Internal IT Infrastructure Optimization and Migration
Project Timeline: April 2025 – August 2025
Project Summary and Objectives:
The goal of this project was a deep restructuring and modernization of the internal server infrastructure. The main objectives included consolidating services to reduce the number of virtual machines (VMs), migrating operating systems from CentOS to modern standards based on Gentoo and Debian, and optimizing key development and administrative processes. The project resulted in a significantly simplified architecture, increased performance, and enhanced security.
Infrastructure before migration diagram
smartSystems.fallbackTitle
smartSystems.fallbackMessage
smartSystems.fallbackPrompt
Infrastructure before migration:
| Server | Type | OS | Role | CPU | RAM | HDD | Disk Type |
|---|---|---|---|---|---|---|---|
| esx01 | PH | ESXi 8.0.3 | VMware Hypervisor | 40CPU | 64GB | 2TB | SDD HW RAID6 |
| gateway | VM | CentOS 9 | Firewall with port forwards and http proxy | 2vCPU | 4GB | 16GB | VMDK |
| db | VM | CentOS 9 | MySQL and PostgreSQL server | 2vCPU | 4GB | 25GB | VMDK |
| oc | VM | CentOS 9 | OwnCloud server | 2vCPU | 2GB | 16GB | VMDK |
| web | VM | CentOS 9 | Apache http with PHP 8 | 2vCPU | 4GB | 16GB | VMDK |
| web-legacy | VM | CentOS 9 | Apache http with PHP 7 | 2vCPU | 4GB | 16GB | VMDK |
| gitlab | VM | CentOS 9 | GitLab | 2vCPU | 6GB | 16GB | VMDK |
| puppet | VM | CentOS 9 | Puppet server | 2vCPU | 4GB | 16GB | VMDK |
| ns1 | VM | CentOS 9 | Bind9 main server for owned domains | 2vCPU | 2GB | 16GB | VMDK |
| ns2 | VM | CentOS 9 | Bind9 backup server for owned domains | 2vCPU | 2GB | 16GB | VMDK |
| jenkins | VM | CentOS 9 | Jenkins CI server | 2vCPU | 4GB | 16GB | VMDK |
| repo | VM | CentOS 9 | Apache http rpms server | 2vCPU | 4GB | 16GB | VMDK |
| vpn | VM | CentOS 9 | OpenVPN server | 2vCPU | 2GB | 16GB | VMDK |
| mx | VM | CentOS 9 | Posfix, Dovecot MTA server | 2vCPU | 4GB | 16GB | VMDK |
| nagios | VM | CentOS 9 | Nagios monitoring server | 2vCPU | 2GB | 16GB | VMDK |
| admin | VM | CentOS 9 | Administration server | 2vCPU | 2GB | 16GB | VMDK |
| ldap | VM | CentOS 9 | OpenLDAP server | 2vCPU | 2GB | 16GB | VMDK |
| k8s | VM | CentOS 9 | Kubernetes control-plane server | 2vCPU | 2GB | 16GB | VMDK |
| k8s-node | VM | CentOS 9 | Kubernetes worker node | 2vCPU | 2GB | 16GB | VMDK |
| nas | PH | Debian 10 | Office NAS server with backups | 2CPU | 8GB | 1TB | HDD SW RAID1 |
Key Initiatives and Execution Stages:
1. Infrastructure Consolidation and Resource Rationalization:
The primary driver of the project was the reduction of a sprawling infrastructure. This was achieved through the strategic merging of services:
- Web Services Consolidation: All web services, including file servers, RPM repositories, and applications (initially OwnCloud, later NextCloud and PartDB), were consolidated onto a single target machine (
webserver). - Administrative Services Centralization: Key tools such as Puppet, OpenLDAP, and the secondary DNS server were integrated within a single dedicated machine.
- Decommissioning of Redundant Machines: Following successful service migrations, numerous obsolete virtual machines were decommissioned and deleted, including
jenkins,db,admin,web-legacy,vpn,ns1,ns2, andk8s-node, which freed up significant system resources.
2. Technology Stack Modernization:
A strategic migration of operating systems was carried out to standardize and modernize the environment:
- Most machines were migrated to a performance-optimized Gentoo Linux system.
