Cloud Computing as a new concept to new users creates a lot of confusion as to what is the basic difference between cloud based web servers and servers which are not cloud-based ?
Cloud Computing is a wide concept and requires a lot more understanding than any other hosting package. Of course, this definitely means more towards redundancy and reliability of hosting servers along with other functionalities.
Cloud computing runs over many concepts such as Grid Computing and utility computing. Cloud computing implies towards a large network of cluster server envrionment serving ever-growing requirements of hosting users. Cloud-based servers are easily scalable in terms of resources when compared to the hosting packages which are not setup on Cloud. Cloud Computing basically serves “infrastructure as a service (IaaS), platform as a service (PaaS), or software as a service (SaaS).
The basic idea of cloud computing is not to increase the investments in terms of physical infrastructure in order to handle difference in the web traffic and at the same time offer thrice as redundancy and reliability over any basic non-cloud hosting package.
In the recent hosting market, there are many hosting providers offering “pay for what you use” service which adds to the advantage that you do not have to pay for what you don’t use.
BODHost Ltd. has aimed to provide services which will include both “pay for what you use” services as well as basic virtual private server hosting services which are setup on cloud computing platform with standard resource allocations to ensure 100% redundancy and reliablity. BOD-Cloud will be setup on various cloud computing platform’s such as VMware and Applogic from 3Tera.
Further information will be available soon on our website : http://www.bodhost.com/
Windows Network Load Balancing Dedicated Servers
Network Load Balancer or Clusters that were included in Windows Server OS enabled TCP/IP-based services such as follows:
- Web Services
- Terminal Services
- Virtual Private Networking
- Streaming Media
It basically didn’t require any Hardware Support and distributed IP traffic across cluster hosts which ensures detecting host failures and re-distributes traffic to hosts. It provides control and upgrade from Windows NT 4.0 OS. It delivered high performance and fail-over protection in comparison with other load-balancers.
Financial Transactions, Database access, corporate connections and other functions required more reliability which was offered in Windows NLB. Cluster enabled different servers to manage and operate as a single server increasing availability and management.
Windows 2000 Advanced Server and Data Center Server OS includes cluster technology which also provides fail-over for applications and databases. In terms with NLB, traffic is distributed among multi-node clusters.
Advantages of Network Load balancing servers:
> Network Load Balancer Servers are Scalable based upon the activity it hosts. It always adds more no. of servers when we speak of traffic increase.
> Network Load Balancer Server improves reliability of servers. It detects failure of servers and distributes traffic among servers without interrupting any service.
> It distributes traffic based upon the client’s / Users request.
> In comparison, it’s much better than Round Robin Solutions
> 100% Network Uptime
> Centralized access to all cluster servers
> Cost effective when compared to hardware load-balancing techniques
Installation and Management of Network Load-balancing Dedicated Web Servers:
Network Load Balancer is automatically installed and enabled on the Windows Server 2003 and 2008 Operating System. It’s compatible with Ethernet and network adapters, it doesn’t require any hardware. In a NLB, customer is assigned a IP address which is seen as Virtual IP address which all cluster host respond to. Network Load Balancer load-balances only incoming traffic from all IPs. While configuration of NLB, it’s important that there should be a dedicated IP address, primary IPs and Virtual IP’s in order to enable host TCP/IP to respond to IP addresses. Dedicated IP address is entered first and then virtual IP addresses. Services such as PPTP Server does not allow outgoing connections from a different IP address and cannot be used by dedicated IP.
In a cluster, each host is assigned in range of 1 to 32 where lower no. refers to priority. The default host handles all client traffic for virtual IP addresses. Normally, in this case, if the default host fails, the next priority takes place. Network Load Balancer also customized port rules for range of server ports. It can select either Multiple-host or second hosting load balancing policies. With Multiple-host load balancing, incoming request are distributed among all cluster hosts and load percentage can be specified. In this case, it directs all traffic to most priority server. Rules specified at Ports can block different network access. WHen we speak of port rule multiple-host NLB, one of them is selected in affinity mode and Network Load Balancer client’s traffic from on IP addresses on multiple-cluster hosts. It reduces the load on the servers and increases the response time.
