My First Server: Build Basics

scottalanmiller

I feel like nearly every day I read a thread somewhere about someone building a server, running into issues and then discovering as we look into what might be wrong just one thing after another that all should have been caught long before a server was built and are mistakes that seem incredibly basic, but when I think about how someone building their first server would learn these things, I'm at a loss as to how they would know them all; even though we expect everyone to know these things. So I figured that it would behoove everyone to put some of this basic knowledge into a single spot.

I'm not 100% sure how to approach this list and of course, there are exceptions to every rule, but if you need any kind of guide, then you are probably not the person to whom exceptions apply. So here we go:

1. Always plan your server design before purchasing it. Don't try to shoehorn whatever was purchased to fit the need, buy the right thing to start with.
2. Always plan for backups. If the system is worth running, it's worth backing up.
3. Buy enterprise hardware and support. That's vendors like HPE, Dell, Oracle, IBM, Fujitsu, Cisco and SuperMicro. Refurbished is okay, whitebox is not.
4. Get and set up out of band (OOB) management (tools like iLO, iDRAC, IPMI, etc.)
5. Get genuine hardware RAID with a real cache (1GB or larger).
6. Set up RAID 1 or RAID 10 with spinning drives, RAID 5 or RAID 6 with SSDs. Never RAID 5 with spinning drives.
7. Set up only a single, large array, don't make multiple arrays, don't buy multiple sized or speed drives.
8. Always virtualize, don't even consider a physical install unless it is before 2005 (hint: it's not.) Install your hypervisor (Xen, ESXi, Hyper-V or KVM) to the bare metal, always. Don't install any kind of local GUI.
9. Use an enterprise OS (CentOS, Suse, Windows, Ubuntu, FreeBSD, for example.) Always install the latest when possible, don't intentionally install technical debt. There are some exceptions to this, but pretty few. Don't install any kind of local GUI.
10. Update and keep it updated. Patching is critical.
11. Set up a reboot schedule.
12. Do not disable the local firewall. Install it if it is missing.
13. Always install an anti-virus if running Windows.
14. Don't disable any security mechanisms (UAC, SELinux, AppArmor) to "make things easy."
15. Add monitoring.
16. Add log management.
17. If you have any questions, uncertainty or doubt, ask questions, get peer review, etc. before finalizing decisions.

These are the basics. Any of these proves a challenge, you need to stop and re-evaluate why you are running a server and how you plan to keep it working and what its value is to your organization. There are special exceptions to each rule, but assume that they do not apply to you.

DustinB3403

@scottalanmiller I would add, ask for comments before purchasing (if the there is even a hint of doubt)

bbigford

Just a typo correction... #7, guessing you meant 'buy' not 'bet'.

scottalanmiller

@BBigford said in My First Server: Build Basics:

Just a typo correction... #7, guessing you meant 'buy' not 'bet'.

Fixed

bbigford

I would also mention something about NICs, if the person plans on experimenting with networking throughout, teaming, etc.

Also, RAM selection. Not vendors or speeds but mentioning things like ECC and why someone might pay the little extra.

scottalanmiller

@DustinB3403 said in My First Server: Build Basics:

@scottalanmiller I would add, ask for comments before purchasing (if the there is even a hint of doubt)

Added. That's a good point. We are constantly getting asked basic questions about builds that we could have trivially fixed before people built their boxes but they try to do it without peer review and then are stuck with bad decisions for no good reason.

FATeknollogee

from @scottalanmiller
"7. Set up only a single, large array, don't make multiple arrays, don't buy multiple sized or speed drives."

-- What is wrong with having 2 arrays: 1 "small" array just for the o/s (aka hypersivor) and a 2nd "larger" array for VMs?

scottalanmiller

@FATeknollogee said in My First Server: Build Basics:

from @scottalanmiller
"7. Set up only a single, large array, don't make multiple arrays, don't buy multiple sized or speed drives."

-- What is wrong with having 2 arrays: 1 "small" array just for the o/s (aka hypersivor) and a 2nd "larger" array for VMs?

