Many see cPanel multi server (aka cPanel cluster) as a way to prevent business downtime. The logic goes that even if one server fails, the other servers can keep websites and mail online. But, how true is that?
In our role as Hosting support specialists for web hosting companies, Our engineers manage hundreds of cPanel servers. We setup and manage several cPanel cluster infrastructure as a part of this cPanel server management services.
From this experience, we could see that though cPanel clusters cannot totally prevent a business downtime, they be used to minimize the impact of a downtime, and to simplify server administration.
cPanel multi-server cluster – Do you need it?
As of version 11.56, cPanel offers DNS Cluster for DNS high availability and Configuration Cluster for easier server management. If you already have cPanel servers, here’s how cPanel clusters can help you:
1. DNS cluster – How we configure them to prevent service downtime
cPanel creates 2 name servers for each website created in a server (say, ns1.website.com and ns2.website.com). By default, both these two name servers are created in the same physical machine.
This poses a couple of issues:
- In the event of a server crash, DNS will stop working. This brings down both website and mail – even if the mail is hosted elsewhere (like Google Apps).
- If a website needs to be moved to another server due to resource constraints or other reasons, the name servers need to be changed, leading to extensive downtime.
To prevent such downtime, we setup central DNS clusters for our customers. The DNS of all websites would be hosted in 2 or more dedicated DNS servers.
This way every website will have the same set of name servers (eg., ns1.webhostingcompany.com, ns2.webhostingcompany.com), and even if one server fails, other servers will ensure that the services are up.
With these DNS clusters, we’ve been able to:
- Prevent mail bounces using a secondary MX entry for domains, that routes mails to a backup mail server.
- Avoid web or mail downtime during website migrations to other servers. Since name servers are the same for all domains, there’s no need for complex DNS changes and prevents associated downtime.
- Reduce customer complaints and support tickets that happen during domain migrations.
Many of the name server clusters we’ve implemented were based on open source BIND servers. cPanel has a similar solution called DNSONLY. With this, cPanel servers can be setup to store DNS records in a remote DNSONLY cluster.
When we setup DNSONLY clusters, we maximize the cluster effectiveness and security by:
- Setting up the name servers in separate geographical locations – This ensures that a network issue won’t bring down both servers.
- Making all name servers “masters” – This helps to lower DNS update delays. When a DNS record changes, all name servers in the cluster are updated at the same time. This avoids propagation delay among name servers.
- Securing the cluster against cache poisoning, and other attacks – An attack on the cluster can bring down all websites. We prevent it through a series of DNS security tweaks.
2. Configuration clusters – How we use them to simplify server updates
New security threats emerge every day. Servers should be patched and updated frequently to prevent security issues. When you have multiple servers, logging into each of them and running updates can get pretty tiring, and it’s easy to miss updates.
In our role as Server Specialists for small to large web hosting companies, our engineers monitor all security alerts, keep track of server updates, test them for software conflicts, and apply them as soon as possible.
While manual updates minimize chances of error, there are a few situations where we perform mass server updates:
- When widespread hacks are reported via a web app or system vulnerability, patches need to be applied ASAP. There isn’t enough time to login to each server and manually do the updates.
- High priority security channel patches are best applied automatically as they do not conflict with functions.
- Anti-malware, anti-spam and firewall databases need to be updated as soon as they are available, so as to minimize security issues.
We configure configuration management tools such as Ansible and Puppet to initiate emergency system updates from a central server. This way, we patch all servers in as little as 5 minutes, during a security emergency.
For managed VPS hosting providers, we use a variant of this setup, where regular system updates (eg. RPM updates, kernel updates, etc.) are applied in hundreds of servers using a central control server. This helps us to spend valuable time on other critical tasks.
However, if adequate precautions are not taken, such mass updates can lead to software conflicts. To prevent such issues, we ensure these pre-conditions are met, before doing the updates:
- All VPS instances are ensured to be of the exact same configuration (i.e. same OS, web server, mail server, etc.)
- Users are not allowed to install server applications, which could conflict with or break the server configuration.
- Update commands are performed only after conducting a series of tests and ensuring that they are passed.
- Post update, we run a series to tests from the control server to make sure all VPSs work fine, and all sites load without errors.
[ Focus on your core business without interruptions. Our tech support experts are here to manage your customers 24/7. ]
cPanel provides a similar functionality by its configuration cluster solution. With it, you can setup one server as the “master”, and then ask other servers to use the same Update Preferences as the “master” server.
So, if you setup the “master” server to “Auto-update” Apache, all other servers will do the same. The cluster can be setup in the “master” server by going to WHM Home >> Clusters >> Configuration Cluster.
Here, click on the “Create” button to add the IP, and Remote Access Key to all your cPanel servers (you can get the key from Clusters >> Remote Access Key of the other servers). It’ll look like this:
To finish up, go to WHM “Home >> Server Configuration >> Update Preferences”, and right at the bottom, enable the option “Send my settings to all configuration cluster servers”. Now, any change you make to the update preferences will be made in all component servers.
cPanel provides DNS clusters for DNS high availability and configuration clusters to simplify server administration. While these do not provide high availability for web and database services, it can be configured to soften the impact of a downtime.
At BMITC, we use cPanel clusters and several other methods to deliver high availability and secure server management. To know how these systems can be best adapted for your business, Click here..