Friday, May 06, 2005

The first decision

Ok, the first decision I have to make is on the Network Operating System to use.

But before we get into that, we need to get into the reason for building a server.

Simply put, I run two computers on a regular basis, my new desktop and my new laptop. However, sharing files between them is a pain and forces me offline. It would be much easier to have my files, like MP3's, printing, documents and as backup for my main machines.

Of course, there are a lot of options, and I'd like to sort them out. But the first thing is to decide what to use.

There are three basic choices:

Windows Server 2003


Open BSD

Each has an advantage and disadvantage, so this would be a good place to start kicking it around


At 7:37 PM, Anonymous geoiii said...

Linux or OpenBSD are the best choices for a file server in my mind. They are stable, they work and there are quite a few open source options for doing things like backing up the hard drives of the desktop and notebook machines over the network. I have been using Linux and Samba for years as a windows file server for the place that I work. All of the desktop machines are running some flavor of windows and the users can not tell that the file server is running Linux. Of course I am more comfortable with these operating systems and I find the price very attractive.

At 7:59 PM, Blogger andrew said...

yeah, stay the hell away from windows. while my personal choice would be freebsd , it's what i know best, linux or open would be fine.

if you're learning it from scratch i'd probably recommend linux. since it's more used you'd have an easier time getting outside support.

At 8:16 PM, Blogger infosec geek said...

OpenBSD is more secure out of the box, beyond a doubt. If your server is at all likely to be in a position exposed to network-based attack, this is a strong advantage. The firewall bundled with OpenBSD is of enterprise class. Really. Iptables, the bundled Linux firewall if using a modern kernel, is good. Pf, the bundled OpenBSD firewall, is much better. If you go the OpenBSD route, check out Lucas' book, Absolute OpenBSD and Nazario's book, Secure Architectures with OpenBSD. Lucas is my personmal favorite. Artymiak's book, Building Firewalls with OpenBSD and PF, is very competentb ut also very, very firewall-centric.

One of the better Linux distros (I have SuSE and Mandrake in mind) with good GUI tool support is going to be a heck of a lot simpler to administer the minutiae of than OpenBSD. You can take that for fact. If you go the Linux route, my recommendation is SuSE. Two months ago, I would have said Mandrake. The last two week's work has convinced me that would have been wrong. I have been doing Unix installs for more than 15 years, and I have never seen a cleaner install than last weekend's SuSE install in all that time. They have clearly gone the extra mile to build in quality.

Frankly, I would not give Server 2003 a second thought. I do vulnerability intelligence for a bank. Microsoft vulnerabilities are the worst millstone around our neck in that department. MS is great on the desktop, as a client OS, on a trusted and secured network. Put it in harm's way and you either have to make like cerberus, and patch the way Jesuits believe in the Holy Trinity, or your server WILL get compromised. Furthermore, though there have been marked improvements since NT4, I am still not convinced of the ability of an MS OS to handle load in a server role as readily as a Unix-derived OS. Nor am I convinced an MS OS is as stable in the server role.

Both OpenBSD and Linux will run Samba.

I will check my OpenBSD firewall tonight to see if Samba is installed. If it isn't, then it can be easily D/L'ed and simply dropped in. Competently administered OpenBSD mirror sites hold an incredible amount of compiled, packaged applications. If samba is not bundled with the OS, which I think it is, it will most assuredly be found at a mirror.

Samba is bundled with SuSE. So is a GUI administration tool.

Size the system as per need. I have read Steve's old NS posts on the subject of CPU headroom. My experience bears these out - if you're not handling really enormous loads, a "slow" 1 Ghz system which might run you about $200 at Boeing Surplus has appeal.

BTW, if you're building a firewall to protect, say, a 100baseT line, you can be much more parsimonious in your choice of equipment. Cable modem and DSL lines are absurd - a 40 or 50 Mhz SPARC with 32 - 64 MB of RAM ought to do more than well enough. The firewall I deployed to protect my screaming 500 KByte/second cable modem line is built out on an old Sun LX lunchbox with a 40 Mhz CPU, 96 MB of RAM, and a 2 GB hard drive. I expect to see no load handling problems, and I don't have $40 invested in the hardware.

At 8:24 PM, Anonymous Mantar said...

