Tag

firewall Archives - AWS Managed Services by Anchor

warning: Clock skew detected. Your sanity may be incomplete.

By | Technical | No Comments

I’m a sysadmin, so staying up late most nights is kind of a personality trait. As a consequence, I sometimes don’t know what day it is, but I’ve usually got a handle on the month and year. Here at the Hosting company for Creative Anachronisms we like to think we can deal with just about any such oddball request customers throw at us, but we have limits (asymptotic at times). One customer, when answering our technical spec form for a new dedicated server, requested that we install a telnet daemon (locking it down of course, for security y’know) Another recent request asked for IP-based vhosting – customer is presumably migrating their app from an old Netscape iPlanet webserver or something equally horrid, they wouldn’t say A contract we’ve been chasing…

Read More

Firewalling VMware ESX for console access

By | Technical | No Comments

One of Anchor’s more recent product offerings is VMware-based virtual private servers. As one of my colleagues has already detailed, we take extra measures to secure the VMware host server to reduce the possibility of a compromise. Our VPS offering uses VMware ESX, which runs on bare metal and doesn’t have a host operating system. This isn’t the full story – according to documentation it boots a Redhat Enterprise Linux 3 system, then loads the vmkernel which is where the real work is done. One of the nice things about this approach is that there’s a userspace environment in which to run support software, like good monitoring components. We ran into an odd problem recently with an ESX host server on a dedicated network segment, namely that we couldn’t view…

Read More

Firewall Hero III: Legends of Packet Filtering

By | Technical | No Comments

Customer support can be fantastically rewarding sometimes. When your combination of skill, tenacity and knowledge produce a solution that’s straightforward and effective, the feeling of satisfaction is hard to match. It doesn’t even have to be something big, we’ll take those small victories gladly. Our work sometimes looks a bit like magic, and we don’t mind one bit. A few weeks ago one of our customers reported problems with streaming media from their server. Clients were taking about 20-30sec to connect, which was of course unacceptable, and they were suspecting something was wrong on our side, perhaps congestion or some over-zealous border firewall. The redundant connectivity we purchase is well above requirements even in the face of failure, and we don’t oversell bandwidth, so the former wasn’t a possibility. We…

Read More