FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu User

 
 
LinkBack Thread Tools
 
Old 02-08-2009, 01:17 AM
Rashkae
 
Default Server Best Practices --

p.echols@comcast.net wrote:
> I have a few projects in mind that are - for me at least - somewhat ambitious. The question is about best practice / acceptable practice for server installations. (I have been using Ubuntu desktop on my laptop for a few years now but have a learning curve ahead for setting up and running a server.)
>
> The question is can all of my projects run successfully on one server, and if not, why would that be a bad idea. The following are what I have in mind (I don't think these are all really separate projects, but this is how they are organized in my mind):
>
> Project 1. Setting up a LAMP server for testing of web pages / apps before transferring them to the commercial site that has my website.
> Project 1 (a) Using the same to set up an Intranet page for home documents etc and info I mention this one because that would be about the maximum limit of the traffic.
>
> Project 2. Setting up a Samba server so that the in house Windows users have lan based redundant (RAID-1) storage / backup area.
>
> Project 3. Allowing server to function as remote site for my office automatic backups.
>
> Project 4. LTSP server both to serve Ubuntu desktops and w/ a virtual machine to serve XP desktops. (The boxes that would be using this all have their own licenses. But the hardware was never really adequate and by today's standards pathetic).
>
> The machine currently redundant and tapped as the probable server is a Celeron 2.4 ghz w/ 1.6 Gb RAM. Ideally I'd like to just add the drives required to support the necessary storage, possibly more ram and get started, one thing at a time.
>
> Anyone care to share their thoughts. experiences, places that I should be reading. (I always appreciate a RTFM response as long as I know which FM I should read)
>
> Thanks
> P
>
>

I think LTSP with Windows running in a virtual machine is pushing
things.. Desktop use, either Linux or Windows, needs a crapload of RAM,
and trying to run both simultaneously like that is just not going to be
very efficient. But there's no real technical reason you can't do all
of that on one server.

Although, I would never try to host private data (ie, company off site
backup, for example) on a system with multiple desktop/console users.
Just too many ways for something to go unexpectedly wrong.


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 02-08-2009, 03:44 AM
 
Default Server Best Practices --

----- "Rashkae" <ubuntu@tigershaunt.com> wrote:

> p.echols@comcast.net wrote:
> > I have a few projects in mind that are - for me at least - somewhat ambitious. The question is about best practice / acceptable practice for server installations. (I have been using Ubuntu desktop on my laptop for a few years now but have a learning curve ahead for setting up and running a server.)
> >
> > The question is can all of my projects run successfully on one server, and if not, why would that be a bad idea. The following are what I have in mind (I don't think these are all really separate projects, but this is how they are organized in my mind):
> >
> > Project 1. Setting up a LAMP server for testing of web pages / apps before transferring them to the commercial site that has my website.
> > Project 1 (a) Using the same to set up an Intranet page for home documents etc and info I mention this one because that would be about the maximum limit of the traffic.
> >
> > Project 2. Setting up a Samba server so that the in house Windows users have lan based redundant (RAID-1) storage / backup area.
> >
> > Project 3. Allowing server to function as remote site for my office automatic backups.
> >
> > Project 4. LTSP server both to serve Ubuntu desktops and w/ a virtual machine to serve XP desktops. (The boxes that would be using this all have their own licenses. But the hardware was never really adequate and by today's standards pathetic).
> >
> > The machine currently redundant and tapped as the probable server is a Celeron 2.4 ghz w/ 1.6 Gb RAM. Ideally I'd like to just add the drives required to support the necessary storage, possibly more ram and get started, one thing at a time.
> >
> > Anyone care to share their thoughts. experiences, places that I should be reading. (I always appreciate a RTFM response as long as I know which FM I should read)
> >
> > Thanks
> > P
> >
> >
>
> I think LTSP with Windows running in a virtual machine is pushing
> things.. Desktop use, either Linux or Windows, needs a crapload of RAM,
> and trying to run both simultaneously like that is just not going to be
> very efficient.*

By "both" do you mean serving both Linux and Windows desktops?* Or do you mean both desktops and the other server functions?

