Ever heard someone use the term VM or VPS? About the only thing they have in common is the V in their name.
A VPS (commonly OpenVZ or Parallels Containers) is a Virtual Private Server and usually runs on what is referred to as a “host node” or the main hardware node. VPS systems allow you to dynamically adjust resources without a restart.
A VM (commonly VMware ESX) is a fully paravirtualized system which all hardware is also virtualized. Many operating systems seem to work the best with paravirtualized systems as the hardware is presented as regular physical hardware.
- Full Paravirtualazation
- Virutualizes at the hardware level- most compatible
- Industry Standard
- Can run Windows/Linux/Suse/Novell/OSX all on the same host
- Cannot dynamically scale resources, VM’s must be rebooted to apply new allocations
- Slightly slower than software-level virtualization
- Cost, expensive
- OS level virtualization
- Fast provisioning
- Dynamic resource allocation, no reboots
- Tighter control of space and inode allocations
- Burstable RAM settings
- Only Linux or Windows VPS systems may exist on a single hardware node
- Price, although cheaper than vmware, still pricey. OpenVZ is a safe free version.
There are many different solutions to virtualizing or “chopping” up the resources for a single, large host system. Our winner was Parallels for their ease of installation, dynamic resource allocation and faster performance. Also keep in mind that if you are virtualizing systems make sure to have a good backup plan and spare parts or on-site warranty. One large host system may provide 20-50 virtual systems. An outage is now multiplied by the systems you have running on top of your hardware node.
Caught up in “cloud” technology? Think it’s useful or just some hype? This post will provide an extensive review of the pros and cons of cloud storage. We’ll also provide a definition of “cloud” storage and the difference between a public and private cloud.
There are a few different types of cloud storage. The main goal of the term “cloud” is to separate and decentralize storage. Systems should be expected to fail, fail often (more often than enterprise class hardware) and be easily replaced when they do. There are many providers of public cloud storage and quite a few vendors which provide cloud storage software so you can start your own cloud.
Public Cloud Providers
Private Cloud Providers (Software)
There are many benefits to utilizing cloud storage. One of the best benefits of using public storage is to diversify and distribute storage across the nation. Utilizing a private cloud allows you to decentralize your storage and possibly speed up largely parallel reads and build fault tolerance into your storage systems. I’ve personally had experience with ParaScale and it seems to work great. The software allows you to build your own private cloud storage system. In testing it has proved to be very fast and efficient.
Utilizing a public cloud can be a bit scary for some. Of course it requires a level of trust and assurance to allow your data to be on a public system. I’m sure most responsible persons will keep copies of their data elsewhere beside a public cloud. Private clouds are still somewhat new and require special software. If the software (or any underlying proprietary system) fails, it will require custom services (provided by the software vendor) to recover the data. Private clouds can be very helpful but we must weigh the benefits against the risks.
Cloud storage has been very successful in both private and public practice. Cloud storage provides cheap and distributed storage for files and can add speed if used privately. This technology is still very new and it must be considered with a “grain of salt” – we’re talking about our data here! In conclusion, Cloud storage technology is very efficient, decentralized, highly fault-tolerant and can offer us many benefits. The only way for the technology to mature is to provide more use and refinement. When cloud storage platforms are fully matured we can place more hope in the “cloud hype.”
The RioRey solution is a DDoS protection device not widely used or heard of … yet. First of all let me assure you that I am in no way associated with the RioRey company and my focus is to give an honest and unbiased opinion of their product offerings.
The RioRey device is a rack-mountable device with one copper management port and two copper or fiber (Multimode SX/LC or Singlemode LX/LC) ports. Their products tier in the volume of packets per second they are able to mitigate under a real DDoS attack. They range from 150K packets per second (PPS) to their newest eight rack unit 16M packets per second model. The model I have had the most experience with is their entry-level 150K PPS model. This will be the model I talk about in the remainder of this article.
Using the device is a breeze. Installation is as simple as installing it in line to the closest “edge” of your connection. For most companies and hosting providers this would be at their handoff from their bandwidth provider (e.g. Cogent, ATT) The device can be purchased (at no additional cost) with the ability to fail to bypass. This means that if the device has a hardware failure the device will act as a straight-through cable and continue to pass traffic. In testing this device did not even trip external monitoring when simulating failure.
The device comes with a very primitive web interface which is used for setting up low-level functions like syslog reporting and IP addressing of the management interface. The device comes with a pre-configured IP address to access this web console for first installation. The device also comes with their management software called “rView” This software allows you to view the status of the device, perform reports, get real-time insight into current attacks and customize how the device behaves under attack. The device also has the ability to send SNMP traps, log to syslog and email when an attack is detected.
