CloudLinux
Dan Dubovik
dandubo at gmail.com
Mon Jun 21 12:38:56 MST 2010
I've been playing around with CloudLinux a bit and haven't had a chance to
properly reply to this thread until now. That said, CloudLinux itself is
not a virtualization layer in the sense of Xen, VMWare or the like. It
instead is a way to limit system resources based on the user (uid) instead
of by process.
While CloudLinux does include some security features (a grsecurity patch,
utilization of fcgid / suphp for running cgi processes as the VirtualHost
user, instead of as the apache user), it's primary benefit is in the
limitation of CPU, I/O, and process count per user. In a hosting
environment, being able to prevent one user from completely tanking a server
(either intentionally, as a result of a Digg or Slashdot article, or some
attack aimed at the site), this is a huge benefit.
IMO the name itself (CloudLinux) is somewhat misleading, as it does not
employ any Cloud features (no real abstraction of services from the
hardware).
@R P Herrold
I agree that the basic support is useless. I do not know the pricing of
licenses / support as of yet, however, I suspect that Basic plan is simply
there to make the others look more attractive for whatever the price is (see
AT&T's .5GB data package vs 2GB data package for a similar concept).
In the OT part of this thread, I would also agree that many of the security
risks of Cloud computing are much arm waving, and can largely be resolved by
proper encryption of data, in addition to using the Cloud properly. There
are parts of it that can be useful (non-critical data storage, inexpensive
off site backups, etc), and parts that you may not want to keep out there
(unencrypted user SSN's, CC#'s, etc), more as part of good practice than any
real security concerns.
@Lynn
I also agree that any way we can make the bad guys keep scratching their
heads, gives us time to implement better policies and procedures to further
complicate their lives. However, while we should try to keep our methods of
thwarting them quiet, it could also be beneficial to inform others who have
noticed (and been open) about the same attacks know what you did to resolve
it, even if done so out of band via a simple phone call, etc.
-- Dan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20100621/ca904ee3/attachment.html>
More information about the PLUG-discuss
mailing list