Building a Linux server is not all about buying the fastest server, installing some applications, connecting some Ethernet cables, and editing some configuration files. Rather it involves careful planning and implementation.
When building a Linux server there are some points that we have to embed in our planning in order to choose the necessary tools to do our job. In this article we will cover these in general and throughout the series we will underline the key points to assist you in your tasks.
This multi-core server with some terabytes of capacity is a big investment for your small office, while on the other hand you cannot manage a couple of hundred users with an off-the-shelf desktop. In your hardware choice, try to predict the future. You may be five people now, but what if the best-case scenario happens and your company grows to fifty in one year? How will you migrate user data, preferences, and e-mails? How will you back up them? What will you deploy as a test system? What about virtualization? You have to note all these points and many more before making the final purchase. Although this is not a clear-cut thing, your needs, predictions, budget, and common sense will guide you, not the salesperson.
Security is an area that can not be thoroughly covered in a single article, nor in article series. But we will cover the basics in order to make your server and your network more secure.
Many administrators have different approaches to security and they are right in their positions. However, there are also some key points that that are/have to be present in each of them. The first one is choosing a stable distribution. When choosing your server, the distribution is very important. Instead of going with the latest and greatest distribution that you will be installing on your personal desktop, choose one with the well-known security history. Debian is one of these, openSuSE is another. In our articles we have gone with Ubuntu Server Edition, which is Debian-based and, if in need of assitance, has commercial support available from the vendor. Whichever distro you choose, do not forget to activate and use SE (Security Enhanced) Linux features. Security Enhanced features are various security policies, including some US Department of Defense style mandatory access controls, running at the kernel level.
Next, the updates. There should be strict procedures to download, test, and install the updates. Most of the time you should be comfortable with the security patches, but there are times when things may go wrong. In order to be prepared for the worst-case scenario and not to let all the network go down, I suggest you to go with virtualization technology. Make an exact clone of your main server and run it on a physically different computer to download and test the updates. If you are satisfied with the overall stability, then first connect a couple of users to the virtual server and see if everything goes well. If you do not encounter any problems, then you can go for a network-wide implementation. It will also be a good practice to monitor the security bulletins of the well-known anti-malware developers to be informed of the level of malware activity.