Re: [cobalt-developers] [ISP Related] RadiusX for Cobalt RaQ2/3 Testing

[Jeff Lasman <jblists@xxxxxxxxxxxxx>]

At 06:45 PM 2/17/00 -0500, you wrote:

> That is why, I assume, you bought a Cobalt product, correct? I'm confused.
> Why would you need to hire a consultant to give you the pre-existing
> features of the Cobalt RAQ? It doesn't make sense to hire a consultant to
> provide the same features of the Raq if you already OWN a Raq!

Maybe because I have a RaQ2 <wry grin>?  Perhaps I should have stayed out 
of this thread <wry grin, again>.

Actually the install in question was on generic Intel Redhat Linux 6.0.

Now I know I should have stayed out of this thread.  Though I've got years 
of Linux experience, I'm still in the throes of experiencing my first RaQ, 
please try to pardon me <wry grin, yet again>.


> I.E. You don't NEED MySQL in this situation, as your authenticating out of
> the local password database that is being managed by the Raq interface.

It's reasonable YOU wouldn't need MySQL, but we did.  We don't set up our 
dialup users with accounts on the server on which we run radius.  That's 
one model.  And I'm not saying it's a bad one, but it's just not ours.  At 
the company I was with when we did this, our mailserver were in northern 
California, our radius server in southern California.  And we had separate 
user-pools because we offered multiple mailboxes but only one login name.


> Absolutely not. They are designed for -RedHat- Linux, which is what the
> Raq distro is based on. Therefore, 99% of the RPMS that are available for
> RedHat will plug unto the Raq without much problem. I run a variety of
> RedHat 6.1 code on my Raq 3 units, and have personally built a HUGE number
> of RedHat 5.2 and 6.0 packages for the MIPS based Raqs. Check out
> ftp://intel.cleveland.lug.net/pub/Mipsel if your looking for stuff for the
> MIPS.

Thanks.  I will check your lug site for MIPS RPMs; you've just made using 
my RaQ2 a lot easier; this information alone has been worth all my time in 
this list; I do appreciate it.

And your knowledge of Red Hat 6.1 code being mostly compatible is also good 
news for me, as I'm running 6.0 and I'm looking to switch to 6.1 on other 
servers now.  Again, thanks.

> I have no qualms about stating the complete idiocy of a majority of the
> cobalt-users list. The Cobalt guys have to be given a LOT of credit for
> dealing with some of the crap that is spewed out onto that list by people
> that just don't get it!

I've been getting a lot of consulting business lately from the cobalt-users 
list. And I don't think I ever even asked for it; people just notice my 
replies and write me offlist to see if I can help them <smile>.  Right now, 
I can use the income <smile>, and so I don't mind dealing with the lower 
clue-level <smile>.

> They do an excellent job of answering
> un/reasonable questions by the user base.

It's been my experience that Cobalt has always tried to help.  I see them 
as a lot more helpful than most systems distributors, and certainly more 
helpful than Red Hat support <wry grin> has ever been for me.

>  And hey, the Raq is a GREAT
> product!

I really like the RaQ hardware; I may end up with more RaQs in the future 
strictly for the hardware.  I'm not too sure about the gui interface, yet; 
it really doesn't fit our business model in many ways.  (My main reason for 
being on this list is to consider RaQ3 hardware with generic Red Hat 6.1, 
so that's what I'm keeping my eyes open for.)

> > But personally, I run Red Hat's 6.0 secure web server on a generic
> > (home-built, in fact) multi-processor intel-based box, and I'm going to 
> get
> > a Red Hat 6.1 Professional box done this week.  I don't "love" Red Hat, 
> but
> > I do like the plug-and-play concept; after all, it's what attracted me to
> > the RaQs in the first place.
>
> That's my point. I assume that you hired in a consultant to provide you
> the features that attract you to a RAQ, but on the RedHat box.

