Wednesday, February 17, 2010

Join us for an overview of various virtualization technologies and how they work with MySQL. We will examine how to best optimize your infrastructure investment using virtualization and explore best practices. We will cover virtualization platforms like VMWare, Xen, Microsoft Windows Server 2008 Hyper-V, Sun Solaris Containers/Zones, Parallels Virtuozzo and others and how to best leverage their built-in features to make MySQL more efficient, easier to manage and more highly available.

WHO:

• Mike Frank, Sr Product Manager, Sun Microsystems – MySQL Group
• Jimmy Guerrero, Sr Product Manager, Sun Microsystems – MySQL Group

WHAT:

MySQL & Virtualization Webinar Series Part 1: Introduction to Deploying MySQL in Virtualized Environments web presentation.

WHEN:

Wednesday, February 17, 2010: 10:00 Pacific time (America)

The presentation will be approximately 45 minutes long followed by Q&A.

eBay is a great source for most anything… especially for computer releated items. For example, we’re often looking for a particular RAID controller, type of ECC memory, or other part that you won’t find down at your local computer shop. BUT eBay’s search function leaves something to be desired, at least until you start learning some of the nuances.

For example, we’re always on the lookout for deals for certain series of Xeon processors we use. For example one of the servers will use several of the X3000 series quad cores. eBay has a nice feature that you can save searches and it will email you the results daily. But the search itself takes some practice. In  our example we’re looking for a Xeon X3210, 3320, 3350 or 3360 processor. But if you type “xeon x3210 x3320 x3350 x3360″ into the search box, ebay will politely tell you “Your search returned 0 items.”  But we know ebay has some of these on there, so how can that be. It’s the Boolean logic that eBay uses. It is searching for an item that has ALL of those terms in it, and there aren’t any.  What we really want is “xeon” AND ( “X3210″ OR “X3320″ OR “X3350″ OR “X3360″) and may want to narrow down which categories we search under, but we’d be pretty close to right on with just that alone. So how do we tell ebay to use “or” logic?   We put a “,” between them, but we also need to separate them out from the term “xeon” we do that with parentheses.  The resulting search string becomes “xeon (x3210, x3320, x3350, x3360)”  which as I write this results in 15 auction and 37 store items, of which all but a dozen of which are what we’re looking for. The others happen to be IBM X3350 servers which use xeon processors (but not the xeons we are looking for).

To get eBay to email you, use the “save this search” feature near the top. Sign in if needed, and tell it how often and logn to email you.

Wednesday, January 27, 2010

Join us for this informative technical webinar with Connectage.com and a member from the Joomla core team, which will explore the benefits of an open source Content Management stack based on Joomla and MySQL.

This webinar describes how Joomla offers excellent content management and distributed authoring capabilities as well as reliable data security through MySQL. It will detail use case examples of organisations who have adopted Joomla as a highly visible content management platform in publishing and public sector healthcare where data security was a paramount consideration.

Joomla provides a flexible, extendable content management platform and runs on an open source stack and comes embedded MySQL as the default database.

Connectage.com is a specialist Joomla development and integration company with many sites delivered on the Joomla/MySQL platform and a range of essential Joomla extensions for e-commerce, e-learning, taxonomy and search management.

WHO:

• Phil Doyle, Connectage.com
• Wilco Jansen, Joomla

WHAT:

Joomla – Web Based Content Management and Data Security – EMEA web presentation.

WHEN:

Wednesday, January 27, 2010: 10:00 Central European time

The presentation will be approximately 45 minutes long followed by Q&A.

This ‘straight from the horses mouth’ webinar aims to teach attendees how to back up MySQL databases with ZManda Recovery Manager (ZRM)

Thursday, January 28, 2010

MySQL databases are increasingly used by high volume, high transaction applications that support businesses running full throttle 24×7. Backup and recovery operations need to be conducted in such as way that is non-disruptive to users and applications. In this webinar, we will show how Zmanda Recovery Manager(ZRM) backs up the most challenging MySQL installations, including those running on the cloud.

