msterle/pre-gliffy

## pre-gliffy
               (INTERNET)
                   |
HAPROXY\           |    /HAPROXY-STANDBY
NFS- DRBD1 <------VIP   DRBD2 -NFS-STANDBY
MYSQL/ /  /|\ \         \MYSQL-STANDBY
PUPPET/  / | \ \STORAGE
        /  |  \
WEB1 WEB2 WEB3 WEB4 (apache's mpm-itk/nginx php5-fpm)


Things we cant limit :  Evil/Bad/Dumb PHP code
                        Users with bad passwords

Things we can limit:
                        PHP
                                Apache:
                                        mpm-itk takes care of setuid at apache level
                                        (no need for suexec)
                                        CONCERN?: mpm-itk needs root access to files on NFS, so it has
                                        to be exported with no_root_squash. Is this a major security
                                        concern?

                                Nginx:
                                        fork php5-fpm processes by uid
                                        only exec files from defined directories
                                        chroot
                                # of processes (ulimit)
                                Mem Limit of processes (php.ini)
                                what is avaliable (no exec, no php-cli)
                        Mysql
                                queries per account per hour
                                updates per account per hour
                                # of connections per hour
                                # of concurent connetions

                        NFS
                                DISK QUOTAS:
                                                edquota peruser

                        HAPROXY
                                rate-limit sessions? (probably cant use this, as its global)


Current Issues:
                        NFS bottleneck
                                options:
                                        - distributed filesystem (Gluster?)
                                        - or is there a way to make local copies of popular sites, and
                                          shadow other files to primary nfs?

                        Too localised (Dallas)
                                architecture definition for standalone nodes / secondary clusters

                        Poor backup policy
                                short-term (3-month) should be on our server
                                good archival services offered by SoftLayer
                                setup mysql slave

                        Provisioning for new webserver cloud instances
                                need better puppet recipe
	(INTERNET)
	\|
	HAPROXY\ \| /HAPROXY-STANDBY
	NFS- DRBD1 <------VIP DRBD2 -NFS-STANDBY
	MYSQL/ / /\|\ \ \MYSQL-STANDBY
	PUPPET/ / \| \ \STORAGE
	/ \| \
	WEB1 WEB2 WEB3 WEB4 (apache's mpm-itk/nginx php5-fpm)




	Things we cant limit : Evil/Bad/Dumb PHP code
	Users with bad passwords

	Things we can limit:
	PHP
	Apache:
	mpm-itk takes care of setuid at apache level
	(no need for suexec)
	CONCERN?: mpm-itk needs root access to files on NFS, so it has
	to be exported with no_root_squash. Is this a major security
	concern?

	Nginx:
	fork php5-fpm processes by uid
	only exec files from defined directories
	chroot
	# of processes (ulimit)
	Mem Limit of processes (php.ini)
	what is avaliable (no exec, no php-cli)
	Mysql
	queries per account per hour
	updates per account per hour
	# of connections per hour
	# of concurent connetions

	NFS
	DISK QUOTAS:
	edquota peruser

	HAPROXY
	rate-limit sessions? (probably cant use this, as its global)


	Current Issues:
	NFS bottleneck
	options:
	- distributed filesystem (Gluster?)
	- or is there a way to make local copies of popular sites, and
	shadow other files to primary nfs?

	Too localised (Dallas)
	architecture definition for standalone nodes / secondary clusters

	Poor backup policy
	short-term (3-month) should be on our server
	good archival services offered by SoftLayer
	setup mysql slave

	Provisioning for new webserver cloud instances
	need better puppet recipe