In order to manage client sessions, single-client affinity mode balances network traffic from client’s IP on a single cluster host. Network Load Balancer is configured with single port rule covers all port with multiple-host balancing and single client affinity. It is used for applications.
Network Load Balancer also has remote control program which allows administrators to check status of clusters from cluster host. Network Load Balancer for port rules can be enabled or disabled. New traffic can be blocked on host while TCP connections to complete removing host from cluster. Cluster host can disable remote control.
Applications do not need to be modified for load balancing. It does not directly monitor applications. Network Load Balancer provides application mechanism to monitor cluster. Servers can be removed from the clusters for maintenance without interference with other cluster servers. It also allows custom hardware of software upgrades.
Network Load Balancer scales the performance of server based program. It distributes request among different servers in a cluster. With NLB, each IP packet is received by each host. Cluster host responds to different client requests even multiple request from a single client. Load percentage can be handled with each cluster server and can be set as required depending upon the activity. In case one cluster host fails, the traffic and is re-distributed among other cluster host.
Network Load Balancer uses are fully distributed software architecture. A copy of Network Load Balancer driver runs on each cluster host. Drivers check for all incoming network traffic for cluster IP address. On each cluster host, they act as filter between network adapter drive and TCP/IP stack allowing portion of incoming network traffic. Incoming client request are partitioned and load-balanced among cluster host. Network Load Balancer runs as network driver which is below higher-level application protocol such as HTTP and FTP.
Network Load Balancer can also run as drive between TCP/IP protocol and network adapter drivers within Windows protocol. It maximizes throughput by broadcasting subnet to deliver incoming network traffic to cluster host and removers requirement to route incoming packers to individual cluster host. Filtering packets that are not required can be easily be removed than routed packages, it delivers higher Network Load Balancer throughput than any other solution. As network and speed improve, it improves accordingly and reduces dependencies on hardware. It’s availability in fail-over is another advantage.
Network Load Balancer takes advantage of subnet / switch hub to deliver network traffic to cluster host. It increases the load on switches by accessing additional port bandwidth. However, this is not the concern in many applications. Client-side network switch connections are faster than server-side connection. During packet receiving, Network Load Balancer implements delivery of incoming packages to TCP/IP and receiving other packets by Network adapter driver. It means it will speed up all the processes and reduces latency. In many cases, it removes packet data in memory.
Network Load Balancer uses layer-two broadcast or multi-cast to distribute incoming traffic to cluster host. Network Load Balancer re-assigns MAC address of network adapter for which it is enabled. And cluster host assigned the same MAC address. Incoming traffic received by cluster host and Network Load Balancer driver for filtering. MAC address is taken from cluster IP address in the Network Load Balancer properties.
Cluster host that is attached to switch, it might create MAC address conflict due to layer-two switches to see unique MAC address on all switch ports. In order to avoid these problems, Network Load Balancer modifies MAC address for outgoing packages. This prevents switch from learning the cluster’s MAC address and incoming packets for cluster are delivered to all switch ports. Cluster host connected to hub, Network Load Balancer masking for MAC address in Unicast disables to avoid flooding upstream switches. This is done by setting Network Load Balancer registry parameters MaskSourceMAC to 0.
Network Load Balancer unicast mode has a disadvantage of communication disabling between cluster hosts through cluster adapters. Outgoing packets for cluster host are sent to sender’s MAC address, packages are looped within sender by network stack and they do not reach the wire.
Communication between cluster hosts and host outside the cluster is never affected by NLB’s unicast mode. Traffic for all static IP address are received by cluster host due to the same MAC address. Network Load Balancer doesn’t load balance traffic for the IP address, Network Load Balancer deliver the traffic to TCP/IP on host.
With other cluster host, Load balancing Servers checks it’s traffic as load balanced traffic and deliver to TCP/IP. Network Load Balancing also has another mode by distributing incoming traffic to cluster hosts which is called multi-cast mode. Network Load Balancer – Unicast also increases switch flooding by delivering incoming network traffic to cluster hosts, however this is not the case with multi-cast mode. Network Load balancing have Address Resolution Protocol which is required for the cluster’s main IP and virtual IP address resolving to cluster multi-cast MAC address. Network Load Balancing does not include management of incoming IP traffic other than TCP traffic, UDP traffic, Generic routing encapsulation traffic for each port.
