Server Changes Ahead
By Nick Shobe
David recently discussed the death of Trilium Why Must Trillium Die? and now I, the newest member of the New Media team, am preparing some cool server side architectures that will be deployed over the next few weeks. The improvements should add several security enhancements, provide more opportunities to improve performance, increase server redundancy(decreasing down time) and hopefully improve our software dev cycle. So basically the same cool stuff from us… but better! These changes and improvements include:
- Deploying a Puppet infrastructure to make it easier to deploy and manage our dynamic server environment.
- Creating a set of provisioning scripts. Our servers may have a diverse software load, but the base systems will be provisioned with the same base configuration and Ubuntu and puppet versions which makes deploying software to dev, test and live environments hassle free.
- Improving overall security measures by allowing key only ssh authentication and adding Fail2banto monitor and respond to brute-force attacks on our various sites that don’t already employ network user authentication.
- Expanding our use of a software firewall to all managed systems… we do have hardware firewalls, but there are some real benefits to employing another layer of firewall security.
- Reviewing database authentication and software permissions to ensure user data remains as secure as possible.
Some of these are easy to implement immediately, while others will take a few months to deploy, test and refine before they are fully ready for prime time.