I'm just a parent helping out at my sons' school. They're looking to implement Moodle, and I've become involved because - while I know zero about Moodle - I do know a little something about UNIX servers.
The school has decided to go with a hosted solution from a Moodle Partner. Considering the limited knowledge of Moodle at the school, this seems wise to me. Does it seem so to this community?
The school chose a particular vendor that apparently uses EV1 hosting. That seemed pretty solid. But the moment I started asking security-related questions (ie. can we use SFTP instead of FTP), the Moodle hosting vendor wanted to offer a refund. I cannot remember the last time I used FTP, and an FTP server doesn't even get installed on most new servers nowadays. And I know that EV1 has no problems with SSH/SFTP.
Obviously, we're already doing a poor job of figuring out how to enter the Moodle world - something that I'd thought wouldn't be that big a deal if we just stuck with a Moodle Partner.
Has anyone any suggestions or recommendations for how we can find a Moodle-savvy hosting solution for a small school? Any help is appreciated.
- Andrew
If the budget allows it, look for managed hosting. This means all system-related issues are hanlded by someone else. Services typically run from $20 per month to much more depending on the quality and response time you wish to get.
The host itself doesn't really matter as long as it is reputable.
We'd *love* a managed solution, but we're hoping for "management" that is Moodle-savvy. That's why we started with a managed hosting account with a Moodle Partner. We already have managed hosting for our public site, but with a vendor that knows nothing about Moodle. New/ignorant as we are, we're looking for an environment where Moodle-savvy support is available.
More, our needs are so slight - from a performance/numbers perspective - that shared hosting is fine for us.
But privacy and security is an issue for us (two of those students whose privacy we're protecting are my sons!), so we'd like a Moodle Partner to manage the hosting that's also sufficiently savvy about such things that they don't [only] support FTP but can provide - and ideally, recommend - use of SSH/SFTP, and that doesn't try to charge $500/year for a secure certificate (for which NS already overcharges at $89/year {8^).
So: Any managed-hosting Moodle-savvy security-savvy recommendations?
Thanks...Andrew
More, our needs are so slight - from a performance/numbers perspective - that shared hosting is fine for us.
But privacy and security is an issue for us (two of those students whose privacy we're protecting are my sons!), so we'd like a Moodle Partner to manage the hosting that's also sufficiently savvy about such things that they don't [only] support FTP but can provide - and ideally, recommend - use of SSH/SFTP, and that doesn't try to charge $500/year for a secure certificate (for which NS already overcharges at $89/year {8^).
So: Any managed-hosting Moodle-savvy security-savvy recommendations?
Thanks...Andrew
Obviously, I'm not going to ask you which MP it was but did you ask them what the issue was? I find this very surprising. There has been a lot of talk about security recently and I would have thought that any MP would be happy to discuss any security aspects of Moodle.
As I am not in your territory, I think I can safely point out that there is more than one MP in the USA and they all operate as independent companies. Try another one - I'd hate you to get the wrong impression of Moodle Partners whatever the problem was.
As I am not in your territory, I think I can safely point out that there is more than one MP in the USA and they all operate as independent companies. Try another one - I'd hate you to get the wrong impression of Moodle Partners whatever the problem was.
Thanks for not asking <grin>.
I don't know what the issue was. They sent an introductory email that mentioned FTP. I requested SSH/SFTP access (along with mysqldump and rsync so that we could do efficient backups). Apparently, SSH/SFTP is only available on dedicated servers with this provider.
As I said: I don't know why. I've not heard of even shared hosting (on UNIX) that didn't offer SSH/SFTP in the past several years.
The fact that the cost of certificate for SSL was $500, combined with the unavailability of SSH, makes me think that perhaps this vendor is aimed at those even more ignorant than we are (ie. those that don't know enough to desire encryption to protect the privacy of the students). I offered to provide the certificate myself (I know how to generate a CSR), but at this point the vendor was already pushing for us to leave and take a refund.
We're eager to try another Moodle Partner, but this time I'm hoping to get some suggestions up front. That's why I'm posting here. I'm a little embarassed that I didn't think of this before, or that I didn't think to ask the vendor about security issues ahead of time, but I honestly didn't expect the kind of problem we've hit.
Thanks...Andrew
I don't know what the issue was. They sent an introductory email that mentioned FTP. I requested SSH/SFTP access (along with mysqldump and rsync so that we could do efficient backups). Apparently, SSH/SFTP is only available on dedicated servers with this provider.
As I said: I don't know why. I've not heard of even shared hosting (on UNIX) that didn't offer SSH/SFTP in the past several years.
The fact that the cost of certificate for SSL was $500, combined with the unavailability of SSH, makes me think that perhaps this vendor is aimed at those even more ignorant than we are (ie. those that don't know enough to desire encryption to protect the privacy of the students). I offered to provide the certificate myself (I know how to generate a CSR), but at this point the vendor was already pushing for us to leave and take a refund.
We're eager to try another Moodle Partner, but this time I'm hoping to get some suggestions up front. That's why I'm posting here. I'm a little embarassed that I didn't think of this before, or that I didn't think to ask the vendor about security issues ahead of time, but I honestly didn't expect the kind of problem we've hit.
Thanks...Andrew
Don't worry about finding a Moodle saavy host - it's a simple PHP application that any managed hosting provider worth their money will figure it out. If you need gradebook help or something like that, then you're better off coming to these forums. It'll be cheaper.
Getting help on these forums is fine, but I'd like to have "standing behind us" experts that have something of a more substantial relationship with us. It's similar to how I'll make use of Fedora Core or CentOS in plenty of cases, but for critical servers I'll use Redhat because it means that help is just a phone call away.
As for any hosting provider figuring it out: Perhaps, but that takes time. For example, does a given version of Moodle require a given version of MySQL? Is an upgrade of one going to cause problems because of the other? I've seen that specific issue discussed here, and it's just one example of the type of Moodle-specific knowledge that I wouldn't expect a generic hosting provider to have.
I alreay know that it's straightforward to install; I've seen someone do it that had no prior experience. It's the ongoing maintenance, though, about which I worry.
Thanks...Andrew
As for any hosting provider figuring it out: Perhaps, but that takes time. For example, does a given version of Moodle require a given version of MySQL? Is an upgrade of one going to cause problems because of the other? I've seen that specific issue discussed here, and it's just one example of the type of Moodle-specific knowledge that I wouldn't expect a generic hosting provider to have.
I alreay know that it's straightforward to install; I've seen someone do it that had no prior experience. It's the ongoing maintenance, though, about which I worry.
Thanks...Andrew
Mmmm.... just to be clear, are you *sure* this was a Moodle Partner you spoke to? If you want to send me the details privately I will make appropriate enquiries.
Why would you want to do rsync backups yourself? The whole point of going with a hosting solution with a Moodle Partner is that all that boring stuff is taken care of for you. It's almost the same deal with SFTP... 90% of our customers don't need or ask for it.
I can only speak for myself but we provide an SSL certificate for free as do most other Moodle Partners I can think of, so this seems rather odd too.
However, all Partners are individual businesses and, obviously I hope, it's important to make sure you get a deal that suits your individual requirements.
Why would you want to do rsync backups yourself? The whole point of going with a hosting solution with a Moodle Partner is that all that boring stuff is taken care of for you. It's almost the same deal with SFTP... 90% of our customers don't need or ask for it.
I can only speak for myself but we provide an SSL certificate for free as do most other Moodle Partners I can think of, so this seems rather odd too.
However, all Partners are individual businesses and, obviously I hope, it's important to make sure you get a deal that suits your individual requirements.
The vendor is listed on <http://moodle.com/partners/list/>;; is that not conclusive?
As for backups ourselves: while I've never been hit with this myself, I've heard stories from others of lost accounts, companies which have disappeared, and even managed servers that have disappeared. What *did* occur to me once - indirectly; we were developing software for client that was being hosted - was a hosting shop that claimed to have backup up and running. But, during a scheduled upgrade, they managed to trash *both* mirrored drives holding a critical data set. It then turned out that their backup wasn't actually working. Fortunately, one of our developers had a nightly cron that copied data from the production DB to a DB in her development area. If we hadn't had that, the client would have been out of business.
