- Cloud Firewalls (General Availability) at DigitalOcean
- Object Storage Beta at DigitalOcean
- Block Storage Beta at Linode
DigitalOcean and Linode have always been go-to providers for spinning a virtual server (or few) at inexpensive prices without a lot of fuss. Most perceive them as VPS hosts, as opposed to full-service cloud providers. Given that most IT professionals have come to prefer AWS-like convenience with all the tools under one roof, both companies are rounding out their offering of infrastructure services to better compete.
DigitalOcean Cloud Firewalls
A step forward in security
The concept of security groups, introduced by Amazon, have made it much easier for sysadmins to ensure their policies are consistently applied towards each area of their infrastructure that requires a different level of access and security. The model has been emulated by all the large cloud providers, including Azure and GCP.
DigitalOcean, understanding that many of its users are developers or hobbyists, rather than ops engineers, has wrapped much of this functionality into its user-friendly Cloud Firewalls interface. The Cloud Firewall acts as an access control list with rules for inbound/outbound traffic on the ports you specify. Each firewall can be applied to a group of similar Droplets by means of a tag.
Cloud Firewalls are free to add to any DigitalOcean instance, so if you already have a couple of droplets in your account, you can add this feature right away. The default cloud firewall configuration permits no inbound traffic unless you specify a rule allowing it, but permits all outbound traffic. At a minimum, you’d want to allow SSH traffic on port 22 to administer your server.
Common uses of a firewall include:
- Locking down SSH access to known IP ranges such as your home/office
- Restricting a web server to ports 80 (HTTP) and 443 (HTTPS)
- Limiting a database server to accept connections only from the application server(s) on the local network.
- Preventing direct access from the open Internet to web servers that sit behind a load balancer
Because DigitalOcean droplets allow traffic on all ports by default, adding a Cloud Firewall is a simple yet effective way to bolster your server’s security. Many users also don’t realize this, but DigitalOcean’s internal networking feature isn’t truly “private” like an Amazon VPC would be. Anybody in the same DO datacenter who knows your node’s internal IP address can contact any open ports on your server. That’s why Cloud Firewalls are an important tool which can be used in conjunction with software firewalls such as iptables (RHEL compatible distros such as CentOS) or ufw (Debian based distros such as Ubuntu) to offer multiple layers of protection from rogue DO users or hackers on the Internet at large. You can use a port scanning tool such as nmap to verify the ports you have exposed once you have implemented Cloud Firewalls and/or a software firewall.
DigitalOcean Object Storage
An Amazon S3 Alternative Inside the DigitalOcean Ecosystem
Spaces is a service designed to serve as a drop-in replacement for Amazon S3, Azure Blob Storage or Google Cloud Storage. This feature graduated from beta in September 2017, with a 2 month free trial for new users.
Edit (9/20/2017): DigitalOcean has made Spaces available to all users in its NYC3 datacenter, with plans to add AMS3 before end of 2017 and expand to other regions thereafter. Pricing has been announced at $5/month for 250 GB storage and 1 TB outbound bandwidth included. Additional transfer is $0.01/GB and storage is $0.02/GB.
Spaces can be managed using the s3cmd CLI tool which means that for many applications, it would be trivial to use as replacement for Amazon S3. According to DigitalOcean, data is stored with a technique known as erasure coding to tolerate multiple disk failures. It is also automatically encrypted at rest with 256-bit AES encryption.
See https://blog.digitalocean.com/introducing-spaces-object-storage/ for more details.
Object storage is highly durable storage that can be used to store data in any file format for your applications or to be hosted with virtually limitless bandwidth to be served up to a worldwide audience. Unlike block storage, object storage is not attached to a particular VM as a volume, but create, read, update and delete (CRUD) operations are typically performed via a HTTP API. Object storage is only billed for the space you actually use, not for the entire space provisioned. For more information, we suggest this article outlining the differences between block and object storage.
If you have Spaces enabled in your account, new storage buckets can be created by selecting “Spaces” in the navigation once you’re signed in. You can choose any alphanumeric name that’s not already taken, and set your bucket to Private or Public. Private buckets can only be viewed with an access key, whereas public buckets are visible (read-only) to the world. For example, if you’re looking to serve up static content, such as PDFs or video, you would choose Public.
DigitalOcean has published documentation for its RESTful Spaces API here, useful for any developers looking to write applications that utilize the object storage service. If you’re already in the DigitalOcean ecosystem and want a low latency storage option that avoids the ingress/egress charges of a service on a different cloud, Spaces could be interesting for you.
New DigitalOcean Customers:
Sign up below and receive $10 free credit.
Linode Block Storage Beta
A Game Changer for Storage Optimized Applications
Last but certainly not least, Linode finally came out with its Block Storage service beginning in its Newark, NJ datacenter (in beta). For storage-heavy users whose usage patterns don’t fit within the disk space provided with Linode’s plans, the addition of Block Storage means a lot of potential savings.
Linode is one of the best value-for-money cloud providers, with twice the RAM for half the price compared to DigitalOcean’s plans, and VMs at a fraction of the price of big-name clouds like AWS.
Now instead of scaling up to a larger plan because you’ve exhausted the storage on your Linode, you can simply add block storage to your existing Linode. Not only does this change the economics for low CPU/memory use cases, it reduces the downtime required to upgrade your Linode to the next tier. If Linode previously didn’t make sense because you weren’t able to purchase additional storage, they’re worth another look now.
The block storage service is NVMe SSD based with 3x replication, which means additional volumes should have similar performance and durability attributes to the root volume for any existing Linode. Block storage can be added and removed on-demand right from your Linode’s dedicated page in the dashboard. In fact, you can even boot from one of the virtual devices you’ve added to your Linode.
To request access to the beta, you need to file a ticket in the Support tab inside your account. Edit: Linode Block Storage is now a public beta. Once it has been enabled, a “Manage Volumes” link will appear at the bottom of your list of Linodes once you login. Details about this process, and any feedback or questions are in this forum thread.
While in beta, you can only attach block storage volumes to Linodes in the Newark, NJ datacenter but usage will not be billed. Pricing for block storage will be $0.10/GB/month. Volumes can be from 1 to 1,024 GB, and up to 8 volumes can be attached to each Linode. For those who use Linode’s backup service, additional volumes will not be backed up, so you should make other arrangements.
Like any other block storage service, there is some command line work that much be done from your virtual server before the new volume is ready for use. These steps include partitioning the drive, formatting it with a filesystem and adding it to /etc/fstab so its mounted at startup. These steps are detailed in Linode’s documentation.
With this new block storage option, we expect Linode to become more popular for hosting open source file sync & share apps such as NextCloud or SeaFile, or any type of application where the amount of storage needed grows over time.
New Linode Customers:
Sign up below and enter coupon code “BOOTSTRAPPED2017” on the second page for $20 free credit.
We are excited to see what features DigitalOcean and Linode will add to their clouds soon. With the commoditization of infrastructure as a service (IaaS), these challengers will put pressure on the major cloud providers to slash their prices, and take notes from one another as they round out their service offerings. It’s a great time to move your applications to the cloud, and consider adding new tools that will super-charge your team’s productivity and profitability. To learn more about our services, read more about what we do or contact a Autoize cloud architect today.