[Owasp-board] OWASP Infrastructure update

Matt Tesauro matt.tesauro at owasp.org
Wed Jul 14 02:22:19 UTC 2010

I talked with Larry today about the current OWASP infrastructure and 
below is what I'm using as talking points with the possible new hosting 
providers.  I've already sent the below to Terremark who is offering an 
enterprise cloud solution which looks particularly appealing where all 
our servers would be VMs run out of one of their data centers.

Feedback on missing items, suggestions, etc. is greatly appreciated.

Current OWASP Infrastructure
(1) "Wiki Server"
      Fedora LAMP server
      Runs www.owasp.org and ads.owasp.org (virtual domains)
      Dell PowerEdgs 1325, Dual Core CPU, 4 GB RAM, 2 mirrored drives
      240 GB storage size, 84 GB used (~34%)
      CUP is at a constant ~ 60% utilization

(2) "Mail List Server"
      Fedora LAMP server
      Runs Mailman for lists.owasp.org
      Dell 750, Unknown CPU, 4 GB RAM, 2 mirrored drives
      80 GB storage

- DNS is currently managed by Larry through Verio
- Email is currently managed by Google/Gmail through their Google Apps 
for Education and non-profits
- LAMP = Linux, Apache, MySQL, PHP
- Attached is the most recent Google Analytics from OWASP.org I have
- Original RFO Larry wrote is here:

Future OWASP Infrastructure needs
I'd like to see a post migration, initial setup with
(1) Wiki server - hosts only the Media Wiki install for OWASP.org
(2) Mail list server - hosts only the MailMan list management software
(3) ads server - hosts only the ads which are displayed on OWASP.org
(4) DB server - runs MySQL for OWASP

Anticipated growth
- Additional MySQL server for fail-over/replication
- A clone of www.owasp.org's LAMP install for experimentation/staging
- Other LAMP servers for trials of CMS software, Forums, etc.

Backups are obviously important primarily for system restoration - not 
highly time critical nor is off-site tremendously important.  Having a 
cloned but not running copy of the four servers above would provide 
sufficient fail-over/disaster recovery.  (cold VM disaster recovery - is 
that a real term?)


-- Matt Tesauro
OWASP Board Member
OWASP Live CD Project Lead
http://AppSecLive.org - Community and Download site
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Analytics_www.owasp.org_200912.pdf
Type: application/pdf
Size: 185875 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20100713/6ea916ae/attachment-0002.pdf>

More information about the Owasp-board mailing list