From: Dariush Pietrzak (eyck_at_ghost.anime.pl)
Date: Fri 04 Jun 2004 - 18:35:00 BST
> > you insisted that I must run snmpd in my server, I'd balk.
> The SNMPD application is supposed to run on the host, not within
> the vserver itself... That, I agree, would be a security threat, and an
> unnecessary resoource allocation.
Actually THAT is a real security threat. I run snmpd only within vservers,
you shouldn't put such complicated and historically vulnerable app on host
itself.
> It works great, I agree, however, SNMP is a generic and proven way
> to do monitoring of a wide variety of devices (routers, servers,
> switches, etc.)
It is proven that you should run it only on private networks (if you can)
> monitoring as well... Monitoring is done via SNMP, why not do the
> management via SNMP as well ?
Because, although it was fashionable to do so some time ago ( just like
now it's fashionable to do management via embedded http-servers ), doing
management via SNMP is not that secure ( and not that simple to implement).
Hmm, there is another issue here - if you already use app like HP Open
View to do your other management, then putting it in control of vservers
might be the wisest choice.
-- Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9 We're giving you a new chance in life, and an opportunity to screw it up in a new, original way. _______________________________________________ Vserver mailing list Vserver_at_list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver