12 apr

CloudVPS Object Store Available: Scalable Cloud Storage!

As of today the CloudVPS Object Store is available. An object store can be used to easily store files in the cloud and make them available through an API or URL. This makes an object store ideal for images, movies, backups and many other types of files. The popularity of object stores is starting to grow rapidly now, especially with developers and parties that want to store large numbers of files.

Advantages of an object store:

  • You only pay for your usage of storage, traffic and the API.
  • Your data is stored three times within two datacenters.
  • Files will be available from multiple locations.
  • Enables API based programming.
Amazon S3 Alternative

A lot of object store users are using Amazon S3 at the moment. Our solution uses the popular OpenStack API which allows you to choose the provider you are doing business with. The CloudVPS Object Store is also significantly cheaper than Amazon S3. An other important advantage of our object store is that we are not subject to the US Patriot Act. This means US government services do not have access to your data and our solution can be used for privacy sensitive data.

For parties that are still using the S3 API exclusively, we have added an S3 emulation so you can use our object store with the S3 API.

Amazon does offer a global Content Delivery Network (CDN) option with its object store. This is relevant if data has to be available quickly in multiple continents. We will soon add CDN functionality ourselves.


Click to enlarge

Interface

We have added an object store section to the CloudVPS Interface. Here you can track your usage. You can also manage your object stores, containers and files.

OpenStack Swift

Our object store is based on OpenStack Swift. OpenStack is a fast growing collection of open source cloud infrastructure projects. This project has an enormous momentum with parties like VMware, NASA and HP contributing. We have decided to implement OpenStack for our entire infrastructure and the CloudVPS Object Store is just our first OpenStack based product.

We will be very active in adding functionality to OpenStack. We will contribute as many of our improvements to the object store as possible to the project. For instance, we have made it possible to use the Cyberduck client as a visual interface for the OpenStack object store. We are currently developing new authentication methods and are documenting and improving various SDKs (Software Development Kits).

Ordering and Paying

You can order the object store on our website. Your object store will be invoiced at the end of the month. If you are a new new customer you will have to pre-pay a one time sum of 10 Euros. If a lot of resources are being used during the first month an extra prepayment will have to be deposited. Customers with an existing invoicing relationship will not have to pre-pay when ordering an object store.

The cost of the object store depends on the storage used, the outgoing traffic and the API usage. Read more about the costs and invoicing of our object store in our knowledge base.

CloudVPS customers that also purchased a CloudVPS virtual server will be able to use the first 10 GB of object storage for free. For these customers 50,000 heavy API calls and 500,000 light API calls will also be available free of charge.

More Information

Some usefull links:
Object store page
Knowledge Base Introduction
Quickstart
GUI Clients
S3 Emulation
Pricing and Invoicing

Please contact sales if you have any questions regarding the possibilities of the CloudVPS Object Store.

 

12 apr

CloudVPS Object Store Available: Scalable Cloud Storage!

As of today the CloudVPS Object Store is available. An object store can be used to easily store files in the cloud and make them available through an API or URL. This makes an object store ideal for images, movies, backups and many other types of files. The popularity of object stores is starting to grow rapidly now, especially with developers and parties that want to store large numbers of files.

Advantages of an object store:

  • You only pay for your usage of storage, traffic and the API.
  • Your data is stored three times within two datacenters.
  • Files will be available from multiple locations.
  • Enables API based programming.
Amazon S3 Alternative

A lot of object store users are using Amazon S3 at the moment. Our solution uses the popular OpenStack API which allows you to choose the provider you are doing business with. The CloudVPS Object Store is also significantly cheaper than Amazon S3. An other important advantage of our object store is that we are not subject to the US Patriot Act. This means US government services do not have access to your data and our solution can be used for privacy sensitive data.

For parties that are still using the S3 API exclusively, we have added an S3 emulation so you can use our object store with the S3 API.

Amazon does offer a global Content Delivery Network (CDN) option with its object store. This is relevant if data has to be available quickly in multiple continents. We will soon add CDN functionality ourselves.


Click to enlarge

Interface

We have added an object store section to the CloudVPS Interface. Here you can track your usage. You can also manage your object stores, containers and files.

OpenStack Swift

Our object store is based on OpenStack Swift. OpenStack is a fast growing collection of open source cloud infrastructure projects. This project has an enormous momentum with parties like VMware, NASA and HP contributing. We have decided to implement OpenStack for our entire infrastructure and the CloudVPS Object Store is just our first OpenStack based product.

We will be very active in adding functionality to OpenStack. We will contribute as many of our improvements to the object store as possible to the project. For instance, we have made it possible to use the Cyberduck client as a visual interface for the OpenStack object store. We are currently developing new authentication methods and are documenting and improving various SDKs (Software Development Kits).

Ordering and Paying

You can order the object store on our website. Your object store will be invoiced at the end of the month. If you are a new new customer you will have to pre-pay a one time sum of 10 Euros. If a lot of resources are being used during the first month an extra prepayment will have to be deposited. Customers with an existing invoicing relationship will not have to pre-pay when ordering an object store.

