Roberto Sanchez wrote: > -The lab director does not want to pay for support or for RH Enterprise > Workstation, so they setup one RHN account, added all 10 machines and then > rotate the demo entitlement amongst them to be able to run up2date for each > one. I don't know about the Enterprise Workstation license, but having looked carefully at the Advanced Server license I will say that it specifically forbids doing that. The AS license says that you are contractually agreeing to pay license fees for every AS system that you have. I assume the EW license says the same thing. So getting that situation cleaned up as soon as practical could save you some legal grief. You will have to look at your own license to know where you stand. Debian is completely free of course and a better way to go. > I would like to transition all the machines over Debian (Sid for the > 8 workstations and Woody for the two servers) while preserving the > user home directories. You sound like you have a good grip on the problem. You should be able to proceed with confidence. > I would also like to setup a DHCP (I know how to do this, but would like a > suggestion as to whether it belongs on the web or fileserver), Logically DHCP is its own service. It does not really belong either place. If you are doubling up on the duty of a machine (which is fine) then it is your choice where you put it. I personally don't like running anything on the firewall machine. I would have the firewall be only a firewall and nothing else. If I only had two machines then all of the other services would be running on the non-firewall machine. But that is only a preference for the maximum in security. As a practical matter you can get away with running other services there. Usually putting DHCP on a firewall machine requires a few special rules to enable the broadcast packets through. Therefore I would put it on the fileserver. But it is a small thing. > DNS (currently each machine is named after the person that uses it > and since all the IPs are static the hosts file on each must be > updated after each change), That works. But I suggest one of two things. Do you have your own domain? In that case run your own DNS zone with BIND. That eliminates the need for a local /etc/hosts file. Just update your DNS zone and it has immediate affect. Don't have your own domain but are running these as a NAT'd network? In that case make make up a local domain and masquarade it behind your firewall and mailserver. With Postfix that is simply 'masquerade_domains = $mydomain'. Additionally, for your configuration I would run all of the workstations as DHCP clients. On your DHCP server configure it to give the clients the same IP address every time. In practice this means that you will need to make DNS changes and DHCP changes centrally on the server when new network cards come or go from machines. But being centrally managed makes that easier in my opinion and things like that don't change very often. > and VMWare workstation for each machine (I would need some help for > doing this on Debian since they don't officially support Debian as a > distro). I personally don't use vmware but colleagues here do. It runs fine on Debian. > Any other suggestions/comments/whatever would be greatly appreciated. For your stable machines check out cron-apt to get security updates painlessly. Pull the version from unstable and backport it to stable since there have been some enhancements. If you need help, ask. For IDE disks look at the smartsuite set of tools to monitor disk health. Look at mdadm to monitor RAID status. In a student environment I would run a customized configuration of aide on your servers to look for intrusions. I modify my aide configuration to reduce the spurious noise from it. On your server contemplate running logcheck in the 'workstation' mode to report issues seen by the system. Bob
Attachment:
pgpHiSCXhMItc.pgp
Description: PGP signature