Cloud Hosting and SSL

Modified on Tue, 05 Mar 2024 at 09:29 AM

Understanding Cloud Hosting.

Cloud hosting has quickly become one of the most popular and widely used hosting types in recent years. Unlike the shared and dedicated hosting where everything that's needed to host your website or applications is housed in one server stack, cloud hosting uses innovative technology to spread files, data, resources, bandwidth and computing operations among multiple remote servers that are networked to act together. And since your applications do not rely on a single server, but instead a network of servers, this network of servers is referred to as the cloud.The distributed solution eliminates any single point of failure, provides redundant data storage and guarantees exclusive use of server resources like processing and memory.

With cloud hosting, you rely on a unique server configuration that lets you pull from multiple different servers, which results in an affordable hosting solution that’s also scalable and incredibly reliable. A good example would be a network of virtual servers that tap into an underlying network of physical servers. The extent to which you tap into this network depends upon the actual needs of the application and can be scaled up or down accordingly.

At Pawa IT Solutions, we help companies leverage cloud hosting solutions on Google Cloud Platform (GCP).

THE PITCH: WHEN AND WHY TO CHOOSE CLOUD HOSTING?

Here’s is a theoretical scenario where Cloud Hosting would make sense:

You are a small, medium to large -sized business/company that receives a high volume of traffic.The visitors to your site expect a high performance site that loads quickly and operates appropriately.Dealing with downtime just isn't an option for you and you don't want to worry about the issues that could potentially arise when sharing resources with other sites. Any downtime would be a huge setback for your business because it would squander leads, hurt sales and potentially damage your reputation.

You understand the threat a disaster could bring and believe in taking preventive measures. Disasters are unpredictable and you want to reinstate your service after disruption incase of unforeseen disruptions.You have a huge need for reliability and want to have access to multiple servers in the event that a disaster occurs.Business continuity is essential to your business.

There's also a possibility that you’ll need to scale up in future as you continue to build your brand and generate more traffic.As a result, you want the option to instantly scale CPU and RAM resources.

Security is another one of your concerns. From physical/operational, network and system and application and data security options. You can't risk sensitive data winding up in the wrong hands and cyber attack would temporarily cripple your cloud operations.

Sensitive data: you work with sensitive data and may consider separating data at the hardware level , using dedicated servers or other options.Your head should be in the cloud!!

You also want to free up an additional budget of on-premise servers(bought and rented), employees and general resources needed to host and run your applications and you don't mind spending more for all the benefits that come with cloud hosting.

Support: You are drawn to tools and some specialist services to help you manage the cloud-hosted environment and help you resolve cloud issues that you face from time to time. PAWAIT LTD is your trusted cloud hosting partner.

You know that technology can be deceptive and having a good backup facility is a must.You need to backup processes and determine how frequently accessed data can be backed up.

KEY FEATURES of CLOUD HOSTING

Applications and solutions are deployed on a cloud network rather than an on-premises, single server.
Resources scale to user needs.
Organizations only pay for the resources they use.
Cloud hosting can support SQL (including MySQL) or NoSQL databases.
Solutions are automated and controlled using APIs, web portals, and mobile apps.

WHAT ARE THE BENEFITS OF CLOUD HOSTING?

Flexibility and ease to scale: Traditional hosting services offer limited bandwidth.Cloud hosting scales to accommodate traffic spikes or seasonal demands.
Pay-as--you-go-model: Users only pay for the resources of the user by hour or month.This differs from the flat rates of traditional hosting.
Reliability: Hardware failures do not cause downtime because sites and applications are hosted on a network of servers.Traffic travels across separate network interfaces, where it is segregated and secured. Because of the multiple servers used simultaneously in a cloud environment, your application/site enjoys optimal functionality at all times.
High uptime and availability: With a promise of a 99.99% uptime SLA,and GCP guarantees high levels of availability. Resources span multiple zones and regions to avert any possibility of failure during disasters.In terms of performance, it's hard to beat cloud hosting as dynamic requests are processed with consistently fast load times.This makes it ideal for websites that receive high volume of traffic.
Speedy server setup process: With cloud hosting, deploying cloud servers is very quick with the servers being available within seconds of launch.
High security: Cloud hosting provides several options to configure security to your servers and general access to your cloud environment.There are security protocols to protect databases and applications against common threats such as malware, denial of service and cross-scripting.
Safety from server hardware failure: With cloud hosting your site is isolated from any physical server issues including hacking, hardware failure, or system overload. In the event of an underlying hardware failure, you can easily move your server to a different healthy host.