Zmanda supports all storage engines and provides point-in-time recovery for MySQL.

In this webinar, we will demonstrate the latest ZRM enhancements so that you can build a robust, flexible, and easy to use backup and recovery solution.

WHO:

• Chander Kant, CEO, Zmanda, Inc.

WHAT:

Zmanda and MySQL: Backup MySQL Applications, including those running on the Cloud web presentation.

WHEN:

Thursday, January 28, 2010: 10:00 Pacific time (America)

The presentation will be approximately 45 minutes long followed by Q&A.

Failover process is the process in which the Master server is replaced by the Slave server in case the Master server faces downtime i.e. fails due to some problems. The user and the applications which are requested to the master server are automatically directed to slave server. One more process is involved which is known as the Restroration process.

If the master server fails and the slave server is replaced instead of it, then the slave server will have the data modified after the master server has failed. Restroration process is the process in which the data which has been modified is sent back to the master server which is said to be its original place. Since the data on the master server is already maintained in the slave server the data does not require each and every file to be selected and transferred.

The data on the slave server will be of great benefit if the master server has crashed due to a disk crash which results in the complete data loss on the master server. But as the data is present on the Slave server, it is very easy to get the data back to the master server. The slave server is always up to date due to the RSYNC software and when the master server is ready and can be relied upon, the two server will not have the same information as the slave server has the updated data right from the time master server was failed due to some reason. Restroration is the process of copying the updated data to the master server once the master server is set to come online.

This kind of adjustment is very beneficial for you and it has a lot of advantages. But as there are advantages involved, there are disadvantages involved also. Actually this cannot be called as the disadvantage as the only thing is the cost which is invoved in this process i.e. the mirroring of the servers. As mirroring requires two dedicated servers of the same configuration, you will have to spend double the cost of the dedicated server you select for your websites. If you can afford this cost of having two dedicated servers of the same configuration then you should go for Mirrored servers as they will always help you to keep your websites online. Some of the web hosting providers do not charge for this kind of service apart from the server charges, so you should look for these web hosting providers.

failover dedicated servers, mirroring solutions, what are mirrored servers, working of mirrored servers

Sorry it’s not a better picture… but you get the point. The type is small but even my aged eyes can see it well enough to be useful. I wouldn’t want to use it all day long though.

One of the cool undocumented features is the ability to use an alternate port for SSH to connect to… Like we discussed before, you want to run SSH on another port other than 22. While in most cases security through obscurity isn’t a great idea, changing your ssh port actually cuts the attempts to break in down drastically. It could be that I missed it in the docs, but I didn’t see the ability to use an alternate port. However, it’s easy to do. When you enter the details for a session, on the end of a hostname just add a colon and the port number, so it looks like  alpha.mydomain.com:12322  where alpha.mydomain.com is the hostname, and 12322 is the ssh port in this example. Of course, use your real hostname and port number.

And yes it can use key pairs for authentication. It took a little work to get them to the server. In my case I hooked up the blackberry to the pc to get the public key off of it and then put it into the auth file with cut and paste in PuTTY. Once that was done I was able to authenticate with them quite easily.

Remember about your data charges to your wireless provider and don’t go overboard. But this little gem of a program can get you out of a tight situation when nothing else is available. You can find it at: http://www.xk72.com/midpssh/

We do recommend that you make changes to you site’s files on your local machine and then upload them (with WinSCP) all at once.  But what if you need to make a change on the fly? Sure you could log in with PuTTY and use vi,vim, nano, or one of a dozen other editors. But WinSCP can help you out there too.   You can use your existing Windows based editor with WinSCP. Personally, I love EditPlus, http://www.editplus.com/, it’s small fast and has a lot of features. But it doesn’t work over SSH (at least not last time I looked anyway).

