Server Planning & Installation

The server is the core component to any network implementation. The server authenticates your users, allows access to your files and services, runs the service (or server application) and in general ensures that communication occurs. The first concern for the web administrator is to have an understanding of what your server will be expected to do. Is it part of pre-existing network and must authenticate to current users? Is it to be an Intranet or a system where only specific people or computers can connect (Intranet)? What kind of availability is required? Is it a system one requiring 24 X 7 access? Does that access have financial implications? Does server response time play a role? All of these are questions that must be asked before the physical hardware is specified and configured. Most questions will also affect the Network Operating System or NOS that is chosen.

Client Survey

Although your client or employer may not know what solution they want, a client survey is the easiest method to compile the specifications for your server. This conversation starts people thinking. Managing “user expectations” may be one of your hardest roles as an administrator.

The following table gives just a sampling of answers to questions and the possible choices you would make:

Question / Configuration
Will users need to logon (authenticate) to get content? / Secure Authentication(shopping carts, secure database connections, etc.)
What type of network does your support staff have knowledge of? / Web Server in current system
(MS NT 4, MS 2000, MS 2003, Linux, UNIX, Novell)
Is the system an Intranet or Internet server? / IP Restrictions/Authentication
(Intranet only: access based on location/user or anonymous access to everyone)
When will people need to access this server? / 24 X 7 – RAID
Does the system require e-commerce considerations, i.e. secure transactions, etc.? / SSL, Certificates, Credit Cards transactions, etc.
Does the content need to be dynamic or current? / ASP, PHP, XML, PERL
How often does the content update?
How many people are expected to access site and in what time frame? / NIC card speed

Selecting Your Building Blocks

During the planning process several choices are required. Each of theses choices are like building blocks for the completed system. The first choice or nucleus of the web server is the hardware or server and then each piece is added on top of the previous to build the foundation for web presentation.

Figure 01: Server Building Blocks

Hardware

The first web server I created was pieced together from old spare parts. With all the changes and demands of the web this method of hardware construction is obsolete. Where I may have had ten hits on a really good day, this has got to ten hits a second for some of the sites I maintain just in an academic environment.

The selection of the web server computer must allow for quick processing time, handle large bandwidth requirements for multi-media, file upload and downloads, and ensure 24 X 7 uptime.

Comparing Network Operating Systems

The process of selecting the platform that will be the base of your installation can be influenced by several things. You will need to know what your support staff is knowledgeable about or be willing to put dollars into their training. You will also want to consider the platform of the content providers. As a system administrator one of the primary functions is to control access or permissions. If your environment already has a support infrastructure it is far easier to just extend it then to completely build a new one and maintain two of them. The last key component would be the compatibility of your preferred web server on the network operating system. If you are planning on using web server based application servers such as Microsoft SharePoint Portal, you may be limited to the Microsoft family of servers.

Comparing Web Servers

Web services can be provided through products that are included in your operating system or may be 3rd party or add-on products. Apache is included in most of the Linux distributions and Internet Information Server or IIS is included in all of the Microsoft Versions. You may be able to get updated versions of the web server by adding Service Packs, Option Packs, etc.

In addition to the included web servers, you can also find 3rd party server software. Zeus, iPlanet, and Stronghold are just a couple of these servers. Once advantage is that their “fingerprint” is not as common and less vulnerable to attack. The main drawback is that they are generally not free, so require going through a justification process.

Operating System / Web Server Version / Installed with
Linux / Apache 1.2 / Red Hat 6.2
Apache 1.3 / Red Hat 7
Apache 2.0 / Red hat 8, 9
Microsoft / IIS 2.0 / Windows NT 4
IIS 3.0 / Service Pack 3
IIS 4.0 / Option Pack 4
IIS 5.0 / Windows 2000
IIS 6.0 / Windows 2003

Extending Web Services

While planning, it is also important to know what other services are going to be required. If you will have a requirement for Microsoft SQL, then this will need to be reflected in your choice of NOS (Network Operating System) if you have to use the same server. The preferred method of implementing theses additional services includes several servers placed strategically in the infrastructure so that vital databases and e-mail systems are not exposed to the Internet. Additional services may include streaming media servers, e-mail, and software extensions.

