Posts Tagged 'Management'

December 1, 2011

UNIX Sysadmin Boot Camp: Permissions

I hope you brought your sweat band ... Today's Boot Camp workout is going to be pretty intense. We're focusing on our permissions muscles. Permissions in a UNIX environment cause a lot of customer issues ... While everyone understands the value of secure systems and limited access, any time an "access denied" message pops up, the most common knee-jerk reaction is to enable full access to one's files (chmod 777, as I'll explain later). This is a BAD IDEA. Open permissions are a hacker's dream come true. An open permission setting might have been a temporary measure, but more often than not, the permissions are left in place, and the files remain vulnerable.

To better understand how to use permissions, let's take a step back and get a quick refresher on key components.

You'll need to remember the three permission types:

r w x: r = read; w = write; x = execute

And the three types of access they can be applied to:

u g o: u = user; g = group; o = other

Permissions are usually displayed in one of two ways – either with letters (rwxrwxrwx) or numbers (777). When the permissions are declared with letters, you should look at it as three sets of three characters. The first set applies to the user, the second applies to the group, and the third applies to other (everyone else). If a file is readable only by the user and cannot be written to or executed by anyone, its permission level would be r--------. If it could be read by anyone but could only be writeable by the user and the group, its permission level would be rw-rw-r--.

The numeric form of chmod uses bits to represent permission levels. Read access is marked by 4 bits, write is 2, and execute is 1. When you want a file to have read and write access, you just add the permission bits: 4 + 2 = 6. When you want a file to have read, write and execute access, you'll have 4 + 2 + 1, or 7. You'd then apply that numerical permission to a file in the same order as above: user, group, other. If we used the example from the last sentence in the previous paragraph, a file that could be read by anyone, but could only be writeable by the user and the group, would have a numeric permission level of 664 (user: 6, group: 6, other: 4).

Now the "chmod 777" I referenced above should make a little more sense: All users are given all permissions (4 + 2 + 1 = 7).

Applying Permissions

Understanding these components, applying permissions is pretty straightforward with the use of the chmod command. If you want a user (u) to write and execute a file (wx) but not read it (r), you'd use something like this:

chmod Output

In the above terminal image, I added the -v parameter to make it "verbose," so it displays the related output or results of the command. The permissions set by the command are shown by the number 0300 and the series (-wx------). Nobody but the user can write or execute this file, and as of now, the user can't even read the file. If you were curious about the leading 0 in "0300," it simply means that you're viewing an octal output, so for our purposes, it can be ignored entirely.

In that command, we're removing the read permission from the user (hence the minus sign between u and r), and we're giving the user write and execute permissions with the plus sign between u and wx. Want to alter the group or other permissions as well? It works exactly the same way: g+,g-,o+,o- ... Getting the idea? chmod permissions can be set with the letter-based commands (u+r,u-w) or with their numeric equivalents (eg. 400 or 644), whichever floats your boat.

A Quick Numeric chmod Reference

chmod 777 | Gives specified file read, write and execute permissions (rwx) to ALL users
chmod 666 | Allows for read and write privileges (rw) to ALL users
chmod 555 | Gives read and execute permissions (rx) to ALL users
chmod 444 | Gives read permissions (r) to ALL users
chmod 333 | Gives write and execute permissions (wx) to ALL users
chmod 222 | Gives write privileges (w) to ALL users
chmod 111 | Gives execute privileges (x) to ALL users
chmod 000 | Last but not least, gives permissions to NO ONE (Careful!)

Get a List of File Permissions

To see what your current file permissions are in a given directory, execute the ls –l command. This returns a list of the current directory including the permissions, the group it's in, the size and the last date the file was modified. The output of ls –l looks like this:

ls -l Output

On the left side of that image, you'll see the permissions in the rwx format. When the permission begins with the "d" character, it means that object is a directory. When the permission starts with a dash (-), it is a file.

Practice Deciphering Permissions

Let's look at a few examples and work backward to apply what we've learned:

  • Example 1: -rw-------
  • Example 2: drwxr-x---
  • Example 3: -rwxr-xr-x

In Example 1, the file is not a directory, the user that owns this particular object has read and write permissions, and when the group and other fields are filled with dashes, we know that their permissions are set to 0, so they have no access. In this case, only the user who owns this object can do anything with it. We'll cover "ownership" in a future blog, but if you're antsy to learn right now, you can turn to the all-knowing Google.