> But there's no real technical reason you can't do all
> of that on one server.
>
> Although, I would never try to host private data (ie, company off site
> backup, for example) on a system with multiple desktop/console users.
> Just too many ways for something to go unexpectedly wrong.

Ok, I had not really thought about that.* Do you mean too many things the desktop users could screw up?* Or just too much going on on one machine.* If the former, wouldn't that be solved by having the private data go to a directory that was only read writable by the "user" logged in to do the backup?* My idea is that the office system is a samba server to the office network that nightly does an ssh session to the remote server and saves changed files.* (I think this is rsync through / over ssh, but I have not even started studying that yet.

Thanks for the thoughts.* I'd much rather figure out where I want to go before I start just experimenting.

Patton

>
>
> --
> ubuntu-users mailing list
> ubuntu-users@lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
> --
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 02-09-2009, 03:49 PM
Preston Kutzner
 
Default Server Best Practices --

On Feb 7, 2009, at 7:29 PM, p.echols@comcast.net wrote:I have a few projects in mind that are - for me at least - somewhat ambitious.** The question is about best practice / acceptable practice for server installations.* (I have been using Ubuntu desktop on my laptop for a few years now but have a learning curve ahead for setting up and running a server.)**

The question is can all of my projects run successfully on one server, and if not, why would that be a bad idea.* The following are what I have in mind* (I don't think these are all really separate projects, but this is how they are organized in my mind):

Project 1.* Setting up a LAMP server for testing of web pages / apps before transferring them to the commercial site that has my website.
Project 1 (a) Using the same to set up an Intranet page for home documents etc and info* I mention this one because that would be about the maximum limit of the traffic.
This isn't much of a problem. *You can get around some security implications of sharing public and private sites on the same server by using appropriate Apache access controls to determine who can access which sites. *Apache's security mechanisms are pretty good.


Project 2. Setting up a Samba server so that the in house Windows users have lan based redundant* (RAID-1) storage / backup area.

Project 3.* Allowing server to function as remote site for my office automatic backups.
I would lump Projects 2 and 3 together, as they sort of have the same basic purpose, file-storage. *Obviously, you'd want to make sure that whatever firewall you have this server behind (or local firewall, if it's not behind a separate firewall) is blocking access to Samba from the Internet. *As for your office backups, how you would implement being a remote site is probably dependent on the requirements of your backup configuration. *I would not recommend just backing up over an exposed SMB/CIFS share, it's just asking for trouble. *If you do want to back up to an SMB/CIFS share over the internet, I would suggest doing it over a VPN (which would be another project in and of itself).


Project 4.* LTSP server both to serve Ubuntu desktops and w/ a virtual machine to serve XP desktops.* (The boxes that would be using this all have their own licenses.* But the hardware was never really adequate and by today's standards pathetic).

The machine currently redundant and tapped as the probable server is a Celeron 2.4 ghz w/ 1.6 Gb RAM.* Ideally I'd like to just add the drives required to support the necessary storage, possibly more ram and get started, one thing at a time.
Judging from your current system configuration, it is possible to use it as an LTSP server. *However, you'd have to give more information as to how many clients you're expecting to serve. *The number of clients you're planning on having connect to your LTSP server will determine what your hardware needs are. *Here's a reasonable place to get a ballpark for what you'd need: *http://www.k12ltsp.org/install.html
Please keep in mind that those hardware requirements are for a server that is SOLELY serving as an LTSP server with no other function. *LTSP is pretty resource intensive on the server-end, as all applications technically run on the server and not on client. *The more users you have and the more applications they have open at the same time, the more strain is placed on the server.
In light of that, adding a Windows Server (running Terminal Services or Citrix) in a VM on the same server would be very taxing. *You'd at very least want to be running it on a server with multiple processors or cores and devote 1 or more of the processors / cores to the VM. *You'd also have to dedicate a slice of available RAM to the VM which means it wouldn't be available to the underlying server. *If you're going to be running a Linux / Window terminal server, I would definitely recommend setting aside some dedicated hardware for it. *Or, at least bumping the specs up for your current system.
Otherwise, it is possible to run Apache and Samba on the same system and have it serving as a LAMP and SMB/CIFS server. *I would advise you to look into the security implications of doing so, however. *If someone was to exploit a security flaw in PHP through one of your sites, they might be able to gain access to files you have stored in your Samba share or backups. *In the same vein, if someone were to exploit a flaw in Samba, they might gain access to your webroot as well. *Things to think about as you go forward with your endeavors. *
As Rashkae already posted, it is *possible* to do all of these things on one piece of hardware. *I would argue that it's not *practical* or recommended to do so. *But, sometimes you just have to make due with what you have available. *Again, Projects 1-3 on the same server is the most doable scenario. *I would recommend focusing on mitigating security risks while doing so, however. *And for the LTSP / Windows server aspect, you'd need to lay-out some cash whichever way you went with it (upgrade current hardware / purchase new hardware) as your current specs would probably be pretty strained under the load of *all* of those services, especially Project 4.
--*Preston--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 02-10-2009, 03:03 PM
Patton Echols
 
