StackAccel

≡ Menu

Part 3, Choosing a Domain Name Registrar

Domain Registration

If your choice of CMS platform was foundational, and your selection of hosting provider important, the priority that you give your domain registrar is several orders of magnitude less important.  There are many ways to register a domain, but typically you’ll either go through your hosting provider, or one of the big name registrar’s out there like GoDaddy.

By volume, GoDaddy is the largest domain registrar in the world.  They surpassed Network Solutions nearly a decade ago, and though they’re privately owned and not obligated to do much in the way of reporting, the Wall Street Journal reported in 2011 that they sold a 65% stake in the business to a trio of big private-equity companies – KKR, Silver Lake Partners, and Technology Crossover Ventures for a reported $2+ billion dollars.  If their name still doesn’t ring a bell for you, you might recall GoDaddy from their marketing –they usually have a SuperBowl advertisement of some kind.

Being the biggest name in domain registration and web-hosting doesn’t come without detractors.  GoDaddy has been criticized over the years, often by competitors and former employees, as being in violation of various ICANN rules, particularly as they relate to domain name portability(e.g. the domain’s are difficult to port out).  Another area that they’ve received criticism for is their “upsell” approach.  If you’ve ever registered a domain name, or picked-up a SSL certificate through them, you’ll know exactly what I’m talking about.  What starts as a simple domain registration, can easily (or even accidentally) become email services, web-hosting, private registration, managed hosting, premium listings, and more.  They’re also known for their coupons – nearly everything that can be purchased through them has a coupon.  None of this is necessarily a problem, but it is something folks complain (loudly) about.

As you might imagine, GoDaddy isn’t universally loved by the WordPress community.   Having a wide range of clients, we’ve worked with many different domain name registrars.  I don’t personally have a problem recommending GoDaddy for domain registration, and SSL certificates, but at the same time I’m not really passionate about registrars.   I can’t recommend them for their web-hosting, let alone managed WordPress hosting, as there are just so many out there that do it better.  Name registration, on the other hand tends to be a low-value problem to solve.  At around $15 per year, there are probably higher-value things for you to focus your attention on.  From my standpoint, I mainly care about what the Nameservers field says… this points to wherever your DNS hosting lives, and may point to GoDaddy’s name servers. Wherever those point, that’s where you can manage your DNS settings from.  By default, that will be GoDaddy (e.g. ns1.godaddy.com, ns2.godaddy.com).

Some popular alternative domain name registrars that I’d recommend considering include, NameCheap, Moniker.com, Hover.com, Gandi.net (which includes free private registration), dotster.com, in addition to most web-hosts.

Part 2, Managed vs. Budget WordPress Hosting

Did you check out Part 1?

In a market with an almost an unlimited number of choices, why is it so hard to find the right WordPress host?  After all, aren’t all of the building blocks low, or no-cost?  Between WordPress, Linux, inexpensive computing, and an endless supply of commodity providers that all look alike, doesn’t this resemble a perfectly competitive market? At least, it seems to at a glance, doesn’t it?

But if that’s the case, why is your current host so bad?

And why are there so many articles on who to choose, and why to choose them? (FYI… most reviewers are compensated though an affiliate program.  I’m not.).

It’s with you in mind, that I put together this article.  My goal is to present the topic from 30,000 feet, help you understand where the market is, and help you make the right choice.

Small Business Owners, Freelancers, and Startups 

If this describes you, and your business is doing anywhere from zero to $30 million in sales, then you probably don’t want to host your own WordPress site.   Temping as though it may be, particularly if you have a stack of servers in a datacenter somewhere, or a huge vSphere licensing investment, it’s still probably not worth your time to do.  On top of that, I just don’t know of many startups, freelancers, or small businesses that resemble what I just described.  Is it possible for you to host your own WordPress site?  Sure, you can technically do that with your residential high-speed connection and an old workstation with a LAMP stack running on it.  In fact, I bet someone on your team already pitched that idea, didn’t they?

… and that will work just fine, right up until the time when one of a thousand things that you didn’t know to plan for happens.  Then… you’ll have a mess.

