9Feb/170

Advantages of ZFS

ZFS as a rather new filesystem offers various advantages in comparison to regular filesystems like ext3, ext4 and NTFS. We have summarized the most noticeable ones as follows:

The main benefit of using a ZFS filesystem is guaranteed data integrity

ZFS protects your data by enabling volume management on filesystem level. This feature makes “Copy on Write” (CoW) technology possible. When a block of data is altered, it will change its current location on the disk before the new write is finished. If your system crashes or loses power in the process, that data would be lost or damaged. ZFS does not change the location of the data until the write is completed and verified, thus keeping your data safe in case of a system crash. To verify data integrity, ZFS uses checksums to ensure that the data remains original from write to write. This means that every write is tested, which in turn eliminates bit rot. ZFS not only protects your data with the CoW feature, but offers additional RAID protection in comparison to standard RAID levels. RAID-Z3 allows for a maximum of three disk failures in a ZFS pool. Regular RAID only allows for two disk failures per volume. ZFS offers the ability to set up a multi-disk mirror (nRAID). Usually the RAID mirrors are composed of a single disk and its copy. With a multi-disk mirror you can have multiple copies, which adds levels of data integrity not found in typical RAID setups and is great for read speeds.

Highly Scalable

The storage capacity of ZFS is years ahead of what might become a problem soon for regular filesystems. The possible maximum of a ZFS storage pool is 6 EiB = 16 * 2^60 Byte, which is as much as 3,000,000 6TB HDDs. A configured ZFS pool can easily be changed in its size to accommodate a growing need for more storage. The pool can be upgraded step by step with larger disks, without compromising the filesystem or complicated procedures. Harddisks can even be added on different physical ports or in a changed order in a new computer system, as long as the ZFS version on the target system is the same or higher. You will be able to use your migrated data as soon as the import is completed.

Improved Performance

ZFS also allows to send writes to individual physical disks, instead of just the RAID volume. Because of this, ZFS can stripe writes across RAID volumes, which is speeding up write performance. In the case you need to sync mirrors with only a little bit of information, you do not have to wait for it to sync any of the empty disk space, which can take a good amount of time. ZFS incorporates algorithms to ensure that your most recently used and most frequently used data are kept in the fastest system storage media. Spinning disks are known to be slow and SSD drives come at a very high price compared to regular disks. By using these algorithms in combination with flash-based ZFS write cache and L2ARC read cache devices, you can speed up your performance by up to 20% at low cost. Other great feature of ZFS are the intelligently designed snapshot, clone, and replication functions. ZFS snapshots only update based on what has changed since the last snapshot. This means that clone and replication tasks are less time consuming compared to traditional replication technology.

Easy to administer

Creating a new ZFS-Pool is fairly simple. The available storage devices can be listed with “rmformat” and can be created with the “zpool create -m /mountpunkt Contabo1 DEVICE” command. The new filesystem is automatically mounted and immediately accessible. There is no need to format the new ZFS-Pool. If additional storage space is needed, you can easily add a new device with the “zpool add Contabo1 DEVICE” command. This compares to the classical RAID 0 in which the data is distributed on all available devices.
In general a setup for data integrity is much more adviseable. With the “zpool create Contabo1 mirror DEVICE DEVICE” command you can easily create a ZFS-Pool with mirrored disks as in comparison to a classical RAID 1. You can also add several mirror disks to enhance data integrity even more with the “zpool create Contabo1 raidz DEVICE DEVICE DEVICE DEVICE” command for example. This will create a ZFS-Pool with four disks, in which one is allowed to fail without issues. When using the raidz2 option instead of raidz, two disks can fail at a time.

There is also the option to add Hot-Spares to a ZFS-Pool in order to have a replacement disk ready at all times. If a live disk fails the Hot-Spare will be used automatically to start a rebuild and take the place of the failed disk. This can be done with the “zpool add Contabo1 spare DEVICE” command, which will add the last disk in our example to the pool as Hot-Spare.
With "zpool list" you can review all existing ZFS-Pools with size, usage and health status.
With “man zfs” and “man zpool” you can review the commands that will give you full control over your ZFS-Pools.

