server reorganization

Posted by: mstauber Category: General

On the 12th and 13th April we reorganized the projects server architecture, so web services, mailing lists and YUM repositories were temporarily down.

In the two and a half years since its release, BlueOnyx has grown quite a bit. With more than thirteenthousand BlueOnyx servers running worldwide, we have now gained a level of popularity that we had outgrown the original server setup.

The initial Aventurin{e} server that hosted the various BlueOnyx related VPS's had been kindly donated by Chris Gebhardt from VIRTBIZ Internet Services, who also hosted it in his datacenter. Thanks to that very kind donation, bandwith or stability of the network has never been an issue.

However, the setup that we were using was suffering a bit from the "all eggs in one basket" phenomenon.

While the box that builds the RPMs and ISO images of BlueOnyx has always been separate and tightly locked down, we had one VPS that served the webpage, the mailing lists, provided downloads of the ISO image and also had a YUM repository on it.

Now that was a bit too much from a security point of view.

Considering the growing popularity of the project, it was almost natural that we have - with increasing numbers - been targets of hacking attempts. One of the recent attempts was a pretty close call, so it was time for a hard look at what could be improved.

Again Chris Gebhardt from VIRTBIZ Internet Services jumped to the rescue, donating a more powerful new server that allowed us to entirely restructure the security measures and our infrastructure.

The changes:

  • The primary YUM repository has been moved to a separate VPS, which allowed us to lock it down real hard. Much harder than on a box that also serves other purposes.
  • The mailing lists have been moved to a separate VPS as well, which only does very limited web related services and focusses entirely on email related issues dealing with the mailing lists. That also allowed for a better lockdown of things on that end.
  • The BlueOnyx webpage has moved to its own VPS, too. A VPS that no longer deals with mail services or has any direct contact with the actual YUM repositories.
  • Lastly the already existing security measures got beefed up three our four notches, the firewall rules were updated to pretty restrictive settings and access procedures and methods were reviewed and changed accordingly.

All in all these measures should help to improve things quite a bit.

Apr 12, 2011 Category: General Posted by: mstauber
Next page: Features