The rsync backup we use is completely automated, so there's no "boring stuff" involved. It's a tiny effort which protects against an unlikely event which would have a very high cost should it occur.
You provide an SSL certificate for free? How do you do that given that the CAs charge? Of course, I'll only argue so hard against someone offering something for free <laugh>.
Thanks...Andrew
As for backups ourselves: while I've never been hit with this myself, I've heard stories from others of lost accounts, companies which have disappeared, and even managed servers that have disappeared. What *did* occur to me once - indirectly; we were developing software for client that was being hosted - was a hosting shop that claimed to have backup up and running. But, during a scheduled upgrade, they managed to trash *both* mirrored drives holding a critical data set. It then turned out that their backup wasn't actually working. Fortunately, one of our developers had a nightly cron that copied data from the production DB to a DB in her development area. If we hadn't had that, the client would have been out of business.
The rsync backup we use is completely automated, so there's no "boring stuff" involved. It's a tiny effort which protects against an unlikely event which would have a very high cost should it occur.
You provide an SSL certificate for free? How do you do that given that the CAs charge? Of course, I'll only argue so hard against someone offering something for free <laugh>.
Thanks...Andrew
Ok, I know who it is now, they had a different viewpoint of course - shame you couldn't have worked it out but that's life/business.
Well, yeh, stuff happens. Worse things have happened to me over the years. I call it a learning experience
There's nothing wrong with a bit of paranoia.
We do them free on certain hosting deals, yes. It's because we get a deal with our current hosting provider. If not we would certainly charge too. In my experience it can work out surprisingly expensive for ad-hoc certificate purchases.
Well, yeh, stuff happens. Worse things have happened to me over the years. I call it a learning experience
We do them free on certain hosting deals, yes. It's because we get a deal with our current hosting provider. If not we would certainly charge too. In my experience it can work out surprisingly expensive for ad-hoc certificate purchases.
It's not possible to "work it out" when all that's offered is "here's your refund". Still, it's better than "tough; no refund". But how do you know their "viewpoint"?
"Learning Experience"? <Laugh> I try to avoid those; that's why we do the backup ourselves. It's unfortunate that this wasn't an option with the previous Moodle Partner we tried, but that's why I'm asking here for suggestions regarding hosting.
I have to admit some concern/confusion. As pleasant and interesting as this conversation has been, there have been no suggestions offered regarding a hosting provider. We could, as was suggested, do this at a non-Moodle-savvy shop. Is that really the norm for beginners such as ourselves? Like not having backup, that just seems like asking for trouble (or "a learning experience" {8^).
But is this really our only option? Given the size of the school and the scarcity of "technology resources" available there (as I mentioned, I'm just a parent helping out), I'm not sure that I'd feel comfortable investing in this w/o some type of support mechanism upon which the school could lean.
Am I approach this backwards? Perhaps I should be asking about "consulting services" independent of the hosting, but that can help us with "hosting related" issues?
Thanks...Andrew
"Learning Experience"? <Laugh> I try to avoid those; that's why we do the backup ourselves. It's unfortunate that this wasn't an option with the previous Moodle Partner we tried, but that's why I'm asking here for suggestions regarding hosting.
I have to admit some concern/confusion. As pleasant and interesting as this conversation has been, there have been no suggestions offered regarding a hosting provider. We could, as was suggested, do this at a non-Moodle-savvy shop. Is that really the norm for beginners such as ourselves? Like not having backup, that just seems like asking for trouble (or "a learning experience" {8^).
But is this really our only option? Given the size of the school and the scarcity of "technology resources" available there (as I mentioned, I'm just a parent helping out), I'm not sure that I'd feel comfortable investing in this w/o some type of support mechanism upon which the school could lean.
Am I approach this backwards? Perhaps I should be asking about "consulting services" independent of the hosting, but that can help us with "hosting related" issues?
Thanks...Andrew
If you where asking my professional advice... I might suggest that you organise your own hosting. Assuming your school is not enormous there's no big configuration issues - Moodle is dead easy to install. You clearly know what you are doing with backups etc.
After that, you might want to retain a Moodle expert (be that a MP or not) to provide support if you need it. I suspect that it might well work out more expensive going down this route but at least you'll have exactly what you want/expect.
I take it that you can't run it "in house"?
After that, you might want to retain a Moodle expert (be that a MP or not) to provide support if you need it. I suspect that it might well work out more expensive going down this route but at least you'll have exactly what you want/expect.
I take it that you can't run it "in house"?
We actually do have an old server running CentOS in the school on which someone did install Moodle. That's how I know how easy the install is.
But when we raised the "in house" vs. "hosted" question, it became some sort of political issue. I've *still* no idea why. It was more of an issue than Moodle itself, which I found confusing.
Right now, though, the school's connectivity is highly asymmetric. If there's to be any reasonable volume of access by students/teachers from their homes, the upstream latency/bandwidth may become an issue.
More, the school really isn't set up to provide 24x7 support for a server. Plus, our needs are sufficiently slight that a shared host would be quite sufficient. So I tend to lean towards a hosted solution, at least today.
I'm not clear what, in your suggestion, would be "more expensive". The hiring of a Moodle expert vs. doing it ourselves? Or the hiring of a Moodle expert vs. having a hosting service with that expertise?
We are willing to pay more for the Moodle-specific support. Maybe after some time coming up to speed we'll not need it. But right now, the school has *no* Moodle knowledge. We can too easily make choices that would take us down blind paths out of ignorance, and this could cost us time and annoy the faculty. Right now, there's positive interest in this move amongst the faculty; I'd hate to lose that by making dumb choices out of ignorance.
Thanks...Andrew
But when we raised the "in house" vs. "hosted" question, it became some sort of political issue. I've *still* no idea why. It was more of an issue than Moodle itself, which I found confusing.
Right now, though, the school's connectivity is highly asymmetric. If there's to be any reasonable volume of access by students/teachers from their homes, the upstream latency/bandwidth may become an issue.
More, the school really isn't set up to provide 24x7 support for a server. Plus, our needs are sufficiently slight that a shared host would be quite sufficient. So I tend to lean towards a hosted solution, at least today.
I'm not clear what, in your suggestion, would be "more expensive". The hiring of a Moodle expert vs. doing it ourselves? Or the hiring of a Moodle expert vs. having a hosting service with that expertise?
We are willing to pay more for the Moodle-specific support. Maybe after some time coming up to speed we'll not need it. But right now, the school has *no* Moodle knowledge. We can too easily make choices that would take us down blind paths out of ignorance, and this could cost us time and annoy the faculty. Right now, there's positive interest in this move amongst the faculty; I'd hate to lose that by making dumb choices out of ignorance.
Thanks...Andrew
Andrew - what sort of budget does the school have to support this? As any recommendations would be tied to that.
I'm sorry; I've just realized that I failed to reply to a piece of your message.
You'd asked about backups, and I explained that (apparently to your satisfaction {8^). But you also mentioned SFTP, and I neglected to address that. I suppose I was still too caught up in the fact that you offer SSL certificates for free <grin>.
You mentioned that 90% of your customers don't need or ask for SFTP. I can understand their failure to ask, but disagree with the need. I've had people ask for me to email them a root password w/o encryption. What people request and what they really need are not always the same, esp. in areas like technology where there's much about which people often don't know.
I don't tell my physician what medicine I need, to use a non-technological example of this.
A nontrivial part of what I do "in real life" is help people understand better what they need in technology. Why it's not a good idea to just leave a DB port open to the Internet, or why open SMTP relays are Bad Things. Why RAID is useful and not a replacement for backup. And on and on and on (and on and on and on {8^).
