How to Integrate a Centralised FreeNAS NFS Storage to a VMware ESXi Host

Centralized storage is a must-have feature on VMware infrastructure. It enables VMware to support crucial functionalities like VMotion, Failover, DRS, and HA. There are different ways to integrate centralize storage space to a VMware ESXi Host. This blog discusses about its possibilities based on NFS with FreeNAS OS.

In our previous blog(How to Install and configure FreeNAS), we have discussed how to install and configure FreeNAS Operating System. Now let us see how we can create a NFS storage space in FreeNAS and adding the same to VMware ESXi client.

Follow the steps below to configure the storage.

1. Login to FreeNAS console.

2) Go to “Services” tab from the top and start “NFS SERVICE” if it is in a stopped state.

3) Select “storage” from the menu and click on “Volume manager”. In the newly popped window, enter the volume name, then click on “+” symbol for adding available disk to the volume manager. After that click on the Add volume button. If there are multiple hard disk available, then you can configure features like mirroring, raid etc. from the volume layout option.

4) Once the volume is added, you will see extra buttons for managing volumes in the storage menu. Click on the DB icon to set permission or ownership for the NFS.

5) Select the “sharing” option from the top menu and select “UNIX(NFS)”, Then Click on “add Unix(NFS) Share”. Here, you have to browse the path of the newly created share and click OK. If you do not want to give write permission for “others” in step four, click on advanced mode and select “Map root user” as root and “map root group” as a wheel. When we try to write something to the datastore when maproot is disabled, the root user of ESXi will be considered as an anonymous user in FreeNAS server and it will inherit permissions of “others”. To resolve the issue, you can enable write permission to others in step four or else you can enable maproot/mapgroup to user root/wheel respectively. In that case, the ESXi user will get the permission of FreeNAS root user or freenas wheel group user permission.

6) Login to ESXi client or vCenter server and select “Storage” and click on “new data store”. In the new window, select “Mount NFS data store”

7) Enter the NFS server (FreeNAS Server) IP, share location and NFS version and click Next and finish the setup.

Read More

11 Tips To Improve Your Web Performance

Optimizing the website for fast page load should be a top priority in this competitive world. Well-Performing websites enjoy higher visitor engagement, retention and good conversion than slower ones. Research shows that a very responsive website increases site visitors, service expectations, and overall customer experience, and lastly but not least, better Google page rankings helps to improve your web performance.

However, it should be kept in mind that, a performing website comes with its own sacrifices. As ultimately, a web page must constitute the core values it has been built upon, even if it comes short on some performance tweaks. In order to provide a very easy to use webpage with effective user experience, the page must be built to resonate with the requirements of the end users. Here is a list of few factors to consider if you want to boost your website performance:

1. Time to First Byte (TTFB)

The TTFB is used as a measurement to indicate the responsiveness of a web server. It is essentially the time taken by the browser to start receiving information after it has requested it from the server.

A website’s TTFB is calculated by the following ways:

HTTP request time + Process request time + HTTP response time

Your TTFB can be accessed easily by using our web performance analyzing tool.

For easily bring down the overall TTFB you can use a Content delivery network (CDN) and increase the load speed of your website.

2. Critical Path

The speed of page load time also depends upon what might be blocking the Document Object Model (DOM). A blockage of DOM will result in slow page loads. The render blocking resources; such as HTML, CSS (this can include web fonts), and Javascript are responsible for slow loading.

You can prevent the CSS and Javascript from blocking the DOM by optimizing the critical rendering path. The following steps can be used to reduce page loads:

In Javascript; You can use the following best practices:

Use the defer directive or async to avoid render blocking.

JS files can be concatenated into a single file even though with HTTP/2 this is no longer as important.

By moving the scripts to the bottom of the page right before your tag.

Minify your Javascript by removing any extra spaces, characters, etc)

By Inline your javascript if its small.

3. Domain Name Prefetching

DNP is an effective solution to resolve domain names before a user visit the link. Prefetching eliminates roundtrip latency and saves time for users by pre-connecting the browser to set up early connections by sending HTTP request to the server for connections such as DNS Lookup, TCP Handshake, and TLS negotiation.