A short overview of the mostly used commands:

- Creating a RAID-Z pool
zpool create NAME raidz DEVICE DEVICE DEVICE
- Creating a mirrored pool
zpool create NAME mirror DEVICE DEVICE
- Listing of available pools
zpool list
- Show I/O for all pools
zpool iostat 1
- Show attributes of pool devices
zpool vdevs
- Add disk to a pool
zpool add NAME DEVICE
- Delete a pool
zpool destroy NAME
- Creating and mounting a ZFS-Pool
zfs create POOL/NAME
- List pool filesystems
zfs list
- Creating and mounting a ZFS-Pool on a non-default mountpoint
zfs create POOL/NAME /MOUNTPOINT
- Create a snapshot of a filesystem
zfs snapshot POOL/FILESYSTEM@SNAPSHOTNAME
- Mount a ZFS-Pool
zfs mount POOL/FILESYSTEM /MOUNTPOINT
- Delete a ZFS-Pool
zfs destroy POOL/NAME

Which operating systems are compatible with ZFS?

ZFS was initially designed for Solaris, but can be used today on FreeBSD, FreeNAS, Proxmox and most linux distributions.

Posted by: Philipp | Tagged as: , , , , , No Comments
13Jan/170

Manage Windows Updates in Windows 2016

In Windows Server 2016, the administration of the (automatic) Windows Updates has changed slightly. The following tutorial will show you how to check and manage the Windows updates for your Windows Server 2016 system.

1. Please connect to your server using RDP and open the Settings App via the Start menu.

Afterwards you can click on "Update & Security" which will forward you to the following screen.

Everything regarding updates can be done via this screen.

You have the option to "Check for updates", which will check for the latest updates and automatically download and install them. If some updates require a reboot, Windows will schedule it accordingly.  It is possible to set "active hours" from the link "Change active hours" where a time frame can be given in which Windows shall not reboot the device automatically.

It is further possible to set a custom day and time for the reboot via the link "Restart options".

The link "Update history" provides an overview about recent updates where it is possible to uninstall recent updates and to check further recovery options.

The link "Advanced options" provides you with the option to also update other Microsoft products through Windows updates and to "Defer feature updates", which is described by Microsoft as follows:  "When you defer upgrades, new Windows features won't be downloaded or installed for several months. Deferring upgrades doesn't effect security updates. Note that deferring upgrades will prevent you from getting the latest Windows features as soon as they're available".

The link "Privacy settings" will forward you to the general privacy settings of Windows.

Posted by: Dirk | Tagged as: , , , No Comments
21Dec/160

Merry Christmas and a Happy New Year!

At the end of the year, we would like to thank you, our long and loyal customers, for the trustful cooperation in the past 12 months.

The entire Contabo-Team wishes you and your families Merry Christmas and a Happy New Year!

In case any issues occur: We are available on the public holidays, in between the holidays and in general everyday in 2017 from 8am to 11pm CET (UTC+1)!

Please click here for our contact details!

Posted by: Markus | Filed under: General stuff No Comments
13Dec/160

NEW operating system available at Contabo: Arch Linux

Great news: From now on we offer you a completely new operating system, namely Arch Linux! It is available for all your VPS and Dedicated Servers! What's even better: Arch Linux will always be up to date, which means you will always get the latest version!

You can combine it with the Software RAID 1 and an installation with a manual configuration is possible as well - for further details, kindly contact our customer support!

Our existing customers know it already:

We always offer you a wide range of the latest Linux distributions (as well as Windows Server 2012 and 2016!). Simply click on "Customize & Order" below your desired (virtual) server model to get a detailed overview. Then scroll down a bit and select your OS of choice!

Further information and a product overview is available on our website!

Posted by: Markus | Tagged as: , , , , , No Comments
28Nov/160

NEW at Contabo: Fedora 25 and Suse Leap 42.2

From now on, we offer you Fedora in its latest version 25, it replaces the previous version 24. Likewise, Suse Leap received an update and the new version 42.2 is available now at Contabo!

Both operating systems can be combined with the Software RAID 1 and Webmin. In addition, Fedora 25 can be installed via VNC as well.

Existing customers can upgrade to the latest versions easily through the customer control panel.

We offer you a wide range of the latest Linux distributions (as well as Windows Server 2012 and 2016!). Simply click on "Customize & Order" below your desired (virtual) server model to get a detailed overview and select your OS of choice!

Further information and a product overview is available on our website!

Posted by: Markus | Tagged as: , , , , , , No Comments
23Nov/160

Available now: Windows Server 2016

Not long ago, Microsoft officially launched its latest operating system for server systems, Windows Server 2016. We immediately went to work and performed numerous functionality tests and thus ensured a smooth integration in our systems. Today we can finally say:

Windows Server 2016 is available as an upgrade for all our root servers and VPS with 100% SSD!

As you already know from Windows Server 2012, you can once again choose between the Standard Edition and the Datacenter Edition when ordering Windows Server 2016.

