[Typo3-typo3org] Hosting the TYPO3 sites

[Jan-Hendrik Heuing [NF]]

Hello,

> I don't quite understand the security of this setup: The http-Requests go 
> through the load balancer, ok. But Robert's ssh account goes where? To the 
> load balancer, and from there to the webservers?

Yes, that's why we do not want to open access this way, we do not want to 
give access to the load balancer´and fileserver as I wrote as well.

>> This way Rob could have full root-access to a virtual server which makes 
>> use of the whole server performance, as there would be no other virtual 
>> server running. (btw: www.sw-soft.com for details). In case of people 
>> making things not work (apache, whatever), we could always just shut down 
>> that virtual server, start a new one (which could be pre configured) and 
>> here we go. Files and DB would still be external. You do not need to 
>> access those via SSH, you can always access those via remote (nfs and 
>> mysql).
>
> I don't really see how jailing Robert in a vserver inside a real server 
> adds *security* to the setup, at least compared to a dedicated server. I 
> see it's more convenient because you can setup a new server remotely, but 
> other than that, does it make up for the performance issues?

This decision is not about performance, as it is exactly the same with or 
without. It's makes management of the whole system much easier.In terms of 
security: You can not break the running node, but only a virtual server. If 
he breaks it, we just start a new one in no time.

> BTW: I was wondering how hosting of the smaller sites (gov,edu,assoc, 
> etc.) works or is planned to work. Does it make sense to put them on 
> separate (v)servers? That would make administration of those much 
> harder...After all, how many machines (real or not) are we currently using 
> and how many after splitting hosting?

Yes, they will be in separate virtual servers,and administration is so much 
easier, as we are not using Virtuozzo but also HSPcomplete on top. If you 
want detailed information about it, get in touch with me by mail. Rob you 
could actualy also say something about it, and that you really like it ;)
We are not changing the number of servers though, as we do not change the 
amount of pages served. Those small pages can be hosted in virtual servers, 
so if one failes, it's no problem for the other. The benefit is, that you 
can change things in the system independently from each other. If you need 
special libs in the one system, you can install them. If you need debian for 
the listserver, you can just use it, while you use redhat for .org, as it 
offers the best typo3 optimization (in terms of image rendering). If you 
have application templates you want to install on more systems, you just add 
application templates to the system, which you then can install with a few 
clicks or even update a few automaticly.

JH