4. Render Blocking Resources

The speed of a web page also depends upon what might be blocking the Document Object Model (DOM), that causes delays in page load times. The render blocking resources such as HTML, CSS (this can include web fonts), and Javascript should follow best practices.

The following are some recommendations on how to prevent CSS and Javascript from blocking the DOM by optimizing the critical rendering path.

In CSS

Call your CSS files properly

Concatenate the CSS files into one file

Use media queries to mark some CSS resources as non-render blocking

Minify Your CSS by removing extra spaces, characters, comments, etc

5. Number of HTTP Requests

When your browser fetches data from a server it does so use HTTP (Hypertext Transfer Protocol). It is a request/response between a client and a host. In general, the more HTTP requests your web page makes the slower it will load.

There are many ways you can reduce the number of requests such as:

Inline your Javascript, if it is very small

Using CSS Sprites

Minimise assets such as 3rd party plugins that make a large number of external requests

Don’t rely on 3rd party frameworks unless they are inevitable

Combine CSS and JS files

Running our comprehensive analyzing tool, 365andUP will let you know how many requests were needed in order to generate a particular page.

6. Identifying Where Assets Are Delivered From (Latency)

Identification of Latency and how it affects the assets and delivery is a must to check when scrutinizing the web page speed load times. The identification and fixing of network latency culprits consist of a three-step process:

Initial confirmation of latency

Locating the area where latency is occurring

Identifying and eliminating the true source of the latency

A ping test can verify the reachability of devices on a network. Ping test will provide insight on how long it took an ICMP packet to reach its destination and back. A ping test on multiple devices on different network devices and segments can be done and the round-trip times can be used to identify valuable information on network latency. The multiple tests will confirm the latency and it will as well as help to identify what part of the network is experiencing the slowdown.

There are some methods to decrease the ping time:

Decreasing the number of HTTP requests

Gzip Components

Add Expires or Cache-Control Header

Using Content Delivery Network (CDN) by caching website assets on global edge servers (POPs)

Use HTTP/2 by minimizing the number of round trips from the sender to the receiver and with parallelized transfers.

7. Optimising Large Images

Page speed highly depends upon the size of images and text in the page. To increase page speed, the uploaded image must be optimized for higher page speeds.

There are many online tools for optimizing image and among them are:

a. Kraken.io

b. TinyPNG

c. JPEGmini

8. 301 Redirects

Redirects slow down the performance of a website as it generates additional round trip times (RTT) and doubles the time required to load the initial HTML document before the browser even starts to load. So, for better page loads redirects must be avoided whenever possible.

9. Web Font Performance

A research done by HTTP Archive suggests that more than 60% of websites are now using custom fonts than relying on existing fonts like Google Font. Relying upon Google fonts will add extra HTTP requests to external resources and they may also be render blocking.

For better web font performance you can follow these points:

Select only the styles you need and stick to it

Keep character sets down to a minimum

Prioritize based on browser support

Use locally hosted fonts

Store in LocalStorage with Base64 Encoding

10. Fix 404 Errors

It is important to look out for missing links, as it generates a 404 HTTP error when a user browse to it. The 404 errors can be quite taxing on your server, as on an ‘average’ site with an ‘average’ module load, 60-100MB of memory must be consumed from the server to deliver a 404 Error page.

Installing plugins or modules to check for 404 error is not a recommended practice, but external service and online tools can be used to check for errors easily.

There are many online tools like “Broken Link Checker” can be used for this purpose. An occasional check of missing links and correcting it when necessary will ensures that you aren’t wasting any of your server’s resources on missing or broken links.

11. Enable Gzip Compression

Page load times can be boosted by using server level compression tools like Gzip Compression, which can compress Web Pages; CSS, and Javascript at the server level before sending them over to the browser. Whether your website has Gzip Compression enabled or not can be checked with our tool and it will also give insights about compressing the page to increase performance.

