[ubuntu-za] To virtualise or not to virtualise

[Matthew French]

On 27 Oct 2009, at 10:03 PM, Charl Wentzel wrote:
> My virtual server is on order and I will start setting it up early  
> next
> week.
...
> a. Which of these servers can I safely virtualise on one server, e.g.
> can the firewall be a virtual machine or should it always be a  
> separate
> physical machine?

(You haven't mentioned which virtual machine software you will use. I  
am going to assume kvm since you are using Ubuntu, although VMWare  
would probably apply to these points as well.)

You should be able to safely virtualise all of these systems on one  
server - so long as you size the server properly. Pay special  
attention to the amount of memory you have.

I know of no specific reason why running a firewall in a virtual  
machine should make a difference. There is a small increase in the  
risk profile where it might be possible for a hacker to escape from  
the virtual machine, but they would probably need access to the  
firewall, at which point everything is compromised anyway.

There is also a risk that a hacker could gain control over the  
physical server by conventional means, in which case all the virtual  
machines would be in danger.

> b. Should the servers be virtualised as is, or should I split them up
> further, e.g. Domain Server, SAMBA server and Web Server?

Whichever makes management and maintenance easier. Adding more virtual  
machines just because you can is probably overkill. A separate  
firewall definitely makes sense, separate Windows boxes probably makes  
sense, and then an application/file server completes the picture.

I am assuming the physical server (the host) is another operating  
system running all of these in virtual machines and that you aren't  
using one of the application servers as a host for the virtual machines.

> c. I would like to start with Ubuntu JeOS (just enough OS) and build  
> the
> Linux Servers up from there, rather that doing full Ubuntu Server on
> each.  Is this a good idea or are there hidden security risks?

I don't believe JeOS makes a difference to security either way, but it  
is optimized for virtual machines so should make the initial setup  
less painful. You will need to apt-get the software you want to  
install so probably best to set aside some time to waiting for  
downloads. Unless you have a 24mbps ADSL line handy... :)

> d. Since there is likely to be more than one Ubuntu server (and some
> desktops in the future), I would like to set up apt-cache-ng.  Does it
> matter which server this goes on to?... obviously not the Win 2008
> Server :-)

Probably makes most sense to put it on the file server, since this  
will have plenty of disk space available.

Another option is to use squid as a transparent proxy, running on the  
firewall. This is reasonably safe if you don't expose squid to the  
outside world, and IME the convenience far outweighs the risk. It also  
has the benefit that all those other annoying Windows/anti-virus/game  
updates are also cached and it can do wonders for general Internet  
performance.

> e. They've show interest in an LTSP server.  My guess is that should  
> be
> a completely separate server?

You are probably right - since LTSP is a kind of desktop  
virtualization which you don't want competing for resources with the  
server applications. Although the great thing about virtual machines  
is that you can easily set up a virtual LTSP server to see if it  
works, and when performance does become an issue _then_ you can set up  
a new box.

> I gut is that there must be some rule of thumb here, e.g.
> Number of Virtual servers <= number of CPU cores.  Are there such
> guidelines?

None that I have seen. The problem is knowing the workload of the  
systems involved. Some systems spend 99% of their time being idle, and  
others are fully utilized during the working day.

As I have mentioned, you must make sure you have enough memory. Better  
to have spare RAM than short-change the servers. Disk space  
requirements are marginal - 4Gb is enough for many applications and  
for file servers you should already know how much you need.

For CPU's I would have at least 2 cores - one to do the processing and  
the other to do the management. Even with busy servers it can be quite  
difficult to overload modern CPU's. But quad core processors are so  
cheap these days it might be easier to get one of these. Unless your  
applications are really being hammered I don't see any benefit to more  
than four cores.

One other important issue to consider is that with virtual servers you  
have all your eggs in one basket. So if the server fails then you lose  
everything at once. Obviously RAID is not negotiable - Linux software  
RAID is quite capable if you don't want to pay for a RAID controller,  
but you must have redundant disks. A UPS that can talk to the physical  
server is also a good idea - even if it keeps the server running just  
long enough for it to shut down cleanly.

Installing smartmon and lmsensors on the physical box to monitor for  
disk failures and excessive temperatures might also be a good idea.

You also need a plan B - if the server should melt down, how do you  
bring the virtual machines back to life. The great thing about virtual  
machines is that you can just copy the disk images and fire them up  
somewhere else without having to configure hardware or drivers -  
depending on which VM technology you are using of course. The problems  
are: do you have something to restore from and something to restore  
to? And how long can the business run without any hardware?[1]

Oh, and one other minor point: if you are running an NTP server to  
keep the clock in sync, you need to run it on the physical server, not  
the virtual machines. The virtual machines will get their time from  
the hardware but probably won't be able to reset the hardware time.

Hope this helps,

- Matthew

[1] A common scenario in South Africa is all the computers get stolen.  
So don't assume you will always have something around.