pliers, andstudents. With over 300 students attendingeach year, this was a very time-consumingtask. Of the three labs, only two hadcomputers and networks in them. In thethird lab, 16 serial lines were connectedthrough a Xyplex terminal server to acomputer of unknown pedigree. (It laterturned out to be a Sun 3.) I had been intocomputers since the early 80s and PCs since1989, but I had never touched a network of any kind.
The two labs were connected by a LantasticLAN. Only one area of the server’s disk wasshared and every student stored his ownhome-directory on it. As long as everythingworked fine, and it generally did, I hadbetter things to do than trying to under-stand what this network setup was all about. The odd downtime was mostly dueto students tampering with the RG-58 coaxthat ran from one machine to anothercontinuing on into the next lab. Problemswere easy to locate. I knew the coax had to be terminated with a 50-ohm BNC terminator and moving this terminator to strategic places along the cable always led me to the culprit.
Then there was a software upgrade. The labs had been running MS-DOS with aDOS-based compiler for many years. Thenew version of the compiler required MSWindows. (At the time this meant Windowsfor Workgroups 3.11.) I could not get the
old LAN software to run under Windows. I don’t remember why, perhaps I was avictim of my own ignorance. After readingthe Windows docs I managed to set up acommon workgroup for the two labs. Witha 486/66 Windows box working as a fileserver we again had a fully functioninglab.or so we thought!
I found that it was possible to access theserver’s shared area and was quite pleasedwith my doings. I compiled some typicalcode from a client machine and everythingran as expected. I did not test networkperformance under a higher load. The idea never crossed my mind.
During one compilation, several large,multi-megabyte files were created in theproject’s home directory. This was in itselfnot a problem as the network’s bandwidthwas not saturated. However, all this datamoving in and out of the server turned outto be detrimental to its health. With 10-15clients chewing away, the load on the serverincreased. After a period of time rangingfrom a few minutes to several hours, theserver would unexpectedly crash. A rebootgot everything working again. All sourcefiles had been auto-saved before entering thecompilation stage so it was easy to start overand hope for more success the second time.Still, the situation was less than satisfactory.
At this point, OS/2 entered the story. In the outside world, Windows 95 was beingdeployed. I got my hands on an old OS/22.1 demo CD. After several problems I got it up and running. I thought it was cool and ordered my own OS/2 Warp soon after.Warp was my favourite desktop for years to come. I really liked the smooth userinterface and enjoyed the increased stabilitycompared to the Windows version I hadused earlier. A co-worker with a similarinterest in computers used Windows 95
and had to re-install every three to fourmonths. The system would somehow clogitself up beyond recognition. My OS/2machine ran happily all the time. Great!Except for the RSA DES Challenge. Beingoutside of the United States I took aninterest in the Swedish-run SolNet DES-attack. With SolNet’s limited resources there was quite some time before an OS/2executable was published. The situationannoyed me.
So what to do? I was unwilling to give-upOS/2 and surrender to Windows 95. I hadstarted to experiment with Linux, a Unix-like system but felt very little enthusiasm forit. Because of an earlier experience with HP-UX, I was under the impression that Unixonly represented an extremely complicatedway of doing things, and therefore, Unixwas ruled out.
At this time, there were executables forFreeBSD available. Not knowing muchabout FreeBSD, I made an FTP install of 2.1.7-STABLE. The DES-client ran asexpected. I figured out nice commands; kill -STOP, kill -CONT and that putting an ampersand (&) after the command lineran a job in the background. Cool! I couldmanage every aspect of the program. A tasteof a new world! This was very enticing.
My success was short-lived. There was soon a new DES client requiring newer libs,which forced me to install 2.2.2. This time I ordered the 2 disc FreeBSD set fromWalnut Creek sometime around June 1997.
Before the summer I had plans to replacethe lab server with OS/2, but during thesummer, I experimented with FreeBSD and learned about TCP/IP, Samba, FTP and Unix.
The client machines in the lab were usingWindows 95 and since we had to get rid of Windows for Workgroups anyway, Iinstalled FreeBSD on each and everymachine. I made further experiments withthe r*-services (rsh, rcp, ruptime, etc.)among other things. All in all, the experi-ments made me confident with managing
FreeBSD. In the beginning of August, whenI had to wire-up the lab’s new infrastructure,I made FreeBSD run the lab for me. Thatturned out to be a wise move; not onespontaneous reboot occurred during theyears to come.
With a busy lab, reliability is of major impor-tance. The logs show students accessing theserver around the clock. FreeBSD really isreliable; the server’s longest uptime to date is 220 days.
By now, things were moving fast. The thirdlab was also computerized. (The introductionof Microchip’s PIC line of processors neces-sitated this.) I added a couple of hubs andthe labs were interconnected. The nextsummer I set up a local name server and a private domain on a FreeBSD box withtwo NICs—one for the internal net and onefor external access. There was no forwardingbetween the two interfaces. This setupallowed me, as admin, to downloadsoftware which I then installed on theclients. Each project team in the lab had its own home, with permissions fixed sothey could not peek at each other’s work.They could also edit files at home andupload via FTP. I added the system user as a way to keep a central repository ofprograms and files that every client wouldneed—Adobe Acrobat for Windows for example,printer drivers, upgrades and other stuff.
Until now all data sheets had been in afolder in my room. The projects’ supervisorshad access to the folder and make copieswhich they handed out to the project teams.There were 95 steps to the photo copier,and with 95 steps back from it, handling the data sheets became more and morecumbersome as a variety of componentswere added. What to do? Install Apache!Putting the data sheets on the server inPDF-format has eliminated the actual paperhandling. This was a truly brilliant movethat I wish I had thought of earlier. Noweach project group could peruse theavailable components’ data sheets, both fromhome and when in the lab before committing
3
the device into their project. Some studentsprinted out data sheets of course, but I see atrend of more and more students reading thespecs directly off the screen.
There is a lot of activity in the labs. With up to 75 students there at the same time,not all of them can be busy with theirassignment; installing MP3s on the clientshas become a popular pastime. It is quitepossible that the especially zealous studentsfiddle around with the system settings ofWindows 95 and cause damage! To simplifythe Windows re-installation, we have made acomplete 2 gigabyte image of the Windowspartition which easily can be downloadedand written onto the machines. While thismay sound rather brutal, it works well inpractice. In fact, every machine in the labwas born this way.
Needless to say, the client machines dual-boot between Windows 95 and FreeBSD. It is a particular pleasure to find thestudents shutting down Windows andrebooting into FreeBSD because they feelmore at home with it.
Earlier I mentioned we had a Sun 3 box.That particular machine has gone to thescrap heap and the FreeBSD server hasreplaced it. Using the ports, I installed them68k-coff cross-compiler and spent sometime rebuilding the libs needed for ourparticular hardware. We were able to get rid of gcc-1.40 and now use gcc-2.8.1 forour in house built 68008 computer card.
Some small bits and pieces complete thepicture. The server has been endowed with a Tandberg SLR-5 tape backup. Once a week I do a level 0 dump and every nighta cron job initiates a level 1 incrementalbackup. The machines’ disks are mirrored
with vinum(8). Thus the entire /usr issafeguarded from disk failure. To ease newinstallations and administration, each clienthas a P:\ (P for program) directory with allnon-standard Windows 95 software. It isnow sufficient to install new software ononly one client; it will become available tothe other clients at the next log-in. Everyhome share is attached as Q:\ on the client.To this end, Samba is configured as an NTdomain controller. Log-in scripts handle theactual attachment of the devices at log-intime. On the FreeBSD side I use NFS andamd(8) to automount the user’s home directories upon log-in.
