February 21 2017

DIY-CDN, a good read and some ideas to expand.

So I came across an interesting read at scalescale.com regarding building a small CDN network using DigitalOcean, and I wanted to take a look at it to see how we can expand upon it even further.

To check out the article:
http://www.scalescale.com/rolling-your-own-cdn-build-a-3-continent-cdn-for-25-in-1-hour/#

Of course, one of the first things I wanted to check out was the inclusion of 1&1 CloudServers. DigitalOcean gives us the wider range of datacenters and (currently) the inclusion of IPv6 so that any servers (currently only DO, 1&1 is still in process of rolling out) can be provided for, but for now we’re going to remove that as a need so that we can fully rate all servers on the same plane without having AAAA records going to 1 datacenter and the A record going to another.

Here’s the setup we’re going to look at:

Nameserver:
1&1 US CloudServer: NGCS M $9.99

Servers:

North America
1&1 CloudServer | Kansas | NGCS S $4.99
DO Droplet | SanFran. | Droplet $5.00
DO Droplet | NewYork | Droplet $5.00
DO Droplet | Toronto | Droplet $5.00

EU
1&1 CloudServer | London | NGCS S $4.99
DO Droplet | Amsterdam | $5.00
1&1 CloudServer | Frankfurt | NGCS S $4.99
1&1 CloudServer | Spain | NGCS S $4.99
DO Droplet | Bangalore | $5.00

VPN/Datacenter Connections

1&1 CloudServer | Kansas | NGCS S $4.99

GlusterFS/Galera (DB) – Clustering the Filesystem and DB

1&1 CloudServer | Kansas | NGCS S $4.99
DO Droplet | NewYork | Droplet $5.00

 

So here’s the plan as it’s working out in my head (still working on the implementation):

Nameservers:

The nameserver is setup just like its shown in the ScaleScale article. I choose to use 1&1 due to the fact that we can have load balancing for free on the NS, which allows for expansion later if we want failover protection.

Servers:

  • The servers in this test will be configured with a simple LAMP stack.
  • Each 1&1 server is connected to the VPN server via Private Network.
    • This allows so that any infrastructure traffic stays off of the public network, and doesn’t clog the pipeline
    • VPN connection is then established to provide the IPs

 

[To Be Continued – LastUpdated 2/20/2017]

January 23 2017

Server 2012 – VPN with 1NIC – [1and1 version]

I case recently was brought to me to investigate using Windows Server 2012 and setting up a native VPN using the features that 1and1.com provides. 1&1’s CloudServers and CloudVPS provide you with a single NIC for connection to the internet and a Hardware Firewall. The CloudServers can have a second nic added, but only for usage with 1&1’s own Private Networking feature to connect multiple VMs together, so it can’t be used in this instance. Fortunately, this is a topic that’s been written about numerously, and the guide here unashamedly will follow most of it. The cavets though, not written in the original guide is that this VPN is to be used to so that the VPN server sends all of the VPN client’s data out to the internet, effectively giving the clients the same IP as the server. The original guide instead only speaks about setting up a simple VPN which creates a LAN for those connected. The original article comes from a great site that features wonderful guides on System Administration and it’s suitably named TheSysAdmins.

You can click through to follow along, or check out the guide above. The differences are my addition of the NAT and my use of Computer Management for setting the Dialin Access whereas they use Active Directory. I’ll have a retype of my exact steps shortly.

Updated the steps without AD and with NAT:

