
Introducing Linode Managed - remi
https://blog.linode.com/2013/05/29/introducing-linode-managed/
======
orangethirty
I would like to know what steps they have taken to improve their security.
They have had serious security breaches in the last couple of months, and I
don't trust them any more.

~~~
eli
I think that's a reasonable question, but a bit tangential to the offering,
no?

~~~
orangethirty
How can I trust them to manage my server correctly if their security has been
less than stellar? I am trusting them with my data. Something they have failed
to keep secure in the past. It is the question they will not answer, because
Linode is now akin to an used car dealership.

~~~
eli
I get that some people don't trust Linode with their data and I think that's
fair. But it doesn't really have much to do with managed vs unmanaged. Surely
if you don't trust them with a managed server you should also not trust them
with an unmanaged one.

~~~
rhizome
And vice-versa, which is what people are asking about.

------
rdl
It's nice that AWS and GCE also have premium support offerings now. Seems like
a good source of revenue as well as cost savings.

I'm pretty sure I'd never trust Linode even as just a bare VPS provider, let
alone giving them more access to my machines to provide this support, though,
given their long and horrible track record.

~~~
peddamat
In the last Linode thread I asked the community for secure, comparable
alternatives. AWS seemed to be the only option.

Is that still the case?

~~~
bcl
<http://www.rackspace.com/cloud/servers/> (I haven't used them, but friends
say they're good)

~~~
porker
That depends if they can now live-migrate cloud servers from one physical host
to another. We got burned because to do maintenance on the host they had to
take down all 'cloud' servers, turn the server off, do it and switch it back
on - and this was planned maintenance, not emergency.

This was before OpenStack, but trying to get information out of Rackspace
about what's changed is like trying to get a Republican to vote Democrat.

------
johnvschmitt
I've been on Linode for a few months, after years on AWS, and I'm not nearly
convinced to trust them with these "Managed Services".

Why? Too much "scheduled downtime" (few hours/month) vs. AWS's 99.999% uptime.

Why else? Well, it's a perverse incentive. If they have less reliable systems,
the pain goes up, to where more people will sign up for "Linode Managed". We
should all get good uptime, not have to pay extra.

Most importantly, their offering is not an SLA. I don't see anywhere in the
"Linode Managed" where they are guaranteeing uptime %'s, or penalties for
lower performance. And, how can they realistically handle even 50% of the 3AM
panic problems, if some of those will be my website's inability to talk to 3rd
party sites (which neither of us have control over).

 __If they really can fix 90% of the 3AM problems, then they are the root
cause of most of those in the first place. There's not many good reasons why
Linux will break at 3AM often if you've setup your stack correctly. __

~~~
matchu
I've literally never had my servers go down on Linode's account, having run
'em for years now. Maybe the management panel goes down from time to time, but
that's a totally different number than AWS's 99.999%—is that what you were
referring to? Or has Linode actually killed your servers?

~~~
kareemm
Linode hasn't killed my servers, but just informed me that they'll be doing
maintenance on my production box that will likely be a two-hour window, but
could take up to 8 (!)

Not very excited about Linode these days.

~~~
eli
You can migrate it to another physical server at any time in advance of the
maintenance window.

~~~
jebblue
This is true, Linode's support is top notch responsive. I've been with them
for several years, no issues, great uptime, they keep bumping up what they
offer without touching the price. There's no per hour gotchas. What they say
they offer, they deliver.

------
ollybee
There is no industry standard for what "managed" means. On their page they
describe some of the services as co-managed. I suspect in reality "managed"
consist of a comprehensive monitoring solution, along with "best effort"
support. They are either going to to provide a support level well bellow
customers expectations (not making ANY changes unless they have specific
written consent) or they are going to take risks on customers servers which
will blow up in their face from time to time.

Apart from the hacking indecent they have a really good brand with a
reputation for doing the right thing. They provide infrastructure as a
service, the service is clearly defined and they deliver. Unless they are
really sharp then a managed service is not going to be clean, It's full of
grey areas and trade off's about whether the team gave correct advice or did
the right thing. They should have spun this off to a separate company.

~~~
lsc
Yeah. 'managed' hosting is /way/ harder to provide (at least while maintaining
a reasonable reputation) than unmanaged hosting, primarily because:

>There is no industry standard for what "managed" means.

Managing expectations here? really hard. Really, really hard. I mean, for
$100/month, the provider is probably not going to be involved with the
planning and day to day operation; this means you end up with setups where the
customer builds a site, gets it working, starts depending on it, and then
something horrible happens, and at that point, linode sysadmins will have to
step in and fix it. I mean, yeah, a good sysadmin can usually pull it off, but
it's "heroic" work, in my mind... You have to sit there and figure out all the
weird hacks the last amateur the customer hired used to get the system
working. if you ask me to do something like that, I'm going to set an
expectation of failure. But that's the problem with managed services, the
customer expectation is always success.

This will not be fun for the sysadmin involved. It's much harder to fix a
system you are unfamiliar with than a system you are familiar with, and the
customer is going to have expectations that the success rate will be as if the
sysadmin was familiar with the system. (I mean, hell, I go way out of my way
to tell people I sell completely unmanaged stuff, and I still get customers
blaming me when their out of date php whatever gets compromised.)

The situations where I would be willing to offer a competing product would be
if I could charge (and limit the customers per sysadmin) such that a member of
my staff could have weekly or monthly meetings with the customer, going over
their architecture and what change have happened, and what problems might
happen. (I'm guessing this is going to be more in the $500-$1500/month range,
so it's not really competing.)