I have unfortunately left OS/2. I really likedthe Workplace Shell, but the functionalitybuilt into even a basic FreeBSD system makesme more productive. I have now been usingFreeBSD exclusively for over two years for all my desktop needs. My experience is bestsummarized by something I saw someonepost to one of the FreeBSD mailing lists: “I’m home.”
Michael Josefsson is a research engineer atLinköping University, Linköping, Sweden.
Originally published as Daemon News:Adventures in BSDwww.daemonnews.org/200107/adventure.html
4
Adventures in BSD, continued
6
I am a web application developer, and workwith Zope and ZEO clustering, as well asweb application performance tuning andclustering. I have chosen to work with theBSDs for years for several reasons.
When working as a young *NIX admin formy first Open Source based company, I hadto perform install-monkey tasks for Red Hatsystems. The process was excruciating, as itstarted with the installer (simple enough). Ispent the next three hours removing anddisabling all of the games and miscellaneousdaemons running on the system.
After my first FreeBSD minimal install fiveyears ago, I ran top and expected to learn a whole new set of things I had to turn offwhen, to my surprise, top didn’t even fill an 80x24 terminal! I then proceeded to findout that man pages were actually cherishedand stellar on the BSDs, and have success-fully used the BSDs as the core of everyproject since.
Recently, I worked on a Zope project onanother sysadmin’s network, then runningMandrake. I had never worked on Mandrakebefore, and was immediately totally lost inreverse-engineer and second-guess someoneelse’s brain to run our web apps and ObjectDB, which was extremely costly, as the serversneeded to run in a fairly advanced clustersetup. I lost hours on the project, and in theend, lost sleep making the system run in amanner I found comfortable. With that, all of the applications I’m used to compilingmyself, or installing via ports, were all partof the base install—and with configurationscompletely customized to someone else’sneeds and massively undocumented!
I suddenly deeply began to appreciatesomething in the BSDs which I have alwaystaken for granted, uniform adherence tostandards and well-documented workingprocesses which free me to solve very
specific problems. The consistency is so well executed in the BSDs, it’s completelytransparent and therefore easily forgotten.
To make things worse, three weeks after the project ended, the boxes were crackeddue to a mail related configuration error,exploiting a hole that the GUI mail adminis-tration tools could not close. The systemwas now a warez and IRC server. My clientdecided to switch to Red Hat in light of thecompromise and set up two new Red Hatboxes. With a new set of what I felt to beun-unix like configurations and conventionsand lackluster documentation nativelyavailable, I hacked my way throughrebuilding the web-applications—nearlyfrom scratch—forcing a completely differentconfiguration in the end. The changes andthe costs incurred by the client made themchoose not to pay me to document the newsystem and changes properly. (I couldn’tbear that idea and provided basic configu-ration and system notes.) This refreshed my deep appreciation for the BSDs. For the bulk of my projects, I hardly thinkabout the BSDs because things that trulywork transparently support everything.
Isaac Levy is an independent web appli-cation developer and consultant in NewYork City, with a focus on Open Sourcesolutions and development. Isaac hasworked in Open Source web hosting, in Zope development, and with BSD Unix for years in various forms. He aims to bringexperience in large enterprise software appli-cations to small and medium businesses.
How BSD Keeps Me Sane by Isaac Levy
7
Shannon Medical Center is a not-for-profittrauma center in West Texas that acts as thesafety-net hospital for the surrounding area.
As the health care industry is under pressurefrom increased costs of providing health care,coupled with reductions in reimbursementsfor providing that care, the importance ofproviding timely information to hospitalmanagement has never been higher.
Shannon Medical Center uses a DecisionSupport System (DSS) from a commercialvendor. In 2000, a supplemental decisionsupport database was built using FreeBSDand PostgreSQL. This system integrates key data from the commercial DSS, othersources of internal data that cannot beimported into the commercial DSS, andexternal data for benchmarking purposes.Analysts access the data using preexistingdatabase clients via ODBC, eliminating theneed for additional training. The initialsystem was built on an existing desktopcomputer for proof-of-concept. Due to theproject’s success, the system’s hardware wasupgraded to a database server in 2001.
In the words of Andrew Gould, Manager,Clinical Decision Support:
The FreeBSD/PostgreSQL combination isextremely flexible and robust. FreeBSDprovides a stable and efficient environmentfor the database server. The relational datamodel facilitates flexible analysis that is
unsupported by the commercial DSS. Thedatabase is used primarily for financial,clinical and market share analysis. Some ofthe results of this implementation include:
• Hospital management receives infor-mation that was previously unavailable.
• Increased efficiency—highly focused, clinical data analysis reduces the number of medical charts to be reviewed manually.
• Unplanned downtime since/including installation = 0.
• License fees since/including installation = $0.
• Support expenses since/including installation = $0.
The flexibility and low cost of this projectreduce our dependency upon vendors andfree us from many budgetary constraints.We can adapt the system whenever wewant, however we want, to meet ourchanging needs.
Andrew Gould, CPA, performs financial and clinical data analysis for ShannonMedical Center. His primary tool for dataintegration is a PostgreSQL database serverrunning on FreeBSD. Andrew has beenusing FreeBSD at both work and home forfour years. Andrew has a BS in Educationand a BBA in Accounting from theUniversity of Texas at Austin.
FreeBSD at Shannon Medical Center by Andrew Gould
8
My employer’s main business is designingWeb applications, but once those applica-tions are built our clients turn around andask “Where should we host this?” That’swhere I come in, building and running asmall but professional-grade data centerfor custom applications.
As with any new business, our hostingoperation had to make the most of theresources we had. Our resources werestrictly limited to cast-off hardware from the web developers and free software. The only major expense was a big-namecommercial firewall, purchased formarketing reasons rather than technicalones. With FreeBSD and a whole mess ofopen-source software, we built a reliablenetwork management system that providesthe clients with a great deal of insight intotheir equipment. The clients, of course, payfor their own hardware and so have fancyhigh-end rackmount servers with theirchosen applications, platforms, andoperating systems. We’ve since upgraded the hardware — warranties are nice, afterall! — but have seen no need to change the software.
One day, a customer that had expected touse very little bandwidth found that theyhad enough requests coming in to use close to twice the bandwidth we had for the entire datacenter. This affected everycustomer, slowing the entire hostingenvironment to speeds comparable to a snail in molasses. If your $9.95/month web page is slow you have little to complainabout, but if your $50,000/month Webapplication is slow you pick up the phoneand scream until it stops.
To make matters worse, my grandmother haddied only a couple days before. Visitationwas on Tuesday, and the funeral wasWednesday morning. Monday morning
I handed the problem to a minion and said“Here, do something about this.” I knewbandwidth could be managed at manypoints: the Web servers themselves, the load balancer in front of them, thecommercial firewall, or even the router.
Tuesday after the visitation I found mycellphone full of messages. InternetInformation Server can manage bandwidth— in eight megabyte increments and only if the content is static HTML and JPEG files.With several Web servers behind the loadbalancer, that fell somewhere betweenuseless and laughable. The load balancer did support traffic shaping, if we bought the new feature set. If we plopped down a credit card number, we could have itinstalled by next Sunday. Our big-namecommercial firewall also had traffic shapingfeatures available, if we upgraded ourservice level and paid an additional (andquite hefty) fee for the feature set. That leftthe router, which I had previously investi-gated and found would support trafficshaping with only a flash upgrade.
