Managed Hosting

Container and Data Backup Procedures

Data backup is a core part of any hosting infrastructure. Our backup procedure consists of four main components. First, the system performs a nightly export of all databases associated with your website and stores them on a secondary drive. Second, an incremental backup of all container files is performed nightly and stored on a secondary drive. Third, a nightly copy of the most recent database export is stored offsite in the AWS S3 cloud. Finally, minimum once per week a compressed archive of your website container is placed in the AWS S3 cloud.

This backup process has a few technical considerations. The secondary drive used for incremental backups and nightly database exports is accessible only through the server node. Any compromise to the container does not affect the secondary drive. The offsite backup is stored on AWS S3 cloud with an SLA that delivers 99.999999999% durability. Due to the large amount of storage utilized by some clients, we are sometimes unable to place a snapshot into the cloud every day. In those cases, we guarantee a minimum of two offsite backups per week. Client may request a weekly offsite backup to a different geographical location for an additional fee.

There are three hosting packages to choose from. Straight-forward websites, with modest requirements, are run from a shared hosting environment. More complex websites with increased privacy and durability requirements are hosted in a private container. Finally, websites requiring maximum uptime are hosted in private containers residing in multiple geographic regions. Websites are hosted on Amazon Web Services infrastructure and benefit from nightly file and database backups. In addition, websites are backed up to the Amazon S3 Cloud a minimum of once per week for disaster recovery. Websites are monitored by Site24x7 in intervals ranging from one to five minutes.

Multi-Region Hosting with Failover

Multi-Region Hosting with Failover is a hardware redundant system designed to eliminate single points of failure. It includes redundant hardware, networking, bandwidth and DNS services. Files are synchronized from a primary location and the database nodes are clustered together. If a region experiences a service interruption, traffic is automatically rerouted. In addition to maximizing uptime, there are other reasons clients chose this configuration. Amazon Web Services (AWS) Route 53 DNS can be configured to direct traffic to the geographic region with the lowest latency. For example, an e-commerce website operates in South Korea and Northern Virginia. Visitors in Asia are directed to the South Korean presence while Europeans are directed to the Northern Virginia region. Clients requiring the ability to scale up website resources can accomplish this with the multi-region setup. Instead of directing all traffic to one region, you can direct it into other regions.

Infrastructure services are provided by Amazon Web Services (AWS). There are Four Primary Systems at work in the multi-region setup:

OpenVZ containers

An OpenVZ container with a CentOS 7.x installed operating system. It contains standard packages for web deployment including Apache Web Server, PHP and MySQL. There are two containers per region. The first container is a web server. The second container is a database node.

File Synchronization

One region is chosen to be the primary. Files are synchronized in real-time from primary region to the secondary region. A program named lsyncd monitors the file system and creates a batch of changes to transmit to the secondary regions.

MySQL Galera Database

Galera is a database cluster system with a minimum of three nodes. In a typical two region system, a third region is chosen to house the third node of the system (though it does not contain any web services). Any changes to the database node in a region, automatically affects the other database nodes. Any database changes made in one region are automatically seen in all other regions. An interruption in service of a database node would force a re-route of traffic to the other region. Galera database cluster is self-healing and will typically recover gracefully.

AWS Route 53 DNS

In addition to the standard DNS functions you find at your registrar, Route 53 can detect an interruption in service and re-routing all traffic to the other region. In addition, Route 53 will direct visitors to the region with the lowest latency. For example, visitors living in Germany would be directed to a European location while visitors in Ohio would be directed to Northern Virginia.

Reverse Proxy

A reverse proxy server blocks traffic from malicious hosts and countries and filters out harmful requests before they reach your website. This is accomplished through the use of Country of Origin Blocking, the Apache Web Server proxy module, Fire Hole I.P. reputation service and Apache mod_security module. Reverse Proxy protection is available to dedicated and multi-region hosting clients.

Country of Origin Blocking

The Reverse proxy server blocks several countries it considers bad operators. These countries include Russia, China, Ukraine and Brazil and others. By blocking traffic from these countries, we reduce the load on your website making it faster. Clients can opt-out entirely or on a country-by-country basis. Additionally, any specific country can be blocked for your website.

Fire Hole I.P. Reputation Services

FireHole is a community-maintained list of networks and I.P. addresses with poor reputation. This reputation is earned by hosting spammers, botnets or malware. The list is updated every thirty minutes to reflect additions and removals. I.P. addresses and networks on this list are blocked by the reverse proxy server.

Apache Web Server mod_security

Mod_security is an open source module for Apache web server. It maintains a battery of thousands of tests ranging from attack-vector detection to malware-upload detection. These are applied in microseconds and do not affect the user experience. Any traffic testing positive is blocked by the reverse proxy.

Apache Web Server Proxy Module

Apache web server is a an open source web server. There are a multitude of add-on modules available for it. To handle traffic forwarding we utilize the mod_proxy module. Mod_proxy is configured to read incoming traffic and forward it to your website.