In Example 2, the permissions are set on a directory. The user has read, write and execute permissions, the group has read and execute permissions, and anything/anyone besides user or group is restricted from access.

For Example 3, put yourself to the test. What access is represented by "-rwxr-xr-x"? The answer is included at the bottom of this post.

Wrapping It Up

How was that for a crash course in Unix environment permissions? Of course there's more to it, but this will at least make you think about what kind of access you're granting to your files. Armed with this knowledge, you can create the most secure server environment.

Here are a few useful links you may want to peruse at your own convenience to learn more:
Permissions Calculator

Did I miss anything? Did I make a blatantly ridiculous mistake? Did I use "their" when I should have used "they're"??!!... Let me know about it. Leave a comment if you've got anything to add, suggest, subtract, quantize, theorize, ponderize, etc. Think your useful links are better than my useful links? Throw those at me too, and we'll toss 'em up here.

Are you still feeling the burn from your Sysadmin Boot Camp workout? Don't forget to keep getting reps in bash, logs, SSH, passwords and user management!

- Ryan

Example 3 Answer

November 15, 2011

UNIX Sysadmin Boot Camp: User Management

Now that you're an expert when it comes to bash, logs, SSH, and passwords, you're probably foaming at the mouth to learn some new skills. While I can't equip you with the "nunchuck skills" or "bowhunting skills" Napoleon Dynamite reveres, I can help you learn some more important — though admittedly less exotic — user management skills in UNIX.

Root User

The root user — also known as the "super user" — has absolute control over everything on the server. Nothing is held back, nothing is restricted, and anything can be done. Only the server administrator should have this kind of access to the server, and you can see why. The root user is effectively the server's master, and the server accordingly will acquiesce to its commands.

Broad root access should be avoided for the sake of security. If a program or service needs extensive abilities that are generally reserved for the root user, it's best to grant those abilities on a narrow, as-needed basis.

Creating New Users

Because the Sysadmin Boot Camp series is geared toward server administration from a command-line point of view, that's where we'll be playing today. Tasks like user creation can be performed fairly easily in a control panel environment, but it's always a good idea to know the down-and-dirty methods as a backup.

The useradd command is used for adding users from shell. Let's start with an example and dissect the pieces:

useradd -c "admin" -d /home/username -g users\ -G admin,helpdesk -s\ /bin/bash userid

-c "admin" – This command adds a comment to the user we're creating. The comment in this case is "admin," which may be used to differentiate the user a little more clearly for better user organization.
-d /home/username – This block sets the user's home directory. The most common approach is to replace username with the username designated at the end of the command.
-g users\ – Here, we're setting the primary group for the user we're creating, which will be users.
-G admin,helpdesk – This block specifies other user groups the new user may be a part of.
-s\ /bin/bash userid – This command is in two parts. It says that the new user will use /bin/bash for its shell and that userid will be the new user's username.

Changing Passwords

Root is the only user that can change other users' passwords. The command to do this is:

passwd userid

If you are a user and want to change your own password, you would simply issue the passwd command by itself. When you execute the command, you will be prompted for a new entry. This command can also be executed by the root user to change the root password.

Deleting Users

The command for removing users is userdel, and if we were to execute the command, it might look like this:

userdel -r username

The –r designation is your choice. If you choose to include it, the command will remove the home directory of the specified user.

Where User Information is Stored

The /etc/passwd file contains all user information. If you want to look through the file one page at a time — the way you'd use /p in Windows — you can use the more command:

more /etc/passwd

Keep in mind that most of your important configuration files are going to be located in the /etc folder, commonly spoken with an "et-see" pronunciation for short. Each line in the passwd file has information on a single user. Arguments are segmented with colons, as seen in the example below:


Argument 1 – username – the user's username
Argument 2 – password – the user's password
Argument 3 – 12345 – the user's numeric ID
Argument 4 – 12345 – the user group's numeric ID
Argument 5 – "" – where either a comment or the user's full name would go
Argument 6 - /home/username – the user's home directory
Argument 7 - /bin/bash – the user's default console shell

Now that you've gotten a crash course on user management, we'll start going deeper into group management, more detailed permissions management and the way shadow file relates to the passwd usage discussed above.


