Preface:
My company hawks a software suite for delivering live and on demand multimedia (video, slides, chat, etc.). We provide the server, client side authoring tool, and client browser players. Many of our our customers are huge corporate behemoths with one thing in common: Complicated Global Intranets. We regularly run into issues with proxies, gateways, TCP accelerators, reverse proxy caching servers, QoS protocals, firewalls and the occasional BOFH.
Our team is small, and so is our office infrastructure. Everyone is on OSX, there are a few testing Windows machines. Our network is composed of an OSX Server, AirPort Extreme, an HP 2510-G24 and a 100mbps cable Internet feed. Nothing even remotely as complex as our customers. If it breaks, we run to the store and buy a new one.
The discrepancy is costing us time, money and face. We can do better. I want to setup a development Intranet to mimic our customers' networks. With such a rig in place we could improve our understanding of the problems our customers experience, and provide them with solid advice.
Question:
How can I simulating a generic corporate Intranet. What kind of minimal setup could I implement on the cheap to reproduce our customers' networking environment?
Some background details:
- Our Platform:
- Our content players are Flex-based, the videos are encoded h264
- We stream on demand content over HTTP, bandwidth regulated.
- We stream live content via RTMP, with an undesired fallback to RTMPT (RTMP tunneled over HTTP)
- The platform scales, the only bottleneck is the network
- Technical issues we've bumped into:
- No RTMP (port 1935) access allowed
- Rate limiting of requests by proxies. (RTMPT will make several HTTP POST calls per second)
- Previously undisclosed bandwidth caps
- Virus scanners insisting on a complete download of all files before sending on to client
- Highly restrictive bandwidth quotas between subnetworks in an Intranet (eg: campus-to-campus, city-to-city)
- Ancient infrastructures (You want to stream HD? To BFE? Over a 12-year-old fixed line that nobody can even find the paperwork for? To an NT4 client box with no speakers? O RLY?)
- Intentional bandwidth constriction after n-number of bytes (is that the right word?)
- We'd like to experiment with:
- Multicasting protocols/technologies
- Multicasting between subnetworks in an Intranet
- Proprietary p2p streaming technologies between subnetworks in an Intranet
- Adaptive rate streaming
- QoS protocol configuration
Such a system should allow us to:
- Develop solid fall back mechanisms into our software
- Develop a simple to use diagnostics tool (sales, managers)
- Document proven proxy/firewall configuration snippets
- Provide accurate error messages to end users in our client players
- Maybe even a white paper or two
Initially I started out thinking a single Linux box running squid along with a decent low-end managed switch would be enough. But who am I kidding? I've never designed a network before.
Any ideas? Am I missing something? Specific equipement suggestions are encouraged.
(BTW: budget is limited. The pointy haired boss is tight with cash, but will submit if I can document a clear cost/benefit.)
Sounds like a job for VMs (dun duhhhh....)
But seriously, a lot of network equipment (Firewalls, proxys, routers etc.) comes in both a "hardware" and "appliance" version. The appliance versions can be installed on virtual machine servers like VMWare. And with the flexibility of VMs the only harware you would have to allocate would be disk space for the images (When you're not using a particular setup just power it down and you get all your CPU/RAM/Etc. back.
VMWare provide a free (as in beer) version of their ESX hyper-visor, ESX is probably the most popular enterprise level hyper-visor, but most appliances will run on XEN, and some even on KVM.
This does have some downsides, primarily every appliance you want to use would need to be licensed (unless you reached a special agreement with the provider, your usage fell under what the "trial" offered or there is a free version that would limit your needs).
The alternative to that if you don't need an identical environment, is go crazy with FOSS. Set up 3 firewall VMs one behind the other (yeah, my school used three firewalls in chain, I have no idea why), stick it behind a proxy and block POST requests, enforce bandwidth limits etc. I would have thought if you don't need an identical environment there will be some software available to provide similar
missfunctionality.TL;DR
VIRTUALIZE ALL THE THINGS