Kevin wrote:
Your choice of hardware will be dictated to a great extent by your choice
of operating system, and might also be influenced by your budget and
your employer -- in my case, corporate purchasing mandates that we
we buy from Dell, so I use the Dell PE1850 for "smaller" critical boxes.
Very good point. I left that out by mistake.
My first two choices for OS would be FreeBSD or OpenBSD. I am very
familiar with both and run a few of them on our company network doing a
variety of tasks
With just 70 employees, even the lowly PE750 would be overkill.
Just saw that one on dell. Starts at about $550. Comes with 256mb RAM.
Suggestion to upgrade more? Maybe 512 at the least, 1gb at best?
CPU is fine. Single 40gb SATA drive. should be sufficient.
My first recommendation for the "corporate world" is to plan on purchasing
two identical machines and operate either behind a load-balancer or with
a reliable failover solution -- if you use Proxy Automatic Configuration (PAC)
instead of transparent proxy, you can even have the clients themselves do
both load-balancing and failover in the PAC script.
Yes. That is what I originally had in mind. Assuming I have the budget
to buy two machines (hopefully I do), i would doing something very similar.
A server built with Ultra-320 SCSI using 15KRPM drives will give insanely
good drive performance, plus SCSI drives can offer enhanced reliability,
longer warranties, and hot-swap.
While a SCSI-based server may be considerably more expensive than
IDE or SATA, take into consideration that they also tend to be higher-end
all around, with dual power supplies, lights-out data center features, etc.
My solution to get the utmost security (at the cost of performance) is to
run Squid on OpenBSD under "systrace". This restricts the system calls
the Squid app can make. Systrace is also available for other OSes:
http://www.systrace.org/
Yes. I like systrace and especially OpenBSD.
You mentioned the number of employees, but not the available bandwidth
or the current average and peak traffic volumes for desktop web browsing.
Well, we have a T-1 currently. One of my current tasks is to measure our
bandwidth usage. It definitely needs to be cutback. The CEO was very
nice in letting users "surf" freely for awhle. However, after a recent
nasty incident, the door will slam shut on that very soon. Hence, the
"go ahead" on my long awaited squid proxy server.
It'd help to have an idea of the current and historical browser activity, in
terms of requests-per-second and bytes-per-second. Having statistics will
also be useful in proving how the savings in time and bandwidth that come
from serving cached content, and from blocking undesirable content.
Plus management likes colorful easy to read graphs. Think "USA Today".
All Very good points and items I definitely plan on mentioning to the
"board."
I personally would *NOT* be comfortable using dansguardian to block
web browsing in a business setting, but that's just me. I suppose if you
were to take logs of your current traffic and whitelist all the domains which
look like they have any possibility of being important to your employees
getting their jobs done, dansguardian *might* be acceptable. Maybe.
Is there another plugin of some sort that works in conjunction with
squid for web content filtering? I've come across another one called
http://www.safesquid.com
I really need some type of addition to squid to filter out crap and
ensure it doesn't get on my users computers (spyware...). Since most of
our vendors websites use only IE, I am unable to switch others to
something like Firefox. So, im stuck
Kevin Kadow
Thanks,
Cheers,
Jason
