-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
In all the environments I have worked in, servers were constantly being reprovisoned/upgraded etc. Both Windows and Linux. Also virtualization was utilized very heavily. This made testing quite easy, and allowed us to cycle in upgrades. So a 3 or 5 year support cycle seems fine. Here is my take on building a server farm: (say 1 rack in a colo) Core components: Network attached storage (dual pathed iSCSI appliances are good for this). I prefer Promise myself. They have a 2U chasis which takes SATA drives. 2 dedicated storage heads to serve up the iSCSI storage (make sure to put in a couple 4 port nic cards so you can hook up lots of iSCSI appliances directly to the box) n (in increments of 2) 1U servers running KVM hosting all the virt bits on the storage. Centos or Ubuntu Server for the base os. I usually host my dns/dhcp on the bare metal which makes spanning across vlans and such a bit easier. You could also put it in a virtual machine if you wanted. With judicious use of layer7 filtering (snort inline and what not) you can mitigate a wide variety of risks and not need to patch right away. This lets you patch in an orderly planned fashion. You should also be using some sort of configuration management system, and PXE/kickstart to build all of your virtual machines. This allows you to simply lay down the latest spin of a distro and configs in 30 minutes or so. I've implemented the above setup multiple times and found it provides a substantial amount of convenience and flexibility. If you want to save some money you could also have 2 identically configured Linux boxes with master/slave drbd replication. Have your storage on bare metal and all services in a virtual machine. I personally use Ubuntu Server 9.10 in my environment here at home. I am doing contract/consulting work full time so my home is my production environment. I also use it as a lab environment for clients. I have written up a detailed page on the environment at http://wiki.knownelement.com/index.php/Network_Stuff I'll be speaking in March at UUASC OC on Data Ownership http://wiki.knownelement.com/index.php/Data_Ownership and a big part of that is how I ensure my data is hosted in a sustainable manner. Randall Whitman wrote: > CentOS - as i understand it, 4 years full, 7 years security patch: > http://wiki.centos.org/Download > > http://wiki.centos.org/AlainRegueraDelgado?action=AttachFile&do=get&target=en-centos-lifecycle.png > > Ubuntu LTS is 3 years desktop, 5 years server: > <http://www.ubuntu.com/products/whatisubuntu/serveredition/benefits/lifecycle>. > I still have not tracked down how that is defined: is it per-package, or per > which image I used to install - what if i install from the server CD, remove > server packages, and install desktop packages? > (Tangent: problem with 3-yr/2-yr cycle for desktop LTS, is that at the end of > life for one LTS, there is no Ubuntu with 3 *remaining* years of lifecycle: > the meantime LTS has only 2 years left, and the next LTS is a year off.) > > Linkname: Operating Systems Lifecycle Chart > URL: http://benjamin-schweizer.de/operating-systems-lifecycle-chart.html > > /Randall > _______________________________________________ > LinuxUsers mailing list > LinuxUsers@socallinux.org > http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers - -- Charles N Wyble Linux Systems Engineer char...@knownelement.com (818)280-7059 http://www.knownelement.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkt9d5gACgkQJmrRtQ6zKE+yzACfT3KC9WmnwkkZGrcVXR7uQtod zKsAoJrX5mhCB6DBliMKYtFO9Brlv6l/ =IOFq -----END PGP SIGNATURE----- _______________________________________________ LinuxUsers mailing list LinuxUsers@socallinux.org http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers
