httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chad Leigh -- Shire.Net LLC <c...@shire.net>
Subject [users@httpd] separation of services (was: Re: [users@httpd] Favorite Linux Distribution)
Date Wed, 09 Feb 2005 18:30:34 GMT

On Feb 9, 2005, at 11:14 AM, Anthony G. Atkielski wrote:

> The idea of putting everything on a single machine seems to be very
> popular, perhaps because so many people running servers today have only
> PC desktop experience behind them. If budget constraints force you to
> run everything on one machine, then there isn't much that can be done,
> but if you have a choice, separate desktop and server, then separate 
> the
> server even further into separate services: Apache on one machine, BIND
> on anothter, sendmail on another, your favorite DBMS on another, and so
> on.
>

One way you can somewhat alleviate this if you have limited HW or 
budget, is to use the hardware as a base for a bunch of virtual 
machines.

You can use VMWare, UML, or Xen, or other virtualized machine solutions 
on Linux, and "jails" on FreeBSD for example.  This would allow you to 
set up the dbms in a separate virtual machine, perhaps on a private IP 
address, on the same HW.

The idea of separation is a good one and can even be achieved with 
limited HW budgets.

For example, we run FreeBSD and the base machine has almost no services 
running on it except ssh.  Everything else runs inside separate jails 
(if not on separate machines).  Each customer also gets their own 
apache or whatever web server in their own jail.  If someone gets 
hacked, the whole machine is not compromised (barring bugs in the  
basic jail mechanism -- standard chroot exploits don't work in a jail 
for example).

Chad


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message