Chris,<br><br>Thank you your reply. It was very helpful. See responses in-line.<br><br><div class="gmail_quote">On Wed, Feb 25, 2009 at 9:25 PM, Chris Gebhardt - VIRTBIZ Internet <span dir="ltr"><<a href="mailto:cobaltfacts@virtbiz.com">cobaltfacts@virtbiz.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="Ih2E3d">don caprio wrote:<br>
> I'm considering switching over to BlueQuartz and have some basic newbie<br>
> questions.<br>
<br>
</div>Welcome!<br>
<div class="Ih2E3d"><br>
> I'm going to be moving to a new co-lo. ISP has assigned me a subnet'd<br>
> class C network. I have<br>
> 5 available static IP's. I'm going to be using a Netscreen for my<br>
> firewall which leaves me 4 IP's.<br>
<br>
</div>Do you mean you're getting a /29 CIDR (subnet) carved out of a "class<br>
C"? You might want to think about asking for a /28 (16 total, 13<br>
usable) because from the below it sounds like you will need more -<br>
unless you're using some sort of NAT.<br>
<br>
Also... does your Netscreen have the guts to stand in front of your<br>
operations? It always amazes me when customers bring half a rack of<br>
gear into the datacenter and stick a home / small business router in<br>
front of it. Tens of thousands of dollars worth of high-end server<br>
equipment, all with dual redundant power supplies, RAID, etc, and then<br>
it all plugs into this little box. Guess where the point of failure<br>
usually is? All I'm saying here is make sure you are comfortable.<br>
Once I hear that from a customer, I shut my mouth. Until the first<br>
"please reboot my router" ticket. :)</blockquote><div> </div><div>> I hear ya on the NetScreen. <br>> I had a dedicated Linux host for my firewall. I've gone back and forth with this<br>> very issue. True it's a single point of failure but having a firewall appliance where<br>
> I spend less time managing it is appealing. As you know the nice enterprise firewall<br>> appliances are expensive and out of my budget. I've been watching eBay for used and was thinking <br>> about picking up a WatchGuard X500 or X1000 rather using my Netscreen. Cisco<br>
> PIX's show up on eBay as well. Cisco PIX has the reputation and would be a good <br>> alternative.<br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d"><br>
> Are there folks out there that are running ALL of your internet services<br>
> on a single server (DNS,sendmail,<br>
> ftp, http, https,mysql)? I still plan on using my dedicated mail gateway<br>
> for spam and virus protection (mailcleaner).<br>
<br>
</div>Absolutely. That's the whole point of a hosting appliance, which is<br>
what the Cobalt was years ago and BlueOnyx (BX) is the progeny of its DNA.<br>
<br>
Of course, if you want to put a mail gateway in front of your hosting<br>
boxes, that's certainly not a problem. (We have done that for many years).<br>
<br>
An odd exception that springs to mind is a large-ish customer of ours<br>
(US residents see their commercials during every NFL game) that has a<br>
handful of old RaQ-XTRs, with each having been hacked up to process<br>
certain bits and pieces of their site. One for images, another for<br>
Oracle (yes...), another for MySQL (yes, still... it's odd), and various<br>
for the actual content pages of various bits and pieces of their sites.<br>
<br>
The original developers set things up this way for a reason. Nobody now<br>
can figure out what that reason is, but it's too cumbersome to change.<br>
So we keep their old XTRs cranking along! There are plans to do much<br>
consolidation in the next re-write of the site, but that's been talked<br>
about since about the time that Sausalito got open-sourced! :)<br>
<br>
Like I say - odd exception.<br>
<br>
Of course, the downside to having all services on a single machine is<br>
that all your eggs are in one basket. But practically speaking, the<br>
trade-off is well worth it for the sake of simplicity. If you're like<br>
me, you enjoy a system that "just works".<br>
<div class="Ih2E3d"><br>
> I'll be hosting a couple dozen domains. Most small and not much traffic.<br>
> One site is JSP based and is my largest<br>
> customer.<br>
<br>
</div>Again I wonder if just 4 usable IP's is going to be enough for you, but<br>
you'd know better than me. Take away one for your mail gateway and now<br>
you're down to just 3 for sites or whatever other services you're<br>
running. Hope you don't have (m)any domains running SSL! :)</blockquote><div><br>> I'm going to be calling my provider and see about getting a /29 CDIR. I'll be<br>> better off in the long run and leaves room for expansion. <br>
</div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><br>
<div class="Ih2E3d"><br>
> I'd be interested in any comments you guys have on best practices for<br>
> BlueOynx infrastructure design. I'm<br>
> considering using a SunFire quad core with 8GB RAM as my BlueOynx server.<br>
<br>
</div>Certainly a capable machine. I would venture to say "overkill" for "a<br>
couple dozen domains", but then... is there such a thing as too much<br>
power? :)<br>
<br>
Generally, keep in mind that BX is designed as a hosting appliance.<br>
It's an all-in-one system. We have many, many customers that use a<br>
single server for their entire hosting operation. We have others that<br>
use several to a dozen or more BQ/BX servers in conjunction with other<br>
custom systems doing specialized jobs.<br>
<br>
I would be hard pressed to tell you "the right way" to set up your<br>
infrastructure, since it varies so much based on individual needs - and<br>
no 2 of our customers have the exact same requirements. But again,<br>
generally speaking, I think your ideas are sound.<br>
<br>
--<br>
Chris Gebhardt<br>
VIRTBIZ Internet Services<br>
Access, Web Hosting, Colocation, Dedicated<br>
<a href="http://www.virtbiz.com" target="_blank">www.virtbiz.com</a> | toll-free (866) 4 VIRTBIZ<br>
_______________________________________________<br>
Blueonyx mailing list<br>
<a href="mailto:Blueonyx@blueonyx.it">Blueonyx@blueonyx.it</a><br>
<a href="http://www.blueonyx.it/mailman/listinfo/blueonyx" target="_blank">http://www.blueonyx.it/mailman/listinfo/blueonyx</a><br>
</blockquote></div><br><br clear="all"><br>-- <br>-------------------------------<br>Don Caprio <a href="mailto:caprio@uxpro.com">caprio@uxpro.com</a><br><a href="http://www.uxpro.com">http://www.uxpro.com</a><br>(925) 240-UNIX<br>