Excellent point Matt! (Although spin-down drives are available for removing that problem from the mix, most companies don't spend that kind of money...) John -----Original Message----- From: fedora-list-bounces@xxxxxxxxxx [mailto:fedora-list-bounces@xxxxxxxxxx] On Behalf Of Matt Morgan Sent: Friday, July 16, 2004 2:13 PM To: For users of Fedora Core releases Subject: Re: Would you put web-server on the same machine as your company internal database? On 07/16/2004 01:34 PM, Apollo at Carmel Music & Entertainment wrote: > I thinking about consolidating my two servers into one. Right now I > have separate server for my Apache/RealMedia server and separate > server for Samba/MySQL for internal use. > Would you consolidate these two into one? > My perimeter is guarded by a custom firewall machine. > > Apollo > If the Samba/MySQL box is entirely for internal use, then no, I would not consolidate them. The cost/effort you might save in consolidating servers will most likely be smaller than the extra work and worry you put into the more complicated security work that's required if both systems are on the same machine. It may not seem like a big deal, if you're just opening specific ports while others are closed. But you're going to worry a lot more about holes in Apache or Real servers, or in the kernel, etc., buffer overflows, things like that. And whenever the person in charge of it quits ... this is the kind of thing many people don't document well. It's a lot for the new person to figure out. The other thing is, the odd times you have to reboot or shut down the servers to work on them: they're doing entirely different jobs. I wouldn't want to tell the people who work here they don't have access to their files because I'm working on the web server, or to bring down the web server and alienate customers when I'm working on the internal file server. It makes more sense to consolidate, for example, the file server and the print server, or the mail server and the proxy server--services that have something in common. Because people who can't get access to their files don't need to print anyway. Since hardware is pretty cheap (and you're not saving on disk drives really, by consolidating), probably you shouldn't consolidate. --Matt -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list