Web Hosting Industry

What is GDPR? An easy overview of the General Data Protection Regulation

The EU General Data Protection Regulation (GDPR) law is the most important change in data privacy regulation in 20 years – we’re here to make sure you’re prepared. How’s that for an opening line? If you fire up your web browser right now and head over to the EU’s official GDPR homepage (seriously do it), this bold quote sticks out like a sore thumb, and that’s most likely by design. GDPR is currently among the hottest and controversial tech topics that no one (well, at least us state-side folks) is talking about. Proposed by the European Commission, GDPR is a data protection law that was initially adopted last April and replaces a previous data protection law implemented back in 1995. GDPR goes into effect on May 25, 2018. Although the GDPR regulations are technically in place right now, they’re not enforceable until May 25, 2018. Given that this is the date, we need to roll our sleeves up and get to work!

Familiarize Yourself With The Basics

I’d be the first person to admit that I’m no legal advisor nor am I anywhere close to being a GDPR expert by any means. However, I will do my best to keep you calm and share as much as I understand to help you prepare for doomsday (ignore my awful attempt at humor, swear I’m not trying to scare you!). The aim or objective of GDPR is to put personal data back under the control of the individual. If you’ve done any basic level of research on GDPR, you’ll notice the EU’s documentation use of the words ‘processor’ and ‘controller’ quite frequently. In a layman’s term, the data controller is the organization (aka us business owners) that hence ‘control’ the data, whereas, the data processor is the organization that handles or processes this data (can be your web hosting provider, email marketing provider, etc.).

In principle, the mere timing and action of the legislation shouldn’t be that surprising when you take in account last year’s disastrous Equifax’s data breach and Facebook’s current data scandal. As a self-proclaimed tech-junky, what catches my attention most is not so much the timing or even the formation of the GDPR law (generally speaking) but rather, the requirements of the law and skeptically what is being defined as ‘personal data.’ Be mindful of this as you can overlook personal data.

According to the EU, the term ‘personal data’ is loosely described as any information that can define a human being (name, photo, email addresses, date of birth, etc.). If you think about this, there’s a little bit of a grey area in this regard. For example, from my understanding, comments left on that last kick-ass blog post you created would also be categorized as personal data under the law. Why? Because that person that left you that nice feedback in the comments section probably had to sign in your website. This means that we (the business) have some form of this individual’s data stored on our end (by the web host). Some may find this excessive and abrasive, but unfortunately, it’s out of our control, and we have to accept it. Know that EU citizen’s data are about to be protected to an extent we’ve never seen before.


Why Should You Be Concerned?

Although it’s most pivotal for businesses inside the European countries, the GDPR legislation will have an impact on your company if you have any website visitors from European citizens. A little louder for the folks in the back: If you’re a business or website and are collecting any user data from European citizens or residents, you are required by law to comply 100% with GDPR. GDPR applies to ANY company that processes any data on behalf of EU citizens or residents. Don’t feel like complying? You better be ready to fork up some cash. Penalties for non-compliance of the GDPR can result in fines of up to 4% of gross revenue (or up to 20 million Euros).  Under GDPR, your organization only has 72 hours to report a data breach, so time is literally of the essence. Sorry for my language but there’s no ‘half-assing’ this time around my friends. Now that that’s out of the way let’s get down to brass tacks.

Marketers especially will be key players in the rollout of GDPR. Let’s role-play for a moment (not that kind of role-play, get your head out of the gutter) and put on our digital marketing hats. On any given day, we target users and collect their data, and probably don’t think twice about it. For example, on our standard landing page or ‘contact us’ form, we might have three fields: first name, last name, and email address. We then subsequently grab this information from a database to collect or update our current mailing list of subscribers so we can target them using various platforms. With GDPR, we need an extra check mark that requests the consumer’s consent. This text will read along the lines of ‘I consent to company XYZ collecting and storing my data via this form.’ The folks at WPForms wrote an easy starter kit on how to create GDPR compliant forms that I recommended checking out. If you’re not already implementing double opt-ins, the procedure where the person who initially signed up receives a confirmation email to confirm their signup, I highly recommend doing this asap. The great advantage of double-opt ins is that it puts the responsibility on the user to take the next step. One less thing to worry about!

What Immediate Steps Can You Take?

