Monthly Archives: November 2013

Planned maintenance Sunday 1st Dec 2AM – 4AM GMT

On Sunday December 1st, between 2AM – 4AM GMT, we will be performing essential OS updates on all of our VPS servers. During this window your VPS will be unavailable for up to 20 mins while the host server is rebooted. Before rebooting we will be sending each VPS an ACPI Shutdown signal. If you have configured your VPS to respond to this, it will start it’s shutdown procedure, and shutdown cleanly. If you would like help configuring your VPS to respond to this, please raise a support ticket and we will be happy to help.

We’d like to apologies in advance for any inconvenience caused by this essential work.

Update 3:22AM Sunday December 1st – Unfortunately we have had to back out of the the updates we had planned due to an unforeseen issue that arose while performing the update on the first server.

Update 3:07AM Monday December 2nd – We have postponed the planned updates again (see below).  Our sincere apologies for changing our plans yet again, but we are not ready yet, and we want to make sure the updates proceed as smoothly as possible, rather than risk service instability. Additionally, we have updated this post with an increased downtime period of 20 mins, instead of the previously advised 10 mins.

We are rescheduling the updates to take place tomorrow, on Tuesday December 3rd between 2AM – 4AM GMT.  Please note downtime to each VPS will be up to 20 mins.

Update 4:33AM Tuesday December 3rd – The above work has been completed successfully. All VPS have started. If you are experiencing any issues please raise a support ticket.

Virtual Hardware Random Number Generator

A common problem with virtualised operating systems is lack of entropy.  The Wikipedia entropy page defines it very well as “the randomness collected by an operating system or application for use in cryptography or other uses that require random data”. Virtual machines often lack entropy due to the lack of real hardware sources in a virtualised environment for the OS to use to create entropy.

Add to this the fact that headless physical servers which virtual machines run on often also don’t have much entropy themselves, because of the lack of keyboard and mouse input, and you have a problem.  The problem is that low entropy causes encryption operations on your VPS to become less secure and much slower.

However, if you have a VPS with us at Manchester VPS, unlike with many other VPS providers, your VPS does not have to suffer from these problems.

Firstly, on all our physical servers we use the HAVEGE algorithm to pool entropy, by running the haveged entropy daemon. As a result, our physical servers have plenty of entropy available.

Secondly, as we use KVM as our virtualisation platform, we can make available this entropy pool to your VPS as a virtualised Hardware Random Number Generator device, using VirtIORNG.

What this boils down to is, for your Linux VPS, you only have to take the following two steps:

  1. Log into our VPS Control Panel, and go into the “General Settings” page. On this page you will see an option to enable VirtIORNG for your VPS, if it is not enabled already.
  2. In your Linux VPS run the rngd daemon like this: rngd -r /dev/hwrng

That’s it, with these 2 steps you should find that your VPS can now enjoy a good entropy pool.  Cryptographic tasks will now complete much faster and encryption software running on your VPS will be much more secure.

To verify whether your VPS has the virtual rng present, run the following command in a terminal in your Linux VPS:

[code language=”bash” padlinenumbers=”true”]
cat /sys/devices/virtual/misc/hw_random/rng_available
[/code]

which should show “virtio” as being available

and

[code language=”bash” padlinenumbers=”true”]
cat /sys/devices/virtual/misc/hw_random/rng_current
[/code]

should also show “virtio” as the currently selected hardware rng.

Additionally, you can check that the file /dev/hwrng exists, which is the hardware rng device file.

So how will your VPS benefit from the increased entropy pool? If you run anything that uses encryption, it will benefit. If you run an SSL website, a VPN such as OpenVPN, or have a lot of SSH sessions connecting, these are all examples of software that will benefit.

If you have any difficulty getting this to work for your VPS, don’t hesitate to raise a support ticket and we will be happy to help.

Centos 6.5 coming soon

With RedHat about to release Enterprise Linux 6.5, the Centos team have started building Centos 6.5 today (see this forum post).  Judging by recent Centos releases, we’ll be likely to see them releasing 6.5 in a few days or so. As soon as they do we’ll be grabbing the ISOs and adding them to our libraries so that customers can upgrade or install using an ISO.

By the way, if you have a RedHat Enterprise Linux subscription, you can install it onto a VPS if you provide us with the ISOs. Please raise a ticket if you would like to do so.

openSUSE 13.1 ISOs added

The long awaited and much anticipated release of openSUSE 13.1 took place on Tuesday, so we have added the amd64 and i586 installable ISOs, plus Net install and Rescue ISOs, to our collection so that new installs can take advantage of the latest release.

For more information about this release, have a look at the release announcement here, which has many details about what is in this important release.