So sure, it’s possible to host it yourself.  But realistically, in the majority of cases, I don’t buy what your developer or operations folks are pitching.  Unless they have recent specific experience, and it also happens to be a valuable way for them to spend their time (now, and in the future as they maintain the site), then it’s unlikely that you belong in the WordPress self-hosting game.  Why?  For reasons that start with security and reliability, but ultimately end with the business case…. as in, do you actually have a reason to be in the WordPress hosting business?  Think about it this way… unless you reasonably stand to profit the investment you’re making in your WordPress infrastructure, why are you doing it?  Those expensive dev and ops resources that you have messing around with a WordPress VM… their time could probably be spent doing almost anything else.  After all, no matter how smart, well meaning, or capable they may appear to be, the reality is that WordPress hosting has already already been done better, and more cost effectively elsewhere, by companies that are backed with venture capital and can boast hosting north of 150,000 sites.  So yeah, your technical team might be able to get you up and running – but why are you spending your resources that way?  Sure, it’s an interesting Engineering challenge, but does it create any real value for you?  If you have developer or operations folks, the low-hanging fruit surely isn’t in reducing a cost that runs well under $2k per year, is it?  In short, it’s just really difficult to justify self-hosting in today’s market, if it’s not in some way either profitable or core for you to do so.

The Cheap way

(What shared WordPress hosting feels like)

(What shared WordPress hosting feels like)

If you’re a freelancer looking to spend less than $5 per month, then you’ve got plenty of options, my friend.  In fact, the vast majority of hosts are of the 1-click, $5 per month WordPress hosting variety.  I’m sure you’ve seen many of these names before.  Companies like…

HostGator, Dreamhost, BlueHost, 1and1.com, LaughingSquid.com, inmotion, webhostinghub, siteground, godaddywesthost, justhost, site5, hostmonstersiteground, and on, and on.  To the tune of several hundred more.

If you thought differentiating between phone systems was hard, then hold the phone… because these companies are nearly identical.  In fact, several of them are now just brands owned by the same parent company, Endurance International Group.  Have I worked with all of them?  No… there’s just too many.  I can’t tell you precisely what differentiates 1and1.com from HostGator this week, beyond the sale that 1and1.com is running today.  But, guess what?  Their customer services folks can’t either.  Of the handful that I’ve worked with, they’re all fine and good enough for small sites, blogs, and whatnot.  Sure, their support, uptime, and responsiveness all vary wildly, but it’s all the same cluttered marketplace.  I can’t speak to which host is really the flavor of the month, because it changes that often.  But averaging them out, I’ve yet to be impressed, or surprised.  If this seems like the right fit for you – just go ahead and pick whoever is running a sale this week.  And if you stay with them for long-enough, your experience will range from good to bad, and everywhere in between.

Managed way

(How managed hosting feels)

(How managed hosting feels)

If you’re coming at the topic of from a clean-slate, you may already be familiar with the inexpensive commodity hosts outlined above.  Beginning around 2009, providers started offering what’s become known as Managed WordPress hosting as an alternative to shared webhosting.  Since then, several companies have come to market with offerings that recognized there was a market not being served… folks with needs well beyond what the shared hosts could, or were interested in providing.  Managed WordPress hosting is about abstracting out the hosting layer from the WordPress layer environment.  Or, if you have a networking background… if budget web-hosts live at the data link layer, Managed WordPress hosts live in and above the Application layer.  In any event, here’s the general pitch…

Managed WordPress Hosts do everything that you don’t want to do, or that you don’t know you should be doing.

Things like Automated backups, managed WordPress and plugin updates, content delivery network (CDN) integration, and seamless scaling.  Never thought you’d need to be able to handle 50 million visitors a month, did you?  Not a problem, they planned for it and baked it into their solution.  What if you don’t have a clue, and need amazing support?  They have you covered.

Here are some of the bigger Managed Hosting names:

  • Pagely – A self-funded company that recently moved their infrastructure over to AWS – the original Managed WordPress host.
  • Flywheel – Focused on design and ease of use
  • WP Engine – Perhaps the biggest name in Managed WoWordPressosting, they’re now VC-backed, but have experienced growth-pains this year
  • Synthesis – Known for security
  • Pressable – Known for reliability
  • mediatemple.net – Now owned by Godaddy, but operates independently

The fact that many small businesses don’t think they need some of the features are, perhaps, a different conversation.    While your site might not ever serve up the number of visitors that TechCrunch, or CNN do, many of the features that Managed WordPress hosts bake into their platform are nice to have, and given that the cost runs somewhere between $49 and $200 per month, it’s still quite affordable.  Most importantly though, they’re doing all of the heavy lifting for you.

Is Managed WordPress hosting for real?

Here are a couple of the most common criticisms of Managed WordPress hosting.

“It’s just a higher-cost version of shared hosting”.