Actually, we hired that particular consultant for that particular job 
because the company I was with at the time decided to go into dialup, using 
Megapop to outsource, and decided to keep control of it's own radius.  I'd 
known nothing about radius, having never done dialup, so it seemed easier 
to find a consultant.  At that company we never even considered RaQs, for 
reasons which I thought were reasonable at the time.

>  I guess
> MORE to the point is that was that the RedHat Secure Webserver is a
> crappy design for a Secure Server. I understand why they did things the
> way they did, but it still has some very very very serious drawbacks.

It was a good drop-in product, or so we thought, when we installed.  We 
were probably the first people to seriously test it (the actual boxed 6.0 
product) though; we were the first to find, for example, that their install 
program creates a startup floppy that just won't work.  Their tech support 
people didn't believe me until about a week later they agreed to duplicate 
my procedures on their systems.  They'd actually NEVER tried to put from a 
startup floppy <frown>.  (The startup floppy from a "straight" boxed 6.0 
[non-secure server] works fine, btw.)

> Back to what I was saying before.. The RPMS that I pointed out above are
> drop in replacements for the RedHat stuff (Secure Server, PHP3) that
> provide -MORE- functionality, with a better design, and a much smoother
> intergration than RedHat's own products. And they are free software. Of
> course, if you want to run more than 56 bit encryption, you will need to
> purchase the Raven module and an RSA license to do so, but your supporting
> free software in the process.

This I have no problem with, and I will look at this for future 
installs.  My RaQ2 has a secure server installed by the company from which 
I got it; I'm happy with that for now.

> I run the RPMS listed above on several production, high traffic E-commerce
> websites. Indeed, I built and posted the PHP-3 3.0.12 RPMS for the Mod_SSL
> contrib site. I've got internal versions that use the OpenLink drivers to
> directly connect to Microsoft SQL, which makes it a breeze to intergrate
> the Linux server with data in the MS-SQL server. I.E. adding users,
> checking records etc.. It fits in and intergrates VERY nicely with the
> RadiusX server from IEA-Software, which ALSO use the OpenLink drivers to
> facilitate the same communication.

Again, thanks for this information.

> In any case... the point. Short and sweet. Using the packages above, you
> don't need to spend the $99 on RedHat's secure server. You don't need to
> spend $1,500 on a consultant. It's a simple as..
>
> rpm -e apache-devel
> rpm -e apache
> rpm -Uvh apache_modssl_...
> rpm -Uvh apache_modssl_devel
> rpm -Uvh php
> rpm -Uvh Mysql
>
> and PRESTO. You have a system that is Redhat 6.1 based w/ MySQL, PHP3 (w/
> MySQL drivers) and Apache w/ SSL.

But you do have to spend something for the license (at least until the 
patent expires), right?  So it's a bit of a tradeoff.  And, fyi, the Red 
Hat 6.1 Secure server is $149.

(Fortunately my relationship with Red Hat gets me as much boxed product as 
I need at no charge, and, maybe misguidedly <wry grin>, I still think that 
using and supporting Red Hat IS supporting open software development.

> THEN, you can hire your consultant to build whatever interface you like to
> it, or check out the Commanche Web interface to managing Apache.

I've never used any interface before, except hand-written perl scripts (and 
now the RaQ2 gui), but I will check out the Commanche Web interface.  Thanks.

>>..some stuff with which I absolutely agree stripped out to save 
bandwidth..<<

> > Now that Cobalt is switching to Intel architecture, I will seriously look
> > at RaQ3s as I need to expand further.  I can always reinstall Linux
> > software from scratch and create a system that more nearly matches what 
> I do.
>
> That's been my biggest plea to Cobalt since we got our first Qube to
> develop on. When I got the inside tract that Cobalt was releasing the Raq3
> on an x86 platform (They use AMD, -NOT- Intel!!!)

I know.  I used the term Intel because I think they do.  I'm being lazy, 
and for that I apologize.  I also use AMD quite a bit.  I'm happy with it.

