Magento Hosting using OpenShift Origin
Magento is popular. It is second only to WooCommerce in the number of active installs, and that number keeps growing. This popularity has in turn led to a huge demand for specialized Magento Hosting Services. Customers now expect Magento Hosting companies to take care of all the hosting complexities (like security, website speed, etc.), while the webmasters focus on their business, and website content.
Many web hosts use shared hosting as a platform to deliver Managed Magento Hosting. However, such installations often face performance and security issues due to its shared nature of services.
A case against Shared Magento Hosting
In a shared server, all customers share the same resources, network services, web server, mail server and database server. This often results in all customers sharing the burden of a resource hogging Magento addon or a website malware infection.
1. Performance issues
Magento is built to be flexible and customizable for a wide range of business needs. Performance was not a core consideration in its design. So, Magento sites have several performance bottlenecks that stem from complex database queries, configuration look-ups, and complex template structure.
On top of this, many websites use themes and add-ons that can put a heavy toll on system Memory, Disk I/O, etc. So, in shared Magento servers, load spikes are quite common. Even if the server is setup with powerful SSD disks or 12-core processors, load spikes cannot be entirely avoided without using resource limits.
2. Security issues
Many Magento webmasters use customized themes and add-ons that make it difficult to do an upgrade when new Magento versions are released. The issue with that is, there could be unpatched vulnerabilities like the infamous ShopLift vulnerability, which led to thousands of Magento sites to be infected with the GuruIncSite malware.
A malware infection in a shared server can easily affect all the websites in a shared server.
In our server management services, malware infections are considered a tier 1 threat to server security. In shared servers, even if one site is infected, the malware can send out spam, or spread to other sites, leading to IP blacklists and SEO penalties. We prevent such issues by proactive patching of vulnerable sites, web server hardening, and using anti-malware firewalls.
Member of Executive Group, Bobcares
3. Difficulties in scaling up
Many Magento sites use marketing campaigns quite regularly. During such campaigns, website traffic could spike to 10 times the normal traffic. Shared servers have a limited amount of resources, and it is difficult to allocate extra resources temporarily for a traffic spike. The only solution then is to migrate such accounts to a VPS or dedicated server plan, which in most cases is an overkill for website owners.
A better way – Light weight virtualization
With proper server management, shared hosting is definitely a good platform for Magento hosting. However, to compete with the top players in the industry, one needs better customizability and isolation than what’s possible by shared hosting. The traditional alternatives are dedicated servers and VPSs, which can be cost-prohibitive for many web hosts.
Here’s where light weight virtualization technologies can bridge the gap. VPS hosting systems such as Xen or KVM create independent server images for each account, which is quite resource intensive. In contrast, light weight virtualization systems such as Docker, OpenVZ or LXC uses a single server image to handle multiple clients, thereby delivering 5 times the server density than Xen, KVM, or VMWare.
OpenShift Origin is one such light weight virtualization platform that is a good candidate for Magento hosting.
Magento Hosting using OpenShift Origin
OpenShift Origin is an open source PaaS (Platform as a Service) solution from RedHat. It is built on Docker virtualization platform, and uses several layers of resource limits to fully separate one user from another. This shields each user from security or performance issues of another website that shares the system.
Here are the top 4 benefits of this solution:
1. Security through SELinux based isolation
Container virtualization systems such as Docker share a common operating system among all system users. Theoretically, this poses a security vulnerability where a kernel bug can be used to get access to the whole system. Mandatory Access Control systems such as SELinux gives a way to implement iron clad security on Docker containers.
OpenShift Origin is secured with SELinux to completely isolate one website from others. However, the security settings in the default installation is not setup to accommodate every possible use case. The authorization configuration and package security still need to be taken care of, to keep the system safe.
Magento hosting can include many hosting scenarios. There could be designers who must give access to different customers on multiple projects. A hosting provider should be able to accommodate this need. In our server management services, we setup special cluster policy rules, and local policy rules in OpenShift Origin servers to prevent one user accessing another’s data.
Sr. Systems Engineer, Bobcares
2. Resource restriction through Cgroups and Filesystem limits
OpenShift uses Linux kernel features such as Cgroups, PAM limits and Filesystem limits to implement strict restrictions on resource allocation. Resources limits can be placed on CPU, Memory, Disk quota, Bandwidth and number of processes. These settings can be kept as hard limits, which will kill any abusive process that exceeds its allocated quota – thereby protecting the server from load spikes.
It is important to note that OpenShift uses a system of resource templates to limit resources. It is possible that templates aka gears, with inadequate resource limits, can lead to resource starvation of legitimate accounts. So, several data points (such as avg. traffic, avg. mem usage, etc.) must be analyzed, and limits constantly adjusted to make sure normal accounts are not affected.
3. Scalability through Kubernetes
OpenShift is built for scalability across multiple servers. It uses distributed file systems like Ceph to scale up storage, and uses multiple containers to serve just one account. For eg. if an application cannot handle the traffic coming in, it can be scaled up to add more “gears” that runs off a different physical server, to handle the load. There’s no need for any migrations.
The most critical component affecting scalability is the storage system. It is important to build the file systems and storage devices in such a way that new servers can be added to seamlessly extend the storage space of all accounts.
Many web hosts use shared hosting as a way to deliver Managed Magento Hosting services. However, the shared space often leads to performance and security issues for the whole server. Today we’ve covered how the open source solution OpenShift Origin can be used as a viable alternative to shared hosting, while delivering features are on par with top Magento Hosting providers.
Bobcares helps web hosting companies deliver industry leading hosting features using tried and tested server architectures. If you’d like to know how to make your server infrastructure and technical support more efficient, we’d be happy to talk to you.