PROJECT TITAN - MICRO PC: THE DEPLOYMENT PROCESS
As noted in this very old thread entry here my long term goals have been to reduce my total energy consumption where at some point I will be NET Zero for the entire year. The primary driver over the course of many years has been a slow and steady migration to reduce the standby power consumption or those devices which are used for extended periods of time. (Add URL)
To reduce their over all energy consumption by upgrading the hardware.
I've been very reluctant and hesitant to do so for many years because I come from a technical perspective like I do cars.
There is no replacement for displacement!
This same mentality has driven me for years in the computer space and having 128 GB of memory and quad, eight, twelve cores of CPU has made anything possible. Except the shear power to drive those cycles has a direct impact to my daily, weekly, monthly, and yearly energy targets.
So late this summer I made the decision to retire or best case only fire up the high power beasts if and when needed.
To that end twelve 500 ~ 1200 watt servers have been rotated out for Micro PC's. Since this project began I also had to take a hard look at the four Enterprise hardware firewalls in place now. Given the subscription was soon to expire it didn't make financial sense to continue on.
Never mind the energy consumption to keep these appliances going on.
PROJECT TITAN - MICRO PC: THE GROUP BUY
I was very fortunate this past summer to find like minded folks who had the same wants and needs for a highly efficient Micro PC environment. Between 75 plus people we were able to complete one of the largest group buys with a single vendor to acquire various Intel based computers from Atom, i3, i5, i7, etc.
This gave me the opportunity to purchase *Purpose Built* hardware that could meet the various needs of use case and deployment. Since taking a very hard look at what some of the use cases were the reality was many of the tasks and operations of the infrastructure could very well operate on lower end CPU machines.
Having confirmed the requirements and real world needs I pushed forward with the group to purchase eight custom configured Micro PC's which now support various hardware platforms and operating systems from Windows & Linux.
Of the eight, two of the Micro PC's have been tasked to offer hardware firewall duties. As they will rotate in to replace the Fortinet & Cisco ASA Enterprise firewalls with ending subscriptions. Having used various platforms from Check Point, FireEye, Sophos, and pfSense.
The decision was to migrate two of the new Micro PC's which support AES-NI hardware encryption via the latest Atom processor. During the review process of the many Micro PC's many of the J1800 / J1900 processors surprisingly didn't support such a basic feature?!?
Undaunted I reached out to the vendor to inquire if they had a Micro PC that did in fact offer AES-NI hardware encryption and they did!
The last several months has been a slow & painful journey to restructure the four independent and isolated networks. There are lots of IT Admins who believe using software is a good route to follow to help isolate and segment a network. For me this isn't something I believe in given my personal hands on experience.
Nor is using VM environment to do the very same . . .
From personal experience having worked and managed some of the largest corporations which provide cloud hosted services this is simply a bad idea ~ which doesn't scale well or offers redundancy.
PROJECT TITAN - MICRO PC: BSG *SO SAY WE ALL*
The phrase *Your eggs are all in one basket* rings true and for me that isn't something I am willing to do because I've seen the pitfalls first hand in doing so. So for me this is why there are four physically independent and isolated networks in the home which can't be breached from one another.
One of the key take away's from the very best Sci-Fi show I ever watched is from BSG.
In the show Battle Star Galactica the entire global system and military network was taken down because the entire apparatus was intertwined and linked to one another. This allowed the Cylons to embed a zero day virus laying in wait to activate.
Because of this and having seen first hand on endless news releases of systems being compromised. The systems have been designed and deployed in such a way that no two computers will ever have the ability to infect or cause harm to one another. This is done at the edge of the four ISP Modem(s) as the primary gate keeper for all traffic is protected by a real time firewall & anti virus system which cascades to two others redundant arrays.
Going this route also negates the need to use software to kick in for fail over. Since all four ISP run in parallel at once there is less chance of a failure. Two independent ISP comes way of fiber straight to the home while another comes via two independent cellular SIMS.
The last fail over system comes via satellite which stands ready in a military spec'd impact and water proof Pelican case.
Every PC runs its own local software anti virus & firewall but its prudent to not even let it get past the front door! As stated many of the computers run in a sand boxed isolated environment which means none of them are networked or have access to the Internet. Many of the high risk systems have the USB, Memory, and CD ROM's disabled in the bios and physically from the harness.
Other systems have been configured for a *Wipe & Go* environment where each session starts and ends by wiping the entire HDD / SSD that runs on a virtual key. At this juncture I've propped up a new Micro PC and retired the old media scanner to ensure any and all media is scanned for potential threats. This Micro PC like the other stands completely isolated and sand boxed from the other three.
A dedicated ISP connection is used solely to update the signatures on a hourly basis.
The biggest change in this new Micro PC deployment is the methodology and topology which is based on ToU (Time of Use).
There will be 32 Ultra Micro *Gate Keeper* computers that will be linked to a dedicated Guardian Monitor. The primary goal of these systems are to take any and all computers off line if and when a threat is detected. With the endless power of the Dash Box, GEM, and ISY Series Controller these systems will know when to react when a condition has been met.
