Plesk 10.4.4/ASL versus Plesk 10.4.4/CageFS
Posted: Mon Feb 27, 2012 2:40 pm
Ok so here is the scenario.
I have 2 test systems going. (The winner will end up in production)
It is a shared hosting environment so security and site isolation are most important.
Performance is important but slightly minimized as each box has 32GB RAM and dual Quad core processors which should be enough to allow the main focus to stay on server security and site isolation rather than performance/security using up too much resources.
> Box1
CentOS 6 x86_64 - Plesk 10.4.4 and ASL Kernel (2.6.32.57-12.art.x86_64) - for all the extra benefits of ASL.
>> Box2
CloudLinux 6 x86_64 - Plesk 10.4.4 and Cloud Linux 6 Kernel that supports LVE and CageFS 3
Since Cloud Linux was listed as a supported OS I did try to use the ART Kernel but I see it is not compatible.
Ongoing questions are:
(1) Is the shared hosting site isolation in Plesk 10.4.4 good enough to ignore the Cloud Linux benefits and stick with the ASL Kernel and its added security (which is working out very nicely so far)
(2) Would the Cloud Linux Site Isolation benefits (Security & High Availability) + Plesk 10.4.4 + ASL Lite (aka ModSecurity + updated rules) be the MORE SECURE way to go..?
(3) Would the ohh so tempting upcoming Tortix Enterprise Security package work without the ASL kernel (of course not but that also adds a little twist to things because if Tortix Enterprise Security does what it appears it will do on the check list chart shown on http://atomicorp.com/products/products-comparison.html then it cannot be overlooked too easily..)
Any insight, suggestions or just random opinions would be helpful!
Thanks,
I have 2 test systems going. (The winner will end up in production)
It is a shared hosting environment so security and site isolation are most important.
Performance is important but slightly minimized as each box has 32GB RAM and dual Quad core processors which should be enough to allow the main focus to stay on server security and site isolation rather than performance/security using up too much resources.
> Box1
CentOS 6 x86_64 - Plesk 10.4.4 and ASL Kernel (2.6.32.57-12.art.x86_64) - for all the extra benefits of ASL.
>> Box2
CloudLinux 6 x86_64 - Plesk 10.4.4 and Cloud Linux 6 Kernel that supports LVE and CageFS 3
Since Cloud Linux was listed as a supported OS I did try to use the ART Kernel but I see it is not compatible.
Ongoing questions are:
(1) Is the shared hosting site isolation in Plesk 10.4.4 good enough to ignore the Cloud Linux benefits and stick with the ASL Kernel and its added security (which is working out very nicely so far)
(2) Would the Cloud Linux Site Isolation benefits (Security & High Availability) + Plesk 10.4.4 + ASL Lite (aka ModSecurity + updated rules) be the MORE SECURE way to go..?
(3) Would the ohh so tempting upcoming Tortix Enterprise Security package work without the ASL kernel (of course not but that also adds a little twist to things because if Tortix Enterprise Security does what it appears it will do on the check list chart shown on http://atomicorp.com/products/products-comparison.html then it cannot be overlooked too easily..)
Any insight, suggestions or just random opinions would be helpful!
Thanks,