[Novalug] OpenBSD vs Fortigate?

Rahul Murmuria rahul@murmuria.in
Thu Oct 9 03:37:15 EDT 2008


Hello Nick!
I am not from the OpenBSD camp, but maybe I have learned somethings while
trying to get my University "freed". The email is long, but hopefully some
of it is useful to you.

A little backgrouond first, from the university :-
Today, undergrad students volunteer and single-handedly support and manage
the Campus gateway with firewall, VPN, spam filter, messaging server (i.e.
email), campus authentication server, a cluster and web servers at the
university where I completed my Bachelors this year, and I am proud to claim
that I had a good role to play in getting it all to that stage.

Here is a description of what keeps the campus up and running, and what it
took for us to get the Director and the Dean's committee to agree to our
proposals -

*Gateway and Firewall*:
The campus gateway is running Gentoo Linux, with firewall configured using
Shorewall <http://www.shorewall.net/> - which is a wrapper over iptables. We
also have 2 DNS servers, one athoritative, and one for local DNS.

*VPN and Virtual LAN*:
OpenVPN with SSL
Certificates<http://gentoo-wiki.com/HOWTO_OpenVPN_Server_for_Ethernet_Bridging_with_Server_Certificates>
.
We are also using IPCop <http://www.ipcop.org/> to isolate MS Windows labs
that are meant for general browsing (kept on a seperate VLAN), as they tend
to generate a lot of spam and consume bandwidth for entertainment
activities.

*Campus Authentication Server and Mail server*:
LDAP <http://www.gentoo.org/doc/en/ldap-howto.xml>,
Qmail<http://www.qmail.org/top.html>,
SpamAssassin <http://wiki.apache.org/spamassassin/>, and other tools to
manage the messaging server.

NOTE:- We set this up multiple times using entirely different tools on each
occasion, but those higher up in Director's office never trusted us for
maintaining the LDAP Accounts for all faculty and students. We then came up
with the proposal that this FOSS company Deeproot
Linux<http://www.deeprootlinux.com/>will support us, and the Lead from
the company came for a couple of meatings
with the Director of our university. Today, even the DeepOFix solution that
the company offers is operational at the university, and we students are
actively working on the system, and providing constant feedback on new
versions, and feature requests, and hacking the code occasionally for
temporary fixes.

*Cluster*:
http://www.linux-ha.org/


I hope that some of the tools and experiences mentioned above will help your
cause.
Of course, you will need someone more professional to comment on this issue.
This was a student's perspective (as I have never worked in a large company
and I am a Masters student now), but the fact that students with almost no
experience are able to learn to manage all this technology in no time from
their immediate seniors speaks for how easy and widespread these tools have
become!

-- 
Rahul Murmuria
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.firemountain.net/pipermail/novalug/attachments/20081009/0bc092a5/attachment.htm>


More information about the Novalug mailing list