Hover: My Domain Registrar of Choice

For the last few years my domain registrar of choice has been Hover for it’s simplicity. I have NEVER been a big fan of GoDaddy because of their check out process and always that that Network Solutions was over rated.
Hover doesn’t try to sell you server space or things you don’t need, you just go in, choose your domain name and checkout. My domain names currently costs $15/year which is about average.

The next time you’re looking to get a new domain name or it’s time to renew one of your existing domain names, look at transferring your domain name to Hover.

Desktops-as-a-Service: Amazon Workspaces

One of the technologies that I’ve been fascinated with for the last few years is Desktop-as-a-Service or DaaS. This is where like most servers are moving to the cloud, individual workstations are also moving to the cloud slowly but surely.
One of my favorite services for this comes from infrastructure giant, Amazon Web Services with their Amazon Workspaces product. From $25/desktop/month (I’ll be the first to admit that it’s a bit pricey) you can have Amazon host your Windows 7 desktops.

There’s several reasons why I’m excited about this:

  • Zero reliance on individual hardware. Instead of buying each employee a new computer every few years to refresh their hardware or dealing with hardware breakdowns, all your desktops are safe in the cloud. For local clients you can either A. Recycle old computers and configure them as thin clients or B. Buy new thin clients for a couple hundred dollars for each workstation.
  • Minimal usage on your local internet connection. I can’t believe that I’m saying this in 2017 but there are still some businesses that can only get low bandwidth internet connections because of their location such as a single T1 line. But if your desktops are in the cloud, the only thing that your local connection will be used for is viewing the remote session. This means activities such as web browsing, downloading files, backing up to a remote service, etc. are all performed using the DaaS provider’s internet connection, not your local connection.
  • Mobile ready. It is incredibly simple for your users to access their desktops on their personal devices. Whether it’s an iPad or their home computer, they just download the client app, login and they’re at their workstation from wherever they are.

Those are just some of the few reasons that I’m completely intrigued about this new trend. My hope is when services like Amazon Workspaces get more and more popular, the price per desktop will fall. Again, $25/desktop/month adds up pretty quickly if you have more than a handful of users but I can see it becoming more of a no-brainer solution if the cost were to drop down to $5-$10/desktop/month.

No-IP: Give your Dynamic IP Address a Static Hostname

Every once in a while I get in the need of a static IP address for a network that has a dynamic IP address. Now usually, if it’s going to be for something like a permanent server or something, I’ll go ahead and call up the ISP and pay the $10 or $20 extra per month to get a static IP address through them. But if it’s just for a short term project or I’m just tinkering around on something, I’ll use a service called No-IP.
No-IP is a free service that allows you to get a DNS name for your network that also has a script for Windows, Mac or Linux that monitors your connection’s public IP address and when your IP address changes, it will automatically update your DNS record with the new IP address so that host name always resolves to your desired network.

Again, for “mission-critical” applications, I’d much rather recommend getting a static IP address from your internet service provider but if you’re just toying around, check out No IP.

Digital Ocean: Great VPS for Personal Projects

When I first started my business, the first thing that I had to host for a client was their email and website. I forget how I found them but for a couple years I rented a VPS from a company called Server Intellect which I later upgraded to a full on dedicated server. And then I came across Amazon Web Services and used their EC2 service to launch and run servers for my clients whenever I needed to. In fact, I was the consultant that helped manage one of my local community colleges, (Taft College) transition from hosting their website on-premise to Amazon Web Services.
I’ve always preferred AWS over Microsoft’s Azure or Google’s Compute Cloud quite honestly just because I am so familiar with it and already had my account setup as well as server images for different setups that I had.

However, probably around a year ago I switched all of my personal stuff such as scripts and my website over to Digital Ocean. Although I still advise businesses to use Amazon Web Services just because they have so many more advanced options and integrations with their other services, I recommend Digital Ocean for people like me who essentially just want to tinker around or just need to have a VPS for personal use in the cloud.

Digital Ocean refers to its server instances as “Droplets”. One of the things that I love about them is that all of their droplets comes with SSD hard disks (and you can really tell). Also, their entry level prices are unbeatable, starting at $5 for a droplet. But probably the thing that I love most about them is the simplicity of their console. They make it ridiculously simple to spin up a new VPS in a matter of minutes.

So the next time you need a VPS, give Digital Ocean a look!