The cost of the object store depends on the storage used, the outgoing traffic and the API usage. Read more about the costs and invoicing of our object store in our knowledge base.

CloudVPS customers that also purchased a CloudVPS virtual server will be able to use the first 10 GB of object storage for free. For these customers 50,000 heavy API calls and 500,000 light API calls will also be available free of charge.

More Information

Some usefull links:
Object store page
Knowledge Base Introduction
Quickstart
GUI Clients
S3 Emulation
Pricing and Invoicing

Please contact sales if you have any questions regarding the possibilities of the CloudVPS Object Store.

 

22 mrt

Vulnerability found in Joomla plugin

Joomla is one of the most popular frameworks for building websites. Such popularity however comes at a price: with an installed base this large it becomes an attractive target for finding and abusing exploits.

Recently a number of critical vulnerabilities have been discovered which are unfortunately actively being exploited. One of the more infamous ones is the exploit for a weakness in the Joomla Content Editor (JCE), one of the most popular plugins for Joomla.

By exploiting the weakness in this vulnerability an attacker can gain full control over your website, allowing him or her to deface the website or use your server as a strting point for further attacks on other sites and servers.

If you use Joomla, please make sure to update both the core Joomla install and all plugins to the latest released versions. And check every so often for new releases to be installed.

For more information on Joomla and the security hole in JCE please see here:

http://www.joomlacontenteditor.net/news/item/jce-and-your-sites-security

22 mrt

Vulnerability found in Joomla plugin

Joomla is one of the most popular frameworks for building websites. Such popularity however comes at a price: with an installed base this large it becomes an attractive target for finding and abusing exploits.

Recently a number of critical vulnerabilities have been discovered which are unfortunately actively being exploited. One of the more infamous ones is the exploit for a weakness in the Joomla Content Editor (JCE), one of the most popular plugins for Joomla.

By exploiting the weakness in this vulnerability an attacker can gain full control over your website, allowing him or her to deface the website or use your server as a strting point for further attacks on other sites and servers.

If you use Joomla, please make sure to update both the core Joomla install and all plugins to the latest released versions. And check every so often for new releases to be installed.

For more information on Joomla and the security hole in JCE please see here:

http://www.joomlacontenteditor.net/news/item/jce-and-your-sites-security

22 mrt

Vulnerability found in Joomla plugin

Joomla is one of the most popular frameworks for building websites. Such popularity however comes at a price: with an installed base this large it becomes an attractive target for finding and abusing exploits.

Recently a number of critical vulnerabilities have been discovered which are unfortunately actively being exploited. One of the more infamous ones is the exploit for a weakness in the Joomla Content Editor (JCE), one of the most popular plugins for Joomla.

By exploiting the weakness in this vulnerability an attacker can gain full control over your website, allowing him or her to deface the website or use your server as a strting point for further attacks on other sites and servers.

If you use Joomla, please make sure to update both the core Joomla install and all plugins to the latest released versions. And check every so often for new releases to be installed.

For more information on Joomla and the security hole in JCE please see here:

http://www.joomlacontenteditor.net/news/item/jce-and-your-sites-security

12 mrt

ISO 27001, NEN 7510 and CloudControls Certification Official


Click to enlarge A couple of weeks ago we have successfully concluded our certification audits. The auditor, the international risk manager DNV has given a positive advice to the UKAS committee. This committee has adopted the recommendation of the auditor and we have received the official certificates last week. We are now officially ISO 27001 and NEN 7510 certified and this includes the additional CloudControls as well. These certifications apply to all CloudVPS services.

ISO 27001 & NEN 7510

The ISO 27001 is an international security standard that applies to the entire Information Security Management System. Companies can choose which controls apply to their specific situation. We have declared all 133 controls to be applicable. The NEN 7510 is a Dutch standard for the healthcare sector, it is a stricter version of the ISO 27001 controls with a focus on the protection of patient data.

CloudControls

A lot of customers have questions regarding measures against cloud specific issues. Think about guarantees regarding information supply, the non existence of lock in risks and the neutralisation of risks related to the sharing of infrastructure with other parties. Together with KPMG and some other parties we have developed the CloudControls. These are 43 additional controls that mitigate cloud related risks. These controls were audited together with the ISO 27001 and NEN 7510 standards and integral an part of our certification.

Useful links

* The Statement Of Applicability (SOA), this is the list with certified controls (Excel sheet)
* List of cloud related risks, questions for your cloud provider and CloudControls (Excel sheet)
* Cloudcontrols website (Link)
* ISO 27001 and NEN 7510 certificates (PDF)
* Initial Audit Report (Dutch) (PDF)
* Mitigating measures (Dutch). Here the mitigation of the two minor non-confiormities in the Audit Report are discussed. (PDF)
* Our certification page (Link)

30 aug

Emergency maintenance tonight: XEN upgrade on Tuesday june 12th 2012, starting 22:00

Today the XEN development team announced a vulnerability concerning a privilege escalation found in a specific combination of Xen versions and newer Intel chips. We are preparing to remove this vulnerability today.

