Data Center Site Selection Criteria

Now a days data center plays the most crucial and vital role irrespective to business segment. The cost of data center downtime has increased significantly for companies in the last three years, according to results of a recent study by Ponemon Institute published on February 1, 2011, sponsored by Emerson Network Power. Read the study report: "Cost of Data Center Outages: Sponsored by Emerson Network Power"

Research indicates "data center outages have serious financial consequences for an organization. According to the study, the cost of a data center outage ranges from a minimum cost of $38,969 to a maximum of $1,017,746 per organization, with an overall average cost of $505,502 per incident."

Actual cost of downtime in these days would be much more than the above calculation. Could you ever imagine if Amazon went down for a minute just before eve of Christmas or New Year or Alibaba had an interruption for a minute before Chinese New Year? I am sure that you need a large scientific calculator to compute this. 

According to the above study report, 37% of the unplanned outages occurred related to site or location. Thus data center site selection is one of the major decision that a management should take. There are several criterion for selecting site for your future business. Depending your choice, your business might be bloomed or doomed.

Selection criteria can be divided into below broad categories:

• Potential Natural Hazardous Area

• Potential Man-made Hazardous Area

• Proximity Evaluation

• Building Evaluation

For selecting a site, Potential Natural Hazardous Area should be avoided for below reasons:

•       Lightning

•       Flooding

•       Typhoon

•       Forest Fires

•       Seismic Prone Area

Sometimes Man-made Hazardous Area also impacts data center overall performance, thus should be avoided.

•       Flight path

•       Tunnels, lakes

•       Train/airport

•       RF towers

•       Power distribution network

•       Industrial pollution

Proximity Evaluation is one of the premier selection norm for selecting site.

•       Emergency Services e.g. Fire, Police, Medical Facilities

•       neighborhood

•       Public transport and public roads

•       High risk targets e.g. Embassies, Govt. Building, Power Stations, Radio/TV Station

And lastly Building Evaluation is required for below reason:

•       Rent/Buy/Build

•       History of the building and/or area (flood, fire etc.)

•       National building code

•       24x7 access

•       Level/floor within the building

•       Space required/ potential expansion

•       Floor loading capacity

•       Slab to slab height (min. 3.8meter)

•       Power Capabilities: Redundancy & Capacity

•       Network Capabilities: Redundancy & Diversity

•       External Supply Capabilities

•       Utility duct

•       Secured perimeter

•       Grounding space

•       Standby generator, external generator provision

•       Delivery of heavy/big equipment's and route to data center

Don't forget your prime selection criteria which is your Budget, Budget, & Budget!!

References:

• Cost of Data Center Outages Sponsored by Emerson Network Power
• EPI Data Center Framework

Backup & Restore MySQL Stored Procedures and Triggers

There are two ways to backup MySQL routine procedures and triggers. Either it could be with data and tables or  without data and tables.

Backup:

DB Host: 172.16.16.29

DB Name: reportdb

DB Username: root

DB User Pass: abc123

Backup stored procedures with data and tables:

==================================

# mysqldump -h 172.16.16.29  -u root -p --routines reportdb > reportdb_proc_with_data_table.sql

When prompted, enter root password

Backup only Stored Procedures and Triggers:

=================================

# mysqldump -h 172.16.16.29 -u root -p  --routines --no-create-info --no-data --no-create-db --skip-opt reportdb > reportdb_routine_proc.sql

When prompted, enter root password

Restore:

mysql -u root -p reportdb  < reportdb_proc_with_data_table.sql

When prompted, enter root password

or

mysql -u root -p reportdb  < reportdb_routine_proc.sql

When prompted, enter root password

qmail Queue Monitor via Shell Script

It is must required task for a mail administrator to monitor mail queue and take required necessary steps. Due to over queue size regular mail flow might get hampered. Any particular person may abuse your SMTP server by unauthorized email marketing. In those cases, mail administrator needs to check the queue size and take actions accordingly.

In following script we will try to get qmail queue information. qmHandle is a handy command for doing this.

Objective: Receive qmail queue information in my email address

Here is a simple bash script. In this script, we will receive qmail queue statistics like below:

/service/qmail-send: up (pid 6185) 16506 seconds

/service/qmail-send/log: up (pid 6186) 16506 seconds

/service/qmail-smtpd: up (pid 6197) 16506 seconds

/service/qmail-smtpd/log: up (pid 6198) 16506 seconds

/service/qmail-smtpds: up (pid 6187) 16506 seconds

/service/qmail-smtpds/log: up (pid 6193) 16506 seconds

/service/qmail-pop3d: up (pid 6195) 16506 seconds

/service/qmail-pop3d/log: up (pid 6196) 16506 seconds

messages in queue: 2788

messages in queue but not yet preprocessed: 0

In addition, we will receive another 2 mail which will contain all mails in queue with "From" address and "Subject"

