AcmeBase Small Enterprise System
A Computer Repository for Digital Assets
The AcmeBase Small Enterprise System is essentially a file repository intended to compliment cloud systems. It was originally designed for those who want to have physical possession of their digital assets.
AcmeBase is a system of several servers working together to provide:
- safe storage
- robust backups
- a knowledge base
- a web portal
There are two methods to access your files:
- Using file shares from the LAN.
- Using a portal website from the Internet, like DropBox or Box.
The AcmeBase system was initially assembled for Mystery Ranch Backpacks. A hundred people use the system on the LAN and over a dozen portals service their national and international contractors. It's a small enterprise.
The AcmeBase system has been built with open source software. All programs are licensed under the Apache License, the MIT License, or where marked, the GNU GPL3. The system is implemented on Debian Linux servers.
There are no license fees. That is intentional. It greatly simplifies changes and preserves the longevity of a customizable system like the AcmeBase system.
Assembling a computer system like AcmeBase requires one to think about security every step of the way. Constant questions are:
- how to be resilient and repel attacks
- how to detect and contain an invasion
- how to minimize the danger and the time to recover
The AcmeBase system uses virtual servers as the basic "security realm" for the different functions of an enterprise system. A basic system can easily have 20 servers or more.
Each server is a stripped down server which performs a singular task. That makes rogue programs easier to spot. It also makes system upgrades more reliable.
All network communications are encrypted end-to-end. That includes server-to-server, pc-to-server, and server-to-internet communications.
Servers are automatically upgraded weekly.
File servers storing user files are segregated into three categories:
- Public servers — everyone in the enterprise can read the files but one must be a member of the file's workgroup to change it.
- Workgroup servers — one must be a member of the workgroup to be able to read or write the files.
- Private servers — files can only be seen or changed by the user.
Categorizing the file servers as such simplifies the technologies needed to implement a system like this.
Servers in the AcmeBase system are independent and do not connect or have control over each other. There is a control server and there is a backup server. Those servers connect to all the others but no other server connects to them. It's to help restrain lateral movement of malware if a server is infected.
There are two exceptions: 1) the portal server connects to the file servers using a novel technique intended to isolate invasions to just the web server, and 2) the file servers connect to special read-only shares on the backup server to provide the user's view of their time machine backups.
The control server has a messaging system so other servers can ask for help performing some tasks if needed, such as sending files to the archive server.
Servers are configured to have only the minimal software required to perform their functions. Consequently, each server must be controlled from the command line. To assist the sysadmin manage all the servers, there is a web console.
The control server has a centralized repository of scripts used to monitor and control the other servers. The scripts are sent to the other servers to be executed as needed.
Custom agent programs do not have to be installed on each server for this system, only
bash scripts are used.
The web console helps educate the sysadmin which
bash commands are used to display the resulting information about the server.
Users and groups are added and setup through the console. However, user privileges and group memberships are managed through the portal by HR personnel instead of IT — as we are usually the last to know.
People do not like to delete files. To keep user workspaces lean and trim, most file servers in the AcmeBase system have associated archives. Files are sent to the archive servers from the portal.
Files on the archive servers are stored in the same folders as they are on the source file server. Files can be restored to the user workspace by copy-and-paste and they can be re-archived multiple times if needed.
Read-only archive servers are easier to protect and maintain.
A search engine server indexes all the user files making them easy to locate.
There are four different automated backup systems:
- Daily backup of server files (backup_daily)
- Hourly rsnapshot backups of users files (zBackups-TimeMachine)
- Periodic snapshots of running servers (backup_snapshot)
- Off-site backups to usb drives (backup_to_usb)
Backups of user files are encrypted.
The Myra-pm portal software puts a "web interface" on folders located in the file shares, similar to DropBox or Box.
Myra is a file manager. It's a photo gallery too. You can create, move, rename, and remove files. And you can rotate and rearrange thumbnails or slides. You can upload and download files to and from your desktop simply by dragging and dropping them.
The portal software operates under one of three different security models:
- A read-only (normal) website managed by a webmaster.
- A website managed by a site-specific list of editors, each able to manage different branches of the website.
- A web portal for users whose read/write privileges are retrieved from a central LDAP directory.
The AcmeBase system uses the third model. The second model, using editors, is useful for third-party company access such as contract companies.
HTML documents can be created and edited from the web, providing a built-in knowledge base.
The graphical appearance of web pages is determined by different themes.
The AcmeBase system includes a built in knowledge base. It was initially developed to manage IT documents which historically have had a couple of big problems:
- they cannot be found or accessed when needed
- they're always wrong as things change too fast
The AcmeBase knowledge base is comprised of simple HTML documents. They can be easily accessed on a phone or laptop. Their big advantage is they can be edited and corrected in place as they are being used.
Different templates can be used for different documents and all document revisions are tracked. The documents are easily searchable by the search engine server.
A pseudo company has been set up at acmebase.com to provide an implementation of the servers and their operations, and to provide a demonstration of the portal web site comprising the AcmeBase System.
I began experimenting and developing the AcmeBase system over fifteen years ago. The basic problem was how to provide long term access and storage of digital assets. My ideas evolved from working with a hosting company, university libraries, and with a manufacturing company having a long history of copyrighted and patented patterns.
The design of this system would not have been possible without the freedom and accessibility of open source software. My gratitude extends to all the organizations and individuals who support open source software.