-1

I'm going to launch a new web service, but i have few funds to start this business. I was taking a look at OVH Dedicated Infrastructure servers, but such a service costs at least 250 $/month, too much for me at the moment. Why i was looking at a Dedicate Infrastructure? Because i would run the Web Server on a machine, and perform database replication on another physical machine, in a private network (OVH Infrastructure allows me to create a virtual private network between my servers). Costs are too high for me at the moment, but meantime i wouldnt renounce to Database Replication. Therefore i thought i could buy a good dedicated server (not cloud, 4c/8t - 32 GB RAM - 3TB SDD) where to run LAMP, and then replicate mysql DBs to another small server, even a cheap VPS, setting up SSL for the mysql user who will run replication.

My questions are:

  1. which are the security risks in set up replication in a not private network?
  2. is SSL enough to hide traffic data between the web server and the other one?
  3. how hard is sniff packets from a web server, considering that OVH is a professional company which provides the best in terms of security? And if someone is able to do so, which are the risks i may meet?

Many Thanks.

J.Z.

Jhon Zunda
  • 59
  • 7

1 Answers1

2

It sounds like you are over thinking this too much. If you are just starting this web service, there is no way you'll need that much hardware.

You would be best off renting something cheaper (a VPS or an instance in one of the popular Cloud providers) and replicating inside their private network.

Also, with such a small web service, replication seems redundant. Just take backups as often as you can afford. Once you start making the money to afford a secondary database server you should consider offsite replication and take backups from that server.

As far as your actual question:

Yes its a major security risk to replicate across public internet. SSL mitigates that somewhat, but the MySQL documentation doesn't explain if it supports TLSv1.1 or higher so I can't really say how secure it would be. An SSH Tunnel might be a better option than SSL on the mysql server. The best option would be a dedicated VPN connection with high security settings.

But don't do this if this is your primary database (which it sounds like it might be). You will have super high latency on all of your database calls. Just put the DB on the web server and take resonable precautions to isolate the two with proper privilege separation.

Kyle
  • 1,589
  • 9
  • 14
  • ok maybe i was overthinking this, you are right. but what did you exactly mean with "replicating inside their private network."? thanks – Jhon Zunda Jun 15 '15 at 18:41
  • Set up a web server and a db on ec2 (or whatever you prefer), then use the internal IP addresses to do the replication. A VPC on ec2 would be the recommended way to do this so that you have better isolation. – Kyle Jun 15 '15 at 19:15
  • I did not know that such a thing is possible without buying an Infrastructure contract. i have checked and your are right. DB are cheap at OVH. Thank you, for real. – Jhon Zunda Jun 16 '15 at 21:05