When you want to have yourself a (new) server you can always just jump into action without planning ahead and just making decisions as the need arises. But if you decide to plan ahead, you will find that everything will run smoother and that there will be fewer areas which you will not have thought through or even completely missed.
Of course you will not be able to foresee all problems and challenges but alone the act of planning systematically will reduce the number of problems, their severity and the challenge of overcoming them.
It will also help you with the schedule and quality control of your project.
The plan should contain the goal or mission of your project. You need to defind a main goal and perhaps some secondary goals. Each of these can then be divided into sub goals that when all fulfilled will fulfill the main goal. Each of the sub goals can then again be divided into sub goals. Keep dividing the goals ‘till you each is well defined and have a measurable fulfillment requirement.
This technique is also called divide and conquer.
Now this document of goals and sub goals is not set in stone, once you have written it. As you work your way through your project you may find, that you need to amend, add, refine, etc these. This is in itself not a failure merely a reflection of a changing world as well as your acquiring more knowledge and skills
To put this technique into practice in our little project we can define the following super, main and secondary goals:
Project : HomeServer
Super goal :
- Support and secure the IT needs of a SOHO(Small Office/Home Office)
Main goal :
- Secure the local network from attacks coming from both the internet and the local network (ie Firewall/routing , perhaps email-scanning)
Secondary goals :
- Provide easy and secure storage of data (Fileserver and Backup of data)
- Easy administration
If we break down the main goal into sub goals this could be:
Main Goal : “Securing the local network from attacks”
- Firewalling : Define rules for packets going through our system. Which ones will we allow? What to do with the ones we will not allow?
- Routing: In case of multiple networks (ie in larger setup); which packet goes where? Differentiated rules for different networks; secure, intermediate, open networks, DMZ (DeMilitarized Zones) for public or intranet services.
- Intrusion Detection: Help prevent our system of being compromised and aid in the investigation of attempts and incidents of intrusion.
- Virus protection: Scanning of incoming and outgoing mail, scanning of storage for Vira, SpyWare, Trojans etc.
Secondary goal: “Provide easy and secure storage”
- Provide Windows boxes (and other boxes) with remote storage. (e.g. through Samba)
- Provide *nix boxes with remote storage (e.g. through NFS)
- Provide regular and reliable backup of remote storage
Secondary goal : “Easy Administration”
- Provide a simple interface accessible on many platforms to administer and supervise the system tailoring the information level to the given user.
In part 2 we will continue with the planning making it more detailed and concrete with our project in mind.
Later parts will include choice of hardware, software and policies. We will also take a look at setting up (some of) the software chosen.
