Post-migration considerations when migrating from Amazon Web Services

Previous sections

Migrate an application from Amazon Web Services to Rackspace:

• Migrate a .NET application from Amazon Web Services
• Migrate a Java web application from Amazon Web Services
• Migrate an application based on Backbone.js, Node.js, and MongoDB from Amazon Web Services

Security

Key-based Secure Shell (SSH) authentication is considered safer than authentication based on user names and passwords for several reasons. For example, the latter method is subject to brute-force attacks, poor password strength, and a higher risk of remote theft. For these reasons, we recommend that you enable key-based SSH or OpenSSH authentication on your newly provisioned cloud server. For instructions, see the following reference that corresponds to your server’s operating system (OS) distribution:

• Ubuntu® operating system
• CentOS®
• openSUSE

Consider disabling password authentication altogether, or at least disabling root logon. Also consider limiting simultaneous user logons and using a nonstandard (other than port 22) port for SSH.

• Tighten iptables rules by using the following steps:

  • Allow remote access only from a trusted IP or range by entering the following command:

    iptables -A INPUT -p tcp -s XXX.XXX.XXX.XXX --dport 22 -j ACCEPT #Replace XXX.XXX.XXX.XXX with your IP
    

  • Limit the number of connections to the SSH port by entering the following commands:

    iptables -A INPUT -p tcp --dport 22 --syn -m limit --limit 1/m --limit-burst 3 -j ACCEPT
    iptables -A INPUT -p tcp --dport 22 --syn -j DROP
    

  • Prevent brute-force attacks by using the following commands to log and block repeated attempts from the same IP address:

    iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name ssh --rsource
    iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent ! --rcheck --seconds 60 --hitcount 4 --name ssh --rsource -j ACCEPT
    

Monitoring

To create a robust and scalable monitoring system, consider using Rackspace Cloud Monitoring. For information about installing, configuring, and running an agent and enabling monitoring checks by using the Cloud Control Panel, read Install and configure the Rackspace Monitoring Agent.

After you have installed the agent, based on your requirements, you can configure one or more of the following checks and alerts:

• Remote service checks
  • Ping check (server)
  • HTTP check (website or web application)
  • Transmission Control Protocol (TCP) check (port)
• Agent checks
  • Memory
  • Central Processing Unit (CPU)
  • Load average
  • File system
  • Network

Backups

Backups are an integral part of any production-level deployment and an essential component of a disaster recovery (DR) strategy. Rackspace provides a file-based backup system to help you meet your backup and restore needs. You can install the Rackspace Cloud Backup agent by following the steps in the article Install or update the Cloud Backup agent on Linux or Install the Cloud Backup agent on Windows.

Cloud Backup has the following key features:

• Select the files and folders from your cloud server that you want to back up.
• Run your backups manually or on a customized schedule.
• View the activity from all your backups.
• Use AES-256 encryption with a private encryption key known only to you.
• Restore individual files and folders from a particular date.
• Save space with incremental backups that save only the changed portions of files.
• Create unlimited backups.

©2020 Rackspace US, Inc.

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License

See license specifics and DISCLAIMER