On 11/20/2018 8:43 AM, Chris Bennett wrote:
I am almost certainly going to be replacing with a new server for an
organization I am a member of.
With all of this mess with Meltdown, Spectre, insecure motherboard
chips,etc.
I am pretty clueless on exactly what is going to be a secure set of
server hardware.
Intel, well no.
AMD? I have read about problems with non-CPU chips being compromised.
Another architecture? I have never used anything other than Intel/AMD.
The server will run httpd, mailserver, PostgreSQL and somehow a good way
for well encrypted messaging at times.
It is very likely to run out of Austin, Texas.
I think that having a direct connection would be best, but would a
proper setup make collocation OK?
This isn't going to be my server, I will just be in charge. That's
completely new for me.
Any advice is really welcome, everywhere I read anything, hardware seems
broken and insecure.
Thanks a bunch for any help,
Chris Bennett
Personally, I'd go with a couple of Sun T-1000s, a pair of managed
switches and some Cyclades (or similar) serial port servers and cram
them into a half cabinet rented from a CoLo. 2 to run as firewalls, 2
for httpd, 2 for your database, and 2 to run Dovecot for your mail
(Assuming just IMAP is fine for your users). You'd probably be looking
at about $10,000 in hardware and a few hundred a month for renting the
rack space. Although with some frugal ebay'ing, you can probably bring
that hardware cost down quite a bit. But you'll get some decent
hardware, and SSH-based remote access to the OOB ALOM ports of the systems.
I have a similar, but much larger scale, setup sitting in an Equinix
Datacenter over in San Jose.