If you are a new customer or place an additional order, you can select Windows Server 2016 as your operating system during the order process on our homepage. We kindly ask existing customers to send a short e-mail to our support department, then we will process the upgrade manually.

So what are the costs of Windows Server 2016 at Contabo?

The most important thing first: As a special service for our customers, we offer Windows Server 2016 free of charge for the first two months - for every root server customer. In other words:
No costs apply for the use of Windows Server 2016 on a root server within the first two months.

If you opt for a root server at Contabo, you are free to choose between the two new versions as well as the previous versions of Windows Server 2012 – in addition to a broad selection of Linux distributions. For most of our Dedicated Servers, Windows Server 2016 Standard Edition is available for 39.99€ per month (from the 3rd month onwards, free of charge before). The Datacenter Edition is a bit more expensive with a monthly fee of 279.99€ (from the 3rd month onwards, free of charge before); however, it offers the ambitious user additional possibilities, as for example in the field of virtualization.

If you decide to order one of our VPS with 100% SSD disk space and add Windows Server 2016 as your operating system of choice, you automatically receive the premium Datacenter Edition. It is available from 5.99€ per month for our VPS – the eventual monthly fee depends on the chosen VPS model. Of course, all available Linux distributions can be selected as the operating system for your VPS as well.

Order your new Contabo VPS or root server with Windows Server 2016 today!

17Nov/160

Let’s Encrypt!

In times when data security is an important topic, encryption is a vital part of it. Unfortunately, in most cases, it is a complex task which many users are not able to handle properly due to the lack of expert knowledge in this field. To secure a website via Secure Socket Layer (SSL) or Transport Layer Security (TLS) for being accessible via Hypertext-Transfer-Protocol Secure (HTTPS), a certificate is needed.

Encrypted connections are based on certificates, if a user is accessing a website via HTTPS, an encrypted connection is being established. Before this encrypted connection can be established successfully, the certificate provided by the accessed server is being verified if it can be trusted. This verification of trust is basically done as follows:

  1. Signature verification of the certificate based on the chain of trust
  2. Verification if the accessed domain corresponds to the domain which is valid according to the certificate

What is this chain of trust all about?

In general every operating system and even browsers like Firefox or Google Chrome come with pre-installed certificates from trusted certificate authorities (CAs). These certificates are always trusted if they are not revoked in the meantime. The chain of trust verification basically verifies, if the signature of the certificate in question is already trusted by the pre-installed certificates of the trusted certificate authorities. It is called chain of trust as it is for example possible, that the signature of Let's Encrypt is not trusted on your system but the certificate which is used by Let's Encrypt in order to sign your certificate is also signed with a certificate of a third trusted certificate authority which is trusted on your system. Therefore Let's Encrypt guarantees that your certificate can be trusted and the third certificate authority, which is trusted on your system, guarantees that Let's Encrypt can be trusted as well.

How does the Let's Encrypt project differ to other certificate authorities?

As establishing and running a trusted certificate authority is expansive, normally a fee has to be paid in order to have your certificate being signed from a trusted certificate authority. Let's Encrypt did establish a trusted certificate authority which offers the signing of certificates for free and aims to improve and automate the process of certificate creation and installation in general. The main idea behind this project is to create a more secure and privacy respecting web.

Free certificates with our Webspace Packages

As we already informed you with the post Webspace: Free SSL certificates available now!, domains added via our Webspace Packages are already equipped with a Let's Encrypt signed certificate. Even the renewal of the certificates is handled completely automatically.

Let's Encrypt via AutoSSL in cPanel

Since cPanel & WHM Version 58.0.17, Let's Encrypt is officially supported by cPanel. Currently it is necessary to integrate it via shell by invoking the installation script located at /scripts/install_lets_encrypt_autossl_provider as root user. After successful installation it is possible to choose Let's Encrypt as the default certificate provider via Home >> SSL/TLS >> Manage AutoSSL.
autossl_lets_encrypt Specific user settings can be done via the "Manage Users" tab.

Let's Encrypt via extension in Plesk

Also Plesk in versions 12.5 and later supports Let's Encrypt by an extension. The installation and configuration steps in this tutorial work for both Linux and Windows installations.

