27.05.2022

Cybernews Interview with Ignat Tolchanov, Head of Serverspace

The current pace of the world has influenced society to become more involved in digital reality. The increase in online shopping and remote work forced businesses to move their operations online.

The growing need for cybersecurity tools has led the technology sector to develop many advanced programs that ensure digital security. With the demand for security measures and tools at an all-time high, developers are faced with the difficult task to make sure no security gaps are left behind.

Serverspace is a cloud service provider that has been intensively working on bringing the most effective solutions for a wide range of users – from developers to IT teams. To learn more about the cloud environment, Cybernews had a chat with the Head of Serverspace, Ignat Tolchanov, and his colleague Aleksandr Zubrikov, the head of Security at ITGLOBAL.COM.

How did the idea for Serverspace come to be? What has your journey been like since?

In 2008, we entered the cloud technology market and started providing virtual infrastructure as a service. After the rebranding in 2019, the Serverspace brand was born, and under this name, our company currently operates.

Originally, Serverspace allowed customers to deploy VMware-only infrastructure using a web-based control panel interface. In 2020, we became the first cloud service provider to offer servers based on the vStack hyper-converged platform. Also, thanks to the integrated vStack platform, Serverspace ranked number one on a global virtual machine performance benchmark (according to GeekBench testing).

Users who need a full-fledged corporate infrastructure can create isolated networks and cloud VPN servers, configure edge gateways, delegate domains to DNS hosting, deploy Kubernetes clusters, as well as manage the ordered services using API, CLI, and Terraform.

2022 began with the acquisition of Serverspace by ITGLOBAL.COM, and we became part of the group of companies.

We strive to provide our customers with more options for creating cool, innovative projects. Our key principle is to listen to our users and do our best to offer a highly reliable, simple, and affordable cloud infrastructure. Today, we are a global cloud infrastructure provider trusted by over 120,000 customers worldwide.

Can you tell us a little bit about what you do? What challenges do you help navigate?

We intend to help users create projects of any system load.

The primary service in Serverspace is the provision of virtual servers. Users can deploy servers on one of the two virtualization platforms, VMware or vStack.

Serverspace is an ambassador for vStack, a hyper-converged virtualization platform based on open-source technologies. Thanks to a Lightweight bhyve hypervisor, users can create new generation servers in just a minute and be sure of the stable operation of these servers. The ZFS file system technology, part of the FreeBSD OS, has exceptional features: a combination of POSIX and ACID, advanced data protection, efficient compression, copy-on-write units (snapshots, clones), native NFSv4 ACLs, behavior and performance tuning options, and smart two-level caching (ARC). Thanks to these technologies, vStack servers can be deployed in 40 seconds.

Since application deployment processes have changed significantly in recent years and the practice of application containerization has spread, we have implemented Serverspace Managed Kubernetes. If a user works with a high system load, then for the correct operation of the system, they can enable a High Availability cluster with three control plane nodes. The cluster can withstand the failure of any component of the application and ensure its stable operation. The ingress controller is used for load balancing and traffic routing.

To store any data in the Serverspace cloud, users can work in the unlimited autoscaling Object Storage. They can manage data using the web interface or desktop applications, such as CyberDuck.

For users who want to secure their internal network, Serverspace offers the option of combining virtual servers into an isolated network, creating Edge Gateways, and configuring NAT and Firewall rules. NAT provides securing devices on an isolated network and accessing the Internet from a single external IP address. A firewall protects the network from external threats, and restricts internet traffic inside or outside an isolated network.

To automate the management of infrastructure and servers, Serverspace offers API, CLI tools, and a Terraform provider.

In your opinion, which industries should be the most concerned with implementing cloud solutions and why?

First of all, cloud solutions are essential for those who value scalability and the possibility of reducing infrastructure costs. To maintain the physical equipment and avoid the shortage of resources, the purchase of additional components or linearly growing the number of physical servers is necessary. This approach is ineffective from an economic point of view; furthermore, the computing power of physical servers will never be used at 100%. The average load capacity under such an approach rarely exceeds 10-15%. The server infrastructure virtualization helps to shift these indicators toward the maximum. Today, small technology start-ups and large enterprises need clouds. We can distinguish several industries: EdTech, e-commerce, digital agencies, and video-streaming.

For example, online stores have peak seasons or sale periods when there is a surge in traffic. For such a period, you can scale up the cloud server resources, and when the peak passes, just return to the basic configuration. In Serverspace, you can do this right in the control panel: the amount of CPU, RAM, storage capacity, and bandwidth can be changed in just a few clicks.

The cloud is also suitable for those who need to maintain a corporate infrastructure: remote offices, CRM systems, and information portals. Virtual servers can also be used for testing web and mobile applications, automating logistics, and much more.

Do you think the recent global events influenced the way people approach cloud solutions?

The transition to the cloud was greatly influenced by the coronavirus pandemic, which accelerated the digital transformation. More and more online stores, online services, and contactless payment methods appear, and this trend continues to gather momentum. Therefore, the need for the quick creation of an infrastructure for the development of services became vital. Also, companies seek new ways to organize work outside the offices, and clouds have also become a decent solution. This technology is spreading and gaining user trust.