- Key services requiring stability, such as GitLab and Puppet, were migrated to Debian 12.
- Dedicated Gentoo build servers were created and made available on the company network, significantly speeding up compilation processes.
3. Performance and Process (DevOps) Optimization:
- Compilation Speed-Up: Tests using
distccon the newly created Gentoo builders showed a drastic reduction in compilation time for large projects (e.g., Firefox, LibreOffice) from ~60 minutes to just ~20 minutes. - CI/CD Migration: All deployment processes were moved from Jenkins to a modern GitLab platform, centralizing the software development lifecycle.
4. Enhancement of Security and Reliability:
- New Backup System: The backup strategy was completely overhauled—the old directory was archived, and a new, clean backup process was initiated and synchronized with the office location.
- Backup Issue Resolution: An issue with backing up the new VMs was diagnosed and fixed by converting their disks to the VMFS zeroedthick format.
- Internal Security Scanning: A dedicated machine with OWASP tools was deployed for regular vulnerability scanning of the internal infrastructure.
Technical Implementation Details:
- Virtualization Platform: VMware ESXi 8.0.3 on a DELL PowerEdge R640 server (40 logical cores, 64 GB RAM, RAID6 SSD).
- Gentoo VM Standard:
gentoo-kernel-binKernel to ensure portability. - Additional Environments: Two machines with Red Hat 9/10 were deployed for RHCSA certification preparation.
Infrastructure after migration diagram
smartSystems.fallbackTitle
smartSystems.fallbackMessage
smartSystems.fallbackPrompt
Infrastructure after migration:
| Server | Type | OS | Role | CPU | RAM | HDD | Disk Type |
|---|---|---|---|---|---|---|---|
| pve01 | PH | Proxmox VE 9 | Proxmox VE | 40CPU | 64GB | 2TB | SDD HW RAID6 |
| gateway | VM | CentOS 9 | Firewall with port forwards and http proxy Distcc gateway based on HAProxy Bind9 main server for owned domains | 2vCPU | 4GB | 16GB | LVM |
| dbs | VM | Gentoo | MySQL and PostgreSQL server | 2vCPU | 4GB | 45GB | LVM |
| distccgw | VM | Gentoo | Distcc cluster gateway server | 2vCPU | 4GB | 25GB | LVM |
| git | VM | Debian 13 | GitLab repos, docker registry, Gitlab CI | 4vCPU | 8GB | 35GB | LVM |
| puppet | VM | Debian 13 | Puppet master, OpenLDAP server Bind9 backup server for owned domains | 2vCPU | 4GB | 25GB | LVM |
| worker1 | VM | Gentoo | Distcc builder machine and GitLab runner | 8vCPU | 6GB | 60GB | LVM |
| worker2 | VM | Gentoo | Distcc builder machine and GitLab runner | 8vCPU | 6GB | 60GB | LVM |
| webserver | VM | Gentoo | Apache http server with websites NextCloud Server with Collabora CODE | 4vCPU | 6GB | 25GB | LVM |
| mx | VM | CentOS 9 | Posfix, Dovecot MTA server | 2vCPU | 4GB | 16GB | LVM |
| nagios | VM | CentOS 9 | Nagios monitoring server | 2vCPU | 2GB | 16GB | LVM |
| k8s | VM | Gentoo | Kubernetes server | 2vCPU | 4GB | 25GB | LVM |
| rh9 | VM | RedHat 9 | Server for training before RHCSA and RHCE certification | 2vCPU | 2GB | 16GB | LVM |
| rh10 | VM | RedHat 10 | Server for training before RHCSA and RHCE certification | 2vCPU | 2GB | 16GB | LVM |
| owasp | VM | Gentoo | OWASP scanner based on GVM Distcc builder machine and GitLab runner | 6vCPU | 16GB | 95GB | LVM |
| nas | VM | Gentoo | Office NAS server with backups MacOS X timemachines | 2CPU | 8GB | 1TB | SSD SW RAID1 |
Outcome:
The project was successfully completed, transforming a complex and distributed infrastructure into an optimized, consolidated, and modern ecosystem. The main benefits include reduced maintenance costs, a radical increase in the performance of development processes, and a significant improvement in the overall security posture.