The students at this school aren't being mentioned in the daily papers, so on one hand concern for their privacy may seem excessive to some. Still, I think it responsible to take reasonable steps to protect information about them. Of course, that I'm a parent of two may be affecting my judgment in this matter, but on the other hand avoiding archaic tools like FTP or protecting web transactions with SSL just isn't that high a cost (at least, anywhere else I've been involved).
Thanks...Andrew
You'd asked about backups, and I explained that (apparently to your satisfaction {8^). But you also mentioned SFTP, and I neglected to address that. I suppose I was still too caught up in the fact that you offer SSL certificates for free <grin>.
You mentioned that 90% of your customers don't need or ask for SFTP. I can understand their failure to ask, but disagree with the need. I've had people ask for me to email them a root password w/o encryption. What people request and what they really need are not always the same, esp. in areas like technology where there's much about which people often don't know.
I don't tell my physician what medicine I need, to use a non-technological example of this.
A nontrivial part of what I do "in real life" is help people understand better what they need in technology. Why it's not a good idea to just leave a DB port open to the Internet, or why open SMTP relays are Bad Things. Why RAID is useful and not a replacement for backup. And on and on and on (and on and on and on {8^).
The students at this school aren't being mentioned in the daily papers, so on one hand concern for their privacy may seem excessive to some. Still, I think it responsible to take reasonable steps to protect information about them. Of course, that I'm a parent of two may be affecting my judgment in this matter, but on the other hand avoiding archaic tools like FTP or protecting web transactions with SSL just isn't that high a cost (at least, anywhere else I've been involved).
Thanks...Andrew
I'm not sure I understand what your are saying but for the avoidance of doubt we do NOT offer FTP, never have, never will.
We offer SFTP - through rssh if you are interested - to those who require it. We do not enable it for the majority of customers who have no requirement at all for this type of access. As you say, the best sort of security is "if you don't need it, don't enable it".
EDIT:
I just thought to add.. I continue to be shocked and surprised how many hosting companies only support FTP and/or have SSH/SFTP but hide it. We see a lot of customers coming from CPanel land having never heard of SFTP.
We offer SFTP - through rssh if you are interested - to those who require it. We do not enable it for the majority of customers who have no requirement at all for this type of access. As you say, the best sort of security is "if you don't need it, don't enable it".
EDIT:
I just thought to add.. I continue to be shocked and surprised how many hosting companies only support FTP and/or have SSH/SFTP but hide it. We see a lot of customers coming from CPanel land having never heard of SFTP.
"Never have, never will".
<Sigh> Too bad you're on the wrong continent.
I'm not familiar with cpanel (though I have heard of it, of course). It requires FTP instead of SFTP? That's interesting (and disappointing). As for "having SFTP but hiding it", that's part of what I meant by my job being at least partially educating consumers of technology.
In fairness, though, I've recently noticed a tendency of some people (tech-savvy and not) to use "FTP" to refer not to the specific P as in protocol but more to P as in program. There's even some "web editing" tool (Dreamweaver, perhaps?) that has an "FTP Option" to "enable SFTP". So at least some people, I think, are coming to use "FTP" in a way that doesn't preclude encryption. I see this as similar to people still "dialing" their phones long after rotary dials (like FTP? {8^) have gone the way of GOPHER.
You've raised a question in my mind. If most of your clients don't request SFTP, and you never provide FTP, then by what mechanism do people using Moodle upload various files (images, videos, whatever)? Is it *all* web based? Even whatever files are required for customizations?
[See just how ignorant I am about Moodle!?]
That makes support of only FTP instead of SFTP less important, since we'd not use either, right?
Thanks...Andrew
<Sigh> Too bad you're on the wrong continent.
I'm not familiar with cpanel (though I have heard of it, of course). It requires FTP instead of SFTP? That's interesting (and disappointing). As for "having SFTP but hiding it", that's part of what I meant by my job being at least partially educating consumers of technology.
In fairness, though, I've recently noticed a tendency of some people (tech-savvy and not) to use "FTP" to refer not to the specific P as in protocol but more to P as in program. There's even some "web editing" tool (Dreamweaver, perhaps?) that has an "FTP Option" to "enable SFTP". So at least some people, I think, are coming to use "FTP" in a way that doesn't preclude encryption. I see this as similar to people still "dialing" their phones long after rotary dials (like FTP? {8^) have gone the way of GOPHER.
You've raised a question in my mind. If most of your clients don't request SFTP, and you never provide FTP, then by what mechanism do people using Moodle upload various files (images, videos, whatever)? Is it *all* web based? Even whatever files are required for customizations?
[See just how ignorant I am about Moodle!?]
That makes support of only FTP instead of SFTP less important, since we'd not use either, right?
Thanks...Andrew
They use the web interface for uploads and they don't do customisations. If there's any of that to be done we do it for them - it's part of the hosting agreement (again, pretty normal I would have thought).
That may be normal. You're now in a realm well covered by my ignorance.
But you're also, I think, giving me a new reason to prefer locating a Moodle-savvy hosting vendor. Or have I misunderstood? Would it not require such a vendor to make customizations? Or are these perhaps so rarely needed that this shouldn't factor into my choice?
Thanks...Andrew
But you're also, I think, giving me a new reason to prefer locating a Moodle-savvy hosting vendor. Or have I misunderstood? Would it not require such a vendor to make customizations? Or are these perhaps so rarely needed that this shouldn't factor into my choice?
Thanks...Andrew
Most plugins are very easy to install. Actual code customisation (where required - but unusual) requires more skill and is beyond the scope of "normal" hosting. I guess the bit you pay for is the knowledge of what plugins to use and what to avoid 
Going a little off the "Hardware and Performance" topic here but this is an interesting thread. It seems to me that your main priority here is security. I'm not really sure why.
If you are looking for a host then the docs page on this topic gives quite detailed information. Hopefully you have looked at this.
If you have looked at this but are still hooked on the security issue I wonder if many others are.
Almost all instances of Moodle in education that I have come across are not using https or SFTP. Students and teachers upload / download via the web. I wonder what other people's experiences are?
What kind of material are you envisioning being on the Moodle site? Outside of student grades I can't see any security issues unless you are encouraging students to put private information on the Moodle instance - something I never do. Indeed I discourage this. Moodle by itself is a very secure piece of software - for your purposes, I think, it should be fine to be with any hosting setup. Of course Moodle partners are the preferred but there are many other options as outlined on the docs page. Personally though, I wouldn't get too hung up on the, what I consider, over-the-top security.
Eric
If you are looking for a host then the docs page on this topic gives quite detailed information. Hopefully you have looked at this.
If you have looked at this but are still hooked on the security issue I wonder if many others are.
Almost all instances of Moodle in education that I have come across are not using https or SFTP. Students and teachers upload / download via the web. I wonder what other people's experiences are?
What kind of material are you envisioning being on the Moodle site? Outside of student grades I can't see any security issues unless you are encouraging students to put private information on the Moodle instance - something I never do. Indeed I discourage this. Moodle by itself is a very secure piece of software - for your purposes, I think, it should be fine to be with any hosting setup. Of course Moodle partners are the preferred but there are many other options as outlined on the docs page. Personally though, I wouldn't get too hung up on the, what I consider, over-the-top security.
Eric
I wouldn't call security our "main priority", but it is a concern. This thread seems to have become overtaken by the FTP vs. SFTP issue, but that's not the entire problem we had.
As I wrote above, I believe that we need to keep local backups. Someone asked why, and I think - hope, anyway <grin> - that I answered that reasonably well. But absent tools like mysqldump and rsync/SSH, remote backup is somewhat problematic. I'm certainly open to alternatives, but that's how we do it now and it works quite well for us.
As for why the concern for privacy: It's less because we've specific information that we know will be there than as a general approach. Turn it around, and you'll see what I mean: why *not* take the slight extra steps to maintain security/privacy? Generating a CSR takes a few minutes; installing the signed certificate even less. Network Solutions overcharges at $89/year; other CAs are less expensive. SFTP etc. are standard tools in any UNIX distribution whereas at least Redhat doesn't install an FTP server by default.
