What do you usually setup a Linux server for?

u0206397

Senior Member
Joined
Jul 15, 2009
Messages
764
Reaction score
0
Whether for professional work or personal hobby projects.

I am trying to understand the common use cases today for Linux.

Web server LAMP stack? :s22:
 

davidktw

Arch-Supremacy Member
Joined
Apr 15, 2010
Messages
13,391
Reaction score
1,180
Whether for professional work or personal hobby projects.

I am trying to understand the common use cases today for Linux.

Web server LAMP stack? :s22:

Mostly Professional works

1) Web Server
2) Servlet container
3) Caching system
4) NAT
5) DNS
6) VPN Server
7) Database Server (MySQL, PostgreSQL, Oracle DB, DB2, MongoDB,...)
8) Centralise Logging System
9) Mail System
10) Batch system
11) Development Environment
12) Part of clustering (worker/management node)
13) Jump Host (also known as Bastion)
14) Content Management System
15) LEMP, LAMP stacks
16) Desktop (in the past)
17) Virtualise Guest for compatibility and integration to my works and projects (console only)

Nope I don't use GUI for 99.99% of the time using Linux, I only work with the console portion of it, where Linux truly excel. :)
 

u0206397

Senior Member
Joined
Jul 15, 2009
Messages
764
Reaction score
0
Mostly Professional works
...
Nope I don't use GUI for 99.99% of the time using Linux, I only work with the console portion of it, where Linux truly excel. :)

:eek:


Netfilter/IPfilter software firewall/NAT?


BIND?

6) VPN Server

What Linux VPN do you usually use?

Just a side comment, is there good reasons for having a server setup to run firewall/NAT/VPN/DNS in the enterprise/production environment, apart from a testing / development environment to fiddle with?

From my casual observations, many businesses and companies would buy some hardware appliances from SonicWall or Cisco hardware that comes with NAT/VPN/DNS all-in-one, rather than having a Linux/BSD box software firewall/NAT. Simpler and higher performance although more expensive generally.

Is there something that the software firewall/NAT can do that the hardware do not, or do not do as well?

11) Development Environment

Any IDE that runs in the console mode without GNOME or KDE? vi and Emacs are like text editors, kind of too minimalist for me.
 

davidktw

Arch-Supremacy Member
Joined
Apr 15, 2010
Messages
13,391
Reaction score
1,180
Why *nix if it weren't for the console advantages of it. All the text based configurations, all the CLI flexibility and power. Mouse clicking around is just so unproductive and laborious. :)

Netfilter/IPfilter software firewall/NAT?
The Linux kernel routing and IP filtering components are very powerful. You can achieve quite a fair bit of NAT using its IPTABLE NAT and MANGLE tables, along with route table forwarding with marked packets.


DNSMasq too if it suits your use

What Linux VPN do you usually use?

Tried all PPTP, IPSEC, OPENVPN. Unless it is to bridge network, I will choose IPSEC, otherwise OPENVPN get most of the job done and very useful across corporate firewalls due to the fact it does not require GRE and you can easily provide via TCP 443.

Just a side comment, is there good reasons for having a server setup to run firewall/NAT/VPN/DNS in the enterprise/production environment, apart from a testing / development environment to fiddle with?

Cost is one good reason, but it all depends on what you want to achieve and how much technical expertise the company has.

Software provides flexibility and allows you to customise it for custome development integration. Hardware provides better performance and normally stick with industrial features which are not always flexible.

From my casual observations, many businesses and companies would buy some hardware appliances from SonicWall or Cisco hardware that comes with NAT/VPN/DNS all-in-one, rather than having a Linux/BSD box software firewall/NAT. Simpler and higher performance although more expensive generally.

Deiniftely the case, you have to know a lot of these enterprises may have a lot of products certified engineers, but they are not custom development gurus. You want them to hack a system to do something outside of the spec, they will give you warranty, non-standard reasonings, but ultimately the main reason is they either don't know how, or they are not ready to put their job on risks :)

Is there something that the software firewall/NAT can do that the hardware do not, or do not do as well?

I do not have entire exposure to all brand’s and models of these hardwares, but for what i have came across, they are quite features rich as long as you stick with standards.

However suppose if you want some very special design like, detect the incoming ip connections and apply a certain statistical distribution function, to the backend servers or user profiles that are not based on RADIUS or LDAP but extracted from another system or via some RESTful API, then you will need to either provide a middleware that implements such interface or forgo it.

Any IDE that runs in the console mode without GNOME or KDE? vi and Emacs are like text editors, kind of too minimalist for me.

Don't research much into it. Take a look at Java based IDE, I suspect they don't need Gnome libraries. Otherwise you can always try these web based IDE
http://www.hongkiat.com/blog/cloud-ide-developers/
http://codiad.com
 

zitseng

Senior Member
Joined
Apr 19, 2009
Messages
771
Reaction score
0
On organisations preference to use enterprise appliances:

I use a lot of Linux (and Solaris too), but also numerous appliances. It's not so much that I (or my team) cannot understand Linux, but we don't have time to self-support a DIY Linux solution. We rather go with appliances that are commercially supported, even if sometimes that might mean it's still Linux inside it. On the flip side, we are sometimes really annoyed about these appliances being presented as blackboxes to us, making troubleshooting more difficult for us to do on our own.

