Mack
Pexton

Information
Technology Specialist

Linux System
Administration

AcmeBase Small Enterprise System

An Annotated Computer Repository for Digital Assets

Introduction

The AcmeBase Small Enterprise System is a file repository intended to compliment cloud systems. It was originally designed for those who want to have physical possession of their digital assets.

AcmeBase is a system of several servers working together to provide:

There are two methods to access your files:

  1. Using file shares from the LAN.
    IT Documentation listing
  2. Using a portal website from the Internet, like DropBox or Box.
    IT Documentation portal listing

The AcmeBase system was assembled for a soft-goods manufacturer. A hundred people use the system on the LAN and over a dozen portals service their national and international contractors.

License

The AcmeBase system has been built with open source software. All programs are licensed under the Apache License, the MIT License, or where marked, the GNU GPL3. The system is implemented on Debian Linux servers.

There are no license fees. That is intentional. It greatly simplifies changes and preserves the longevity of a customizable system like the AcmeBase system.

Overview

The AcmeBase system was set up to be a secure repository. Issues addressed were:

AcmeBase uses virtual servers as the basic "security realm" for the different functions of an enterprise system.

Each server is a stripped down server which performs a singular task. It makes rogue programs easier to spot. It also simplifies server upgrades and makes them more reliable.

All network communications are encrypted end-to-end. That includes server-to-server, pc-to-server, and server-to-internet communications.

Servers are automatically upgraded weekly.

File servers storing user files are segregated into three categories:

  1. Public servers — everyone in the enterprise can read the files but one must be a member of the file's workgroup to change it.
  2. Workgroup servers — one must be a member of the workgroup to be able to read or write the files.
  3. Private servers — files can only be seen or changed by the user.

Categorizing the file servers as such simplifies the technologies needed to implement a system like this.

Organization

Servers in the AcmeBase system are independent and do not connect or have control over each other. There is a control server and there is a backup server. Those servers connect to all the other servers but no other server connects to them. This organization helps restrain lateral movement of malware if a server is infected.

Servers overview.

There are two exceptions: 1) the portal server connects to the file servers using a novel technique intended to isolate invasions to just the web server, and 2) the file servers connect to special read-only shares on the backup server to provide the user's view of their time machine backups.

The control server has a messaging system so other servers can ask for it's help performing privileged tasks such as sending files to the archive server.

Console

Servers are configured to have only the minimal software required to perform their functions. Consequently, each server must be controlled from the command line.

The control server has a centralized repository of scripts that are used to monitor and control the other servers. The scripts are sent to the other servers to be executed as needed.

To assist the sysadmin manage all the servers, the control server has a web console.

Web console

The web console helps educate the sysadmin which bash commands are used to display the resulting information about the other servers.

Users and groups are added to the LDAP directory and setup through the console. However, user privileges and group memberships are managed through the portal by HR personnel instead of IT as we IT people are traditionally the last ones to learn that kind of stuff.

Archives

People do not like to delete files. To keep user workspaces lean and trim, most file servers in the AcmeBase system have associated archives servers. Files are sent to the archive servers from the portal.

Files on the archive servers are stored in the same folders as they are on the source file server. Files can be restored to the user workspace by copy-and-paste and they can be re-archived multiple times if needed.

Read-only archive servers are much easier to protect and maintain.

A search engine server indexes all the user files making them easy to locate.

Backups

There are four different automated backup systems:

  1. Daily backup of server files (backup_daily)
  2. Hourly rsnapshot backups of users files (zBackups-TimeMachine)
  3. Periodic snapshots of running servers (backup_snapshot)
  4. Off-site backups to usb drives (backup_to_usb)

Backups of user files are encrypted.

Portal

The Myra-pm portal software puts a "web interface" on folders located in the file shares, similar to DropBox or Box.

Myra portal thumbnails

Myra is a file manager. It's also a photo gallery. You can create, move, rename, and remove files. And you can rotate and rearrange thumbnails or slides. You can upload and download files to and from your desktop simply by dragging and dropping them.

The portal software operates under one of three different security models:

  1. A read-only (normal) website managed by a webmaster.
  2. A website managed by a site-specific list of editors, each able to manage different branches of the website.
  3. A web portal for users whose read/write privileges are retrieved from a central LDAP directory.

The AcmeBase system uses the third model. The second model, using editors, is useful for third-party access such as contract companies.

HTML documents can be created and edited from the web, providing a built-in knowledge base.

The graphical appearance of web pages is determined by different themes.

Knowledge Base

The AcmeBase system includes a built in knowledge base. It was initially developed to manage IT documents which historically have had a couple of big problems:

  1. they cannot be found or accessed when needed
  2. they're always wrong as things change too fast

The AcmeBase knowledge base is comprised of simple HTML documents. They can be easily accessed on a phone or laptop. Their big advantage is they can be edited and corrected in place as they are being used.

Myra web document.

Different templates can be used for different documents and all document revisions are tracked. The documents are easily searchable by the search engine server.

Demonstration

A pseudo company has been set up at acmebase.com to provide an implementation of all the servers and their operations. It provides a test environment for development and it provides a demonstration of the portal web site for the AcmeBase System.

Credits

I began experimenting and developing the AcmeBase system over fifteen years ago. The basic problem was how to provide long term access and storage of digital assets. My ideas evolved from working with a hosting company, university libraries, and with a manufacturing company having a history of saving every pattern they ever made.

The design of this system would not have been possible without the freedom and accessibility of open source software.