freistilbox Blog

Newer articles « Page 11 of 17 » Older articles

Dropped SSLv3 support, moving to SHA256 certificates

On October 14th, the so-called POODLE vulnerability in SSLv3 was published. We remediated this security issue by disabling SSLv3 throughout the freistilbox infrastructure.

To further reduce risks, we’re deprecating SSL certificates using the SHA1 signature algorithm. After thorough review, we have concluded that this change should not affect the majority of freistilbox customers. As you can see on the Digicert Compatibility Chart, all recent web browsers already support the newer SHA256 standard.

If you’d like to check if the SSL certificate for your website still uses the weaker SHA1 algorithm, we recommend using the Qualys SSL server test. The test result should look similar to this:

ssltest

If your certificate still uses SHA1, simply send us a support request and we’ll take care of getting it reissued for you.

Thank you for your trust and continued business,
—your freistilbox Team

Happy holidays! (with limited support)

The end of the year is approaching quickly and as always, we’re going to take it as an opportunity to recharge our batteries. This means that from 24 December 2014 to 4 January 2015 , we’ll provide emergency support only.

Of course, should incidents occur that impact the operation of your production websites, our 24/7 on-call will take care of them.

If you need some last-minute engineering support for anything else (launching the new reindeerrental.com, adding SSH access for additional elfs etc.), we recommend you send us your wishes as early as possible! Like Santa, we’ll handle each of your requests to our best ability, but we’ll close our workshop on Christmas Eve. (We’ll be back in far less than a year, though.)

From the whole freistil IT team, thank you for an awesome 2014, have a happy Christmas and a great start into the new year!

Happy Christmas!

Enterprise hosting from the start

You may be wondering why we don’t have an Enterprise column in our pricing table. It looks like everyone has such an offer, after all.

The reason is: With freistilbox, we decided to not make Enterprise-grade hosting the highest(-paid) tier of our product. Instead, we’ve built the whole platform with Enterprise quality, from the smallest configuration upwards.

With other vendors, you get much less powerful Drupal and WordPress hosting if you choose one of their lower tiers:

  • no distributed hosting architecture where every service runs on its own redundant and diligently configured server infrastructure,
  • no SSL offloading,
  • no storage network with multiple file copies,
  • no SSD-based database clusters,
  • etc. etc.

In other words, you don’t get much more than a managed VPS. If your website needs real performance and availability, your only option is their offering with that impressive Enterprise label (and price tag).

With freistilbox, things are different — and simpler! The only decision you have to make is what capacity you’d like to start with. It doesn’t matter if you choose a single freistilbox S or a 4xM power cluster; you’ll always get the full benefits of our hosting platform. Regardless of its size, every customer setup is based on the same high performance hosting architecture with SSL offloading, load balancing, redundancy and bare-metal performance.

freistilbox is Enterprise hosting from the start.

Let us take care of... security updates.

freistilbox is a fully managed hosting platform. That means that we do everything that’s necessary to run a reliable hosting service.

Last week, a new software security threat with a catching name raised its ugly head: Shellshock is a security flaw in the widely used command-line shell “bash”. This security flaw can be exploited to issue an arbitrary command to a server to be executed. Troy Hunt has the technical details.

After this security weakness became widely known on Wednesday and security fixes were made available soon after, we immediately tested and installed them. Since then, we got two follow-up bash updates with additional fixes that we rolled out in the same swift fashion.

If you prefer to sleep peacefully, knowing that we take care of hosting security, why don’t you check out all the other advantages of freistilbox?

Incident review: Datacenter outage on 2014-08-03

On Sunday, 2014-08-03, freistilbox operation was severely disrupted due to a power failure at a datacenter.

We apologise for this outage. We take reliability seriously and an interruption of this magnitude as well as the impact it causes to our customers is unacceptable.

What happened

On Sunday, 2014-08-03, at 12:34 UTC, our on-call engineer was alerted by the monitoring system that a number of servers suddently went offline, and the list was quite long. This indicated a network outage, and we posted a short notice to our status page. We then immediately contacted datacenter support. While we didn’t get a direct answer first, the datacenter posted a first public status update at 12:54, explaining that server room RZ19 suffered an outage.

Since one of our server racks is located in this server room, the impact of this outage was severe. The affected rack hosts all kinds of servers including database and file storage nodes. Without these services, even application servers outside of RZ19 weren’t able to deliver content any more.

Since we run the nodes of our database clusters in different server rooms, we executed a failover procedure to the standby nodes of the affected databases. This restored operation for a part of our hosting infrastructure.

At about 13:00, our servers started to come back online. When we checked their uptime, we realised that they must have just had started up, so we suspected a power outage. This was confirmed when the datacenter announced that RZ19 had suffered a “brownout” that caused its servers to reboot. Later, the ISP added that a whole datacenter location suffered a power outage. The UPS systems of all server rooms had been able to compensate until the power generators had started up – with the exception of RZ19.

At about 14:00, most of our servers were running smoothly again. A few of our database servers had suffered data corruption and since we had already switched to their standby nodes, we decided to repair them later. At that time, it was more urgent to replace application boxes that still had not come back. Some of our customers choose to run single-node freistilbox clusters and the websites running on these boxes were still down. We launched new boxes on servers with spare capacity and at about 15:00, our infrastructure was fully functional again.

What we’re doing about it

Since we don’t run our own datacenters, we depend on our hosting partners when it comes to hardware infrastructure (servers, network, power, cooling etc.). We can’t prevent power outages, only trust that our infrastructure providers take all the necessary measures to prevent them.

What we can do ourselves is build our hosting architecture as resilient as possible in order to minimise the impact of a power outage. We have already built in a lot of redundancy into freistilbox. This enabled us, for example, to quickly switch to non-affected database servers as we did at the beginning of this incident. We have identified a few points, though, where an outage can cause bigger parts of our infrastructure to fail.

The most critical one of these points is our current storage technology. While it comes with data replication features (of which we make use, of course), it is hard to distribute data over server rooms or even distant datacenters without running into network latency issues. That’s why we’re currently testing alternative solutions that don’t have this weakness. As a beta test, we’re already running our own company freistilbox cluster (the one that’s hosting this website) on one of these alternatives. This means we’ll be able to further improve our storage resiliency very soon.

Another point is the private cloud infrastructure on which we run the application boxes of our customers’ freistilbox clusters. By adding more system automation, we’re going to minimise the time it takes us to spin up replacement boxes when that becomes necessary, for example and especially during an outage.

Again, we sincerely apologise to all our customers affected by this outage and thank them for their continued trust.

Newer articles « Page 11 of 17 » Older articles