First, setup WinSCP to get to your server like you normally would. It will need the FQDN or ip address, port number (you’re not using 22 anymore right?), your login, and your key file.  Go ahead and save the session… Now on the left side tree menu, select Preferences, and then select the Preferences… button, and a new window should appear with new left side tree navigation.  A few down, there is a leaf called a Editors, select that. It should look like this:

Click the Add button.  Select the External Editor radio box, then click Browse. Find the path to your editor, in my case that was c”\Program Files (x86)\Edit Plus 3\editplus.exe - you’re may be different depending on OS version and what program you want to use. Under editor autoselection, you might want to change the association, say EditPlus for php files or .conf files. There’s another option there too… Inside the Add dialob box, there’s an “Associated Application” – then specify the type of files you want opened with your default Windows application for that extension. For example, I use CorelDraw for .cdr and .psd files, and Windows will automatically open CorelDraw for me if I double-click in Explorer. With the Associated Application radio box, that is extended into WinSCP as well.  So inside of WinSCP if I double-click a .cdr or .psd file, CorelDraw opens automatically, and when I click save it is transferred back to the server. This is even great for using different types of editors for different files.

You probably need to change the order in which programs are checked in the list. WinSCP goes from top to bottom until it finds an editor it can use for the file. So I’d put “Associated application” at the top, then your prefered text editor(s), then WinSCP’s internal editor at the bottom.

Sometimes, you’ll have issues with backup copies that programs make, or you may just want to keep them saved locally… Sometimes this is easily accomplished. For EditPlus, go to Preferences, then Files. There is a checkbox called “Create backup file when saving”, check it if it’s not. Then hit the button next to it “Backup Options”, select your local backup directory, and check the “Create backup file of remote file in backup directory” box. And you should be good to go.

Caution… As with any changes to a system, before you use this for real (ie a real configuration file that matters to you), create a dummy file out in a directory you don’t care about, and TEST it. Make some changes to that file. Check that it works as you expect BEFORE using this for real production files. Of course, best of all is to not use this on production files directly, but to edit them locally then transfer when you’re sure they’re right, but as you know life doesn’t always work that way.

Login to your server. You should be in your home directory, if not go there with ‘cd ~’
vi (or pico, vim, etc.) .bash_profile

At the end add this:

# User specific environment and startup programs

# Email admin when user logs in as root
rootalert() {
  echo ‘ALERT – Root Shell Login’
  echo
  echo ‘Server: ‘`hostname`
  echo ‘Time: ‘`date`
  echo ‘User: ‘`who | awk ‘{ print $1 }’`
  echo ‘TTY: ‘`who | awk ‘{ print $2 }’`
  echo ‘Source: ‘`who | awk ‘{ print $5 }’`
  echo
  echo
  echo ‘This email is an alert automatically created by your server telling you that someone, even if it is you, logged into SSH as the root user.  If you or someone you know and trust logged in as root, disregard this email.  If you or someone you know and trust did not login to the server as root, then you may have a hack attempt in progress on your server.’
}
rootalert | mail -s “Alert: `who | awk ‘{ print $1 }’` Login [`hostname`]” (your OFFSITE email address)

By the way those wierd looking single quotes are the one on the key to the left of the 1 key on the top row of the keyboard. They tell the shell to execute the command between taking their output for the line it’s on. In this case, printing out pieces of login information. So go ahead and save and close the file.  Before logging out  type ‘sh .bash_profile’   and check that it execute cleanly, and emails you like it should.

So now if someone logs into your account, you will get an email. If it happens when you weren’t expecting it (as when you didn’t login yourself), you will know about it… Plus you’ll have the ip address they were on when they did… well, you’ll have the ip address of the last machine before they reached you as they will often go from one machine to the next. But it’s more than you had. And if you didn’t know, who knows how long they could hide out there and what damage they could cause.

I find this provides dual benefits… One, passwords are too easy to crack sometimes (or too easy to forget if you actually are one who makes them difficult to crack). And two, it actually makes ssh’ing into the server easier. What we’re going to do is generate key pairs for the server and your client, and then use that to authenticate to the server.