>>..more good stuff stripped..<<

> Great. I've run the same configuration on the Raq2 units and it works. The
> RedHat secure server is NOT an elegant solution to the problem, but that
> is a non-issue on the Raq3, as you can manage the SSL stuff right from the
> Virtual Site manager.

This looks like a good solution.  What do you think of just replacing the 
RaQ3 software with Red Hat 6.1?  I can tell from reading this list there 
will be difficulties, but I still like the idea as I think about it.

> This prompted our decision to purchase -ONLY- Raq3 units for hosting from
> this point onward in our business. As old RedHat servers in our
> organization bite the dust, they will be replaced with Raq3 units. With
> the appropriate security modifications and a couple of small
> modifications, the Raq3 forms the PERFECT ISP appliance.

Evidently your business model allows your hosting clients to set up their 
own RaQ users.  Ours doesn't.  I'm not 100% sure why, except I don't like 
someone else deciding user-names on the RaQ for me.  Am I just too 
old-fashioned?  I also like to sell forwards separately from mailboxes, as 
that still appears to be how most hosting companies sell them (unlimited 
forwards, limited mailboxes).  Your comments, perhaps offlist, since this 
is probably not the place for them, on the ISP business model presumed by 
Cobalt, would be greatly appreciated.

>>..more good stuff stripped..<<

> I'd hate to think that I'm the only real geek hacking on the Raq series.
> In fact, I know I am not!!!! It's just that the others don't seem to be
> actively participating in the list! ;)

I'm glad to hear that RaQ-hacking (perhaps: Raqing <smile>) is alive and 
well.  Had I the time, I'd do it too.  Since this new venture of mine is in 
startup mode, I'd rather spend my time consulting for others for a few 
bucks an hour at the moment.  In startup mode, cash-flow is often 
everything <wry grin>.

> Speaking of this.. It just occurred to me that Appgen could make a killing
> if they considered releasing a version of PowerWindows that specifically
> intergrated with Radius, Web and other accounting information in real
> time! I should ask them if this has ever come up in their discussion with
> ISPs..... Whole new market for them, and it's a Linux native solution that
> could replace Emerald in my organization! ;)

I do like replacing Windows-based products <smile>.  At the moment my 
radius involvement is low; I just maintain it for one company.  I do sell a 
little dialup, but I use outsourced pops with their own outsourced 
radius.  Works at least until I get a few hundred customers 
<smile>.  Dialup may well be a deadend; I don't mind selling it but I'm not 
sure I'd invest much in it these days.

> From the Cobalt related consulting that our company has been hired to
> assist on, I would have to say that the majority of Cobalt's sales are
> directed towards high volume, HUGE ISP hosting systems. We asked one
> client we were working for how many Raqs he wanted us to install the
> modifications on, and his answer was "In the United States? I've got over
> 1,000 on this continent, and another 1,500 overseas." Hence, he was very
> happy to see Cobalts distributed management Interface for the Raq2 units!
> ;)

I'm quite happy to hear this; I guess my experience has been skewed by my 
presence on "cobalt-users" <wry grin>.

> Actually, when Tom Camp presented at our Linux Business Breakfast, his
> pitch was more geared towards Internet Service Vendors and LARGE scale
> hosting customers. My impression was that Cobalt has a significant inroad
> in this market and sees it as -THE- catalyst for their future sales. But
> they also seem to be heding their bets on the flexibility of the Raq
> concepts by allowing customers to intergrate additional solutions into
> their products. The proliferation of new products that are available for
> the Cobalt RAQ-3 are completely MIND bending. It's great! It gives us, as
> customers SUCH incredible diversity and choice!

This IS good news.  But.. a thought...

Do you know of anyone else developing a complete GUI solution for the 
RaQs?  I'm not sure I could talk Cobalt into supporting that "other" 
business model I've partially described above, but maybe some other company 
<smile>?

> > So we agree on a lot, don't we <smile>?
>
> Yes.

It's been a pleasure, Greg.  Thanks for your input.

Jeff

--
Jeff Lasman <jblists@xxxxxxxxxxxxx>