You may call it "over the top", but given how cheap all this should be I see no reason to skip it. But, as I've written: I may be biased; I'm not someone that works at the school but I am a parent of two of the students.
As for the document you cited: I appreciate the reference, but it's not all that helpful with our current "need". We already know we want hosted, for example. We would very much prefer a hosting vendor that is Moodle-savvy. I've written the logic for this previously on this thread, but an issue I believe I failed to mention is the avoidance of "finger pointing": the hosting vendor saying "it's Moodle's fault" while a Moodle expert says "the XYZ (MySQL, PHP, whatever) package isn't correct for Moodle".
So: Anyone with a recommendation for a Moodle-savvy hosting vendor? It would be appreciated.
Thanks...Andrew
As I wrote above, I believe that we need to keep local backups. Someone asked why, and I think - hope, anyway <grin> - that I answered that reasonably well. But absent tools like mysqldump and rsync/SSH, remote backup is somewhat problematic. I'm certainly open to alternatives, but that's how we do it now and it works quite well for us.
As for why the concern for privacy: It's less because we've specific information that we know will be there than as a general approach. Turn it around, and you'll see what I mean: why *not* take the slight extra steps to maintain security/privacy? Generating a CSR takes a few minutes; installing the signed certificate even less. Network Solutions overcharges at $89/year; other CAs are less expensive. SFTP etc. are standard tools in any UNIX distribution whereas at least Redhat doesn't install an FTP server by default.
You may call it "over the top", but given how cheap all this should be I see no reason to skip it. But, as I've written: I may be biased; I'm not someone that works at the school but I am a parent of two of the students.
As for the document you cited: I appreciate the reference, but it's not all that helpful with our current "need". We already know we want hosted, for example. We would very much prefer a hosting vendor that is Moodle-savvy. I've written the logic for this previously on this thread, but an issue I believe I failed to mention is the avoidance of "finger pointing": the hosting vendor saying "it's Moodle's fault" while a Moodle expert says "the XYZ (MySQL, PHP, whatever) package isn't correct for Moodle".
So: Anyone with a recommendation for a Moodle-savvy hosting vendor? It would be appreciated.
Thanks...Andrew
We have found an alternative to a vendor supporting rsynch for remote backup that I thought you might find helpful.
Though this is not for Moodle, we have set up synching with an external host from our local server on a nightly basis using Webdrive. We are now looking for a way of synching the MySQL server without a direct connection as our host does not allow this. Currently we do a backup of the database to a subfolder of the folder we are synching. Then if needed we can import that backup into database on the hosted site. Not the most efficient but it is working, we do peridodic checks just to make sure.
We prefer the synching as to a backup, so that there is less down time should something happen. This is critical to us because it is a dms and we don't want to not have access to the latest documents. Once we have this setup, we plan on looking at doing the same with Moodle.
Though this is not for Moodle, we have set up synching with an external host from our local server on a nightly basis using Webdrive. We are now looking for a way of synching the MySQL server without a direct connection as our host does not allow this. Currently we do a backup of the database to a subfolder of the folder we are synching. Then if needed we can import that backup into database on the hosted site. Not the most efficient but it is working, we do peridodic checks just to make sure.
We prefer the synching as to a backup, so that there is less down time should something happen. This is critical to us because it is a dms and we don't want to not have access to the latest documents. Once we have this setup, we plan on looking at doing the same with Moodle.
Hi Andrew,
Below might be reasons why it is not that easy.
SFTP: Some hosts have a policy for security not to allow ssh access on public network. Yes, I know they can still give SFTP without shell (bash) login but it still makes ssh service available to the public. It is a very low security risk but it could be a big problem in case of any human error.
SFTP should not be a problem for providers who have better technical staff or who are just brave
Backup: 1) rsync - again security policy issue of not allowing ssh in public network.
2) Usually a service provider will backup data in night when server is at minimum load. They also have precise tools/scripts which work with minimum disturbance to server or Moodle. rsyncis very good but it can easily produce high load on servers which service providers want to avoid.
Backups are responsibility of service provider why do you want to do his job? (Yes, you answered that already).
My proposed solutions.
SSL: godaddy gives them for far less.
Security: You could demand either secure VPN connection to server or SFTP.
Backup: You can use Moodle's backup feature. Moodle will automatically create backups for all courses. You can schedule a script in Linux (local pc) to download all files using ftp/sftp on daily basis.
Below might be reasons why it is not that easy.
SFTP: Some hosts have a policy for security not to allow ssh access on public network. Yes, I know they can still give SFTP without shell (bash) login but it still makes ssh service available to the public. It is a very low security risk but it could be a big problem in case of any human error.
SFTP should not be a problem for providers who have better technical staff or who are just brave
Backup: 1) rsync - again security policy issue of not allowing ssh in public network.
2) Usually a service provider will backup data in night when server is at minimum load. They also have precise tools/scripts which work with minimum disturbance to server or Moodle. rsyncis very good but it can easily produce high load on servers which service providers want to avoid.
Backups are responsibility of service provider why do you want to do his job? (Yes, you answered that already).
My proposed solutions.
SSL: godaddy gives them for far less.
Security: You could demand either secure VPN connection to server or SFTP.
Backup: You can use Moodle's backup feature. Moodle will automatically create backups for all courses. You can schedule a script in Linux (local pc) to download all files using ftp/sftp on daily basis.
> SFTP: Some hosts have a policy for security > not to allow ssh access on public network. Yes, I know they can still > give SFTP without shell (bash) login but it still makes ssh service > available to the public. It is a very low security risk but it could be a big problem in case of any human error.
Perhaps I'm missing the obvious, but how is opening port 22 worse than opening port 21 plus providing support for the Passive FTP data circuit. Happily, vsftpd permits that to be restricted to a fixed range, and one can force other services to avoid putting dynamically assigned ports into that range, but even typing all this is more work than just dealing with port 22 <grin>.
With respect to backup timing, I've no problem following reasonable restrictions in that regard. After all, it's to my advantage as well to keep the backup footprint small!
I'm also open to alternatives that work well. But to offer no option of keeping our own backup is not one of those alternatives. As I wrote above, I and other have been burned that way before; I need no more "learning experiences" (as someone else called them {8^).
I appreciate your other suggestions. But, still, my immediate need is to identify a hosting solution that is well-suited to Moodle.
Thanks...Andrew
how is opening port 22 worse than opening port 21
ftp (21) may not be secure for end user as it has unencrypted link but for server it is secure. (It is not easy for a cracker to hack a server using FTP).
ssh (22) is secure for end user as it uses a encrypted link. For servers it has high potential of possible hacking attempt.
ftp (21) may not be secure for end user as it has unencrypted link but for server it is secure. (It is not easy for a cracker to hack a server using FTP).
ssh (22) is secure for end user as it uses a encrypted link. For servers it has high potential of possible hacking attempt.
I'm quite curious: what is your basis for the assertion that sshd has a higher potential for exploitation than any ftpd?
Thanks...Andrew
Give both ssh and ftp access to 10 students who will attempt an hack. With ftp they can't do much (or at least I don't know) but with ssh they can search for insecure configuration files to get more info about server which helps to find more vulnerabilities, for some it may be possible to edit/delete files stored by other users which is insecure (They might be able delete files in moodledata folder), they can try and hit with known vulnerability. Some who may not be able to hack may just try an DOS attack. With ssh possibilities are endless.
PS: SFTP service can be given without an ssh access (no bash/shell) but your backup (rsync) cannot.
PS: SFTP service can be given without an ssh access (no bash/shell) but your backup (rsync) cannot.
With FTP, all they have to do is set up a packet sniffer on your school network and wait for you to log in.
Tim Hunt: With FTP, all they have to do is set up a packet sniffer on your school network and wait for you to log in.
True but they won't be able to damage other accounts (other websites) using the same server.
