This is a complex part to explain and implement. The network architecture and the distribution of services on each of the machines must be determined. Keep in mind that you will have a unit that will break down, making its services inaccessible. Therefore you have to think about how to fix it, what will happen during this failure. The goal here is not to have a datacenter where everything is doubled, but to provide, at the very least, a solution that “stands the test”, in terms of maintenance, reliability and security.
The services allowing the Datacenter to operate are distributed on different machines, we will speak of a “distributed architecture”.
In this type of architecture, it is quite simple to move a service to another server, during the repair period. Even if this leads to an overload of the machine that will temporarily host this faulty service, the Datacenter will run in “degraded mode”.
Datacenter provisioning process
This documentation takes a lot of time and will be updated frequently.
It is imperative, to have a notion on Linux systems, in particular :
- know how to use the shell (basic)
- know how to use the “vi” editor
The first step is to install the DEBIAN system on the Datacenter servers.
The second step will allow the implementation of the “Network” part of the Datacenter, in this order:
- Initialize the Datacenter
- a DNS service - Domain Name System
- a DHCP service - Dynamic Host Configuration Protocol
- a main firewall
- A Datacenter access service by VPN
The third step will allow the implementation of tools related to the security of the Datacenter:
- server firewall
- an internal email service
- a backup/restore system (internal and outsourced)
- an intrusion detection service
- a monitoring service
The fourth step will address:
- the startup of a unit by the network (without SD card)](/en/comingsoon/)
- automated server installation
- the implementation of a load balancing service
- the installation of robots.
- the installation of a Datacenter management system. Seeing a manager set up after “putting his hands in the sludge” is voluntary. This allows you to understand what system administration really is, and to understand the benefits of using a manager.
As an option, we will see the implementation of a Helpesk service that will allow you to capitalize on the history of failures encountered and the way you have repaired. I chose the software “Trudesk”, because it is open source, easy to use and very stable.
And finally, we will proceed with the installation of services that will protect your privacy. I have deliberately chosen applications and I will focus on them. My choices were, of course, open source software, depending on their level of security, reputation, stability, maintenance, ability to run on RaspberryPi and/or Rock64 platforms and acceptable execution performance:
- An alternative to DropBox, GoogleDrive,…. : NextCloud
- an alternative to WhatsApp, Messenger, etc: the couple Matrix/Riot.im.
These applications are completely disconnected from the “GAFAM(*)” and will run independently on your Datacenter.
(*) GAFAM: Google - Amazon - Facebook - Apple - Microsoft are all companies that collect a lot of personal data from their users, with or without their consent! Once at home you no longer control the use of your data - (Articles related to the fraudulent use of your data by the GAFAM).