Category Archives: Service Features

Improvements to data storage resilience

We’re pleased to announce that we’ve recently completed moving all VPS data to a new storage subsystem that mirrors all data across more than one physical server.

Prior to this, VPS data was stored on the RAID card attached to the physical server the VPS was running on. Although this provided good data safety by mirroring across multiple drives, the RAID card itself was a single point of failure.

The new storage subsystem eliminates this single points of failure.  Even if we were to suffer the complete failure of all disks attached to a physical machine and/or the complete failure of a raid card, including the situation where a raid card might inflict data corruption to all disks attached to it, this will not affect the VPS disk data on that machine. Additionally, providing that the physical server OS continues running, all VPS’ would be able to continue running without interruption in the face of such a disaster, due to the surviving network mirror on another physical machine.

Another storage related improvement we are planning to introduce over the coming months is the ability for customers to take snapshot backups of their VPS storage data, which will be stored elsewhere on our network. This would allow customers to restore their VPS disk data to a previous “known good” point in time e.g. if their VPS OS becomes unbootable, or is compromised by malicious activity/trojan/virus. We will announce on this blog as soon as we have rolled out this feature.

Virtual Hardware Random Number Generator

A common problem with virtualised operating systems is lack of entropy.  The Wikipedia entropy page defines it very well as “the randomness collected by an operating system or application for use in cryptography or other uses that require random data”. Virtual machines often lack entropy due to the lack of real hardware sources in a virtualised environment for the OS to use to create entropy.

Add to this the fact that headless physical servers which virtual machines run on often also don’t have much entropy themselves, because of the lack of keyboard and mouse input, and you have a problem.  The problem is that low entropy causes encryption operations on your VPS to become less secure and much slower.

However, if you have a VPS with us at Manchester VPS, unlike with many other VPS providers, your VPS does not have to suffer from these problems.

Firstly, on all our physical servers we use the HAVEGE algorithm to pool entropy, by running the haveged entropy daemon. As a result, our physical servers have plenty of entropy available.

Secondly, as we use KVM as our virtualisation platform, we can make available this entropy pool to your VPS as a virtualised Hardware Random Number Generator device, using VirtIORNG.

What this boils down to is, for your Linux VPS, you only have to take the following two steps:

  1. Log into our VPS Control Panel, and go into the “General Settings” page. On this page you will see an option to enable VirtIORNG for your VPS, if it is not enabled already.
  2. In your Linux VPS run the rngd daemon like this: rngd -r /dev/hwrng

That’s it, with these 2 steps you should find that your VPS can now enjoy a good entropy pool.  Cryptographic tasks will now complete much faster and encryption software running on your VPS will be much more secure.

To verify whether your VPS has the virtual rng present, run the following command in a terminal in your Linux VPS:

[code language=”bash” padlinenumbers=”true”]
cat /sys/devices/virtual/misc/hw_random/rng_available
[/code]

which should show “virtio” as being available

and

[code language=”bash” padlinenumbers=”true”]
cat /sys/devices/virtual/misc/hw_random/rng_current
[/code]

should also show “virtio” as the currently selected hardware rng.

Additionally, you can check that the file /dev/hwrng exists, which is the hardware rng device file.

So how will your VPS benefit from the increased entropy pool? If you run anything that uses encryption, it will benefit. If you run an SSL website, a VPN such as OpenVPN, or have a lot of SSH sessions connecting, these are all examples of software that will benefit.

If you have any difficulty getting this to work for your VPS, don’t hesitate to raise a support ticket and we will be happy to help.