Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Would you want an unmanaged VPS without a control panel?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Would you want an unmanaged VPS without a control panel?

fapvpsfapvps Member
edited June 2013 in General

Since control panels are an extra layer of complexity, would you want to have a VPS with SSH access only and OS re-installs and reboots would be handled by support via trouble tickets?

«1

Comments

  • Depends on the support I suppose. Having to wait hours for a simple reboot because a provider doesn't respond seems rather inconvenient vs logging in and hitting the reboot button.

  • Whole point of control panel is automation. You'd have to hire a lot more people and increase cost otherwise. How do people check bandwidth usage? There are lots of things.

  • fapvpsfapvps Member

    @SkylarM said:
    Depends on the support I suppose. Having to wait hours for a simple reboot because a provider doesn't respond seems rather inconvenient vs logging in and hitting the reboot button.

    Well it is possible to simply reboot from ssh unless the instance locked up or something like that. Today's SolusVM 0day is one of those things that can happen to any provider at any time. I was considering not offering control panel access for this very reason. It does not matter which control panel is used or how secure anyone thinks it is, this could happen at any moment. I personally would want a a VPS with only ssh access any any other access methods I would choose to install on it such is VNC. The only entity I would want to access the node that runs my VPS is my provider via very secure means. This is what I would want because security > convenience in my book. I'm currently reconsidering and again thinking of offering a full VPS without control panel access.

  • fapvpsfapvps Member

    @concerto49 said:
    Whole point of control panel is automation. You'd have to hire a lot more people and increase cost otherwise. How do people check bandwidth usage? There are lots of things.

    There are plenty of ways to solve these issues. Simply not offering public access to a control panel is the most obvious one.

  • How do you solve it? I think you're missing the point. You're suggesting to take a step backward because it's dangerous. We should fix problems and not run from it.

    Would you stop driving since you might crash? Convenience and self control is important in this world. Security needs to be fixed.

    Should you stop using a billing panel for the same reason? Whmcs had its far share of issues.

  • WebProjectWebProject Host Rep, Veteran
    edited June 2013

    We do run a xen server without any public control panel, only one customer for last 12 months contacted our support department in order to reboot his VPS account. The advantage of it is more secure compare to SolusVM as no SQL injections or any unsecured code.

  • fapvpsfapvps Member

    I understand that control panels make everyone lives easier most of the time. But just look at it from a security point of view. Your control panel has full root access to your entire infrastructure. It is public facing ticking time bomb. Now you can have that same control panel hidden from the public. I'm aware it is inconvenient for both the customer and the provider. But is the security worth the inconvenience for the customer is what I want to know. We have implemented a control panel for the convenience of the customer also. The customer would have to submit a ticket to reimage the instance, install an OS, or even reboot after a lock up. It is very inconvenient but would they appreciate the security it provides?

  • nunimnunim Member
    edited June 2013

    @fapvps said:
    ... The customer would have to submit a ticket to reimage the instance, install an OS, or even reboot after a lock up. It is very inconvenient but would they appreciate the security it provides?

    No thanks, feels like I'm back renting dedi's in 2004. What I love about my VPSes(VPSi?) is that I can reimage the OS to whatever I want in under a minute by myself, I've been known to reinstall more then 4 times an hour, with a fast SSD VPS it usually only takes twenty seconds. Waiting for an agent to get the ticket, to use Solus to do what I wanted to do in this first place doesn't sound like something that would interest me.

    If you're running something really secure and important I think you could shell out $20 a month for a dedicated server. Get a better control panel or build one yourself like BuyVM is doing, and you won't have to worry about these public exploits, but if someone really wants you they're probably going to get you no matter what.

    I don't think many end-users would be interested in something like that, maybe enterprise and business customers and if that's your market fine, we want more features not less...

  • @fapvps no one contacting support doesn't mean they don't like or want the features. People not complaining does not mean there isn't a problem. Customers could have cancelled without telling you why or didn't pick you because you lack features.

    I tried explaining but your reasons against a control panel sound like ignorance and hiding. I don't have it so won't get hacked. What about a XEN exploit? Let's not use XEN since it's dangerous?

  • krokro Member

    There is no excuse really, easy to develop.

    No control panel is better than SolusVM though. That is certainly clear.

  • wdqwdq Member

    If the price represents a lack of a control panel and I trust the host and know they will answer support tickets very quickly and accurately I think I'd be fine with. Otherwise panels like SolusVM are cheap and there is no real reason why a provider couldn't have some sort of panel for convenience.

