After migrating an application the Rackspace Cloud, consider the following factors before making the migrated application available.
For many reasons, key-based SSH authentication is considered safer than authentication based on user names and passwords. For example, the latter method is subject to brute-force attacks, poor choice or strength of passwords, and a higher risk of being stolen remotely. For these reasons, we recommend that you enable key-based SSH or OpenSSH authentication on your newly provisioned cloud server. Depending on your server’s OS distribution, see the following references for instructions:
Consider disabling password authentication altogether, or at least disabling root logon. Also consider limiting simultaneous user logons and using a nonstandard (other than port 22) port for SSH.
iptables -A INPUT -p tcp -s XXX.XXX.XXX.XXX --dport 22 -j ACCEPT #Replace XXX.XXX.XXX.XXX with your IP
iptables -A INPUT -p tcp --dport 22 --syn -m limit --limit 1/m --limit-burst 3 -j ACCEPT iptables -A INPUT -p tcp --dport 22 --syn -j DROP
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name ssh --rsource iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent ! --rcheck --seconds 60 --hitcount 4 --name ssh --rsource -j ACCEPT
To create a robust and scalable monitoring system, consider using Rackspace Cloud Monitoring. See information about installing, configuring, and running an agent and enabling monitoring checks by using the Cloud Control Panel.
After you have installed the agent, based on your requirements, you can configure one or more of the following checks and alerts:
Backups are an integral part of any production-level deployment and an essential component of a disaster recovery (DR) strategy. Rackspace provides a file-based backup system to help you meet your backup and restore needs. You can install the Rackspace Cloud Backup agent by following these steps.
Following are the key features of Cloud Backup:
© 2011-2013 Rackspace US, Inc.
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License