I just finished upgrading my pfSense firewall to the latest 1.2-RC2 release. I’ve been running 1.0 (and a pre-1.0 release before that) on a network appliance for several years now. It’s a very solid and stable firewall with a bunch of features usually only found on higher-end equipment.

pfSense is a firewall appliance derived from m0n0wall, based on BSD and has a great web-based configuration interface. I installed this latest release of pfSense into a VMware virtual image, and also have it running on a 1G CF on a mini-itx VIA motherboard.

I have been using pfSense successfully to manage a static IP subnet, using its 1:1 NAT and virtual IP addressing features to route the static IP block to the servers to which the static IPs are assigned. I also use the traffic shaping features to allocate bandwidth for VoIP accounts that terminate at an asterisk appliance on the internal network. Real-time traffic graphs and traffic logs also give and idea of the bandwidth loads on the network.

The pfSense  firewall appliance also serves as a VPN endpoint into my internal network, pfSense offers VPN services through IPsec, OpenVPN, PPPoE, and PPTP. I’m currently using PPTP with Windows XP clients.

Other features of pfsense include captive portals, load balancing, CARP for failover protection, OLSR, RIP, SNMP, UPnP, DHCP server and relay, DNS Forwarder, Wake on LAN, and a packaging system that lets you add on third party packages to the firewall such as radius servers, network monitors, web proxies, and security tools, to name a few.

pfSense contains all its configuration in one XML file which makes it easy to upgrade and configure the firewall. pfSense can be run in an embedded environment (off of a compact flash card, with no console/keyboard) or on normal equipment with I/O enabled. Packaging pfSense into a VMware image was also very straightforward and worked as expected. This virtual firewall image can then be used to decouple the firewall software from the hardware and give me the flexibility to quickly switch hardware as needs change or hardware failures are encountered.

If you’re like most people, backing up your important data is an afterthought at best - at least until the day comes that you lose all your pictures, email, important documents, and that doctorate thesis you’ve been working on for the past few years. Even then some of these same victims of data loss become lax in their backup practices over time putting themselves at risk for another data loss event. What is it they say about doing the same thing twice and expecting a different outcome?

When you run several servers and you have a computer count that is in the double digits, backing up all the data on those servers and workstations is a serious matter. Several years ago, I bit the bullet and started searching for a great solution. After evaluating many backup applications that just didn’t work out, I hit the mother lode and found one of my favorite applications, BackupPC developed by Craig Barratt. I have been successfully using BackupPC for a while now, and a year or so ago I turned the BackupPC server into its own embedded network appliance running off of compact flash (and storing the data pool to a 300GB IDE hard drive).

About BackupPC
BackupPC is an open source application written in Perl. BackupPC runs as a server, connecting to clients, and extracting and saving backup data on disk. BackupPC has a very nice web-based user interface and an extensive set of configuration options that provide flexibility to specify the exact backup policy you desire. BackupPC is compatible with Windows, Linux, Mac and pretty much any operating system that supports SMB protocol (i.e. Windows file sharing) or rsync

BackupPC Media Management
One of my favorite features of BackupPC is its media management. BackupPC makes efficient use of the backup media by implementing backup data pooling and compression. Duplicate files encountered in a given backup set, across sets, across workstations, or any combination of these are managed such that only one real copy is kept in the backup data pool and the rest are “links” to this master copy. For example suppose Alice and Bob are two Mechanical Engineers working on a large SolidWorks design. Suppose they both have the latest revision of this SolidWorks design checked out onto their local workstations (you do use version control don’t you?). Suppose BackupPC makes a backup of Alice’s computer first. When it gets around to backing up Bob’s computer, it realizes it already has a copy of the Solidworks file and creates a hard link to the file backed up from Alice’s computer, saving a network transfer and backup disk space. BackupPC also can be configured to compress the backup data pool stored on the backup disk, and it only has to run the compression algorithm once per unique file thanks to the data pooling algorithm BackupPC employs. BackupPC can also be configured to create permanent backups of the backup data pool to removable media such as DVD or tape for offsite storage.

Versioned Backups
BackupPC’s efficient use of the backup medium allows it to provide versioned backups of your servers and workstations without the worry of quickly exceeding the capacity of the backup disk. BackupPC easily manages full and incremental backup sets, automatically merging incremental sets into their corresponding full backup set. Restoring a file is simply a task of logging into the web-based user interface, selecting the full or incremental backup desired, and navigating the file tree and selecting the files you want to restore.

My BackupPC Media Stats:
To give an idea of the amount of data and number of versions you can keep around with BackupPC, I included a few screenshots from the user interface. I have a 300GB drive as my backup medium. First, the uncompressed statistics:

Now the backup data pool statistics on compression and disk usage:

So I’ve only used around 86GB (37%) of my backup disk, even though I backup seven hosts and have around 280GB of raw backup data. Pretty impressive, in my opinion.