Disaster Recovery

Information from the Client Survey can be collected to define the Disaster Recovery Plan. As an administrator, you need to configure the system and have recovery methods available to ensure you meet your clients’ needs. Recovery plans include hardware configurations such as dual power supplies, dual network interface cards, and hard drive configurations. Also included in Disaster Recovery are the topics: Power Management, Backup Plans and Hard Drive Partitioning.

Hardware Configuration

The theory behind dual components such as NIC and power supplies is that if one fails the other “falls over” and fills in the missing service. Some of these processes are automatic and others are manually managed. It would be the goal of the administrator to make sure that the system recovers automatically whenever possible.

RAID

Hard drive configuration is one of the easiest methods for dealing with hard drive failure and is based on two concerns: access time (speed of the read/write process) and redundancy (fault tolerance). For the web, both issues are equally important. RAID or “Redundant Array of Independent (Inexpensive) Disks” is a method of configuring multiple hard drives to address access time and/or redundancy. For purposes of our discussion we will only deal with configurations that give us both benefits and are found on a PC platform.

Hardware-Software

It is important to first look at the two methods of creating a RAID: software or hardware. A software RAID is a configuration that is created by the operating system and makes logical containers that the NOS then directs to the correct location. The problem with a software RAID is twofold: 1) the processing of the files is completed by the main computer processors that the applications are also using (this can slow down the system) and 2) since it is created by the NOS, if the operating system corrupts or quits functioning the partition is lost. Although backups ensure that data can be recovered the time required for backup recovery is a problem. The plus side of a software RAID is that it is generally free with the operating system.

Figure 02: In this illustration of RAID 5, you can see that the software RAID requires NOS installation prior to building the RAID and you lose RAID size since the stripe portion must be the same on all three

Raid Types

A hardware RAID is the preferable method of hard drive configuration. A hardware RAID requires a dedicated controller that has its own configuration and processor that are independent of the operating system. By separating the processing the machines speed is increased and the information becomes independent of the NOS. If setup correctly, a system can be totally rebuilt and the content is not lost.

Types of RAID are really just the configuration of the hard drives in the RAID. Although there are numerous RAID types we will concentrate on 3 basic types which are commonly combined to optimize the system. The three main types are Mirror (RAID 1), Striped Mirror (RAID 0/1), and Stripe with Parity (RAID 5.)

RAID 1

A mirror was the first RAID I saw on a PC. It requires a minimum of 2 hard drives and the principle is that the data is first written on the master and then a backup copy is written to the slave or mirror hard drive. By nature this process takes more time that some of the newer configurations and some variations have data being written to both drives simultaneously to decrease time. One of the main flaws to this configuration is that normally you have two hard drives for one hard drive controller. This makes the hard drive controller the single point of failure. A “mirror” setup can use two controllers and is then called “duplex.” In a mirror configuration the administrator must break the mirror and turn the Slave into the master or default hard drive to recover.

Figure 03: All data written to the master is then written to the slave.

RAID 0/1

To combat the sometimes sluggish access time of RAID 1, we can add RAID 0 on top of it. The RAID 0 is a stripe meant to divide the data to be written over the amount of drives so that it is fasters. Since RAID 0 by itself has no redundancy or backup of the data it cannot work for our web server but by taking 4 drives and creating a stripe between each pair and then mirroring them, we are able to decrease access time AND retain redundancy.

Figure 04: Data is divided and written to the stripe for improving access time and then duplicated to the mirror for redundancy.

RAID 5

Stripe with parity or RAID 5 is an effort to speed up read-write times while continuing to give data access with one hard drive failure. It is important to note that if more than one hard drive fails you loose the advantage of the system and must have a good backup plan to recover. I have personally seen a system with one hard drive fail run for several days before the server administrators realized that it had happened.

In this configuration each drive holds its content and a percentage (depending on how many drives are in the configuration) of the backup of all the remaining drives.

Figure 05: RAID 5 uses a minimum of 3 drives and contains a percentage of the remaining drives.

Comparisons

The implementation of everything on the network is a continuous evaluation process. There are very few black and white, right or wrong, choices, only evaluation of the need of your environment and how a particular solution will support it.