My point was security risks involved between FTP/SFTP vs SSH (bash/shell - rsync) as from a hosting provider's view.
It is a huge risk to give access to SSH on a server where multiple sites exist (unless it is an VPS).
I totally agree that SFTP has better security compared to FTP. Key To School also has an option for schools to use SFTP if they like but we cannot allow them to use SSH (bash/shell) as it will be a security risk for our servers.
True but they won't be able to damage other accounts (other websites) using the same server.
My point was security risks involved between FTP/SFTP vs SSH (bash/shell - rsync) as from a hosting provider's view.
It is a huge risk to give access to SSH on a server where multiple sites exist (unless it is an VPS).
I totally agree that SFTP has better security compared to FTP. Key To School also has an option for schools to use SFTP if they like but we cannot allow them to use SSH (bash/shell) as it will be a security risk for our servers.
I was going to stay out of this, but its too juicy
As a full time system administrator for the past 10 years, i have to say that any FTP service is an order of magnitude more insecure than any ssh daemon.
You are basing your assumptions that FTP cannot give someone shell access when clearly this is not the case. FTP daemons run as root and history has proven them to be so insecure that yes an attacker can gain remote root on your server via "breaking" (i use that term loosely) the ftp server - not stealing user accounts and actually using the FTP protocol. Infact there is no comparison to what an attacker could or could not do if they were able to exploit either one of these services but SSH is _much_ more secure than any ftp server has ever been.
Take a look at milw0rms remote root exploit archive:
FTP Server remote exploits: http://milw0rm.org/port.php?port=21
SSH Server remote exploits: http://milw0rm.org/port.php?port=22
The results speak for themselves.
As a full time system administrator for the past 10 years, i have to say that any FTP service is an order of magnitude more insecure than any ssh daemon.
You are basing your assumptions that FTP cannot give someone shell access when clearly this is not the case. FTP daemons run as root and history has proven them to be so insecure that yes an attacker can gain remote root on your server via "breaking" (i use that term loosely) the ftp server - not stealing user accounts and actually using the FTP protocol. Infact there is no comparison to what an attacker could or could not do if they were able to exploit either one of these services but SSH is _much_ more secure than any ftp server has ever been.
Take a look at milw0rms remote root exploit archive:
FTP Server remote exploits: http://milw0rm.org/port.php?port=21
SSH Server remote exploits: http://milw0rm.org/port.php?port=22
The results speak for themselves.
I think I'm finally grasping your issue. It isn't SSH that you think insecure; it is the CLI?
First, I sort-of agree. Denying users a CLI is sort-of more secure than granting one. In fact, denying them FTP is even more secure. Really, the security officer's best friend is the "off" switch; just use that and all is well.
On the other hand, if a hosting provider cannot maintain a secure system despite providing a CLI, I'd have concerns about what other lacks might exist. Or put it another way: Many things that can be done with a CLI can be done with a well-crafted PHP/CGI/etc. "page". So if the provider cannot secure a CLI...
Third, though: It is possible to grant access to ssh/rsync w/o granting access to an arbitrary CLI. I mentioned that earlier in this thread. So if you're operating under the assumption that use of rsync requires availability of a full CLI, you're mistaken. I'd expect that you know this since you've mentioned providing SFTP w/o granting CLI access, but perhaps you don't completely understand what is possible in that realm of restricting access.
I hope that this helps to clear up this issue for you.
Thanks...Andrew
First, I sort-of agree. Denying users a CLI is sort-of more secure than granting one. In fact, denying them FTP is even more secure. Really, the security officer's best friend is the "off" switch; just use that and all is well.
On the other hand, if a hosting provider cannot maintain a secure system despite providing a CLI, I'd have concerns about what other lacks might exist. Or put it another way: Many things that can be done with a CLI can be done with a well-crafted PHP/CGI/etc. "page". So if the provider cannot secure a CLI...
Third, though: It is possible to grant access to ssh/rsync w/o granting access to an arbitrary CLI. I mentioned that earlier in this thread. So if you're operating under the assumption that use of rsync requires availability of a full CLI, you're mistaken. I'd expect that you know this since you've mentioned providing SFTP w/o granting CLI access, but perhaps you don't completely understand what is possible in that realm of restricting access.
I hope that this helps to clear up this issue for you.
Thanks...Andrew
We call it (CLI) bash or shell. Other then security (as I have already discussed) there are chances of overloading (a sort of DOS attack).
I am not speaking in technical terms what is possible but I am more inclined towards what is more practical. There are many things that are possible but not practical.
In short I wanted to say that giving access to mysqldump and rsync is not practical in case when a server is used to serve many isolated Moodle websites of different schools.
If you want a Moodle Partner who gives mysqldump and rsync (unless it is a dedicated server) as a standard service then I doubt you are going to find one. Dedicated server will be costly for your needs (As you mentioned that your need of resources is very low).
For you I repeat my proposed solution.
SSL: godaddy gives them for far less.
Security: You could demand either secure VPN connection to server or SFTP.
Backup: You can use Moodle's backup feature. Moodle will automatically create backups for all courses. You can schedule a script in Linux (local pc) to download all files using ftp/sftp on daily basis.
PS: you can safely use FTP if your host gives you VPN access to server.
I am not speaking in technical terms what is possible but I am more inclined towards what is more practical. There are many things that are possible but not practical.
In short I wanted to say that giving access to mysqldump and rsync is not practical in case when a server is used to serve many isolated Moodle websites of different schools.
If you want a Moodle Partner who gives mysqldump and rsync (unless it is a dedicated server) as a standard service then I doubt you are going to find one. Dedicated server will be costly for your needs (As you mentioned that your need of resources is very low).
For you I repeat my proposed solution.
SSL: godaddy gives them for far less.
Security: You could demand either secure VPN connection to server or SFTP.
Backup: You can use Moodle's backup feature. Moodle will automatically create backups for all courses. You can schedule a script in Linux (local pc) to download all files using ftp/sftp on daily basis.
PS: you can safely use FTP if your host gives you VPN access to server.
Overloading is no more or less likely with a CLI than with a web application. That's an example of what I meant when I wrote that securing one is not too different from securing the other.
If you know enough to impose runtime limits, for example, on CGIs than you can do the same on CLIs.
Your statement that providing rsync or mysqldump access is "not practical" for shared hosting is simply false. This is independent of whether the hosting is Moodle-specific or not. Before my interaction with our previous Moodle Partner, I'd not heard of a shared hosting account that didn't provide a CLI in many years.
In some cases, providers go so far as to have separate boxes for web and CLI access. This is usually the case, though, where providers are sufficiently savvy and large that they run all their accounts on a cluster of boxes rather than a single box. Smaller shops may not have the capacity to do this, but that doesn't make CLI use any less practical. It simply means that their environment is less robust, but this is independent of CLI or web.
[Though clustering can have down-sides too. Media Temple had a large outage when one of their filers went offline recently, for example. This took out a lot of their accounts. If they'd a bunch of servers each with local drives, then the equivalent problem would have impacted only a few of their accounts. Nothing is perfect, alas.]
Thanks...Andrew
If you know enough to impose runtime limits, for example, on CGIs than you can do the same on CLIs.
Your statement that providing rsync or mysqldump access is "not practical" for shared hosting is simply false. This is independent of whether the hosting is Moodle-specific or not. Before my interaction with our previous Moodle Partner, I'd not heard of a shared hosting account that didn't provide a CLI in many years.
In some cases, providers go so far as to have separate boxes for web and CLI access. This is usually the case, though, where providers are sufficiently savvy and large that they run all their accounts on a cluster of boxes rather than a single box. Smaller shops may not have the capacity to do this, but that doesn't make CLI use any less practical. It simply means that their environment is less robust, but this is independent of CLI or web.
[Though clustering can have down-sides too. Media Temple had a large outage when one of their filers went offline recently, for example. This took out a lot of their accounts. If they'd a bunch of servers each with local drives, then the equivalent problem would have impacted only a few of their accounts. Nothing is perfect, alas.]