I was on the phone until midnight Tuesdaynight, making arrangements to do anemergency OS upgrade on the router onWednesday night. I had planned to go tothe funeral in the morning, give the eulogy,go home and take a nap, and arrive at workat midnight ready to rock. The funeralturned out to be more dramatic than I had expected and I showed up at work atmidnight sleepless, bleary-eyed, and uprightonly courtesy of the twin blessings ofcaffeine and adrenaline. In my email, Ifound a note that several big clients hadthreatened to leave unless the problem were resolved Thursday morning. If I hadn’talready been stressed out, the prospect of choosing a friend to lay off would have done the trick.
BSD in a Panic by Michael Lucas
9
BSD in a Panic, continued
Still, only a simple router flash upgrade andsome basic configuration stood between meand relief. What could possibly go wrong?
The upgrade went smoothly, but the routerbehaved oddly when I enabled trafficshaping. Over the next few hours, Idiscovered that the router didn’t haveenough memory to simultaneously supportall of our BGP feeds and the traffic shapingfunctionality. Worse, this router wouldn’taccept more memory. At about six in themorning, I got an admission from the router vendor that they could not help me.
I hung up the phone. The first client who had threatened departure would bechecking in at seven thirty AM. I had sleptfour hours of the last forty-eight, and hadspent most of that time under a fiendishlevel of emotional stress. I had alreadyemptied my stash of quarters for the sodamachine, and had been forced to pillage aco-worker’s desk for his. The caffeine andadrenaline that had gotten me to the officehad long since worn off, and further dosesof each merely slowed my collapse. We had support contracts on every piece ofequipment and they were all useless. Allthe hours of work I had put in, and myteam before me, left me with a sum totalof absolutely nothing.
I made myself sit still for two minutessimply focusing on breathing, making my head stop sliding around loose onmy shoulders, and ignoring the loud
ticking of the server room clock. Whatcould be done in ninety minutes — no, now only eighty-eight?
I really had one only option. If it didn’twork, I would be choosing someone tolay off or filing for unemployment myself.
6:05 AM. I slammed the floppy disk intothe drive and started downloading theOpenBSD install floppy then grabbed a spare desktop machine, selecting it fromamongst many similar machines by virtueof it being on top of the pile. The next fewminutes I alternated between hitting the
few required installation commands anddismantling every unused machine unluckyenough to be in reach to find two decentnetwork cards. By 6:33 AM I had two IntelEtherExpress cards in my hands and a newOpenBSD 3.5-snapshot system. I logged inlong enough to shut the system down so Icould wrench the case off, slam the cardsinto place, and boot again. OpenBSD’s built-in PF packet filter includes all sorts of niftyfiltering abilities, all of which I ignored infavor of the traffic-shaping functions. By6:37 AM I was wheeling a cart with amonitor, keyboard, and my new trafficshaper over to the rack.
Here, the killer problems manifested. Ididn’t have a spare switch that could handleour Internet bandwidth. The router rackwas jammed full, leaving me no place to put the new shaper. I lost almost half anhour finding a crossover cable, and when I discovered one it was only two feet long.The router, of course, was at the top of therack. Fortunately, if I put the desktop PC on end and left it sitting on the cart, thecable just reached the router. I discoveredthis about 7:10 AM. I stacked everything so it would reach and began re-wiring thenetwork and reconfiguring subnets.
I vaguely recall my manager coming inabout 7:15 AM, asking with taut calmness if he could help. If I remember correctly, asI typed madly at the router console I said“Yes. Go away.”
At 7:28 AM we had an OpenBSD trafficshaper between the hosting area and ourrouter. All the client applications werereachable from the Internet. I collapsed in my chair and stared blankly at the wall.
While everything seemed to work, the proofwould be in what happened as ouroffending site started its daily business. I watched with growing tension as thatclient’s network traffic climbed towards the red line that indicated trouble. Thetraffic grew to just short of the danger line— and flatlined. Other clients called, happy
10
that their service was restored to its usualquality. (One complained that his site wasstill slow, but it turned out that bandwidthproblems had masked a problem with hisapplication.) The offending client complainedthat their web site was even slower thanbefore, to which we offered to purchasemore bandwidth if they’d agree to buy it.
Today, I have two new routers and newDS3s. The racks are clean again, withoutextra cables from thrown-together solutions.The desktop machine has been replaced by two OpenBSD boxes in a live-failoverconfiguration, providing protection for ourbig-name commercial firewall as well asshaping traffic.
My thrown-together OpenBSD desktopmachine is sitting in the corner of the
hardware room. The sign on it says “DONOT TOUCH: EMERGENCY USE ONLY.”Should the clock tick down on some otherproblem, well, at least I won’t have to spendthe thirty minutes it took to install.
Michael Lucas lives in a haunted house inDetroit, Michigan with his wife Liz, assortedrodents, and a multitude of fish. He hasbeen a pet wrangler, a librarian, a securityconsultant, and now works as a networkengineer and systems administrator with the Great Lakes Technologies Group. He’sthe author of Absolute BSD and AbsoluteOpenBSD, and is currently preparing a book about NetBSD.
11
The phone rang… “Hello, this isSusan*…this may seem strange, but I wasthinking about some problems we’ve beenhaving, and I thought you could help us.Could you come down sometime and take alook at our computers? We’re really strug-gling here.…”
She went on in some detail about the stateof things at her office. I assured her I’d thinkabout it, and hung up…like Samuel Morse,thinking “what hath God wrought?” I’dcreated an HTML page or two, but I was no computer genius. I had a computer and I had friends and a smart brother whoworked on them and with them, and thatwas about it. My training was in a totallyunrelated field; although I was currently in a “career path crisis”, I was neither computerrepairman nor network consultant.
The caller was a friend, personal secretary tothe pastor of the largest church in a nearbycity; I was on the ministerial staff at thesmallest church in the next town up theroad, and as far as she knew, our computerswere always working. (Of course, she didn’tknow that we never asked them to domuch.…)
I went down there; things were a mess. Itwas September 2001; in addition to frightfulthings in the world at large, Code Red andNimda were ravaging computers globally.The machines at Big Church* ran that“Wonderful” OS (well, it starts with a “W”,anyway) and some were infected. Furthermore,although everyone had high-speed Internet,almost no one was using e-mail to commu-nicate. It was strange; an organization withtheir own domain name, over a dozen paidstaff members, and a budget of nearly amillion dollars still depended on stickynotes for intra-office communication andspent a lot of phone time just hashing outdetails of upcoming activities with their
members. I didn’t think that was possible in the 21st century.
After removing Nimda from a couple ofmachines, I asked about their e-mail. “Oh,that hasn’t worked for a while…” Curiously,I opened a couple of outboxes on their POPclients. The most recent sent items werefrom November 2000, ten months past!!Inboxes? Same story….
Timidly, I asked, “Where’s the server?”
“The server? Hmm, that would be Brenda*’smachine.”
