Server Software - Linux

Mirageboss

Baseband Member
Messages
91
Location
Australia
So my mate and I are starting the Webhosting industry, done loads of work in this industry before so not going into it with a blind eye.

I wondered whats the best to use:

Firewall: CSF/LFD or something else?
Apache: Apache or Litespeed etc.

Just wondered if anyone has been in this industry before, if so, what did/do they use?

Will be running CentOS 6.

Thanks
 
CSF with LFD works great for me.

I use Apache, but there are lighter options out there.
 
Yeah I was looking around and litespeed was good. I was also tossing up this as rumour has it apache is easier to drop in a DOS attack more so than litespeed etc
 
the company I work for is a cloud services provider. including website hosting.

we use windows 2008, IIS6 or 7, MSSQL backends.
Jet Nexus loadbalancers.
Cisco Firewalls and routers.
All hosted on VMWare ESXi.
through three Datacentres, with SRM recovery and fail-over in each.
A backup solution that has primary and DR "vaults" on different SANs in different data centres that use Delta backups with compression and de-duping to make the best use of the data. (and those SANs are different from the data holding the server "disks")

if someone wants linux hosting then they can be provided with a Centos VM with Apache as our preference of hosting choices. but whatever they want if they have a preference.

Then we also have most sites mirrored world wide by Akami.

but, assuming you don't have money to spunk on data centre cages (private rooms with many racks), multiple servers some of which sit virtually redundant. multiple lines, with multiple routers in failover configurations, warm standbys, equipment literally going to waste as cold standby and maybe don't even have the speciality to have multiple lines a huge IP blocks and the knowledge to sort out the BGP....


as a start, I'd say get a decent hardware firewall. Hardware is better than software.
Host virtually using VMWare. it's hugely flexible, you can offer dedicated servers or shared servers, using VMware means that you can scale up and down hosts as necessary. it also means that you can give customers exit opportunities of just providing VMDK files. and you can "on-board" customers by saying just send a VMDK of your existing webserver. (even made using P2V or V2V tools).

don't put a firewall on your machines, it's overly complicated, and takes unnecessary CPU time. also has to be configured individually on every host.
Only allow the ports you need with the hardware firewall.
A well designed network with hardware firewall at the outside and networks segregated using VLANS is much (much) better than trying to use firewalls on a flat network.

(that way you can not only give dedicated virtual machines to your customers, but also you can give dedicated virtual networks).

It's all very well telling a customer that there is a firewall on the machine preventing connections at layer 6 or 7.
but with the use of Vlans, you can prevent connections at layer 2 -much more secure!


this all sounds expensive,
but it's not.
you've already got servers,
a hardware firewall may already be being provided by your ISP.
a switch capable of Vlan tagging can be gotten for a few thousand pounds, (or less second hand)
VMWare isn't all that expensive. and if you've not yet got the money to spend on SANs then there is an appliance that takes this disks in your servers.
Raids them internally, and mirrors them to a partner server, to create shared storage on local machines mirrored throughout an array of machines.
(it is a bit disk intensive, but still cheaper than a real SAN for starting out!)
that offers you fully redundant esx hosts, where machines can failover in case of host problems.

above all else remember that uptime is king.

if you have hardware hosts instead of virtual hosts a simple failure can flaw your shared server, (and perhaps hundreds of websites) for a long time.
Virtual servers can be moved, sometimes instantly. -sometimes even moved on a hardware warning from the server. so that you can fix problems BEFORE then become problems.