Electronic Frontier Foundation’s Let’s Encrypt

In the early days of my business, one of the first services that we offered was web development and design, to be quite honest because it was fairly easy to sell at a large profit margin. However, with me being me and having an intense background in system and server administration, we not only designed and developed the websites, we would also provide the hosting and maintenance for those sites.
All well and good except that some of those websites had either e-commerce built into the site or collected sensitive information from their customers or patrons. So it was a must to use SSL certificates to secure the data while in transport from the user’s browser to our servers (I’ll get into securing and encrypting that data at rest some other day). Back when we were doing it, you had to go find a trusted certificate authority that you actually trusted such as Verisign or Norton that usually came out to a few hundred dollars every year, generate your public and private certificates on your server then getting them to work with whichever web server you had. It was a mess. By far the thing that I hated doing the most for web hosting.

That’s why I was so stoked when I found out about a year and a half ago that The Electronic Frontier Foundation (EFF), in an effort to make SSL connections the new default, not only was becoming a certificate authority, they developed a tool called Lets Encrypt that makes it ridiculously simple to enable SSL on your website. All you have to do is go to https://letsencrypt.org, choose your operating system and web server and it will download the appropriate script. Oh yeah, it’s completely free!

Since Let’s Encrypt has came out, I have used it for every web server that I’ve set up whether it needs it or not. It literally on takes about five minutes to setup so why not?

3CX Phone System

Back in the day, when I first started with VOIP, I really wanted to go with some form of asterisk like Trixbox or Elastix but after months and months of trying, I just couldn’t get it stable enough for companies to be able to rely on.
Then a buddy of mine suggested that I look at a system called 3CX. At that time they were just on version 10 and it only ran on Windows but I tried it out anyway and it seemed pretty stable so we went ahead and bought a license for it (I believe it was $1,200 at that time).

Fast forward to today, about a month ago I had to rebuild a phone server for a non-profit in Bakersfield. Beforehand, I did a bit of research and found that 3CX was not only now on version 15, but they now supported Linux as a platform! Moreover, since this non-profit only had a handful of employees, I could get them on the free tier! Some of the more advanced features aren’t included in the free tier such as the fax server and it limits the number of simultaneous calls to eight but for this particular project, it was perfect!

Within an afternoon, I had wiped one of their old servers, installed Debian 9.0 on it, installed 3cx on it and was provisioning phones. I built it on a Friday but waited until the weekend to change over their SIP trunk provider (Nexvortex) just in case something went wrong.

That following Monday morning, I made sure to wake up extra early and clung to my phone all day knowing that there had to be something that was overlooked or left un-configured. 8:00? Nothing. 12:00? Nothing. 3:00? Nothing. I finally sent the director a text and asked how the phones were today? She just said, “Good, no problems.” Trust me, that’s a miracle!

It’s been up and running solid for a good month and a half except for one issue: if you’re running 3CX on a server with two NICs, be sure to only have one interface hooked to the network.

For the past few years, I had been using RingCentral for most of clients just because it was pretty much friction free but I’m thinking that for now on, I’ll use 3CX on top of Debian.

PFSense: My Go To Firewall for SMB

Given that I’m an open source junky, it should be no surprise that PFSense is without a doubt, my favorite firewall for both home and small business use.
During the last three years of my business, instead of buying a Cisco SMB or a Sonicwall firewall, what I’ve done is buy a refurbished Dell Poweredge server with typically around 16 gb of memory and usually a RAID array that has the usable capacity of 500 gb for around $200-$300 and popping PFSense on it.

Aside from it being completely open source, some of the things that I love about it are:

  • It being rock solid given its FreeBSD foundation
  • It’s bandwidth monitoring and rule-based policies
  • VPN built in with both OpenVPN and IPSec
  • Web caching built in with Squid
  • Web content filtering to block people from visiting unwanted or inappropriate websites
  • It’s on-demand virus scanning, blocking viruses and malware before it reaches the client’s computer
  • Limit traffic by country
  • A programmable intrusion detection system
  • VLANs completely built in

I could go on and on and on. There are literally hundreds of available plugins that extend the core of PFSense’s functionality. Knock on wood but I’ve had some PFSense servers running for years without issue. I know that a Poweredge server is a bit overkill for a firewall for a small business, but at that price, why the hell not?