Thanks...Andrew
Actually, you are right (in a way).
Godady provides SSH access, has SFTP, *support* Moodle, price is less than $5.
All my comments are Moodle specific. If I compare shared hosting and Moodle Hosting provided by Moodle Partner (MP) then there are some major differences. (It may not be applicable to every shared hosting provider or every MP).
Shared hosting has limitations that can be ignored by customers.
So, I would always recommend a MP (smaller shops) when compared with large companies (shared hosting).
I am not affiliated or associated with any MP or godaddy.
PS: Almost *all* MP should be running clusters. Single box are just not economical.
Godady provides SSH access, has SFTP, *support* Moodle, price is less than $5.
All my comments are Moodle specific. If I compare shared hosting and Moodle Hosting provided by Moodle Partner (MP) then there are some major differences. (It may not be applicable to every shared hosting provider or every MP).
Shared hosting has limitations that can be ignored by customers.
- godaddy provides 10 GB disk space but only 200MB database. What happens if someone had larger database?
- How many students will be able to study in Moodle running on shared hosting? Take a test in a class of 25 students which includes Moodle Quiz and see what happens.
- Moodle can send only X amount of email per hour/day.
- Backups are your responsibility.
- Moodle support?
So, I would always recommend a MP (smaller shops) when compared with large companies (shared hosting).
I am not affiliated or associated with any MP or godaddy.
PS: Almost *all* MP should be running clusters. Single box are just not economical.
Thanks for the pointer to Godaddy. I'm reading around now to see what support they provide, but the initial view I have isn't all that terrific. Still, I note that the complaints I'm seeing date back to 2007, so...
I'm not sure about the distinctions you're drawing between shared hosting and shared Moodle hosting. Ignoring the support issue - which is tough, as that's significant for us, as I've mentioned - I'm not sure why you expect a difference. Moodle may or may not be a resource-intensive application (I don't yet know), but there are plenty of other resource-intensive applications. Any of these can overwhelm a shared account under the wrong/right circumstances. Ever heard of being "slashdot-ed"?
You mention that backups are not provided by the hosting provider. Since when? Every provider - even the Moodle Provider we chose to not use - does their own backup. Yes, I think that we should too, as I've written. But that doesn't seem to be what you're implying.
You mention Godaddy's DB space limit. Any hosting provider will have one of those (even someone hosting themselves has only a certain amount of disk space at any given moment {8^). So I'm again unclear as to your point.
Thanks again...Andrew
I'm not sure about the distinctions you're drawing between shared hosting and shared Moodle hosting. Ignoring the support issue - which is tough, as that's significant for us, as I've mentioned - I'm not sure why you expect a difference. Moodle may or may not be a resource-intensive application (I don't yet know), but there are plenty of other resource-intensive applications. Any of these can overwhelm a shared account under the wrong/right circumstances. Ever heard of being "slashdot-ed"?
You mention that backups are not provided by the hosting provider. Since when? Every provider - even the Moodle Provider we chose to not use - does their own backup. Yes, I think that we should too, as I've written. But that doesn't seem to be what you're implying.
You mention Godaddy's DB space limit. Any hosting provider will have one of those (even someone hosting themselves has only a certain amount of disk space at any given moment {8^). So I'm again unclear as to your point.
Thanks again...Andrew
Hosts backup the whole site. Teachers should be in charge of backing up their own courses and downloading them to somewhere. Moodle can do the backups automatically. Jai was saying that these can be automatically downloaded - if he could let us know how, I would be most grateful. Jai, your comments and advice have been very very helpful. Thank you. This from a teacher.
Andrew, I wonder if you have the end user in mind sometimes. How long will you be a part of the school and able to offer advice? It will be the teaching staff that has to continue on. I understand that you are trying to make it such that the teachers will have to do as little as possible on the tech side (at least I hope that is the case). This is admirable But you will have to think long term such as when you are no longer associated with the school. Sounds like it is a private school that you are talking about as funding from public ones would more than likely not be available for the support you are talking about. Jai's comments keep things open to the vast majority. Again, Jai, I'm grateful.
Eric
Andrew, I wonder if you have the end user in mind sometimes. How long will you be a part of the school and able to offer advice? It will be the teaching staff that has to continue on. I understand that you are trying to make it such that the teachers will have to do as little as possible on the tech side (at least I hope that is the case). This is admirable But you will have to think long term such as when you are no longer associated with the school. Sounds like it is a private school that you are talking about as funding from public ones would more than likely not be available for the support you are talking about. Jai's comments keep things open to the vast majority. Again, Jai, I'm grateful.
Eric
Eric Hagley: Jai was saying that these can be automatically downloaded - if he could let us know how
All backups are stored in moodledata folder. A bash script could be created which downloads these files to your local PC using FTP/SFTP. I have never created this script but it should be an easy script for someone to create. This script can be hooked with cron to work on scheduled basis.
script by cyberciti.biz can be used as starting reference (This script is not close to what we need but it demonstrate how transferring of files over FTP can be automated).
All backups are stored in moodledata folder. A bash script could be created which downloads these files to your local PC using FTP/SFTP. I have never created this script but it should be an easy script for someone to create. This script can be hooked with cron to work on scheduled basis.
script by cyberciti.biz can be used as starting reference (This script is not close to what we need but it demonstrate how transferring of files over FTP can be automated).
Andrew, I wonder if you have the end user in mind sometimes. How long will you be a part of the school and able to offer advice? It will be the teaching staff that has to continue on. I understand that you are trying to make it such that the teachers will have to do as little as possible on the tech side (at least I hope that is the case). This is admirable But you will have to think long term such as when you are no longer associated with the school. Sounds like it is a private school that you are talking about as funding from public ones would more than likely not be available for the support you are talking about. Jai's comments keep things open to the vast majority.
I appreciate the insight; I won't be with the school forever. Of course, neither will anyone else. My involvement in this project started because I was pushing for a tool usable to preserve knowledge over time. For example, every year a class has a new parent coordinator. They
That would not please the faculty. A little planning now can avoid a disaster in the future; I'm unclear as to why several people here are so adverse to this idea. Failure to do this would be precisely a failure of "long term planning". I'm puzzled at how some people are apparently adverse to this idea.
Thanks...Andrew
Andrew: Moodle may or may not be a resource-intensive application (I don't yet know), but there are plenty of other resource-intensive applications. Any of these can overwhelm a shared account under the wrong/right circumstances. Ever heard of being "slashdot-ed"?
Moodle is not a resource-intensive application but there are some parts that needs high resource (Quiz, Chat, Cron). If your Moodle site have some simultaneous users (concurrency - I wanted to avoid this term) using Quiz then it produces a high load which causes response time to increase dramatically in shared hosting. If there are students who have subscribed to digest and you have auto-backup enabled then it is likely that you will face issues with Cron in shared hosting.
I was not referring to Slashdot.
Andrew: You mention that backups are not provided by the hosting provider.
If you go with MP or anyone with Managed Hosting then site backups are responsibility of the technical team and not your school. In shared hosting they might provide tools to assist in backup but ultimately it will be your school's responsibility to backup everything.
Andrew: DB space limit
Godaddy has a cap on DB size i.e. 200MB. This is maximum size that can be used by Moodle's database. To understand this better let's take a look at godaddy's Unlimited Plan. It has unlimited disk space but max DB size is same - 200MB.
In Moodle a lot of information is stored in database; this DB keeps growing with time. If it any point your DB reaches 200MB then your site will crash (stop behaving normally) and you will be forced to move.
This when compared to MPs, they don't define any such limit. If you buy space for 10GB then you will get 10GB to use it in any way (You may be using 500MB for DB and rest for storing all files).
As summary, I wanted to say that you may have to experience unexpected if you go for shared hosting. If you really needs those tools (mysqldump, rsync) which MP don't provide (at least I don't know any MP does) then I would personally recommend you to either go for dedicated server at a MP or go for Manage Hosting. These attractive and shining shared hosting (by large companies) is really not that Good as they appear to be.