November 11, 2011

UNIX Sysadmin Boot Camp: Passwords

It's been a while since our last UNIX Sysadmin Boot Camp ... Are you still with me? Have you kept up with your sysadmin exercises? Are you starting to get comfortable with SSH, bash and your logs? Good. Now I have an important message for you:

Your password isn't good enough.

Yeah, that's a pretty general statement, but it's shocking how many people are perfectly fine with a six- or eight-character password made up of lowercase letters. Your approach to server passwords should be twofold: Stick with it and Be organized.

Remembering a 21-character password like ^@#*!sgsDAtg5t#ghb%!^ may seem daunting, but you really don't have to remember it. For a server, secure passwords are just as vital as any other form of security. You need to get in the habit of documenting every username and password you use and what they apply to. For the sake of everything holy, keep that information in a safe place. Folding it up and shoving it in your socks is not advised (See: blisters).

Want to make your approach to password security even better? Change your passwords every few months, and make sure you and at least one other trusted colleague or friend knows where to find them. You're dealing with sensitive material, but you can never guarantee that you will be available to respond to a server-based emergency. In these cases, your friends and co-workers end up scrambling through bookshelves and computer files to find any trace of useful information.

Having been one of the abovementioned co-workers in this situation, I can attest that it is nearly impossible to convince customer service that you are indeed a representative of the company having no verification information or passwords to provide.

Coming soon: Now you've got some of the basics, what about the not-so-basics? I'll start drafting some slightly more advanced tips for the slightly more advanced administrator. If you have any topics you'd like us to cover, don't hesitate to let us know in a comment below.


November 1, 2011

SoftLayer on the iPad

Shortly after we began implementing the SoftLayer Mobile application for the iPhone and Android, Apple released the iPad. With our development resources limited, we focused on adding the functionality our customers required to the iPhone application with only a few small features added to support the new device.

As we became more familiar with the iPad, we started seeing a few key areas where SoftLayer Mobile could benefit from the large format iPad user interface. We've been able to incorporate a phenomenal feature set in the SoftLayer Mobile application, and as our desired feature set has become more and more complete, we've gotten a bit of breathing room from our iPhone releases. We used that breathing room to re-visit the iPad and what it could mean for the SoftLayer Mobile customer experience on a tablet. The result of that investigation is the SoftLayer Mobile HD application:


As you might expect, SoftLayer Mobile HD shares quite a bit of functionality with its iPhone sibling. The application offers a window into your SoftLayer environment so that you can browse, create and edit support tickets; discover information about computing resources and bandwidth; and keep up-to-date on the latest notifications from our data centers. The iPad application also helps you keep track of financial information by allowing you to browse your account and its invoices. All this functionality benefits from the intuitive interface of the iPad. You have more room to browse, more room to edit, and fewer screens to navigate as you manage and explore your virtual SoftLayer data center.



Best of all: The application is only in its first release, and already shows great promise! We have plenty of room to grow and tons of ideas about the next features and functions we want to add. If you're iPad-equipped, get the SoftLayer Mobile HD application in the iTunes App Store. When you're navigating through the interface, take note of anything you'd like to see us change or add, and let us know!


September 28, 2011

A Whole New World: SoftLayer on Windows Phone 7

As SLayers, our goal is always to bring creativity in every aspect of work we do at SoftLayer. It was not too long ago when the Interface Development team was presented with a new and exciting challenge: To develop a Windows Phone 7 Series app. Like me, many questioned whether we should tap into the market of Windows Phone OS ... What was the scope of this OS? What is the future of Windows Phone OS smartphones? The business relationship that NOKIA and Microsoft signed to produce smartphones with Windows Phone 7 OS will provide consumers with a new interface and unique features, so smartphone users are paying attention ... And we are too.

The SoftLayer Mobile world had already made huge strides with iPhone and Android based apps, so our work was cut out for us as we entered the Windows Phone 7 world. We put together a small, energetic and skilled group of SLayers who wanted to make SoftLayer proud, and I am proud to be a member of that team!

