Running a Business on Open Source
One client of The Root Group needed help in deploying a new eCommerce site using a number of Open Source technologies. They had varied degrees of experience with the products and needed to make sure that when they had all of the pieces assembled, they had a highly available production-ready web site. The Root Group engineer working with them was instrumental in helping them select, configure and deploy a robust architecture that included 2 Dell servers running Xen 5.0 with 5 virtual machines connected to a Left Hand Network SAN. CentOS was a guest operating system in the Xen configuration and the front end architecture had 2 Apache Web Servers. The back end servers hosting the MySQL database server use multiple databases replicating to each other. The firewall was configured on 2 Dell servers running OpenBSD using Open PF as the firewall using SSL connections for session persistence. The architecture also included Tomcat 5 for middleware and KonaKart as the shopping cart application. Disk to disk backups are done using Amanda open source software.
Large Data Center Move
The Root Group helped a large school district with over 300,000 students and 20,000 faculty and staff plan, execute and cut over their entire production datacenter over the period of two weekends. The scope of the move encompassed an assessment of the physical data center needs and involved moving more than 30 servers, 25TB of storage and a host of large load balancing and core networking gear. This high profile move had significant risk as it involved a complex, highly available administrative computing system running a production ERP system that needed to be moved while school was in session. The system included a diverse collection of hardware and software that included Sun, Cisco, Foundry, StorageTek, Veritas and others. The move involved relocating two sites running a campus cluster 5 miles apart. The move was a huge success as all systems were available and functioning when classes started the Monday following the move.
Automated DR Network Failover
One long-standing client had a business requirement for highly available internet access. The solution required The Root Group to design and implement a fully redundant self-automated network failover at the client's DR facility. The technical components of the solution involved building a BGP routing scheme for their internet access which fails over to a 3G wireless backup internet service. We architected the solution to use HSRP between two external routers with a virtual IP that talks to redundant firewalls. Stackwise switches were used on either channel and the outside networks can do site-to-site VPN failover between either the 3G or the main internet service. The design has no single point of failure and the business requirement was met with a high degree of automation that does not require IT staff intervention.
Mainframe to Open Systems Infrastructure Migration
A large enterprise needed infrastructure help to migrate their "stovepipe" administrative applications from a mainframe host to an integrated ERP system running SAP R3 on Oracle 9 and clustered Sun 6900's. Our senior infrastructure engineer helped architect and plan the migration and was hands-on in all phases of the physical migration - staging, deployment, testing and go live. He was an integral part of designing the HA and middleware aspects of the systems and he leveraged his infrastructure skills to work in tandem with the Oracle and SAP application migration teams. The Root Group has also been involved in the ongoing operations and maintenance of the systems which have allowed a much greater range of adaptability and scalability to the enterprise.
Network Security Audit
Concerned about how well they had defined and deployed security policies and technologies, a Colorado based mid-size enterprise brought in The Root Group to perform a network security audit. The components of the audit were focused on the following areas:
- Security policies and practices as they relate to network operations
- Security of the wireless network
- Configuration and security of selected externally visible internet-facing servers
- Security of selected internal subnets
- Firewall configuration analysis based on business objectives
A number of vulnerabilities were discovered in certain areas but we were also able to confirm very good security practices and operations in other areas. A particularly interesting vulnerability was found when evaluating the guest wireless access as it used the same DNS servers for both guest access and the client's internal network. This configuration had a vulnerability that could enable guests to probe the client's internal Active Directory domain through the DNS server, uncovering potentially damaging information. After the review of the audit was complete and a remediation plan was put in place, the client remarked that our work was very thorough and insightful, uncovering several vulnerabilities that previous audits from other companies had missed.