Our decision to replace the Mac os Xservers with Windows is purely financial. We already run our software on Windows and though Linux would be a good choice it is less expensive to support a single platform.
We run as many as 15 apps on a single xServe box. The corresponding Oracle 10g databases run on a separate server. Everything is automated. Start up, shutdown, updates etc. are scripted and executed using sudo. Each app runs as a non-admin user and is secure and isolated from the other apps running on that box. The more I discuss this it appears to be more of an OS question than a tomcat question. Someone suggested a pilot program. We are currently replicating our multi-app server configuration on a windows box...trust but verify. Thanks to everyone for their replies on this question. Guy On 1/22/11 2:23 AM, "Brett Delle Grazie" <brett.dellegra...@gmail.com> wrote: > On 21 January 2011 19:29, Jeffrey Janner <jeffrey.jan...@polydyne.com> wrote: >> Guy - >> >> Why switch to Windows when you can still get OSX Server for Mac Pros or >> Minis? > > Why run Windows at all when you can switch to Linux and have all the > command line goodness you were used to in Xserver? > ;) > >> >> That out of the way, Tomcat works basically the same on Windows as on Mac, >> except where running as a service is concerned. Yes, Tomcat will respect >> Windows permission settings, etc., just like any other Windows app. It >> should run under a non-admin account. You might have some issues allowing >> non-admins to start/stop the service however - if that is in your >> requirements. >> >> When all else fails, get you a Windows box and set Tomcat up as you'd like on >> it and see what problems occur when you try to use it the way you do now. >> It's called a pilot program. >> >> Jeff >> >>> -----Original Message----- >>> From: Guy Pontecorvo [mailto:guy.ponteco...@pearson.com] >>> Sent: Friday, January 21, 2011 11:56 AM >>> To: users@tomcat.apache.org >>> Subject: Security question about Multiple instances of Tomcat running >>> as non-admin users on a single box >>> >>> >>> We currently run multiple instances of tomcat Version 6.0.20, each in >>> its >>> own non-admin user account under Mac OSX 10.5. This has been a great >>> way to >>> host multiple web applications (student information systems) on a >>> single >>> box. Each app is secure in its own user account space and can't read or >>> write outside of its user directory. An administrator can manage them >>> as a >>> whole using sudo. >>> >>> Because Xserve is being discontinued we are considering the possibility >>> of >>> migrating our environment to Windows 2008 R2 >>> >>> We can create the users, run windows services using the credentials as >>> a >>> local user, name the service whatever we'd like, and stop, start it by >>> that name via scripts. The biggest gotchas I can think of is can we get >>> tomcat to run as a non-admin user and will tomcat respect ntfs file >>> system permissions that should be setup for separate logs, temp files, >>> etc.? >>> >>> We have too many instances to consider running each hosted app in its >>> own >>> vm. >>> >>> Thanks in advance for any advice or experience you can share. >>> >>> ------------------------------------------------ >>> Guy Pontecorvo >>> Engineering Manager >>> School Systems >>> >>> 10911 White Rock Road >>> Rancho Cordova, CA 95630 >>> >>> O: (916) 288-1804 >>> M: (530) 701-8842 >>> E: guy.ponteco...@pearson.com >>> >>> Pearson >>> Always Learning >>> Learn more at http://www.pearson.com >>> ------------------------------------------------ >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >> >> __________________________________________________________________________ >> >> Confidentiality Notice: This Transmission (including any attachments) may >> contain information that is privileged, confidential, and exempt from >> disclosure under applicable law. If the reader of this message is not the >> intended recipient you are hereby notified that any dissemination, >> distribution, or copying of this communication is strictly prohibited. >> >> If you have received this transmission in error, please immediately reply to >> the sender or telephone (512) 343-9100 and delete this transmission from your >> system. >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org