On 6/10/05, Jason Williams <jwilliams@xxxxxxxxxxxxxxxxxxxx> wrote: > Kevin wrote: > > >Your choice of hardware will be dictated to a great extent by your choice > >of operating system, and might also be influenced by your budget and > >your employer -- in my case, corporate purchasing mandates that we > >we buy from Dell, so I use the Dell PE1850 for "smaller" critical boxes. > > > > > Very good point. I left that out by mistake. > My first two choices for OS would be FreeBSD or OpenBSD. I am very > familiar with both and run a few of them on our company network doing a > variety of tasks > > >With just 70 employees, even the lowly PE750 would be overkill. > > > Just saw that one on dell. Starts at about $550. Comes with 256mb RAM. > Suggestion to upgrade more? Maybe 512 at the least, 1gb at best? > CPU is fine. Single 40gb SATA drive. should be sufficient. There's one nasty problem with the PE750 and OpenBSD -- if you go with the SATA drives, the onboard controller is not supported in DMA mode, so you would need to put a supported PCI controller in one of the two slots. The embedded Intel 'em' controllers available on most Dell machines are good gigabit Ethernet controllers. The Broadcom 'bge' NICs found on a few Dell products are less well regarded. > >My first recommendation for the "corporate world" is to plan on purchasing > >two identical machines and operate either behind a load-balancer or with > >a reliable failover solution -- if you use Proxy Automatic Configuration (PAC) > >instead of transparent proxy, you can even have the clients themselves do > >both load-balancing and failover in the PAC script. > > > Yes. That is what I originally had in mind. Assuming I have the budget > to buy two machines (hopefully I do), i would doing something very similar. I'd almost go so far as to say it'd be better to purchase and deploy two cheap Squid servers than one really good one :) > >You mentioned the number of employees, but not the available bandwidth > >or the current average and peak traffic volumes for desktop web browsing. > > > Well, we have a T-1 currently. One of my current tasks is to measure our > bandwidth usage. It definitely needs to be cutback. The CEO was very > nice in letting users "surf" freely for awhle. However, after a recent > nasty incident, the door will slam shut on that very soon. Hence, the > "go ahead" on my long awaited squid proxy server. You'd be hard pressed to find a server which isn't up to saturating a T1. > Is there another plugin of some sort that works in conjunction with > squid for web content filtering? I've come across another one called > http://www.safesquid.com This is the first I've seen of this product. Interesting, and cheap. > I really need some type of addition to squid to filter out crap and > ensure it doesn't get on my users computers (spyware...). Since most of > our vendors websites use only IE, I am unable to switch others to > something like Firefox. So, im stuck I stop the most annoying spyware with a combination of router ACLs and blocking the spyware domains in my caching nameserver. You can address a subset of spyware by upgrading your desktop AV (Symantec, McAfee, etc) to add their host-based spyware protection.