I rely heavily on OpenVZ. In this article I would like to share some of my personal experiences in OpenVZ deployment. I assume that the readers already know how to install OpenVZ and the basics of OpenVZ. This article describes some tips on OpenVZ usage via the command line. If you prefer GUI to command line, please turn to how to install WebVZ.
The setup described here follows these guidelines:
- the real server has minimum software installed (I use debian Etch with minimal installation) as the starting point. Additional applications are installed as needed along the deployment.
- the real server should be as secure as possible. On the other hand, I want to keep it simple and easy to setup/maintain. So I chose a compromise: I rely only on what can be easily deployed with debian and don’t go for extra security stuff like openwall, selinux, grsecurity, etc.
- each needed service is deployed in a separate container, so that they interfere each other as little as possible
- Intrusion Detection for the real server as well as the containers is deyployed on the real server using OSSEC
- firewalling (iptables) is done on the real server; the containers run only the services
- I rely on ssh as the only mean to access and maintain the real server and the containers.
Read more at Howtoforge.com
Junji's Blog Site 