CLOUD HOSTING ON GOOGLE CLOUD PLATFORM

OVERVIEW

Google Cloud Platform is a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products, such as Google Search and YouTube.Google cloud platform has become the public cloud of choice for many enterprise users.Like most cloud platforms, with GCP you have the freedom to choose the server specifications that fit your needs without limitations.

You can choose from deploying your own site from scratch or choose from a wide range of preconfigured solutions from the Google Cloud Marketplace such as self-managed Wordpress on Google Compute Engine. You can as well choose to migrate your website from your on prem servers into Google Cloud.

Several solutions are available at your disposal to make cloud hosting on Google simple, efficient and cost effective. These include services such as:-

Compute: Google Compute Engine, Google Kubernetes Engine and Google App Engine
Google Cloud Storage for object storage and static web hosting
Databases including SQL and NoSQL
Networking and security including load balancing, firewall rules, CDN and more

GCP ARCHITECTURE: WEB APPLICATION

At a high level, there are 4 different architectures to build web applications.Depending on your need in cloud journey, your business needs and the maturity, one of the architectures will favor your needs.

Static websites: Are a good option for sites like blogs where the page rarely changes after it has been published or where there isn't any dynamically generated content. All you need to set up a static website on google cloud is google cloud storage bucket , connect it to your domain name and that's it.
Managed platform: As your business grows and you don't want to worry about scaling based on the increasing demand, in such a scenario you can use Google cloud managed and serverles offerings like app Engine or cloud run so you can focus on delivering features and let google worry about operating and managing the infrastructure.Google will scale the application for you seamlessly.
Virtual machines: For websites with higher complexity,you want more options and control than a managed platform offers.Compute engine provides a robust computing infrastructure but you choose and configure the platform components you want to use.Google ensures that resources are available, reliable and easy to use but it's up to you to provision and manage them.The advantage here is that you have complete control of the systems and unlimited flexibility.
Containers: For a larger business with more developers and more complicated problems, it is great to containerize your applications.It is hard to manage feature rollouts if the website is one big monolith which makes it difficult to keep up with the increase in demand and pace of business.Containerizing web applications provides 4 key advantages, such as

Compartmentalization: as your apps design become more complex,containers are a good fit for service oriented architecture including microservices, this supports scalability,
Portability: A container has everything it needs to run, your app and its dependencies are bundled together, this facilitates the portability and fixes the “it works on my machine problem” that many developers have
Rapid deployment:when it is time to deploy, your system is built from a set of definitions and images, so the parts can be built quickly, reliably and automatically.compared to VMS containers which are typically smaller and deploy much quicker.

Using containers to deploy web apps on GKE has advantages because container orchestration is built in, google cloud offers container registry which is a private storage for container images and you can easily use other components of GCP in your architecture

HOSTING OPTIONS ON GOOGLE CLOUD PLATFORM

Option	Product	Data Storage	Load Balancing	Scalability	Logging
Static Website	Cloud Storage	Cloud Storage bucket	N/A	Automatically	N/A
Virtual Machines	Compute Engine	Cloud SQL Admin API, Cloud Storage, API, Cloud Datastore API, and Cloud Bigtable API, or you can use another external storage provider. Hard-disk-based persistent disks, called standard persistent disks, and solid-state persistent disks (SSD).	HTTP(S) TCP Proxy SSL Proxy IPv6 termination Network Cross-region Internal	Automatically with managed instance group	Ops agent Cloud logging Monitoring Console
Containers	Kubernetes Engine	Similar to Compute Engine but interacts with persistent disks differently	Network HTTP(S)	Cluster autoscaler	Ops agent Cloud logging Monitoring Console
Managed Platform	App Engine	Google manages it for you	Google manages it for you	Google manages it for you	Google manages it for you

