Preston, thanks for the thoughts. A clarification or maybe lingering
miss impression or two?
On 02/09/2009 08:49 AM, Preston Kutzner wrote:
> On Feb 7, 2009, at 7:29 PM, email@example.com
>> I have a few projects in mind . . . <snip>
>> Project 1. Setting up a LAMP server for testing of web pages / apps
>> before transferring them to the commercial site that has my website.
>> Project 1 (a) Using the same to set up an Intranet page for home
>> documents etc and info I mention this one because that would be
>> about the maximum limit of the traffic.
> This isn't much of a problem. You can get around some security
> implications of sharing public and private sites on the same server by
> using appropriate Apache access controls to determine who can access
> which sites. Apache's security mechanisms are pretty good.
My initial concept was that the web server would only be for testing and
behind the firewall private stuff. A good point to keep in mind if I
make a change later.
>> Project 2. Setting up a Samba server so that the in house Windows
>> users have lan based redundant (RAID-1) storage / backup area.
>> Project 3. Allowing server to function as remote site for my office
>> automatic backups.
> I would lump Projects 2 and 3 together, as they sort of have the same
> basic purpose, file-storage. Obviously, you'd want to make sure that
> whatever firewall you have this server behind (or local firewall, if
> it's not behind a separate firewall) is blocking access to Samba from
> the Internet. As for your office backups, how you would implement
> being a remote site is probably dependent on the requirements of your
> backup configuration. I would not recommend just backing up over an
> exposed SMB/CIFS share, it's just asking for trouble. If you do want
> to back up to an SMB/CIFS share over the internet, I would suggest
> doing it over a VPN (which would be another project in and of itself).
Right, I had thought that one of the two servers would contact the other
via ssh and then backup using rsync
>> Project 4. LTSP server both to serve Ubuntu desktops and w/ a
>> virtual machine to serve XP desktops. (The boxes that would be using
>> this all have their own licenses. But the hardware was never really
>> adequate and by today's standards pathetic).
>> The machine currently redundant and tapped as the probable server is
>> a Celeron 2.4 ghz w/ 1.6 Gb RAM. Ideally I'd like to just add the
>> drives required to support the necessary storage, possibly more ram
>> and get started, one thing at a time.
> Judging from your current system configuration, it is possible to use
> it as an LTSP server. However, you'd have to give more information as
> to how many clients you're expecting to serve. The number of clients
> you're planning on having connect to your LTSP server will determine
> what your hardware needs are. Here's a reasonable place to get a
> ballpark for what you'd need: http://www.k12ltsp.org/install.html
Based on that, it could work. I am only planning 3 or 4 clients, and
the anticipated workload is low. That site also mention using the LTSP
server as "cable modem gateway/firewall and household terminal/file
server. " But your security concerns are well considered.
> Please keep in mind that those hardware requirements are for a server
> that is SOLELY serving as an LTSP server with no other function. LTSP
> is pretty resource intensive on the server-end, as all applications
> technically run on the server and not on client. The more users you
> have and the more applications they have open at the same time, the
> more strain is placed on the server.
> In light of that, adding a Windows Server (running Terminal Services
> or Citrix) in a VM on the same server would be very taxing.
Oh . . . Not what I thought. I had thought I had read somewhere that
you could have a VM that delivered an XP desktop without the necessity
of running Windows server. Not so? This part of the project is purely
hobbyist stuff and not worth the expense of licensing windows
> You'd at very least want to be running it on a server with multiple
> processors or cores and devote 1 or more of the processors / cores to
> the VM. You'd also have to dedicate a slice of available RAM to the
> VM which means it wouldn't be available to the underlying server. If
> you're going to be running a Linux / Window terminal server, I would
> definitely recommend setting aside some dedicated hardware for it.
> Or, at least bumping the specs up for your current system.
> Otherwise, it is possible to run Apache and Samba on the same system
> and have it serving as a LAMP and SMB/CIFS server. I would advise you
> to look into the security implications of doing so, however. If
> someone was to exploit a security flaw in PHP through one of your
> sites, they might be able to gain access to files you have stored in
> your Samba share or backups. In the same vein, if someone were to
> exploit a flaw in Samba, they might gain access to your webroot as
> well. Things to think about as you go forward with your endeavors.
Ok, that makes sense. But access from the outside world has to get
through a hardware "appliance" router and as long as the only thing that
gets through is SSH, then I should be ok?
> As Rashkae already posted, it is *possible* to do all of these things
> on one piece of hardware. I would argue that it's not *practical* or
> recommended to do so. But, sometimes you just have to make due with
> what you have available. Again, Projects 1-3 on the same server is
> the most doable scenario. I would recommend focusing on mitigating
> security risks while doing so, however. And for the LTSP / Windows
> server aspect, you'd need to lay-out some cash whichever way you went
> with it (upgrade current hardware / purchase new hardware) as your
> current specs would probably be pretty strained under the load of
> *all* of those services, especially Project 4.
Thanks again for your thoughts,
ubuntu-users mailing list
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users