Read More

12 steps to Secure a WordPress Site

As explained elsewhere, a CMS is a type of software that runs on a web server and is accessed through a web browser that are used to create and manage digital content. Among them WordPress is the top rated and widely used CMS.So let’s get started on how to secure a wordpress site in 12 different ways.

We all know that majority of websites run on WordPress.

Website security breaches not only steal data from your server and mess with your website or its layout, but they can also use your server as an email relay for sending spam. There are certain other common ways to abuse compromised machines, which include using your servers to mine for Bitcoins or even hits by ransomware. A hacked WordPress site can cause serious damage to your data, revenue and business. Hacker’s main intention is to steal user data, passwords, install malicious softwares, and can even distribute malware to your existing users.

WordPress security is a great aspect for every WordPress website owner. Don’t be too late to do anything about security. In this article we are discussing few simple tricks that can help you secure your WordPress website from malware and hacks.

1. Keep WordPress Up to date

Every good software provides support from its developers and gets updated regularly. Mainly these minute updates are meant to fix bugs and sometimes they may have vital security patches along with that. Hackers could find backdoors to your website with the outdated, vulnerable WordPress application, themes and plugins.

To prevent this from happening we need to update the WordPress application to the latest stable version. Upgrading WordPress to a stable version will be crucial for the security and stability of your WordPress website. WordPress also comes with a lot of plugins and themes that you can install on your website. These plugins and themes are updated and are managed by third-party developers with regular updates as well. Always make sure that your WordPress, plugins, and theme are up to date. Whenever you login to the WP dashboard and see “Update available” banner, click on it and update your WordPress and plugins. You can also use plugins which automatically updates the outdated versions and also provides you email notification about the outdated software. If you are worried about any new changes please make a backup before updating/installing it.

2. Adjust WordPress Database Table Prefix

While you install WordPress, it is very important to change the table prefixes which will be wp_ by default. Most of the hackers use automated tools that can work out your database structure. Changing the prefix to some other value becomes more difficult to run SQL injection queries. Thus this will be a smart move to keep hackers away from your WordPress sites.

Before you install WordPress, while configuring the wp-config.php configuration file navigate to the wp-config.php file and scroll down until you find the section

/**

* WordPress Database Table prefix.

*

* You can have multiple installations in one database if you give each a unique

* prefix. Only numbers, letters, and underscores please!

*/

$table_prefix = 'wp_';

Add a string to the existing prefix i.e. ‘wp_’, and you are done. For instance, you could go with something like ‘wp_sysally’ so the whole line of code looks like:

$table_prefix = 'wp_sysally_';

Please make sure that you’re only allowed to use letters, numbers, and underscores because you are changing a database table’s name.

Once your changes are made save the wp-config.php file and continue installing WordPress to your website.

3.Change the WordPress Login URL

By default, all the WordPress sites uses the same URL structure for this page. If your WordPress domain name is www.sysally.com, for example, you can log in by visiting www.sysallytestblog.com/wp-login.php or www.sysallytestblog.com/wp-admin.

Any hacker can easily get started with brute force attack knowing that the WordPress admin URL is default. We can easily reduce the risk of getting hacked by changing that URL so that hackers won’t be able to guess it.

Additionally, there is another benefit in changing your login URL because it can reduce a lot of resource-wasting bot traffic to your website.

There are various plugins available for doing this, among them WPS Hide Login is one of the simplest and most common plugin for doing that.

4. Always Use Strong Passwords for Users

The most commonly used WordPress hacking attempts are stolen passwords. Always make sure that use use stronger passwords (Alphanumeric) that are unique for your website. Use strong passwords for WordPress admin area, FTP accounts, databases and email addresses.

Beginners don’t like using strong passwords. They often use small passwords which are very easy to remember, but you are inviting a threat by doing this. The advantage of using a password manager is you don’t need to remember passwords.

Instead of saving in browser, try to remember and use your passwords and also change them regularly to secure your WordPress website. Using long passphrases is a very good idea to keep hackers a little bit away. It is nearly impossible for hackers to predict such long passphrases than a group of random numbers and letters.