Two partitions are fine, two arrays is wasted performance or cost.

http://www.smbitjournal.com/2012/11/one-big-raid-10-a-new-standard-in-server-storage/

http://www.smbitjournal.com/2012/12/the-history-of-array-splitting/

zuphzuph

Awesome utility for reboot scheduling purposes. https://remoterebootx.com/

bbigford

@zuphzuph said in My First Server: Build Basics:

Awesome utility for reboot scheduling purposes. https://remoterebootx.com/

Don't forget to delete System32 before you reboot. Just saying...

iroal

I don't like install Antivirus in Windows Servers, just install it in very specific case. terribles experiences with Gdata and Nod32

Deleted74295

@iroal said in My First Server: Build Basics:

I don't like install Antivirus in Windows Servers, just install it in very specific case. terribles experiences with Gdata and Nod32

I've run AV from 5 different big name providers on servers, only 1 of them caused serious issues, the rest are fine.

None of those 5 were ESET products or GData though.

You can and should use security products on a server (Notice I did not say antivirus)

scottalanmiller

@iroal said in My First Server: Build Basics:

I don't like install Antivirus in Windows Servers, just install it in very specific case. terribles experiences with Gdata and Nod32

I would just address the bad programs or vendors rather than abandoning the ecosystem. Nod32 is ESET and not just a problematic product but a known bad actor company. I've never heard of Gdata. But good vendors, like Webroot, we don't see those issues and you really do want them installed with only the rarest of exceptions.

Dashrender

I'm really starting to change my mind on the need for AV. They don't really seem to do that much for us any more. I suppose it's possible they protect us from known threats until the software vendors create fixes for the flaws in their software, but I really wonder how good the AV products are at even that?

A solution that does what Webroot does, journal files touched by untrusted applications is definitely nice, but that can wreak havoc on storage.

JaredBusch

@Dashrender said in My First Server: Build Basics:

I'm really starting to change my mind on the need for AV. They don't really seem to do that much for us any more. I suppose it's possible they protect us from known threats until the software vendors create fixes for the flaws in their software, but I really wonder how good the AV products are at even that?

A solution that does what Webroot does, journal files touched by untrusted applications is definitely nice, but that can wreak havoc on storage.

This is why.

Edit, whoops forgot to obscure..
Edit 2, this.

scottalanmiller

@Dashrender said in My First Server: Build Basics:

I'm really starting to change my mind on the need for AV. They don't really seem to do that much for us any more. I suppose it's possible they protect us from known threats until the software vendors create fixes for the flaws in their software, but I really wonder how good the AV products are at even that?

A solution that does what Webroot does, journal files touched by untrusted applications is definitely nice, but that can wreak havoc on storage.

If you have truly isolated servers that have no user logins and do very controlled operations, you can do without them. If you are running Nano or something, you probably have to. But if you are using "normal" servers, I would not consider going without.

Shuey

I'm a huge fan of #4. If you're running an HP server with iLO, be sure to buy an "advanced license". They generally retail for around $200, but you can find them on Amazon for $25. We just bought 10 copies for our ProLiant servers and have already taken advantage of the "remote console" feature multiple times. It's worth it for that feature alone.

A few more recommendations I would make:

1. It might seem obvious, but always make sure you have redundant power supplies if your server supports it (I can't think of any modern day servers that don't)

2. If there's money in the budget, it's worth it to make sure you have both CPU sockets populated with whatever you can afford in terms of model/speed.

3. The same goes for RAM: You don't necessarily need to buy 384GB, but if you think your server could benefit from extra RAM (96-192GB for example), it's worth it to get more than you may initially think you need. I think it happens more often than admins would like to admit: you buy what you think will be enough, only to realize later on down the road that you really should've just bought more to begin with (especially since the cost of RAM is so much more affordable nowadays).

StuartJordan

Good post Scott and very relevant.

scottalanmiller

@StuartJordan said in My First Server: Build Basics:

Good post Scott and very relevant.

Thank you, sir.