As of this writing the long process of loading custom software and wiring up all of the PSU's to a dedicated UPS is underway.
Once done all 32 Ultra Micro Gate Keeper computers will have command and control of the power feeding any systems in the home.
I am currently testing this topology on a isolated test environment now to see how different conditions and scenarios play out. As of this writing of the 50 plus conditions 43 have past while 7 have not.
My hopes are the development team and I can resolve the remaining 7 important conditions via software updates. Otherwise it will result in falling back to old school methods and solutions which kind of defeats the whole automation process!!
PROJECT TITAN - MICRO PC: INTEL i3 & i5
As odd as this may sound one of the requirements has been to have all of the Micro PC's using the same form factor.
Yes, they all must have the same look and general shape and size because that is just one of those OCD things that get me!
Anyways more than seven years ago I had a similar Micro PC that had a case I liked and still used. Unsurprisingly seven years later dozens of companies continue to use the very same but with slight differences in plate configurations.
Because of this all nine of these Micro PC's will literally have the exact same form factor as the original box that continues to run this very day.
There are two versions of this Micro PC one is with the Intel i3 vs i5. Obviously you can't tell from the outer case but needless to say the CPU is different. Every Micro PC is configured with the maxim of 8 GB of RAM.
The front of this unit has the 12 VDC power, HDMI, VGA, Dual Intel NIC's, Speaker / Headset out port, Quad Core, 8 GB memory.
The back of the unit offers the Microphone, three USB 2.0 & USB 3.0, Serial COM Port, and Power LED Button.
What is probably impossible to see or tell is every Micro PC is fully equipped with dual band 2.4 & 5.0 WiFi. Sadly, the Micro PC's using the different CPU's had their antenna's configured in some really odd places which you will see later on.
I spent the extra money to ensure if any of the Micro PC's needed to be flashed to use a different OS or Firewall software the required hardware would be in place. One has to always plan for the future so spending the extra dollars only made sense over the long run.
This is one of the other systems and I have to tell you it was a little frustrating to find out the vendor didn't indicate which Micro PC was using what CPU!
Having to fire it up and go through the BIOS was silly but I had to be in there anyways. Regardless some of the Micro PC's are configured with 32 ~ 128 GB of mSata SSD's.
The reasons were two fold, one to reduce costs and second with the *Pre Planning* I did. Some of the Micro PC's had a thicker case and came with a SATA cable to insert a 2.5 SSD. That simply means I could purchase what ever hardware I wanted at my own pace based on need and requirements and expand the system with larger storage.
This is one of the thicker cases which allows a standard 2.5 HDD / SSD to be used to help expand and offset mSata memory costs. This Micro PC comes with Quad Core, 8 GB memory, two USB 2.0, two USB 3.0, Microphone, Head Set / Speaker out, and power LED button.
The back of the unit offers the 12 VDC power, HDMI, VGA, Dual NIC, and RJ45 Serial Port. As noted on either side is the dual band 2.4 & 5.0 WiFi antenna's.
PROJECT TITAN - MICRO PC: ATOM AES-NI HARDWARE ENCRYPTION
As noted early on two of the Micro PC's were spec'd to support AES-NI hardware encryption which has been mandated by Sophos and pfSense in the next year or so. These box's use genuine Intel NIC's, Quad Core CPU, and 128 GB of mSata storage as they will offer anti-virus support at the edge of the ISP Modems.
Because of the endless logging and dedicated SysLog server it made sense to have lots of on board storage. On the front is the 12 VDC power, status of CPU and SSD, and the four Intel NIC's.
The back of the case offers the RJ45 Serial COM port, VGA, USB 3.0 & USB 2.0, and the power LED button.
As noted up above some of the Micro PC's had the antenna orientated in a really off spot??
I know it makes really no difference its just my crazy OCD kicking in! I told you everything had to look the same didn't I??
Some of you may have wondered how come they all had to have the same form factor? Well because as you can see here its so they could be mounted and hidden behind the 12 monitors!
This Micro PC is running I believe Sophos or pfSense I really don't recall when I took the picture. Regardless the two Micro PC's will help manage the eight network interfaces from LAN, WAN, VPN, AP, etc.
PROJECT TITAN - MICRO PC: SHOW ME THE POWER
Since the massive servers have been taken out of rotation 1200 watts is equivalent to 120 Micro PC's! Even in the worst case scenario of the i7 consuming 35 watts. The entire standby and run time has dropped on the order of thousands of percent in terms of energy consumption.
A quick snap shot of the pfSense hardware firewall appliance now in full production. As can be seen the the average power consumption is a scant 7.35 watts. The lowest 7.12 watts and the highest seen has been 8.85 watts.
This is a far cry from the two other Enterprise firewall solutions that were just replaced which consumed on average of 19 watts, a low of 15 watts and a high of 34 watts. The other box was a much larger energy hog coming in at average of 29 watts, low of 27 watts, and a maximum high of 55 watts!