Real World Experience
I’ve personally and (un)fortunately had this device work for me. This device was blocking a 1.3GBit/sec UDP flood and was currently only linked at 100mbit. All sites/devices/services behind the RioRey were still responsive. The sites did notice a small uptick in response time but no dropped packets or requests. The device performed as advertised and their patented Micro Behavioral Analysis (MBA) algorithms performed beautifully. Within 60 seconds the attack was mitigated and “polluted” traffic was removed. The graph on the right illustrates how fast the traffic was blocked. Notice the blue line grow and then almost instantly disappears. This blue line is the “after filtering” traffic (the traffic passed to the LAN interface.) The attack traffic was almost instantly mitigated- all without human intervention.
This device is a very valuable tool. It’s kind of like a fire extinguisher, when you need it you really need it; when you don’t need it you never really even know or care to know that it’s there. Was it worth the investment? It’s hard to gauge these things after an attack is mitigated. If we didn’t have the device under attacks it would be much harder to identify the attacker and the victim and would cause more downtime simply analyzing the traffic to find the source(s).
I believe the device is well worth it. It’s entry-level pricing is second to none (when compared to other solutions) and it allows a level of protection that most never thought possible for the price. To obtain more information and pricing please visit The RioRey Site.
If you have any questions about the device and would like to contact me for more information please post a comment or email Adam [at] Admo.net for more information!
Here is something odd I found with Google Chrome.
Go to “google.com”
Middle click maps at the top and see the distorted map on the new tab.
What causes this? Google how well did you review your code. I know it’s a beta … but I expect better from Google 🙂 It works fine when visiting the maps site directly or refreshing.
Recently I was reading an article here which shows how an application called “Search Tracker” guided searchers to an autistic man named "Keith kennedy late Sunday in a wooded area.
The software calculates the possibility that someone would be lost in certain areas based on density of plant life and wooded areas.
More on this story at LinuxInsider.
Hey- Apparently Time Warner Cable doesn’t rate-limit UDP packets (as far as I can tell).
Here is the scenario:
Time Warner Turbo (15Mbit down / 1Mbit up) connected to OpenVPN (10mbit limit) at a local data center.
Here is what the connection path looks like:
Time Warner Cable –> OpenVPN –> Squid Proxy –> Website
At first I didn’t know what to think – I can normally achieve around 1Mbps up but I was getting over 2.8Mbit/sec upstream! I thought to myself “This has to be Squid caching the upload test data” so I altered the Squid configuration to explicitly NOT cache the data from SpeakEasy’s test site.
Here’s what I found:
|After (10Mbit limited by OpenVPN)
How can this be? Well it might have to do with the fact that Time Warner doesn’t monitor UDP traffic (at least to OpenVPN UDP 1194). After reading many documents, it’s evident that traffic shaping TCP is easy and TCP comes with traffic shaping mechanisms and UDP does not. My speculation is that Time Warner simply drops packets when rates are too high, causing TCP to (inherently) re-send data that is lost.
The first thing you should do is grab a copy of Untangle. It’s quick and easy to set up OpenVPN out of the box.
- Obtain OpenVPN
- Bring OpenVPN online at a Data Center or as a VM on your leased server at a Data Center.
- Connect to OpenVPN from your Time Warner connection.
- Start a VM with Squid caching proxy running. Make sure that you have access to this VM from your VPN client (configured in Untangle)
- Start Squid
- Open your favorite browser and point it to the squid proxy (private IP address via OpenVPN)
- Access speed test sites (all OpenVPN traffic is UDP so you should be able to achieve speeds without using Squid)
Well now that Firefox 3 is out does IE7 have a chance? Personally I’ve used Firefox 3 quite a bit faster (even in its release candidate stages) than IE7.
Please vote below and show us who really is the winner.
Today I downloaded and installed Xilisoft Video Converter. It seems to be a pretty promising tool as it can convert almost any video/audio format to another video/audio format. This becomes very helpful when converting those old VHS tapes to DVD’s or trying to get your favorite format to your iPod or iPhone.
Better hurry – This download won’t last long as they have you activate it during the offer. Keep in mind that applications on givawayoftheday.com typically aren’t supported (because they’re free).
Well, I woke up today and I remembered that today is “Download Day” but wait…. spreadfirefox.com is still the same… where’s my FireFox? Here’s what they have to say:
Check out the Mozilla wiki that tracks their process.
I recently stumbled upon a site which helps you categorize and sort credit card offers more efficiently. CreditCardClub.com provides credit card reviews to the public for free. Want to see all of the lowest interest rate cards? No problem. No annual fee cards? They have them. All of the information you need about almost any credit card is available at your finger tips at CreditCardClub.com.
I know it sounds strange but I like sites like this; after all, we’re a nation who needs information and they need it now. Who wants to spend hours surfing through the ‘net looking for credit cards meeting your criteria? Not me.