#!/bin/bash

/usr/sbin/qmHandle -l|grep Subject|sort| uniq -c|sort -n > /script/queue-subject.txt

/usr/sbin/qmHandle -l|grep From|sort| uniq -c|sort -n > /script/queue-from.txt

/usr/bin/qmailctl stat > /script/queue-stat.txt

/usr/bin/mailx -s "qubeemail queue from" didar.sust@gmail.com < /script/queue-from.txt

/usr/bin/mailx -s "qubeemail queue subject" didar.sust@gmail.com < /script/queue-subject.txt

/usr/bin/mailx -s "qubeemail queue stat" didar.sust@gmail.com < /script/queue-stat.txt

Add this script in crontab as per required schedule interval.

Cheers ✌☺

This article is dedicated to Sandy 👍

Enable both HTTP & HTTPS in Apache Axis2/Java Web Services/SOAP/WSDL Engine

For some purposes I need both HTTP (8080) and HTTPS (8443) port open in my AXIS2. So lets have it in both Windows & Linux environment☺We will use "keytool" from JAVA binaries to generate keystore file. Let's assume, Apache is already configured with HTTP 8080 port.

Please don't hesitate to put your comments 😉

Tested Environment:
Windows 7, Windows 2012
RHEL 5.4, RHEL 6.5
Apache Tomcat Version 6.0.33

In Windows Environment:

Step-1: Generate Keystore file.
Objective-1: We will generate keystore file in C:\apache-tomcat-6.0.20\conf\cert\ directory.

Lets assume we have JDK installed in our computer. Here is mine, let's go to the directory:

Start >> Cmd

cd c:\ProgramFiles\Java\jdk1.6.0_20\bin\

c:\Program Files\Java\jdk1.6.0_20\bin>keytool -genkey -alias tomcat -keyalg RSA -keystore C:\apache-tomcat-6.0.20\conf\cert\keystore.ssl

Enter keystore password: mypassword

Re-enter new password: mypassword

What is your first and last name?

  [Unknown]:  S M Didarul Abedin

What is the name of your organizational unit?

  [Unknown]:  IT/Technology

What is the name of your organization?

  [Unknown]:  My Organization Bangladesh Ltd.

What is the name of your City or Locality?

  [Unknown]:  Gulshan-2

What is the name of your State or Province?

  [Unknown]:  Dhaka

What is the two-letter country code for this unit?

  [Unknown]:  BD

Is CN=S M Didarul Abedin, OU=IT/Technology, O=My Organization Bangladesh Ltd.,

 L=Gulshan-2, ST=Dhaka, C=BD correct?

  [no]:  yes

Enter key password for <tomcat>

        (RETURN if same as keystore password): mypassword

Re-enter new password: mypassword

c:\Program Files\Java\jdk1.6.0_20\bin>

Step-2: Update apache configuration file for HTTPS

Objective-2: Necessary configuration in apache for HTTPS

Lets assume C:\apache-tomcat-6.0.20\conf\ is the apache configuration directory. Lets put updated configuration for HTTPS (8443):

Update C:\apache-tomcat-6.0.20\conf\server.xml with below configuration

=====================================================

<Connector port="8443" protocol="HTTP/1.1" 

           SSLEnabled="true"

           scheme="https" 

           secure="true"

           Server=""

           keystoreFile="C:\apache-tomcat-6.0.20\conf\cert\keystore.ssl"

           keystorePass="mypassword"  /*put same password that you used while generating keystore file*/

           maxThreads="150"

           maxSpareThreads="75"

           minSpareThreads="25" 

           clientAuth="false" sslProtocol="TLS" 

           URIEncoding="UTF-8"

           />

Update C:\apache-tomcat-6.0.20\conf\web.xml with below configuration

=====================================================

<user-data-constraint> 

<transport-guarantee>CONFIDENTIAL</transport-guarantee> 

</user-data-constraint>

And lastly update AXIS2 config file to allow HTTPS in port 8443

C:\apache-tomcat-6.0.20\webapps\axis2\WEB-INF\conf\axis2.conf

====================================================

<transportReceiver name="https"

                       class="org.apache.axis2.transport.http.AxisServletListener">

        <parameter name="port">8443</parameter>

    </transportReceiver>

Step-3: Restart apache

Objective-3: Enable HTTPS in AXIS2 https://ip-address:8443

Result: Success ✌☺

In LINUX Environment:

Step-1: Generate Keystore file.

Objective-1: We will generate keystore file in /opt/tomcat/apache-tomcat-6.0.33/conf/cert/ directory.

#cd $JAVA_HOME/bin

#keytool -genkey -alias tomcat -keyalg RSA -keystore /opt/tomcat/apache-tomcat-6.0.33/conf/cert/keystore.ssl

Enter keystore password:mypassword

Re-enter new password: mypassword

What is your first and last name?