Brenda was in charge of payroll andfinancial and membership records. Hercomputer was a 500 MHz Athlon with 128MB of RAM. The OS looked a tad differentfrom everyone else’s. Whatever it was, itdidn’t run so well, and there were someobvious reasons. This machine was runningan “Advanced” version of that same verypopular OS, and between being infectedwith Nimda and attempting to operating as a PDC, along with IIS SMTP, and (forsome strange reason) anonymous FTPservers, plus Brenda’s browsing (she hadbeen smart enough to get a mail account at Yahoo!) and the large financial packageshe used, this machine was taxed past thelimit of its resources. Furthermore, I couldn’tbelieve that they would spend so muchmoney just to run Web and Mail for 12users. Of course, once I removed the virus I discovered they hadn’t spent quite enough!There was no POP/IMAP service on thisbox, it was not firewalled, and most of theservices it did offer were badly configured or not working properly.
I called a friend of mine who worked for asmall ISP. He’d been kind enough to do alittle open-source evangelism with me, andhad given me a shell account on a virtualserver that hosted the company’s website. I’d learned a little about telnet and ftp,
You Haven’t Had E-mail Since When? FreeBSD saves a dot-org, and maybe me, too!
by Kevin Kinsey
12
knew ls and cd, and could use pico to edittext or HTML files. I was certainly no guru.
“What is that OS I’ve been talking to onyour web server? Some kind of Linux?” Iasked. (His kids teethed on little penguintoys…he had a five-box LAN in hishouse…these days I’d call him anübergeek… )
“No, that’s a little more ‘hard-core’. Probably a-BSD. Maybe FreeBSD. Why?”
Hard-core? (Brief shiver)…I swallowed hardand gave him an overview. He told me Ishould do something about the situation(besides letting this server spew viruses allover the place) and that an open-source OSlike FreeBSD would probably be just thething I needed. “You can read everythingyou need to know on the ‘Net.” So, with at least a bit of trepidation, I pointed abrowser at www.freebsd.org. “All you need is a pair of freshly formatted floppies andthese instructions.…”
I went home and read up a bit (I grabbed the entire FreeBSD Handbook in .rtf format.)I printed several pages. I formatted thefloppies and read the instructions.
The next day I was back. I found, in anupstairs closet at Big Church, an old clunkerthat wasn’t up to modern specs. It booted,and had a rather small HDD, but it didn’tclack too much and the fans sounded OK. I managed to stick a NIC in it and cable it totheir switch. Booting from the floppy,holding tight to a couple of pages I’dprinted from the online Handbook, Iclunked away though sysinstall. If Iremember correctly, it took two, maybethree attempts to navigate the menuscorrectly — it was a little different than Iwas used to, but the alternative was payingthousands of dollars to someone who didn’teven care to come and check up on themachines they had installed and (appar-ently) hadn’t been there for 10 months.…
To make a long story shorter, once Inavigated the installation menu properly,FreeBSD installed itself. I found myself in
a rather familiar CLI environment. In lessthan a day, we had SMTP and POP3capability inside the building. Then wemoved the HTTP service to this littleclunker. Now Brenda’s financial app wouldwork better because she wasn’t sitting on anoverworked box with no resources. Later westarted in-house DNS to ease the load on theISP and router. As a bonus, all this wasaccomplished with free software andhardware that was waiting for the dumpster.
That was almost three years ago. Today, thatchurch hardly ever calls me with problems,and when they do, they’re never server-related. I do think I’ve proactively changedevery piece of hardware on that box, as partshave become available, and as their websitehas grown way past the size of the originalHDD, but the server still bears the samename, and today provides even more servicesboth to the LAN and the outside world.
As for me, I still have that part-time minis-terial position, but also have a growingbusiness in networking, troubleshooting,and web application programming that hasadded substantial income to the familybudget, and given me some direction forthat career path crisis.
This is no testimony of “what FreeBSD can do for your Fortune 500 shop”. Frankly,unless I become a better businessman, I’llnever make a killing. But there are lots oflittle problems everywhere that people needgood tools to solve, as well; I found a goodtool in FreeBSD.
I imagine FreeBSD can offer the same thingsto anyone that it offered to me, and evenmuch more. But I know that because of itsstability, excellent documentation, helpfuluser community, highly versatile design(and of course its cost), FreeBSD was aseminal force in this growth in both my life and the life of Big Church. Guess whatpretty desktop I’m writing this on?
C’mon, you already know!!
(*names changed to protect the naive[except for me])
13
Kevin Kinsey owns DaleCo, S.P.(www.daleco.biz), a small consulting firmlocated near the equally small town of Jasper,Missouri, where he lives with his wife,children, and one cat. Starting in 2001 withtwo customers and little experience in theindustry (other than hanging around theback room of a local ISP), the companycontinues to experience slow yet steadygrowth. Prior to “Y2K”, Kevin had an 11-yearcareer in public education, teaching vocaland instrumental music in 3 Missouri schooldistricts. He claims to have no free time (andtherefore no hobbies); one of his life goals isto convert his brother (an NT system admin-istrator) into a vocal FreeBSD advocate.
You Haven’t Had E-mail Since When? FreeBSD saves a dot-org, and maybe me, too!, continued
14
A FreeBSD Success Story (and DragonflyBSD too)
by Scott Robbins
When I first came to my company, which I’ll call Astral (name changed to protect theguilty), great changes were underway. Thecompany had outsourced IT prior to thearrival of my boss and myself. Users,running Win9x, could do whatever theywished with their computers. I spent mostof my time in the first few weeks simplyreinstalling totally borked systems.
Neither my boss nor myself were bigMicrosoft fans. Although I have various MScerts, both he and I preferred various flavorsof Unix and its clones. He works in our NJwarehouse and I was responsible for theNYC side of things.
Although my *nix experience had begunwith Linux, at some point FreeBSD becamemy O/S of choice. I had wide latitude inwhat I did on the NYC side, so long as Ikept my users happy. So, I began investi-gating what I could move to FreeBSD.
My job can involve anything from helping a user put the taskbar back at the bottom of the screen to rebuilding a crashed server.We are using an NT4.0 domain, and theservers are aging and having more and more problems.
Additionally, a more than adequate box from four years ago soon becomes outdated.The two gigs of storage space for one of thecompanies on a server was rapidly filling.The half gig of the C: drive was nowherenear enough as printing jobs got larger, andusers would receive error messages aboutthere not being enough disk space tocomplete a print job.
Due to the nature of the business andfinancial constraints (one of my mentorsonce said that the top two OSI layers arepolitics and money) we often had to use a band-aid approach. However, as thingsbecame a bit calmer and people saw that we not only knew (more or less) what we
were doing, but also saved the company a good deal of money, we had a little more freedom.
One of the first steps was to take some ofthe file sharing off of the NT servers and putthem on FreeBSD boxes running Samba.This was easy enough and successful. Evenusing older discarded MS workstations,reinstalled with FreeBSD, freed a great deal of space on the servers.
Next, with a bit of trepidation, I began usingCUPS (sometimes said to stand for Can’tUsually Print Stuff). However, it went quitewell. It was fairly straightforward, allowingthe MS boxes to use their client drivers.
Our company works in fashion. We muststore a great many images of dresses. Again,space had been an issue, and I migratedmany of these directories successfully over to the BSD boxes.
At present, future plans involve having twosomewhat more powerful boxes as servers(one is already in use as a print and fileserver) and having them back up the imagesto each other using rsync. The file and printserving are both completely transparent tothe users. We will shortly be moving theDHCP server over as well.
I have a couple of other older, discardedboxes sitting on our various subnets. (Astralis actually an umbrella company. Eachdivision has its own showroom andproduction room, all in different buildingson different floors). These are very handywhen I have to reinstall a user’s machine or transfer their files when I upgrade acomputer. Our network is old, and transfersare far faster when copying between twomachines on the same subnet.
For a very small time investment, we havefound FreeBSD has saved us a great deal of money and time. I have even been a bit
15
daring, running 5.2.1 with no problemswhatsoever on some not at all mission criticalservers. I’m able to indulge myself enough tohave my own personal workstation runningFBSD 5.2.1, and only have to turn on an MSbox to walk a user through something or totest our one particular custom application.
Having heard some interesting things aboutDragonFlyBSD, I have been playing with iton a few test boxes. As each release was asmall download and quick burn, I simplyput the latest one on CD as it’s released.
I’m still just playing with DragonFly and had no plans to use it in a productionenvironment at this point. It’s more of a newtoy than anything else. I like it, but am still a bit unfamiliar with it, and run into oftenamusing problems, such as installing it withthe defaults, then following the README’sinstructions for updating without realizingthat my /home partition (where it’s puttingsource) is only a few hundred megabytes.However, its live CD came in handy recently.
Like many sys/net admins in anenvironment where most users are runningMS, we have our problems with spyware,viruses and the like. A partner had openedan ecard from his daughter, clicked onsomething, and was suddenly deluged withpopups. At times, such problems have beencured by installing the latest MS servicepacks, so that’s what we tried to do.
Upon downloading and installing the firstset of critical updates, his computer failed to boot. Ok, we’ll boot it in safe mode andremove the update. No good. It wouldpower up, then restart. Trying safe modewith command prompt also brought no joy. It seemed as if he might lose all files on the computer.
Enter DragonFlyBSD-1.0A_REL live CD. I used it to boot his laptop (a moderatelynew Toshiba Satellite) without problem.DragonFly had no trouble detecting thebuiltin ethernet, and using dhclient broughtme onto the network. I was then able tomount his C: drive with mount_ntfs andfrom there, was easily able to copy hisimportant documents and outlook.pst fileover to one of our FreeBSD samba servers.
From there, it was a simple matter to use themachine’s recovery CD, reinstall the O/S, andreplace his files from the samba box.
While this isn’t anything amazing, I did findit nice that I’d already put DragonFly intoproduction use, in a manner of speaking.
Scott Robbins is a Junior systems/networkadminstrator for a mid-size Manhattanfashion company. Although Microsoftcertified, he far prefers working with Unix,and desperately hopes to find a job as aJunior Unix Adminstrator. His web pages,with clear (though sometimes mistaken)explanations of various aspects of *nix: at home.nyc.rr.com/computertaijutsu
A FreeBSD Success Story (and DragonflyBSD too), continued
16
After being introduced to the FreeBSDoperating system back in March of 2000, Iwas so amazed with it that I wanted to find a way to use it in the office where I work.
Two years before that, I had gotten my feetwet with Linux, mostly tinkering withCaldera and Red Hat. I was impressed withLinux as well. So much so, that I joined alocal Linux Users Group (www.sllug.org). Itwas during one of our user group meetingsthat I was introduced to FreeBSD. Duringthe meeting, CDROM sets of FreeBSD 3.4were handed out and I was lucky enough to get one!
The very next day, I installed FreeBSD on an old pc at home and was immediatelyamazed. The overall configuration andlayout of FreeBSD, from the installationchoices to the directory and file structure,were in a really logical order. Everythingabout it just seemed to make more sense.
One of the things I was most impressedwith was how easy it was to install applica-tions from the vast ports collection. I alsoliked how FreeBSD gives you the choice ofwhich applications you want as part of thebase install. Some OSes seem to include alot of applications during the install processthat you may or may not have interest inusing. This can be especially troublesome if you have an old pc with a small harddrive. I like the idea of installing just thecore operating system and then having thechoice of going back and installing what I want. I mean, who really needs fifteendifferent text editors, when two or three will do?
After tinkering with FreeBSD at home for awhile, amidst all the noise and distractionsthat go with a family setting, I decided tosee if I could install it on an unused pc atwork. The logic being that I would have thechance to learn more about BSD/UNIX at
work, since, like most of us in this day and age, this is where I spend the bulk of my time.
As luck would have it, I was able to locatean older Compaq Deskpro pc that wasn’tbeing used. It was a 200 MHz machine with 64megs of RAM and a 4 gig hard drive. It turned out to be the perfect choice.FreeBSD 3.4 installed easily on it, using theentire amount of space on the hard disk.During the install process, I was given thechoice of either manually creating thenecessary partitions or selecting ‘A’ andletting FreeBSD do it automatically. Since I had only installed FreeBSD once before, I decided to let FreeBSD do the dirty work.Before I knew it, I had a powerful, stableand functional operating system at myfingertips!
After spending a week or two of explo-ration, I discovered that the famous andpowerful Apache web server was alreadyrunning! I stumbled into this when Ipointed the web browser on anotherworkstation to the IP address I had givenmy FreeBSD system. I was immediatelyoverwhelmed with excitement and fasci-nation when I saw the Apache welcomescreen. This discovery spawned a great idea. Previously, our office had never implemented the creation of a localintranet. I knew that the use of corporateintranets were wide spread and anticipatedthe need for such a useful source of helpand information in our office.
I immediately set to work, creating webpages with the use of Netscape Composer,that contained helpful information that ourusers could draw upon when they neededit. I was amazed at how fast it was to accessthese pages through a web browser, ratherthan accessing the same information locally,from a file server or email database. This
BSD In a Microsoft Office by Joe Warner
17
BSD In a Microsoft Office, continued
was especially apparent while dialed intoour network remotely.
A few months after I put FreeBSD/Apache to work, news came from upper managementthat there was an interest in employing theuse of intranets at all the remote field offices.Other web servers and content soon sprangforth and now we have a fully functioningintranet in place and more and more of ouremployees are showing interest and becominginvolved. We have more than a few employeesnow who are acting as content publishers andare creating and maintaining sections of ourintranet themselves. There are also more thana few employees and co-workers who are nowinterested in the BSDs and wish to learn more.
The Apache web server (http://www.apache.org)was a great find, but it was hardly the end of many discoveries I would make and ideasI would come up with. After more reading,research and tinkering, I had an FTP serverrunning and after a few days, had a Sambaserver (http://www.samba.org) running aswell. This proved to be invaluable, sincenow, I can create web pages from anyworkstation on our network and copy them directly to the web directory on my FreeBSD system!
Acceptance and interest in the various BSD Operating Systems, and what they arecapable of, was growing. Not only were co-workers in my department taking notice,but my managers as well. Just the costsaving factors alone that come with the useof BSD, and other Open Source operatingsystems and applications, are hard not totake notice of.
Our division had recently moved to a brandnew building in an industrial section of ourcity. The building was constructed from theground up with our business needs in mind.Everything in the building has a spaciousand contemporary look and feel, including a state of the art data center that can be seen through large glass windows from oneof the main hallways. Our network is fast, at 100 megabits.
A few months after we moved into our newbuilding, one of my managers voiced theneed for some kind of network monitoringsoftware or tool that we could employ tomonitor the health of our network andidentify problems. He was considering the purchase of an expensive, hand heldmonitoring tool that would cost thousandsof dollars. I told him that I probably alreadyhad some kind of network analysis softwareon my FreeBSD machine and asked him togive me a little time to find out. I also toldhim that if I was able to find something thatwould do what we wanted, we could saveour office and the company a lot of money.He agreed and I was soon searching theports collection on my FreeBSD machine for just such a utility.
