While I’ve been down for surgery, I’ve had a lot of time to think about the design of my own infrastructure. Some people know that when you view this website or one of my web apps that you hit my server. To some people, that is understood as the information is presented from a computer, out some where, and I own it. Fact is, its just not that simple.
Currently, to view this site and my projects, a few layers make up the availability of my server space. I rely on some HP blade servers in a HP blade chassis, a NetApp 3720 cDOT storage cluster, and various Cisco switches for connectivity. Those 3 items allow me to have my server(s) virtualized and scale about as needed. Inside those blades, live several virtual servers. Some are routers, telling what traffic to go where. Some of them are used to monitor the health of everything. I do have web facing stack built out so that one virtual server has one role. One only provides HTTP, one only provides DB, and so on.
For the past several years, this has been fine and overkill. And I love it. How ever, I have a problem regarding mail. Specifically, since I don’t personally own my connection to the internet, there are parts I cant manage. The parts I can’t manage leave my outbound mail marked as spam and it gets rejected from the grown ups like Google. Sigh. What to do, what to do. A contact of mine up in Charlotte stated that his business could lease me a 1U space with power and bandwidth for about $70 a month. That isn’t bad but the environment I just described is closer to about 34U of space. We’d be talking about $600 a month. No thank you, I don’t make money from this, nope.
So I started considering my options. I already enjoy Mikrotik for routing, they’ve proven themselves and I know the platform. I ended up finding a RB2011UiAS-RM for $120. That would be a rack mount, 1U, single PSU router, with more ram and CPU than I really need, with more features than I need. After thinking about how to bridge the 2 sites – my home and the DC in Charlotte, I realize that because its single PSU – if they did a PDU test, I could go down. My initial response was to get an second one and have it installed on the B side of the power grid, use some VPLS and such to keep things up. How ever, this is also a shitty idea – because VPLS requires 2 routers on each side of the location to start with.
Zooming out, I realized that I actually only need this for mail and experimenting. That means that if it goes down, I can route in a way so that it only affects mail and keep the traffic that is already coming out of the home connection the way it is. So now I can simplify my bridging and I think VPN is the first step here. That gives me encrypted, private sessions with the DC directly, and my mail will appear to come from my connection. More to come on this, as test different things out in the garage before deploying.