Post-Migration Considerations When Migrating from Amazon Web Services


After migrating an application the Rackspace Cloud, consider the following factors before making the migrated application available.

Security

For many reasons, key-based SSH authentication is considered safer than authentication based on user names and passwords. For example, the latter method is subject to brute-force attacks, poor choice or strength of passwords, and a higher risk of being stolen remotely. For these reasons, we recommend that you enable key-based SSH or OpenSSH authentication on your newly provisioned cloud server. Depending on your server's OS distribution, see the following references for instructions:

Consider disabling password authentication altogether, or at least disabling root logon. Also consider limiting simultaneous user logons and using a nonstandard (other than port 22) port for SSH.

  • Tighten iptables rules as follows:
    • Allow remote access only from a trusted IP or range.
      iptables -A INPUT -p tcp -s XXX.XXX.XXX.XXX --dport 22 -j ACCEPT #Replace XXX.XXX.XXX.XXX with your IP
    • Limit the number of connections to the SSH port.
      iptables -A INPUT -p tcp --dport 22 --syn -m limit --limit 1/m --limit-burst 3 -j ACCEPT
      iptables -A INPUT -p tcp --dport 22 --syn -j DROP
    • Prevent brute-force attacks by logging and blocking repeated attempts from the same IP address.
      iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name ssh --rsource
      iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent ! --rcheck --seconds 60 --hitcount 4 --name ssh --rsource -j ACCEPT

Monitoring

To create a robust and scalable monitoring system, consider using Rackspace Cloud Monitoring. See information about installing, configuring, and running an agent and enabling monitoring checks by using the Cloud Control Panel.

After you have installed the agent, based on your requirements, you can configure one or more of the following checks and alerts:

  • Remote service checks
    • Ping check (server)
    • HTTP check (website or web application)
    • TCP check (port)
  • Agent checks
    • Memory
    • CPU
    • Load average
    • File system
    • Network

Backups

Backups are an integral part of any production-level deployment and an essential component of a disaster recovery (DR) strategy. Rackspace provides a file-based backup system to help you meet your backup and restore needs. You can install the Rackspace Cloud Backup agent by following these steps.

Following are the key features of Cloud Backup:

  • Select the files and folders from your cloud server that you want to back up.
  • Run your backups manually or on a customized schedule.
  • See the activity from all your backups.
  • Use AES-256 encryption with a private encryption key known only to you.
  • Restore individual files and folders from a particular date.
  • Save space with incremental backups that save only the changed portions of files.
  • Create unlimited backups.


Was this content helpful?




© 2014 Rackspace US, Inc.

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License


See license specifics and DISCLAIMER