how can i build this setup ?

[Tonimahoni]

Hello folks,

i decided to use zentyal for my webserver because it has all the tools i need to build the setup i always wanted to use.
Today i installed zentyal on a virtualbox to get an impression how it works, and to find out if i can build the setup with
it, that i was thinking about for weeks now. Zentyal is very impressive and i already spend hours on it but i really cant
find a way how i start to build my environment as testenvironment, before i create it on my real webserver.
There is so many options that i am now a bit confused and unordered inside myself   

I created an image, that shows pretty much what i want to realise with Zentyal :



VM means Virtual Machines.
Chive is a program to manage databases just like phpAdmin.

I want to access Zentyal only by the remotemanagement console from my Webhost, no need for any Ports to the
ouside (only for HTTP over IP2 to update Zentyal), except for the ones shown on top of the image. 

I would really appreciate if someone could help me out to find my way into all this stuff, i did read explainations of
tools and settings all day but that made things even worse.


Edit : fixed errors in the image // added HTML Connection for Zentyal

[christian]

I'm a bit confused too... well, more than a bit, very confused.
what do you want Zentyal to provide to you?
Firewall? web server?

[Tonimahoni]

I'm a bit confused too... well, more than a bit, very confused.
what do you want Zentyal to provide to you?
Firewall? web server?

Hello christian,

i want Zentyal to be my Firewall, run VMs, map the ports from the virtual machines and run Chive
to maintain my SQL Databases on the VMs (from the remotemanagement console of my webhost).

[ichat]

i would say,  no go,

zentyal is a small buisyness network  in-a-box.   sure it can provide vm's but there are usally only to run software that isn't intended to run on zentyal...

the rest of is all network settings in sutch a way that it is usefully to untility networks and not so mutch  networks for  webservers...

where for example  zentyal provided forward proxy,    a webserver needs a reverce proxy or a loadbalancer.    where zentyal only provides basic virtual machines...  your  virtual machines probably require  some kind of accounting...     

what you need is a dedicated  virtual machine host   with  vmware  esxi  or xen   (with xen you have solus vm, witch is non-free  but works really great ...    on that  virtual stax you want... 

a: a firewall applience  that intergrates loadbalancing or reverse proxy...   (if only http than nginx would do this for you...)... |
b:  some webservers...  (maybe a control pannel)... 
c:  more stuf...


anyway running that on zentyal is  far from ideal...

[christian]

From my standpoint, Zentyal, although being quite powerful solution, is not the best one (at least using GUI) when it come to associate services per IP, like on your drawing.
What I mean is that services like FTP or HTTP will listen on all interfaces. Then it's up to you to control, at firewall level, what is accessible or not.

[Tonimahoni]

anyway running that on zentyal is  far from ideal...

Hello ichat,

thx for your reply. This is rly disappointing 
I think i will have to go for clearos then, i know that some people run such systems with it.
But i very much like the VM integration in zentyal.
This was the reason for me to try this software, and i still like it 

From my standpoint, Zentyal, although being quite powerful solution, is not the best one (at least using GUI) when it come to associate services per IP, like on your drawing.
What I mean is that services like FTP or HTTP will listen on all interfaces. Then it's up to you to control, at firewall level, what is accessible or not.

Yes, you might be right. What setup would you suggest for me ?
I don't need the fastest webservice and expensive software, i run a rootserver with 8 Gig ram this should be enough for 1 or 2 small websites (in a VM) with low traffic and a content server in a vm - which will produce low traffic aswell.

I thought about to setup a Container hostsystem like a linux with only the ability to manage my VMS and run 3 VMs in it with
a) Firewall
b) LAMP
c) various Content

but zentyal seemed to be the better solution for me.

Maybe its better to run 3 VMs.
What do you think ?

If i have to modulate the Firewall out of the Hostsystem then is even clearos not the best option.
Maybe Pfsense ?

[ichat]

its not that zentyal isn't good software,  btw  clearos is isn't bad either,   but neither are verry suiting to your needs in terms of optimal behaviour, it terms of features,   

if people say that there are using clearos and its working great,   either they are  computer hobyist bragging ... or they are plain lying to you (or at least  exagerating...)...

im telling you this, because   neither have any featuers that come near  loadbalancing  like for example  elastix does,    and sure you can hack (meaning thinker) something together with  the computer-euqivilent of duck-tape
but its not bring you to where you want to be...

but when you run one of these   virtual network appliences dedicated to firewalling... like IPcop,  Elastix, pfsence    or many of the other firewall apliences you can find on google... 
you would get a really great head start...

now if you kids scool needs a new network controller, or you brothers lawfirm whats network authentication and file/email/calandar sharing...   THATS when you want to  take a look at zentyal... 

thats ... when (in my book) zentyal rulez them all... 

[Tonimahoni]

but when you run one of these   virtual network appliences dedicated to firewalling... like IPcop,  Elastix, pfsence    or many of the other firewall apliences you can find on google... 
you would get a really great head start...

I understand, and appreciate very much that you replied to me.

I never heard about Elastix, i will take a look at it right now.

Ipcop is no go for me, it has already been repaced by Ipfire (Ipcop is buggy/not safe), which i have never installed yet.
Actaully i am preparing a Tinycore Virtualbox to see if i can prepare it to a small host for my VMs.
Right after i the installation is done, i will take a look at Ipfire.
But as far as i read on the net, pfsense is by far the best solution.

[christian]

What I'm just curious to understand is why you do need web servers on VM.
This "any single service running on its own VM" is a typical Microsoft approach where you may have conflict because of DLLs.
On Linux server, when it comes to run only LAMP platform, I hardly understand the rational behind this when there is no external shared storage that will help implementing high availability. But this is not the way Zentyal VM container is designed 

[Tonimahoni]

hey christian,

it's mainly a LAMP Container.
i only used this simple diagram, to get easier to the point, whithout more confusion among the readers/viewers 

It will also run :

a CMS,
HTTP Firewall,
Backup Solution,
FTP Server,
SSH Server
and maybe an additional NAT Firewall just to increase the safety a bit more.

If this Container gets attacked/hacked, its no problem to restore it with just a click.
I also don't install Phpmyadmin on it to increase the security of the system.
The SQL Databases get all administrated from the host System, which has only the
Http Port open on a diffrent IP, and probably i will only unlock that port when i maintain
it by hand.
With the Firewall now running in its own container, as zentyal is no good option for me
anymore, the security will even increase more.