It didn’t take me long to discover that Ialready had access to powerful networkanalysis utilities like The Ethereal NetworkAnalyzer (www.ethereal.com) and Snort(www.snort.org).
I decided to start with The Ethereal NetworkAnalyzer because it was the most GUI of theutilities that I had found and was a moretangible and suitable way to presentnetwork analysis information. Most of mymanagers and co-workers use Windows NTand have never had exposure to UNIXterminal screens or UNIX shell access, muchless the BSDs or even Linux.
During my first attempt at using Ethereal tomonitor our network, I was able to immedi-ately identify a problem and report it so thatcorrective action could be taken. I noticedthat one of our Lotus Notes DominoServers, running on the IBM iSeriesplatform, was sending out a barrage ofnetwork announcements. I immediatelywent to our Lotus Notes Administrator andasked if he was aware of any problems. Hesaid he hadn’t heard of any and just when Iwas about to leave, one of our employeesthat was engaged in development on theserver came in and said that she was unableto log on. It turned out that the problem
18
was with the TCP/IP configuration and wassoon corrected.
Right away, my managers could see that this was a useful and powerful utility tohave in place and I still receive requests allthe time to identify possible problems andcollect information on individual nodes on our network.
Recently, I and other members of ourdepartment had reason to believe that anintruder was trying to gain direct access to oneof the nodes on our network via telnet or byusing a port sniffer. I used Snort to effectivelycapture packet information from this node.
After monitoring the suspicious activity for a couple of weeks, it was determined that theattempts were coming from a node with aninvalid IP configuration and not an intruder.
When I first had the idea of finding ways to use Open Source operating systems andsoftware at work, I thought I’d have a verydifficult time doing this, since our office hasbeen a Microsoft/IBM shop for years andthese platforms and associated software are what our employees are used to using. I never intended to recommend thereplacement of these platforms in favor of the BSDs or Linux but rather to employand integrate the use of these platforms in a more cost effective and productive way.
For those of you who are consideringemploying the use of FreeBSD, NetBSD,OpenBSD or BSD/OS in your office orcompany, I would recommend that youinstall it on an available pc. Explore thehuge number of applications, (currentlyover 10,500) in the ports collection and the many uses these powerful and uniqueoperating systems have to offer. Start withthings that are tangible and easy to see thebenefits of and understand.
When I first started using FreeBSD, I was so amazed and taken with it that I could be heard preaching the BSD gospel almostevery day. Keep in mind that most peoplewill continue to use whichever operatingsystem or application they are comfortablewith. Don’t be such an advocate that peoplebecome afraid to even mention the words“FreeBSD”,”NetBSD”, “OpenBSD” or “BSD”around you. Remember, the louder you are,the harder it can be to hear you. The phrase,“Action speaks louder than words”, certainlyapplies here. Quietly learn about the BSDs,how to use them, and offer the amazingdemonstration when the opportunitypresents itself. Soon, that old pc runningone of the BSDs will be the honey thatattracts the bees!
Joe Warner is a Technical Analyst forSiemens Medical Solutions Health ServicesCorporation and has been using FreeBSD as a server and desktop since October of2000. Joe has lived in Salt Lake City, Utahfor most of his life and enjoys *BSD,computing, history, and The Matrix.
Excerpted from Daemon News: BSD in a Microsoft Officewww.daemonnews.org/200103/adventure.html
19
I was contracted to analyze and improve anetwork for a non-profit museum after theyhad received a small government grant forIT. As most people are aware, most non-profit organizations are usually non-profitby function rather than by design, thereforethe budget was minimal to non-existent.
After getting the lay of the LAN, I foundvery serious security problems, caused by acomplete lack of knowledge and experiencewith IT at this organization.
In my report to the manager, I pointed outthat having a MS server with no firewall,connected to an “always on” broadbandinternet connection was a bit risky to saythe least. Having thousands of credit cardnumbers in a completely open shared folderfell under the “very bad thing” category.After explaining the risks of openly availableshopping on the museums dime, smellingsalts were used to revive her.
I explained that at a minimum, the firstthing required was a rock solid firewall.“That sounds very expensive. We can’tafford something like that now” she said.“Give me a day and it will be in place” I told her.
I had found an old but functioning Pentium166 box on the premises, not being used.“What will this cost?”
“Nothing” I told her.
A new FreeBSD disciple was instantly born.
An additional NIC that I had found in thePC parts graveyard (museums never throwthings out) was installed and FreeBSD waseasily installed on the old machine. With aquick kernel rebuild, a few setting changes,and an ipfilter rulebase that I don’t leavehome without, the museum had a free, solidfirewall. I also made the FreeBSD box theinternal DNS, and DHCP server, as theexisting unit went down more often thanthe stock market.
I created an IPSEC tunnel to my homesystems using open source software from the FreeBSD ports collection, and was ableto securely administer the network from the comfort of home, when needed, byinstalling Samba, also from the portscollection, on the FreeBSD box.
The little sentry functioned flawlessly andhas continued to do so. My only concernwas that one of the volunteer janitorial staffwould throw out the machine due to itsappearance. The server closet was just that,a closet, and with the ugly little box beingmounted on what appeared to be a milkingstool, it did not come across as impressiveto the untrained eye, even though it was the guardian for the museum. A large sign,complete with skull and crossbones reading“FIREWALL. Do Not Touch on Pain ofDeath” fixed that problem.
Without the free availability, functionality,and stability of FreeBSD, a costly alternatesolution would have been required,possibly causing the cancellation of wine and cheese parties.
FreeBSD saved the day.
Incidentally, the credit card numbers wereimmediately secured.
John Richard, commonly known as JR, nowworks for an ISP in the Kingston Ontarioarea, attempting to remove the speedbumpsfrom the information highway. When notdriving his wife and kids up the wall withgeek-speak, he is usually riding his Harley,or fixing something for someone.
Museum Guardian by John Richard
20
My company had recently been acquired.We were a small software developmentcompany and had been using CVS for oursource code management. Our new parentcompany was larger, with an existing webpresence that they intended to integrate our catalog system into. They were usingPerforce for their source code management,and mandated that we hook into theirsystem (i.e., the repository would be locatedat their site, in San Diego, and we wouldhave to check files and work spaces in andout over the WAN from our offices in SaltLake City).
Since we already had a T-1, it was deemedoverly expensive to put in a point-to-pointlink. It was decided that a VPN was the bestsolution. The new company’s IT/Networkingteam was convinced that putting a CiscoPIX in place at our office was the bestsolution (they were a Cisco shop andalready had PIXes for their own firewall).They immediately started looking atdifferent PIX models and Cisco’s VPNtechnologies, with an eye towards being able to ship us a configured unit we couldjust drop in place (replacing our existingFreeBSD based firewall at the same time).Their estimate on a time frame was four tosix weeks.
My developers were anxious to get workingin the new source management system assoon as possible (with pressure coming fromtheir new bosses who had mandated that wecut over within two weeks). They turned tome to find an interim solution that we couldget running in a hurry. I immediatelysuggested an OpenBSD solution using theIPSEC functionality that was built in to theOS (this was around the time of OpenBSD2.7). I got approval from my management,grabbed my corporate AMEX, and headeddown to CompUSA.
I bought a couple of HP Pavilion desktopcomputers (no monitors, keyboards, ormice) for about $800 ($400 each) andheaded back to the office. In a matter of afew hours, I had OpenBSD installed on bothmachines and was playing with the IPSECconfigurations. One quick phone call laterand FEDEX was on it’s way to pick up a boxcontaining one configured HP Pavilion. Oneday in transit and the box was in San Diego.
