Archives For ewan

I love the metaphor of farm animals and pets, and entirely get the concept and why farm animals are a much better way to build services.

It seems however, some people who believe “farm animal” servers are the only ones that matter, and that supporting the pets in Openstack is redundant and a waste of effort.

As someone who works in an enterprise IT department that would love to embrace Openstack, I really only have one thing to say:

“Enterprise IT departments don’t get to choose the core applications that their business runs on.”

If Openstack is “farm animals only”, then you can guarantee that many (most?) IT departments will go elsewhere for their cloud infrastructure management, and when VMware and Microsoft finish collecting those invoice payments, there’ll be a lot less money coming into Openstack to pay for future developments.

I hope Openstack is pet friendly very soon, not because I love having them around, but because the transition to cloud from large, monolithic, scale-up applications is already hard enough, and having a unified infrastructure management would make it that bit easier for us all.

My new home lab equipment has arrived, and it’s all up and running with Ubuntu and Rackspace Private Cloud as my first deployment.Hopefully this will spur on a bit more blogging by me, but for now I wanted to put together the parts used to build the system.

First of all, I bought 3 HP ProLiant N54L Microservers from ebuyer - other suppliers were a little cheaper, but ebuyer had them and the other parts I wanted in stock. With £100 cashback from HP for each server currently on offer, that works out at less than £100 per server including VAT!

I then added 16GB of RAM per server (not a HP supported configuration, but a couple of blog post comments suggested some memory sticks worked), using 2 of these Corsair Value Select 8GB DIMMS per server, part number CMV8GX3M1A1333C9.

The microserver’s only have 1Gb network port embedded, so I’ve added a TP-Link TG-3468 PCIe Gb Network Card to each one, and paired them to a TP-Link TL-SG1008D 8-port Gigabit Switch to join the existing 5 port TP-Link switch I already had, so I have a separate management and data network

This set of hardware has given me 3 dual-core 2.2GHz servers with virtualisation support, 16GB of RAM in each, 250GB of local storage in each, and 2x1Gb networks.

Future plans include additional local storage, and probably some kind of network storage!

Upcloud General Settings Upcloud Backup Settings Upcloud Firewall Settings

I’ve signed up for Upcloud, a new cloud service provider, and thought I’d put together my initial thoughts into a blog post.

First I, tried to launch trial server with 2GB of RAM, found I could only use 512MB as I was using a free account. That’s fair enough, but still a shame.

On the server creation page, I was presented with a few Linux images I could choose from. I selected Ubuntu 12.04, launched the server and it was available almost instantly.

I logged in as root using supplied password, ran apt-get update and saw using Finnish servers and 140 packages out of date. apt-get upgrade then ran, slowish downloads (<1MB/sec), so took a few minutes to download all the updates, longer than the server took to deploy!

Apt-get upgrade output for download section:
Fetched 134 MB in 2min 47s (800 kB/s)

It then took another few minutes to apply all the updates, as you’d expect, but it does mean an Upcloud server will take a bit longer than you’d think it would to get up and running. There really should be an option to deploy an already updated image.

While that was running, I took a look at the various settings screens (see the screenshots), and noticed the network connection speed details:

Public network connection: 100/100 Mbit/s
Private network connection: 1000/1000 Mbit/s

About 10 minutes after I’d created my upcloud account, the server was running and everything was complete and up to date.

I started testing the server by building wordpress following my own 10 million hits a day with wordpress though these days I prefer using MariaDB instead of default MySQL.

When installing MariaDB, I noticed an error saying “Unable to resolve perftest1″, so I checked /etc/hosts and noticed that the file does not get populated with node’s custom hostname, so I added it there manually.

I was unable to run the command to add a trusted key to APT, the command just hung. After some investigation, this is because upcloud block all but a few destination ports from their trial account, which includes the keyserver. Because of this, I just ignored the security warning when installing MariaDB.

After getting WordPress running without caching, I did a simple blitz.io test of 10 – 100 users over 60 seconds. The CPU maxed out immediately, and I ended up aborting the run at around 80 concurrent users. I don’t know if it’s a shared process usage cap from Upcloud that crippled me, or something else (denial of service prevention?) but performance was worse than I’d expect from even an Amazon Micro instance.

Because of this, I moved on to installing the Varnish cache software, and I retried the same blitz of 10 – 100 users over 60 seconds. There were no problems at all, so I retried with 100 – 250 users, no problems again, 2312.9KB/sec peak network output with 250 concurrent users and 0 errors.