To install the extension, please go in Plesk to:

"Tools & Settings" >> in the area "Plesk" >> "Updates & Upgrades"

A new tab is opening. Eventually you have to confirm a self signed certificate for this site in your browser. On the site, please choose "Add/Remove Components".

plugin

Please mark the extension for installation like in the picture above and start the installation with "Continue". The installation finishes with the message "All operations with products and components have been successfully completed.". With a click on "OK" you will come back to the main menu. You can close the browser tab then.
Now you have to request the certificate and activate it for the domain. To do so, please change to "Websites & Domains" and choose "Show more" to increase the available list of options for your domain. As you can see, there is now an additional option for Let's Encrypt.

letsencrypt

Please open this link and check the e-mail address. Consider if the site should be available over www too and if necessary, set the tick at "include www.yourdomain.com as an alternative domain name.". With a click on "OK", you will start the request for the certificate. When the process has finished, your site should already be reachable over https. To be on the safe side, you can now go to the the "Hosting Settings" of your domain and check in the area "Security" the option "Permanent SEO-safe 301 redirect from HTTP to HTTPS". This will prevent unencrypted connections to your website. In the option below you can choose the just ordered certificate manually to be used for your site if has not been chosen automatically.

If there was an error shown during the certificate request, please check if the A record of your domain is pointing to the IP address of your server. This also applies to the subdomain with www.

Let's Encrypt usage without an Administration Panel (Debian 8)

The usage of Certbot is recommended together with Let's Encrypt. We are using the Apache webserver and the operating system Debian 8 for our example.

In order to install Certbot together with all dependencies, the following commands have to be executed as root user:

# Activate Debian Jessie backports repository

echo "deb http://ftp.debian.org/debian jessie-backports main" >> /etc/apt/sources.list && apt-get update

 

# Installation of Certbot

apt-get install python-certbot-apache -t jessie-backports

 

After the installation it is possible to automatically generate signed certificates for your domains via Certbot. The certificates will be configured automatically within your Apache webserver too. The following command invokes a configuration dialogue which is asking for information like domain name(s) and your e-mail address. After submitting the required information and agreeing to the terms of service of Let's Encrypt, your signed certificate(s) will be created and configured within Apache. It is also possible to decide whether your domain shall be accessible via HTTP and HTTPS or if HTTPS connections shall be forced.

# Starting the automated configuration dialogue

certbot --apache

If you desire to configure your certificate(s) on your own, the following command can be used for creating the signed certificate(s) only.

# Creation of certificate(s) only

certbot --apache certonly

Certbot does not only support Apache with Debian 8 as operating system, there are several combinations of webservers and operating systems possible which can be seen via the following link: Certbot.

Let's Encrypt installation without Administration Panel (CentOS 7.2)

As the usage of Certbot on CentOS does not differ from the usage on Debian 8, we are just taking a short look into the installation of Certbot on CentOS. As the Apache/httpd default package (yum install httpd) on CentOS does not include the SSL module, you need to make sure to have this module installed before installing Certbot.

# Installation of Extra Packages for Enterprise Linux and optionally mod_ssl

yum install epel-release mod_ssl 

# Installation of Certbot

yum install python-certbot-apache

 

Configuration of an automated certificate renewal

Since Let's Encrypt certificates are only valid for three months, it is vital to configure an automated renewal.

As the Certbot package of Debian 8 already configures a cron-job for the certificate renewal we are going to show you how the cron-job can also be configured for a standard CentOS installation.

# /etc/cron.d/certbot

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

0 */12 * * * root test -x /usr/bin/certbot && perl -e 'sleep int(rand(3600))' && certbot -q renew

 

This cron-job runs every 12 hours and triggers the renewal of all your certificates, if they will expire in less than 30 days. It is recommended to leave this value of twice a day as this will help recognizing that a certificate has been revoked.

 

 

Posted by: Dirk | Tagged as: , , , No Comments
10Nov/160

Always be up to date with our server status notification!

Some of you have probably clicked on the link “Server Status” on our website contabo.com already and were forwarded to our status website. In the very rare case of irregular issues occurring in one of our data centers, we inform you about it on this website.

Recently we have revised our status site and added more features. By now, we provide information about all scheduled, ongoing and recently completed maintenances of server systems in our datacenter. Not worth mentioning that customers affected by such a maintenance are also informed by us via e-mail prior to this. These maintenances cannot be avoided altogether – after all, some hardware components are subject to attrition and have to be replaced at the appropriate time. Thanks to our transparent status website, you always know about the server systems which are currently being maintained by our technicians.

A click is worthwhile: http://contabo-status.com/

Posted by: Markus | Tagged as: , , , , No Comments
27Oct/160

Data loss and how to avoid it

A typical situation: You have been on vacation and have made a lot of great photos which you want to upload to your server in order to share them with your friends and your family. Especially the photo where you were diving with the great white shark. So you uploaded them to your server and after that the photos were deleted from the SD card because you need free space for the next travel. Just working on an update to your website in a hurry, a quick "rm -rf" in the wrong directory and the photo gallery is gone. Annoying!