“So you’re charging me for something I can do myself?”.

Are these accurate? Or, more importantly are these legitimate? I don’t think so.  Look at it this way…  budget web-hosts are incentivized to maximize the density of their environments, as-in stacking as many customers as possible onto a piece of hardware so that they can still profitably run those $1.00 per month promos.  On the opposite end of the spectrum, Managed WordPress hosts are in the business of having happy customers that don’t even think about “hosting”, and rightly assume that the Managed WordPress Hosts are in the business of making sure the back-end is always capable of providing their end-customers with a great experience.   Put differently, would you rather have the budget host that’s putting out fires everyday?  Or would you rather spend a few hundred extra dollars a year to not have to worry about it?  Perhaps the biggest differentiator though between Managed WordPress hosting and budget hosting is support, because they’re incentivized to deliver the best customer experience possible, in order to continue justifying the premium they charge.

Of course, it’s true that you could probably do it all yourself.  But is that really the most valuable thing you, or your team can be doing for your business?

The Hard Way

So what’s left?  Virtual Private Servers (VPS).

If you’re coming at this as a SysAdmin, a web developer, or from an Engineering background, the most tempting option is usually the hard way.  I wish I could say that I just didn’t understand the temptation… but I get it it, even if I don’t agree with it.  Before you go down this path though, think about what your time is worth.  What’s the opportunity cost to rolling it yourself?  More than that, unless you’re a Linux admin by trade, one who just so happens to also be a web developer, and loves tweaking Apache or Nginx, setting up MySQL databases, and the like… then it might just be that your time is more valuable doing something other than re-inventing this wheel.

VPS environments are pretty much what they sound like… dedicated virtual machines that you rent from an infrastructure company.  This is nearly identical to the “I can host this myself” approach to things, except that most of these providers have a solid and redundant infrastructure.  Meaning, when something breaks it’s usually your fault, not theirs.  With a VPS you get a dedicated operating system, where you have root access and can do anything you want on the virtual machine.  If you’re a SysAdmin, it’s just like logging into vCenter and deploying another instance of CentOS from a template.  The primary difference though is that the VPS instance is usually housed in a datacenter that’s built for availability, as opposed to your corporate datacenter which may or may not have things like multiple utility providers, or Internet connections.

Which VPS to choose?  Well, he’s a list of several hundred options.  If you must go down this path though, I’ve had good experiences with DigitalOcean.  From a cost standpoint, DigitalOcean competes in the same cost range as the shared web-hosts, as well as the VPS variety.  The difference though is that DigitalOcean doesn’t suck.  You can even think of DigitalOcean as AWS-lite with a cost resembling the commodity web hosts of the world.  They don’t yet have a platform that’s as massive as AWS or Azure, but you can spin-up “droplets” (VMs) similar to the way you would bring up new machines from templates in vCenter, or on AWS/Azure.  Snapshots?  Sure thing.  Backups?  Of course.  Their big differentiator though is that their VMs run on SSD drives.  And before you ask… Yes, they’re quite fast.

My Recommendation:

Why over complicate this?  A Managed WordPress host is there to take care of the details.  Sure, you can get a lower cost platform using a shared host, but your mileage will vary.  Of course, you can always build your own WordPress environment, or run a VPS instance – but it’s not usually a high-value use of Engineering resources (even if you have the technical expertise).  For managed WordPress hosting, I like Pagely based on their history, reputation, and the fact that they’re self-funded.

Redmine LDAP Integration – Active Directory Configuration

After you have Redmine installed and configured to the point where you can log in – go ahead and do so. Browse to Administration>Settings>Authentication tab>LDAP Configuration (in the bottom right).

Before you go and start changing things here, there are a few things you should keep in mind that will save you some time. Realize that you can’t do an anonymous bind to Active Directory. So, you need to actually specify a valid set of credentials for the service account. Now, I suppose they could have done something different here to reduce the configuration work… like relying on user login credentials and passing them to query AD. But in any event, you just need a normal domain user account should do just fine – anything that can query Active Directory. Why a domain account? Think about it another way… if someone plugged their laptop into your network, would they be able to query AD for user or computer objects? No… they wouldn’t, because they’d be anonymous. Even if they knew your domain name, had a domain controller’s IP address, the distinguished name, etc… no luck. So create a service account. Just FYI, my domain was at 2003 domain functional level.