BackupPC User Interface
BackupPC has a great web-based user interface that allows both administrator and end-user access allowing the appropriate privileges for each role. Like I mentioned above, selecting backup sets and files is a simple task. Here are some screenshots indicative of the Backup Summary and Backup Browsing available on the BackupPC website.

Other Backup Options
To be complete I thought I’d mention a few other backup options that seem worthwhile and briefly discussion pros and cons of each.

(more…)

What do telecommuters, business owners and teenagers all have in common? All usually have special needs when it comes to communicating by telephone. If you find yourself managing multiple incoming telephone lines, struggling with answering machines or voicemail services, and daisy-chaining your internal telephones in a pre-World War II style party-line effect, maybe you should consider the Asterisk Open-Source PBX.

What is Asterisk?
Asterisk is an open source Public Branch Exchange (PBX) Written by Mark Spencer. Asterisk provides termination of everything from Plain Old Telephone Service (POTS), T1/E1 service, and various types of Voice over IP (VoIP) protocols including SIP and IAX2. Asterisk inspired the founding of Digium, the original creator and primary developer of Asterisk. Digium sells enterprise and business hardened versions of Asterisk along with digital and analog line cards for terminating incoming voice service (FXO) as well as internal voice stations (FXS)

I have been using Asterisk to manage my voice services for several years now, believe it is a very Disruptive Technology and highly recommend it to everyone. When I started using Asterisk, there were occasional hiccups, and for a while I struggled with line echo issues on the POTS line. Since that time, Asterisk has undergone constant development, and Asterisk 1.2 has introduced a great deal of stability and capability fixing the echo and instability problems I had early on. And at the time of this writing, the release of Asterisk 1.4 is eminent and should provide additional capabilities and improvements in the Asterisk core.

How I use Asterisk
I run Asterisk on its own dedicated Mini-ITX system, a network appliance of sorts. I have a Digium TDM400P (2FXS, 1FXO) analog card terminating my home voice services and VoIP for my business phone service provided by Broadvoice. Additionally, I have phone numbers on the Free World Dialup and SipPhone. All of these services are easily handled by Asterisk. Internally, I have phone extensions connected to the FXS modules on the TDM400P, and I have one station connected via VoIP using a Sipura phone adapter which basically converts a standard phone into an IP / VoIP phone talking the SIP protocol. Sipura adapters are an inexpensive way to convert your existing analog phones into VoIP phones. I use CounterPath’s X-Lite softphone on my PC and Mac to originate and receive calls on my phone system in-house or on the road. Voicemail is forwarded to my email where the callers name and phone number are identified in the subject line and includes a .wav file of the caller’s message.

Advanced Features
Asterisk uses the Inter-Asterisk Exchange (IAX) protocol which enables a company extend the reach of their dialplan to include remote offices and telecommuters. While I was working my last gig in aerospace, I configured an Asterisk server in the office to connect to my server at home and used it to seamlessly route calls to/from my home on occasions when I found myself working from home. With this setup I was able to access my home dialplan from work, and my work dialplan from home. It was a simple setup and the communications were secure via an encrypted IP tunnel.

Asterisk supports calling external scripts from the dialplan via the Asterisk Gateway Interface (AGI). The AGI interface makes it possible to execute external events based on call logic defined in the dialplan configuration. I have written a simple Perl script that uses the Asterisk AGI interface to talk to my SlimServer and display caller-ID information for all incoming calls on all the Squeezebox music players in my house. I can always tell who is calling without having to run and search for the telephone.

Finally, Asterisk supports call queues and conference bridging. I have successfully used the latter to support a conference between four parties (I am limited by the number of incoming lines available). Inbound telephone numbers are available from many sources for very low rates. This is a good low-cost way to increase the number of incoming lines to your PBX for conferencing purposes.

Asterisk Distributions
Currently there are two main “prepackaged” Asterisk distributions. Asterisk@Home has been around for a while, and just recently changed its name to Trixbox. It features the FreePBX web-based administration application , an operators panel, extensive reporting functions and comes with a dialplan that already supports features such as transferring, music on hold, automatic least-cost routing of outbound calls, digital receptionists, managing call queues and conference bridging.

The second Asterisk distribution, AsteriskNOW was recently announced and claims to be an “…open source Software Appliance; a customized Linux distribution that includes Asterisk®, the Asterisk GUI, and all other software needed for an Asterisk® system.” Digium seems to be directly affiliated with the AsteriskNOW project. I have not yet used or evaluated AsteriskNOW but I will be installing it soon and will write a review on it when I do. So far from the screen captures, the GUI looks very nice and seems to provide a generous feature set.