[BlueOnyx:12381] Re: Solarspeed / Compass / BlueOnyx stores

[Michael Stauber]

Hi Steven,

>> 1) The ability to install it, fully supported on top of Redhat /
Oracle Linux with a single command via YUM.
>> 2) Very good GUI - well maintained, worked on mobile devices also.
>> 3) Ability to provide customers with jailed SFTP access without giving them a shell login (eliminating all that FTP firewall nonsense)
>> 4) PHPMyadmin 3.5 included
>> 5) Single click install of many popular web applications (Wordpress, VTiger CRM, Magento, etc) via SimpleScripts - included
>> 6) Visual easy to configure firewall management - log in via HTTPS and enable ssh when you need it if you are worried about leaving it open all the time.
>> 7) Plugin for Litespeed webserver integration - enabling easy compile of latest PHP 5.4.xx
>>
>> The support system is ticketed, and replies typically come back within a few hours.

>> 1) The ability to install it, fully supported on top of Redhat /
>> Oracle Linux with a single command via YUM.
> 
> It's always hard to compare a free product with a commercial one. 
> The support system bit in particular. There are people on this list
> who would provide that sort of commercial support if you were after
> it. To address the points in order (please note these are my
> opinions, Michael may disagree):

Yeah, you named it: When you let the client install the OS himself and
then install the GUI on top of it, there are tons of unknowns. It starts
with which services are available and activated (which has severe
security implications to begin with) and goes through a lot of
nitty-gritty details, including the partitioning. We need quota support
on the /home partition (or / at the least).

>From my perspective such DIY "just drop the GUI on top of it" systems
are a security and support nightmare. No two systems will look alike
either. And the installer gets hellishly complicated, too.

So my personal opinion is: I think it is best for us to provide
installation media which installs all BlueOnyx servers in the same way.
Same partitioning, same number of packages that are installed and active
and having the configuration in the best way to suit the system to begin
with. So that's what we're using.

Marketing wise it might not be the best idea and I can see why other
companies might choose to do it differently.

> 
> 1) There is always a risk with operating a system like this. BlueOnyx is very much designed as an appliance (historically it *was* the Cobalt RaQ appliance). Breaking away from that is not easy. A GUI that integrates so tightly with the rest of the OS, has to make some assumptions about the configuration of the underlying system. Dropping it on top of an existing system lands it with a lot of unknown questions, so it'd be hard to not make it break. I'm sure Interworx have managed this - it's just a matter of resources.
> 
> 2) BlueOnyx has a new UI in development, wait and see ;)

>> 3) Ability to provide customers with jailed SFTP access without
>> giving them a shell login (eliminating all that FTP firewall
>> nonsense)
> 
> 3) This has been talked about in the past, if I'm honest I've no idea what the outcome of the discussion was.

Yeah, in fact I don't know either. :p

BlueOnyx supports SFTP out of the box. It's not jailed and perhaps our
configuration of that service is not 100% optimal and needs some work on
it to get better. But I'll look into it again sometime down the road.

>> 6) Visual easy to configure firewall management - log in via HTTPS
>> and enable ssh when you need it if you are worried about leaving it
>> open all the time.
> 
> 6) This would be nice to see. The Cobalt range was never very good at 
> this (who here remembers the Phoenix Adaptive Firewall?..) I'd like
> to see this myself in future, but it's going to be pretty low down
> the list. Anyone who's running an web server should be able to cobble
> together iptables config. It would be nice to have this easier to
> manage though.

Yeah, this is being planned as well. Greg and I will merge our different
security packages. The new solution will probably be a merge of the
customized APF firewall that I offer, together with his modified DFIX
(instead of BFD) and a few extras sprinkled it. And yes, there will be a
GUI for it - including one for the firewall.

Yeah, I remember the Phoenix Adaptive Firewall. I still have the sources
for it sitting somewhere on my fileserver. It's ipchains only (of
course) and the GUI really sucked to begin with. For me it's a prime
model of how not to do a firewall GUI. :p

>> 7) Plugin for Litespeed webserver integration - enabling easy
>> compile of latest PHP 5.4.xx

See [BlueOnyx:12379]. It is being considered and provisions are being
made to make it possible in the future to use a different web server.
Which alternative web server will be provided is yet undecided, as there
are quite a few interesting alternatives. But making it modular first is
one step of making sure that we can provide one (or more) alternatives
later on.

-- 
With best regards

Michael Stauber