If you manage a large team then make sure that you understand user roles and capabilities before you add new users to your WordPress site.

5. Change the default username

It is easier to remember if you keep your WordPress site’s username as the default “admin”, but by doing so, you are setting yourself up for a serious security breach.

Many hackers will use “admin” as a login because attackers hope that site owners won’t change it for any reason. If you change your username to something else, that will protect your website immensely. It will be a good decision if you make this critical change by creating a new user via Users > New User, and then give your new login administrator rights. Afterwards, login with your new administrator account and delete the old default “admin” account.

6. Use email address instead of Username

By default we use username to login to WordPress admin panel. Instead of using a username we can also use email address. I guess not many people are aware of this secure approach. As we discussed earlier in the above session, all are aware of the fact that the default username is “admin”. Hackers often try these type of default usernames for eg : admin,wp_user,user1,user2 and so on. These usernames are easy to predict, while email IDs are unique and they may not be able to guess what your email id is. Also, we can use a unique email address for installing WordPress user account with a valid identifier for logging in. There are also security plugins which allow users to use their email addresses for login with WordPress.

7. Secure wp-config.php

Using a .htaccess file we can restrict wp-config.php. This is the file which holds a critical set of data regarding your database, username, and password.

To deny access to this wp-config.php file, you should add the below code at the top of your .htaccess file:<Files wp-config.php> order allow,deny deny from all </Files>

8. Delete unwanted Plugins

Delete all plugins that you are no longer using on your wordpress installation. If you are occasionally using any plugins make sure that it is properly updated because even a minor update is very important.

Never deactivate an unused plugin, instead delete it completely.

9. Turn off file editing on WordPress

You can disable file editing by adding a single line text to your wp-config.php file.

define('DISALLOW_FILE_EDIT', true);

Make sure that you have made a copy of wp-config.php before editing the original one.By adding this line of code on wp-config.php, you can prevent hackers from making changes to your site via the editor in WordPress.

10. Hide WordPress version number

In the WordPress admin dashboard select updates and at the right bottom we can see the current version of WordPress.This can cause serious issues, because some versions of WordPress are vulnerable to malicious attacks.There maybe backdoors for certain WordPress versions and hackers can easily crack into it. To remove this version number from displaying on the page, we can edit functions.php file by adding the following code.

add_filter( 'the_generator', '__return_null' );

Make sure that you have made a copy of functions.php before editing the original one.

11. Use Plugins and Themes from Trusted Source

Always use Plugins and themes from trusted developers or reputed sources.

To auto-update WordPress Plugins add the following code in wp-config.php file:

add_filter( 'auto_update_plugin', '__return_true' );

To auto-update WordPress Themes add the following code in wp-config.php file:

add_filter( 'auto_update_theme', '__return_true' );

12.Schedule Backup of Your Site

One of the most important thing is to keep regular backups of your WordPress site. In case of an exigency a backup of WordPress data can play a major role in restoring your website. Starting again from scratch is a kind of losing all the current progress.

UpdraftPlus is a very widely used plugin to schedule backups of files and databases to your Dropbox, Google drive or Amazon S3.s

So a wordpress website should be the easy to maintain eyes and nose of your business if its been properly taken care of, the real challenge being handling the security aspects.

The proactive measures you take to tighten your website’s security at the right time, will protect your website well in the future. By setting up the above-mentioned security measures and regular backups, you can reduce the chance of hacking to a large extent.

Read More

How to Create a Virtual Machine in Azure

Azure is a cloud computing service that helps developers to build, test, deploy, and manage applications and services through a network of Microsoft-managed data centers. The Azure offers on-demand scalable virtual machines with wide ranges of operating system’s. Here, we discuss how to create a Windows Virtual Machine in Azure Portal.

1. Search for “windows server 2016 vm” in the marketplace and select the VM and click one create. In the newly popped window, It shows four options for different configuration. In the basic configuration settings, enter the username, password, resource group, and location accordingly and click ‘OK’.

2. In the second window, select the VM size from the list. You can see a lot of plans with different prices. Select a plan according to your requirement. You can check the available sizes and options for the Azure Virtual Machine from here.