How to Create VPS’s on a dedicated server ?
If you are looking to create VPS Hosting packages on a dedicated server and resell them to your clients. BODHost is just the right place for you. We can assist you with complete creation of VPS’s on a dedicated server along with complete management techniques, additional licensing involved and much more. The first step to Setup a Dedicated Server Node is that you need to figure out as to how many VPS’s will you setup on a dedicated server along with calculation of your dedicated server profit. You can select a dedicated server from the following link :
Following is the calculation :
If your dedicated server costs : $200.00USD Per Month
You can create 20 VPS’s on it and price it at $30.00USD Per Month. So that means
20 VPS’s x $30USD Per Month = $600.00USD Per Month
Now, the next procedure is to opt for a Virtualization Software. If you opt for OpenVZ, there will be no licensing cost. However, if you opt for Virtuozzo Power Panel, following is the VPS licensing structure :
VZ 1VE license = $15.00USD/month
VZ 3VE license = $30.00USD/month
VZ 5VE license = $40.00USD/month
VZ 10VE license = $50.00USD/month
VZ 20VE license = $70.00USD/month
VZ 30VE license = $90.00USD/month
VZ 40VE license = $110.00USD/month
VZ 50VE license = $130.00USD/month
VZ 60VE license = $150.00USD/month
VZ 70VE license = $160.00USD/month
VZ 80VE license = $170.00USD/month
VZ 90VE license = $180.00USD/month
VZ 100VE license = $190.00USD/month
VZMC $90.00USD/month
VZCC $30.00USD/month
Now, for e.g. if you need to setup 20 VPS’s, you will need a 20 VE licenses. That means,
$200.00USD + $70.00USD = $270.00USD Per Month
And you will also need VZMC installed on the Server in order to manage your VPS’s.
Now, next is we need to think over the installation of cPanel or Plesk or any other control panel on each VPS. You will need to install cPanel or Plesk on each VPS as per your client’s requirements.
Following are the pricing structure of cPanel and Plesk for each VPS :
Plesk 10 Domains : $3.00USD Per Month
Plesk 30 Domains : $5.00USD Per Month
Plesk 100 Domains : $10.00USD Per Month
Plesk 300 Domains : $15.00USD Per Month
Plesk Unlimited Domains : $20.00USD Per Month
cPanel ( WHM ) : $8.00USD Per Month
Fantastico Deluxe – Installation with cPanel : $4.00USD Per Month
Rvskin License / Installation with cPanel : $30.00USD/Year Per VPS
RVSiteBuilder Pro : $10.00USD/Per Month Per VPS
RVSiteBuilder Lite : $6.00USD/Per Month Per VPS
Other Control Panels :
Webmin : Free!
LXAdmin : $4.00USD Per Month Per VPS
Billing System installation and management :
You will need a Billing System such as WHMCS Or Modenbill – Type of billing account for management of the billing account. We suggest that you should consider WHMCS Automated Billing System for which the pricing are as follows :
WHMCS Automated Billing Software :
Monthly Price (Powered By Line in Client Area): $19.00USDP/M
Monthly Price (None): $29.00USDP/M
Owned License (Powered By Line in Client Area): $299.00 (One-Time)
Owned License (None): $399.00USD
Will BODHost Offer a Complete Hosting Turn-Key Solution ?
Ans. The answer is Yes. We will completely take care of the installation of Virtualization software installations, cPanel – Plesk installations, Installation of WHMCS – Billing System and also Fully Managed Solutions for the dedicated server hosting services.
Debian Dedicated Web Server Hosting Security
Internet gateways are known to have the most threats in terms of server security. Basically, the traffic that is allowed through the network. When we speak of security, the first thing that comes into our mind is the storage of confidential data such as Credit Card nos. etc.