  1. Head to Server Manager, click on Manager, Add Roles and Features
  2. Role-based or feature-based installation
  3. Make sure the server you want to install the RRAS role is selected
  4. Select Remote Access and select “Routing” to install NAT functionality
  5. View items and click add features
  6. Next as you do not need to add any features
  7. Tick DirectAccess and VPN (RAS)
  8. This shows the Role services which are requested and then added
  9. When the feature installation is complete click close
  10. Select Remote Access in Service manager
  11. Right click the Server with the Remote Access role install and choose Remote Access Management
  12. Select Run the Getting Started Wizard
  13. Select Deploy VPN Only, the familiar RRAS console will appear
  14. Right click the server and choose configure and enable routing and remote access
  15. If you select “Remote Access” give the following error “Less than two network interfaces were detected on this machine. For standard VPN server configuration at least two network interfaces need to be installed
  16. Select Custom Configuration to get around this, then select VPN Access and NAT, follow it through to the end
  17. Right click Routing and remote access and select properties
  18. Browse to the IPv4 tab and assign a static pool of IPs for the remote clients
  19. Click OK and go to the “IPv4” in the Treeview and expand it.
  20. Go to the NAT node and right click on the white-space to select “New Interface”
  21. Select the External interface and click OK. The properties will show and you will select the option for Public Access and NAT.
  22. Exit that and redo step 20 to select “Private” interface instead and add it.
  23. Now exit out and go to your Start menu and search for “Computer Management”
  24. In the treeview click/expand on “Local Users and Groups”
  25. Find your users you want to give access to and right click on the user and select Properties.
  26. Go to “Dialin Access” and choose “Allow Access”.
  • Now you’re server is ready, it’s just time to allow access in the CloudPanel’s Firewall
  • Add TCP 1723 for the PPTP connection and GRE protocol for the data connection.

 

August 20 2016

Coming from Shared to a Server

TL;DR : Pay the extra money and get a control panel if you can like Plesk or cPanel.

So you found yourself in needing a server, after years of building up in a WebHosting platform. Maybe you reached the end of the “unlimited” plan, or your business of reselling has grown too fast and you want/need to offer them a control panel, or maybe you’re just tried of sharing resources with other unknown people. Whatever the case may be, you made it here, and I welcome you.

Welcome

I typically spend about 10-15 minutes with a customer on the phone who has one of these fundamental reasons for obtaining a Server contract and it always has to start with me finding out what their experience is. 9/10, the customer has relied on the service provider like 1&1, Godaddy, etc to manage the environment. Things like Linux, Apache, etc are high above them and they just know what their website is…”Wordpress”. Whatever the case may be, it’s these 9/10 people that I inform them to get a Linux server for their PHP sites or Windows for their ASP.Net, and they must get a control panel like Plesk (Windows+Linux) or cPanel (Linux/CentOS).

The reason for this is simple: control panels like these come prepackaged with everything they need. Since they spent their years in a providers control panel, telling them right now to get their hands dirty isn’t exactly the answer.

If they’re the 10% that know their way around a server, then I typically just ask how confident are they at managing everything and if they want to do without the CP. The reason for this is just as simple for them: Pre-packaging everything brings a lot of “fluff” and excess weight that’s not needed. Take Windows for example, all you want is ASP.Net, MSSQL, and a few custom applications, you may not have any need for having PHP binaries, MySQL, SmarterMail, etc taking up space and having the services use resources, but then it’s all on you.

So now you have yourself a server, and something goes wrong…

Well fortunately for those that got a CP, server providers will typically have a support contract with the CP’s vendor so that they can atleast rule out if there’s an issue with the CP itself or any of the services it provides (Apache, MySQL, etc). If in the end the issue is in your code, then you should already know how to fix it. If it was with a service that the vendor was able to resolve, you can request exactly what the issue was, how they found it, and how they fixed it. Knowledge is power. 

If instead you have an issue that the vendor can’t fix, because of something outside of their scope as it doesn’t relate to anything being broken, but instead your configuration is set lower than your requirements, then it’s a good idea to seek guidance and if needed, help.

Google it

Take to google, and type in exactly what the issue is, include things like OS, service, etc. “CentOS increase logical volume”.

Ask experts/support agents

Sometimes while the vendors or maybe even your Service Provider’s tech support can’t support your request due to their policies, there’s good chance they’ve seen the issue and could advise how to go about it. Don’t get frustrated that they can’t do it, and advise them that you’re not asking them to do it, just have them point you in the right direction.

Personal note: I hate when a customer berates me for not doing a service that I can’t provide. I agree that I may know how to do it, or feel confident in doing it, but rules can’t be bent. So instead I try to provide as detailed of guidance as I can.

Hire an Admin

I can’t tell you where to find an admin, or whom to trust. Honestly hiring a full time admin that’s atleast on call for you, would be the best bet. Find someone who can get the server setup from the get-go, will support you during the lifespan of the project, and have the peace of mind of getting it done.

Personal note: While even I have done freelance Admin support for a number of returning customers, I can’t help but cringe at the idea that people would pay someone that they don’t know, to work on a server/project that they didn’t setup, and would just flip flop around until they find the price point they want. It’s your business at stake here.