[MLB-WIRELESS] Server Virtualisation - (was RE: possible vpn
mw at freenet.net.au
mw at freenet.net.au
Wed Mar 17 11:46:43 EST 2010
Hi,
Good points, with some comments/suggestions:
1. as VMs, they can be started up only when there is actual work in
progress. This may minimise the attack surface and consequences of
compromise.
2. I guess we could develop a skills profile policy that folks must meet in
order to take on a sysadmin role. I suspect that there will be no shortage
of suitable skills among this group.
3. not all systems require live access (database for example) which may
mitigate the total exposure risk.
In the end, the current team are obviously pressed for time. One way to
allow others to contribute is to divvy up the systems. Sure, two systems
take more time to admin than one, but not double the time. Think of it like
this:
Currently, a single server can really only efficiently have one sysadmin.
That person needs to mantain the OS, and mail, and web, and database. Take
away the worry of maintaining mail and database, then that guy only needs to
worry about OS and web. Any reduction in workload can only be a good thing.
Sure, split the systems and you end up with (arguably) up to double the OS
maintainence, but the total administrative load on each individual sysadmin
is reduced. That's got to be a good thing.
Cheers!
> -----Original Message-----
> From: Andrew van Slageren [mailto:andrewvsm at yahoo.com.au]
> Sent: Wednesday, 17 March 2010 11:00 AM
> To: mike at viewbankrise.net.au
> Cc: 'Melbourne Wireless'
> Subject: Re: [MLB-WIRELESS] Server Virtualisation - (was RE: possible vpn
>
> Keep in mind that each VM will still have to be individually managed,
> secured, regularly patched and backed up, especially if they will have
> public IP's.
>
> How can we ensure that the admins put in charge of each VM will be able
> to do this?
>
> mw at freenet.net.au wrote:
> >> Then we are required to maintain and secure several systems and no one
> has
> >> time to do that.
> >>
> >
> > Wrong - the current admins have no time to do it. Multiple platforms
> means
> > that more people can contribute to admin tasks. We don't need just one
> > sysadmin to manage everything. It REDUCES the workload, not increases
> it.
> >
> >
More information about the Melbwireless
mailing list