With the pending rollout of our 100% Canadian Infrastructure as a Service (IaaS) Canadian Cloud Hosting powered by OpenStack, we’ve been fielding questions from our Canadian and non-Canadian web hosting customers related to the service including their ability to set rules and define user roles within the cloud hosting environment. With the OpenStack Cloud Operating System, it is has been designed to be used by many different cloud computing customers and provide both flexibility and the ability to implement compliance rules within their environment. This article takes a look at user’s roles and projects and briefly outlines some of the features and functionality of each.
Defining Your Users
The roles that you assign control the actions that a user is allowed to perform and by default there are two different user types to start, a “member” and “admin.” It is possible to define other roles and you can setup roles based on security, project management, network administration and developer to name a few. As an example, perhaps you want to limit who can assign a public IP address to a project but want to limit the role of your project manager and developers. In this case, you could create an administration role where a user cannot allocate a public IP without the admin role. There are both global roles and per-project role assignments. In setting up your new users for your Canadian Cloud Hosting environment, you will simply need the following information:
- Email Address
- Primary Project
Once gathered, you simply use the dashboard under the “users” link and click on “create user.” It is important to note, that if you have a large number of users, it can be useful to use the search box at the top.
It is important to note that each user you create in the system will need to be assigned to at least one project in the system. By default, you should create at least one project in your cloud environment before adding more users.
In using the Canadian Cloud Hosting environment powered by OpenStack, one of the areas that some of our new users have been asking about is “projects.” Within the cloud hosting environment, the OpenStack Cloud Operating system uses both terms – Project and Tenant – in the same fashion and these are essentially interchangeable to ensure compatibility with previous versions of the OpenStack Cloud Operating System. The reason for this was there was an enhancement to the authentication system when the authentication moved from the OpenStack Compute Service over to the OpenStack Identity Service. In order to fully understand the usefulness of projects, you need to take a step back and understand how they came to be.
In looking at the original EC2 API supports users, the previous generation of OpenStack Compute added the concept of projects. So what is a project? Projects are isolated resource containers forming the principal organizational structure for Compute instances. They include a separate VLAN, volumes, instances, images, keys, and users. As mentioned above, each user is assigned to a project and if no project is specified in the request, the cloud system attempts to use a project with the same id as the user. Within each project, you are able to then set different controls or quotas over your instances. As an example, quota controls are available to limit the following:
- Number of volumes which may be created
- Total size of all volumes within a project as measured in GB
- Number of instances which may be launched
- Number of processor cores which may be allocated
- Publicly accessible IP addresses
New projects can be simply setup when you login, click on the “projects” link in the admin panel. During this process, you will have the opportunity to define the project information, identify and select project members and set the quotas as described above. For more information on OpenStack, or Canadian Cloud Hosting, simply email email@example.com or call 24/7 at 888-821-7888 to find out what a Canadian Cloud Server can do for you.
Some members of Canadian Web Hosting recently attended the OpenStack Summit in Portland, Oregon. It was a refreshing look at the here and now of the cloud industry and to get a better idea of where the industry is going. As an infrastructure company providing cloud services, it was exciting to see the growth of open-source software and users moving the “OpenStack” platform to the enterprise. If you don’t know, OpenStack was created for the end users and developers the ability to reshape how companies design, deploy and manage their infrastructure. The difference is rather than focusing on the back-end, the developers of the platform are focusing their efforts putting together the framework that allows end users to fully control deployments through heavy and predictable automation and become less reliant on their IT and platform providers. While there is a lot of momentum behind OpenStack, there is a long ways to go. Canadian Web Hosting is continuing to look at ways to support the community and large, as well as bring him some of our own development team to work on current projects. We want to help our customer’s access an infrastructure that can utilize the big public cloud and create infrastructure that is highly flexible, scalable and open with the ability to control where you data is and ensure governance requirements are met.