The blitz.io results were:

This rush generated 9,768 successful hits in 1.0 min and we transferred 97.97 MB of data in and out of your app. The average hit rate of 150/second translates to about 13,021,426 hits/day.

The average response time was 59 ms.

This suggests to me that the initial problems I had are some kind of CPU cap on shared processor machines. That’s fair enough, but something you need to be aware of if you’re building on them.

I then moved onto doing some network checks. Upcloud don’t mention their location but the IP address I was given to routes into telecity-edge1-1.uk-lon1.ipv4.upcloud.com. Given that Telecity are one of the best data center operators out there, this is a much more positive sign than I expected, I was worried Upcloud were either running in their own very small building, or had outsourced it to the cheapest provider they could find.

SSD performance check

Testing the SSD performance, I ran the fairly standard simple commands:

hdparm -Tt /dev/vda1

/dev/vda1:
Timing cached reads:   4930 MB in  2.00 seconds = 2465.65 MB/sec
Timing buffered disk reads: 454 MB in  3.01 seconds = 150.75 MB/sec

dd if=/dev/zero of=tempfile bs=1M count=1024 conv=fdatasync,notrunc
1073741824 bytes (1.1 GB) copied, 4.32663 s, 248 MB/s

Next, I cleared the buffer-cache to accurately measure read speeds directly from the device:

echo 3 > /proc/sys/vm/drop_caches
dd if=tempfile of=/dev/null bs=1M count=1024

1073741824 bytes (1.1 GB) copied, 6.89949 s, 156 MB/s

Now that the last file is in the buffer, repeat the command to see the speed of the buffer-cache:

dd if=tempfile of=/dev/null bs=1M count=1024

1073741824 bytes (1.1 GB) copied, 6.56313 s, 164 MB/s

I’m pretty happy with 150MB/sec, a comparable run on an SSD based server I use with Hetzner gets a very similar result of 170MB/sec.

Payment

I manually made a payment of £10, the process was as simple as you get, and was immediately credited to my account, no hanging around, no telephone authorisation steps, etc.

Resizing the server

I decided to upgrade the server to 2GB of RAM, so I could test a dual core machine with 4GB of RAM. I had to shutdown the server before resizing it, but the process itself was immediate. In the future it would be good if you could specify the new size, then trigged an automatic reboot to enable the resizing.

On reboot, I realised I had lost the root password (silly mistake by me!), and there’s no “System Recovery” option, just a VNC console. So I opened the console, rebooted the server, and used grub to enter single user mode, which asked for a root password… I’m sure there’s a way around this, but it escapes my memory for now, so I simply deleted that server and build a second one.

The new larger server came up straight away, I re-installed MariaDB, Nginx, and WordPress as before, and re-ran the blitz test. CPU usage was still 100% after about 50 users, but the response time remained under my defined limit of 5 seconds throughout the test, and no errors were created, a significant improvement over the shared processor server, and a very good result for uncached and untuned WordPress in general!

I then re-installed Varnish, and tested 100 – 500 users over 60 seconds, and was impressed with the network throughput, with no errors and an average response time of 97ms. While that server would be relatively expensive at £53 a month plus bandwidth charges, the performance was very good when compared to a lot of the other cloud providers I’ve tried out.

Conclusion

There’s lots more to picking an IaaS provider than a few quick benchmarks (resilience, on going support, distributed data centers, price, and so on, all come to mind), but I like the fact that Upcloud are taking a different approach of mixing the open-source KVM hypervisor with high-end equipment (the Infinband connects are not going to be cheap).

It may not be the approach for everyone, and it’s not what Amazon are doing, but there’s nothing wrong with looking at things differently, especially if you’re much smaller than your main competition.

I can’t find a web source for this (Update, very wordy PDF here) , but I just received this email on the Nominet Announce mailing list, announcing they are withdrawing the current proposal to launch bare “.uk” domains, alongside the existing “org.uk”, “.co.uk”, and so on.

Here’s the full email:

Following our Board meeting yesterday, we are not proceeding with our original proposal on ‘direct.uk’ but we will respond to feedback by looking at whether a revised proposal will address issues raised in the recent consultation.

We received extensive feedback from a wide range of stakeholders including formal and informal responses. We listened and carefully considered all the points made. All responses were available to the board, along with a report on the feedback that contained a summary of responses and analysis of the data, which can be seen on our website: http://www.nominet.org.uk/how-participate/policy-development/current-policy-discussions-and-consultations.

