Weblog entry #5 for yaarg
See all weblog entries made by yaarg.
These days there's a definite urge to virtualise everything - the advantages are clear, but I can't help wondering if it's always appropriate to do so. Some people, for example, think it's a good idea to put every service into its own container so that you have your BIND in one container, your Apache in another, and so on, but isn't there significant overhead in this approach? Even if you're not bothered about creating self-contained services like this, do you put everything in a virtual instance these days just because it makes backup easier perhaps? If you were running a production website on a dedicated machine would you virtualise it even?
Opinions?
Comments on this Entry
It's also a sane way of providing separate environments for test/qa/live platforms if you are on a controlled budget.
To me if you run your key services in their own VM, one each for Apache, Exim, Dovecot, vsftp, SSH, DB Server, BIND etc etc you are adding a lot of complexity to your box, which does lead me to wonder how safe it's going to be?
--
"It's Not Magic, It's Work"
Adam
[ Parent | Reply to this comment ]
I've got several virtual servers at work (Xen), and I'm gradually migrating my home services into virtual servers (Vserver) as well.
Some people, for example, think it's a good idea to put every service into its own container so that you have your BIND in one container, your Apache in another, and so on, but isn't there significant overhead in this approach?
At work, I haven't gone quite that far with splitting services into separate VMs, but I'm not too far from it. For example, Mailman lists are on their own VM, partially so that if the regular mail server has an issue, I can still send out notices and updates to my users. I used to run mail, web, and central NFS on the same server. It was definitely a single point of failure then. At home, I've virtualized off a media server, a configuration management server, and a server for DHCP and DNS. There's definitely some disk overhead, and more RAM overhead if you use Xen instead of Vserver, but I don't think it's that big of a deal. There can be management overhead in keeping more virtual servers patched and with a consistent configuration, but that's largely taken care of by a decent configuration management system, which you should probably have anyway.
Even if you're not bothered about creating self-contained services like this, do you put everything in a virtual instance these days just because it makes backup easier perhaps? If you were running a production website on a dedicated machine would you virtualise it even?
Backup tends to be easy regardless. I'd say the main impulse behind it is in the possibility of easy migration from one set of physical hardware to another, which I guess you may consider to be related to backup. I'd never virtualize my main NFS server at work, since what it does is dependent on its attached disk arrays, and can't really be migrated. Plus, I don't want any performance problems on it. But having the other system around for virtual servers means I'm not even tempted to run anything else on the file server for experimentation.
[ Parent | Reply to this comment ]
At the moment I tend to split servers between admin and user access. An admin virtual server for DNS, essential sites which only admins can modify (webmail, webmail admin, etc.), mail hosting, etc. A user accessible virtual server for the majority of websites, many users can access it and could potentially cause harm on it - but they can't get access to some of the critical data on the admin server.
Take a look at what services you provide and what you really need to seperate. You could run a single service in each server, but personally I'd say that's being paranoid.
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]