Difference between revisions of "Hosting"

From the Linux and Unix Users Group at Virginia Teck Wiki
Jump to: navigation, search
imported>Echarlie
(Colocation)
imported>Echarlie
(/Vlut s/lu/ul/)
Line 28: Line 28:
 
Live ISO or a netbsd netboot. Management is only over SSH or a serial console.
 
Live ISO or a netbsd netboot. Management is only over SSH or a serial console.
  
=== Vlutr ===
+
=== Vultr ===
 
[https://www.vultr.com/ vultr] has pricing comparable to other options, but actually allows you to use your own ISO images, while
 
[https://www.vultr.com/ vultr] has pricing comparable to other options, but actually allows you to use your own ISO images, while
 
Digital Ocean (and others) only allows you to use their existing kvm images.
 
Digital Ocean (and others) only allows you to use their existing kvm images.

Revision as of 01:17, 11 August 2016

This is an overview of the experiences VTLUUG users have had with various hosting providers.

Virtual Private Servers

Linode

Linode offers fairly good specs (1 GB memory, 8 cores, 24 GB storage, 2 TB transfer) for $20 a month, but do not have any cheaper plans. They have a robust management interface with load and bandwidth statistics, DNS management, and allow uploading of custom ISOs.

Linode has had multiple security-related incidents in the past, one of which was due to a ColdFusion zero-day and resulted in passwords and the last 4 digits of credit card numbers being leaked. Another resulted in $71,000 in BTC being stolen.

Digital Ocean

DigitalOcean is a startup that offers cheap VPS instances $5/mo (512MB RAM, 1 core, 1TB transfer, 20GB storage), but lacks basic management and security features.

  • For some reason, the VPS's bootloader is not used so users must explicitly prevent the Linux kernel from updating in their package manager. This is particularly concerning because users must wait for DigitalOcean to provide updated kernels after vulnerabilities are discovered. In the case of CVE-2013-2094, a new kernel was not available for over a week.
  • Users are limited to the images provided by Digital Ocean and cannot upload their own ISO or use a custom kernel. BSD, Gentoo, and many other Linux distributions are not supported.
  • Root passwords are emailed to users in plain text unless you set up public key authentication.
  • Initially, there was no network isolation and it was possible to ARP spoof users on the same LAN. This problem has now been resolved.
  • There is currently no bandwidth measurement (but you are not billed for bandwidth either)
  • No IPv6 addresses are provided.
  • In the past, DigitalOcean reused disk images between customers without securely wiping data. This enabled one to extract sensitive information by running cat /dev/vda1 | strings. This problem has now been resolved.
  • DigitalOcean allows users to set rDNS to arbitrary FQDNs without searching for matching A records
  • After many abuse complaints, even if you handle them in a timely manner, they will lock your account permanently, including VPS instances that are were unrelated to the incident. Unless you ask them to disable your account, you will continue to be billed for the time your account is locked.

Prgmr

Prgmr is a discount Xen host used by several VTLUUG members. Prgmr was originally viewed as very inexpensive, however they have not made significant upgrades to their plans in recent years. Hosts like DigitalOcean and Linode that have have made Prgmr a poor choice for all but their cheapest plans.

Since they are Xen-based, it is possible to use whatever ISO you would like, as well. Recovery options are a debian Live ISO or a netbsd netboot. Management is only over SSH or a serial console.

Vultr

vultr has pricing comparable to other options, but actually allows you to use your own ISO images, while Digital Ocean (and others) only allows you to use their existing kvm images.

Dedicated Servers

OVH (Kimsufi)

The Kimsufi brand is a low cost, low power dedicated server service provided by OVH. It is comparable in cost to many VPS providers but is dedicated hardware. OVH has extensive peering issues with the US resulting in poor connections to their France and EU based datacenters. A recently built DC in Canada should help with some of this but will not fully alleviate the issue most likely. They do provide many ISO's with the grsec set of kernel hardening compiled in and IPv6 subnets come with all kimsufi plans. They do have a habit of putting an SSH backdoor on to your server, "so they can help you in the event of a problem" but this just serves as another possible point of failure. US residents also will not have access to the same plans as residents of the EU, who often can receive much more favorable pricing.

Online.net Dedibox

Dediboxes

Colocation

Hurricane Electric