Agree with what andrew said. Server 2003 is a step in the right direction for MS, but it's hard to beat the low-maintenance and reliability (not to mention cost) of the other two options. My file/ftp server is gnu/linux, and has been the rock of Gibraltar for years. It's currently 89 days since I last rebooted it - did a kernel security update.

At 8:39 PM, Anonymous Anonymous said...

I would reccommend either Fedora Core Linux or Suse Linux. Suse has a powerful set up and maitaince tool called Yast2 which makes maintaining the machine a breeze. Other people I know use Debian linux and a program called Webmin and swear by it in a corperate enviorment. I personally would not reccomend debian, though I would reccomend some of it's spawn, such as mepis or ubuntu linux

OpenBSD is probably the most secure operating system in the world, but in my opinion is gets it's security by sacrificing ease if use, and to a lesser degree overall system preformance.

Windows has a higher initial cost. I personally don't think it is as bad as It's reputation suggests. On the other hand, my guess is that you are most familure Windows, so you can have the easiest transition to it.

Eh, in the end it's all up to you. My reccomendation is going to be based on how much free time you have. If you need the server NOW and have a bout an hour a day you can spend on it, I would reccomend Win2k3 server. If you have more time and a bit of a geek inclination to learn new things about computers, I would say try linux.

There will be manythings to consider for this machine. I hope to be of some help along the way.

Just out of curiosity, why would using a windows file share force you to go off the internet?

Power User(posting anon)

At 8:41 PM, Anonymous Anonymous said...

Farking Tag issues!!!

At 9:06 PM, Anonymous Lloyd said...

Come on Steve, you must be joking. The cheapest incarnation of Server '03 I can find is small business server (web edition is cheaper but it looks like it's only for use as a web server.) Now assuming that when you put up server 2003 as an option you are talking about "buying" it, Newegg has it for $453.95 and amazon for $529.99.

Now unless you were thinking about going for Redhat Enterprise($349) the other two options will cost you zero.

Additionaly, a machine running xp pro could handle your "files, like MP3's, printing, documents and as backup" for 2 machines without much of a difference from server 2003. But setting up a xp pro fileserver doesn't sound like the "interesting experience" you were talking about in the first post here.

So lets just cut the crap, this is an open source experience. And if infosec geek is to be believed (he's got me) it looks like linux is the way.

Besides, if you start a brand new blog and your first order of the day is sending microsoft $500 cash, Mr. Avarosis and crew will be calling for your head by sundown. Them boys don't play...

Seriously though, I would really like to see a good rundown of a linux server install. I've been wanting to try one, but haven't got around to it yet. I did do a Server '03 install a couple months ago and with xp clients it is amazingly easy. I worry though about the multiple exploits that I know exist and that I know I don't have the time to fully protect against.

So pick a linux distro and keep the posts coming...

At 9:12 PM, Blogger Steve said...

Well, I sure as shit wasn't going to pay for Windows, but when you're making an eval, you need to know the options and Windows is on the table.

I need to know why not to choose it and why to choose something else.

I'm leaning towards Linux for ease of use and help reasons. Jen and I know a ton of Linux people, but I want to debate all options.

I have the hardware and the drives, so I just need the software and a new router

At 9:12 PM, Blogger Rich~! said...

If you have to go with a free OS (small F deliberately) I'd suggest either Mepis or the Open Circulation version of Xandros. has a good article which deals with setting Xandros up as a server for a Windows machine, and it's close enough looking and acting to Windows to make the transition easy.

At 9:31 PM, Anonymous manyoso said...

It's up to you Steve, but here is my breakdown:

1. W '2003 -- Get this if you are a complete novice who doesn't want to learn anything and/or really want to be cracked with virus/trojan etc, etc
2. SuSE Professional 9.3 -- Get this if you want something that is just a tad more difficult (not at all with the documentation) than W' 2003, but is much more secure and ... well, you'll love this option.
3. *BSD -- Go for this if you want something rock freaking solid (especially OpenBSD for security), but want a challenge in setting it up. You'll get it.
4. OpenDarwin -- You could always give this a try and see how it works out for you. It might be interesting and you'd have a story to tell.

At 9:31 PM, Anonymous Anonymous said...