Our focus was to design and develop an application that would not only provide the portal functionality on mobile phone but also incorporate the awesome features of Windows Phone 7. Keeping all that in consideration, the choice of using an enterprise quality framework was essential. After a lot of research, we put our finger on the Microsoft's Patterns and Practices-backed Prism Framework for Windows Phone 7. The Prism Framework is a well-known and recognized name among Silverlight and Windows Presentation Framework developers, and since Windows Phone 7 is built upon the Silverlight and XNA Framework, our choice was clearly justified.

After selecting the framework, we wanted to make the whole asynchronous experience smooth while talking to SoftLayer's mobile API. That' where we met the cool kid on the block: Reactive Extensions for .NET (also known as Rx). The Rx is a library used to compose asynchronous and event-based programs. The learning curve was pretty intense for the team, but we operate under the mantra of CBNO (Challenging-But-Not-Overwhelming), so it was learning we knew would bear fruits.

The team's plan was to create an app that had the most frequently used features from the portal. The features to be showcased in the first release were to be basic but at the same time essential. The features we pinpointed were ticket management, hardware management, bandwidth and account management. Bringing these features to the phone posed a challenge, though ... How do we add a little more spice to what cold be a rather plain and basic app?

Windows Phone 7 controls came to our rescue and we utilized the Pivot and Panorama controls to design the Ticket Lists and Ticket Details. The pivot control works like a tabbed-style control that is viewable by sliding left or right. This lets us put the ticket-based-categories in a single view so users don't have to navigate back-and-forth to see different types of tickets. It also provides context-menu style navigation by holding onto the ticket item, giving an option to view or edit ticket with one tap. Here is a screen shot of pivot control in use to view tickets by categories and device list:

Win7 Phone Screen

Another achievement was made by using the panorama control. The control works like a long page with different relevant sections of similar content. This control was used to show a snap shot of a ticket, and the view displays basic ticket details, updates, attachments and any hardware attached to a ticket. This makes editing a ticket as easy as a tap! This is a screenshot of panorama control in use to view ticket detail:

Win7 Phone Screen

The device list view will help people see the dedicated and virtual devices in a pivot control giving a visual distinction. The list can be searched by tapping on the filter icon at the application bar. The filtering is search-as-you-type style and can be turned off by tapping the icon again. This screenshot shows the device list with a filtering option:

Win7 Phone Screen

To perform further hardware operations like pinging, rebooting and power cycling the server, you can use the hardware detail view as well. The bandwidth view may not be as flashy, but it's a very useful representation of a server's bandwidth information. Charting is not available with this release but will be available in the upcoming releases.

If you own a Windows Phone 7 device, go ahead and download "SoftLayer Mobile" and send us the feedback on what features you would like to see next and most importantly whether you love this app or not. We have and will always strive for excellence, and we know there's always room to improve!


August 25, 2011

The Beauty of IPMI

Nowadays, it would be extremely difficult to find a household that does not store some form of media – whether it be movies, music, photos or documents – on their home computer. Understanding that, I can say with confidence that many of you have been away from home and suddenly had the desire (or need) to access the media for one reason or another.

Because the Internet has made content so much more accessible, it's usually easy to log in remotely to your home PC using something like Remote Desktop, but what if your home computer is not powered on? You hope a family member is at home to turn on the computer when you call, but what if everyone is out of the house? Most people like me in the past would have just given up altogether since there would be no clear and immediate solution. Leaving your computer on all day could work, but what if you're on an extended trip and you don't want to run up your electricity bill? I'd probably start traveling with some portable storage device like a flash drive or portable hard drive to avoid the problem. This inelegant solution requires that I not forget the device, and the storage media would have to be large enough to contain all necessary files (and I'd also have to know ahead of time which ones I might need).

Given these alternatives, I usually found myself hoping for the best with the portable device, and as anticipated, there would still be some occasions where I didn't happen to have the right files with me on that drive. When I started working for SoftLayer, I was introduced to a mind-blowing technology called IPMI, and my digital life has never been the same.

IPMI – Intelligent Platform Management Interface – is a standardized system interface that allows system administrators to manage and monitor a computer. Though this may be more than what the common person needs, I immediately found IPMI to be incredible because it allows a person to remotely power on any computer with that interface. I was ecstatic to realize that for my next computer build, I could pick a motherboard that has this feature to achieve total control over my home computer for whatever I needed. IPMI may be standard for all servers at SoftLayer, but that doesn't mean it's not a luxury feature.

