Hello,

I'm setting up a server for a mecdical clinic which would be like an apache based thing having 3 LAN's connected to it (the server), accessing the software/database via web browser (http://192.168.xxx.xxx).

To avoid any on-site "messing around", I'd like the server to have no keyboard, mouse & monitor.

The server would be having only the OS, apache/mySQL application & it's database, all being accessed by PC's on the connected LAN's or via remote access only by my office for support purposes, and, RSync-over-SSH application (for automated remote data backup).

The server will be in a different city from me, so I need remote (as secure as possible) access to it.

The server would be powered up in the morning and powered down in the evening (or maybe scheduled to automatically power down after daily remote backups).

I'm selecting Fedora 17 64-bit (since it is RedHat based) as the OS.

However, my concerns are:

1. If I use something like Teamviewer for the remote support/access, what happens if there's an error before the OS can reach to the level of starting teamviewer or a booting error (no one on-site would be able to log into the machine because the're not techie and will have nearly no access? On the other-hand, I am looking at using KVM-over-IP. Would this be a better alternative to using a remote-access software like TeamViewer?
2. is there a way Fedora can be set to install updates automatically?
3. From the way I currently use Linux, it asks to select a user to login. Is it possible that when an on-site person boot's-up the machine, it would auto log into a pre-defined user a/c without having to click on "Login"?

I'm sure there may be lot's of other issues that I've over looked

Any suggesions on this, pls?

1. if you have a server which contains a networked console, then great, but that's probably a feature set of a machine specced above what you're having if your at the level of turning this kit on and off all the time. I'd suggest leaving it always on personally.
2. why would you want that??? do it on your terms!
3. why would you ever ever want this machien to log in as a user? It's headless right??

OK, so fedora is a REALLY bad choice of OS. Do not use it on a server. Fedora is NOT based on Redhat, it's a development fork which contains a LOT of flaky testing software and architecture which will probably be part of the next RedHat EL release IF it works well. Use CentOS instead. that IS Redhat EL with the Logos changed.

Use SSH as the primary remote connectivity option. If you're doing this properly you should have no need at all to run X windows on it.

1 members found this post helpful.

WOW! you've really drawn my attention to alot of things. Thanks so much.Nope, no networked console - just using an ordinary PC acting as the "server".
We'd prefer to leave it on too, but knowing the way we experience power fluctuations, it's but natural that every few days we will be presented with having to power up the machine.
would you recommend that maybe once in two weeks we remotely log into the machine and update it?
I'm not into linux terminal commands much and really depend on the desktop to get things done.

I suggest you learn then. If this machine is remote then you need to be able to use the bare minimum possible to get into it. SSH access uses a LOT less that X windows and then any remote access mechanism built on top of it. If this box is remote, then you want do be doing as little as possible to it. One update and suddenly you're locked out. If you run CentOS 5.8 you've got a whole 0.8's worth of security patches and fixes. As long as the box is securely locked down, I would not see the need to ever apply updates remotely.

btw, for GUI remote access I personally would recommend the free version NX from nomachine.org. very good and secure, and is started by your ssh login, not by anything having to happen on boot, so it's highly supportable in itself remotely.

1 members found this post helpful.

Here's what I would recommend for remote access/support.

To ensure security, you should not be able to connect to the server unless you VPN into the remote office network. Then you should configure lights-out management on the server -- a feature included on most servers. This will allow you to access the server in a browser to see what is actually going on. Most lights-out management systems will provide you with the ability to log into the server, mount images/discs using your local machine as a pass-through and restart without losing connection to the server.

If you have to use a GUI, I would definitely recommend something lightweight like LXDE or XFCE. However, I've never used a GUI on a Linux server before so I'm not sure those recommendations are any good.

1 members found this post helpful.

Pls see the attached image. The grey area shows what they currently have in place. Instead of going the VPN way and reaching to the server via their LAN, I'm placing an additional firewall router which would allow access to only specific ports:

1. users from the grey area in the image
2. access for support from my staff
3. RSync-over-SSH for remote backup

Since you say, "a feature included on most servers", is there a way we can install the lights-out management on a desktop PC which would be the "server"? Does access to the server using lights-out management work only through dial-up/dial-in?

