Per Jessen wrote: Hi,
I have 6 vservers running on a Celeron 2.6 GHz w/ 1 GB main memory, without any performance problems. The host system provides no public services at all, just iptables, ntpd, and a heavily restricted ssh. The vservers are used to encapsulate a Web server, a mail server, a DNS server, and a VPN gateway;
I'm curious Joachim - why did you opt for individual vservers for these services? Admin? Security?
Security is the only reason. With that setup I'm able to associate local exploits a lower risk than remotely exploitable vulnerabilites. If I would run the services on one single (logical) host, a remote exploit for one service would be able to use the local exploits of other services to gain full admin access. With my setup; I can confine that risk to one vserver. Still bad, but not as bad as the alternative. Of course, it takes some shielding of the vservers against each others; that's also the reason why the backend services (database and (non-Java :-) app server) run in their own vserver again; to separate remote and local vulnerabilities in my risk management. But: Your question about administration gives me a nice opportunity for a rant: Virtualization is often sold as an _easy_ way to have a flexible way to handle one's services. E.g., being able to move them from one physical host to another, backup them completely, maybe having snapshots (VMware), etc. Well, the term _easy_ is garbage here -- in general, separating services into virtualized systems means *more* admin work. One has to setup more systems, one has to backup them, update them, monitor them, check their log files, keep their configuration consistent. After all, each virtualized host is a fully installed host in its own right that needs almost all the administration. Therefore, if one goes along that road, one should have an infrastructure that supports that work. E.g., something like cfengine to keep configurations of all systems consistent and up to date. Automatic log collection and survey systems (logwatch is a pain to set up properly, though) -- please note that this can partly be done more securely without syslog on the virtual hosts. Monitoring (e.g., with Nagios) where the configuration is not written by hand but generated somehow, to be able to easily add yet another host to monitoring. etc.pp. (I refrain from naming the proprietery alternatives for system management... ;-)) It is a pity that one has to create this kind of environment oneself and that most of our open source management tools are not sufficiently ready to approach this task. Thus, for many small shops, who don't have the necessary skills, server virtualization is a double-edged sword where the sharp side is often overlooked. Joachim PS: My company makes virtualization concepts / data center consolidation for big companies for a living; that's why I have the infrastructure ready for my own small 6-person shop as well... -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Joachim Schrod Email: jschrod@acm.org Roedermark, Germany -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org