  • fapvpsfapvps Member

    @nunim That is the whole idea, making a VPS like an old school dedi.

    @concerto49 An explanation was not necessary. Like I said we use a control panel also. I was simply exploring the idea of not offering one. Eliminating an attack vector on you infrastructure is not ignorance or hiding, it is good security.

    Everyone obviously has different views and opinions on the matter and it is obvious that control panels are nice and useful.

  • EvoEvo Member

    Maybe you could create a small "in-house" control panel for most of the tasks.

  • fapvpsfapvps Member

    @Evo said:
    Maybe you could create a small "in-house" control panel for most of the tasks.

    We use the Cloudmin control panel.

  • I'd like to be able to reinstall os by myself at anytime, not to bother support. But other than that, I'm okay if it has no panel (or no more funcs in panel).

  • blackblack Member

    FAP VPS? lol.

  • JanevskiJanevski Member
    edited June 2013

    @fapvps It's fine with me, i rarely reinstall, rarely need console access and always self manage my VPSes, reboot via SSH is just fine with me, however when users increase in numbers it shall be a burden for the hosting company, also the response time from the support must be fast (for example compromised VPS that the user had lost control of), so the situation of billing for reinstall might happen and some people won't like that and might switch to a provider which has a VPS control panel.

    PS:
    :)

  • fapvpsfapvps Member

    @Janevski A VPS without a control panel is not for everyone, but perhaps offering it as an option for those that would prefer to be on a node with no control panel could work.

  • Make a small panel with rebooting and reinstalling with secure PHP (checking SQL queries...) and you're good.

  • If the price reflects it, then yes.

  • @fapvps said:
    Janevski A VPS without a control panel is not for everyone, but perhaps offering it as an option for those that would prefer to be on a node with no control panel could work.

    That's a nice way of dealing with the problem - hybrid implementation.

  • fapvpsfapvps Member

    @seraphkz said:
    If the price reflects it, then yes.

    It is not a price issue. In fact it costs more to run without a control panel because human beings have to do all the little things that the control panel does. It is all about security hardening.

  • @fapvps said:
    It is not a price issue. In fact it costs more to run without a control panel because human beings have to do all the little things that the control panel does. It is all about security hardening.

    Then I have a lot of other options. Dedicated server, buyvm's pony cp, ramhost.

  • I have seen hosts not offer control panels with their VPS's, however, those VPS's were managed VPS servers, not unmanaged. I am not too sure on this topic, but I don't see why not. If the price is right and the provider has a good reputation, why not?

  • DroidzoneDroidzone Member
    edited June 2013

    I most certainly would not. I have yet to see instantaneous support response to my support tickets. When the whole point of an "unmanaged" VPS is that the customer has full control and do whetever he wants, whenever he wants to do it, this is totally inappropriate.

    I would most certainly not subscribe to such a model. The most important factor being that, I often need to reinstall the VPS, and currently I do a click, wait for half a minute and login to the VPS. Instead of that, you're forcing me to write to support, wait for them to wake up, or stop whatever it is they're doing at the moment, do it, then respond to me.

    I dont see why the complexity has to bother a host. There are even free panels, arent there?

    @fapvps said:
    I understand that control panels make everyone lives easier most of the time. But just look at it from a security point of view. Your control panel has full root access to your entire infrastructure. It is public facing ticking time bomb. Now you can have that same control panel hidden from the public. I'm aware it is inconvenient for both the customer and the provider. But is the security worth the inconvenience for the customer is what I want to know. We have implemented a control panel for the convenience of the customer also. The customer would have to submit a ticket to reimage the instance, install an OS, or even reboot after a lock up. It is very inconvenient but would they appreciate the security it provides?

    As a customer, I do not appreciate it. It's your duty as a provider to keep abreast of security challenges, and keep your code and databases secure to the best of your ability. Stuff like the latest SolusVM exploit happen, and must be patched. That does not mean one has to revert to the stone age. It's like saying, if I take a flight, the flight may be delayed, or crash. So let me walk.

    Once again, I'd like to say this.. I do not want to wait for Customer support to respond just for an OS reinstall.

  • fapvpsfapvps Member

    I started a thread like this on WHT a few months ago and got pretty much the same response. No control panel is not an option in most cases. I just thought today would be a good time to revisit this topic.

  • Why not do out-of-band ssh like prgmr.com?

  • fapvpsfapvps Member

    @sleddog said:
    Why not do out-of-band ssh like prgmr.com?

    They do have a very elegant solution...

  • Why not?

Sign In or Register to comment.