Re: securing a remotely hosted machine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 08/20/2010 03:55 PM, Brunner, Brian T. wrote:
> 1: Rebuild kernel to remove local KVM (Keyboard Video Mouse), run
> headless; the only access is via ssh.

that isnt going to help if the network card is dead. I dont want the 
machine shipped back to me for looking at :)

> 3: When you first build the system, ghost/image the boot/root/usr (bru)
> drive onto a spare backup, verify the backup boots the machine the same
> as the main drive.
> 4: have the backup bru drive mailed to you, dupe it, and rsync the
> remote bru to your local copy whenever you make a change to the remote
> bru.
> 5: In the event of fire, vandalism, or other urgent cause, your cluster
> can appear on a new server rapidly.  Just FedEx ghosts of your locally
> stored bru drive rsynced from what were your remote machines, and (on
> similar hardware) they should turn-key boot and run.

points 3 - 5 are a bit academic, and very site specific. For my setup, 
it takes lesser time to rebuild the machine with the installer and have 
the config management system, job queue system restore a box's 'role' 
than use ghosting policies. eg. a bare metal install is ~ 5 min from a 
local cobbler setup, which can also trigger a puppet run which usually 
does the system state rebuild in about 15 - 18 minutes. Data needs 
restoring, but that will come from the backup machine.

With rapid provisioning where it is, i dont think ghosting is worth the 
extra agro.

- KB
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux