| Split a server into security units - what is the best way? [message #2142] |
Wed, 22 March 2006 08:30  |
|
|
Hello again,
This time I have a question about the performance of openvz. We want to use openvz to split a quite large server into several "security units".
This is the configuration of that server:
Dual Intel Pentium 4 Xeon HT EM64T with 3.2GHz (2 physical CPUs + 2 virtual CPUs)
4 GB of RAM
SATA-Raid in Mirroring Mode
Centos 4.3 x86_64 (Host System)
Debian Sarge AMD64 (inside VPSs)
Now we want to run a quite large database server (MySQL) on it. The databases have a file size of about 20 GB (growing rate: 1.2GB/month). So MySQL needs a lot of RAM to be fast enough to handle that. I would say: MySQL should get about 3072 MB of RAM and "most" of the CPU power. That MySQL server should run on its own VPS (using Debian Sarge AMD64 as VPS-OS).
In addition to that MySQL-VPS we need a development system, a testing system and a system that runs some network/traffic accounting tools. These servers are low priority servers and we think that they don't need much CPU power and also not that much RAM.
Here is a small table that shows the "promised" CPU power for the VPSs from above:
80% MySQL-System
10% Development-System
10% Network-Accounting-System
00% Testing-System (not needed every day)
If this is not optimal, please give us other values.
Now what is the best way to create a config like that?
I thought vzsplit should do the job. I thought splitting the server into 10 parts ((80+10+10)/10) and then multiplying the values for the MySQL-System with 8 would be perfect. What do you think about that? Is that the right way?
Thank you!
Bernhard
|
|
|
|
|
|
| Re: Split a server into security units - what is the best way? [message #2160 is a reply to message #2142] |
Thu, 23 March 2006 09:06  |
|
|
This is only the slave database server. The master server is dedicated to mysql. This is the only server that is able to handle that load. At the moment the system handles all of these VPSs in its host system. To have a more secure system I think it would be wise to split the server into security units. That way an attack to the testing system is only local to that system and NO exploit on the testing system is able to delete the database server because it is in an other VPS.
I really hope someone can give me some hints how to configure that host to have maximum performance and stability.
Bernhard
|
|
|
|
|
|
|
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
