On 2019-08-20 10:33:17 +0000, Karl Martin Skoldebrand wrote: > I just discovered that a client has done this: > > They have two web applications A1 and A2. They have seperate hostnames/URLs. > Both have a production and a test database A1p and A1t/ A2p and A2t. > > What they've done is have both A1p and A2p on the same actual databaser server > and A1t and A2t on the same server. > > So, I'm thinking - if a bug in application A1 crashes the application and > database badly it will risk bringing down both services A1 and A2. The same > risk would be evident on a successful security breach. > > I would prefer to A1p and A2p on seperate servers, maybe keeping A1t and A2t on > the same. (This is what seems to be happening when the database servers are > being repladed). On rereading this I notice that I'm not sure what that means. If you propose replacing the two servers with three (two production, one test) or even four (two production and two test), I agree. If you want to keep two servers, but rearrange them so that one server has both the production and the test database for each app on the same server, see below. > What is the general thought on the current setup? Without knowing the details I think I would side with your client here: It seems to me that the risk of accidentally clobbering a production database which is in the same host as the test database is higher than the risk of two different production databases interfering with each other. Also, if you have the test and production database on the same host, there are some procedures which you can't safely test (e.g. an OS upgrade). I would think about putting each database in virtual machine or at least a container, though. hp -- _ | Peter J. Holzer | we build much bigger, better disasters now |_|_) | | because we have much more sophisticated | | | hjp@xxxxxx | management tools. __/ | http://www.hjp.at/ | -- Ross Anderson <https://www.edge.org/>
Attachment:
signature.asc
Description: PGP signature