Date: Sat, 9 Dec 1995 11:43:03 -0600 (CST) From: Joe Greco <jgreco@brasil.moneng.mei.com> To: sreid@edmbbs.iceonline.com Cc: freebsd-isp@freebsd.org Subject: Re: Hardware for ISP / WWW server Message-ID: <199512091743.LAA22132@brasil.moneng.mei.com> In-Reply-To: <9512090501.D5651Li@edmbbs.iceonline.com> from "sreid@edmbbs.iceonline.com" at Dec 9, 95 05:01:24 am
next in thread | previous in thread | raw e-mail | index | archive | help
> What hardware would you all recommend for an ISP / Web server? We'll > probably have a 56k digital line (Maybe T1) and an as-yet-unknown number > of dial-up slip/ppp users. Here's what I was thinking... > > Pentium 90 (PCI) with 256k or 512k cache > 32 megs of RAM > Cheap SCSI CDROM (1x or 2x, only for installing FreeBSD) > Fast SCSI hard drive(s)... SCSI is best? > Cheap VGA card+monitor > 28.8 kbps modems for dial-up > Cheap ethernet card so a nearby Dos machine can have net access > > With 32 megs, we'll have only a minimal newsfeed... Everything will > be handled by this one machine. Is this do-able? do-able, yes, wise, no.... the saying "put all of your eggs in one basket" should be foremost in your mind. the concept of functional separation seems to be lost on most people these days. by putting everything on one box you are increasing your vulnerability. think about: 1) mail bombs - somebody subscribes a user to a trillion mailing lists 2) www bombs - somebody posts on alt.sex.pictures that you have a dirty picture archive somewhere on your server 3) news problems - somebody fills your disk 4) user problems - somebody writes a program that causes major problems for your systems (fork bombs, VM eaters, etc). etc etc etc. now, if you have all your eggs in one basket, your whole operation is toast if any one of these things happens. now consider a site set up as follows: a "general purpose" user machine (shell, POP mail, etc) a "terminal server" to handle tty and PPP dialins a "primary mail/dns hub" a "secondary mail/dns hub" a "web server system" a "news server" now, many common problems are compartmentalized. if somebody blows your web server out of the water, so sad!! but your customers can still do everything else. if the news server has a disk failure, so sad!! but your customers are still OK. if a user writes a fork bomb and locks up the shell machine, so sad!! but your customers can still dial in and surf the Web, read news, etc. even separating it into maybe three systems is a much safer idea: general purpose/primary mail/dns box terminal server web/news/secondary mail/dns although here at home, I am definitely much more compartmentalized than that. :-) ... Joe ------------------------------------------------------------------------------- Joe Greco - Systems Administrator jgreco@ns.sol.net Solaria Public Access UNIX - Milwaukee, WI 414/342-4847
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199512091743.LAA22132>