Under GDPR, there are several action items that we have to fulfill as WordPress administrators. If you can begin by doing some simple house cleaning, the lowest hanging fruit is to wipe out any plugins you’re not utilizing. This is already a best practice for ensuring website performance and optimization, so you’re killing two birds with one stone. From a provider standpoint, any plugins that you use will also need to comply with the GDPR rules as well. Putting that marketing hat back on for a moment, think about plugins you’ve integrated with your WordPress site. I would bet that you’re probably using a web analytics tool. You’ll want to pay attention to these tools because their sole reason for existing is to track users and their user behaviors on your behalf.

On a side note, GDPR can spell some tough times for some of the most popular plugins out there. Solution providers such as Jetpack, a very popular marketing & design WordPress plugin, collect a whole lot of data by nature. However, as a site admin or owner, it’s still our responsibility to make sure that the plugins, active or inactive, are complying with GDPR regulations themselves. Perfor an audit of your plugins and make sure that the third-party providers are on their A-Game when it comes to GDPR compliance. Familiarize yourself with plugins as you’ve never done before. Also, I realize it’s common for a lot of businesses to outsource their website management to third parties. Unfortunately, this causes a disconnection between the owner(s) and the third party admins who hold personal data. Reach out to them on twitter or go old-school and give them a ring (people do this still right) to make sure stakeholders are all on the same page.

Website cookies also store and collect data to help marketers retarget users with ads, analytics tracking, and storing your session dat) Going forward, you should make your messaging crystal clear for individuals ahead of placing any cookies on their machine. One action you can take is to launch a pop-up window or place text somewhere that’s extremely visible to the user. We can no longer be vague with our messaging. People need to know what they are signing up for, so investigate and find out what the plugins and other third-party tools are collecting on your behalf. Remember, the burden of proof lies with us, the business owners and organizations.

Some larger organizations who have the budget, have already decided to appoint or hire a Chief Data Officer. This expert would be responsible for all things GDPR related and would relieve companywide anxiety for sure. Whoever you put in charge, he or she needs to fully grasp what information is being collected, how it’s being collected and why it’s being collected. If your budget doesn’t allow for a fancy Chief Data Officer, that’s okay. Another route you can take is to have your legal team work together with your in-house or IT hosting company. This creates a synergy, and it’s less likely things will fall through the cracks. On a larger scale, ensure every single employee in your organization has a basic understanding of GDPR and why it’s important to stay mindful of. Make a company event out of it, or get on a quick all hands call to get the ball rolling. However you decide to move forward, the key is to create awareness as soon as possible and start getting into good habits!

HD is beyond thrilled to announce that we’ll be joining an incredible group of sponsors for this year’s WordCamp conference in Sunny San Diego! For those who haven’t attended in the past, WordCamp is a yearly conference covering all things WordPress related. WordCamp SD will be held at San Diego City College on April 14-15th. (Don’t stress though, the venue is conveniently located near the San Diego Airport with there’s ample parking in the area). 

This year’s speakers include an outstanding lineup of WordPress developers, designers, and business leaders alike. WordPress topics from the event schedule that caught our eyes include; ‘The Hidden Features of WordPress’ and ‘Making Security Make Sense to Users & Clients.” The HD crew is particularly looking forward to all things security/privacy related, along with networking with the WordCamp community…but who isn’t right?! 

You can follow the conversation on social media by using the official WordCamp San Diego 2018 Hashtag #WCSD and be sure to reach out or tag us on Twitter (@HostDuplex) during the conference.

Purchase your tickets today, book your hotel and come nerd out with us in San Diego!

This tutorial describes how to install the Dell OMSA (OpenManage Server Administrator) on Citrix XenServer 6.5.

Note: Citrix has spent long hours quality testing their packages.  The method below downloads packages directly from the CentOS-Base repository. While the following method has worked just fine in our lab, we ask you to proceed with caution.

Step 1:
Temporarily disable the Citrix yum repository.  As of this post, Citrix’s repo does not seem to be working properly.