3. In the next session which is the configuration window, there are a few options to configure.

3.1) High Availability:

It consists of two sub-options, Availability Zone and Availability Set. The Availability Zone is a high-availability feature which ensures data protection from data center failures. It has three zones which are independent of each other and have separate data center infrastructure like cooling, power, networking etc.

The Availability Set is a feature which provides continuity by grouping the Virtual Machines in isolated locations. In reality, we can say the Virtual Machines are placed in different racks. So, grouping a minimum two VMs under an Availability Set ensures at least one of the Virtual Machine is available during any maintenance or hardware failures. Each VM in Azure is assigned to a fault domain and an update domain. A fault domain is a rack of servers, that means VMs in Availability Set is deployed into different racks.

Update domain is a logical grouping within the fault domain. During an application upgrade, only one of the update domain will get stopped, updated and back online, followed by others.

So, here you can decide the values accordingly as per your needs by creating either an Availability Zone or an Availability Set.

3.2) Storage

There are two type of storage for Virtual Machines in Azure; Managed and Unmanaged disk. For Managed disk, the background operations are managed by Azure itself and we do not need to create a storage account. It is also better to select the Managed Disk for VM’s as we do not need to worry about the performance.

While for Unmanaged disk, you have to create a storage account first and then select the same when you create Disk. If there are many disks under the same storage account, then performance will be decreased, and countermeasures should be implemented.

Here, we are going with a Managed Disk to proceed to the Next step.

3.3) Virtual Network

You can either create a new Virtual Network or select an already created Virtual Network using Virtual Network Resource from the marketplace. To create a new Virtual Network, you need to click on ‘create new’ and start entering the details like Vnet name, Subnet name, address space, subnet range etc, on the window, and click the ‘OK’ button.

3.4) Public IP

To configure the public IP, you can select a dynamic or static IP according to your requirement and its price will be varied accordingly.

Click on the ‘create new’ button and enter the name for IP resource. Then select SKU (Stock-Keeping Unit). There are two SKUs, one is basic and other is standard. In basic SKU, allocation methods are static or dynamic to any resource, IP can be assigned to any Azure resource and are open by default.

In standard SKU, the allocation method is static only, closed to inbound connections by default and you have to whitelist the incoming connection as per your need. It can be assigned to network interfaces or public load balancer.

You can get more info from here. After selecting SKU, select static or dynamic IP and click ‘OK’.

3.5) Network Security Group

Network Security Group (NSG) is a firewall which limits the inbound and outbound connections. It can be assigned to subnet, Network interface or Individual VM. It is recommended to associate it with a subnet so that every VMs in that subnet will be under the NSG.

Click on create button and enter a name and add essential inbound rules. By default, RDP port 3389 will be there in the rules. Then click ‘OK’.

3.6) Extensions, Auto shutdown and Monitoring

Extensions are applications for post-deployment configurations such as antivirus installation, third party software etc. There are different extensions available and each one requires unique configurations.

Auto Shutdown: when enabled, we can schedule a particular time to power off the server to save the billing. This feature is not suitable for a 24/7 productive server.

Monitoring: You have two subfeatures, boot diagnostic and guest OS diagnostic. If enabled, you can monitor the boot process in case of any failure from the Azure VM control panel.

All the above features are optional only, not mandatory.

3.7) Diagnostics storage account.

You have to create a storage account for saving VM diagnostic data such as log files, streaming files etc. For this click on create and enter a name for the account, then select the account type. There are three types of accounts, Blob storage, General-purpose v1 (GPv1) and General-purpose v2 (GPv2).

General-purpose v2 (GPv2) has the latest features so select it. Next option is performance: Standard or Premium. If you want SSD support, then go with the premium. After that, select replication as per your needs. Here we are going with locally redundant storage. If you want to mitigate datacenter disaster risk, go with zone-redundant storage (ZRS) or geo-redundant storage (GRS).

4. Once all the mandatory options are configured, click ‘OK’ button.

 

5. In the next step, you will be able to see the summary of the configuration. Click on “Create” and then monitor the deployment progress from the notification icon.

