Introduction


This server is a virtual system, running in todays catchy term, in "the cloud". The somewhat vague definition of "cloud computing" is that computing resources are rented from a provider, are typically accessed over the Internet and resources are expandable on demand. I am running this server since 2004 through the VPS hosting provider Linode. Linode provisions virtual private servers (VPS) in a instant from a selection of preconfigured resource plans. Linode also provides immediate modification of resources such as adding memory, disk, bandwidth and IP's on demand as needed. Grown into a multi-datacenter hosting company, they also provide the choice of the servers datacenter and location migration to minimize network latency and increase the remote access performance.

VPS hosting limitations


VPS providers either adapted VMware for full virtualization, or used Linux paravirtualisation that limited the VPS-offered server operating system choice to Linux. My VPS provider technology was originally based on Linux UML, with XEN being introduced in spring of 2008. My operating system choice for the server had been limited Linux, and in particular to a distribution and kernel offered by the VPS vendor. This turned out to be only a minor inconvenience. Very recently, this limitation has been improved by allowing to use "custom" kernels through the providers boot loader pv-grub. Now there are even examples of running BSD Unix as the first paravirtualized non-Linux OS. I used this chance for freedom to switch from Debian Linux to my own "custom" Linux distribution: OpenSuSE 11.2, obsoleted in 2011 and replaced by OpenSuSE 11.4.

VPS hosting in the early days


Since 2004 I had been running Debian Linux with minimal packages. I was self-reliant and compiled all external-facing services on my own: SSH, Exim SMTP, Cyrus IMAP and Apache 1.3. During the early years, it was important to manage the limited server resources, in particular RAM was at a premium. In 2006, squeezing a Oracle 10g DB into less then 512 MB (Oracle's official minimum) was a real challenge and meant stripping it to the core modules. However, over time this strategy of self-compilation and self-reliance became a burden. I started to have less time for recompiling updates, updates became more frequent and dependencies more complex. Increased server resources now allows me to neglect compile optimisation and use the convenient, improved software package management with security updates provided by the Linux distributor.

VPS resource improvements


In 2004, my VPS plan provided 240MB RAM. As computing resources got cheaper, Linode passed them on to customers. Today, the same plan from 2004 provides 1536 MB RAM, 6.4 times more. While I always had the option of increasing resources on demand, the VPS plan's built-in improvements have always been ahead of my needs.

Linode plan improvements

VPS Operating System changes


Upgrading the OS is unavoidable. Especially Linux distributions have a fast release cycle. Although I am not on the experimental edge I used to update the OS aproximately every 2 years. I achieved an record uptime of 734 days only once, between 2006 and 2009. Now, OS upgrades became an annual procedure due to increased security and support concerns.The maintenance period for OpenSuse is that short. I may need to go to an Ubuntu LTR...

YearVPS server OSComment
2004Debian 3.0 (Woody)Initial installation
2006Debian 3.1 (Sarge)Upgrade
2009Debian 4.0 (Etch)Upgrade, move from UML to XEN
2010OpenSuse 11.2Fresh Installation, custom kernel with pv-grub
2011OpenSuse 11.4Fresh Installation, resizing disks to 3 x 10 GB
2012OpenSuse 12.1Distribution Upgrade with 'zypper dup'
2013OpenSuse 12.3Fresh Installation, resizing disks to 3 x 20 GB

The choice of switching to a "custom kernel" since OpenSUSE 11.2 had 2 reasons:

  1. OpenSuSE provides the security package AppArmor. AppArmor secures applications through system call profiling. The benefits are increased security for my web applications and the server. AppArmor has been developed by Novell and is natively available on SUSE Linux. This package is tied to the security modules kernel interface for intercepting system calls, so I need to run the "custom" SUSE kernel. AppArmor secures applications system access through system call profiling. The benefits are increased security for my web applications and the server. It is another safety net in todays world of increasing threats.
  2. I am more familiar with OpenSUSE through my involvement with Novells SLES Enterprise Linux for commercial use. With distributions being highly "customized", their handling separated more and more. It becomes increasingly difficult keep up with changes in different flavors of Linux. The good old days of the 3 UNIX styles BSD, AT&T and Linux in the middle are long gone.