If you've ever had the need to power on your computers and/or access the computer's BIOS remotely, I highly suggest you look into IPMI. As I learned more and more about the IPMI technology, I've seen how it can be a critical feature for business purposes, so the fact that it's a standard at SoftLayer would suggest that we've got our eye out for state-of-the art technologies that make life easier for our customers.

Now I don't have to remember where I put that flash drive!


June 21, 2011

Ghostin' the Machine - SoftLayer Customer Portal

The hosting business is a really great place to be these days. It may morph rapidly, but some things ring consistently clear. The dedicated server is one of those things. In the brief 10 years or so of my Internet hosting career, the way dedicated servers are delivered to customers and the way they are managed has gone from prop-jet to auto-pilot.

I got started in the dedicated hosting business under Lance Crosby (our current CEO) in October of 2003. At that time we had less than 100 employees, and it may have been less than 50. "Auto-provisioning" consisted of Lance offering pizza and cash bonuses for each white-box PC that we'd 'ghost' with a boot floppy using a networked imaging server (in between our support tasks of answering calls and responding to tickets). We used a popular product made by Norton* in those days to deliver servers as quickly as possible to feed what seemed like an endless demand. As time has gone by, our systems have vastly improved, and true automation is the rule now; Manual intervention, the exception.

Today, SoftLayer has 600+ employees, 80,000+ dedicated servers, 26,000+ customers and is on the verge of launching our international presence. One of the biggest reasons SoftLayer has been so successful is because we offer customers maximum control.

When you need online computing power these days, you have hundreds of choices. Most of your options are still centered on the general idea of the dedicated server, but there are variations depending on what needs are being targeted. Physical dedicated servers are now complimented by Cloud Compute Instances and Virtualized Instances to provide a more flexible platform to tailor to specific use cases. Some providers do better than others at integrating those platforms, and when we began incoporating cloud and dedicated in an integrated environment, our goal was to enable customers to control all aspects of their environment via a single 'pane of glass,' our customer portal.

If you've heard us talk about the features and functionality in the customer portal but have never seen how easy it is to actually navigate the interface, today's your lucky day:

In a nutshell, you get the kind of server control that used to require driving down to the data center, popping on your parka and performing some troubleshooting in the freezing cold cage. You may have been troubleshooting hardware cooling, wiring or other hardware issues, and you'd usually need direct console access to all the different types of servers and devices loaded on your rack.

Thankfully, those days are gone.

Now you can order a dedicated server and have it online in 2-4 hours (or a Cloud Computing Instance which can be online in 15 minutes). You can configure their private network so that they can talk to each other seamlessly; you can add firewalls, load balancing, backup services, monitoring instantly. For maintenance issues, you have the convenience of BIOS-level access via the standard KVM over IP card included in every server so you can see low-level hardware indicators like fan speeds and core temperatures and perform soft IPMI reboots. Firmware upgrades for your hard drive, motherboard, or RAID card that once required the ever-hated floppy disk can now be done with a few button clicks, and speaking of RAID cards, our systems will report back on any change to an ideal status for your disk subsystem. If that weren't enough, you've got monitoring alerts and bandwidth graphs to give you plenty of easy to reference eye-candy.

No more messy wiring, no more beeping UPS units, no more driving, no more parkas.


*As a rather humorous aside: My former manager, Tim, got a call one night from one of the newer NOC staff. He was a systems guy, many of the internal systems were under his SysAdmin wing. He was awakened by a tech with broken English who informed him that his name was on the escalation procedures to be called whenever this server went down:

Tim: (groggily) "What is the server name?"
Tech: "G - Host - Me"
Tim: "Huh? Why did you wake me up? ... Why don't you call that hosting company? ... I don't think that's one of my boxes!"
Tech: "No, no sir, so sorry, but your name is on the escalation. Server Label is 'G' ... um 'HOSTME.'"
Tim: "Whaa? — Wait, do you mean Ghost Me?" (GHOSTME was the actual hostname for the Norton imaging server that we used for a while as our 'provisioning' platform)

Laughter ensued and this story was told many times over beers at the High Tech pub.