It was clear from the feedback that there was not a consensus of support for the direct.uk proposals as presented, with some concerns cutting across different stakeholder groups. Although shorter domains (e.g. nominet.uk rather than nominet.org.uk) were considered desirable, many respondents felt that the release mechanism did not give enough weighting to existing registrants, and could lead to confusion if they could not obtain the corresponding domain.

The objective of raising trust/security was welcomed, but many disagreed with the proposed approach, suggesting that standards should be raised across the whole of the namespace. On individual security features, there was qualified support for options such as DNSSEC, but scepticism about whether the proposed trustmark would be effective. There was significant support for address validation, though some would like us to do more, and others would like us to do the validation process differently. There was clear support that the sale of domain names should be only through registrars who could meet a level of service and data quality.

As a result, we are going to explore whether it is possible to present a revised proposal that meets the principles of increasing trust and security and maintaining the relevance of the .uk proposition in a changing landscape.

Over the coming months, this work will explore:
o A revised phased release mechanism based largely on the prior registrations of domains in existing third levels within .uk and in which contention between different applicants for the same domain name should be reduced or eliminated.
o Measures to improve security across the whole of the .uk namespace. This would include increased focus on encouraging the adoption of DNSSEC.
o A firm focus on registrant verification and some form of UK presence.
o Further investigations into the impact on the SME sector.
o An appropriate pricing model.

The Board plans to review progress at their June meeting, where they would decide whether there is an alternative option that addresses the concerns raised in the consultation. This would be subject to further consultation prior to any final decision being made.

Personally I think this is good news, the current plans were simply too flawed, though I do like the idea of domains like “ewan.uk” in general.

Intel Atom Z520 vs1 Cent

The Intel Atom Z520 processor

For years, Intel have dominated the desktop PC processor market, and with it, they’ve taken almost the entire server market, turning their volume manufacturing into a strategic advantage where they can build processors that are faster, cheaper, and more reliable than anyone else.

But today, Intel have a problem. ARM designed processors don’t try to be faster than high-end Intel chips, but they are much cheaper, and consume a lot less power than Intel’s designs have ever needed to before, something becoming crucial in the world of smart phones, tablets, and massive data centers.

Intel have refocused, producing a new generation of Atom chips code named Valleyview, out in early 2014, designed to fight back against these ARM chips in the areas of power usage, performance, and price.

The problem for Intel is that the companies using these new ARM chips don’t buy the completed chips from ARM, they just licence a design, and can build the entire chip themselves, or buy it from a number of different suppliers. For the largest of manufacturers, like Samsung and Apple, this means chips made exactly how they want them, to their own specifications, all built in their own dedicated factories or through suppliers which operate on extremely low profit margins.

For example, the new Google Nexus 10 tablet is built by Samsung, and consists of almost entirely Samsung built components, including the ARM designed processor, the memory, and the storage, giving them the ability to bring costs down to previously unheard of levels.

So how do Intel compete against this? The last thing Intel want is to start selling what used to be a $100 Intel manufactured processor and chipset for $20, but perhaps if they were willing to licence the newest Atom designs to Samsung and Apple, they could cut ARM out of some of the profitable suppliers they’ve picked up recently, and regain the initiative in low powered processor designs.

This would be a big step for Intel, but if there’s one thing I’m sure of, it’s that the status quo can not remain for long, Intel either have to change, because the world is changing around them.

The most interesting thing I’ve seen about the new Google Nexus devices isn’t the processing power, or the display quality, but the price – with the new price points ranging from £159 (for the 16GB Nexus 7) through to £389 (the 32GB Nexus 10), Google are ratcheting up the pressure on Apple where it really hurts them – in the profit margins. The price comparison between the Nexus 4 and iPhone 5 is particularly eye-catching, at £279 for the Nexus 4 compared to £529 for the iPhone 5.

Given that the Nexus and iPad devices are pretty much like for like on CPU, memory and screen quality, and Android 4.2 is at least on a par with iOS 6, that makes price a much bigger differentiator than ever before, and Apple, despite their famous supply chain power, are losing here.

As the chart shows, while there are still quite a few devices Apple sell which aren’t exactly matched by a new Google Nexus device (larger capacity and mobile data ones), where there is a match, Google’s new price points will make very uncomfortable reading for Apple executives.

