Category Archives: Systems administration

Testing CloudFlare

Posted on by
1

Most people know what is CloudFlare and what they are doing because they presented the company at Tech Crunch Disrupt. Sadly I couldn’t watch the presentation live, but I saw all the hype that was on Twitter about this exciting product. CloudFlare enhances your site’s performance and security by taking over your DNS and rerouting incoming requests through it’s proxy, caching commonly requested pages, scripts or content and weeding out evil robots that could be scanning all your pages for vulnerabilities.

Setting up CloudFlare

CloudFlare is simple to setup. In fact, if your DNS zone is simple, the setup process will automatically detect all it needs without asking too many questions. For blogs or small websites, this rocks. But, if you have a complex DNS zone, do not forget to double check twice that all your DNS records are also listed in CloudFlare. To finish the setup, you need to change the name servers of your domain to the assigned CloudFlare name servers. Et hop! Your website is now faster than ever!

CloudFlare and Nagios/NRPE

If you really care about your website, you probably (or maybe your hosting provider does this for you) monitor your services, disk/cpu usage with Nagios/NRPE (or any other monitoring software). To prevent the monitoring server from monitoring through the proxy, CloudFlare will ask you to create “direct” sub-domains. Those entries will point to the same IP, but won’t pass through the proxy. If you don’t do that, your pager might get a call or two because CloudFlare’s proxy does not route NRPE traffic.

Support

Support is very important when it comes to this kind of service. Good news: even you are using the free service, they are fast. I’ve had my e-mails answered in 2-3 hours.

Conclusion

CloudFlare is really giving what small websites need to enhance page loadings and prevent bad things from happening without installing your own reverse proxy and intrusion detection system. This is HUGE. But in the end, you are giving up control on your DNS and (almost) all traffic to your website. Risky. What do you think? Have you tried it yet?

CloudCamp Montreal

Posted on by
7

Last Friday, I’ve attended the first CloudCamp event here in Montreal. Being more experienced in traditional systems and services administration, I was very intrigued about what would be the main interests and concerns of the Cloud’s early adopters. But first, to get there, we first need to agree on what is Cloud Computing.

The Definition of Cloud Computing

The NIST (National Institute of Standards and Technology) came out with a very good definition (original document can be found here):

“Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability [...]“

Simply put, the five essential caracteristics of a Cloud are:

  • On-demand self-service;
  • Broad network access;
  • Resources pooling;
  • Rapid elasticity;
  • Measured service.

Security concerns

The main question business owners should ask themselves when they switch to the cloud is “how much money will I loose if this thing goes down?” (because, yes, it could). While the technologies put in place by major Cloud Computing providers is very good, switching is always a trade between flexibility and control. Before going cloud, a few questions should be asked:

  • Will my system be secure?
  • Will my system be fast and available? (enough bandwidth for your needs?)
  • Does my system requires specific customizations the provider won’t support?

In business context, this should always be viewed more from a business perspective more than a tech-trends perspective. Those risks can be calculated.

There are also many legal issues. Remember that your data can be stored anywhere in the World and the ability to define where you want it to be hosted is not supported by all providers. For instance, if your data is stored in the US, it is subject to the Patriot Act.

Conclusion

The conversation about security was obviously the main topic of the event. Environment (power consumption, cooling, etc.), application development and management (systems, people, etc.) could have been more discussed. Hope that by next year, most of those security concerns will have been solved by robust and proven solutions so we can dive into other very interesting subjects.

As a side note, Nicolas Roberge posted on his blog cool pictures of the event.