I've been with Linode for quite some time. Don't get me wrong; they are a great host. However the time has come to switch providers. The opportunity allows me to expand my ability to experiment a bit and see if I can apply what I know a bit further.
With that here comes Digital Ocean to the rescue. I signed up with the company ages ago. This was back when it was in beta and before they added a cap to bandwidth (although we all knew it was coming at the time). They allow you to setup one or more "droplets" that work independently. The individual units scale and you can use them pretty much as you see fit.
I got 3 droplets. They are the lowest tier. 512MB ram, 1 core, and 20GB of disk space. Not really anything impressive but this works to allow me to try some things when it comes to network arrangements and security. Please don't actually try to hack me. ^_^
Here is an image of what I got drawn up for the setup so far. Nothing overly impressive but it is the first time I've done a multi-server setup where each box had assigned roles.
Once I'm done I'll have Casper and Melchior both locked out as far as direct admin access goes. I'll have to go through Balthasar to do anything with them. This may be a tunnel or some other route. Balthasar will eventually handle my SSL certificate generation via Let's Encrypt.
Casper will get read only access to both the challenges folder and the certificates folder on Balthasar. The former so that Balthasar can actually complete the certificate generation (Let's Encrypt needs to verify control of the domain...) and gain access to copies of the certificate. Melchior will gain read only access to the certificates only. It is uncertain if there is even a need to do that part at the moment.
Anyways this is my first time. As usual all remote access is done via private keys. I don't use passwords to login.
Well that's my rant for today and the first one on this server. I still got tons to do. I'll do more of it tomorrow (hopefully).