Skip to main content

So, I’m going to be working on rebuilding our repos to be Linux repos to leverage the new security in V11.

If you were going to build a repo for 15 TB drives running on VSphere 6.7. Ubuntu. These will provide back up copies to 5 customers each.

 

I can look at what the specs are but I want to know what you all think.

 

Thanks all :)

So, I’m going to be working on rebuilding our repos to be Linux repos to leverage the new security in V11.

If you were going to build a repo for 15 TB drives running on VSphere 6.7. Ubuntu. These will provide back up copies to 5 customers each.

 

I can look at what the specs are but I want to know what you all think.

 

Thanks all :)

Hi Andy,

 

Immutability is just a flag that will be set so the recommendations for sizing an XFS system will stand. If you haven’t seen it already https://Veeambp.com is an awesome site that includes industry based best practices and sizing guides.

If you scale in line with best practice (1 CPU + 4GB RAM per concurrent task slot) then this will help maintain performance.

 

The main questions are around concurrency of tasks as you’ve mentioned multiple customers so they may contend for resources frequently, this will have an impact on IO and network especially.

 

A final thing I’d like to add is just like the hardware certification that you go through between vendor and VMWare/Microsoft, there also exists a certified hardware list for Ubuntu, I’d strongly recommend you consult this for your repository design. (https://certification.ubuntu.com/server/models?release=20.04%20LTS)


I agree with @MicoolPaul : hardened repositories will not need more resources, size for XFS to get the performance you can expect from your hardware.


Don’t forget, you will want to have different proxies than your Linux repo with immutability.


Don’t forget, you will want to have different proxies than your Linux repo with immutability.

Yes, if you want to have the most-possible-secure-Linux-repository, install just repository role on the host.

But immutability is also possible with proxy role on the same Linux host. But then there are more opened ports and services running and so more attack vectors. When you need a feature, not available in Linux proxy, like tape support, you need for sure a additional Windows proxy.

@haslund please correct me if I am wrong.

 


Thank you all for the great information.  I’m sure I’ll be asking lot’s more questions but it’s nice to know there is an awesome place to ask such questions and get such thoughtful answers :)


Don’t forget, you will want to have different proxies than your Linux repo with immutability.

I just got a definite answer to this question: You CAN NOT run immutable repository AND proxy role on the same Linux server in v11!

PS: There is a workaround: you can theoretically run one of these roles in a container.


Comment