1. First get a SSH session going. And like yesterday, don’t close it until I tell you.
2. Generate the user’s keypair on the server with “keygen -t rsa”.  This will go into .ssh directory off the user’s home directory – you’ll need these to ssh to other boxes and it creates the .ssh directory for you.
3. cd ~/.ssh
4. Next create a keypair on the client. For putty this is done with PuTTYgen. If you use something else you’ll need to lookup how for that client.  This will create a couple of files for you… id_rsa.pub is the public key file and id_rsa.ppk is the private key.
5. Transfer the public key to the server in user’s home/.ssh directory with a NEW NAME. Don’t overwrite anything!
6. If a authorized_keys2 already exists you will need to cat the file onto the end with ‘cat (filename) >> authorized_keys2′   NOTE the double greater than. That means append it to the end.  If you mess this up other keys will be lost.
7. I also recommend that if you are going to have multiple keys for the user, you edit the comment at the end of the line you just added to authorized_keys2. The comment is the portion at the end after the second space. The line’s format is (ke type)(space)(key)(space)(comment) So you’ll see something like “ssh-rsa (lots of letters and numbers) rsa-key-YYYYMMDD  where YYYYMMDD is the year month and day you made the key. It’s that last bit (and only that last bit) you can safely change.
8. Make sure the authorized_keys2 file is readable only by you (chmod 600 or 700).
9. If this is going to be for the root user do steps 9 -
10. cd /etc/ssh
11. cp sshd_config sshd_config.save
12. vi (or vim, pico,etc) sshd_config
13. find the PermitRootLogin  line and change it to read ‘PermitRootLogin without-password’
14. Save/close  the file
15. Restart sshd with ‘service sshd restart’ or ‘/etc/init.d/sshd restart’  — Remember don’t close your session until we know everything works correctly!!
16. Start another PuTTY, and load (not start) the session
17. On the left-hand side, select the Data Category under Connection
18. Specify the user’s name in the Auto-login username field
19. Again under Connection, expand out the SSH branch and select Auth
20. Click the browse button for the Private key for authentication field and find and select the id_rsa.ppk file you created in step 4.
21. This one has caught me a couple of times… Go back up to the Sessions branch all the way at the top left side, and click Save for the session on the right. Otherwise, you’re going to do the PuTTY side config again.
22. Test the passwordless login… Be absolutely sure it works, before dropping that first session. If it doesn’t you NEED to restore the sshd_config.save file back to sshd_config AND restart SSHD again, undo the PuTTY changes and test that you have put it back to where you can get in again BEFORE you drop that connection.

Provided everything worked, you now have an automated login that’s using a nice long keypair and not some little password… and provided you did yesterday’s changing of SSHD port numbers, you’ve probably locked out 99+% of anyone’s chance of getting into you machine through brute force methods, so take a break and enjoy the enhanced security (well until you learn about all the other methods of getting into the machine anyway…) Seriously though, most hack attempts prey on the people that don’t take the precautions, so you’ve just dropped your chances quite a bit just through these 2 little procedures.  You’re not safe and secure, but you are a lot better off than you were 2 days ago.

1. Login into your server via ssh — don’t close this session until I tell you to!!
2. cd /etc/ssh
3. cp sshd_config sshd_config.orig
4. vi (or vim, pico, etc. – whatever editor you prefer)  sshd_config
5. find the line that says Port 22
6. Remove the # at the begining of the line if there is one.
7. Change the 22 to some other number – do NOT use anything less than 1024
8. Save & Close the file
9. Restart sshd – usually with “service sshd restart”  or “/etc/init.d/sshd restart”
10. Start ANOTHER session this time connecting to the new port – if prompted to accept the key, do so.
11. Provided you get logged in, you’re ok to drop the first connection. If not you need to restore the sshd_config.orig back to sshd_config and restart the ssh server again (step 9).
12. Save your new port settings in your client.

One note … if you ssh, scp or rsync from another machine you will need to slightly modify the command lines for the new port.
ssh -p #### … (rest of command) …
scp -P ####  … (rest of command) …
rsync -e ‘ssh -p ####’ … (rest of command) …

Stay tuned … tomorrow we’re going to enhance ssh security a little more…