Google DeviceGoogle PriceApple DeviceApple PriceGoogle Cheaper by (%)
Nexus 4 (8GB)£239No Equivalent Device
Nexus 4 (16GB)£279iPhone 5 (16GB)£52947.26%
No Equivalent DeviceiPhone 5 (32GB)£599
No Equivalent DeviceiPhone 5 (64GB)£699
Nexus 7 (16GB)£159iPad Mini (16GB)£26940.89%
Nexus 7 (32GB)£199iPad Mini (32GB)£34942.98%
No Equivalent DeviceiPad Mini (64GB)£429
Nexus 7 (32GB with mobile data)£239iPad Mini (16GB with mobile data)£36935.23%
No Equivalent DeviceiPad Mini (32GB with mobile data)£449
No Equivalent DeviceiPad Mini (64GB with mobile data)£529
Nexus 10 (16GB)£319iPad (16GB)£39920.05%
Nexus 10 (32GB)£389iPad (32GB)£47918.79%
No Equivalent DeviceiPad (64GB)£559
No Equivalent DeviceiPad (16GB with mobile data)£499
No Equivalent DeviceiPad (32GB with mobile data)£579
No Equivalent DeviceiPad (64GB with mobile data)£659

While I’m sure there are plenty of people who consider iOS to still be a significant step up from Android, to me this difference is much smaller than ever before, and for me personally, I prefer a lot of the Android interface changes that have been made in the last 12 months.

While the differences in operating system and hardware looks are a subjective choice that each person has to make for themselves, the price difference is a hard fact, and the only way I can see Apple resolve this is to significantly cut prices themselves, which is going to be very painful in the short term.

It might well be that cut price Apple devices actually increase sales enough to offset the reduced per-device profits, but whatever does happen, it seems the days of Apple making huge profits on each device sold may be about to end.

PSION Series 5

The PSION 5, the last ARM powered “laptop” I owned, it was a bit smaller than the Chromebook

I’m typing this on the smallest, lightest laptop I’ve ever owned, and it cost £230 – the Samsung Chromebook with an ARM processor, powered by a Samsung Exynos 5 Dual core ARM processor, and it’s really good, easily worth the money. This Chromebook is sometimes called the Series 3 by retailers, but Samsung and Google just call it the “Samsung Chromebook”, which implies this is the future direction of Chromebooks, away from Intel processors and onto ARM ones.

So far I’ve mostly been using it for experimenting, the browser works exactly as you’d expect it (it is Chrome after all), almost all plugins have worked fine (just one didn’t, for SSH, due to needing a native code extension), and overall the experience is very slick.

It played YouTube videos in HD without issue, and has in general been very good for graphics quality.

Chromebook image

Samsung Chromebook, things have moved on

The keyboard feels fine, much better than I expected really for a device that is made entirely from plastic and weighs almost nothing (1.1kg, or 2.5 pounds), the screen is decent quality (it’s matte, not shiny, so I’m happy), and so far it’s all “just worked”, which is Google’s main promise about the Chromebook.

While it’s not going to replace my existing Windows laptop for everything, I think it’ll do a lot, and I’m planning on experimenting with installing Ubuntu Linux on it over the next few days, and it’s a far better travelling tool than my heavy Lenovo Edge.

There’s lots of more comprehensive reviews of the Chromebook, but for now I’ll get on with using mine!

 

In the last week we’ve had passwords leaked from LinkedIn, Last.fm, and eHarmony, meaning that 100s of millions of people are being told by friends, family, and eventually, after a few days, by the companies themselves, that they should change their passwords.

LinkedIn’s blog post on the matter (with the laughably late title “Taking Steps to protect our members”) has the following tips for password security:

  1. Make sure you update your password on LinkedIn (and any site that you visit on the Web) at least once every few months
  2. Do not use the same password for multiple sites or accounts
  3. Create a strong password for your account, one that includes letters, numbers, and other characters

Unless we’re all geniuses, how do they expect us to follow their advice? Let’s get this right:

  1. Change every password you use on the Internet, every 3-6 months. Hmm, I struggle to remember my password at work when I change it every 6 weeks, I don’t fancy doing it on every website I use (and every app on my phone). What about the sites I stop using?
  2. Don’t use the same password, so that when you’re changing your password, you have to come up with 10 or more new ones at once!
  3. Make the password (or rather, dozens if not hundreds of passwords you’ve just come up with) impossible to remember in the first place…

I read the LinkedIn post and think it’s incredible they are posting that advice with a straight face, without recommending a password manager like LastPass, 1Password, or KeePass.

Personally I recommend LastPass (I even pay for it!), but reality is no service is secure as long as it relies on passwords, and it seems the best you can hope for is that you’ll continue to dodge the bullets of hacked passwords until someone comes up with a better solution, and remember that no matter what, you’ll end up using a service which gets hacked.