Re: [GLLUG] Server in London
Bitfolk +1 from me. Great customer service also. I help admin a server hosted by bitfolk. James On Fri, 11 Oct 2019, 11:50 Alan Pope via GLLUG, wrote: > Hi Dr Alex, > > On Fri, 11 Oct 2019 at 10:22, Dr. Axel Stammler via GLLUG < > gllug@mailman.lug.org.uk> wrote: > >> Thank you very much for making me aware of all those options. I have >> started looking into several of them, which may obviously take a minute or >> two. OTOH, I feel rather disinclined to work with any but the smallest >> companies as large companies bring their own agenda which is usually quite >> different from mine. >> >> > I don't think I'm maligning them by saying this, but Bitfolk certainly > falls into the "smallest companies" bracket. Also, another +1 from me as a > long-term (~12 years) happy customer. > > >> I have once tried a virtual server, with some extremely pleasant and some >> not so pleasant results. If the GLLUG has a meeting at the beginning of >> next week, it might be best to just have a chat there. >> > > I have had no problems with bitfolk which weren't my own incompetence or a > system wide issue that was resolved and detailed fully by Andy. > > Cheers, > Al. > -- > GLLUG mailing list > GLLUG@mailman.lug.org.uk > https://mailman.lug.org.uk/mailman/listinfo/gllug -- GLLUG mailing list GLLUG@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/gllug
Re: [GLLUG] Server in London
Hi Dr Alex, On Fri, 11 Oct 2019 at 10:22, Dr. Axel Stammler via GLLUG < gllug@mailman.lug.org.uk> wrote: > Thank you very much for making me aware of all those options. I have > started looking into several of them, which may obviously take a minute or > two. OTOH, I feel rather disinclined to work with any but the smallest > companies as large companies bring their own agenda which is usually quite > different from mine. > > I don't think I'm maligning them by saying this, but Bitfolk certainly falls into the "smallest companies" bracket. Also, another +1 from me as a long-term (~12 years) happy customer. > I have once tried a virtual server, with some extremely pleasant and some > not so pleasant results. If the GLLUG has a meeting at the beginning of > next week, it might be best to just have a chat there. > I have had no problems with bitfolk which weren't my own incompetence or a system wide issue that was resolved and detailed fully by Andy. Cheers, Al. -- GLLUG mailing list GLLUG@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/gllug
Re: [GLLUG] Server in London
Thank you very much for making me aware of all those options. I have started looking into several of them, which may obviously take a minute or two. OTOH, I feel rather disinclined to work with any but the smallest companies as large companies bring their own agenda which is usually quite different from mine. I have once tried a virtual server, with some extremely pleasant and some not so pleasant results. If the GLLUG has a meeting at the beginning of next week, it might be best to just have a chat there. Moreover, I have unwisely already set up a tiny box to connect somewhere, so I feel a bit reluctant to give up on it. signature.asc Description: PGP signature -- GLLUG mailing list GLLUG@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/gllug
Re: [GLLUG] Server in London
On Fri, Oct 11, 2019 at 08:54:29AM +, Andy Smith via GLLUG wrote: > Here is an example of doing it with the virtualisation stack called > KVM (not the remote access kind of KVM you mentioned): > > > https://blog.appsecco.com/breaking-full-disk-encryption-from-a-memory-dump-5a868c4fc81e Apologies, that example was with VirtualBox. I just did a quick search; the previous one I read was for KVM and so I thought that was it. The virt stack doesn't really matter though; in all cases the bare metal host can read guest memory. There are some CPU features coming which can encrypt memory though. I am not aware of these being deployed in any public provider yet. Cheers, Andy -- GLLUG mailing list GLLUG@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/gllug
Re: [GLLUG] Server in London
Hi Marco, On Fri, Oct 11, 2019 at 09:46:13AM +0100, Marco van Beek via GLLUG wrote: > On some VM offerings you get a remote KVM, which would allow you to get > "physical" console access, and then you could encrypt the whole OS and use > the KVM to enter the key on reboot. That should prevent anyone in the data > centre from using the disk image without your key. I don't think you read the entirety of the email you replied to, which is possibly not surprising as it was large. The hosting company can read guest memory to obtain the LUKS key. Here is an example of doing it with the virtualisation stack called KVM (not the remote access kind of KVM you mentioned): https://blog.appsecco.com/breaking-full-disk-encryption-from-a-memory-dump-5a868c4fc81e Disk encryption will not stop an attacker who has a dump of both your memory and your block device. It will however exclude most attackers, and even state attackers can be put off by the extra hassle. For example, as I mentioned, the UK security services have asked me for disk snapshots of customers but even me saying I required a court order made them go away in 100% of cases. For them to proceed to ask me for a memory dump as well, so that they could try to sift through it and find the LUKS keys, would presumably require the customer to be of very great interest to them. A bored and unethical hosting company employee may be more willing to expend effort. Either way, it's clearly possible. Cheers, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting -- GLLUG mailing list GLLUG@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/gllug
Re: [GLLUG] Server in London
Hi, On some VM offerings you get a remote KVM, which would allow you to get "physical" console access, and then you could encrypt the whole OS and use the KVM to enter the key on reboot. That should prevent anyone in the data centre from using the disk image without your key. Regards, Marco On 11/10/2019 09:19, Andy Smith via GLLUG wrote: You hint at not wanting to go the virtual server route because of concern for the safety of your data. I think that looking at it this way is a bit of a mistake; the correct response to concern over your data is to have good backups of your data. -- GLLUG mailing list GLLUG@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/gllug
Re: [GLLUG] Server in London
Hi Axel, I run a hosting company that has already been mentioned in this thread, so there may be bias, but I will try to be objective. The main issues with colocation in your situation are: - It's overkill for your needs. You can't easily rent less than 1 rack unit (https://en.wikipedia.org/wiki/Rack_unit) but the amount of compute that you can fit into 1RU is immensely more than what you need based on your comments here. That makes it a waste of money and power. - It leaves you with some hardware whose life cycle you need to manage. That is, it can break, it will become obsolete after less than 10 years, so you've got to replace it or bits of it, which needs human interaction, which is expensive. - Maybe the physical management of pieces of computer hardware at a distance is a new skill you'll need to learn, which possibly won't be that useful for any other area of your life. You say that you need the hardware to be in London, but almost anywhere in Western Europe is only a few ms away from London, and even East coast USA is only 60–70ms (round trip time). I love London, I live in London, I run a hosting company based in London, but London is not necessarily always the best place to host servers in. It's expensive compared to a lot of other places, and Brexit may leave you in a difficult position with regard to the storage of personal data. So, first of all I would never recommend colo for your uses. You are too small a player for it to make sense. You should only do it if you need absolute control over the specification and ownership of the hardware, and possibly if you have some security objections to the other options. Renting the hardware from the hosting company will be a lot cheaper, gets around several of the issues above, and may be viable for what you want. This is called a "dedicated server". You could rent one in Germany from the likes of Hetzner, and that would be astoundingly cheap, and I expect it would work fine for you from anywhere in Western Europe. Hetzner has a bit of a spam problem so if you intend to send email to third parties then you may wish to rethink that one due to aggressive blocking. It may be tempting to go even cheaper and rent from the likes of OVH (probably have a location in London, certainly multiple in Europe). Unfortunately OVH have a huge spam problem that they don't appear to be bothered about, so this is anti-recommendation for OVH for any purpose, for this reason. If you don't care that they deliberately choose to not tackle their spammer problem, and you yourself don't need to send email, they will probably work out just fine for you. I know that Mythic Beasts is a good quality hosting company based in Cambridge but hosting out of London for a good while now. They'll sell you colo or dedicated servers or virtual servers but it won't be bargain basement. Virtual servers could be just what you need. You get full control of your OS, but you're sharing hardware and the hardware is someone else's problem. Good London-based virtual server providers include Mythic Beasts and Portfast. I'd have previously included Bytemark, but they were recently sold to iomart group. I have no personal experience of any of those, that's just what I've heard from others. Linode is a really big name in virtual servers and they have a datacentre in London. If they do what you want then they are a decent offering, but you will be one customer amongst millions so the customer service can sometimes be lacking. That is from personal experience as despite them being a competitor to me, I do use Linode for some out-of-UK things. Digital Ocean is also a big name in virtual servers and likewise have a London datacentre, I also have to give an anti-recommendation here though, as they too have a huge spammer problem that they have no interest in resolving. You hint at not wanting to go the virtual server route because of concern for the safety of your data. I think that looking at it this way is a bit of a mistake; the correct response to concern over your data is to have good backups of your data. If your data is on a physical machine that you own, it can still be stolen or destroyed. You can make an error, your software can make an error, the hosting company can make an error, it can all go up in flames. The hosting company can go bankrupt and leave you with no easy physical access to your property. That would get resolved eventually, but that would be small comfort in the intervening time. No, even with colo, you need good off-site backups. Treat that as an absolute requirement and then it influences your other choices. As far as security goes, there are some weaknesses with dedicated servers and with virtual servers. With dedicated servers, since it's not your hardware you don't know if it has some malicious gadget attached to it that allows someone to snoop on your data. Of course, technically you don't know if the hardware you buy off the shelf has that
