From: Gilles (gilles_at_harfang.homelinux.org)
Date: Wed 22 Sep 2004 - 22:05:15 BST
> ... anyway discussion of those issues is
> appreciated I'd say, so let's keep the talk going ...
In fact, I'd like to understand what is the minimal hardware
configuration, necessary to build a "complete" IT infrastructure,
i.e. that would at least comprise services such as
The aim is to be able to propose a "full-featured" solution to
small organizations, which have limited resources, and be able
to emphasize a level of security similar to the expensive solution
where each server would be on its own physical box.
E.g. if 5 people work with a computer each, it might be difficult to
get them buy twice as many computers...
I imagined that the minimum would be 2 extra computers: one for the
firewall (H1) and the other for the services (H2).
[ (nic2) ] <----> [ (nic3) H2 ]
Internet <----> [ (nic1) H1 ]
[ (nic4) ] <----> [ (nic5) H3 ]
[ (nic6) H4 ] etc.
H3 to H8 would be the 5 end-user machines, on a different subnet than
H2 is on.
But it can be objected that H2 shouldn't host both the public (e.g. web)
and the private (e.g. database) services.
So, I was wondering:
Is it possible to have "virtual" networks inside H2? If yes, how?
Even if it is possible, if each service on H2 runs inside its own vserver,
is it necessary to have a virtual DMZ?
Would it be enough if each service is configured to listen to its IP address
Are there obvious security threats?
> > P.S. I can't seem to be able to subscribe to the ML,
I'm subscribed now.
Vserver mailing list