To be clear, "appliances" doesn't always have to be expensive commercial products. E.g. FreeNAS works very nicely for us. I use pfSense at home.

But the "expensive commercial products" often have a variety of performance and reliability advantages. E.g. firewalls that can push 10GbE traffic with no performance deterioration from application level traffic inspection etc, or load balancers with hardware acceleration, SAN boxes with guaranteed IOPS, and others. If a disk starts to show signs of failing, how much more convenient that the vendor calls us to make appointment for hardware replacement, rather than for us to discover the failure ourselves and subsequently to ownself manage the replacement.
 

u0206397

Senior Member
Joined
Jul 15, 2009
Messages
764
Reaction score
0
On organisations preference to use enterprise appliances:

I use a lot of Linux (and Solaris too), but also numerous appliances. It's not so much that I (or my team) cannot understand Linux, but we don't have time to self-support a DIY Linux solution. We rather go with appliances that are commercially supported, even if sometimes that might mean it's still Linux inside it. On the flip side, we are sometimes really annoyed about these appliances being presented as blackboxes to us, making troubleshooting more difficult for us to do on our own.

My past experience is that sometimes even the "commercial support" is not there when needed. Customers can pay but the support engineers sent by the vendors are also unable to help much to isolate the problem. They talk like help desk guys who can only give standard answers for known/frequent problems. And then the sales guy would continue to charge by the man hours allocated for the "troubleshooting support" even when the problem doesn't get resolved. :s22:

To be clear, "appliances" doesn't always have to be expensive commercial products. E.g. FreeNAS works very nicely for us. I use pfSense at home.

Yeah, the term is used widely, from hardware appliance to software appliance. It can mean very different things.

But the "expensive commercial products" often have a variety of performance and reliability advantages. E.g. firewalls that can push 10GbE traffic with no performance deterioration from application level traffic inspection etc, or load balancers with hardware acceleration, SAN boxes with guaranteed IOPS, and others. If a disk starts to show signs of failing, how much more convenient that the vendor calls us to make appointment for hardware replacement, rather than for us to discover the failure ourselves and subsequently to ownself manage the replacement.

I am not sure if hardware appliances are really custom built or specially designed hardware from scratch inside to achieve that performance, or they assemble them from standard Dell/HP rack mount servers but pre-load with their custom software stack solely for deployment convenience only. Just plug in a network cable would do.

As an analogy, it's like Sim Lim Square's DIY PC hardware wise, but with Windows pre-installed. Not sure if they really design custom made motherboard or firmware inside?! :eek:
 

zitseng

Senior Member
Joined
Apr 19, 2009
Messages
771
Reaction score
0
My past experience is that sometimes even the "commercial support" is not there when needed. Customers can pay but the support engineers sent by the vendors are also unable to help much to isolate the problem. They talk like help desk guys who can only give standard answers for known/frequent problems. And then the sales guy would continue to charge by the man hours allocated for the "troubleshooting support" even when the problem doesn't get resolved. :s22:

That's true. But there are certainly good ones. The lousy ones make the customers do so much work that I wonder why we're paying for the support service.


I am not sure if hardware appliances are really custom built or specially designed hardware from scratch inside to achieve that performance, or they assemble them from standard Dell/HP rack mount servers but pre-load with their custom software stack solely for deployment convenience only. Just plug in a network cable would do.

As an analogy, it's like Sim Lim Square's DIY PC hardware wise, but with Windows pre-installed. Not sure if they really design custom made motherboard or firmware inside?! :eek:

I totally agree. Hence, I always make it a point to fully understand what's inside the underlying hardware, so that I can see through marketing crap. I've been impressed, like the same hardware we bought a long time ago, is exactly the same thing still being sold a decade or more later. Of course, one could say that then the hardware must be quite "dated" one decade later, which is true, but it's amazing that it continues to be viable product.
 

weap0nx

Master Member
Joined
Sep 13, 2000
Messages
4,391
Reaction score
0
Regarding development, most devs I work with use Mac and virtualize Linux, you don't have to go full Linux.
You can edit in the popular editors, Sublime, VSCode, Atom and sync in real time to your VM.

You're going to work with many different projects each with their own environment, so you'll still be virtualizing anywhere, granted that if you use Linux docker solves this.

Just thought I'd share what I have experienced. you'd attain a very powerful skill editing in terminal, you can code from anywhere, but truth is most of us focus on delivering value.
 
Important Forum Advisory Note
This forum is moderated by volunteer moderators who will react only to members' feedback on posts. Moderators are not employees or representatives of HWZ. Forum members and moderators are responsible for their own posts.

Please refer to our Community Guidelines and Standards, Terms of Service and Member T&Cs for more information.
Top