Server Best Practices --

Preston Kutzner shizzlecash at gmail.com
Mon Feb 9 16:49:01 UTC 2009 

On Feb 7, 2009, at 7:29 PM, p.echols at comcast.net wrote:

> I have a few projects in mind that are - for me at least - somewhat  
> ambitious.   The question is about best practice / acceptable  
> practice for server installations.  (I have been using Ubuntu  
> desktop on my laptop for a few years now but have a learning curve  
> ahead for setting up and running a server.)
>
> The question is can all of my projects run successfully on one  
> server, and if not, why would that be a bad idea.  The following are  
> what I have in mind  (I don't think these are all really separate  
> projects, but this is how they are organized in my mind):
>
> Project 1.  Setting up a LAMP server for testing of web pages / apps  
> before transferring them to the commercial site that has my website.
> Project 1 (a) Using the same to set up an Intranet page for home  
> documents etc and info  I mention this one because that would be  
> about the maximum limit of the traffic.

This isn't much of a problem.  You can get around some security  
implications of sharing public and private sites on the same server by  
using appropriate Apache access controls to determine who can access  
which sites.  Apache's security mechanisms are pretty good.

>
>
> Project 2. Setting up a Samba server so that the in house Windows  
> users have lan based redundant  (RAID-1) storage / backup area.
>
> Project 3.  Allowing server to function as remote site for my office  
> automatic backups.

I would lump Projects 2 and 3 together, as they sort of have the same  
basic purpose, file-storage.  Obviously, you'd want to make sure that  
whatever firewall you have this server behind (or local firewall, if  
it's not behind a separate firewall) is blocking access to Samba from  
the Internet.  As for your office backups, how you would implement  
being a remote site is probably dependent on the requirements of your  
backup configuration.  I would not recommend just backing up over an  
exposed SMB/CIFS share, it's just asking for trouble.  If you do want  
to back up to an SMB/CIFS share over the internet, I would suggest  
doing it over a VPN (which would be another project in and of itself).

>
>
> Project 4.  LTSP server both to serve Ubuntu desktops and w/ a  
> virtual machine to serve XP desktops.  (The boxes that would be  
> using this all have their own licenses.  But the hardware was never  
> really adequate and by today's standards pathetic).
>
> The machine currently redundant and tapped as the probable server is  
> a Celeron 2.4 ghz w/ 1.6 Gb RAM.  Ideally I'd like to just add the  
> drives required to support the necessary storage, possibly more ram  
> and get started, one thing at a time.

Judging from your current system configuration, it is possible to use  
it as an LTSP server.  However, you'd have to give more information as  
to how many clients you're expecting to serve.  The number of clients  
you're planning on having connect to your LTSP server will determine  
what your hardware needs are.  Here's a reasonable place to get a  
ballpark for what you'd need:  http://www.k12ltsp.org/install.html

Please keep in mind that those hardware requirements are for a server  
that is SOLELY serving as an LTSP server with no other function.  LTSP  
is pretty resource intensive on the server-end, as all applications  
technically run on the server and not on client.  The more users you  
have and the more applications they have open at the same time, the  
more strain is placed on the server.

In light of that, adding a Windows Server (running Terminal Services  
or Citrix) in a VM on the same server would be very taxing.  You'd at  
very least want to be running it on a server with multiple processors  
or cores and devote 1 or more of the processors / cores to the VM.   
You'd also have to dedicate a slice of available RAM to the VM which  
means it wouldn't be available to the underlying server.  If you're  
going to be running a Linux / Window terminal server, I would  
definitely recommend setting aside some dedicated hardware for it.   
Or, at least bumping the specs up for your current system.

Otherwise, it is possible to run Apache and Samba on the same system  
and have it serving as a LAMP and SMB/CIFS server.  I would advise you  
to look into the security implications of doing so, however.  If  
someone was to exploit a security flaw in PHP through one of your  
sites, they might be able to gain access to files you have stored in  
your Samba share or backups.  In the same vein, if someone were to  
exploit a flaw in Samba, they might gain access to your webroot as  
well.  Things to think about as you go forward with your endeavors.

As Rashkae already posted, it is *possible* to do all of these things  
on one piece of hardware.  I would argue that it's not *practical* or  
recommended to do so.  But, sometimes you just have to make due with  
what you have available.  Again, Projects 1-3 on the same server is  
the most doable scenario.  I would recommend focusing on mitigating  
security risks while doing so, however.  And for the LTSP / Windows  
server aspect, you'd need to lay-out some cash whichever way you went  
with it (upgrade current hardware / purchase new hardware) as your  
current specs would probably be pretty strained under the load of  
*all* of those services, especially Project 4.

-- 
Preston
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20090209/cbe262fa/attachment.html>

More information about the ubuntu-users mailing list