Also, Virus such as Worms or Trojans and preventions of any intrusions are part in Web Server security. Banking security, prevention of hacking attempts are all included in security provisioning. Any Web server that is connected to the internet has a direct threat.
In case of server breach, it can be used for spams, hacking other servers and running illlegal activities on the server. Infact, many illegal activities include DOS attacks to other web servers. A hacker can seriously damage a server without even the server owner knowing about it. We will learn more on Debian Server Security in this post. We can also set “honey pot” when we speak of server security. In this case, hackers are directly attracted to a honey pot. However, prior to setup a honey pot, make sure you have remote backup space in case to start from the basic. The first is to prevent unauthorized access to the server. Following are some of the security practices on servers :
- Operating System Security ardening
- Application configuration
- Perimeter security
- Physical security
Operating System Security Hardening :
- Disable all default accounts
- File system security configurations
- Strong and long accounts password
- In order to disable accounts, change default shell to /bin/false
- Change startup configuration
- Disable TCP/IP ports that are run to scan ports.
- File system security
- No usage of common names for groups to reduce the risk of hacks
- TCP wrappers to run Internet-related daemons
- Appropriate hosts.allow Configuration
- Not running GUI
- Log off from Server consoles when not required
Configurations of Applications :
Applications installation and configurations must be done with great care as they can be the source to server hack. Insecure applications can cause harm to your Debian dedicated web server. Applications may have vulnerability to buffer overflow attacks which provides access to hackers and security threats.
It’s advisable that you should notice the following points :
- Securing insecure applications
- Check for Application updates
- Application Port Opening – Only which is required
- Secure CGI Scripts
- SSI Security management
- Secure FTP Access for Uploads
- Blocking IPs
- Latest Security Measures.
With DebianOS, disable open ports which are not required through by renaming their S symlinks in runlevel directory. Debian boots into runlevel 2 default by command : cd /etc/rc2.d
Search for symlink S20ssh which opens port for remote console and enhnaces security. Rename symlinks with command : mv S20ssh _S20ssh and this can be done for S20exim4, S20lpd, and S21nfs-common. Run netstat -ap command for /sbin/portmap is the applications has sunrpc port 111 open. NFS requires RPC. We can disable portmap in this case. We can rename symlinks with the following command :
mv /etc/rc2.d/S18portmap /etc/rc2.d/_S18portmap
mv /etc/rcS.d/S43portmap /etc/rcS.d/_S43portmap
Once done, reboot your Debian Dedicated Web Server and then run netstat -a
- Configurations of chroot jail will allow applications directory appear from root of file system. Access to only applications that will reduce the risk to access the entire file system. Apache web server running on DebianOS can easily setup jail as we can use Apache module to complete the task. We can add one line to the configuration file by the following command :
apt-get install libapache-mod-chroot
This will install Apache modules and in case to select from packages or existing modules.conf, add the following link to modules.conf file :
/etc/apache/modules.conf file:
LoadModule choot_module /usr/lib/apache/1.3/mod_chroot.so
In this case, logs, CGI and directories are the same and we don’t need to create new directories or make any changes to the ownership of the directories.
Chroot Apache applications, Apache IDS module which will search for any threats and will block them. You can simply add the following line to /etc/apt/sources.list file :
http://etc.inittab.org/~agi/debian/libapache-mod-security/etch/
Once added, you can run the following command :
apt-get update
Apt will be aware of tge package at the website. In order to install and enable module, enter the following command :
apt-get install libapache-mod-security
Add the following line to /etc/apache/modules.conf :
LoadModule security_module /usr/lib/apache/1.3/mod_security.so
It will search for any threats, http / PHP requests and block them. We can also add rules to httpd.conf file in order to let it know to as what needs to be checked.
