Precautions for implementing virtual hosts in Linux

Virtual Hosts are currently using many technologies. As shown in, there is now an enterprise that provides website space. You can deploy multiple websites on the same server. In addition to the first established WEB server, other newly established WEB servers are called virtual hosts. However, this is transparent to users. That is to say, the client is connecting to the instance and cannot know whether the server to which the client is connected is a virtual host. It is different from other servers in terms of usage and connection configuration.

Some may have questions. Why do virtual hosts need to be used because hosts are so cheap? It is true that the current host is relatively cheap, and deploying more than one server may not feel bad for enterprises. However, other restrictions force enterprises to deploy virtual hosts. For example, the valid IP address that an enterprise can obtain is limited. Generally, it is good for an enterprise to apply for about two fixed IP addresses. A client on the Internet must have a valid IP address to access this website. Therefore, the use of virtual hosts by enterprises is not solely based on hardware costs, but because of other hard restrictions, enterprises have to adopt virtual hosts.

What should the system administrator do when an enterprise uses a virtual host to eliminate some negative effects caused by the use of the virtual host? This is an issue that must be considered by the system administrator. Such as the usage of an Enterprise Virtual Host. On a WEB server, two websites are actually mounted, respectively, the website used in the OA system and the portal website of the enterprise. So what are precautions for implementing this virtual machine?

As far as I know, the following content system administrators should pay attention to when deploying virtual hosts.

1. Pay attention to the bandwidth allocation between websites.

When a client can access a WEB server, its total bandwidth is limited. How can the limited bandwidth be allocated between the OA website and the enterprise portal website? Here, only two websites are mounted on a WEB server host. It seems that the bandwidth allocation is not necessary. However, if you have five or six websites on one host, it is necessary to allocate bandwidth between them. What criteria should the network administrator use to allocate bandwidth? How can we prevent other websites from being adversely affected by the excessive bandwidth usage of a website?

Generally, this is linked to an enterprise website application. If you deploy an e-commerce platform on an enterprise portal, you need to ensure that it has a relatively large bandwidth. If it takes a long time for an enterprise to place an order online, the customer may be dissatisfied and the customer may be reluctant to use the e-commerce platform. Similarly, if you have a large number of product images, video materials, and so on this enterprise portal, you also need a relatively large bandwidth. Otherwise, it will take a long time for the client to view a product image or video, which is undoubtedly a test of user patience. For this reason, for some enterprise portal websites, the network administrator must first estimate their information traffic and ensure their bandwidth in advance. However, if an enterprise's portal website is used for decoration, but in fact there are not many enterprises accessing this portal website, it does not need to be kept with a large bandwidth. This is a waste.

In addition, some website companies are charged for each website. In this case, to be fair, you need to determine the appropriate bandwidth for each website based on the charging conditions, so as to avoid other users' dissatisfaction due to the excessive bandwidth usage of some websites. Theoretically, a virtual machine can be mounted to multiple websites, but its bandwidth is limited. Therefore, if you have too many websites, the access performance may decline. Therefore, the network administrator should not mount too many websites on a host. The number of websites to attach depends on the bandwidth of the server.

2. The security information of each website is closely related.

As shown in, when a VM is used, data on all websites is stored on the same host or on the same hard disk. Therefore, the security of each website is closely related to each other. If a website is attacked by an illegal attacker due to improper operations, it is difficult for another website to be preserved. If an attacker uploads a trojan file or an illegal program to the enterprise portal, the website may be adversely affected. At this time, this negative impact will also involve other websites, such as OA websites. Therefore, when the network administrator uses a virtual machine to mount multiple websites, special attention is needed for this security.

For example, it may be a good method to run multiple websites with different users and set relevant permissions. As shown in, I can create OA users and portal users on Linux systems respectively. Then, use different users to log on to the Linux operating system for related configuration. In addition, through permission control, OA users cannot access relevant information of portal users. To a certain extent, data between multiple websites can be independent from each other to ensure their security. However, you must note that the security protection function is limited. If this trojan or illegal program is used in a comparative manner, not only the portal website is broken, but the control of the Linux operating system is obtained, then this protection measure is useless.

In addition, strict management of the security of each website is also very helpful to improve the security of this Linux host. For example, you can set security measures such as preventing all websites from running script programs or uploading files. These measures can ensure the security of a single website and protect the entire Linux server from being affected. Therefore, if you use virtual machine technology to mount multiple websites on the same host, the network administrator needs to pay special attention to the security of the website. You must know that the security of various websites and other related services on a VM is closely related. If a website is attacked by an illegal attacker, it will be difficult for other websites to protect it.

3. How much bandwidth should I rent?

Most enterprises now lease lines from network service providers to connect to the Internet. When renting a line, the network administrator needs to consider the bandwidth problem. If I know a company, they are actually two companies. One is a foreign trade company dedicated to foreign customers and the other is an enterprise responsible for domestic customers. Although they only have one management team, they are two different enterprises. Therefore, they have two portals. Due to various restrictions, the company had to mount two portals on one server. Both domestic and foreign customers need to access these two portals. If you want to place an order through the e-commerce platform on the portal website, you need to view the product images on the portal website. Any application requires a relatively large bandwidth. Otherwise, the access will be very difficult, and the user needs to wait for a long time. Therefore, when renting bandwidth, the network administrator needs to consider how much suitable the bandwidth is to be rented? Because now, If you lease bandwidth with them, the charges are basically based on the bandwidth size. It is also a waste if the network administrator rents a relatively large bandwidth and is not enough. On the contrary, if a relatively low bandwidth is rented and the normal access of the customer is affected, the loss of the enterprise may be greater. For this reason, the Linux system administrator needs to estimate the bandwidth required for the VM to meet normal access needs, and then purchase the appropriate bandwidth.

4. Implement protocol priority management.

If the firewall settings of the Linux system are implemented while the virtual host is deployed, the bandwidth can be managed through Protocol priority. When the network is congested, the traffic of some important applications (for example, e-commerce platforms often use HTTPS protocol) can pass through first. Other common data traffic will be suspended until the network recovers. It can be seen that the use of Linux operating system firewall and virtual host can also achieve bandwidth management between multiple websites. This allows enterprises to achieve relatively good performance at a low cost.

In addition, if there are some high-end routers in the Enterprise, you can also use this router to achieve protocol priority. Because the efficiency of data forwarding and processing by routers is relatively high, the configuration of protocol priority on routers is better. Therefore, the Linux System Administrator sometimes has to have a friendly cooperation and communication with the enterprise network administrator to achieve the best performance of the VM.