I got a call from the parent company’snetwork guy the next day. He had receivedthe machine and set it up right under hisdesk (where he could keep an eye on it).With another hour or two of fiddling withconfigurations to get both endpoints talkingto each other, and getting each internalnetwork routing the appropriate subnets to each other, we were able to bring up theIPSEC link and our developers were able tocheck their stuff into Perforce on the otherend of the link.
Mission accomplished, thanks to OpenBSD!We had an IPSEC tunnel in place using3DES and automatic key exchange.
The company did end up dropping $30k on a PIX for our location, and ultimatelybrought up a “supported” VPN connection.It only used single DES (the 3DES option onthe PIX was “too expensive”), relied on statickeys, and took six weeks to implement, butobviously it was superior because it cost alot of money. The OpenBSD boxes wereretired and I believe they ended up as home workstations for internal developers.Personally, I would have stuck with theOpenBSD solution. It was fast, cheap, andit worked. Normally, you only get to picktwo of those!
Jan L. Peterson is a professional systemadministrator with 16 years of experienceworking with multiple Unix versions (andthe occasional Windows machine). Laid off
OpenBSD Saves the Day by Jan Peterson
21
from his last job when the company wasacquired by a direct competitor, he has spentthe last couple of years as a consultant. Moreabout Jan can be found athttp://www.peterson.ath.cx/~jlp/.
OpenBSD Saves the Day, continued
22
A bit of history, I’ve been using FreeBSDsince 2.0 got released. I started on my questof all things BSD when I was working forClark Development (PCBoard BBS Software)in 1994. I worked in sales and softwareduplication. When the development teamstarted talking about TCP/IP, I wanted tolearn what it was. I jumped on Aol andstarting searching for TCP/IP. I found a lotof entries for UNIX but nothing that couldhelp me and then I typed in the magicalwords ‘TCP/IP unix pc’ and I found Linux. I spent the next few days downloading 17floppies of Slackware and installed it. It wasvery exciting. The first thing I noticed wasthe lack of trumpet winsock, I was so niave.I couldn’t figure out how to get on theInternet. I jumped back into Win3.1 andlearned how to connect to the Internet. This went well, but I wasn’t happy.
Linux worked but I thought there wasmore. It crashed a couple of times and I wasunhappy with the response of the systemwhen I went to untar packages. Then I wentback to Aol, started searching for more pcbased unix’s and the next thing I found was FreeBSD. I went to Walnut Creek and learned all I could about FreeBSD. This was a very exciting time. I decided that Ineeded to purchase the cd’s this time. I thenspent many days and nights learning aboutthis operating system. Testing my knowledge,breaking things that I couldn’t fix and thentrying again. I also starting learning about a lot of opensource software that wasavailable and started to implement them.This was a very knowledgable time for me and put me on my start of a professionthat I didn’t believe was available for me at that time.
Jump 3 years. I started working for acompany that developed software for thelumber industry. I was originally hired to
transfer patches and updates to customerssites. I transfered from my job to a R&Done from a comment that I made aboutLinux, I told them it was terrible. They thenasked me what I prefer, I said ‘FreeBSD’;this surprised them and after a few daysthey asked me if I would like to join theteam.
Even though the product line ran on AIXand SCO, they were very much intoWindows and wanted all of us to beMCSE’s. Which we became. Fortunately, our IT department was very much intoLinux and open source. Unfortunately, the company wouldn’t let us use it. So weslipped it in where we needed it. I was the only FreeBSD user in the department,everyone else favored Linux so I got votedout pretty quickly. I learned a lot thingsabout SCO and AIX during this time andplenty on how windows should work.
The success:
5 years ago I was working for a small schooldistrict in Wyoming when I got a job for amajor convienent store chain in the inter-mountain west. They just got connected tothe Internet and had implemented Linux on the firewall. Since I had a lot of greatopportunities to learn the tools needed tocreate a firewall, I stripped it out in the firstweek and changed it to FreeBSD 4.3. Thecompany was a big AS400 shop and hadstarted on a couple of projects that wouldhave utilized Windows gateway products toconnect to the AS400. I balked at this andsaid that this could be done with FreeBSD.IBM had released Linux odbc drivers for theAS400 that spring and I had attempted tomake it work. Unfortunately I didn’t havethe patience to get apache/php/AS400 odbcworking in Linux emulation so I gave inand installed Red Hat. But I wasn’t about to install Linux on the servers that faced
A FreeBSD Implementation by Travis Stevenson
23
the Internet so I created a proxy that wouldhandle all the requests and send them backto the web servers.
During this time we had implemented allthe firewalls, vpn’s and web servers onFreeBSD. The CTO had wanted to implementthese in a span of year. I had accomplishedthis in months. The usability of FreeBSD on our network was set. Then two thingshappened that pushed the usage of FreeBSDfrom the perimeter to internal processingand both were related to Microsoft.
One of which was running NT4 to handlethe extraction of flat files databases. Thisserver would cause us a lot of grief in themiddle of processing data. Under heavyloads, the server would stop responding and we would have to reboot. The storesthat were connected would have to benotified that they would need to resend.This was time consuming and very inter-ruptive. I then researched perl’s capabilitiesof extracting dbase files and created asolution that allowed the stores to submitinformation to the FreeBSD server where itwould extract the information and submit it to our financial system. This solution wasgolden: the uptimes of the servers went tomonths and we didn’t have to tell the storesto resubmit. Since the beginning we haveturned this scenario into a a very powerfuland scalable mechanism for submitting and prepping information. We also incor-porated perl’s XML support to processOpenoffice spreadsheets that get sentthrough this mechanism. All of this isrunning on FreeBSD.
We had a typcial Microsoft Domain, PDC,BDC and two Exchange servers. I hadstarted to look into Samba-TNG as adomain controller solution. It was receivedwell but it was viewed as being unnecessary.Then came Microsoft licensing 6.0. We didan audit on our licensing and found that wewere short. We decided that we needed tolook at alternatives. Our solutions wereSamba-TNG, LDAP, Cyrus, IMAP, Postfix
and ftp/http server for freebusy schedules—all running on FreeBSD with the servicesbuilt around LDAP. It was immediatelyapproved. We rolled this out in three weeks with great success.
Since then the success of this has helped inthe creation of a very structured and stablenetwork where we have authenticationservers, file servers and processing servers,email servers and database servers all runningon FreeBSD. We still have Windows serversfor Microsoft-only solutions that we can’tremove and we also have Linux servers. Buteven those Windows servers have to authen-ticate against our FreeBSD servers.
2002 was a difficult year for conveniantstores as people traveled less. We felt itfinancially as I’m sure other companies had.During this time we were able to increase the services of our network infrastructure at only the cost of hardware. This has beenshown as a great value to our company andwill continue to have a place on our network.
For all of the network services that weprovide, we picked FreeBSD for the security,stability, ease of OS upgrades and the amountof software that can run on it. With theports tree available it has proven to be anunbeatable solution.
Travis Stevenson is the manager of thenetwork infrastructure at Maverik CountryStores in Afton, Wyoming. Over the last 8years he has administered UNIX and UNIX-based systems and Windows administration.He currently acts as chief network engineerand security architect and is a die hardFreeBSD user.
