Network Infrastructure

Ubuntu Server Edition provides you with most of the tools you need in order to create your network infrastructure. Along with Linux built-in capacity to route networks, the following tools allow you to add the key services to create and maintain your network:

Domain name server and dynamic host configuration

The Bind9 package provided with Ubuntu allows it to act as a DNS server or resolver as well as the tools needed to check and maintain proper operations of your domain name resolutions. The ISC's (Internet Software Consortium) Bind9 is a major rewrite of the original bind to enhance its security and provide additional features such as DNS Security (TSIG, DNSSEC), IPv6 support, protocol enhancement (IXFR, DDNS, DNS Notify, EDNS0) and views (which allows to reply in different fashion to various networks).

The ISC's DHCP3 packages included in Ubuntu can distribute all network configuration to clients as well as act a a relay agent for other DHC servers. It also includes a full featured implementation of dynamic DNS updates (DDNS), as well as the bootinfo function to perform network boot for PXE enabled machines, when used in conjunction with tftpd-hpa, thus allowing automated deployments.

Virtual Private Networks

Building virtual private network is efficiently accomplished using the OpenVPN package, a complete solution to create secured (as in encrypted) connections between networks, allow secure remote access or provide Wifi security. It uses the industry recognised encryption mechanism of SSL/TLS and can be combined with multiple forms of high-grade authentication from certificates to smartcards as well as token based. These can be combined together or with passwords to provide multi factor authentication. OpenVPN also allows for firewall-type rules to provide fine-grained group level network access rights. OpenVPN servers can be load balanced to provide highly availability and scalability to the overall system.

Ubuntu Server Edition also supports IPSEC, thus allowing integration with most other IPSEC enabled VPN solutions.

Authentication Authorization and Accounting (AAA)

Using the FreeRadius package it is possible to provide access control and auditing services based on the Radius protocol (with complete support of RFC 2865 and 2866 and vendor-specific attributes) to most network equiments including routers, remote access servers, proxies and VPN. It also provides a client framework so that services can be easily Radius enabled. FreeRadius can be proxied and/or load balanced and supports failover so that it is a robust and scalable solution. It can work with LDAP (OpenLDAP or others) and SQL backends (including MySQL and PostgreSQL) to check credentials or authorisations and store accounting logs, with duplication and fallback mechanisms.

Monitoring

In order to monitor servers, Munin gathers information from applications, hardware or the network. The information collected can be presented graphically through a web interface and trigger alerts that are sent to other software. Numerous plugins for Munin exist to collect information from various software or hardware and its architecture allows for easy development of additional functions. In parallel, Nagios can be used to control service availability and send alerts as soon as something goes wrong. Together these tools constitute a complete open-source monitoring solution.

Backup

BackupPC is a high-performance, enterprise-grade system for backing up Linux and WinXX PCs and laptops to a server's disk. BackupPC is highly configurable and easy to install and maintain. Given the ever decreasing cost of disks and raid systems, it is now practical and cost effective to backup a large number of machines onto a server's local disk or network storage. For some sites, this might be the complete backup solution. For other sites, additional permanent archives could be created by periodically backing up the server to tape. Bacula is our choice for these requirements.

Bacula is a a great tool to manage backup, recovery and verification of computer data across a network of computer of different kinds. Bacula is relatively easy to use and efficient, while offering many advanced storage management features that make it easy to find and recover lost or damaged files. Due to its modular design, Bacula is scalable from small single computer systems to systems consisting of hundreds of servers located over a large network. It also supports a wide array of tape drives and auto changers.

Network UPS

Because power is not always always available continuously, Nut permits the sharing of one (or more) UPS between several machines. One server monitors the UPS and notifies the other servers connected to the same UPS when the UPS is on or has a low battery, allowing them to smoothly shutdown before complete loss of power, thus avoiding critical data loss that could occur otherwise.