[Typo3-typo3org] Hosting the TYPO3 sites
Jan-Hendrik Heuing [NF]
jh at netfielders.de
Tue Apr 12 12:42:48 CEST 2005
Hello,
> I don't quite understand the security of this setup: The http-Requests go
> through the load balancer, ok. But Robert's ssh account goes where? To the
> load balancer, and from there to the webservers?
Yes, that's why we do not want to open access this way, we do not want to
give access to the load balancer´and fileserver as I wrote as well.
>> This way Rob could have full root-access to a virtual server which makes
>> use of the whole server performance, as there would be no other virtual
>> server running. (btw: www.sw-soft.com for details). In case of people
>> making things not work (apache, whatever), we could always just shut down
>> that virtual server, start a new one (which could be pre configured) and
>> here we go. Files and DB would still be external. You do not need to
>> access those via SSH, you can always access those via remote (nfs and
>> mysql).
>
> I don't really see how jailing Robert in a vserver inside a real server
> adds *security* to the setup, at least compared to a dedicated server. I
> see it's more convenient because you can setup a new server remotely, but
> other than that, does it make up for the performance issues?
This decision is not about performance, as it is exactly the same with or
without. It's makes management of the whole system much easier.In terms of
security: You can not break the running node, but only a virtual server. If
he breaks it, we just start a new one in no time.
> BTW: I was wondering how hosting of the smaller sites (gov,edu,assoc,
> etc.) works or is planned to work. Does it make sense to put them on
> separate (v)servers? That would make administration of those much
> harder...After all, how many machines (real or not) are we currently using
> and how many after splitting hosting?
Yes, they will be in separate virtual servers,and administration is so much
easier, as we are not using Virtuozzo but also HSPcomplete on top. If you
want detailed information about it, get in touch with me by mail. Rob you
could actualy also say something about it, and that you really like it ;)
We are not changing the number of servers though, as we do not change the
amount of pages served. Those small pages can be hosted in virtual servers,
so if one failes, it's no problem for the other. The benefit is, that you
can change things in the system independently from each other. If you need
special libs in the one system, you can install them. If you need debian for
the listserver, you can just use it, while you use redhat for .org, as it
offers the best typo3 optimization (in terms of image rendering). If you
have application templates you want to install on more systems, you just add
application templates to the system, which you then can install with a few
clicks or even update a few automaticly.
JH
More information about the TYPO3-team-typo3org
mailing list