WEB APPLICATION SETUP FLOW IN GOOGLE CLOUD USING COMPUTE ENGINE

When a user requests your website in the browser, their request ends up on your DNS provider.The network traffic is routed to the infrastructure running on Google cloud.If you use your own DNS provider then the request will land there first and the DNS provider routes the traffic to google cloud.If the request is for content that is cached, it is delivered by CDN(Global network of edge locations).Requests are automatically routed to the nearest edge locations and content is delivered with the best performance.

Static content used by the web application is stored on google cloud storage which is a highly durable storage structure designed for mission-critical and primary storage. HTTP requests are first handled by a load balancer which automatically distributes the incoming application traffic among multiple compute engine instances.If you use HTTPS, the SSL session is terminated at the load balancer and requires at least one signed SSL certificate.Web applications including the application and web server are deployed on Google compute engine instances.Deployment and scaling is done automatically and instantly by using instance templates.An instance template is a specific customized configuration of google compute instances that facilitates the reuse of instance configuration by using managed instance groups. To store application data, you would use a database e.g Cloud SQL: which is a fully managed database service that makes it easy to set up, maintain, manage and administer your relational data in the cloud.It automates all your backups, replications, patches and updates.

If the website gets really popular and the traffic grows, we need to make sure the application can handle peaks and dips in our traffic by scaling vertically by adding more CPU and memory to the instance. Horizontal scaling is a better option for high availability applications because it allows you to scale the number of computing resources dynamically as demand increases

MANAGING YOUR GCP ENVIRONMENT

Google Cloud offers several management tools such as Ops agent, Deployment Manager, Cloud Console and more to help you to secure, monitor, backup and manage your servers efficiently with ease.

CLOUD MONITORING

Cloud monitoring is a critical component of Google cloud’s observability offerings and provides visibility across apps and infrastructure,regardless of whether your app is running on google cloud, on-premises or other clouds.It automatically captures metrics and allow you to define custom metrics unique to your applications and business use cases.Cloud monitoring provides a consolidated view of the health and performance of application and infrastructure, making it easy to spot anomalies using Google's data visualization tools,out-of box dashboards or you can easily create your own custom dashboards

Observability of workloads.But we know you can't sit all day looking at dashboards, cloud monitoring provides alerting where you can create policies to alert on performance metrics, uptime and service level objectives.Using cloud monitoring is simple,you can access it on the google cloud console or APIs.If you are using GKE, monitoring is enabled by default for your clusters. For VMs, simply install Opsagents to get started. For all GCP services, cloud monitoring is pre-configured to automatically collect metrics.It is free to monitor all your GCP metrics and comes with a very generous free tier for custom metrics.This makes it easier to get started and affordable pricing thereafter.

To learn more about cloud monitoring:

https://cloud.google.com/monitoring?utm_source=youtube&utm_medium=unpaidsoc&utm_campaign=CDR_buk_gcp_7blv24nongc_CloudBytes_050721&utm_content=description

FIREWALL RULES

Firewall rules enable you to isolate your internal network and instances from unwanted access.They allow you to monitor inbound and outbound activity coming from your network for suspicious activity, blocking items thats are considered dangerous based on a set of security rules.They establish the first line of defense against attacks, malware and viruses and helps create a secure network.Each VPC network functions as a distributed firewall.A distributed firewall means that by default, it will handle filtering traffic but you need to adjust it to handle your access needs like applying firewall rules to tagged instances.While firewall rules are defined at the network level, connections are allowed or denied per instance level.GCP firewall rules exist not only between your instances and other networks but between individual instances within the same network. A firewall rule is made up of 4 things:

An action either to allow or deny traffic( a rule can either allow incoming, ingress, or outgoing egress traffic but not simultaneously)
The type of protocol to which it applies such as TCP, UDP and ICMP
Either a source or destination for which the rule applies.This cannot be both as it depends on the direction of the firewall rule you create, For example for ingress rules you would specify the source which can be IP ranges, tags or service accounts or a combination.You wont specify the destination because rules are already being applied on specific VMS inbound traffic.
You can specify the ports on ingress or egress rules e.g allowing ingress TCP traffic on port 22 to allow for SSH access.You can also deny a VMs egress TCP traffic on all ports for all destination VMs in an IP range.

