[BlueOnyx:00670] Re: blue onyx Infrastructure

[don caprio]

Chris,

Thank you your reply. It was very helpful. See responses in-line.

On Wed, Feb 25, 2009 at 9:25 PM, Chris Gebhardt - VIRTBIZ Internet <
cobaltfacts at virtbiz.com> wrote:

> don caprio wrote:
> > I'm considering switching over to BlueQuartz and have some basic newbie
> > questions.
>
> Welcome!
>
> > I'm going to be moving to a new co-lo. ISP has assigned me a subnet'd
> > class C network. I have
> > 5 available static IP's. I'm going to be using a Netscreen for my
> > firewall which leaves me 4 IP's.
>
> Do you mean you're getting a /29 CIDR (subnet) carved out of a "class
> C"?    You might want to think about asking for a /28 (16 total, 13
> usable) because from the below it sounds like you will need more -
> unless you're using some sort of NAT.
>
> Also... does your Netscreen have the guts to stand in front of your
> operations?   It always amazes me when customers bring half a rack of
> gear into the datacenter and stick a home / small business router in
> front of it.  Tens of thousands of dollars worth of high-end server
> equipment, all with dual redundant power supplies, RAID, etc, and then
> it all plugs into this little box.   Guess where the point of failure
> usually is?    All I'm saying here is make sure you are comfortable.
> Once I hear that from a customer, I shut my mouth.   Until the first
> "please reboot my router" ticket.  :)


> I hear ya on the NetScreen.
> I had a dedicated Linux host for my firewall. I've gone back and forth
with this
> very issue. True it's a single point of failure but having a firewall
appliance where
> I spend less time managing it is appealing. As you know the nice
enterprise firewall
> appliances are expensive and out of my budget. I've been watching eBay for
used and was thinking
> about picking up a WatchGuard X500 or X1000 rather using my Netscreen.
Cisco
> PIX's show up on eBay as well. Cisco PIX has the reputation and would be a
good
> alternative.

>
> > Are there folks out there that are running ALL of your internet services
> > on a single server (DNS,sendmail,
> > ftp, http, https,mysql)? I still plan on using my dedicated mail gateway
> > for spam and virus protection (mailcleaner).
>
> Absolutely.  That's the whole point of a hosting appliance, which is
> what the Cobalt was years ago and BlueOnyx (BX) is the progeny of its DNA.
>
> Of course, if you want to put a mail gateway in front of your hosting
> boxes, that's certainly not a problem.  (We have done that for many years).
>
> An odd exception that springs to mind is a large-ish customer of ours
> (US residents see their commercials during every NFL game) that has a
> handful of old RaQ-XTRs, with each having been hacked up to process
> certain bits and pieces of their site.  One for images, another for
> Oracle (yes...), another for MySQL (yes, still... it's odd), and various
> for the actual content pages of various bits and pieces of their sites.
>
> The original developers set things up this way for a reason.  Nobody now
> can figure out what that reason is, but it's too cumbersome to change.
> So we keep their old XTRs cranking along!   There are plans to do much
> consolidation in the next re-write of the site, but that's been talked
> about since about the time that Sausalito got open-sourced!  :)
>
> Like I say - odd exception.
>
> Of course, the downside to having all services on a single machine is
> that all your eggs are in one basket.   But practically speaking, the
> trade-off is well worth it for the sake of simplicity.   If you're like
> me, you enjoy a system that "just works".
>
> > I'll be hosting a couple dozen domains. Most small and not much traffic.
> > One site is JSP based and is my largest
> > customer.
>
> Again I wonder if just 4 usable IP's is going to be enough for you, but
> you'd know better than me.  Take away one for your mail gateway and now
> you're down to just 3 for sites or whatever other services you're
> running.  Hope you don't have (m)any domains running SSL!  :)


> I'm going to be calling my provider and see about getting a /29 CDIR. I'll
be
> better off in the long run and leaves room for expansion.

>
>
> > I'd be interested in any comments you guys have on best practices for
> > BlueOynx infrastructure design. I'm
> > considering using a SunFire quad core with 8GB RAM as my BlueOynx server.
>
> Certainly a capable machine.  I would venture to say "overkill" for "a
> couple dozen domains", but then... is there such a thing as too much
> power?  :)
>
> Generally, keep in mind that BX is designed as a hosting appliance.
> It's an all-in-one system.  We have many, many customers that use a
> single server for their entire hosting operation.  We have others that
> use several to a dozen or more BQ/BX servers in conjunction with other
> custom systems doing specialized jobs.
>
> I would be hard pressed to tell you "the right way" to set up your
> infrastructure, since it varies so much based on individual needs - and
> no 2 of our customers have the exact same requirements.  But again,
> generally speaking, I think your ideas are sound.
>
> --
> Chris Gebhardt
> VIRTBIZ Internet Services
> Access, Web Hosting, Colocation, Dedicated
> www.virtbiz.com | toll-free (866) 4 VIRTBIZ
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at blueonyx.it
> http://www.blueonyx.it/mailman/listinfo/blueonyx
>



-- 
-------------------------------
Don Caprio caprio at uxpro.com
http://www.uxpro.com
(925) 240-UNIX
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20090226/e3c98054/attachment.html>