In non-technical terms this means that it is theoretically possible for a VPS admin to gain access to the virtualisation layer underlying your VPSes. This means it would be possible to control a large number of virtual servers, once someone has access to the virtualisation layer.

Because we have been using AMD processors for the last couple of years only our older clusters are affected by this vulnerability. In order to counter this risk today, we will be performing emergency maintenance to our hosting infrastructure. The XEN team has kindly provided us with a software patch, which we will apply and install tonight.

We would like to stress that none of our servers have been compromised at this time. The same seems true for our competitors, many of which use Xen as well.
 

Software upgrade older clusters
As part of this maintenance, we will upgrade the software with a version which has been patched and is therefore not vulnerable to this attack anymore.

For this patch to be installed, we will have to shut down all physical servers running the XEN software, shut down all VPSes running on those physical servers and restart everything after having installed the update.

Effect on your VPS
In order to update the physical servers in our older clusters featuring this vulnerability, we will have to restart your VPS. This means it will be unavailable for some time, causing your websites and mail to be temporarily off-line.

The upgrade procedure will start at 22:00 tonight, 12 june 2012 and is expected to end somewhere around 04.00 in the morning. We expect the downtime per VPS to be anywhere between 30 and 60 minutes.

Affected environments
All VPSes in the following ranges are affected:

  • 1.000 – 1.999
  • 2.000 – 2.999
  • 3.000 – 3.999
  • 5.000 – 5.999

Apart from these VPSes, another 40 VPSes in the 6.000 – 7.999 range are affected.

More information
All customers with a VPS in the abovementioned ranges, as well as the 40 other VPSes will be informed by mail. Regular updates will be given via Twitter, on https://twitter.com/cloudvpsnetwork, including the ranges currently undergoing updates. For a more technical description of the vulnerability, please read the advisory: http://lists.xen.org/archives/html/xen-devel/2012-06/msg00670.html

Problems and questions
If you have any questions regarding this maintenance, or if you encounter problems with your VPS after 06:00 on 13 june 2012, please contact support@cloudvps.com.

23 jul

Netwerk Onderhoud

XLS zal komende zondag avond / maandag ochtend onderhoud uitvoeren aan hun netwerk. Dit is een voorbereidende stap om het gehele netwerk van XLS binnen enkele weken naar 10 Gigabit te brengen.

XLS begint om zondag nacht om 0:00 en verwachten dat het maximaal tot maandag ochtend 3:00 zal duren. Tijdens dit onderhoud kunt u twee keer een half uur langzame of instabiele verbindingen ervaren.

11 nov

Urgent: ProFTPD is Lek

Er zit een zero day vulnerability in ProFTPD, een veelgebruikt FTP programma. Voor de techneuten: het gaat om een zogenaamde buffer overflow vulnerability die zich manifesteert als er de TELNET_IAC escape sequence aangeroepen wordt op poort 21.

Wij raden dringend aan ProFTPD te upgraden naar de laatste versie. Bij control panels hangt de beste benadering van het specifieke panel af.

Direct Admin – Compileert ProFTPD zelf. Het is dus wat complexer om dit op te lossen. Neem contact met ons op als wij geen toegang tot de machine hebben.
Plesk – Waren er snel bij deze keer. Versies onder 9.0 zijn niet lek, verder verschijnen er vandaag en morgen updates voor de verschillende versies. Zie hier voor nieuws: http://www.parallels.com/eu/products/plesk/ProFTPD
Cpanel – Gebruik van ProFTPD is zeldzaam bij dit control panel. Neem contact met ons op als wij geen toegang tot de machine hebben.

Wat wij gaan doen: wij zullen vanmiddag een poortscan op poort 21 van al onze (virtuele) servers uitvoeren. Als wij zien dat er nog een oude versie van ProFTPD draait dan loggen wij in om deze software te upgraden. Als wij de vps niet binnenkomen krijgt u een mailtje. Neem even contact op als wij geen toegang hebben maar u hulp nodig heeft bij het uitvoeren van deze upgrade.

05 jun

Router Onderhoud 6 juni

Gedurende de nacht van zaterdag 5 op zondag 6 juni gaan wij twee
van onze vier core routers vervangen. Deze zware nieuwe routers
zullen bijdragen aan de stabiliteit van ons netwerk en de voor de
toekomst geplande traffic-capaciteitsuitbreidingen faciliteren.

Het vervangen van de twee routers zal zaterdagavond 5 juni na 23:59
uur beginnen en zal naar verwachting 1 tot 2 uur onstabiele tot niet
beschikbare verbindingen tot gevolg hebben. Alle XLS
Hosting-producten zullen bij dit onderhoud betrokken zijn.