6. Once the deployment is completed, The VM will be listed in the Virtual Machine’s section.

Now, you have successfully learned how to create a Virtual Machine in Azure.

Read More

11 Best Methods to Secure Windows Server

Microsoft’s Server platform can perform many different functions: Active Directory domain controllers, DHCP, DNS, IIS, File and Print, and on and on and on. The versatility of Microsoft server has also been counted among its weaknesses, because a large footprint means a large attack surface. However you’re using a Windows server, the rule of thumb should be to make that footprint as small as possible to operate as intended. So let’s get started how to secure windows server.

Microsoft has released regular patch knowledgebase which can be used as a guide to patch necessary security flaws. The best defense for windows server is regular update. When you create systems that store and retrieve data, it is important to protect the data from unauthorized use, disclosure, modification or destruction. Ensuring that users have the proper authority to see the data, load new data, or update existing data is an important aspect of application development. Do all users need the same level of access to the data and to the functions provided by your applications? Are there subsets of users that need access to privileged functions? Are some documents restricted to certain classes of users? The answers to questions like these help provide the basis for the security requirements for your application.

There are various security aspects that should be considered when configuring a server

1.Server Defaults

DO NOT leave defaults itself. Change default password, Log files, Default permissions for sensitive data. By doing this, you can evade 90% of the great Google Dorks

2.Password policies and User configurations

This is the very first thing you want to do in a newly deployed server. Change the root password with a more complex one. Like, minimum 8 characters long and with a mix of upper, lower characters, number and symbols. You must define a password policy for the users defining Aging, Locking, History and Complexity of passwords. In most cases you should disable the root user entirely and create non-privileged user accounts with sudo access for those who require elevated rights.

3.Opened and Closed Ports

DO NOT leave unwanted ports opened to the external world. Even with a single sweep of nmap towards the ports, hacker can retrieve the services running in the server. At least you need to filter those particular ports.

4.Update installation For Operating System

DO NOT install patches or updates that are just launched. Wait 2 or 3 days to get a report and reviews about the patches. If you know what does the patches do, then go ahead install them. If you don’t know, then don’t… Wait for the report.

Eg: Patches released for Intel Meltdown vulnerability

5.Update installation for software components

Unlike the updates for operating system, software components must be updated as soon as the new versions are released.

Eg : Single outdated plugin can put your website in danger.

6.NTP Configurations

Configure your server to sync it’s time to NTP Servers. These could be internal NTP servers if your environment has those, or external time servers that are available for anyone. What’s important is to prevent clock drift, where the server’s clock skews from the actual time. Also filter the port number 123 with your necessary IP.

7.Running Services

Windows server has a set of default services that starts automatically and run in the background. Many of these are required for the Operating System to function, but some are not and should be disabled if not in use. Following the same logic as the firewall, we want to minimize the attack surface of the server by disabling everything other than primary functionality. Microsoft old server versions such as 2003 and 2008 should be running more services than the newer version, which is not needed for its essential operation. Important services should be set to start automatically so that the server can recover without human interaction after failure

8.Logging Policy

You must configure your server to record every event in the server and make sure the monitoring services are running properly. Adjust maximum size and duration of logging. Handling logs individually is overwhelming. Like syslog in the Linux server, a centralized event viewer for windows will help the troubleshooting.

9.Windows Firewall

Keep windows firewall turned on unless you are using an external firewall system. Keep a precise description for the rules created with its use and details.

10. Administrative Access Control Panels

Always Restrict administrative access to control panels from external IPs and careful not to use the username and password same as the local administrator of the server.

11. Port Numbers

It is better to change the default port numbers used by the applications to a different one and always keep a local documentation of the changed ports, just in case you forget.

Wrapping UP

We can easily prevent a complete meltdown of our server by auditing the system regularly up to and extend. By keeping a simple documentation of the basic configurations, you can stop the misconfigurations entirely or caught early enough to prevent them from turning into data breaches or other cyber incidents.

Read More