How does one know if OpenStack is for real? You just have to look at some of the companies today who have built out their technology structure using the OpenStack framework. Companies like Best Buy, Comcast and Bloomberg have fully adopted the platform into real world IT and are increasingly moving their entire IT framework over. Additionally, the keynote speakers for the CERN institute and NSA talked about how large entities that are not necessarily for profit have also benefited from OpenStack. Today, it isn’t for everyone but in a year or two companies like Canadian Web Hosting will have adopted and built out these infrastructures so that companies will repeatable, usable and reliable cloud hosting that also gives users the flexibility to work around their business needs rather than changing their product to meet the infrastructure needs.
This year’s summit attracted about 2,800 attendees with more than 50 corporate sponsors including industry heavy weights like IBM, HP, Dell and Juniper to name a few. While the big players are moving into the open source community it is also important to understand their perspective. While the OpenStack community works together to solve challenges, large enterprises have significant resources and the ability productize OpenStack into something that is highly consumable by today’s business or IT organizations. The OpenStack development model is now seen as technology infrastructure that includes servers, storage and networking that can easily be applied to business application development or even business organization and strategy. It will be very interesting to see where the next iteration will bring.
Here at Canadian Web Hosting, we often get questions about the differences in email services including POP and IMAP and what protocol works the “best.” The easiest way to describe this to clients is that POP mail is like a one way service that only goes in one direction (delivery), whereas IMAP is like a two-way street that can both receive and deliver. This is can significant because both of the mail protocols handle your emails in different ways. IMAP stores mail on your email servers, whereas POP stores email on the user's computer. POP does not automatically sync your account and for many clients this is where the difference protocols can really impact your business. Most companies, like Canadian Web Hosting, need to receive and deliver in real-time so IMAP (we’ll save Exchange for the next post) is the protocol to have. If you are on POP, and you are trying to use it for business, my suggestion is that it's time to upgrade your technology to IMAP at a minimum.
According to companies like Yahoo and other email providers, they define IMAP or Internet Message Access Protocol in the following way.
When you set up mail on your device like a mobile phone or tablet, the device automatically uses IMAP servers to sync your phone's mail client to your account. This means the emails are retrieved on the device and remain within your mail account. They key here is that both (webmail and device) will mirror each other. What this means is that if a message is deleted from your phone, the message will also be deleted from your account. Likewise, when changes are made in your mail account, the changes will be reflected on your device. IMAP servers sync your device and account constantly, so they are the same.
For POP it is a different story. As described earlier POP or Post Office Protocol is another popular email protocol alternative and widely used today that unlike IMAP does not mirror your messages on multiple devices.
When requesting email, your device uses POP servers to retrieve messages from your mail account. When the request is made, POP servers work by pulling all of the messages from your mail inbox to your local mail client. If you do not configure your device to leave a copy of the messages on our servers, your mail account will always appear empty, and all messages will appear to go directly to your device. To learn how to configure your mail client to leave a copy of messages on our servers, you need to login to your mail application or webmail client and configure the settings. As an example, in Gmail you would go to settings and click on the “Forwarding and POP/IMAP” option. From there, you can dictate how your mail is handled. Once you have configured your mail client to leave a copy of messages on our server, you will have copies of messages in your account and on your phone. However, another challenge arises once you setup your devices to retain copies. The email message can be modified independently of each other. Therefore, if you delete an email from your device while using POP, the message will still be retained in your mail account. As you manage your email, this can be problematic as you are having to manage independent email accounts on multiple devices and essentially doubling up on the work to manage your email box.
We’ve been seeing more questions about SOPA and what it means for our Canadian Web Hosting customers. The Stop Online Piracy Act (SOPA) is an U.S. bill that, if passed, would give law enforcement and copyright holders a new level of recourse whenever it appears that their intellectual property has been infringed. In short, it gives law enforcement the ability to target third parties that have helped “facilitate” or “enable” copyright infringement and gives the copyright holders a more active role in the process where alleged copyright violations have occurred.
What does this have to do with us, we’re Canadians not Americans?
As a matter of fact, a whole lot. As an example, do you use Google? YouTube? Facebook? If you do, you better think twice because these service providers (and many others) will become responsible for their users actions. If you want to show a video to your friends of you playing a Beatles song, then you would be subject to these new regulations and because the service provider has to comply with these new requirements, they would be forced to restrict you/your account including surrendering the video, verifying your identity, etc. In reading various blogs around the web, it is easy to see that there is a lot of concern and it isn’t hard to see the severity of the situation.
