I've been looking at the new VPS offerings from ServInt.

Can anyone who has one comment on the standard install? Does it come pretty secured? Do they take special setup requests?

Also, anyone run into any trouble installing things like firewalls, ids, etc.? Does the Virtuozzo environment impact installation of any of those or is it pretty much the same as a dedicated box regarding what you can install?

TIA.

Its pretty much exactly the same as your own dedicated box.

I dont think there are any restrictions as such - you should be able to install anything.

There are restrictions because you are not in fact accessing physical devices, but are accessing virtual vz-provided devices. I can definitely see that some software may be failing because of that - so you better check with servint if you have some specific / proprietary requirements. Usual web hosting soft works just fine.

Firewalls don't work (iptables based ones)
MRTG won't work
Can't control your Kernel need to use the shared one.

So yea its a little restrictive.

Also don't forget that you can't recompile the kernel. The kernel isn't a standard RH kernel though, I believe SW Soft have tuned/secured/done other stuff to it.

Seems it dosn't support quota's.
Totally destorying the plans we had...

Aren't ServInt using Virtuozzo 2.5? It is supposed to support quotas.

Originally posted by SpiritAu
Firewalls don't work (iptables based ones)
MRTG won't work


We have customers that install both of them, so both are no problem.


Can't control your Kernel need to use the shared one.


True.

Originally posted by FHDave
We have customers that install both of them, so both are no problem.
Are they using APF for their firewall? If so what configuration are they using?

A couple of things...

iptables does work, take a loot at /proc/user_beancounters and see if your "numiptent" has any available slots (or iptentries for Virtuozzo < 2.5). If this is Virtuozzo 2.5, the last column will display any attempts to use resources that are unavailable.

quotas work as well if this is Virtuozzo 2.5, but they have to be enabled by the provider when creating the VDS.

A few things you should be aware of, just in case it becomes bothersome. Some file system related system calls do not work as expected. Specifically sendfile(). Also, chattr and lsattr are not implemented in the Virtuozzo File System, so anything using these tools will spit out a warning.

Lastly, if you need specialized kernel features then you aren't really a VDS candidate. The Virutozzo kernel is hardened and implemented with the virtualization tools.

Generally speaking, Virtuozzo does do everything you'd ever need in a virtual server, but their virtualized interfaces do lag a bit behind.

To keep your VDS updated with the latest packages, I recommend taking a look at apt for RedHat at http://apt.freshmeat.net. It's an excellent alternative to up2date and requires no registration.

I am using the standard redhat VDS at Servint.

APF will not run.... if someone has made it work I would be interested in learning how you did it, what changes did you make.

You are allowed max 50 rules for iptables. You have to use address based rules instead of interface based rules.

As an example:

venet0 - 127.0.0.1
venet0:1 - IP number 1
venet0:2 - IP number 2
venet0:3 - IP number 3
venet0:4 - IP number 4

Also, it (was) using very old rpms - early rh7.3 stuff - I updated everything to current rh releases. up2date/webmin are not installed, you have to install them. The kernel that they use is highly customized for the vds environment - could be a good thing or a bad thing.

quotas are not enabled on my vds, you have one mount point (/) and everything is under that.

When I run:

service apf start

I am getting this error:

Starting APF:Unable to load iptables module (ip_tables), aborting.

Any help would be appreciated...

Kind Regards,
Will

Thanks for all of the info. everyone.

Interesting that someone commented that the VPS comes with some older things installed. I had thought that it was a managed VPS and would have expected it to come pretty up-to-date. Anyone from ServInt who might be reading this board care to comment?

Regarding the firewall, there were several folks who mentioned that they or their clients had successfully installed one. For those who have, which one was used (anything other than the iptables mentioned)?

Originally posted by DigiMan
Thanks for all of the info. everyone.

Interesting that someone commented that the VPS comes with some older things installed. I had thought that it was a managed VPS and would have expected it to come pretty up-to-date. Anyone from ServInt who might be reading this board care to comment?

Regarding the firewall, there were several folks who mentioned that they or their clients had successfully installed one. For those who have, which one was used (anything other than the iptables mentioned)?

Virtuozzo 2.5.1 just came out recently, and we're in the process of updating our servers. This should update the versions referenced as "old" in related posts. Because we aren't willing to reboot any of these servers in an effort to minimize downtime and want to ensure everything is properly tested, what we're doing is bringing up new clean servers, installing 2.5.1 on them, then migrating the VPS accounts from old servers to updated ones. All VPS server upgrades should be complete within the next week.

I am running MRTG currently , albeit grabbing data from other devices.

BobFarmer:

Thanks for the info. Does that mean that the security patch/managed references on the VPS page only refer to Virtuozzo releases?

For example, if RedHat were to release a critical update would it be installed on release (assuming of course that the individual VPS owners could choose how they want ServInt to handle their updates)?

Thanks.

@BoBFarmer

What is with the quota support?

SpiritAu

Seems it dosn't support quota's.
Totally destorying the plans we had...


DizixCom

quotas work as well if this is Virtuozzo 2.5, but they have to be enabled by the provider when creating the VDS.

DigiMan, updates are not installed for you unless you request them individually, you might as well type up2date -u yourself or setup a daily cronjob.

And for the kernel, last time there was a RH advisory it was on the 1st and on the third we got a new kernel, but I have no idea if this was related to the problem.