[Typo3-typo3org] Hosting the TYPO3 sites

[Michael Scharkow]

Hi!

Jan-Hendrik Heuing [NF] wrote:

> Right now typo3.org is hosted on webservers, db-server, file-server, 
> loadbalancer. There is no access to the webserver at the moment, because 
> than there would also be access to the fileserver straight away. There was 
> no plan to open up the webserver via ssh for anyone beside us, only this 
> strategy gave as the security we wanted. To access the webservers, you'd go 
> through the loadbalancer, which you then would have full access to as well.

I don't quite understand the security of this setup: The http-Requests 
go through the load balancer, ok. But Robert's ssh account goes where? 
To the load balancer, and from there to the webservers?

> This way Rob could have full root-access to a virtual server which makes use 
> of the whole server performance, as there would be no other virtual server 
> running. (btw: www.sw-soft.com for details). In case of people making things 
> not work (apache, whatever), we could always just shut down that virtual 
> server, start a new one (which could be pre configured) and here we go. 
> Files and DB would still be external. You do not need to access those via 
> SSH, you can always access those via remote (nfs and mysql).

I don't really see how jailing Robert in a vserver inside a real server 
adds *security* to the setup, at least compared to a dedicated server. I 
see it's more convenient because you can setup a new server remotely, 
but other than that, does it make up for the performance issues?

BTW: I was wondering how hosting of the smaller sites (gov,edu,assoc, 
etc.) works or is planned to work. Does it make sense to put them on 
separate (v)servers? That would make administration of those much 
harder...After all, how many machines (real or not) are we currently 
using and how many after splitting hosting?

Greetings,
Michael