Monday, April 8, 2019

Use or don't use virtualization for Linux Webserver?



I maintain the servers for a big webproject (java + postgres + some tools around) which is currently hosted on three machines:





  1. Machine: Mailserver (postfix), Ad-Server (lighttpd + php + openx)

  2. Machine: Tomcat + Servlet

  3. Machine: PostgreSQL-Server, static content (via lighttpd)



All machines run Debian Stable and are connected via a VPN (openvpn). As the hardware is very old (AMD Athlon 3000+ and 2GB RAM on each) its time for a change.



These servers should now be replaced by one big machine (16GB Ram, big Intel CPU's supporting VT, 5 IP's).




The question now is: Should I still seperate the differents tasks using Virtual Machines or should I simply put everything on the machine as usual. Where are the pros and cons?



I thought of the following:



Pro Virtualization:




  • Security: As the vm's are seperated you cant take the whole machine (hopefully)




Con Virtualization:




  • Performance: There is a performance loss

  • Work: Every maintaince-work has to be done several times for every vm

  • Communication: Communcation of the different vm (Servlet do Database) gets more complicated.

  • Hard Memory Limits: I have to assign static resources (like Memory) to each machine. This can be a con if say my db-server needs more ram for 30 seconds (than it got assigned) and there would be more ram available on other machines. With no virtualization this wouldn't be a problem.



Thanks for any hints.



Answer



Performance loss - Yes, technically there is one. Is it something you or your users will notice? Unless it's some crazy high-end workload, or you horribly over-provision VM's* (or are trying to squeeze 5 VM's with a "normal" RAM allocation onto an old, existing server, I seriously doubt it. Remember to actually check your RAM usage - if you're splitting everything up, you don't need, say, 512megs for an NTP server that defaults to runlevel 3. (Splitting off JUST an NTP server is excessive, it was merely an example.)



Work - This is true. If it's only going from, say, one to three servers, probably not that big a deal - do your change, copy/paste your commands from one terminal session to the other. Past that though, you want some kind of management tool, I'm currently looking at Puppet.



*Memory Limits - Depends on the virt. solution you use. Some environments, like ESX/vSphere allow you to allocate more RAM to VM's than physically is available. If you pay for the feature, ESX let's you set up resource pools, and will automatically adjust resources as needed, with the ability to set priorities. Like everything, you have to know how it works and the tradeoffs in a particular environment.


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...