RAID Level / Min. HD / Pro / Con
Level 1 / 2 / Mirror – Allows for fault tolerance / Slow and does not decrease access time
Level 10 (1/0) / 4 / Level 0 (Stripe) – Decreases access time
Level 1 (Mirror) – Allows for fault tolerance / Requires $$ for hard drives
On failure the Level 1 mirror must be broken for recovery
Level 5 / 3 / Stripe with Parity
Fastest
Automatic Rebuild
24 X 7 Availability / Failure of more than 1 hard disk causes total failure
1/3 loss of storage to parity

Figure 06: Common PC RAID Comparison

Power Management

The process of maintaining a steady electrical flow to a system and the proper shutdown on power failure is called Power Management. In some instances, this may include only setting up an Uninterruptible Power Supply (UPS) and a software application, while in others it goes as far as a getting a gas powered generator to ensure uncompromised service over extended periods of time.

UPS Systems

It important to note that power management includes both conditioning lines through brownouts and keeping the power to a system during complete power failures. Although a UPS can condition electrical sources, a line conditioner is not a UPS. When selecting a UPS, you must first ask these questions:

How many computers will be maintained by this UPS?
How much power will they need combined?
How long do they need to run before the system will be shut down?

Once these questions have been answered you can specify how big of an UPS is needed. The UPS can then be connected to a computer with an application that manages it. Power Chute is one such power management application. The connection to the computer can either be through a serial connection or through a NIC in the UPS which places it on the network. UPS are really just big batteries; the management software includes conditioning the battery by slowly allowing it to run down and the recharge back up. Also included in management software is the process of testing to make sure that the system will work on failure of power. Although a single UPS can have multiple systems connected to it, normally only one system has the management software. This computer can also control the other system for extended outages by downing them after the specified amount of time ensuring that all open files are closed down properly so they don’t corrupt.

Partitioning

Although partitioning is a basic operating system process, it plays an increasingly important role as our systems become more complex. Partitioning is the process of dividing up our physical or logical disks into containers. These containers hold specific information used by the NOS. In addition, each partition has its own file system or method of organizing the files on the partition. When we talk about web servers we are not only talking about Disaster Recovery but Security. In respect to Disaster Recovery, it is important to partition: NOS, Virtual Memory, and Content. By separating out these three pieces you allow the administrator to minimize fragmentation by moving Virtual Memory to a separate partition and allow for OS patches and rebuild without disturbing content or security. Later we will discuss the layering of NOS and Application security to harden the application. It is also important to ensure the OS partition is big enough to contain additional service packs and bug fixes. In the past we used to recommend a 2-4 GB partition, but those days are over on a production machine. I have seen systems bouncing off of a GB limit.

Backup

Another balancing act the Web Administrator must complete involves backup. There are several methods of backing up files. In each of these methods the administrator is looking at how long it takes to backup the system, how many tapes to backup the system, and how to restore the system. The choice of backup application is another consideration. The Web Administrator must know what file formats he will be backing up. Are they standard files or “information stores” used for Web Applications such as Microsoft© SharePoint Portal, SQL, Microsoft© Exchange, etc? Does the application ignore open files (files that are in use), retry backing them up, or can it backup open files? Although some NOS have built in backup software, they are rarely able to handle today’s web servers’ needs.

A good backup plan includes all of the following components:

Combination of backup types that make sense based on information density, time, and personnel
Tape Rotation
Off-site Storage of Tapes
Documentation of Backup
Verification of Data in Backup

Basically the type of backup deals with the archive bit, is it on or off?

Archival – Full

An archival backup, what we used to call full backup, copies all the designated files whether the archive bit is on or off and turn the bit to off. To restore a full backup you need only that one tape (s) and no other backups. All good plans start with a full or archival backup once a week or other regular interval. While this backup fits on one tape and is completed during off times you could use it alone, but as the information on your server becomes dense or s it may be necessary to combine the archival done at your slowest traffic time with either the cumulative or differential incremental backup types.

Cumulative Incremental – Incremental

A backup plan that includes cumulative incremental, backs up each day only those files that have changed during that day or period of time. The archival bit is changed so that the file will not be backed up again until it is changed. This method is faster since you have fewer files to copy, but it also has the draw back that you will need every tape to restore your server to the correct state. If one tape is missed or bad you must stop at that point.