On the main branch circuit which supplies power to the security room one of dedicated Micro PC's running a J-1900 quad core, 8 GB memory, 128 GB mSata primary OS, and 1 TB SSD secondary while running flat out sips 8 freaking watts on average! The two extended peaks are the ToU (Time of Use) when the Micro PC automatically boots up and starts to complete dozens of tasks which monitor, track, and protect the home.
One of the short comings I found with some of these PC Clones is varied WOL (Wake On LAN) and recovering from sleep, suspend, or hibernation. Because of this I've had to code the system to compensate for this slow wake up condition. After several months of trial and error I have found the best settings and program logic which has proven to be reliable and consistent for long term operations.
Because all of these Micro PC's are fan less and rely on thermo heat convection to dissipate their heat it was important to spool up all the systems and let them run 24.7.365 to see how they performed. I am extremely happy to say the internal & exterior case temperature remains well below the high limit of operations.
I have replaced all of the thermal paste with Arctic Silver compound for the very best thermal transfer. For some mission critical systems as a measure of safety and fail over I am fabricating exterior fans to blow across the metal case.
Since many of the systems support automated internal fan connection I will let the system manage the fans. For those that don't support such a feature the exterior fans will be managed and controlled by a remote web enabled DC smart switch.
Some of the Micro PC's have been in full production for seven months and thus far none of them have caused me any distress or alarm about thermal run away due to the passive cooling.
PROJECT TITAN - MICRO PC: MIXING IT UP
Last week a friend who participated in the group buy messaged me and noted one of his Micro PC on hand were extra's?
As noted up above the lack of marking and what CPU was embedded was really a head ache when trying to dispatch 300 plus PC's!!!
This would probably explain why I didn't have this one on hand and was running around confirming my hardware map as to why I thought several of the monitors could be rendered using dual HDMI ports vs VGA & HDMI.
Regardless, this box is enroute back to me and will help finalize the systems in place. This unit offers Audio, Dual NIC, Display Port, Dual HDMI, and 12 VDC.
The back of the unit offers a lit LED power, two USB 3.0, four USB 2.0, and RS-232 COM port. And of course it supports dual band 2.4 & 5.0 WiFi. Along with the crazy antenna mounting on the side.
I don't recall if this is a Intel i3 vs i5 based configuration but needless to say it will be really great to complete this hardware refresh.
PROJECT TITAN - MICRO PC: E-MACHINE DISPLAYS
As noted up above this computer hardware refresh has been long in coming and planned years ago. Back in early 2009 during the Boxing Day sales events Staples had some e-machine LCD displays going out the door for $18.XX
I wasn't holding my breath they would be any left by the time I finished shopping elsewhere.
After a long days of walking and shopping I drove by the local Staples.
To my surprise and amazement the store had three huge pallets of displays still on site. Given they were so cheap I figured what the hell lets buy eight of them! I had no clue when these monitors would ever be used and deployed but fast forward to 2017 they have.
Super old photo from 2009 when I was bringing them into the house. First stack of four sitting at the front entry way.
I wasn't expecting too much from a $18.XX LCD display and the overall shape and size was reflected of that $18.XX!
The system comes with a basic swivel mount which is detachable and has the standard VESA mount which is how I intend to use them.
The monitors are nice decent size of 18.5", 1366 x 768 resolution, 5 ms response time, and 16 x 9 aspect ratio. This hardware isn't going to win any gaming awards or be HD quality by any means. But for what they are going to display they will serve me well in every aspect!
It's quite ironic the whole purpose of refreshing the computer hardware to reduce my energy foot print in the home. Yet I am going to deploy brand new monitors which are more than nine years old!
I haven't surfed the Internet to see if there are any ultra low LED / LCD monitors that consume less than five watts of power while operating.
But for reference the maker claims these monitors while in power save consumes <1 watt, <2 watts in sleep, and <30 watts in normal operations.
Keeping in mind just one Micro PC consumes less than (7 watts) in normal use and a maximum of 10 watts in full production. If we take the highest energy consumption of ten watts. Just one of these e-machine LCD monitors will consume as much power as three Micro PC's!!!
This snap shot is one monitor plugged into my panel circuit. At idle this branch circuit consumes a steady 7 watts RMS. As you can see once the e-machine LCD monitor is activated it jumps to 30 watts. Which is a increase of 23 watts which is far below the makers claim of 30 watts. Having said this its still equivalent to two Micro PC's operating at ten watts a piece.
I've been very happy with these low budget monitors and the only fault I can say is the energy consumption. Given they were built on 2009 technology I really can't expect ultra low values can I?!?!
Regardless, the whole purpose of having twelve monitors is being able to quickly access & view dedicated systems in and around the property.
PROJECT TITAN - MICRO PC: VESA MOUNTING
To save space the bulk of the eight monitors will be suspended using the Mono Price VESA mounts using this four screen mounting hardware. The features and specifications of this mount are listed below.
This mounting arm system is built like a freaking tank just look at those thick square tubes.
The system allows each arm to be pivoted, rotated, raised & lowered.
The monitors will be flush mounted as depicted in the second picture to the right. I'll double check if it needs to be tilted from above for best viewing but given the tables in use that won't be required.