This maybe seems to be a weird post, especially for those who don’t live in Italy, because here in Italy there’s the common belief that the abilites of a worker, usually are less considered than the qualifies that it has. Or simply the employers don’t ask “what you are able to do?”, instead of “what are your credentials/studies”.
Unfortunaly this post will not totally debunk this myth, at least for me, because I think that in Italy the work market is not as healthy as other (north) european States, but I just want to give a little bit of hope to my fellow citizens.
A security company asked me to work with them after they saw and read the posts on this blog.
The full story
Some months ago I was riding a bike uphill (I’m a cyclist) and a guy overtake me, so I decided to follow him during the ascent, just to chat a little. And by talking about technolgy and cycling, I discovered that he is the CEO of some interesting companies that are bringing tech in the sport environment, more precisely he’s building some smart sensors that you can found inside the t-shirt of some football big players (like the Italian national team, Inter, Lazio etc…). And I found we had similar ideas about the digital rights and the fundamental importance of the technology nowadays, so we kept in contact via social networks.
Few months after this curious meet, and after he read some of these posts blog, especially this one My network home setup - v4.0, and he decided to write me a message saying: “Hi Giulio, how are you? You know that you have the same passion I had when I was younger: the networking?! Have you ever thought of making this passion a job?”. So I replied: “Hi xxx, thanks but why are you asking me this?”, and he said: “Because I can help you in this (make my passion a job), wait few days and a friend of mine will call you”.
The day after one guy (the actual CEO of the company where I’m working) called me and he asked me to have a job interview because he found my posts and abilities very interesting, but what surprised me is that he didn’t ask me “what are your studies, what is your age, what are your references, etcc…” he was interested in what I’m able to do and what I think about the networking/internet. Full stop.
So we made this job interview and he offered me a very interesting contract with a right salary. So I took some days to make my decision, because I was a scared that I wasn’t up to the job and I had also another job proposal “on background”, but in the end I said yes.
And I think it was one of my best decision ever, because the work environment and my colleagues are fabulous, I like a lot what I’m doing and it’s very interesting to improve my skill, learn new stuff and make new experiences.
What I’m doing
I’m working something like a DevOps or a SysAdmin, I took the Fortinet NS4 certification, I’m doing the NS5 and the work my company is to build (or rebuild) the datacenters of other companies from scratch, so I have to program the network. Another branch of the company is doing the “manual stuff”, like certify the cables, wiring the switches, build the datacenter rooms/racks, etc… and we also install the security surveillance appliances and VoIP phones.
the monitoring system
Beside the network job, like install new firewalls/switches/servers/UPS/PBX/etc.., what the company wanted from me was also a “monitoring system” for the network appliances of our clients. More precisely a monitoring system that can monitor lots of different stuff/hardware and sends alerts when something happens, like a server disk is full or a IP surveillance camera is offline or a WAN is loosing lots of packets, and so on…
So what can be the best monitoring system than Grafana and Prometheus like I’m already doing at my home?!
I knew that using Prometheus as a database would have been very tricky, because I should have use lots of different exporter (way to write in the database), like original exporters and SNMP exporters. And that I should have created all my customs Grafana dashboards. There are lots of way simply monitoring system like PRTG or Zabbix but no one is fully customizable, flexible and powerful (…and open source) as the coupling of Prometheus + Grafana. Considering also the alert system that’s integrated into Grafana.
So we made some consideration about the timings, the hardware costs and remote operational, then we chosen the hardware enclosure and the business model, and finally I started to build up the whole system in a one 19” rack unit that inside has:
- a VPN made with WireGuard on a Mikrotik 750 with OpenWrt
- a Raspberry PI 4B with Grafana and Prometheus for the monitoring system
- a Raspberry PI 3B with Pi-Hole and Unbound to offer to the clients a privacy focused DNS
- a USB hub to use only one external power supply
- some shorts USB cables
- some custom Ethernet ports and cables
And with the help of my colleagues, that are way skilled than me in the hardware stuff, I built the first unit!
But images speak better than words, so this is the first full system built:
The stuff inside are taped to the bottom with a strong, heat resistant, bi-adesive tape:
But I think you wonder why SYSMI name, rightly… well, my company name is SYSTI, so SYSMI is the name + monitoring = SYSMI. And SYSDNS for the Pi-hole DNS.
Finally, this solution with the Raspberry PIs reuires also very low power to operate (usually less than 20W) and it doesn’t heat, so I can use passive cooling and I don’t bother the clients (bills) with a 150/200W power system like a normal x86 server.
Two Fortigate in HA:
A Windows machine on a ESXi server:
The Pi-Hole dashboard:
Some example rules:
And an alert email when something is triggered, and then resolved (for a client the sender is not ‘SYSMI’ but the name of the client, in order to know which client is having issue):
And there’re lots of other dashboards but for now I think these screenshots are sufficient.
This is the first “interaction” in this environment for me, and I’ve done all in 3/4 months, so the things can be improved a lot, and I’ll do it in the future, especially with the software. But I think that as a first approach, thanks also to my colleagues, I can be quite satisfied.
In the future I will write more about the software, the issues and other inconvenience I will come across, for now if you have any question just ask in the comments!