From owner-freebsd-questions@FreeBSD.ORG Thu Apr 26 18:18:37 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8A8A316A403 for ; Thu, 26 Apr 2007 18:18:37 +0000 (UTC) (envelope-from closetotheledge@yahoo.com) Received: from web63912.mail.re1.yahoo.com (web63912.mail.re1.yahoo.com [69.147.97.127]) by mx1.freebsd.org (Postfix) with SMTP id 49B5C13C487 for ; Thu, 26 Apr 2007 18:18:37 +0000 (UTC) (envelope-from closetotheledge@yahoo.com) Received: (qmail 93865 invoked by uid 60001); 26 Apr 2007 17:51:56 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=qtim6O/hfJDZHd8hXZWDBvDXiyyjlH4VbKT/zWo8d24uQa3e6A07y88cUju/GFkhTudiqjlMApzPgXVnwmmzUEw/HpVD4SsPLOHUD3f47OA6xFgEWdzwXjTDXQJzNaDeGeX/61YL1ElVAsmKUYP6pVLKApJRhwMLb/qcG0TLWak=; X-YMail-OSG: B4vmyXUVM1kp.4mX0yNNoIdU6Z7vZae7EIunczujkTKwD4wuaWevhY2xHlLtvCRQGA-- Received: from [216.113.237.29] by web63912.mail.re1.yahoo.com via HTTP; Thu, 26 Apr 2007 10:51:56 PDT Date: Thu, 26 Apr 2007 10:51:56 -0700 (PDT) From: Duane Winner To: freebsd-questions@freebsd.org MIME-Version: 1.0 Message-ID: <509997.91841.qm@web63912.mail.re1.yahoo.com> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: VPS, Colocation, Dedicated X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Apr 2007 18:18:37 -0000 Hello, I am looking for any sort of insight, experience from anybody who uses VPS technology to substitute for managing their own infrastructure and servers for business apps. We are looking at different options to unload some of the burden of supporting a network and server infrastructure that is composed of 50+ FreeBSD servers. The concept of VPS technology has been put on the table, along with co-lo and dedicated server options. Web hosting is right out of the question. Requirements: 1. We need to have servers take over the role of the 30+ web servers, which run apache and mzscheme webapps. These web servers to talk to 2+ postgresql databases on seperate servers. 2. The data on the pgsql databases is of a sensitive nature, so it needs to be secured in part by keeping these servers on a separate network segment, accessible only by the web servers, using stunnel encryption. 3. All servers should have some form of firewall protection, either locally (software) or on the network. Preferably network. 4. If using VPS, the FreeBSD image should look and feel just as if we installed it ourselves from scratch, starting off barebones and installing only the apps and services we need. 5. Web server disk space needs to be 10GB. Can scale back to 5GB if ports are kept off the server and compiled offline then synced up. 6. One of our database servers is utilizing 33GB of disk space at the moment, so we would need at least 50GB per server. Findings: I have found about 4-5 providers who offer FreeBSD VSP's. I've evaluated 2: JohnCompanies and Verio. 1. JohnCompanies' VPS image was nearly exactly what I'm looking for -- started off barebones, and I had to do the rest. Just like in my server room. But disk space was abysmal $29/month for 2GB or $69/month for 8GB. 2. Verios turned me off right away between high-pressure sales tactics and an evaluation that saw a base image loaded with crap like it was a Linux or worse, a Windows box: NAS audio server, mp3 player, a default Apache 2.2 install (who said I want 2.2?), that wasn't a port, but built-in shared app! PHP, X....ridiculous. 3. Nobody seems to include any sort of firewall protection -- just throw the server out in the public DMZ, and then there is no option to protect database servers on a private subnet. Not even ipfw is included. Verios told me that their FreeBSD images cannot firewall, but their Linux images can, and then tried to pressure me into just converting to Linux. Sorry, they're off the list now. Summary: I really don't think VPS technology can scale to our requirements or meet the specs we need, in resources or security. Their are other in my group who wanted to investigate VPS technology because of the notion that it is more secure. For instance, there is the concept that because it is "virtual", and more hidden, it would be more difficult for an employee at our provider to get at the data, whereas if we colocated, they could just pull a hard drive and get at the data. Personally, I think it would be easier to hi-jack a VMware session or image that it would be to get through security, and into a locked cabinet at a colo facility and reboot into single user mode or yank out a disk in a RAID array to get to the data. But I'm still willing to be proven wrong, and if anybody can tell me that there is a good VPS provider who can meet these needs, I'm all ears, but otherwise, I'm leaning towards colocation as the best solution. (Also, I should mention we already own the hardware -- servers for all -- why not leverage that investment?) Thanks for any feedback! --------------------------------- Ahhh...imagining that irresistible "new car" smell? Check outnew cars at Yahoo! Autos.