VPS, Colocation, Dedicated
Hello, I am looking for any sort of insight, experience from anybody who uses VPS technology to substitute for managing their own infrastructure and servers for business apps. We are looking at different options to unload some of the burden of supporting a network and server infrastructure that is composed of 50+ FreeBSD servers. The concept of VPS technology has been put on the table, along with co-lo and dedicated server options. Web hosting is right out of the question. Requirements: 1. We need to have servers take over the role of the 30+ web servers, which run apache and mzscheme webapps. These web servers to talk to 2+ postgresql databases on seperate servers. 2. The data on the pgsql databases is of a sensitive nature, so it needs to be secured in part by keeping these servers on a separate network segment, accessible only by the web servers, using stunnel encryption. 3. All servers should have some form of firewall protection, either locally (software) or on the network. Preferably network. 4. If using VPS, the FreeBSD image should look and feel just as if we installed it ourselves from scratch, starting off barebones and installing only the apps and services we need. 5. Web server disk space needs to be 10GB. Can scale back to 5GB if ports are kept off the server and compiled offline then synced up. 6. One of our database servers is utilizing 33GB of disk space at the moment, so we would need at least 50GB per server. Findings: I have found about 4-5 providers who offer FreeBSD VSP's. I've evaluated 2: JohnCompanies and Verio. 1. JohnCompanies' VPS image was nearly exactly what I'm looking for -- started off barebones, and I had to do the rest. Just like in my server room. But disk space was abysmal $29/month for 2GB or $69/month for 8GB. 2. Verios turned me off right away between high-pressure sales tactics and an evaluation that saw a base image loaded with crap like it was a Linux or worse, a Windows box: NAS audio server, mp3 player, a default Apache 2.2 install (who said I want 2.2?), that wasn't a port, but built-in shared app! PHP, Xridiculous. 3. Nobody seems to include any sort of firewall protection -- just throw the server out in the public DMZ, and then there is no option to protect database servers on a private subnet. Not even ipfw is included. Verios told me that their FreeBSD images cannot firewall, but their Linux images can, and then tried to pressure me into just converting to Linux. Sorry, they're off the list now. Summary: I really don't think VPS technology can scale to our requirements or meet the specs we need, in resources or security. Their are other in my group who wanted to investigate VPS technology because of the notion that it is more secure. For instance, there is the concept that because it is virtual, and more hidden, it would be more difficult for an employee at our provider to get at the data, whereas if we colocated, they could just pull a hard drive and get at the data. Personally, I think it would be easier to hi-jack a VMware session or image that it would be to get through security, and into a locked cabinet at a colo facility and reboot into single user mode or yank out a disk in a RAID array to get to the data. But I'm still willing to be proven wrong, and if anybody can tell me that there is a good VPS provider who can meet these needs, I'm all ears, but otherwise, I'm leaning towards colocation as the best solution. (Also, I should mention we already own the hardware -- servers for all -- why not leverage that investment?) Thanks for any feedback! - Ahhh...imagining that irresistible new car smell? Check outnew cars at Yahoo! Autos. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: VPS, Colocation, Dedicated
On Thursday 26 April 2007 01:51:56 pm Duane Winner wrote: I am looking for any sort of insight, experience from anybody who uses VPS technology to substitute for managing their own infrastructure and servers for business apps. We are looking at different options to unload some of the burden of supporting a network and server infrastructure that is composed of 50+ FreeBSD servers. The concept of VPS technology has been put on the table, along with co-lo and dedicated server options. Web hosting is right out of the question. I've had a VPS with JohnCompanies for quite some time and have been very happy with it. A client of mine also hosts dedicated/managed servers with them with good results. Requirements: 1. We need to have servers take over the role of the 30+ web servers, which run apache and mzscheme webapps. These web servers to talk to 2+ postgresql databases on seperate servers. 2. The data on the pgsql databases is of a sensitive nature, so it needs to be secured in part by keeping these servers on a separate network segment, accessible only by the web servers, using stunnel encryption. You may want to consider running the webservers as VPS'es and the database servers on dedicated hardware (your own or managed). That would make it easy to directly control the network environment on the database side, at least. 3. All servers should have some form of firewall protection, either locally (software) or on the network. Preferably network. 4. If using VPS, the FreeBSD image should look and feel just as if we installed it ourselves from scratch, starting off barebones and installing only the apps and services we need. That's what JC gives you. 5. Web server disk space needs to be 10GB. Can scale back to 5GB if ports are kept off the server and compiled offline then synced up. 6. One of our database servers is utilizing 33GB of disk space at the moment, so we would need at least 50GB per server. Another reason to not go VPS for the DB servers. Findings: I have found about 4-5 providers who offer FreeBSD VSP's. I've evaluated 2: JohnCompanies and Verio. 1. JohnCompanies' VPS image was nearly exactly what I'm looking for -- started off barebones, and I had to do the rest. Just like in my server room. But disk space was abysmal $29/month for 2GB or $69/month for 8GB. I do think the default disk space offered with their packages is pretty low, but you can get as much more as you want/need for an extra $2/GB/mo. I would recommend contacting them directly (sales@), they are helpful and have a clue. 2. Verios turned me off right away between high-pressure sales tactics and an evaluation that saw a base image loaded with crap like it was a Linux or worse, a Windows box: NAS audio server, mp3 player, a default Apache 2.2 install (who said I want 2.2?), that wasn't a port, but built-in shared app! PHP, Xridiculous. Thanks for the warning... 3. Nobody seems to include any sort of firewall protection -- just throw the server out in the public DMZ, and then there is no option to protect database servers on a private subnet. Not even ipfw is included. Verios told me that their FreeBSD images cannot firewall, but their Linux images can, and then tried to pressure me into just converting to Linux. Sorry, they're off the list now. Again from my experience with JC.. I don't know if or how well individual VPS'es are firewalled from each other, but you can specify your own firewall rules to be run on the firewall between the VPS server host(s) and the rest of the universe. If you were to put your databases on dedicated managed servers I'm sure you could get them on their own segment, and you could run whatever firewall you choose locally. Summary: I really don't think VPS technology can scale to our requirements or meet the specs we need, in resources or security. Their are other in my group who wanted to investigate VPS technology because of the notion that it is more secure. For instance, there is the concept that because it is virtual, and more hidden, it would be more difficult for an employee at our provider to get at the data, whereas if we colocated, they could just pull a hard drive and get at the data. Personally, I think it would be easier to hi-jack a VMware session or image that it would be to get through security, and into a locked cabinet at a colo facility and reboot into single user mode or yank out a disk in a RAID array to get to the data. JC has their own segment/cage/whatever at their datacenter with their own personnel onsite 24x7. I do know that JC tech's can access the complete filesystem of any VPS at any time without any downtime, impact or evidence on the VPS itself. This is handy for e.g. backup/restore purposes but could be viewed as a security concern. On a dedicated server, you would notice downtime (disks yanked or reboot to single-user) or at least log entries (network access) if