Re: [GLLUG] Server in London
Hello, James, the data is private. The server should only be accessible to me via VPN and SSH. There should be no public access. The internet connection should be provided via ethernet cable; there should be no wireless capability. My core data (authored by myself) is in databases and text files and less than 100 GB. Then there are copyrighted text and media files which I use perfectly legally but which I have no right (and no wish) to make available to anyone else. All in all I'll use an SSD of about 500 GB for the Debian system and the data. Just to make sure: The server will contain no adult or violent material and obviously no illegal material. The data will be kept up to date using downloads or synchronisation (rsync, unison) about once a day. The times could be open to negotiation. Any other data transfers would be quite small. I plan to use a slow CPU and no HDD (only SSD) so I can do without any mechanical parts like HDDs and fans. Kind regards Axel On Thu 2019-10-10 22.14.36, James Courtier-Dutton wrote: > What size is the data/database/files you wish store online ? > Some idea as to how busy it might be? > If I understand it correctly, you have some data that you wish to > access when not at home. > Your home internet is slow and un-reliable, so you would like to put > is somewhere that has more reliable internet links. > Is the data private or public for everyone to view? signature.asc Description: PGP signature -- GLLUG mailing list GLLUG@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/gllug
Re: [GLLUG] Server in London
On Thu, 10 Oct 2019 at 20:59, Dr. Axel Stammler via GLLUG wrote: > > Hello, David, > > Thanks for your quick reply. My internet connection is slow and unreliable, > and my power supply has (on rare occasions) failed, too. Part of the server > would be devoted to database replication. I don't want to work with any cloud > systems offered by big companies. > > And, in a pinch I could ask for the server to be handed to me. > > Regards > > Axel > What size is the data/database/files you wish store online ? Some idea as to how busy it might be? If I understand it correctly, you have some data that you wish to access when not at home. Your home internet is slow and un-reliable, so you would like to put is somewhere that has more reliable internet links. Is the data private or public for everyone to view? Kind Regards James -- GLLUG mailing list GLLUG@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/gllug
Re: [GLLUG] Server in London
Hello, David, Thanks for your quick reply. My internet connection is slow and unreliable, and my power supply has (on rare occasions) failed, too. Part of the server would be devoted to database replication. I don't want to work with any cloud systems offered by big companies. And, in a pinch I could ask for the server to be handed to me. Regards Axel On Thu 2019-10-10 20.48.15, Dawid Olesinski via GLLUG wrote: >Sorry but obvious question is why do you care about physical location of >your server if you won't require physical access to it? signature.asc Description: PGP signature -- GLLUG mailing list GLLUG@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/gllug
Re: [GLLUG] Server in London
On 10/10/2019 20:43, Axel Stammler via GLLUG wrote: [snip] I come to London regularly and would like to set up a small file and database server locally so that I can have access to all data reliably and with backups. [snip] And to add to Dawid's question - why does it need to be a physical server? Without knowing more about what you're trying to achieve it's hard to make a recommendation, but have you looked at something like Bitfolk? https://bitfolk.com/ or just leave your server at home and connect to it from London. John -- Xronos Scheduler - https://xronos.uk/ All your school's schedule information in one place. Timetable, activities, homework, public events - the lot Live demo at https://schedulerdemo.xronos.uk/ -- GLLUG mailing list GLLUG@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/gllug
Re: [GLLUG] Server in London
Hello Axel, Sorry but obvious question is why do you care about physical location of your server if you won't require physical access to it? Regards David On Thu, 10 Oct 2019, 20:43 Axel Stammler via GLLUG, < gllug@mailman.lug.org.uk> wrote: > Hi, > > I would like to ask for advice, and I am writing here because I only use > Debian Linux. My question concerns a purely personal matter and has no > business component. > > I come to London regularly and would like to set up a small file and > database server locally so that I can have access to all data reliably and > with backups. > > Obviously I could rent office space but that would be extremely expensive > and I do not really need it. All I need is a tiny space on a shelf (which I > do not even have to have access to) for a small PC (without keyboard and > display) and a stable internet connection and power supply. > > The computer would not offer a public website, I would access it via VPN > and SSH. > > How can I find a reasonably priced offer? Any advice would be much > appreciated. > > Cheers, > > Axel-- > GLLUG mailing list > GLLUG@mailman.lug.org.uk > https://mailman.lug.org.uk/mailman/listinfo/gllug -- GLLUG mailing list GLLUG@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/gllug