If we consider the political situation in the world, we can see that many users are opting for international providers with a local presence to avoid depending on the situation in other regions.

In your opinion, what IT and cybersecurity details are often overlooked by new companies?

Aleksandr Zubrikov shares his opinion on this topic:

New companies are mostly startups. They often overlook information security processes, although there are international standards and guidelines for SMB companies. These guidelines are adapted specially for small companies and are quite simple to follow. There are very simple principles and requirements. For example, if you look at the NIST (National Institute of Standards and Technology) standards, you can find a guide for small businesses.

If we talk about typical mistakes, then the following can be distinguished as the most common:

  1. Access management and distribution issues. Usually, there’s only one account, to which everyone has access. This is the most common mistake that probably occurs in 90% of companies, especially those that are just starting out. But they forget about the principle of least privilege. All information security standards state that all accounts must be personalized. Sharing accounts is unacceptable.
  2. Network segmentation and isolation. Small companies do not separate information flows and usually violate the rules of network segmentation. They create servers (production and testing ones) in a flat network and do not separate them. Testing environments are usually poorly protected, and by using their vulnerabilities, an attacker can gain access to the “real” data. Moreover, further scaling of the company's information infrastructure may become difficult in the future and it may require some significant changes. This architectural error is clearly visible in our penetration testing projects.
  3. Development security. Small companies do not conduct regular security testing before release. There are no security control processes, for example, penetration testings or at least vulnerability scannings. And after such companies release their product, they, for example, can soon find their accidentally leaked database somewhere on the net.

The list of typical mistakes is pretty long, so you’d better open the NIST for Small Business standard and follow the basic information security rules.

As more companies move their workload to the cloud, are there any details that might be overlooked when making the switch?

Users may overlook the fact that not all software they have used with their operating system may be compatible with cloud solutions. So, the transition to the cloud will be much smoother if a cloud provider offers a wide selection of operating systems and this list includes those operating systems that the user is currently using. In Serverspace, virtual machines can be ordered with the latest Linux, Windows, and FreeBSD operating systems. You can also create a server with network OS PFSense and VyOS.

There’s a difference in the performance of physical and cloud infrastructures. To work well, some software may require other server configurations with more RAM and CPU.

What misconceptions surrounding the cloud infrastructure do you come across most often? What do you think these worries are based on?

The biggest misconception users have is that moving infrastructure to the cloud is not safe. They fear that third parties might gain access to their data.

At Serverspace, we strive to provide the protection our users need. This is achieved, firstly, due to the triple redundancy architecture. Serverspace infrastructure has maximum fault tolerance. This means that when one host fails, it automatically switches to another. In addition, the data processing centers in which the equipment is located are equipped with an uninterruptible power supply system and diesel generators that can support autonomous operation for 72 hours. Therefore, even a power outage will not threaten the operation of the infrastructure.

Our data centers are also equipped with round-the-clock security, a multi-level employee access system to the territory, a security alarm with vibration cables, video surveillance, and motion sensors. Unauthorized access to the physical infrastructure is completely excluded.

Moreover, all online and offline actions of our employees are recorded, and access to users' servers is strictly prohibited. The only exception is the servers, for which our users outsourced server administration to Serverspace technicians.

What are some of the most serious cyber threats do you think will emerge in the next few years? What can average individuals do to protect themselves?

For any technical innovations and solutions, vulnerabilities will eventually be found, it’s only a matter of time. Therefore, these vulnerabilities must be dealt with correctly, full-fledged vulnerability management should be implemented, and the detected vulnerabilities should be eliminated in time. This is a certain process of information security with certain specialists who monitor this.

It is difficult to predict new threats since they will be always everywhere anyway. I think now we can distinguish the threat of new vulnerabilities in mobile applications. Our smartphones store loads of information about us, and this information is becoming more and more valuable to attackers.

There are also threats in the containerization environment, Docker and Kubernetes. Attackers try to go beyond containers to the control host, move between them, etc. I think new vulnerabilities will emerge concerning this trend.

If we talk about personal security, then thankfully everything is already written on the net: do not leave unnecessary personal data on dubious web resources, look at the address bar, and do not disclose your credit card credentials. Use two-factor authentication whenever possible, even if it's inconvenient.

Aleksandr Zubrikov, Head of ITGLOBAL.COM Security

Share with us, what’s next for Serverspace?

We are currently creating a catalog of one-click apps.

Our users will get access to LAMP, LEMP, WordPress, GitLab, MySQL, and MongoDB applications. With Serverspace, they will manage their cloud infrastructure, as well as create websites, develop applications, and work with databases. Ordering cloud VPN servers based on SoftEther VPN software is already available.

We will continue developing the Managed Kubernetes service: we’ll improve the web interface for deploying containerized applications in a cluster. We will also configure persistence volumes.

We are constantly looking for opportunities to expand the network of data centers, so soon Serverspace users will be able to order servers in the Canadian data center.

Also, the features of the vStack platform are actively expanding, and we quickly implement the new functionalities for infrastructure management, providing our customers with a qualitatively new level of service.

The interview was first seen here.