With the switch to OpenSuSE I also stopped the practice of self-compiling critical services. I am relying on the distributions software package and update management, which in OpenSuSE's case is a single shell command. 'zypper update' is all that is required to fix bugs and security issues. Although I now depend on the distribution vendor for security, with additional service hardening, Linux firewall, log management and application security through AppArmor I hope to survive the ongoing attacks in the virtual world.

VPS server application stack


Applications changed less then the OS did. Only with the Linux distribution switch the applications stack changed. I went from Apache 1.3 to Apache 2.2, from Exim SMTP to Postfix and from Oracle to the Linux native DB MySQL. Changing the application stack resulted in time-consuming migration work that took most of this years local spring holidays. While the Web and Mail system migration was fairly painless, the migration from Oracle 10g to MySQL 5.1 had been more troublesome. Although MySQL has been grown up in recent time matching many features of Oracle, there are substantial differences in all major areas: incompatible data types, data manipulation functions and trigger design required serious schema and application code changes. One of the great improvements with the new software stack is the E-Mail systems SPAM prevention. Before I had been running Exim with RBL's and spamassassin, the daily SPAM rate in my mailbox was over 10. With the new SUSE mail stack consisting of postfix, amavisd and clamav, the SPAM rate dropped to 2 per day using the 'medium' setting. What a great relief.

VPS server remote access and management


"Cloud" computing means being able to access the system from anywhere. In todays locked down network environments, only a VPN service running on a standard web port can provide access from most locations. Since 2007 I had been running SSLExplorer for private use. It was a very convenient VPN product, besides the neat web interface the VPN client software (Java) download happened ad-hoc when needed. But after SSLExplorer sold out to Barracuda Networks, I switched to OpenVPN. OpenVPN is not as convenient, but it is very robust. Currently, I am using it only for shell access. This year I tried the full graphical access, but todays bandwidth and network delay is still not good enough for the full remote desktop experience. Serious lag for windows refresh and mouse movements made it painful to use. While the virtual desktop infrastructure (catchphrase VDI) may work in a LAN, there is still a long way to go for running it in the "cloud" over a WAN connection.

"Cloud" computing and VPS benefits


For myself, "cloud" computing together with the excellent VPS provisioning service by Linode provided me with a particular freedom: to run my own independend mailsystem, consistently write and publish web software, access and store data in a single location accessible from anywhere over a period of several years. It was made possible through affordable pricing, coming down by sharing hardware resources through virtualisation and taking away the work of infrastructure maintenance. In fact, the reliability of the VPS service had been so great I remember only 2 downtimes ever, someday back before 2006. The rest of the time, the VPS server had been up 100%, 24x7x365. Between 2007 and 2009, this server reached a 'uptime' of running continously without a reboot for over 700 days - outstanding.

VPS and "cloud" alternatives


"Cloud" computing can also mean just using the various application services available on the net. E-Mail service is free from Google or Hotmail, MySpace provides storage, web service is available from many web hosting companies and more services are starting up. Diversifying these services however is a hassle: managing multiple accounts and payments, moving services between providers and keeping it all together over years can be substantial work. Not all what is free is a good choice: I have been with a free e-mail provider for a few years when it suddenly discontinued the service. With an e-mail address being as personal and wide-spread as a phone number, changing it is serious. Even longtime E-mail giants like Google and Microsoft provide their free service not out of goodwill. Imagine your messages available to unknown employees, maybe screening and profiling it for behaviour patterns such as shopping and product preference? Perhaps sold to marketeers? Maybe the situation is not so bleak, but why take chances as long as we can help it. Most Internet service providers learned to live off one thing: *our data*. This might not be inherently bad, but it changes life and business in subtle ways.

Conclusion


Today, VPS hosting is not anymore about savings through shared resources. It is all about *outsourcing* infrastructure management. For this benefit I have to trust my VPS service provider. VPS disk images can be read anytime by staff. Technical measures like disk image encryption using a customers secret key entered at boot time would make it harder but not impossible. Bottom line, business in real and virtual worlds including the "cloud" will always rely on trust. Lets see what the next years will bring. Maybe my VPS service provider is bought by Apple and after iMac, iPod, iPad and iPhone, Linode becomes the iNode? Hopefully NOT! :-)

PageRank

Nagios Logo

Apache Logo

Postfix Logo

MySQL Logo

OpenSUSE Logo