Sorry for the radio silence recently, I've been buried at work.
I did play around with a hacked up version of zerofree, looking to see if there was any interesting leftover data in the unallocated blocks on the disk. Other than some apt cruft, it was clean. (And yeah, I did fill my disk with X, rebuild, and see if any data survived the rebuild. It did not.)
Planned on banging around on the ticket submission stuff a bit, but never got around to it. Sorry.
Couple of comments on nice to have stuff:
VNC: having been burnt in the past with unauth access to my VNC console, I strongly prefer the ssh tunnel setup that someone (Oracle? AWS?) uses. No HTML5 VNC console, but it just seems so much safer. (To be fair, I've never tried to ssh tunnel to other port numbers at Oracle or AWS, but surely they thought of that?)
It's more of a problem with IPv4, but I have noticed that with some providers I see a ton of (non-broadcast) traffic on my interface that doesn't involve my IP or MAC. Screws with my vnstat and munin traffic monitoring. So if you have a way to filter out traffic by guest (maybe each guest instance has an isolated vlan?), that's a good thing.
My favorite console access is the way tornadovps (nee prgmr.com) does it. ssh keys only, then a pick-a-number front end to select the serial console, rDNS, add/remove keys, reboot, shutdown, etc. Secure, fast, low bandwidth, and cut-n-paste works in the console.
Comments
Sorry for the radio silence recently, I've been buried at work.
I did play around with a hacked up version of zerofree, looking to see if there was any interesting leftover data in the unallocated blocks on the disk. Other than some apt cruft, it was clean. (And yeah, I did fill my disk with X, rebuild, and see if any data survived the rebuild. It did not.)
Planned on banging around on the ticket submission stuff a bit, but never got around to it. Sorry.
Couple of comments on nice to have stuff:
VNC: having been burnt in the past with unauth access to my VNC console, I strongly prefer the ssh tunnel setup that someone (Oracle? AWS?) uses. No HTML5 VNC console, but it just seems so much safer. (To be fair, I've never tried to ssh tunnel to other port numbers at Oracle or AWS, but surely they thought of that?)
It's more of a problem with IPv4, but I have noticed that with some providers I see a ton of (non-broadcast) traffic on my interface that doesn't involve my IP or MAC. Screws with my vnstat and munin traffic monitoring. So if you have a way to filter out traffic by guest (maybe each guest instance has an isolated vlan?), that's a good thing.
Good luck with the roll out!
Thank you for very much for your feedback!
VNC will get integrated in the next few weeks
https://canvay.io - A simple webhosting platform
https://v6node.com - Affordable IPv6 only KVMs
My favorite console access is the way tornadovps (nee prgmr.com) does it. ssh keys only, then a pick-a-number front end to select the serial console, rDNS, add/remove keys, reboot, shutdown, etc. Secure, fast, low bandwidth, and cut-n-paste works in the console.