[nSLUG] XEN & Heartbeat

George N. White III gnwiii at gmail.com
Thu Jun 4 12:46:46 ADT 2009

On Tue, Jun 2, 2009 at 9:03 PM, Miles Thompson <miles at allnovascotia.com> wrote:
> We're looking at replacing our web and email servers; hypervisor's intrigue me.
> If anyone has experience with this, would it be possible to have two
> boxes, call them Left and Right. Both running XEN and configured with
> identical virtual machines, with this software:
>  - Apache
>  - MySQL
>  - Pure-ftp
>  - iFolder
>  - Postfix / CYRUS
> Email and iFolder would each get their own virtual machines.
> Heres the crunch, I think. Could the load be split this way:
> Left:
> - web server
>   (3 sites and 3 IPs, as each has its own SSL cert)
> - FTP (another IP and SSL cert)
> - iFolder
> Right:
> - email server
> Disk configuration: MIrrored terabyte SATA disks in each box, and
> heartbeat keeps them in sync.
> (Remember - the two boxes are configured identically, I really just
> want to split the load. Our email server is much busier than the web servers.)

Typical problem for sites where users send large files as email attachments
rather than putting the files on the web server and sending a link.   Sometimes
it is better to educate users than to throw time and money at problems
caused by their bad habits.   The usual excuse is that with email you control
who gets the file (until a user accidentally forwards sensitive doc to some
list with 1000's of members), with a server you need access controls which
may or may not be messy to configure, but you also have logs to tell you
who downloaded the doc.   You can also put encrypted files on an
internal server and control access using passwords.

> Thoughts? Suggestions?

Are the servers in the same place?  There are so many failure modes that
machines share when they are physically together that it doesn't make sense
to put much energy in redundancy because the most likely failures:

1.  A/C units dies, machines shut down when too hot

2.  network switch, UPS, generator, or some other common element  dies
    when lightening hits the building

3.  contractor disconnects drain from A/C unit, leaves open-ended hose in
 ceiling above the two machines -- first humid day and both get soaked

4.   electrician called in to fix office lights shuts down main panel for
     machine room despite big sign saying "notify sys. admins before
     switching this off".

It is good to think about all the threats and provide a rationale to management
so they don't get a rude shock ("you told us the new system would be reliable")
when 1,2,3 or 4 above happens.

George N. White III <aa056 at chebucto.ns.ca>
Head of St. Margarets Bay, Nova Scotia

More information about the nSLUG mailing list