CNM Bureau Farm
CNM Bureau Farm (formerly known as CNM EndUser Farm; hereinafter, the Farm) is the CNM farm that is based on bare-metal servers. This Farm also utilizes a portion of one bare-metal server that belongs to the CNM Lab Farm. The issues to work on may include (a) security outside of iptables, (b) adding NAS, as well as advanced backup and recovery systems, and (c) advanced monitoring systems.
Contents
Features
DNS entry point
- load balancer on a public web address
Syncronization
- synchronization of resources of common individual nodes, at least databases.
Monitoring
Security
- iptables as a firewall
- For security, we use Fail2ban because it operates by monitoring log files (e.g. /var/log/auth.log, /var/log/apache/access.log, etc.) for selected entries and running scripts based on them. Most commonly this is used to block selected IP addresses that may belong to hosts that are trying to breach the system's security. It can ban any host IP address that makes too many login attempts or performs any other unwanted action within a time frame defined by the administrator. Includes support for both IPv4 and IPv6.
- Calls use the P2P mode, which is end-to-end encrypted via DTLS-SRTP between the two participants for encrypted communication (secure communication). Group calls also use DTLS-SRTP encryption, but rely on the Jitsi Videobridge (JVB) as video router, where packets are decrypted temporarily. All data is transmitted only through our server, and comprehensive TLS encryption provides protection against interception and unauthorized eavesdropping.
Backup and recovery
Development
Development of the Farm occurs under the Administration for CNM Farms project.