Summary of valid instances,protocols and destination port specifications for Google cloud firewall rules

INBOUND
INSTANCES	PROTOCOL	PORT
Linux(SSH)	TCP	22
Windows(Rdp)	TCP	3389
HTTP	TCP	80
HTTPS	TCP	443
Internal	All ports and Protocols	-
ICMP	Other protocols	-
OUTBOUND
Microsoft SQL server	TCP	1433
MYSQL database server	TCP	3306

CONSOLE MANAGEMENT.

Cloud console is a powerful all in one graphical tool to manage google cloud platform resources, regardless of their data center location.Tasks that you can access include: user and permissions management, activity logs, technical support, and the GCP’s browser-based command line (CloudShell).

GCP resources are the fundamental components that make up the google cloud services.Typical examples include compute engines, virtual machines, cloud pub/sub , cloud storage buckets, app engine instances and so forth. he home dashboard contains a high level overview of selected GCP project highlighting key metrics, billing and other useful information.

SNAPSHOTS AND BACKUPS

When disasters such as power outage, flood, earthquake etc happen , you need to make sure that the impact on your business is minimal and a robust disaster recovery plan is needed by scheduling backups .Google Cloud lets you take snapshots of persistent disks attached to your instances. A snapshot is an incremental copy of your data—the first snapshot contains all the data, while the next snapshots only save data blocks that changed in the interim. The difference between storage snapshots and backups is that snapshots are point-in-time copies of an entire disk while backups can contain individual files from multiple locations.One of the major benefits of cloud storage is the ability to provide backup at scale.Google Cloud, has an added benefit of having a number of different storage options such as nearline, coldline standard,which offer organizations flexibility in terms of customizing the availability they require, according to their budget.

MACHINE FAMILY TYPES

There are different machine families and machine types to choose from suited to fit different workloads and applications.With every machine family there is a set of machine types that is a prescribed combination of processor and memory configurations.

DEPLOYMENT OPTIONS

DISTRIBUTIONS

There is a whole host of VM images in the public images repository including Ubuntu, Ubuntu pro,Windows Server, Debian, CentOS, Container Optimized OS, Red Heart Enterprise Linux (RHEL),Deep learning on Linux, Fedora coreOS, Rocky Linux, RHEL for SAP, SUSE linux enterprise server,SUSE Enterprise windows Server for SAP and SQL Server on Windows server from google

GOOGLE CLICK TO DEPLOY

Google cloud marketplace has been focused on helping users explore, launch and manage production-grade solutions with just a few clicks.

Marketplace has an easy way to deploy technical solutions called click to deploy.Click to deploy allows you to deploy virtual machines and kubernetes solutions on Google compute Engine easily.You can configure a solution without having to manually configure the software, virtual machine instance, storage, or network settings.This helps you free up more time to focus on building great products.You have the option to deploy solutions like wordpress,LAMP stack, mongoDB and Apache cassandra.With just a click of a button, just search for the solution and select the ones that meets your business needs. When you launch the deployment, you can either use a default configuration or customize your configuration to meet your project needs.

Check out Google marketplace here: https://console.cloud.google.com/marketplace?project=proof-of-concepts-320508

DEPLOYING WEB APPLICATIONS MANUALLY WITH LAMP AND LEMP ON GOOGLE COMPUTE VM.

