How do you manage your clients VPS? (Managed Providers)

[Prestige]

Do you actually go and check each VPS for updates, etc?

I was thinking of creating a management (admin) portal that connects to all virtual servers via a SSH Key inserted into the template (with the user's permission), and can execute commands to multiple servers, monitor servers, configure cron jobs, and more. Would that work or will it create issues?

 

[Enterprisevpssolutions]

No there is a system in place that will watch all the servers and if the clients are managed an agent is placed on all the servers to report back any issues.

 

[H4G]

We have an "access server" which has it's key added to all Managed VPS's for us to access them directly. Updates are rolled out using parallel shell, it's something like http://commando.io/ (without the GUI). We also have a monitoring system that shows the version of cPanel running and the number of updates available for the container. 

 

[TruvisT]

We use puppet/chef for managing and monitoring servers. There are so many options with these.

 

[William]

A mixture of custom scripts and ASYD

 

[RTGHM]

Do you actually go and check each VPS for updates, etc?

I was thinking of creating a management (admin) portal that connects to all virtual servers via a SSH Key inserted into the template (with the user's permission), and can execute commands to multiple servers, monitor servers, configure cron jobs, and more. Would that work or will it create issues?

That's smart, let's store everyone SSH's keys with root-level permissions.

So when your site gets hacked and they take all the SSH keys and dump all the VPS data....

You can see where I'm going right?

 

[InertiaNetworks-John]

That's smart, let's store everyone SSH's keys with root-level permissions.

So when your site gets hacked and they take all the SSH keys and dump all the VPS data....

You can see where I'm going right?

Most systems are IP restricted, and are built with encryption to prevent this.

 

[RTGHM]

Most systems are IP restricted, and are built with encryption to prevent this.

So, if I have root access to your nodes, which is whitelisted under the IP to access all over vms via SSH keys..... 

 

[InertiaNetworks-John]

So, if I have root access to your nodes, which is whitelisted under the IP to access all over vms via SSH keys..... 

I'm not talking about the nodes. The SSH Gateway which contains all of the keys is usually IP restricted and/or on a private LAN. The keys are encrypted.

Nodes do not have access to the SSHG.

 

[farhanideas]

monit will be the best software from there you can easily monitor you linux vps server easily

 

[winnervps]

If you are using OVZ for virtualization, you might consider using nodewatch to monitor 'resources'.

But if the 'contents' that you concerned of, so you might need to consider something 'tricky' (because it'll be related to the 'privacy')

Nodewatch is adequate for avoiding some issues per experiences. Just tune it based on your requirement.

 

[bigcat]

I'm sysadmin. So I would like to think my company as my client. 

Internet <--> Bastion Host <--> Webserver

Simplest security implementation would be to create intermediary server(bastion host) between public internet and server that store the only access path to server. I turn on the bastion host whenever I need access only. So basically SSH or MySQL access is impossible from outside.

I'm not fond of Chef/Puppet/Ansible. Everything I need is in /usr/bin/ bash script inside the bastion host.

Nowadays I use Bash to drive AWS CLI which automate all this. MRW.