Post-migration considerations when migrating from Amazon Web Services

Previous sections

Migrate an application from Amazon Web Services to Rackspace:

Security

Key-based Secure Shell (SSH) authentication is considered safer than
authentication based on user names and passwords for several reasons. For
example, the latter method is subject to brute-force attacks, poor password
strength, and a higher risk of remote theft. For these
reasons, we recommend that you enable key-based SSH or OpenSSH
authentication on your newly provisioned cloud server. For instructions, see
the following reference that corresponds to your server's operating system
(OS) distribution:

Consider disabling password authentication altogether, or at least
disabling root logon. Also consider limiting simultaneous user logons
and using a nonstandard (other than port 22) port for SSH.

  • Tighten iptables rules by using the following steps:

    • Allow remote access only from a trusted IP or range by entering the
      following command:

      iptables -A INPUT -p tcp -s XXX.XXX.XXX.XXX --dport 22 -j ACCEPT #Replace XXX.XXX.XXX.XXX with your IP
      
    • Limit the number of connections to the SSH port by entering the
      following commands:

      iptables -A INPUT -p tcp --dport 22 --syn -m limit --limit 1/m --limit-burst 3 -j ACCEPT
      iptables -A INPUT -p tcp --dport 22 --syn -j DROP
      
    • Prevent brute-force attacks by using the following commands to log and
      block repeated attempts from the same IP address:

      iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name ssh --rsource
      iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent ! --rcheck --seconds 60 --hitcount 4 --name ssh --rsource -j ACCEPT
      

Monitoring

To create a robust and scalable monitoring system, consider using
Rackspace Cloud Monitoring. For information about installing, configuring, and
running an agent and enabling monitoring checks by using the Cloud Control
Panel, read Install and configure the Rackspace Monitoring
Agent
.

After you have installed the agent, based on your requirements, you can
configure one or more of the following checks and alerts:

  • Remote service checks
    • Ping check (server)
    • HTTP check (website or web application)
    • Transmission Control Protocol (TCP) check (port)
  • Agent checks
    • Memory
    • Central Processing Unit (CPU)
    • Load average
    • File system
    • Network

Backups

Backups are an integral part of any production-level deployment and an
essential component of a disaster recovery (DR) strategy. Rackspace
provides a file-based backup system to help you meet your backup and
restore needs. You can install the Rackspace Cloud Backup
agent
by following the steps in the
article Install or update the Cloud Backup agent on
Linux
or Install the Cloud Backup agent on
Windows
.

Cloud Backup has the following key features:

  • Select the files and folders from your cloud server that you want to
    back up.
  • Run your backups manually or on a customized schedule.
  • View the activity from all your backups.
  • Use AES-256 encryption with a private encryption key known only
    to you.
  • Restore individual files and folders from a particular date.
  • Save space with incremental backups that save only the changed
    portions of files.
  • Create unlimited backups.