Suse Linux For sure. Mepis and Xandros are desktop versions of linux. Suse is a general purpose workstation that will be better for a server.

At 9:59 PM, Anonymous lloyd said...

Well, I sure as shit wasn't going to pay for Windows

Well in that case, I actually have some experience. That '03 server I set up was for my office (15 clients) and the software was only $50, courtesy of some russian hackers via one of my office mates who has become one of their best customers.

A couple of notes from my experience-
1. The crack we have has limitations. After 30 days it requires a restart to change logins among other things.
2. Everytime I install a windows security update I have this all encompassing fear that this is the one that's going to lock me out and demand activation.

At 10:02 PM, Blogger Steve said...

No, I have an enterprise version lying around, but even if I had the money for it, I'm leaning towards Linux anyway.

At 10:21 PM, Anonymous pseudonymous in nc said...

If you've got a router with a built-in firewall, and just want to use the server for local network stuff, a flavour of Linux will probably suffice. If you're looking to have something that talks to the outside world, FreeBSD is a good choice: not as locked-down as OpenBSD, but with better hardware support.

At 10:55 PM, Anonymous passerby said...

You should first ask the meta-question, "should I run my own server or should I pay another company to do it for me."

The rates are pretty cheap. There are places where you can get 50 GB bandwidth and 10 GB disk space for about $10 a month. Yahoo also sells hosting services in that price range.

I think the biggest advantage to farming it out is that a big company will be more resistant to DDoS attacks.

At 10:58 PM, Anonymous passerby said...

(My previous comments only apply if you're planning to actually host your weblog on the server. If you not, then ignore me.)

At 11:03 PM, Blogger Steve said...

No, I've seen that nightmare in action. Nope, this is just file and print serving, nothing more. Maybe some media files. In a firewalled network.

At 2:52 AM, Anonymous W. said...

The current "stable" version of Debian is pretty far out of date, but is on the verge (seemingly for many months now, sigh) of being replaced with "testing" which is much more current, and blessed with a wonderful installation system. Yes, Debian has a world-beating installer now. Well, the "testing" version does.

Why should you use Debian over SuSE? I think the Debian community is one of the best in the FOSS world, and would be a great resource. Much of the time, when something isn't working for me, or I've got a question, the documentation provided by the package maintainers, or a thread on one of their many, many mailing lists have either been an invaluble starting-point, or pointed me to a good solution outright.

BTW, the "stable", "testing", and "unstable" versions of Debian have aliases. Woody is the alias of the current "stable" distro, Sarge is the alias of "testing" (which will soon become the new "stable"). And "unstable" is called (always and forevermore) Sid. When Sarge becomes the new "stable", a new alias will be coined to refer to "testing". Whew. Which may, or may not help you if you venture the choppy waters of

At 6:18 AM, Blogger Rich~! said...

While Xandros and Mepis are desktop-ish, they are also based on Debian. Easy to get server-specific applications in there.

Plus, they are easy. Most of the benefits of a secure OS, little of the commandline mastery needed. And you can get into that after, if it is needed.

Plus, to quote Steve,

"...this is just file and print serving, nothing more. Maybe some media files..."

For those purposes, Xandros OCE is fine.

At 6:33 AM, Blogger Rich~! said...,1558,1646531,00.asp

Article shows you how to set up simple file and print sharing with Xandros OCE. As Steve works out of his home, he should be fine.

At 9:19 AM, Anonymous Felix Deutsch said...

I'd like to concur with w. above.

Get Debian "testing".

The best way to do so is using JIGDO.

Go here for the official images/instructions/FAQ.

And if you want to have a real sophisticated media server, then you can always install MythTV or something similar on top of it and operate it remotely from your laptop.

At 1:39 PM, Anonymous W. said...

Honestly, I've had good experiences with the network installation option. Given the limited things you're using your boxen for, you likely don't need the great majority of the programs in the full set of installation CDs.

But if it's a learning experience you're after, then playing in a bigger sandbox is fine as well. I have used Jigdo, and it's very smooth and wonderful, btw.

At 10:33 PM, Anonymous Anonymous said...

I have a Linux server in my house, so it's not like I have anything against servers, but if I want to connect two peecees together for file sharing I just use an ethernet crossover cable. Dirt cheap, simple and 100% reliable.

yours WDK -