To do so, let’s temporarily move the Citrix.repo file out of the /etc/yum.repos.d folder.
Alternatively, you can also disable the repo within the file itself.

mv /etc/yum.repos.d/Citrix.repo /root/Citrix.repo

Step 2:
Run the following:

yum clean all

Step 3:
Install the Dell OMSA Repository:

wget -q -O – http://linux.dell.com/repo/hardware/Linux_Repository_14.12.00/bootstrap.cgi | bash

Step 4:
Install Dell OpenManage Server Administrator

yum –enablerepo=base install srvadmin-all

Step 5:
Open port 1311 in iptables

nano /etc/sysconfig/iptables

Now add the following line above the second-to-last line that mentions icmp-host-prohibited:

-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 1311 -j ACCEPT

Step 6:
Restart iptables

service iptables restart

Step 7:
Start Dell OpenManage Server Administrator

/opt/dell/srvadmin/sbin/srvadmin-services.sh start

Step 8:
Move the Citrix.repo file back to the original location:

mv /root/Citrix.repo /etc/yum.repos.d

Step 9:
You can now access OMSA via your browser: https://Your.IP.Address.Here:1311


If you’ve tried to change the DNS Nameservers on your XenServer machine and are wondering why it keeps reverting back to its previous setting, you’re not alone.  In this blog we lay out the steps on how to properly change your DNS settings in XenServer.

You’ll want to log onto your machine via XenCenter or via console and go to the Local Command Shell:

Local Command Shell

2.  Now you’ll want to run xe pif-list
Take note of the uuid of your management interface.
3.  Now you’ll want to run the xe pif-reconfigure-ip uuid=youruuid mode=static IP=ipaddresshere netmask=subnetmask gateway=yourgateway DNS=dnsserver1,dnsserver2
Press enter and you’re set 🙂

Reconfigure XenServer DNS Nameservers

To begin installation of XenServer you’ll want download the latest Citrix XenServer Install CD, any supplemental packs, and XenCenter.  You may have to login to download the ISO files.  We recommend using PowerISO or any other burning utility that can verify your disc.

To install Citrix XenServer, there are a few requirements that must be met.  Your server must include at least 2GB of RAM.  The processor must be a minimum of 1.5GHz, and support virtualization (Intel® VT or AMD-V™ required for support of Windows guests).    You may want to review the XenServer System Requirements.  Our test machine for this how-to is a Dell PowerEdge 1950.  Before installation begins, you should enable virtualization within your BIOS.

1.  Begin by booting your computer and entering BIOS.  On our machine that is the F2 key:Dell PowerEdge 1950 XenServer Install

2.  Move to the applicable category, CPU Information in our case:Dell PowerEdge 1950 CPU Information

3.  Enable Virtualization Technology:Enable Virtualization Technology

4.  Save and Reboot.  Ensure your disc in the drive and make sure you boot from your CD drive.  If your server doesn’t have a cd/dvd drive, you may have to use an external drive.

When you boot from the CD, you should reach the XenServer installation screen. Press Enter once you reach the screen below to continue with installation.XenServer Installation Screen
5.  You should reach the screen asking you to choose your keymap.  Choose your keyboard layout and continue… in our case, [qwerty] us

6.  The next screen will ask if you need to load a device driver.  Since we are using a Dell PERC card, it isn’t required in our case. Click OK and continue.

7. Read the EULA and continue

8.  Choose the disk you would like to use for your Virtual Machine Storage and click OK to continue.

NOTE:  If your drive/volume is larger than 2TB, then you will have to create a partition that is less than 2TB for the XenServer hypervisor.  If you are using RAID 10 and a PERC card (as we have before), Dell’s PERC Configuration tool does not allow for 2 separate RAID 10 partitions.  Since Dell’s PERC Card is a rebranded LSI card, you can create the 2 separate partitions using LSI’s MegaRAID software.  If you are using a PERC 5/i or 6/i you can download it under the LSI MegaRAID SAS 8408E Adapter.  or here: LSI MegaRAID Storage Manager for Windows XenServer Install Virtual Machine Storage

9.  Choose your Installation Source.  In our case, we are using a CD so we choose Local Media.XenServer Installation Source

10.  It will now ask you if you would like to install any supplemental packs.  If you plan on installing any Linux VMs, it is a good idea to install the Linux Supplemental Packs.  There are also other supplemental packs that you can install.  For example, Dell has OpenManage software that can be and installed easily using the OpenManage supplemental pack. We will choose Yes at this screen since we are installing the Linux Supplemental Pack.XenServer Supplemental Packs

11.  It now asks us to verify the installation source.  This is highly recommended to ensure a proper install.Verify Installation Source

It will begin by verifying your XenServer installation disc:
Verifying XenServer Installation SourceThe next page will display if there were any issues with verification.  If verification was successful you may continue, otherwise you may to try burning your disc again.