If you can't offer guaranteed uptime, then you aren't all that useful. -we provide uptime guaranteed, with financial penalties and fines attached if sites are unavailable.

the last piece of advice.
if you offer $5 per month hosting, make sure that your support documentation is CLEARLY available.

if 1 guy phones you for 1 hour, you've lost all your revenue from that guys account for the month.

if there is a real complicated problem that's going to take you a few hours or maybe a day to fix, you've used all the revenue from that guys account for the year!
(and that's before you've actually counted the colo costs for the metal in the datacentre, or the line costs.
 
the last piece of advice.
if you offer $5 per month hosting, make sure that your support documentation is CLEARLY available.

if 1 guy phones you for 1 hour, you've lost all your revenue from that guys account for the month.

if there is a real complicated problem that's going to take you a few hours or maybe a day to fix, you've used all the revenue from that guys account for the year!
(and that's before you've actually counted the colo costs for the metal in the datacentre, or the line costs.
The Thanks system doesn't seem to be working, so: thank you! this really puts things into perspective!
 
the company I work for is a cloud services provider. including website hosting.

we use windows 2008, IIS6 or 7, MSSQL backends.
Jet Nexus loadbalancers.
Cisco Firewalls and routers.
All hosted on VMWare ESXi.
through three Datacentres, with SRM recovery and fail-over in each.
A backup solution that has primary and DR "vaults" on different SANs in different data centres that use Delta backups with compression and de-duping to make the best use of the data. (and those SANs are different from the data holding the server "disks")

if someone wants linux hosting then they can be provided with a Centos VM with Apache as our preference of hosting choices. but whatever they want if they have a preference.

Then we also have most sites mirrored world wide by Akami.

but, assuming you don't have money to spunk on data centre cages (private rooms with many racks), multiple servers some of which sit virtually redundant. multiple lines, with multiple routers in failover configurations, warm standbys, equipment literally going to waste as cold standby and maybe don't even have the speciality to have multiple lines a huge IP blocks and the knowledge to sort out the BGP....


as a start, I'd say get a decent hardware firewall. Hardware is better than software.
Host virtually using VMWare. it's hugely flexible, you can offer dedicated servers or shared servers, using VMware means that you can scale up and down hosts as necessary. it also means that you can give customers exit opportunities of just providing VMDK files. and you can "on-board" customers by saying just send a VMDK of your existing webserver. (even made using P2V or V2V tools).

don't put a firewall on your machines, it's overly complicated, and takes unnecessary CPU time. also has to be configured individually on every host.
Only allow the ports you need with the hardware firewall.
A well designed network with hardware firewall at the outside and networks segregated using VLANS is much (much) better than trying to use firewalls on a flat network.

(that way you can not only give dedicated virtual machines to your customers, but also you can give dedicated virtual networks).

It's all very well telling a customer that there is a firewall on the machine preventing connections at layer 6 or 7.
but with the use of Vlans, you can prevent connections at layer 2 -much more secure!


this all sounds expensive,
but it's not.
you've already got servers,
a hardware firewall may already be being provided by your ISP.
a switch capable of Vlan tagging can be gotten for a few thousand pounds, (or less second hand)
VMWare isn't all that expensive. and if you've not yet got the money to spend on SANs then there is an appliance that takes this disks in your servers.
Raids them internally, and mirrors them to a partner server, to create shared storage on local machines mirrored throughout an array of machines.
(it is a bit disk intensive, but still cheaper than a real SAN for starting out!)
that offers you fully redundant esx hosts, where machines can failover in case of host problems.

above all else remember that uptime is king.

if you have hardware hosts instead of virtual hosts a simple failure can flaw your shared server, (and perhaps hundreds of websites) for a long time.
Virtual servers can be moved, sometimes instantly. -sometimes even moved on a hardware warning from the server. so that you can fix problems BEFORE then become problems.

If you can't offer guaranteed uptime, then you aren't all that useful. -we provide uptime guaranteed, with financial penalties and fines attached if sites are unavailable.

the last piece of advice.
if you offer $5 per month hosting, make sure that your support documentation is CLEARLY available.

if 1 guy phones you for 1 hour, you've lost all your revenue from that guys account for the month.

if there is a real complicated problem that's going to take you a few hours or maybe a day to fix, you've used all the revenue from that guys account for the year!
(and that's before you've actually counted the colo costs for the metal in the datacentre, or the line costs.

Oh, wow thats a lot of information for me to read through - I'll set some time aside tonight to read it all.

The Thanks system doesn't seem to be working, so: thank you! this really puts things into perspective!
Yeah, this for sure.
 
Back
Top Bottom