My data is an asset. Let’s share the best practices to protect your data. If you feel that security is a constraint, it’s time to think again! In this blog post, I will share with you 5 simple rules that can be easily implemented to secure your back-ups without headache thanks to the “Objects Storage Standard-S3 API” …
The good old time Many years ago I was a SysAdmin. Do you remember this old job? Let me remind you of a few recurring scenarios: Sure, it was a bit more complicated than a few command lines, but I think you know what I mean. Oh, and does this one sound familiar to many …
Today in the monitoring world, we see the rise of the Prometheus tool. It’s a great tool to deploy in your infrastructure, as it allows you to scrap all of your servers or applications to retrieve, store and analyze the metrics. And all you have to do is to extract and run it, it does …
This article is the follow up to Selfheal at Webhosting – The External Part published on 2020-07-17.Part two below covers the local self-healing system. Introduction With over 15-000 servers dedicated to providing services for 6 million websites and web applications of all sorts, across multiple data-centers and geographical zones, a certain amount of software failures …
Warden: the self-healing framework for local actions Read More »
This is the last article in the series about The Bastion. In the previous parts, we covered the principles of The Bastion, and talked about how delegation was at the core of the system. Then we explained how Security was at the heart of the design principles, in a detailed but hopefully not too-long article. …
In previous parts, we’ve covered the basic principles of the bastion. We then explained how delegation was at the core of the system. This time, we’ll dig into some governing principles of how The Bastion is written. In a nutshell, the main purpose of the bastion is to ensure security, auditability and reliability in all …
In our previous article concerning the CVE-2017-9841 vulnerability, we presented our web application firewall (WAF) implemented with NAXSI. Usually, a WAF is run directly on the web server. At OVHcloud, we chose to run our web application firewall upstream, on a very powerful software layer that is specific to our web hosting infrastructures. These are …
This is the second part of a blog series, here is part one. We’ve previously found that the bastion is not your usual SSH jumphost (in fact, we found it is not a jumphost at all) and we discussed how the delegation was one of the core features we’d originally needed. So, let’s dive into …
The OVHcloud SSH Bastion – Part 2: delegation dizziness Read More »
Introduction With almost 6000000 websites hosted on more than 15000 servers, the OVHcloud Webhosting SRE team manage lots of alerts during their working day. Our infrastructure is constantly growing, but to scale smoothly, the amount of time spent solving alerts should not increase proportionally. We need, therefore, some tools to help us. In our team, we …
Bastion? Are we talking about the indie game? Not this time! (albeit it’s a good game!). At OVHcloud, a fair amount of our infrastructures are built on top of Linux boxes. We have a lot of different flavours; such as Debian, Ubuntu, Red Hat… and the list goes on. We even had good old Gentoos …