Default Server Best Practices --

Preston, thanks for the thoughts. A clarification or maybe lingering
miss impression or two?

On 02/09/2009 08:49 AM, Preston Kutzner wrote:
> On Feb 7, 2009, at 7:29 PM, p.echols@comcast.net
> <mailto.echols@comcast.net> wrote:
>
>> I have a few projects in mind . . . <snip>

>> Project 1. Setting up a LAMP server for testing of web pages / apps
>> before transferring them to the commercial site that has my website.
>> Project 1 (a) Using the same to set up an Intranet page for home
>> documents etc and info I mention this one because that would be
>> about the maximum limit of the traffic.
>
> This isn't much of a problem. You can get around some security
> implications of sharing public and private sites on the same server by
> using appropriate Apache access controls to determine who can access
> which sites. Apache's security mechanisms are pretty good.
>

My initial concept was that the web server would only be for testing and
behind the firewall private stuff. A good point to keep in mind if I
make a change later.

>>
>>
>> Project 2. Setting up a Samba server so that the in house Windows
>> users have lan based redundant (RAID-1) storage / backup area.
>>
>> Project 3. Allowing server to function as remote site for my office
>> automatic backups.
>
> I would lump Projects 2 and 3 together, as they sort of have the same
> basic purpose, file-storage. Obviously, you'd want to make sure that
> whatever firewall you have this server behind (or local firewall, if
> it's not behind a separate firewall) is blocking access to Samba from
> the Internet. As for your office backups, how you would implement
> being a remote site is probably dependent on the requirements of your
> backup configuration. I would not recommend just backing up over an
> exposed SMB/CIFS share, it's just asking for trouble. If you do want
> to back up to an SMB/CIFS share over the internet, I would suggest
> doing it over a VPN (which would be another project in and of itself).

Right, I had thought that one of the two servers would contact the other
via ssh and then backup using rsync

>
>>
>>
>> Project 4. LTSP server both to serve Ubuntu desktops and w/ a
>> virtual machine to serve XP desktops. (The boxes that would be using
>> this all have their own licenses. But the hardware was never really
>> adequate and by today's standards pathetic).
>>
>> The machine currently redundant and tapped as the probable server is
>> a Celeron 2.4 ghz w/ 1.6 Gb RAM. Ideally I'd like to just add the
>> drives required to support the necessary storage, possibly more ram
>> and get started, one thing at a time.
>
> Judging from your current system configuration, it is possible to use
> it as an LTSP server. However, you'd have to give more information as
> to how many clients you're expecting to serve. The number of clients
> you're planning on having connect to your LTSP server will determine
> what your hardware needs are. Here's a reasonable place to get a
> ballpark for what you'd need: http://www.k12ltsp.org/install.html

Based on that, it could work. I am only planning 3 or 4 clients, and
the anticipated workload is low. That site also mention using the LTSP
server as "cable modem gateway/firewall and household terminal/file
server. " But your security concerns are well considered.