For starters, add the following lines to the bottom of your httpd.conf file:
# *** MODULE CONFIG
# Turn the filtering engine On or Off
SecFilterEngine On
# Make sure that URL encoding is valid
SecFilterCheckURLEncoding On
# Unicode encoding check
SecFilterCheckUnicodeEncoding Off
# Only allow bytes from this range
SecFilterForceByteRange 0 255
# Only log suspicious requests
SecAuditEngine RelevantOnly
# Server masking -
# Don’t tell them it’s an Apache installation
SecServerSignature “Lotus-Domino/6.x”
# The name of the audit log file
SecAuditLog /var/log/apache/audit.log
# Debug level set to a minimum
SecFilterDebugLog /var/log/apache/modsec_debug.log
SecFilterDebugLevel 0
# Should mod_security inspect POST payloads
SecFilterScanPOST On
# By default log and deny suspicious requests
# with HTTP status 403
SecFilterDefaultAction “deny,log,status:403″
Adding Fileter rules :
SecFilter /etc/passwd
SecFilter /bin/ls
SecFilter /bin/uname
SecFilter /usr/bin/whoami
SecFilter cd\x20/tmp
SecFilter wget\x20
# Block Santy.A worm
SecFilterSelective ARG_highlight %27
# Block drop table SQL injection attack
SecFilter “drop[[:space:]]table”
# Only accept request encodings we know how to handle
# we exclude GET requests from this because some (automated)
# clients supply “text/html” as Content-Type
SecFilterSelective REQUEST_METHOD “!^(GET|HEAD)$” chain
SecFilterSelective HTTP_Content-Type \
“!(^application/x-www-form-urlencoded$|^multipart/form-data;)”
# Do not accept GET or HEAD requests with bodies
SecFilterSelective REQUEST_METHOD “^(GET|HEAD)$” chain
SecFilterSelective HTTP_Content-Length “!^$”
# Require browser headers from all user agents
SecFilterSelective “HTTP_USER_AGENT|HTTP_HOST” “^$”
# Require Content-Length to be provided with every POST request
SecFilterSelective REQUEST_METHOD “^POST$” chain
SecFilterSelective HTTP_Content-Length “^$”
# Don’t accept transfer encodings we know we don’t handle
SecFilterSelective HTTP_Transfer-Encoding “!^$”
Once done, please make sure you restart Apache with /etc/init.d/apache restart
Microsoft release of Windows Server 2008 has truly been a revolution which is designed to perform for networks, applications. The most important is that it is technology effiicient. Client’s who have been using Windows Server 2003 can easily move to Windows Server 2008 Server. It has been built on the foundations of Windows Server 2000 and Windows Server 2003. New tools, virtualization techniques such as Hyper-V, enhancement in security and managements tools that not only reduces cost for the licenses but also improves the performance on the windows web servers.
With Windows Server 2008, management and deployment is a lot easier when compared to windows server 2003. It’s easier interface when compared to it’s predecessors has proved that it’s completely user friendly. Features such as Windows PowerShell which is basically Command-line shell which allows administrators to automate tasks accross windows cluster servers. It can also deploy OS through network. It also support IPV6 allocations which makes it easier once our IPV4’s are over.
Server Cost installation of Windows Server 2008 allows installation of server roles without actually requiring a graphical interface. Windows Server 2008 has built-in Virtualization software which is basically hypervisor-based server virtualization software – hardware virtualization which will create virtual macgines on a single physical macgine can run other Operating Systems on a single server. This enables you to save more on the virtualization costs that is basically required to be paid to Virtualization software companies. Applications can also be virtualized through Windows Server 2008 centralized application access. Easy Remote access to windows-based programs. Now, this means you do not need a VPN to connect to a client’s server. Windows Server 2008 also comes wih IIS 7.0 which is the next version to IIS 6.0 that was on Windows Server 2003 series. IIS 7.0 is required to unify Web platform that includes ASP.NET, Windows Services and Sharepoint Services. It has been seen that Windows Server 2008 Security has been enhanced. It also prevents any unauthorized connections to the networks, server or data.
Network Access Protection (NAP) checks every network connections to the server. Active Directory Services security has also been enhanced on a Windows Server 2008 Server. Read-Only Domain Controller (RODC) and BitLocker Drive Encryption provides complete security to AD database at branch office locations. It also extends to Windows HPC Server 2008.
Windows HPC Server 2008 is utilized to scare different processing costs to improve productivity and reduce the complexity of HPC environment.
