On Oct 4, 2011 7:04 PM, "Mike Oxford" <moxf...@gmail.com> wrote: > > On Tue, Oct 4, 2011 at 3:59 PM, Greg Stein <gst...@gmail.com> wrote: > > Regarding security: it is the same for option A and B and C (you're > > just shifting stuff around, but it is pretty much all the same). Put > > your webservers in one security group, and the Riak nodes in another. > > Open the Riak ports *only* to the webserver security group and to each > > other. > > Not quite the same. If you get rooted on a webhead you don't want your > data there (esp with an erl shell.)
Ah. Yeah. Quite true. > > Avoiding two services on one machine (e.g web + riak) is also much > > easier to manage/maintain. Just have web machines and riak machines. > > I disagree; it's more work to maintain two machines correctly. However > the extra work is worth it for security/scalability. Note that his original description had two machine types: web+riak, and riak-only. My point was about that two service box being a pain. Given that you have two types, then break up the boxes into the two -only formats and increase your security. Cheers, -g
_______________________________________________ riak-users mailing list riak-users@lists.basho.com http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