>
> Please keep in mind that those hardware requirements are for a server
> that is SOLELY serving as an LTSP server with no other function. LTSP
> is pretty resource intensive on the server-end, as all applications
> technically run on the server and not on client. The more users you
> have and the more applications they have open at the same time, the
> more strain is placed on the server.
>
> In light of that, adding a Windows Server (running Terminal Services
> or Citrix) in a VM on the same server would be very taxing.

Oh . . . Not what I thought. I had thought I had read somewhere that
you could have a VM that delivered an XP desktop without the necessity
of running Windows server. Not so? This part of the project is purely
hobbyist stuff and not worth the expense of licensing windows
server/terminal services

> You'd at very least want to be running it on a server with multiple
> processors or cores and devote 1 or more of the processors / cores to
> the VM. You'd also have to dedicate a slice of available RAM to the
> VM which means it wouldn't be available to the underlying server. If
> you're going to be running a Linux / Window terminal server, I would
> definitely recommend setting aside some dedicated hardware for it.
> Or, at least bumping the specs up for your current system.
>
> Otherwise, it is possible to run Apache and Samba on the same system
> and have it serving as a LAMP and SMB/CIFS server. I would advise you
> to look into the security implications of doing so, however. If
> someone was to exploit a security flaw in PHP through one of your
> sites, they might be able to gain access to files you have stored in
> your Samba share or backups. In the same vein, if someone were to
> exploit a flaw in Samba, they might gain access to your webroot as
> well. Things to think about as you go forward with your endeavors.

Ok, that makes sense. But access from the outside world has to get
through a hardware "appliance" router and as long as the only thing that
gets through is SSH, then I should be ok?

>
> As Rashkae already posted, it is *possible* to do all of these things
> on one piece of hardware. I would argue that it's not *practical* or
> recommended to do so. But, sometimes you just have to make due with
> what you have available. Again, Projects 1-3 on the same server is
> the most doable scenario. I would recommend focusing on mitigating
> security risks while doing so, however. And for the LTSP / Windows
> server aspect, you'd need to lay-out some cash whichever way you went
> with it (upgrade current hardware / purchase new hardware) as your
> current specs would probably be pretty strained under the load of
> *all* of those services, especially Project 4.
>
> --
> Preston

Thanks again for your thoughts,

Patton

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 02-10-2009, 04:34 PM
Preston Kutzner
 
Default Server Best Practices --

On Feb 10, 2009, at 10:03 AM, Patton Echols wrote:

>>> Project 2. Setting up a Samba server so that the in house Windows
>>> users have lan based redundant (RAID-1) storage / backup area.
>>>
>>> Project 3. Allowing server to function as remote site for my office
>>> automatic backups.
>>
>> I would lump Projects 2 and 3 together, as they sort of have the same
>> basic purpose, file-storage. Obviously, you'd want to make sure that
>> whatever firewall you have this server behind (or local firewall, if
>> it's not behind a separate firewall) is blocking access to Samba from
>> the Internet. As for your office backups, how you would implement
>> being a remote site is probably dependent on the requirements of your
>> backup configuration. I would not recommend just backing up over an
>> exposed SMB/CIFS share, it's just asking for trouble. If you do want
>> to back up to an SMB/CIFS share over the internet, I would suggest
>> doing it over a VPN (which would be another project in and of
>> itself).
>
> Right, I had thought that one of the two servers would contact the
> other
> via ssh and then backup using rsync

Yeah, rsync over ssh for your backup would be fine over the internet.

>
>
>>
>>>
>>>
>>> Project 4. LTSP server both to serve Ubuntu desktops and w/ a
>>> virtual machine to serve XP desktops. (The boxes that would be
>>> using
>>> this all have their own licenses. But the hardware was never really
>>> adequate and by today's standards pathetic).
>>>
>>> The machine currently redundant and tapped as the probable server is
>>> a Celeron 2.4 ghz w/ 1.6 Gb RAM. Ideally I'd like to just add the
>>> drives required to support the necessary storage, possibly more ram
>>> and get started, one thing at a time.
>>
>> Judging from your current system configuration, it is possible to use
>> it as an LTSP server. However, you'd have to give more information
>> as
>> to how many clients you're expecting to serve. The number of clients
>> you're planning on having connect to your LTSP server will determine
>> what your hardware needs are. Here's a reasonable place to get a
>> ballpark for what you'd need: http://www.k12ltsp.org/install.html
>
> Based on that, it could work. I am only planning 3 or 4 clients, and
> the anticipated workload is low. That site also mention using the
> LTSP
> server as "cable modem gateway/firewall and household terminal/file
> server. " But your security concerns are well considered.