Asterisk – VOIP Server on FedoraCore
Please check sure you install no pre-configured options. Once installed :
Logon as Root
Mount the CDROM
mkdir /mnt/cdrom
mount /dev/cdrom /mnt/cdrom
YUM Installation :
rpm -i /mnt/cdrom/Fedora/RPMS/rpm-python-4.4.2-32.i386.rpm
rpm -i /mnt/cdrom/Fedora/RPMS/python-elementtree-1.2.6-5.i386.rpm
rpm -i /mnt/cdrom/Fedora/RPMS/python-sqlite-1.1.7-1.2.1.i386.rpm
rpm -i /mnt/cdrom/Fedora/RPMS/python-urlgrabber-2.9.9-2.noarch.rpm
rpm -i /mnt/cdrom/Fedora/RPMS/yum-metadata-parser-1.0-8.fc6.i386.rpm
rpm -i /mnt/cdrom/Fedora/RPMS/yum-3.0-6.noarch.rpm
Kernel Sources Installation :
rpm -i /mnt/cdrom/Fedora/RPMS/kernel-devel-2.6.18-1.2798.fc6.i686.rpm
ln -s /usr/src/kernels/2.6.18-1.2798.fc6-i686/ /usr/src/linux
Compiler Installation :
yum install gcc ncurses-devel openssl-devel gcc-c++ gnutls-devel make -y
WGET Installation :
rpm -i /mnt/cdrom/Fedora/RPMS/wget-1.10.2-7.i386.rpm
SSH Installation :
yum install openssh openssh-clients openssh-server -y
Start SSH Daemon :
/etc/init.d/sshd start
VSFTP Installation :
yum install vsftpd -y
VSFTP Daemon Start on Boot :
/etc/init.d/vsftpd start
chkconfig vsftpd on
Source files in /usr/src/
Via CDROM
cd /
umount /dev/cdrom
Change CD :
mount /dev/cdrom /mnt/cdrom
cp /mnt/cdrom/* /usr/src/ -R
rpm -i /mnt/cdrom/Fedora/RPMS/lsof-4.78-3.i386.rpm
cd /
kill -9 `lsof -t /dev/cdrom`
umount /dev/cdrom
rpm -e lsof
Open Linux Conifugration : vi /etc/selinux/config
change SELINUX=enforcing to SELINUX=disabled
vi /etc/vsftpd/user_list
remove root from the list
vi /etc/vsftpd/ftpusers
Please make sure you remove root and Reboot
Login to to through FTP
wget http://ftp.digium.com/pub/zaptel/releases/zaptel-1.2.16.tar.gz
wget http://ftp.digium.com/pub/libpri/releases/libpri-1.2.4.tar.gz
wget http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.17.tar.gz
wget http://ftp.digium.com/pub/asterisk/releases/asterisk-sounds-1.2.1.tar.gz
wget ftp://rpmfind.net/linux/SuSE-Linux/i386/update/9.3/rpm/i586/madplay-0.15.2b-32.i586.rpm
wget http://ftp.freshrpms.net/pub/freshrpms/fedora/linux/6/libmad/libmad-0.15.1b-4.fc6.i386.rpm
Madplay Installation
yum install libid3tag -y
rpm -i /usr/src/libmad-0.15.1b-4.fc6.i386.rpm
rpm -i /usr/src/madplay-0.15.2b-32.i586.rpm
MPG123 Installation
Install MPG123 (MOH)
cd /usr/src/mpg123-0.65/
./configure
make
make install
ln -s /usr/local/bin/mpg123 /usr/bin/mpg123
Zaptel Installation
Here, please make sure /li’b/modules/2.6.18-1.2798.fc6-i686/build and /usr/src/2.6.18-1.2798.fc6-i686/ are linked.