As far as the Base DN – keep it simple… base DN means base. You probably don’t want CN=users, or CN=MyBusiness, or anything like that. In my case, I specified DC=domain,DC=local. As for the the attributes, they all come right out of Active Directory… there’s a bunch of places youcould find these if you wanted to spend the time to find them. Or, there’s a bunch of sites that already have this stuff listed (see the below for my config).

When you’re specifying the attributes, keep in mind that you don’t want any extra spaces (blank spaces) after the attributes. For instance, it should be ‘SAMAccountName’ (no quotes), NOT ‘SAMAccountName ‘. If you add a space, it breaks. If you don’t have those “optional” attributes, it breaks. Also – just FYI… if you’re under Authentication, and trying to run a “Test” of authentication, and it say’s successful – that doesn’t mean it’s actually working. You need to test Active Directory account logins from back on the main menu.

If you want to use on-the-fly account creation… you’ll need to make sure all of your Attributes are set correctly and that within Active Directory the attribute fields actually contain data for your users. This is very important. For example, if you have a user trying to login, but their account has “First Name”, and/or “Last Name”, and/or “E-mail” address fields blank (like if you have a “test” user account) – automatic user account creation in Redmine will fail. On top of that – it’s not very verbose about why it failed. So that might be something to file away in the back of your mind, so that when you find one account (or a group of accounts) somewhere that won’t login – you can make sure to check that they have all of the Active Directory attributes specified (just open up Active Directory Users and Computers and check-out the user object that is having a problem).

My Settings:

  • Name: YourDomainOrWhateverYouWant
  • Host: IP address of a Domain Controller (name is probably best)
  • Port: 389
  • Account: Domain\ServiceAccountRedmine01
  • Password: SavedPassword
  • Base DN: DC=domain,DC=local
  • Login: SAMAccountName
  • First Name: givenName
  • Last Name: SN
  • Email: mail

AD: How to Determine the Last Logon time of users

Your ability to determine last logon time really depends on the AD level that you’re at.

For information on the below attributes (and more), check here.

Pre-2003 AD: You can’t do it.
2003 AD: Look at the lastlogon attribute on all DCs.
2003 AD functional level: Look at the last-logon-timestamp
2008: Check the msDS-LastSuccessfulInteractiveLogonTime 

If you’re not at 2008, or 2003 domain functional level, and you want to determine the last logon time, you can use AD-FIND to query each DC, get the time stamp in the nt time epoch format (the time measured in seconds since 1/1/1601) and then usew32tm /ntte to convert the stamp into a readable format… Date, Hour:min:second.

adfind -h DC1:389 -b dc=domain, dc=local -f “objectcategory=person” lastlogon >DC1.txt

adfind -h DC2:389 -b dc=domain, dc=local -f “objectcategory=person” lastlogon >DC2.txt

… and so on for each DC.

To convert lastlogon time, take the time stamps for the user’s that you’re interested in and convert them…

w32tm /ntte value1
w32tm /ntte value2

… and so on.

Then you can compare each. At 2003 functional level the attribute lastlogontimestamp is replicated to each DC – so it’s a single source of truth. In 2008 it gets even better with last logons, last failed logons, and more. With some diligence, you can probably take the above steps do some further learning around them to improve things a bit, and then script the the logic. But for one-offs, and small networks this works.

pfSense: Editing /conf/config.xml file

The ISP’s internet connection runs on port expecting a 10MB Full-duplex device to be plugged into it. The WAN interface on my pfSense box is a 10/100 NIC, which when uplinked without making any configuration changes, I found that I was only getting about 25% of the capacity I was expecting. The only way to force the WAN interface to 10MB/Full-duplex is via the /conf/config.xml file. There are two way to edit this… one is using vi from SSH.

To enable SSH do this from the PFSense web-interface:
Click System>Advanced>Secure Shell, Enable Secure Shell

Even if you prefer to use the PFSense web-interface to edit your config.xml file (make a backup copy first), the shell came in handy a few times throughout my configuration process. The other option to edit the config file is using the editor in the PFSense web-interface.

The editor is available here:
Diagnostics>Edit File. The Load/Save path is “/conf/config.xml”.

Scroll down until you find the tag. Then remove the lines that start with <media/> and <mediaopt/> and replace them with ones that say this:

<media>10baseT/UTP</media>
<mediaopt>full-duplex</mediaopt>

Then click Save. You can check to see if this took effect by clicking Status, Interfaces. The WAN interface should now read “10baseT/UTP ”. This change should take effect immediately – if not, give the box a reboot (Diagnostics>Reboot System).

Visit Us On Twitter