# Leaving SolusVM



## TruvisT (Aug 17, 2014)

I've reached the point that their software has pushed me over the edge.

Besides going in-house, what are some pheaseable migration options to replace SolusVM with that are also reliable and secure?


----------



## PCS-Chris (Aug 17, 2014)

As far as I'm aware there isn't really a drop in replacement yet. Hostguard appears to have fallen off the face of the earth, not seen any updates in months.

I know there are a few things in the works so may have more options later in the year.


----------



## Nick_A (Aug 17, 2014)

Which part pushed you over the edge?


----------



## MartinD (Aug 17, 2014)

Everyone seems to say this. Frustration seems to be bourne from a lack of speicific functionality though rather than anything major.


If its not doing what you need it to do the only option is in-house as any other software will end up being the same, lacking in specific features.


----------



## rds100 (Aug 17, 2014)

Why now? I mean a few months ago they seemed much worse than today. Now it seems they (SolusLabs) are finally awake and trying to move things in the right direction.


----------



## datarealm (Aug 17, 2014)

Haven't used it for too long yet, but thus far we have been with Virtualizor.


----------



## SVMPhill (Aug 17, 2014)

Hi,

I presume this was about the license issue that was resolved?


----------



## AMDbuilder (Aug 17, 2014)

HostGuard isn't a bad option, with their biggest problems being time related.  I know working with @NickM they are very responsive to feedback, and the amount we have given may be part of the recent silence  .

I'll refrain from sharing some of the upcoming features, but in short they have some very nice changes planned for the 1.2 final release.  I understand it is currently in pre-release testing (ie: they haven't let me at it), so we should hear more from them soon.


----------



## Profuse-Jim (Aug 17, 2014)

What issues are you having with SolusVM?


----------



## Schultz (Aug 17, 2014)

Nick_A said:


> Which part pushed you over the edge?


Should start with what didn't push him over the edge and work from there.


----------



## Nick_A (Aug 17, 2014)

Boxode said:


> Should start with what didn't push him over the edge and work from there.


His post implies something recently happened. To my knowledge, SolusVM hasn't screwed up anything major recently, but I'd like to know if that's not the case. They seem to be trying hard to push out highly desired features recently and have been very quick to listen to bug reports (at least in our case).


----------



## CentralHosts (Aug 18, 2014)

We have been searching for a new panel as well but SolusVM seems to be the best one out there right now.


----------



## Hxxx (Aug 18, 2014)

In house, otherwise you are stuck.


----------



## HostGuard (Aug 19, 2014)

AMDbuilder said:


> HostGuard isn't a bad option, with their biggest problems being time related.  I know working with @NickM they are very responsive to feedback, and the amount we have given may be part of the recent silence  .
> 
> I'll refrain from sharing some of the upcoming features, but in short they have some very nice changes planned for the 1.2 final release.  I understand it is currently in pre-release testing (ie: they haven't let me at it), so we should hear more from them soon.


Correct we are still around.

Basically, we took the feedback from our soft release to take care of the main issues clients were having and automated things even further.

These things take time and when our next release is ready, you'll hear about it.


----------



## Kihi (Aug 20, 2014)

Code your own!

Look into libvirt, it's incredibly convenient and has multiple API's in different languages.


----------



## Francisco (Aug 20, 2014)

Libvirt for OpenVZ? Are you insane....

Fran


----------



## AshleyUK (Aug 20, 2014)

In do feel SolusVM is trying to catchup with the months of no/little updates, and they do seem to be working on the main requested features.

However I do feel right now if a Business was to come along with a fully featured alternative, and kept the updates and support rolling I think they could win over some Customers quite easily.


----------



## Francisco (Aug 20, 2014)

You aren't going to find anyone that's going to be a 'drop in' just because Solus encrypts random things that don't make sense. I don't see any reason to encrypt the node keys since the node side is IP locked anyway.

If someone has access to your solus master then they can inject commands to your nodes anyway.

Francisco


----------



## AshleyUK (Aug 20, 2014)

Francisco said:


> You aren't going to find anyone that's going to be a 'drop in' just because Solus encrypts random things that don't make sense. I don't see any reason to encrypt the node keys since the node side is IP locked anyway.
> 
> 
> If someone has access to your solus master then they can inject commands to your nodes anyway.
> ...



Sorry didn't mean as a drop in if that was a reply to my post, more a alternative software which has proper support backing and the feature set required from day one. However yes I can imagine not that easy to convert from the "unique" SolusVM environment.


----------



## Shoaib_A (Aug 20, 2014)

Francisco said:


> If someone has access to your solus master then they can inject commands to your nodes anyway.


You mean SolusVM still got some master related vulnerability?


----------



## trewq (Aug 20, 2014)

K2Bytes said:


> You mean SolusVM still got some master related vulnerability?


He means that if someone has access to your master sever your screwed even if it uses keys.


----------



## AMDbuilder (Aug 20, 2014)

trewq said:


> He means that if someone has access to your master sever your screwed even if it uses keys.


Given their track record I wouldn't be so sure they don't have vulnerabilities in the master still...


----------



## Francisco (Aug 20, 2014)

K2Bytes said:


> You mean SolusVM still got some master related vulnerability?


Solus has/had some hilariously bad exploits.

The slaves didn't/don't actually validate/scrub any of the data the master node sends and they simply push the data to shell_exec() with a root SETUID binary.

You could quite literally pass the slave a CTID (should only ever be an unsigned int) of "1; dd if=/dev/zero of=/dev/sda bs=100M" and it'd run the DD as root.

With stallion, we made it so the nodes don't just blindly trust data sent to it by our master. It validates everything and only *then* does it pass any of the data onward.

Now, this 'bug' is only really an issue if you got access to someones master node. There has been more than a few exploits in Solus that allowed full root shells to be started.

Francisco


----------