cd /usr/src/zaptel-1.2.16/
make clean
make
make install
make install-udev
make config
Change Code 2,16,19 to 2,6,18
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) to
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,18)
vi /usr/src/zaptel-1.2.16/xpp/xbus-core.c
Start Zaptel :
/ect/init.d/zaptel start
LibPRI Installation :
cd /usr/src/libpri-1.2.4/
make clean
make
make install
Asterisk Installation :
cd /usr/src/asterisk-1.2.17/
make clean
make
make install
make samples
make config
Asterisk Sound Pack Installation
cd /usr/src/asterisk-sounds/
make install
mkdir /tftpboot
useradd usr
passwd usr
1234 enter
1234 enter
vi /etc/passwd
vi /etc/vsftpd/vsftpd.conf
change the following:
chroot_list_enable=YES
userlist_enable=YES
userlist_deny=NO
vi /etc/vsftpd/chroot_list
In the file : vi /etc/vsftpd/user_list, add “usr” and remove all through Text Editor
cd /tftpboot/
chown usrprovis /tftpboot/
chmod u-w . (note the period)
mkdir contacts
mkdir log
mkdir overrides
chown usrprovis log
chgrp usrprovis log
chown usrprovis contacts
chgrp usrprovis contacts
chown usrprovis overrides
chgrp usrprovis overrides
Firewall should be turned :
chkconfig iptables off
In order to check the services : chkconfig –list
Root SSH should be disabled and creation of account with permissions.
Edit sshd config and remove # PermiRootLogin and change yes to no. : vi /etc/ssh/sshd_config
Perl Module
Install Perl – Makefile.PL
wget through any website for Perl
perl Makefile.PL
DHCP Installation :
yum install dhclient -y
Troubleshooting tools Installation :
yum install yum install iftop -y
Configuration : Realtime DEP :
yum install mysql mysql-server mysql-devel
Add-on Compile :
./configure –with-mysqlclient=/usr
Asterisk – VOIP Server Installation on Linux – centOS
Prior to installation, you need to make sure all packages up-to-date. Run yum-y update. In case, any Kernel files were updated, the server will require reboot of the server. Now, you will need to download pre-requisites or essentials of Asterisk :
gcc
kernel-devel
bison
openssl-devel
doxygen #
In case you have a Dual Core Processor Server, Kernel-smp-devel is required through
apt-get update
apt-get install gcc kernel-devel bison openssl-devel
Or through yum
yum -y update
yum install gcc kernel-devel bison openssl-devel
Donwnload the latest version through asterisk website to /usr/src
In case you are using PRI cards, you need to the following :
wget http://ftp.digium.com/pub/libpri/releases/libpri-<version>.tar.gz
Untar the files :
tar -zxf zaptel-<version>.tar.gz
tar -zxf asterisk-<version>.tar.gz
tar -zxf libpri-<version>.tar.gz
Installation of Zaptel :
cd /usr/src/zaptel
make clean
make
make install
Restart Zaptel Service
Installation of LIBRI :
In case you are using E1 Cards, install LIBRI :
cd /usr/src/libpri
make clean
make
make install
Asterisk Installation :
cd /usr/src/asterisk
make mpg123 #
make clean
make
make install
If kernel is used, edit spinlock.h or Zaptel will not compile :
vi /usr/src/kernels/2.6.9-34.EL-x86_64/include/linux/spinlock.h
In Text Editor : define DEFINE_RWLOCK(x) rw_lock_t x = RW_LOCK_UNLOCKED
and change to define DEFINE_RWLOCK(x) rwlock_t x = RW_LOCK_UNLOCKED
MSMQ Independent Client Installation on a Cluster SQL Server 7.0
- MS DTC and it’s DLL should be removed
- MS Message Queuing Installation
- MS DTC Upgration
Message Queuing Installation and Cluster Setup with SQL Server 7.0 and Message Queuing :
- SQL Server and SQL Server Agent should be stopped
- Run Command : msdtc -remove on Server1
- Run Command : msdtc -remove on Server2
- Remove MS DTC reource in Cluster Resource Group
- Locate and remove : HKEY_LOCAL_MACHINE\Software\Microsoft\MSDTC
- On each node, delete files in \%windir%\System32 folder :
- Adme.dll
- Dtcadmc.dll
- Dtccfg.cpl
- Dtccm.dll
- Dtctrace.dll
- Dtctrace.exe
- Dtcuic.dll
- Dtcuis.dll
- Dtcutil.dll
- Dtcxatm.dll
- Dtcsetup.exe
- Msdtc.dll
- Msdtc.exe
- Msdtcprx.dll
- Msdtctm.dll
- Msdtcw.exe
- Reboot Nodes
MS Message Queuing Installation :
- Move SQL Server group that containts MS DTC and Message Queuing to Servers.