Moodle is not a resource-intensive application but there are some parts that needs high resource (Quiz, Chat, Cron). If your Moodle site have some simultaneous users (concurrency - I wanted to avoid this term) using Quiz then it produces a high load which causes response time to increase dramatically in shared hosting. If there are students who have subscribed to digest and you have auto-backup enabled then it is likely that you will face issues with Cron in shared hosting.
I was not referring to Slashdot.
Andrew: You mention that backups are not provided by the hosting provider.
If you go with MP or anyone with Managed Hosting then site backups are responsibility of the technical team and not your school. In shared hosting they might provide tools to assist in backup but ultimately it will be your school's responsibility to backup everything.
Andrew: DB space limit
Godaddy has a cap on DB size i.e. 200MB. This is maximum size that can be used by Moodle's database. To understand this better let's take a look at godaddy's Unlimited Plan. It has unlimited disk space but max DB size is same - 200MB.
In Moodle a lot of information is stored in database; this DB keeps growing with time. If it any point your DB reaches 200MB then your site will crash (stop behaving normally) and you will be forced to move.
This when compared to MPs, they don't define any such limit. If you buy space for 10GB then you will get 10GB to use it in any way (You may be using 500MB for DB and rest for storing all files).
As summary, I wanted to say that you may have to experience unexpected if you go for shared hosting. If you really needs those tools (mysqldump, rsync) which MP don't provide (at least I don't know any MP does) then I would personally recommend you to either go for dedicated server at a MP or go for Manage Hosting. These attractive and shining shared hosting (by large companies) is really not that Good as they appear to be.
Moodle is not a resource-intensive application but there are some parts that needs high resource (Quiz, Chat, Cron).
If your Moodle site have some simultaneous users (concurrency - I
wanted to avoid this term) using Quiz then it produces a high load
which causes response time to increase dramatically in shared hosting.
If there are students who have subscribed to digest and you have
auto-backup enabled then it is likely that you will face issues
with Cron in shared hosting.
If your Moodle site have some simultaneous users (concurrency - I
wanted to avoid this term) using Quiz then it produces a high load
which causes response time to increase dramatically in shared hosting.
If there are students who have subscribed to digest and you have
auto-backup enabled then it is likely that you will face issues
with Cron in shared hosting.
[Why avoid the term "concurrency"?]
What is "subscribed to digest" and why would this cause a problem with cron? You know about "nice", yes, or --bwlimit (or tc) in case it is bandwidth that is an issue?
I was not referring to Slashdot.
Neither am I. I'm referring to the phenomena known by that name. The point being that any site can become busy enough to overwhelm its current hosting solution.
In shared hosting they might provide tools to assist in backup
but ultimately it will be your school's responsibility to
backup everything.
but ultimately it will be your school's responsibility to
backup everything.
You appear to be claiming that any shared hosting solution won't provide backups. I'm unfamiliar with any such as what you describe. Are you saying that Godaddy doesn't backup? Or Dreamhost? Or Media Temple? Or...?
Now, I still believe - as I wrote above - that a smart hosting client will backup themselves anyway. But you seem to be making statements that disagree with my experiences with these firms.
I'm not, mind you, defending the idea of non-Moodle-savvy hosting for my school. In fact, while others have suggested that, I'm still of the opinion that Moodle-savvy hosting is the way to go given our inexperience with Moodle. But, while I am in favor of Moodle-savvy hosting, the reasons you're citing involve facts that are contrary to my experience.
I'm curious how that can be the case.
Thanks...Andrew
I was hoping to see more like this in this thread. I have the problem of presenting a paper to the board very soon giving the pros and cons of self support or hosting and making a recommendation
We support trainee teachers across some 300 schools. Our trainees will tend to use the VLE after school hours and during the week end (our trainers will load during the working day) but I cannot see how we can provide more than 7/5 support and I'm leaning towards a hosted solution for that reason but would want to know just what sort of support would be available (I'm really talking about answering questions like " why is running so slow", "I can't log on" etc rather than "where do I find the material on?" type). Some of the technical issues can wait until we've made the fundemental decision. We already support our web site on our own server with a 2mb access. As the idea is to have entry through the web site I fear that this will be inadequate when we get 4 - 500 nearly concurrent users and am likely to reccommend having the web site hosted by the same supplier. Any useful ideas of just what level of service one might expect etc will be most useful. I hope this is in line with the original request that pushed this discussion off.
In reply to Robert Robinson
Re: Help choosing a hosting solution - support
by Visvanath Ratnaweera -
Hi Robert
For the VLE you've described I see only two alternatives:
1. Lease a full dedicated server (no shared servers) from a professional hoster. They'll look after the hardware, networt and will give you the initial operating system. The whole software stack is your responsibility.
2. Go to a Moodle specialist, like the Moodle-Partners. They look after both hardware and software. They'll also give second level support. I don't think they will/can give first level support. For that you need your own personnel.
The pros and cons are obvious: For your own dedicated server you'll pay much less, but then you'll have more work. The Moodle-specialist is the opposite.
For the VLE you've described I see only two alternatives:
1. Lease a full dedicated server (no shared servers) from a professional hoster. They'll look after the hardware, networt and will give you the initial operating system. The whole software stack is your responsibility.
2. Go to a Moodle specialist, like the Moodle-Partners. They look after both hardware and software. They'll also give second level support. I don't think they will/can give first level support. For that you need your own personnel.
The pros and cons are obvious: For your own dedicated server you'll pay much less, but then you'll have more work. The Moodle-specialist is the opposite.
Have you tried ringing some of the UK Moodle partners to see if they could give you a rough idea of service level/cost options over the phone?
First thing I thought off! Pulled up the relative sites and the 'contact us' bit. Described my problem and gave e mail phone etc. Still waiting for a response from someone which is not encouraging.
I'm a bit confused about why you are comparing FTP with SSH. In a locked down situation I might well give a user SFTP access but not SSH access. They are just not the same thing at all. I take it that you do know how to provide SFTP (or indeed SCP) and withhold full shell access via SSH?
Other than that - and I suppose we must agree to disagree - I'm at a loss as to how you can think a completely clear-text solution is preferable to an encrypted one.
Likewise, I wouldn't want to do rsync over the public internet without encryption for all the same reasons. There are some creative ways around the "rsync over ssh but no (useful) shell" situation.
Other than that - and I suppose we must agree to disagree - I'm at a loss as to how you can think a completely clear-text solution is preferable to an encrypted one.
Likewise, I wouldn't want to do rsync over the public internet without encryption for all the same reasons. There are some creative ways around the "rsync over ssh but no (useful) shell" situation.
Howard Miller: I'm a bit confused about why you are comparing FTP with SSH
I wanted to convey my message to Andrew that giving FTP/SFTP access to users is easy but giving SSH access for rsync won't be that easy.
Howard Miller: I take it that you do know how to provide SFTP (or indeed SCP) and withhold full shell access via SSH?
Yes, Key To School gives SFTP it all its users without allowing them SSH (bash/access).
Howard Miller: Other than that - and I suppose we must agree to disagree - I'm at a loss as to how you can think a completely clear-text solution is preferable to an encrypted one.
As you already know my comparison was between FTP and SSH not between FTP and SFTP. I never said (or wanted to say) that FTP (clear-text) is preferable to SFTP (Encrypted one). I totally agree with you.
Howard Miller: Likewise, I wouldn't want to do rsync over the public internet without encryption for all the same reasons. There are some creative ways around the "rsync over ssh but no (useful) shell" situation.
Exactly, I would have used VPN. My recommendation to Andrew was to use Moodle auto backups. You might be able to suggest something better for backups.
I wanted to convey my message to Andrew that giving FTP/SFTP access to users is easy but giving SSH access for rsync won't be that easy.
Howard Miller: I take it that you do know how to provide SFTP (or indeed SCP) and withhold full shell access via SSH?