A FreeBSD Implementation, continued
24
I am the Network Administrator for a charitythat employs roughly 60 staff spread over 4 offices in various parts of Ireland, (Dublin,Belfast, Armagh and Cork) and also has afundraising office in New York. While all of our end-user computers are PCs runningvarious versions of Microsoft Windows, wemake considerable use of Open Sourcesoftware on our servers.
Our First Experience: email
The first project that introduced OpenSource software into Co-operation Irelandwas setting up a server to serve email to allstaff. We did this towards the end of 1997—prior to this only two members of staff inthe entire organisation had email access, andintroducing email for all members of staffwas the first “major” project I undertook asNetwork Administrator. I evaluated severalcommercial mail server applications forWindows NT, and decided that they were all prohibitively expensive given my budget,and our ISP recommended that I look atFreeBSD. So, I installed FreeBSD 2.2.5 on a spare computer that was available (it had a Pentium 90 processor, 32 MB RAM, and 1 GB hard disk space). We used (and stilluse) Sendmail as the MTA, and Qpopper asthe POP3 server software. This enabled meto give each and every member of staff emailwithout spending large amounts of money.
Expanding our use of Open SourceSoftware
In 1998 I added two extra packages to themail server. The first was Apache, whichallowed us to have an internal website. Thishas been a very useful tool as that allows usto store reference documents that all staffmembers need access to in a central location.
The second application installed on theserver, which in time provoked the eventualupgrade to a server with a larger (2 GB)
hard disk, was Squid, a web proxy serverpackage. This allowed me to let all the staffin our Dublin and Belfast offices (whichwere connected by ISDN routers) to sharethe outbound Internet connection to viewexternal web pages.
Multi-user Databases over a WAN
Co-operation Ireland had a database that,when I joined the company, was imple-mented in Microsoft Access, and wasreplicated between the offices in Dublin and Belfast using scripts to merge changesbetween the two copies. This was far from an ideal solution, and sometimes the repli-cation procedure lost information.
I was tasked with finding a solution to this problem, and the solution I came upwith used some of the software alreadydescribed (Apache), and two more opensource packages: the PHP scriptinglanguage and the PostgreSQL databasesoftware. Using these tools, I was able tore-implement the database application sothat there was a single database server, and all the users connected to it usingweb-browsers on their desktops. Perl isalso used for some coding tasks (forexample importing/exporting data to the databases).
File servers for branch offices
Our branch office in Armagh was too smallfor the budget to supply a file server. For along time the two or three staff members inArmagh (or Monaghan originally) kept theirfiles on their own hard disks. A couple ofyears ago, I built a server for this office (again using a PC that was too old fordesktop use) using Samba to provide fileand print sharing. This server also used one of the two firewalls that comes as partof FreeBSD to allow all the staff in Armaghto share an Internet connection. Once again,
Open Source Software in Co-operation Irelandby Mike Doyle
25
Open Source Software in Co-operation Ireland, continued
all of the software installed on the server in Armagh was installed using the FreeBSDports system.
Web Calendar
Another project implemented using OpenSource software has been the roll-out of aweb-calendar for all members of staff. Again,we are using a package called SWebCal toimplement, free of charge, a feature that isoffered as part of commercial groupwareapplications. (It is offered, in addition toemail, as part of both Lotus Notes andMicrosoft Exchange, either of which wouldcost a large amount of money for an organi-sation our size.)
The arrival of DSL, and the implementation of a VPN
In 2002, DSL became available in Dublin,and in 2003 it became available in Armagh.We moved from having a leased linebetween our Dublin and Belfast offices tohaving a VPN over DSL between these twooffices. When we were able to connect theArmagh office using DSL, we were able toextend the VPN to include this site as well.
Once again, the software (Racoon for keyexchange and IPSec for the encryptednetwork connections) was distributed alongwith FreeBSD. (By this stage, when I rolledout the VPN to Armagh, FreeBSD hadreached version 4.7. It is currently onversion 4.10).
Again, Co-operation Ireland have been ableto use otherwise obsolete equipment and freesoftware to implement a solution that wouldhave cost a large amount of money to buildusing off-the-shelf commercial tools.
Public Website
Our external website is hosted on a serverlocated at our ISP. This server uses Red HatLinux (since that is supported by the ISP),PostgreSQL, Perl and PHP to provide adynamic website that includes a discussionforum for a school project, and an in-housecontent management system to keep the
news and events sections of the website up to date. (The discussion forum softwareis phpBB).
Factors influencing choice of software
In some cases (e.g. using Samba for fileserving) there is simply a choice of thecommercial software and one Open Sourcealternative. In other cases (for exampleselecting PostgreSQL as the database server)there are other choices available. In thesecases ease of installation, quality of on-linedocumentation, and even the recommenda-tions of other users on the FreeBSD mailinglists have helped me to make up my mindabout what to use. I originally selectedPostgreSQL over MySQL after evaluatingthem because the HTML documentation for PostgreSQL was better structured. Evennow almost 5 years later, I still feel that thebiggest differentiating factor between thesetwo products is the quality of the documen-tation! My choice of FreeBSD over Linuxwas originally based on the recommendationof an outside “expert”, but I have since usedSuSE and RedHat Linux for various tasksand always come back to FreeBSD as mypreferred platform given a choice.
As the Network Administrator for a charity,cost has always been a factor influencing my decisions, however the tool (hardware or software) has to actually “get the jobdone”, and to do so without wasting mytime, or demanding too much of my userswho are not prepared to learn to use Unixthemselves. We still use commercialsoftware for many tasks. It would be hard to quantify an exact cost saving that hasbeen made, since certain of the tasks that I use Open Source software to accomplishwould have been ignored or cancelled ifthey could not have been carried out at sucha low cost, while others would have beenregarded as critical enough that they wouldhave been implemented some other way.
The primary advantage of Open Sourcesoftware is the cost. The second advantage is that most of this software is documented
26
extremely well, and this documentation isavailable on-line and easy to find. While the quality of the documentation varies, Ihave found the on-line documentation forFreeBSD itself, and for PHP and PostgreSQLto be of exceptional quality. Samba, Apacheand Perl all have very good online resourcesto help an administrator to accomplish anynecessary task, but I personally foundnavigating these documents to be a littleslower. To be fair though, much commercialsoftware comes with downright unhelpfulonline help, and so in every case where I amusing Open Source software, the quality ofthe documentation has also been a bonus.
Another added factor for selecting Open
Source software has been the speed andquality of responses to requests for helpposted to the various mailing lists.(Commercial software usually requiresexpensive maintenance contracts to be takenout for technical support.) Michael Doylegraduated from University College Dublinwith a B.Sc. in computer science in 1993.For the past seven years, he has been theNetwork Administrator for Co-operationIreland, a charity involved in the peace-process in Northern Ireland. He lives inDublin, Ireland with his wife and infantdaughter. In his spare time (not that he has much these days) he plays the guitarand sometimes writes music.
27
The FreeBSD Projectfreebsd.org
The OpenBSD Projectopenbsd.org
The NetBSD Projectnetbsd.org
BSD DevCenter.onlamp.com/bsd
DaemonNewsdaemonnews.org
BSD Newsletterbsdnewsletter.com
Putting BSD to work for youbsdatwork.com
BSD Resourcesbsd.reedmedia.net
BSD Forumbsdvault.net
BSD Resources
![[BSD]09 ideation](https://img.pdfslide.net/doc/110x75/546d4eb3b4af9f752c8b52f2/bsd09-ideation.jpg)
