Poll: your oppinion about the best setup...
This post will probably end like a shoot on my feet (hope not), but I would like to ask you (my daily readers) about your oppinions regarding the setup of my new intranet server, just keep reading the post and you will find the questions at the end of it.
UPDATE: Paco shared his point of view over this topic, anybody else willing to add some more information?
Last week, I got a new intranet server, a Dell Poweredge 6650 (click to get the full specs), being a 4-dual-xeon processor (8 3Ghz cores), 8Gb of DDR RAM and 2 146Gb SCSI harddrives + 1Tb NAS space its most noticeable specs.
This server was bought to fulfill the following tasks:
1- Intranet server:
This is a production "do-not-touch-it-if-it-works-fine" server. Every services will have to be running 24x7 without interruption. External (Internet) access to this server is forbidden.
- OpenLDAP database with user information (used as a backend for authentication purposes)
- Samba PDC for some MS Windows clients in the network
- NFS export of some space to Linux clients in the network (users' homes and some shared directories between different departments)
- Web/application server for some production webapps we need for work (mostly Zope, django and php based apps, so we need Apache2, mod_python/mod_wsgi, mod_php, Zope, etc)
- Database server (both MySQL and PostgreSQL) to store the databases of the previously mentioned webapps.
- RCS server, where we store the source code of our projects (currently using svn, but probably will be bazaar/darcs/git/whatever repos soon) + trac access to manage the projects.
- Internal DNS/DHCP server, resposible to give ip addresses to authorized machines and give them a name too (automatic name-to-address mapping)
- Internal NTP server to keep everything on time.
- OpenERP server, as we are using OpenERP as our ERP software solution, and we need it to be in production state for our company.
2- Development server:
We need a clone of our public production servers (the servers where we publish customer-access products), in order to perform some final tests before publishing. External (Internet) access to this server is needed.
- Web/application server, as in the case of the intranet server, Apache2, mod_python/mod_wsgi, mod_php, Zope...
- Database server, with both MySQL and PostgreSQL
- Everything needed for the tests (dependencies, like programming languages, libraries, etc).
- Customers will have access to this server, to check products/services before putting them online (production state).
3- Shared rcs server:
For some of our projects, we do some collaboration with people outside our office, and mostly important, outside our company. For these collaborations, we need to set up a rcs server to share both source code and documentation with external developers. External (Internet) access to this server is needed.
- rcs software (bazaar/git/darcs/svn/whatever)
- trac (so we'll need at least apache + mod_python + sqlite/postgresql)
4- testing server:
As we are continuously improving our development environment with new tools, we should have a testing sandbox server to install/deinstall new software, mostly open source software, just to test it. As these tests are performed by non-high-techie users, we need an environment that could be broken at a given time, but that could be reinstalled without pain. External (Internet) access to this server is forbidden.
Ok, those are our needs, now the posible choices:
Our currently infraestructure is using almost FreeBSD for every serving needs. Our currently public servers (x3) are running FreeBSD 6-STABLE and 7-STABLE and our current intranet server runs 7-STABLE too. Having such an homogeneous environment is quite good, as you can move things from one server to another easily.
For this server we could use 7-STABLE (hardware is well-supported) running the Intranet server and using jails to setup the other 3 servers. Setting up a jail for each server allow us to have 4 independent servers, each one with it's associated ip address and its dedicated resources (which is needed as both server 2 and 3 will be accesible from the Internet using a somehow DMZ-like setup.
- Everything will be running under the same OS, which means easier updates, easier setups, etc.
- Creating a new jail is a matter of minutes (no need to go through the installation process of a whole system)
- We can create a jail that contains a full FreeBSD system on it, or we can create a jail for only a service (similar to a chroot-environment, but with it's own ip address and such). This could be a very interesting solution for servers 2 and 3.
- Perform backups of each jail is pretty easy, as you can create a tarball containing the whole jail (from the main OS) and save it anywhere.
- There is no need to have different device definitions between jails. As there is no hardware layer emulation, jails get access to devices directly (which is somehow faster than usual virtualization).
- I've worked with jails in the past, so I'm quite familiar with the environment.
- If someday we need a different operating system for one virtual environment (like Linux, for example), we will have to add another machine.
- The FreeBSD/Jails combo will not take advantage of the Xeon processors Virtualization optimizations (not sure, but I don't think it will)
- Each jail share the main OS kernel, so you can't have different kernels betweek jails (which could be interpreted as a less-secure way of doing things)
More about Jails:
Using a Linux distribution and Xen we could set up a lot of different virtual servers on top of a strong Linux system, setting the ammount of resources for each virtualizated system, and we could get a full-featured multi-operating system infraestructure.
- Xen uses whole virtual machines, with their own hardware access layer and their own devices, so they are completely separated from the dom0 (the host).
- As a result of the previous point, we could have different Linux distributions running at the same time, as well as the same distribution with different kernels. There is even an option to run FreeBSD as guest in a Xen environment.
- Seems like there is full support for NetBSD, so we could keep ourselves in the BSD land (as dom0 or guest) if really needed (I doubt it, as it would take the same effort to move things from FreeBSD to linux than from FreeBSD to NetBSD).
- Xen will take advantage of the Xeon processors virtualization optimizations
- Xen is in a more-active development process
- I'm not familiar with Xen at all (never used it before).
- Xen has a community version, but seems like the enterprise version (not free) is the choice for a setup like ours.
- Each time we need to add a new system, we will have to go through the whole installation process of the Linux distribution of choice (installing the full-system).
- Xen could be a little bit complex than jails, not only to set up, but to maintain the whole thing. It will add some overhead too (but I think the 6650 could take care of that).
More about Xen:
Fine, now everything was explained and you have an idea about my decission-to-be-taken...
What's your oppinion?, Should I use FreeBSD/Jails?, should I use Linux/Xen?, Should I use NetBSD/Xen?, Did any of you, my daily readers, manage such an environment?, Could anybody point me to some more pros/cons of using one or another solution?
Any comment will be appreciated.