A company offering backup solutions recently sent out an email to its users, which (in part) discusses SOPA:
What is SOPA? This act allows content owners - movie companies, music labels, etc. - to obtain court orders requiring search providers such as Google to filter their search results to exclude websites that host allegedly infringing material, and requiring the net registrars to block DNS servers from providing the correct IP address for such sites. The act also makes site owners civilly liable for the availability of copyright material on their sites. In addition, it makes the posting of a link to a third party website that has copyright material on it the same as hosting the material on your own site.
Again, think about the sites that we all use everyday and the impact that it could potentially have on us. There is one other very impact aspect that we will keeping our eyes on as this discussion continues.
Because of the broad manner by which SOPA sets up “censorship” safe guards, it could have a very real impact on how IP addresses are used within this law:
It defines “domestic Internet Protocol addresses” — the numeric strings that constitute the actual address of a website or Internet connection — as “an Internet Protocol address for which the corresponding Internet Protocol allocation entity is located within a judicial district of the United States.” Yet IP addresses are allocated by regional organizations, not national ones. The allocation entity located in the U.S. is called ARIN, the American Registry for Internet Numbers. Its territory includes the U.S., Canada and 20 Caribbean nations. This bill treats all IP addresses in this region as domestic for U.S. law purposes. To put this in context, every Canadian Internet provider relies on ARIN for its block of IP addresses. In fact, ARIN even allocates the block of IP addresses used by federal and provincial governments. The U.S. bill would treat them all as domestic for U.S. law purposes.
For the purposes of SOPA, it would essentially “pretend” that all foreign sites and providers are domestic potentially including Canadian web sites. While we don’t think our Canadian customers will be directly impacted by this, it does create a scenario where future iterations of this law could impact us directly through the creation of cross-border agreements or access to entities that control distribution and access to the internet. What do you think?
The majority of people with highspeed DSL or cable internet connection for home or office already have their dns resolvers configured to use their ISP providers' DNS servers.
DNS servers basically translate something like www.yahoo.com into an ip address 220.127.116.11. Once translated, your browser can show the site.
But there are times when your ISP provider's DNS servers get bogged down and takes a little longer to resolve or not at all during periods of high usage. The end result is the website you're trying to access either is slow to resolve or does not show in the browser.
For several years, I've been using a third party dns provider, OpenDNS whose sole function is to resolve domain names as fast as possible. If you go to their homepage (http://www.opendns.org), there are a lot of companies of all sizes using them. They also have a feature which prevents your browser from accessing phished sites(those fake banking sites that looks like Royal Bank or other major banks) . There's also protection against zero day vulnerabilities, worms and viruses. There's also an option to do web content filtering. If you have children, you can prevent them for viewing adult websites. You're wondering how much for this wonderful service. Well, it's actually free! There are different plans but the free version is more than enough for end users. The higher plans are for small businesses or larger corporations. For list of all features, check out http://www.opendns.com/start/. They make money from free accounts by displaying suggested sites if you type in the incorrect website. If you click any suggested site, they make few cents off that click. It's a good tradeoff.
Google also threw their hat. Last week, they announced they are also providing free dns services but they do not YET have content filtering, zero day vulnerability checking, virus, worms, and phished site protection. But give them time and they'll eventually catch up to OpenDNS. Check out their blog announcement. When you use Google's DNS servers, I kinda get scary with the amount of profiling they can do. They can find out which sites people are visiting! I'll stick to OpenDNS for now.
Google's DNS servers are easy to remember!
Primary DNS: 18.104.22.168
Secondard DNS: 22.214.171.124
OpenDNS is a little more difficult:
Primary DNS: 126.96.36.199
Secondary DNS: 188.8.131.52
UPDATE: Looks like a third company just announced they are offering this service. It's Comodo, SSL certificate providers and other security products.
It looks similar to Google's offering.
CTO / SEO Guru
Canadian Web Hosting