- Move all to Server2
- Message Queuing Routing Server Installation on Server1
- Run Setup.exe which is located in \Msmq\Msmq\Server folder on MS Windows NT Server 4.0 Ent. Edition Component CD
- It will run until 0×424 error for MS DTC is reported.
- Click Ok
- While Installation, Click Customer and clear installation share and then click Route Server. When Primary Site Controller is prompted, type PSC name
- In IP Address list, click IP with group, this is required that Message Queuing that is used to communicate with other Message Queuing.
- In Connected Network drop-down, click connected network and Continue.
- When Error is seen, Click Ok
- Click Yes to continue when it shows MS DTC cannot start.
- At prompt of MSMQ installation, Click Ok
- Start Cluster Administrator, open Properties of MS DTC resource
- On Advanced, click clear Affect group and apply
- It will be seen that MS DTC service will be offline
- Move resource group to Server2 and other resource to Server1
- Message Queuing should be offline
- Run Message Queuing Setup on Server2.
MS DTC Upgration :
- Move resource group back to Server1
- Run Dtcsetup.exe from SQL Server 7.0 CD – \x86\Other on Server1
- Run Dtcsetup.exe on Server2 and click Ok on Server1
- In Cluster Administrator, Right-click MS DTC resource, click Dependencies.
- Add SQL Servers to the list.
- MS DTC and Message Queuing should be Online
- All resource should be on node and Windows NT 4.0 SP4 should be applied
- Server1 should be Restarted now and all resources should be moved
- Apply Windows NT 4.0 SP4 to Server1 and Restart Node
Normally the errors occur when upgrade is done on a backup domain controller or restrictions of creation of local groups. When extending a site, extensions create admin group and automatically adds user accounts to administer site. In this case, server doesn’t allow creation of local groups and hence error message is seen. Prvent Frontpage Server Extensions from creation and use of local groups to acces websites.
Following steps need to be implemented :
- One Windows Start Menu, Click on Run
- In Open Box, type Regedt32.exe and click OK
- Select subkey : HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\All Ports
- On Edit Menu, Click Add Value
- In Value, type NoMachineGroups in Data Type box type REG_SZ
- Click on Ok
- In String Dialog box, type 1 and click Ok
- In Registry menu, Click Exit
How to protect your emails from Viruses in Outlook express ?
With Outlook Express 6, internet zone is restricted and enables only active contents to run. For customization in IE Security Zone :
- Open Outlook Express
- Click on Tools Meno – Options
- Click Security Tab and then Click Restricted Zone
- Click Ok to close options dialog box
- Start IE, click on Interner Options and click on Security
- Click Custom Level and apply the changes.
Reading messaged in Plain Text :
- In SP1, configure Outlook express to read emails in plain Text Format
- Start Outlook Express
- Click on Tools and Options
- Click Read tab and select Read all messages in plain text
- Click on Ok
Prvention of programs from sending emails without Approval :
In this case, if Outlook Express is set as mail handler, it will process requests by using Simple MAPI calls. This function is used by Virus and send copies of email mesages that will contain virus to your email contacts. In case Of Outlook Express 6, email’s are prevented from sending without approval.
IE Unsafe list to filter Email attachments :
- Start Outlook Express, click on Options
- Click Security Tabs and select “Do not allow attachments”
In Outlook Express 6, it checks for unsafe attachments and only if it’s safe, it will download / open with the email messages.
Add additional files to remove from Unsafe list :
- Click on Start
- Then click on Control Panel
- Double-click Folder Options
- Select File Type to be allowed or blocked and then clicked on Advanced.
- In order to add new, click on New – In Create New Extension dialog box, file extension should be typed and added to unsafe list.
- Click on OK