Attached Thumbnails

 

an ilo is harware. You could buy an ilo card usually, but it's not something you're likely to add on.

Sorry, when you said server, I assumed you were talking about a rack-mount unit. Lights-out management is actually a management processor installed in physical hardware with it's own NIC and a very lightweight web server installed (serving over port 443). It would require set up and configuration -- static IP/DNS assignment (optional, but extremely handy) and local user account creation/modification.

I believe laptop and desktops have the capability for LOM through Intel's AMT. However, it wouldn't have its own dedicated management NIC, so I'm not sure if management sessions would persist through a reboot. Anyway, you would need to download Intel's Setup and Configuration Software (SCS) in order to set it up.

As long as you are able to ping the server, you should be able to connect to the LOM. The only reason I suggested VPN was to ensure security before you provided your diagram.

Tip for offsite situation: Change the BIOS setting to always turn the server on after an accidental powerloss

1 members found this post helpful.

Just plonk your box on the network with a static IP and forward an obscure high port fron the router to 22 on your box with key-based auth, then do everything via ssh (or via ssh tunnel).

Use a STABLE distro (predictable is good).

Have a clone box (or VM) on your own network for testing / training.

Get a UPS.

1 members found this post helpful.

I'm surprised. Why would you say that? Would you rule-out iLO completely? Would love to have your comments.

Alright, I get it.
I've just been checking around on iLO and looks like it has much more to offer than what I need and I'd just be increasing on costs (which in true sense my client being "scroogie" will not be very happy with, as can be seen with the use of a desktop PC acting as a server)I even read somewhere that iLO has some license fees accociated with it's use?. I don't need to check for health monitoring and the likes. Well then, looks like I'm not going the IP-KVM or iLO way and instead prefer to go the SSH way with no X windows on it as acid_kewpie has recommended.

What would be the easiest way to do a server "shell only" install and have the SSH setup with it(I'm so used to the GUI way). Considering I'd use CentOS, guess the iso to use would be the minimal? (http://mirror.ufs.ac.za/centos/6.2/i...64-minimal.iso) and then I can put the NoMachine on my site again on a Linux (maybe Ubuntu PC).

Would really appreciate some guidance pls.

You don't need to use the minimal, it might not have enough there for you. Don't confuse the amount of disk space used with its efficiency. It can be useful to install extra tools and such without them posing anything resembling a security risk or performance hit. The only time I've had a legitimate reason to cheery pick this package and that one is when I've been building the systems over a network and benefitted significantly from less data being transferred and a faster installation process. Outside of this, I wouldn't worry too much at all. I would just use the normal 6.2 / 5.8 installation DVD and just not install X windows.

2 members found this post helpful.

Thanks Chris.
The server would actually not be doing much, so I'm hoping I could keep it to the min, so I'll just list what's going to be going on and hope you can advise:

1. A Patients record system based on Apache/mySQL which would be accessed only by PC's on the connected LAN's
2. an RSync-over-SSH command that would run maybe one a day to incrementally backup the database to a remote backup location
3. Once-in-a-while someone would need to log into this server over SSH from my end (using NoMachine) to provide support

That's all. I really wouldn't want anything else to be installed.

Thanks Chris.
The server would actually not be doing much, so I'm hoping I could keep it to the min, so I'll just list what's going to be going on and hope you can advise:

1. The server would be setup to use software-based RAID 1 Mirroring (2 HHD in total)
2. A Patients record system based on Apache/mySQL which would be accessed only by PC's on the connected LAN's
3. an RSync-over-SSH command that would run maybe one a day to incrementally backup the database to a remote backup location
4. Once-in-a-while someone would need to log into this server over SSH from my end (using NoMachine) to provide support

That's all. I really wouldn't want anything else to be installed, unless it's absolutely necessary.

Infact I'm looking at setting up the base system with the OS, rsync-overSSH command, SSH for NoMachine access and then once I'm satisfied, make an .iso image of the setup, so if ever anything goes wrong, all I'd have to do is just format the HDD, install this iso and it would be up and running.