This is a situation that can occur but the data does not have to be lost. In general, the customer is responsible for a backup and we want to show you how to approach the perfect backup system.

But what is a backup?

With a backup you are creating a copy of your data to be stored on an external storage device. This storage device should be independent of your server, so it could be a hard disk on your local computer, a USB stick or our FTP backup storage.

Different backup types

  1. Full Backup: As the name already indicates the full backup is a complete copy of your data. The advantage here is that all data is complete, but you need a lot of disk space to store your data. If you only perform full backups the available space at your data storage medium will shrink very fast.
  2. Differential Backup: Before performing a differential backup you need a full backup as a differential backup contains only data which has changed or is newly created in comparison to the full backup. Therefore, it is faster but you are also saving data which is already saved in previous differential backups because you save all data that differs from the last full backup.
  3. Incremental Backup: Similar to the differential backup you have to perform a full backup. But instead of always saving all changes that differ from the latest full backup, only the data being changed after the previous incremental backup gets backed up. The only disadvantage is, that if you want to restore that data you need the last full backup and all incremental backups in order to restore to the latest data.

Where to save the backup files

We offer an FTP backup storage, available with various storage space options. If you are interested in this offer, please contact us: support@contabo.com
You can access the backup storage via FTP and FTPS. With support for these protocols it is perfect for file storage. The way to access our backup space is already described here: https://contabo.com/?show=tutorials&tutorial=backup-space.

"I do not need a backup, my server is secured by a RAID system."

CAUTION! A RAID does not replace the creation of backups! A RAID should indeed provide redundancy. If more than one drive fails at the same time or your data is deleted because of an attack from outside or a similar event, a RAID will not help saving the situation. We have read this sentence above numerous times and with our experience we can say, that customers who think that their data is secure because they have a RAID system are very disappointed, if a situation as described occurs. A RAID is very effective to avoid downtime because of a defective HDD and to prevent the need for laborious data restoration.

Nevertheless the mentioned redundancy is not the same as a backup.

"I have an SSD VPS. Because of the snapshot feature I do not have to worry about backups."

Since we have been offering our VPS SSD products with the snapshot feature we have heard this sentence very often. But it is the same as with a RAID. Snapshots are not backups!

What are snapshots good for?

A snapshot freezes the current state of the file system which still points to the same "physical" storage. Snapshots are perfect for "Let's do it and see what happens..." type of situations. If the change does not work you can go back to the state before you have started your work.
So is it a backup? No! Snapshots depend on the VPS and on the host server system the VPS is located on. As already described before, the backup has to be saved to an external location, e.g. our FTP backup storage.

How to create a backup?

All important data has to be saved. Normally you know where this data is located. To store all necessary data an automatic backup routine is the perfect choice.

Using a Linux based OS we recommend to create script which creates a tar.gz file of the data that should be saved and after that, automatically transfers it to the backup storage and also deletes older backups. As this should be done periodically you can use a cron job. If you use a Windows OS you can create a powershell script to do the same steps likewise.

Please note that it does not matter if you use Linux or Windows. You have to know what you are doing as the backup is the only way to restore your data if you are facing an issue with your server.

Of course we always try to support you if you have any questions regarding your backup solution: support@contabo.com.

The last step: Securing your backup

Security of private data gets more and more important. Encryption of the backup files is therefore recommended.

Using a Linux OS you can use tools like gpg to do so. Please find a very good tutorial below:
http://www.cyberciti.biz/tips/linux-how-to-encrypt-and-decrypt-files-with-a-password.html

If you are a windows user we recommend using Veracrypt:
https://veracrypt.codeplex.com/wikipage?title=Beginner%27s%20Tutorial

Posted by: Matthias | Tagged as: , , , , No Comments
21Oct/160

Ubuntu 16.10 available now!

We offer you the latest Linux distribution Ubuntu 16.10 for free for all your VPS and Dedicated Servers! You can combine it with Software RAID 1, Webmin, LAMP and Webmin+LAMP. Important to know: In contrast to Ubuntu 16.04, there is no long term support (LTS) for Ubuntu 16.10.

New features include, among others, a revised low graphics mode which requires less hardware resources and new editions of Firefox and LibreOffice. In addition, Ubuntu 16.10 supports Kernel 4.8.

You can select Ubuntu 16.10 among several other Linux distributions (and Windows Server 2008 / 2012) when you define your individual configuration by clicking on "Customize & Order" on our VPS and dedicated servers overview sites!

As an existing customer, you can upgrade through our Control Panel easily!

Further information can be found on our website!

Posted by: Markus | Tagged as: , , , No Comments