x86 Down?!

[Sidoh]

I don't follow the logic

He wants to host the forums on the same server that the site is hosted on.  I think it can be mutually agreed upon that we'd rather not let just anyone host it.  Get it now?

[Ersan]

No, he said the site and forums are hosted on different servers.  Which really isn't necessary.

Even if it were he should do it the right way with directory-mapped load balancing/virtual hosting...

[Sidoh]

No, he said the site and forums are hosted on different servers.  Which really isn't necessary.

They're on the same physical server.  He does it for security reasons.  The setup he has is actually really nice.

[Ersan]

That makes less than no sense.

[Sidoh]

That makes less than no sense.

www.vmware.com

[Ersan]

So as sidoh's explained it to me, iago is using (at least) 3 vmware instances on one computer to host the x86 website.  Apparently VMWare is more secure than the OS itself now?  I wish someone with a clue would justify this (iago?).

[Killer360]

My ISP's been sketchy.  It's been happening ever since the temperature fell below -10, so maybe the switches just have to adapt to the cold.

No problems for me.   

Edit: I'm also having problems with my router. It just simply doesn't work. It says it's connected and everything, but I can't access anything. 

Restarting the router and shutting down the computer has worked a few times, but it doesn't work anymore.

[Chavo]

So as sidoh's explained it to me, iago is using (at least) 3 vmware instances on one computer to host the x86 website.  Apparently VMWare is more secure than the OS itself now?  I wish someone with a clue would justify this (iago?).

Its the same idea as having 2 different machines for your web server and say... your dns server.  It's more secure and one going down won't affect the other.  VMWare just makes virtual machines.

[Ersan]

I know what vmware does, this just seems like a horribly inefficient way to handle things, without any significant security improvements.

I'm working on a managed hosting platform and I'd like to know if there's any legitimate reason to do this.  It seems like a lazy alternative to securing your server.

Its the same idea as having 2 different machines for your web server and say... your dns server.  It's more secure and one going down won't affect the other.  VMWare just makes virtual machines.

If one goes down, your website can't resolve, or you have no webserver, DNS servers are seperate from web servers so that if the web server goes down, dns will still operate for the OTHER domains on the server, as well as for performance and latency.  Security is as simple as operating them in different chroot's.  None of this is really relvant because they are all running on the same physical machine.

[Chavo]

the name won't resolve, no (unless there is a backup!  ) but it is still up.  If it's mission critical it can still be accessed by IP.

You said its inefficient... more inefficient than what? Separate physical boxes? maybe... but certainly not more cost effective for a low traffic use like ours.  I don't have any experience with managed hosts so I can't make that comparison but it seems like the same idea, just virtualized on the web server level rather than the OS level.  Every host would still go down if the machine somehow managed to get a nasty virus, right?  That wouldn't happen if each site was isolated to its own OS instance.  If he further isolates them by restricting what instances can network with other instances (I'm guessing he uses the Red-Orange-Green model), the chances of one site's problems affecting another's are slim at best.  Probably something worth worrying about when he lets anyone in the clan work on the x86labs site, whereas the forums obviously have material that not everyone in the same group should be privy to.

[Ersan]

It's 'horribly inefficient' because you're running THREE virtual operating system instances (that don't share resources) for something you can accomplish with one.  More inefficient than pretty much any other configuration you can come up with.

If you know how to set permissions and actually use the OS, you can give everyone in the world a shell account without worrying about them hijacking the web server.  This is why I said it was a 'lazy alternative to securing your server'.  I guess this protects against some sort of virus or exploit, but who's to say someone can't exploit VMWare as well, and access the other virtual servers on the same physical system?

[iago]

- I give people (basically, anybody x86 member who wants it) access to x86labs.org's main server
- I don't give people access to x86labs.org:81's forum server
- I give restricted database access to many servers (including my laptop, the forum, the main server, and others that you don't especially need to know about)

Does that clear it up? 

In addition, the VMWare server also acts as a firewall.  The virtual servers are set up as a DMZ and my actual network is set up as a Trusted LAN.  Every incoming connection goes to the DMZ, no incoming connections can ever get to the Trusted LAN.  Within the DMZ, I have a decently set up network, with a database server, a couple web servers, and testing servers.  If I could run a DNS, I'd have a DNS server in there too.  So in addition to everything else, this lets me learn about setting up a network. 

In terms of speed, there's no noticeable loss.  Every server feels like it's the only one on the box while using it, except when they all boot at the same time.  I run ~7 or 8 servers at the same time, and it's rare for one of them to use a significant amount of CPU/RAM more than 1% of the time, so they get along nicely.  VMWare is quite good at freeing up resources when a system isn't using them.

Also, I'm not a hosting company, I'm a guy with a properly-configured home network. 

[Chavo]

It's 'horribly inefficient' because you're running THREE virtual operating system instances (that don't share resources) for something you can accomplish with one.  More inefficient than pretty much any other configuration you can come up with.

If you know how to set permissions and actually use the OS, you can give everyone in the world a shell account without worrying about them hijacking the web server.  This is why I said it was a 'lazy alternative to securing your server'.  I guess this protects against some sort of virus or exploit, but who's to say someone can't exploit VMWare as well, and access the other virtual servers on the same physical system?

I think you missed the part of my post about cost effectiveness and networking security   You're arguing the part of my post that most agrees with you clown.

[Ersan]

I'm not satisfied, you can do what you want but I'd like to stress to anyone interested that this setup is a horrible and inefficient way to run a website, don't use it in any production application ever.

And if for some reason you do decide to use virtual machines in a production environment, do NOT use vmware, use virtuozzo or something similar.

[Sidoh]

Oh shut up.  Go whine elsewhere.  Just because there's a more efficient way to do something doesn't necessarily make it exceedingly better or even a better choice at all.  It may be more efficient to run everything on the same server without virtual machines, but that isn't what iago's trying to accomplish.  He's wanting to separate the server roles without buying more than one server.

If the site or the forums get hacked, it's unlikely that any of the other servers will be touched or even known about.

I totally agree that virtualizing server roles would be a terrible idea if the server had any sort of high traffic, but that isn't the case.  We have a few thousand posts a month, which doesn't allot to much usage.  Like he said, he's not trying to run a hosting company.  I think nearly everyone here is aware of the downfalls of this, but it seems that you're the only one that isn't embracing the benefits.

Now, until you're able to prove the cost effectiveness, security, speed, reliability and disaster potential of running all of these servers on the same machine with no virtualizing is noticeably better, I suggest you drop it.