12. Choose a root password for your server.  This is the password used when connecting to the XenServer host from XenCenter.

13.  Choose which ethernet card you would like to designate for managing your server.  Since our ethernet cord is plugged into the first ethernet port on our Dell server we will choose eth0.  Eth1 shows no link because there is nothing connected to the second ethernet port on the server.  Your server may only show one interface if you have only one card.Host Management Interface

14.  Choose DHCP or enter your Static IP information:
XenServer IP Address

15.  Continue by choosing a hostname.  Unless you chose DHCP, you will also be asked to enter to your DNS Nameservers.

16.  Choose the geographical area your server is in, and then select the City.

17. Next you will be asked to enter the time or choose an NTP server.  I recommend using NTP. I recommend the following NTP servers:

18.  Install XenServer:Install XenServer
19.  Now that the installation has completed, it asks for any supplemental packs. Now would be a good time to insert your Linux Supplemental pack and press OK:
Insert Supplemental Pack

20.  We recommend verifying your installation source in order to test the media. (It will provide the MD5 hashes once you click verify, go ahead and continue)
Verify Linux Pack

21.  Once verification has completed, go ahead and Use the pack and install.

22.  Once install has completed, you can choose to install more supplemental packs or select Skip and it will complete installation:XenServer Install Complete

23.  Once your server has booted you should reach the following screen:

XenServer Configuration Screen

24.  Open XenCenter on your desktop and Add your new server.  Type in your server’s IP, Username: root and the password you chose.

Add Server to XenCenter

For almost three decades now, the conventional wisdom about Macs and viruses has been simple: They don’t get them. Viruses are made for PCs, they say, which means Macs aren’t vulnerable to them. And whenever the latest virus scare goes cycling through the PC world, my fellow Mac users and I can relax, if not outright throw our heads back and laugh.

That may be about to change.

If Macs don’t get many viruses, it’s not because they’re magically or systemically immune; it’s because virus coders usually target the bullseye, the most vulnerable, most populous demographic, in order to give their viruses the widest spread. Historically, that’s meant targeting Windows, which in the past, has had not only many more vulnerabilities, but a much wider audience.

However, two key trends are on the move right now. One, PC users are migrating to Windows 7, which is intrinsically much stronger than its predecessors. Two, OS X is starting to capture a wider and wider market share. Those two factors combined may, very soon, make OS X a more appealing target for coders who want to do harm.

Of course, in no way does that mean “jump ship.” What it means is “be proactive, and be ready.” Outfit your Mac with a professional-caliber virus security program, if you haven’t already, and surf the Web carefully and responsibly. All the usual rules of thumb for minimizing risk still apply; stay away from the Internet’s bad neighborhoods, don’t open spam (especially not attachments), block pop-ups except from sites you trust, and so on.

PC users have dealt with virus threats since the days of floppy disks and dial-up. Should the need arise, Mac users can too.

Ryan Graff

Host Duplex would like to welcome its newest blog contributor, Ryan Graff.

Since earning his degree in film studies, with a minor in writing, Ryan has spent the last ten years working as an editor, writer, filmmaker, video game designer, and, briefly, mental ward receptionist. He has written several screenplays, including the award-winning fantasy Skyhammer, and recently worked as original writer and designer on Konami’s Vandal Hearts: Flames of Judgment. When not at his day job, where he edits text for a game publisher, he works freelance as a script doctor and video editor.

As a member of the Host Duplex blog team, Ryan will work closely together with the core staff to help explore and explain a variety of topics in the web hosting industry. More to come soon!

We talked earlier about the importance of redundancy. Naturally, an equally critical concern is security, both of the data itself and the servers that host it. After all, if you choose the wrong web hosting provider, your e-commerce site might end up stored in their basement or garage.

Host Duplex spares no expense when it comes to protection. Steadfast‘s Chicago data center houses the majority of our servers in the Equinix building, renowned throughout the industry as a fortress to be reckoned with. (Just getting into the building requires a background check, for starters.) There, each server has two power supplies, each with its own feed, battery backup, and diesel generator capable of running each machine for hours. Beyond even that, Steadfast has a contract with a local fuel provider to bring in extra diesel fuel immediately should any major outage ever occur. Not to be outdone, we have our own large stock of parts stored at our facility, ready to remedy any hardware issues at a moment’s notice.

