Due to the COVID-19 global pandemic, many businesses were coerced into adapting to remote work, leaving them vulnerable to cyber-attacks. According to the statistics, corporate security threats were up to 50% in 2021 and this is just the tip of the iceberg. Several sectors were significantly affected regarding security threats – educational and research, government, and communications were in the top 3 in Q1 2021.
It is no surprise that small and medium businesses were also exposed to severe breaches. Small and medium companies don’t have many resources or industry-related expertise to carry out challenges such as serious security threats. We updated SERVERware as an ultimate telecommunications solution [so that Service Providers can provide] for small and medium businesses looking for reliability and security with all that in mind.
Among many other interesting features, the newest update of SERVERware 4.2 has brought virtual and management networks.
Here’s why those updates are crucial for the security of your business.
1) VPSs hosted on the same cluster can use the different virtual networks to isolate their traffic, making less or no room for the data breach.
SERVERware 4.2 allows its administrators to define different virtual networks on top of the underlying physical network that interconnects hosts belonging to the same cluster. This is possible because SERVERware uses the WireGuard Communication Protocol to establish virtual private networks, and the result is the cornerstone of SERVERware virtual networks.
The networks are encrypted by design – the full encryption ensures enhanced protection of communication between VPSs hosted on the same cluster.
To put it more plainly, what does it mean? You can build a dedicated virtual network for a domain, allowing a secure connection of the domain’s VPSs while other VPSs from different domains hosted on the same cluster cannot see the traffic.
What is the range of virtual networks on SERVERware? Virtual networks are IPv4 in private IPv4 ranges of class A, B, or C, while IPv6 is limited to local private unicast prefixes.
2) Virtual network organization excludes exposure to the public internet.
SEVERware’s virtual networks are organized in a particular way. They allow services to run on distinct VPSs that logically depend on each other. Since they are interconnected, there is no need to connect them to a subnet exposed to the public internet. An ETCD cluster can be created using a virtual network connecting the nodes.
Therefore, VPSs can talk to each other without exposing anything to a public network. Because there’s no need for connection to a different subnet, SERVERware virtual networks are more secure and stable, leaving potential attackers no room to attack.
That’s great, but what else is there for my business regarding virtual networks?
- Virtual networks are simple to define and secure, reducing the amount of hardware. They lower networking hardware costs (such as cables and hubs) and remove hardware dependencies.
- Since there are no hardware dependencies, setting up virtual networks is easy from SERVERware’s GUI and free of additional costs.
- VPSs can connect to several different physical and virtual networks simultaneously.
- There is more flexibility when it comes to creating new applications. The virtual network facilitates the creation of new applications based on the microservice architecture.
3) We used VPN technology and IPv6 addresses to improve the overall protection of SERVERware components communication.
SERVERware has utilized virtual networks to boost security, as we discussed previously. Implementation of new features showed us that we need to expose SERVERware’s modules and APIs to the outside world as little as possible. The idea behind protecting SERVERware’s functionality was clear to us from the very beginning – the SERVERware’s functionality for managing VPSs, storage, and networking is frequently exposed to the host’s public IP address, making it vulnerable to potential attackers.
What did we do? We used the same VPN technology and IPv6 addresses to create a secure VPN between SERVERware hosts and controller in a dynamic and implicit setup. Consequently, a new host will be immediately connected to this network while added to a cluster.
There will be a dedicated, automatically configured virtual interface named MAN on each host and the controller, which will be used for safe communication between SERVERware components running on different hosts in the cluster. With the MAN interface established, we have limited the surface area for attackers and significantly increased SERVERware’s security.
To sum it all up: SERVERware improved the overall security of the virtualization platform by having an encrypted and secured local network and simplified communication between distributed SERVERware components. As a plus, the development of new features now looks a lot simpler from the security perspective – which means we can develop solutions tailored for your business only much more quickly.
Now that we thoroughly understand how virtual and management networks can benefit your business’s security, we wanted to take a step back and announce an exciting feature.
An integrated DNS (Domain Names System) server, although not related to security – is an equally important feature of SERVERware 4.2.
This integrated DNS server function as an authoritative server for a DNS zone. DNS is a protocol that resolves names such as bicomsystems.com to the IP address of a server on the internet.
Each VPS hosted on the SERVERware cluster will be assigned a name in the zone and can be reached using its domain name rather than its IP address. Instead of manually adding name.domain.com for each VPS, it will be listed in the SERVERware GUI, no matter how many VPSs you have.
What does this mean for my business?
- No extra DNS configuration adjustments – since SERVERware is authoritative for the provided zone, VPS can change IP or subnet and remain accessible via domain name. SERVERware will find any VPS via a name instead of searching it via different IP addresses.
- Easier DNS management for providers who offer numerous services – all you have to do is redirect DNS requests to SERVERware.
- Configuration of NAPTR/SRV DNS resource entries for each VPS provides a service discovery mechanism for clients who support this feature.
Finally, there are more features available in the SERVERware 4.2 release, which you can read in detail. Don’t hesitate to reach out if you want your system secured with our SEVERware adapted explicitly for your business needs.