Yes, Key To School gives SFTP it all its users without allowing them SSH (bash/access).
Howard Miller: Other than that - and I suppose we must agree to disagree - I'm at a loss as to how you can think a completely clear-text solution is preferable to an encrypted one.
As you already know my comparison was between FTP and SSH not between FTP and SFTP. I never said (or wanted to say) that FTP (clear-text) is preferable to SFTP (Encrypted one). I totally agree with you.
Howard Miller: Likewise, I wouldn't want to do rsync over the public internet without encryption for all the same reasons. There are some creative ways around the "rsync over ssh but no (useful) shell" situation.
Exactly, I would have used VPN. My recommendation to Andrew was to use Moodle auto backups. You might be able to suggest something better for backups.
I'm not a Moodle Partner, so nobody get that idea.
I don't see why FTP is being so demonized. I offer FTP for my users and I actually prefer it over SFTP/SCP.
I've set up my users to use FTP virtual users which upload files into directories that are readable by the users who need them. After uploading the files over FTP, they just log in through SSH and move the files over to their home directories or elsewhere.
I don't see why FTP is being so demonized. I offer FTP for my users and I actually prefer it over SFTP/SCP.
I've set up my users to use FTP virtual users which upload files into directories that are readable by the users who need them. After uploading the files over FTP, they just log in through SSH and move the files over to their home directories or elsewhere.
Well, FTP is completely insecure. Your authentication and all the data is sent plain text. If the usernames/passwords are the same as they use for SSH then that almost completely negates the benefits of using SSH too. Besides, if you have SSH installed you get SFTP (and SCP) for free. Most FTP clients now seem to happily handle SFTP too.
It's not completely insecure, it's just not encrypted. If you're transferring sensitive data, I always recommend encrypting it before it ever hits the network. And no, the usernames/passwords are not the same as actual system accounts.
Most of my users, including me too, use WinSCP. If you've ever used it, you'd know how slow SFTP really is especially over long distance links. SCP does not support transfer resuming, so that's not an option.
Most of my users, including me too, use WinSCP. If you've ever used it, you'd know how slow SFTP really is especially over long distance links. SCP does not support transfer resuming, so that's not an option.
I wouldn't expect scp to support resuming but sftp does.... and I notice that WinSCP supports it too.
I use scp and sftp all day every day, thanks If it's slow then I've never noticed, sorry.
I use scp and sftp all day every day, thanks
If you're using login information to FTP, then you're sharing the login information needed to FTP. I'm not clear how this isn't insecure; someone else could FTP as you. Presumably, if you also have SSH rights, they could SSH as you. You could have one login for FTP and another for SSH, I suppose, but that seems to be a lot of work to avoid a simple solution.
Or are you using one of those SecureID type one-time login devices?
I have used SFTP over long distance links, and have been doing so for years (ie. when connections were slower than they are now). I'm not sure why you opine that it is slower than FTP. Perhaps you'd compression enabled on an underpowered machine? But even that can be a net win depending upon the bandwidth available for the transfer.
I did a little seaching for comparisons between SFTP and FTP, but all I could find was this:
http://marc.info/?t=102485413700004&r=1&w=2
But for any transfer of significance, I confess, I've lately tended to use rsync. It does support resuming of a transfer (in a few different ways) as well as only moving differences (which is one of those ways, in fact {8^).
Thanks...Andrew
Or are you using one of those SecureID type one-time login devices?
I have used SFTP over long distance links, and have been doing so for years (ie. when connections were slower than they are now). I'm not sure why you opine that it is slower than FTP. Perhaps you'd compression enabled on an underpowered machine? But even that can be a net win depending upon the bandwidth available for the transfer.
I did a little seaching for comparisons between SFTP and FTP, but all I could find was this:
http://marc.info/?t=102485413700004&r=1&w=2
But for any transfer of significance, I confess, I've lately tended to use rsync. It does support resuming of a transfer (in a few different ways) as well as only moving differences (which is one of those ways, in fact {8^).
Thanks...Andrew
Andrew - BUMP.
What budget does your school have to support this endeavor?
SFTP also offers compression on the fly.
SSH/SFTP also permits the use of public key crypto as a replacement for passwords. Instead of a site administrator sending via email a password to a new user, the new user sends a public key to the administrator (retaining the private, or secret, key). Once the administrator authorizes the key, the new user can log into the account using the private key. Anyone intercepting the public key sent via email gets nothing of value, which is different from the case where a password is intercepted.
Key-based authentication also makes automated copying simpler.
Key-based authentication can also be tied to a specific command, permitting an admin to grant a key access not to an account but just to a single command executed through that account. For additional flexibility but with the same idea of limiting access, "restricted shell" can be used (ie. to permit an SSH login to do nothing but run SFTP).
Once you're in the world of SSH, you can also take the next small step and use rsync for file transfer. It uses SSH for communication, so security is a given. But rsync offers some very nice features for "bulk" file transfer. By default, it moves only the [pieces of] files that have changed since the last copy. So it's a nice cheap way to copy a bunch of files you're maintaining w/o having to think about which files have actually changed since the last copy.
Rsync's --link-dest feature makes it trivial to maintain complete snapshot backups of a remote directory tree while copying only the changes. This is a very efficient and effective way to do backups.
FTP also has certain complexities avoided by SSH. The active/passive thing is a pain to someone designing firewall rules. And, though I've not seen this in a number of years, I used to see with some frequency "home routers" breaking on the use of enough instances of FTP's data circuit and requiring a reboot to let FTP work again.
Now, how about a Moodle Partner/hosting vendor that lets us use these tools?
Thanks...Andrew
SSH/SFTP also permits the use of public key crypto as a replacement for passwords. Instead of a site administrator sending via email a password to a new user, the new user sends a public key to the administrator (retaining the private, or secret, key). Once the administrator authorizes the key, the new user can log into the account using the private key. Anyone intercepting the public key sent via email gets nothing of value, which is different from the case where a password is intercepted.
Key-based authentication also makes automated copying simpler.
Key-based authentication can also be tied to a specific command, permitting an admin to grant a key access not to an account but just to a single command executed through that account. For additional flexibility but with the same idea of limiting access, "restricted shell" can be used (ie. to permit an SSH login to do nothing but run SFTP).
Once you're in the world of SSH, you can also take the next small step and use rsync for file transfer. It uses SSH for communication, so security is a given. But rsync offers some very nice features for "bulk" file transfer. By default, it moves only the [pieces of] files that have changed since the last copy. So it's a nice cheap way to copy a bunch of files you're maintaining w/o having to think about which files have actually changed since the last copy.
Rsync's --link-dest feature makes it trivial to maintain complete snapshot backups of a remote directory tree while copying only the changes. This is a very efficient and effective way to do backups.
FTP also has certain complexities avoided by SSH. The active/passive thing is a pain to someone designing firewall rules. And, though I've not seen this in a number of years, I used to see with some frequency "home routers" breaking on the use of enough instances of FTP's data circuit and requiring a reboot to let FTP work again.
Now, how about a Moodle Partner/hosting vendor that lets us use these tools?
Thanks...Andrew
Yes, I know, but I guess you weren't talking to me 
OK since no one seems to be jumping up and saying we do that who is a moodle partner I am going to suggest you very specifically write and ask the ones in your country if they do and what their rates are. Self promotion is frowned upon so that may be why the partner answers here are restricted.
There really is another option which is a dedicated or virtual server where the school is in control of those functions and a part time or on call moodle administrator.
Weigh and price things out.
I know you don't have the shopping gene but it sounds like that is what you need to do in this case.
Andrew,
We at Remote-Learner, a Moodle Partner, will be happy to assist you. You can reach me, Rod Deter, at 540.943.7831 x 117 or rod@remote-learner.net.
Rod Deter
We at Remote-Learner, a Moodle Partner, will be happy to assist you. You can reach me, Rod Deter, at 540.943.7831 x 117 or rod@remote-learner.net.
Rod Deter