OK, yeah, then your hardware should be sufficient. I'd still suggest
bumping up the RAM to as much as you can. Remember, each application/
process will take a chunk of available memory. The user-land programs
you'd be serving up over LTSP will probably be the biggest users of
RAM, especially (as mentioned in the link) Firefox. Unfortunately,
Firefox and Thunderbird tend to be memory hogs, and FF does have a few
memory leaks (although, a good number of them have been fixed in the
3.0.x branch). Thunderbird does as well. Ultimately, you'll want to
have enough RAM in your system to keep swapping to a minimum. You'd
probably be fine to try your current set-up and increase the amount of
RAM if you start noticing heavy swap activity.

Obviously, as with any Linux installation, be sure to disable any
services you're not using in order to conserve resources for the
services you are using.

>
>
>>
>> Please keep in mind that those hardware requirements are for a server
>> that is SOLELY serving as an LTSP server with no other function.
>> LTSP
>> is pretty resource intensive on the server-end, as all applications
>> technically run on the server and not on client. The more users you
>> have and the more applications they have open at the same time, the
>> more strain is placed on the server.
>>
>> In light of that, adding a Windows Server (running Terminal Services
>> or Citrix) in a VM on the same server would be very taxing.
>
> Oh . . . Not what I thought. I had thought I had read somewhere that
> you could have a VM that delivered an XP desktop without the necessity
> of running Windows server. Not so? This part of the project is
> purely
> hobbyist stuff and not worth the expense of licensing windows
> server/terminal services

This may be possible, but I personally haven't heard of it. It would
be interesting if this were indeed possible.

>
>
>> You'd at very least want to be running it on a server with multiple
>> processors or cores and devote 1 or more of the processors / cores to
>> the VM. You'd also have to dedicate a slice of available RAM to the
>> VM which means it wouldn't be available to the underlying server. If
>> you're going to be running a Linux / Window terminal server, I would
>> definitely recommend setting aside some dedicated hardware for it.
>> Or, at least bumping the specs up for your current system.
>>
>> Otherwise, it is possible to run Apache and Samba on the same system
>> and have it serving as a LAMP and SMB/CIFS server. I would advise
>> you
>> to look into the security implications of doing so, however. If
>> someone was to exploit a security flaw in PHP through one of your
>> sites, they might be able to gain access to files you have stored in
>> your Samba share or backups. In the same vein, if someone were to
>> exploit a flaw in Samba, they might gain access to your webroot as
>> well. Things to think about as you go forward with your endeavors.
>
> Ok, that makes sense. But access from the outside world has to get
> through a hardware "appliance" router and as long as the only thing
> that
> gets through is SSH, then I should be ok?

Yeah, if it's behind a firewall and only accessible from the outside
world via SSH, you should be good. Just wanted to make sure to point
out some of the possible security implications of making some of those
services available on the 'net. Some people reading this thread now
or in the future might not think of some of those things right away.

>
>
>>
>> As Rashkae already posted, it is *possible* to do all of these things
>> on one piece of hardware. I would argue that it's not *practical* or
>> recommended to do so. But, sometimes you just have to make due with
>> what you have available. Again, Projects 1-3 on the same server is
>> the most doable scenario. I would recommend focusing on mitigating
>> security risks while doing so, however. And for the LTSP / Windows
>> server aspect, you'd need to lay-out some cash whichever way you went
>> with it (upgrade current hardware / purchase new hardware) as your
>> current specs would probably be pretty strained under the load of
>> *all* of those services, especially Project 4.
>>
>> --
>> Preston
>
> Thanks again for your thoughts,
>
> Patton
>
> --
> ubuntu-users mailing list
> ubuntu-users@lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 

Thread Tools




All times are GMT. The time now is 10:34 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org