April 21, 2011

Standing Cloud: Tech Partner Spotlight

This is a guest blog from Dave Jilk of Standing Cloud, a SoftLayer Tech Marketplace Partner specializing in automating cloud application deployment and streamlining management.

Standing Cloud's Application Layer for the SoftLayer Cloud

When we first came across the SoftLayer Cloud, we were impressed by the breadth of what it allowed the user to do through a web browser. Beyond the basic infrastructure capabilities of provisioning servers and storage (that you can find from other providers), the SoftLayer console and API allow full access to the networking, security, and server console capabilities of the system. It's as though you can take over the mind of a network administrator and have him or her do your bidding.

A host of networking features that come with the offering with the offering were especially exciting to us (see the end of this post for details). Now, when I say "us," I mean our Founding System Architect, Joel Wampler. Joel breathes network protocols, eats open source technology stacks for most of his meals and speaks in Linux command line. I, in contrast, wouldn't have the first idea how to make good use of those network features, but his amazement was enough to be contagious. I'm a software developer by trade, not a systems or network architect, and increasingly I'm mostly a business user ... And as I've transitioned to more of a business-centric focus, I've become the target demographic for Standing Cloud. The distinction between business users in a technical company and technical users in a business are why the Standing Cloud service is so powerful on the SoftLayer Cloud.

For business users and application developers, what we call the "dark cloud" (IaaS without an application layer) is not very useful and relatively intimidating. Business users primarily want SaaS - the ability to use applications without any consideration of the mechanics. Developers want APaaS or PaaS - the ability to customize existing applications or build them from scratch, without any (or much) consideration of the underlying technology stack or infrastructure.

Standing Cloud delivers all of this, the way it ought to be, on the SoftLayer Cloud. An end user can deploy a pre-packaged application in minutes with just a few clicks. We incorporate best practices so you take advantage of all the Standing Cloud and SoftLayer capabilities without having to know about them. As a developer, you can deploy one of these applications and then customize the code without having to think about system security configuration, memory parameters or other system administration issues. Just sync with your repository on Github or Subversion and the code will be uploaded and ready to run.

These "startup" benefits are just the beginning, though. Standing Cloud makes it easy to "move" your application - to a different server if you need more (or less) capacity, to a shared server if you are a solution provider and want to reduce the cost to your clients, or to a "test drive" if you want to experiment with an upgrade or code changes but don't want to affect the production deployment. We monitor the application and its status 24x7, and you receive notifications if it is down or performing slowly - and optionally, we can automatically revive it on a new server if the situation warrants.

If you want to open the hood, you can. Because of the way Standing Cloud deploys and manages applications, an adventurous end-user can easily access the application code and the PaaS layer. And a developer who has a special need can dive into the infrastructure layer through our browser based terminal window. Unlike most SaaS and PaaS systems, Standing Cloud keeps these details out of your hair but does not prevent you from accessing and changing them.

If you are just getting started with the SoftLayer Cloud, and you are not a system administrator, I highly recommend that you explore the Standing Cloud Application Network. Instead of being faced with the "dark cloud," you'll have more than 80 application choices (and we take requests if your favorites aren't included yet!). For developers, we offer language support for Java, Ruby, PHP, and Python.

If you are a system administrator and an existing SoftLayer customer, you may want to consider Standing Cloud as a time saver. There are so many powerful (and challenging!) capabilities to manage on SoftLayer for your complex, mission critical applications. Is deploying and locking down a server running Drupal or SugarCRM the best use of your time?

Finally, we would love to hear from you. Send an email to, and tell us what you need, how you want to use the cloud, and what we could do better. Our users drive our product evolution, so please tell us what you think!