Alternately, I would be willing to provide a manged service where the customer
doesn't have root, except through my tools. Idea being that then all the
systems I manage would be substantially similar. I could do this for
dramatically less money, had I the time to dedicate to setting it up, and
enough customers to make building the tools worth it.

I wish Linode much luck. As a competitor to their unmanaged product, I know I
will be referring my customers who need more handholding to this service.
There is a whole lot of need in the industry for managed services; VPSs are so
cheap these days that people who have no ability or interest in systems
administration want to buy them, and they need a lot of help.

My expectation? the customer will generally get a good deal for $100/month.
But sometimes? it won't be enough, and that customer will go away very angry
and (publicly) disappointed.

------
alberth
Reading about Linode Managed on their website [1] appears to be nothing more
than (1) OS backups, and (2) a monitoring agent installed on the OS to report
the server is up and running.

Am I missing something here?

[1] <https://www.linode.com/managed/>

~~~
jharrison
The article also mentions proactive response to issues they discover on your
behalf. FTA: "If a check fails, our experts will take immediate steps to get
your systems back online as quickly as possible"

There are a number of other services listed on that page, including "Longview
Pro - the professional version of our system-level statistics collection and
graphing service (currently in beta)."

I got all that from reading the page you linked.

~~~
alberth
I read that as well. But having someone else log into my server to just
restart it doesn't seem all that appealing to me for $100/mo.

~~~
eli
Then you are perhaps not the target customer. Rackspace Cloud offers very
nearly the same service at a similar price.

------
buddylw
I really don't see where all of the Linode hate comes from. That last hack was
a pretty messy situation the way that I read it, but they seemed to do what
was best for their customers when the shtf.

I've also had very few network outages or performance issues in Linode's
Dallas datacenter, multiple uptimes of > 1 year on instances and I've only had
one unscheduled reboot/failure in almost 7 years of being a customer.

~~~
thejosh
The hate comes from multiple security breaches with very little communication.

------
slig
From here [1] it seems that if sign up for Linode Managed, all your linodes
are enrolled and you'll have to pay 100/month for each one i.e., there's no
way to pay only for specific linodes.

[1] [https://blog.linode.com/2013/05/29/introducing-linode-
manage...](https://blog.linode.com/2013/05/29/introducing-linode-
managed/comment-page-1/#comment-444627)

------
PanMan
While from the blogpost it isn't 100% clear to me how far their management
goes (do they restart apache if needed? Do they do security updates?), I think
this fills a huge need!

Fully managed servers are really expensive and often inflexible, while with
VPS you are all on your own, which not every developer wants (or feels
confident in). I was just discussing a week ago how there is a big market in
doing this management.

~~~
josh2600
As with all things in this market, it really depends on the execution.

If the remote hands are awesome, this is well worth $100 per node. If they are
anything but awesome, this wouldn't be worth it for any amount of money.

~~~
thaumaturgy
While my occasional experiences with their support team have been fantastic,
this is being offered by the same people who had a CF vuln exploited in their
management software and, it seems, would not have bothered to share any
details with their customers if the perpetrators hadn't gotten on IRC to brag.

Their documentation in the Linode Library is also really great -- as a
starting point. Assuming that they're using the same guides in recommending
server configuration, there are some things that could be done better by a
skilled admin. e.g., their LAMP server guide for Debian 6 doesn't include
suexec or any variation of FastCGI, two must-haves for a public-facing web
server IMO.

~~~
socillion
Worth noting it was a coldfusion 0day manufactured for that attack, and the
story from the hackers (HTP) is that Linode was forced to announce it by the
FBI despite being blackmailed with their customer credit card database.

Of course, they could have handled security internally better but I suspect
other VPS providers appear more secure only because nobody has gone out of
their way to target them.

~~~
thaumaturgy
Right; according to HTP (<http://straylig.ht/zines/HTP5/0x02_Linode.txt>), it
sounds like Linode were willing to delay notifying their customers of a
serious incident in exchange for a promise from the attackers that the data
would be destroyed -- the supposedly totally secure data, according to a later
blog post from Linode.

The takeaway is that now, while I don't know if I can trust other VPS
providers or not, I _know_ I can't trust Linode. (Hell, to some extent, I
trust HTP more than Linode now -- I haven't seen a dump of the Linode data on
pastebin or a .ru forum yet.)

How a business handles disclosure of a compromise is as important to me as the
fact that they were compromised. Notably, this is the second time they screwed
up disclosure, after being raked over the coals for it the first time. I was
willing to let the first one slide since Linode is so awesome in every other
regard, and hope that they would handle the next incident more gracefully.
Unfortunately, they didn't.

~~~
socillion
I agree, I just don't expect much from VPS hosts - although their handling of
this _was_ remarkably poor.

FWIW I'll be finding a new host, I just like to play devils advocate to
balance discussions.

------
michaelmartin
$100 per month isn't bad for the inevitable crisis when you really will need a
good sysadmin's help.

For me, the biggest reason for paying for managed services like Heroku etc. is
avoiding that risk. This sort of thing would make me far happier to ship some
of the load back onto Linode. Can't fault their hardware. :)

------
itsgettingcold
Interesting. I think this could be particularly popular if Linode introduces
some fully supported stacks for common configs. Although at that point they
would really just become a managed provider, but perhaps that is the natural
progression of at least part of the hosting business.

------
switch007
There's something about the picture that's rather unsettling (apart from the
number of Macs ;).

