cacert-sysadm AT lists.cacert.org
Subject: CAcert System Admins discussion list
List archive
- From: Mario Lipinski <mario AT cacert.org>
- To: Michael Tänzer <michael.taenzer AT cacert.org>
- Cc: Wytze van der Raay <wytze AT cacert.org>, 'Mendel Mobach' <mendel AT cacert.org>, robert kochheim <robert AT kochheim.eu>, Bestuur Stichting Oophaga <oophaga-board AT oophaga.org>, cacert-sysadm AT lists.cacert.org
- Subject: Re: Hosting Meeting at FOSDEM
- Date: Thu, 31 Jan 2013 19:51:52 +0100
- Organization: CAcert (Infrastructure Team Leader, Organisation Assurer, Arbitrator / Case Manager)
Hi Michael,
Am 31.01.2013 17:28, schrieb Michael Tänzer:
> Are any of you at the FOSDEM this weekend? I would like to talk about
> the current hosting situation (among others: how to reduce unneeded
costs).
I won't be at FOSDEM so I won't be able to join the meeting physically.
If suitable and time fits, I would be interested in joining the meeting
via Skype or Google Hangout.
Some words from the infrastructure side:
Generally I am happy with the current hosting situation. I think that
the separation between critical and infrastructure systems is fairly
well possible with continuing hosting infrastructure at BIT. Hey, the
evil Internet is very close, so treat everything from infrastructure as
it were Internet on the critical side and we are fine (speaking very
simplefied).
However, there are some drawbacks for infrastructure currently:
There are some issues with the firewall, connections from infrastructure
to it's external addresses does not work. An easy work around would be
DNS for infrastructure to extinguish any use cases that require these
connections.
Currently, backups are performed via USB which causes a pretty high IO
load on the servers and backups requiring long. However, backups perform
smoothly. An entry level NAS for infrastructure backups might improve
the situation. As far as I can tell, service performance is not affected.
IP addresses are rare. This results from the current design to have any
service reside in a virtual container and enabling certificate login. A
solution would be to change the design to use more shared hosting. SSL
certificates could be shared by using SNI (early IE with WinXP might
cause problems, but I think we can live with that). A shared hosting
environment would also solve problems with recruiting admins for each
service. Have a few sysadmins that only have to keep one system in good
shape and have responsibilities assigned for certain tasks. Currently
many systems are orphaned and are in bad shape running no longer
supported OS releases and outdated software that might be vulnerable. A
shared hosting setup would also enable us to provide better support for
hosting new (web) applications. But this there is a lot tbd.
--
Mit freundlichen Grüßen / Best regards
Mario Lipinski
Infrastructure Team Leader, E-Mail:
mario AT cacert.org
Organisation Assurer (Germany), Internet: http://www.cacert.org
Arbitrator / Case Manager
CAcert
Support CAcert: http://www.cacert.org/index.php?id=13
http://wiki.cacert.org/wiki/HelpingCAcert
Attachment:
smime.p7s
Description: S/MIME Kryptografische Unterschrift
- Hosting Meeting at FOSDEM, Michael Tänzer, 01/31/2013
- Re: Hosting Meeting at FOSDEM, Mario Lipinski, 01/31/2013
- Re: Hosting Meeting at FOSDEM, Jan Dittberner, 01/31/2013
- Re: Hosting Meeting at FOSDEM, robert kochheim, 01/31/2013
Archive powered by MHonArc 2.6.16.