Hi all,
Is it advisable to have DHIS 2 Server and other applications not related to DHIS 2 running in the same physical server?
Regards
1 Like
This is a very general question where one can’t say ‘yes’ nor can really say ‘no’ and the reason is because it’s very specific case by case. For instance, you could have apps that will open certain ports that are going to cause a vulnerability…etc whereas it might be possible to have certain apps that will not affect the instance.
However, under all circumstances, I think the requirement is isolation. I have LXC quite often in the community… see:
Isolation can be done with different levels of granularity:
- Separate physical machines: - This provides isolation but is a bit of an inflexible (and expensive) solution to the problem. The only exception to this might be the postgresql database server, where there can be some performance advantage to running on bare metal with direct access to disk array, but it is a costly choice.
- Separate virtual machines: - This can be a very sensible solution, where you dedicate an in-house VM or a cloud hosted VPS to each of the proxy, application server and database. There is a security concern that might need to be taken into account as, by default, traffic will pass unencrypted on the network between the various components. This might be considered OK if the network is trusted, but in many cases you might need to implement SSL on tomcat and postgres to ensure adequate encryption in transit.
- Separate containers: - This can be an elegant and lightweight solution to provide isolation between components. It is particularly attractive where you might be renting a single VPS server from a cloud provider. There are different Linux containerization solutions with different advantages and disadvantages. Most people will use docker or lxc or some combination of the two. This guide will describe a solution using lxc, but we will also add documentation on docker.
(source)