  [Unknown]:  S M Didarul Abedin

What is the name of your organizational unit?

  [Unknown]:  IT/Technology

What is the name of your organization?

  [Unknown]:  My Organization Bangladesh Ltd.

What is the name of your City or Locality?

  [Unknown]:  Gulshan-2

What is the name of your State or Province?

  [Unknown]:  Dhaka-1212

What is the two-letter country code for this unit?

  [Unknown]:  BD

Is CN=S M Didarul Abedin, OU=IT/Technology, O=My Organization Bangladesh Ltd., L=Gulshan-2, ST=Dhaka-1212, C=BD correct?

  [no]:  yes

Enter key password for <tomcat>

(RETURN if same as keystore password):mypassword  

Re-enter new password:mypassword

Step-2: Update apache configuration for HTTPS port

Objective-2: Necessary configuration in apache for HTTPS

Lets put updated configuration for HTTPS (8443)in

 $TOMCAT_HOME/conf/server.xml file

=====================================================

<Connector port="8443" protocol="HTTP/1.1" 

           SSLEnabled="true"

           scheme="https" 

           secure="true"

           Server=""

           keystoreFile="/opt/tomcat/apache-tomcat-6.0.33/conf/cert/keystore.ssl"

           keystorePass="mypassword"

           maxThreads="150"

           maxSpareThreads="75"

           minSpareThreads="25" 

           clientAuth="false" sslProtocol="TLS" 

           URIEncoding="UTF-8"

           />

Update $TOMCAT_HOME/conf/web.xml with below configuration

=====================================================

<user-data-constraint> 

<transport-guarantee>CONFIDENTIAL</transport-guarantee> 

</user-data-constraint>

And lastly update AXIS2 config file to allow HTTPS in port 8443

$TOMCAT_HOME/webapps/axis2/WEB-INF/conf/axis2.xml

====================================================

<transportReceiver name="https"

  class="org.apache.axis2.transport.http.AxisServletListener">

        <parameter name="port">8443</parameter>

    </transportReceiver>

Step-3: Restart apache

Objective-3: Enable HTTPS in AXIS2 https://ip-address:8443

Result: Success ✌☺

Step-4: Secure environment

Objective-4: Will secure the environment via IPTABLES

Add below rules in your IPTABLES (/etc/sysconfig/iptables) to secure your environment

For example: we are allowing all private blocks 10.0.0.0, 172.16.0.0 and 192.168.0.0

=======================================================================

-A INPUT -s 10.0.0.0/255.0.0.0 -p tcp -m tcp --dport 8080 -j ACCEPT 

-A INPUT -s 172.16.0.0/255.255.0.0 -p tcp -m tcp --dport 8080 -j ACCEPT

-A INPUT -s 192.168.0.0/255.255.0.0 -p tcp -m tcp --dport 8080 -j ACCEPT

-A INPUT -s 10.0.0.0/255.0.0.0 -p tcp -m tcp --dport 8443 -j ACCEPT 

-A INPUT -s 172.16.0.0/255.255.0.0 -p tcp -m tcp --dport 8443 -j ACCEPT

-A INPUT -s 192.168.0.0/255.255.0.0 -p tcp -m tcp --dport 8443 -j ACCEPT

Enjoy ✌☺

This article is dedicated to one of my mentor young angry man (Shamim Bhai) 👍

Synchronize Time with NTP Server

In Windows 2008 R2 Standard Environment:

Time synchronization is an important aspect in network. For example, if time is not synchronized then you may receive mail in future time, many software installation requires time synchronization.

• AD (Active Directory), uses Windows Time service for clock synchronization: W32Time

• All client machines synchronizes time from domain controller

• In Domain Controller Environment all domain controller synchronizes from the PDC

• Thus PDC must synchronize from external source e.g. NTP Server

To locate PDC:

netdom /query fsmo

Sample Output:

Schema master               DC2.abc.com.bd

Domain naming master        DC2.abc.com.bd

PDC                         DC2.abc.com.bd

RID pool manager            DC2.abc.com.bd

Infrastructure master       DC2.abc.com.bd

The command completed successfully.

Stop W32Time service:

net stop w32time

Setting up external source (assume: NTP IP is 192.168.220.80)

w32tm /config /syncfromflags:manual /manualpeerlist:192.168.220.80

Make PDC a reliable time source for clients:

w32tm /config /reliable:yes

Start the w32time service

net start w32time

In RHEL 6.5:

Edit ntp.conf file and add below line

#vim /etc/ntp.conf

# IP Address of your NTP Server

server 192.168.100.200

Save & Exit.


Add cronjob for update time from NTP

0 0 * * * /usr/sbin/ntpdate -u 192.168.100.200


Cheers!!!