I.T. infrastructure for a growing charity… revisited

I blogged back in the summer when I was starting to think about overhauling the I.T. infrastructure for my youth charity, Solent Youth Action. But I never actually came back to this to say what I went with in the end.

You can see the original post to see what we started with, but in short, it was fairly primitive.

I don’t think that we’re really finished yet, but here is where I’ve got to so far…

The network is built around a new Linux fileserver, running CentOS. It has three hard-drives, and uses RAID 5 (striped RAID with the parity spread across the drives) to protect against hardware failures.

I use Sentry Tools to monitor the system logs and email me if anything looks like it might start going wrong.

A directory is shared to the local network using samba, making it available as a central file server for the ten Windows XP workstations that we have. Backup for this storage is still manual – writing to a removable USB hard-drive every month, which remains disconnected from the server and locked up the rest of the time. (I have set up a cron job on the server to email a reminder to the administrator to do the backup.)

I’m still looking into off-site backup, but haven’t got round to this yet. I hear a lot of good things about Amazon S3 but don’t know much about how it works in practice.

The critical information – personal information about young people and their volunteering activity records – has been moved to an off-site server, and is now hosted in a drupal content management system installation using CiviCRM relationship management on a 1and1 server. A cron job on our local CentOS fileserver sucks down a local copy of the MySQL database behind this as an additional backup.

Remote access to workstations is now available using Windows Remote Desktop. The workstations are not exposed in front of our NAT router, so this is done using putty to open an SSH connection to the Linux server, with putty’s SSH Tunnels settings port forwarding on to the Windows desktops. SSH access is limited to SSH-2, and password authentication is disabled in favour of key-based authentication using PuTTYgen to generate keys.

To make remote access easier, the staff have USB keys with PortableApps on it with apps to allow remote work. The office doesn’t have a static IP address, so I’m using a free dynamic DNS service from no-ip.com.

I also took advantage of the time to work on our computers to make sure that all of our workstations are protected with AVG Anti-Virus, and the anti-spyware security utilities Spyware Doctor and Norton Security Scan that you can get for free in Google Pack.

I’m thinking about getting the Linux fileserver to perform some virus / spyware checks on the documents stored in the samba share, but haven’t really found a suitable Linux tool for this yet.

There we go. It’s all fairly standard stuff so I haven’t bothered to give too much detail on how I did this, but at the very least, this post was a good chance to give some link-love to the fantastic free and open-source tools that I’ve used to put the whole thing together. The quality of stuff that is available for free never ceases to amaze me.

Tags: , , , , , , , , , ,

Comments are closed.