Apart from using google marketplace, you can set up a wordpress site on a LAMP server manually. A LAMP server is an acronym for Linux, apache/nginx, mysql and PHP.You can start by spinning up a VM in a compute engine and SSH/RDP into your server, manually install and download and install wordpress, set up the database wordpress will use, enter the database credentials in the wp-config.php file and configure apache/nginx to work with wordpress.Refer to the following documents for a step by step procedure:

Installing wordpress with LAMP on Ubuntu 20.04

https://docs.google.com/document/d/1icalbq28RePELoA8O696hh1mpRYGv0mx3uQ90sC25Gw/edit

Installing Ubuntu with LEMP ON Ubuntu 20.04

https://docs.google.com/document/d/1T_SgxrP5eEe90uOHOSXS-56ZeACo5m9971XQabQoqMg/edit

CUSTOM IMAGES

Import a boot disk image to Compute Engine from your on-prem environment, or import virtual disks from VMs that are running on your local workstation or on another cloud platform. You can also create an image from the boot disks of your existing Compute Engine instances. Then use that image to create new boot disks for your instances.

SSL CERTIFICATE INSTALLATION

OVERVIEW OF SSL CERTIFICATE

SSL (Secure Sockets Layer) is a standard security protocol which establishes encrypted links between a web server and a browser, thereby ensuring that all communication that happens between a web server and browser(s) remains encrypted and hence private. With SSL in place, data is encrypted – even if intercepted, it will not be able to be deciphered. SSL Certificate is today an industry standard that is used by millions of websites worldwide to protect all communication and data that's transmitted online through the websites.

It is utilized by millions of online businesses and individuals to decrease the risk of sensitive information (e.g., credit card numbers, usernames, passwords, emails, etc.) from being stolen or tampered with by hackers and identity thieves. In essence, SSL allows for a private “conversation” just between the two intended parties.

WHY ARE SSL CERTIFICATES IMPORTANT?

SSL certificates are complex, but in a nutshell what they do is encrypt your visitors’ connection to your site. This helps to protect both your site and customers from security breaches. SSL certificates act as the backbone of a more secure internet, and protect the sensitive information we all send over the web.You can easily spot SSL-secured websites, as their URLs begin with HTTPS as shown below, rather than the old standard with HTTP as shown below:

In some browsers, you may also see an icon in the browser bar that lets you know the site you’re visiting is secure. Google’s icon looks like a small padlock. Naturally, an improvement to your site’s security is always a good thing. However, securing your site with an SSL certificate can also result in a few particular benefits:

Improved Search Engine Optimization (SEO) and rankings: Google considers sites that have a SSL certificate to be more trustworthy, and tends to rank them higher on Search Engine Results Pages (SERPs).
Improved visitor trust: Adding an SSL certificate also improves your users’ level of trust, since it proves that your site is actually owned by you or your business

SSL certificates have recently become almost essential. In an attempt to improve the overall level of security on the web, Google now marks sites without HTTPS connections as unsecured. Most users won’t make payments on a site with these kinds of warnings, so not implementing SSL could mean lost sales (as well as a reduction in traffic for any site).

WHAT LETS ENCRYPT OFFERS YOU

Though there are several SSL certificate providers out there, Internet Security Research Group’s (ISRG) Let’s Encrypt offers a cheaper and faster way to set up SSL certificates on your website. Let’s Encrypt is designed to provide free, automated, and open security certificate authority (CA) for everyone.Let’s Encrypt can offer you:

Heightened security. An SSL certificate enables you to use the HTTPS protocol throughout your site.
Less micromanaging. Obtaining and renewing certificates is usually a hassle, but Let’s Encrypt keeps things simple. You can set it up in minutes and configure automatic renewals so you don’t have to worry about certificate expiry.
Better Search Engine Optimization (SEO). These days, search engines are strongly encouraging website owners to use the HTTPS protocol on their sites. In practice, this may translate to better SEO results.

CONCLUSION

In today’s online landscape, security is paramount. The good news is, you don’t need to set up complex defenses or hire paid solutions to secure your users’ data. A lot of times, all it takes to provide a safe experience is to obtain an SSL certificate and enable HTTPS.

Let’s Encrypt and paid SSL certificates both enable you to add a secure connection to your site. However, they offer differing levels of validation and support. Most business and e-commerce websites will be better off opting for a paid SSL certificate, whereas smaller sites may find Let’s Encrypt to be sufficient.