And for those of you who are curious about the network features I mentioned Joel salivating over at the start of the post, here are a few highlights:

  • Up to Gigabit speeds both internally and to the Internet
  • Private IP blocks are assigned as a VLAN so that other customers cannot access them
  • IPv6 capable
  • Free inbound bandwidth, and 1000GB of outbound bandwidth included
  • Ability to share an IP address across multiple machines (excellent for high availability solutions)

-Dave Jilk, Standing Cloud

This guest blog series highlights companies in SoftLayer's Technology Partners Marketplace.
These Partners have built their businesses on the SoftLayer Platform, and we're excited for them to tell their stories. New Partners will be added to the Marketplace each month, so stay tuned for many more come.
April 20, 2011

3 Bars | 3 Questions: SoftLayer Managed Hosting

I know you expected to see a video interview with Paul Ford the next time a 3 Bars | 3 Questions episode rolled across your desk, but I snuck past him for a chance in the spotlight this week. Kevin and I jumped on a quick video chat to talk about the Sales Engineering team, and because of our recent release of SoftLayer Managed Hosting, two of the three questions ended up being about that news:

You should be seeing a blog from Nathan in the next half hour or so with more detail about how we approached managed hosting, so you'll have all the background you need to springboard into that post after you watch this video.

If you've heard everything you need to hear about managed hosting and want to start the process of adding it to servers on your account, visit or chat with a sales rep, and they can help you get squared away. If you're not sure whether it's a good fit, ask for a sales engineer to consult ... They're a great group with a pretty awesome manager. :-)

Paul, sorry for stealing your spot in the 3 Bars | 3 Questions rotation! I'm handing the baton back over to you to talk about TechWildcatters and the Technology Partners Marketplace in the next episode.


February 15, 2011

Five Ways to Use Your VPN

One of the many perks of being a SoftLayer customer is having access to your own private network. Perhaps you started out with a server in Dallas, later expanded to Seattle, and are now considering a new box in Washington, D.C. for complete geographic diversity. No matter the distance or how many servers you have, the private network bridges the gaps between you, your servers, and SoftLayer's internal services by bringing all of these components together into a secure, integrated environment that can be accessed as conveniently as if you were sitting right in the data center.

As if our cutting-edge management portal and API weren't enough, SoftLayer offers complimentary VPN access to the private network. This often-underestimated feature allows you to integrate your SoftLayer private network into your personal or corporate LAN, making it possible to access your servers with the same security and flexibility that a local network can offer.

Let's look at a few of the many ways you can take advantage of your VPN connection:

1. Unmetered Bandwidth

Unlike the public network that connects your servers to the outside world, the traffic on your private network is unlimited. This allows you to transfer as much data as you wish from one server to another, as well as between your servers and SoftLayer's backup and network storage devices – all for free.

When you use the VPN service to tap into the private network from your home or office, you can download and upload as much data as you want without having to worry about incurring additional charges.

2. Secure Data Transfer

Because your VPN connection is encrypted, all traffic between you and your private network is automatically secure — even when transferring data over unencrypted protocols like FTP.

3. Protect Sensitive Services

Even with strong passwords, leaving your databases and remote access services exposed to the outside world is asking for trouble. With SoftLayer, you don't have to take these risks. Simply configure sensitive services to only listen for connections from your private network, and use your secure VPN to access them.

If you run Linux or BSD, securing your SSH daemon is as easy as adding the line ListenAddress a.b.c.d to your /etc/ssh/sshd_config file (replace a.b.c.d with the IP address assigned to your private network interface)

4. Lock Down Your Server in Case of Emergency

In the unfortunate event of a security breach or major software bug, SoftLayer allows you to virtually "pull the plug" on your server, effectively cutting off all communication with the outside world.

The difference with the competition? Because you have a private network, you can still access your server over the VPN to work on the problem – all with the peace of mind that your server is completely off-limits until you're ready to bring it back online.

5. Remote Management

SoftLayer's dedicated servers sport a neat IP management interface (IPMI) which takes remote management to a whole new level. From reboots to power supply control to serial console and keyboard-video-mouse (KVM) access, you can do anything yourself.

Using tools like SuperMicro's IPMIView, you can connect to your server's management interface over the VPN to perform a multitude of low-level management tasks, even when your server is otherwise unreachable. Has your server shut itself off? You can power it back on. Frozen system? Reboot from anywhere in the world. Major crash? Feeling adventurous? Mount a CD-ROM image and use the KVM interface to install a new operating system yourself.

This list is just the beginning. Once you've gotten a taste of the infinite possibilities that come with having out-of-band access to your hosted environment, you'll never want to go back.

Now, go have some fun!


Subscribe to management