On the software side of the occasion, our automated monitoring system keeps a constant watch for exploits, vulnerabilities, and any suspicious behavior, keeping our live staff alert around the clock. Our management service, should a client choose to make use of it, also installs and configures the client’s firewalls, while at the same time optimizing server performance, running updates, and performing weekly checks across all systems. (Clients always have the option of installing and configuring their own firewalls, of course.)

Together with some of the industry’s brightest minds and strongest facilities, Host Duplex ensures that your data is as safe and rock-solid as it possibly can be.

When you hear the words “customer service,” what comes to mind? Most likely, frustration. Too often, paying customers run up against convoluted voicemail systems, long wait times, and, if they’re patient and lucky enough, disinterested phone reps who may or may not care about the issue, may or may not be able to fix it, and may or may not speak their language.

That’s not to say that there aren’t good customer service reps. There most certainly are. Unfortunately, it’s the negative experiences that tend to stick in our memories more than the smooth and positive ones. Good businesses are aware of that, and take steps to ensure that every interaction with a client goes as smoothly as possible.

Needless to say, that goes double for the business of web hosting, where time is measured in milliseconds, and every millisecond of down time is a potential drain on a client’s income. A paying client deserves stability and security, but more than that, he or she deserves to know that, should any issues ever arise, customer service will be on the job at once.

How It’s Done

To ensure that the dozens, hundreds, or thousands of active clients all receive the attention they deserve, a worthwhile provider uses both live, 24-hour technicians and a system of automated monitors. The automated system keeps constant watch, always on the lookout for anomalies of any kind; should one ever occur, the system notifies the live techs at once with a chain of alerts and notifications. With this system in place, a client rarely has to call in at all.

Treating the Client Right

On those occasions when a client does call in an issue, there are certain expectations of professional courtesy that every rep and technician should meet. A worthwhile web hosting provider treats each client with respect, not only as a paying customer and as an individual, but as someone who’s entrusted a part of their livelihood, sometimes a critical part, to the provider’s care. Whatever the issue might be, a web hosting provider’s customer service and tech support departments have the professional and ethical obligation to guide the client toward a solution, and to do it in a friendly, approachable manner.

In a perfect world, we’d all associate customer service not with frustration and disappointment, but with hardworking, courteous professionals who’d help us out right when we need it most. For now, what we can do — right here in this business, where customer service is crucial — is work toward that ideal by setting an example every day.

When choosing a web hosting provider, it’s tempting to go with the cheapest possible option. After all, why pay anywhere from $10 to $40+ a month when you can pay five bucks or less?

Well, several reasons.

Since the early days of the internet, fly-by-night providers — and even a few of the larger, more established ones — have been offering ridiculously low prices, often packaged together with impossibly lofty promises (check out the earlier entry on “unlimited” bandwidth). Before signing on with that kind of deal, here are a few things to consider:

What Rock-Bottom Prices Really Mean

  • A provider’s hardware budget comes, in large part, from their hosting fees, or lack thereof. A provider who charges pocket change isn’t likely to have much more than pocket change for maintenance, upgrades, or overhead. It’s not uncommon for budget providers to host their clients’ sites on ramshackle custom-built machines, machines that often fail, without enough redundancy in place to keep their clients’ sites up when they do go down. It goes without saying that even a few hours’ down time can cost an e-commerce site hundreds, thousands, or more in lost business — much more than they “save” on hosting fees, and that’s if a few hours is all it takes for the site to come back.
  • On a related note, a provider who skimps on hardware isn’t likely to spend much on customer service either. When it comes to e-commerce, tech support has to be decisive, effective, and immediate — and more than that, a paying client has the right to know that it will be. Sadly, there’s an entire genre of stories about poor customer service, much of it online. A fly-by-night provider might take hours, even days or longer, to answer back, and may or may not be able to solve the problem. In the worst cases — they’ve been rare, but they do happen — entire websites have been lost.

Bargain-bin rates are certainly eye-catching, and they may appeal to your pocketbook, but be aware of those long-term costs, and always read the fine print.

When you invest a little extra, you’re investing in better hardware, ongoing upgrades, higher security, capable customer service, and, above all, reliability. What it all adds up to is peace of mind, and that’s something more valuable than any discount.