In previous articles in this series, we’ve covered the areas of architecture, security and performance. All of these aspects are affected by your infrastructure from the time of development to deployment.
Infrastructure covers the stack your website lives on, including the server, the database and any software layers, such as Varnish or Memcached which ensure your visitors have a snappy experience. For example, planning the infrastructure from the start and developing on the same environment can greatly reduce variables and risk at launch time. Having a reliable multiple environment configuration and a solid disaster recovery plan shouldn't be left to last-minute decisions. When it is, mistakes start arising. Here's a few tips to avoid the most common errors.
- Size your stack correctly, not too large, not too small. This can ensure you're economically prepared for anything.
- Bottlenecks can arise from the hardware or from from processes hogging memory. Check logs for errors, and prepare for growth and spikes. Your stack is only as fast as the slowest component. Focus your efforts there; you'll probably find low hanging fruit.
- In terms of security, it’s also crucial to configure to protect from internal attacks as well as external attacks.
Size your stack properly
- Mistake: Server's hardware capacity is sufficient but misconfigured.
- Example: Database server set large enough, with 48GB of memory, but InnoDb buffer pool set for only 1GB.
- Solution: Take into account all aspects of stack configuration . Use tools such as mysqltuner.pl (see Recommended Tool) to analyze your database.
Let Varnish take the hit
- Mistake: Misconfiguration causes traffic to bypass Varnish and hit the server.
- Solution: Check response headers to ensure that pages you expect to be cached, are. Ensure that modules aren't setting session variables unnecessarily.
Avoid exposure to vulnerabilities
- Mistake: Remote connections to the database, Memcached, or Solr are allowed.
- Example: Assuming an external firewall will provide adequate protection, the port that runs Memcached is not protected via IPtables.
- Solution: As many as 50 percent to 70 percent of attacks can be internal . Forbid remote connections to the database, Memcached or Solr, and maintain this configuration through any infrastructure changes.
- MySQL tuning script: mysqltuner.pl or MYSQLTuner. It will present current configuration variables and status data for your MySQL installation, along with some basic performance suggestions.
- You can also find out more about our Infrastructure workshops useful for operations teams new to Drupal or LAMP requirements. Especially if you're building out your own infrastructure, instead of going with a managed solution like our own hosting.
- Recently my colleague, Cameron Tod wrote about the specifics for Drupal Multi-site Infrastructure, if you need more specifics about that configuration.