Today, I am happy to announce that we’ve finished the deployment of our new server configurations in the Stockholm datacenter. The update enables faster* encryption speed and greatly improved physical security.
Improvements of the physical security
Previously, one of our servers was placed in a shared server cabinet. Even though we’ve always had great software security, there was room for improvement regarding the physical security.
We have now moved all servers to our own server cabinet to which only I have the keys. This means you would have to break into the cabinet to access them, which is unlikely as we have burglar alarms and cameras in all directions around the cabinet.
But we didn’t stop there! Our servers operate completely without hard drives and are booted from a USB memory. All other USB slots are inactivated in order to prevent DMA attacks, and Tresor is used to protect us against cold boot attacks.
In the Stockholm data center, we previously had a server with a 2 x 1 Gbit/s connection.
Along with upgrading our security, we also increased the number of servers to three servers in Stockholm. The server cabinet used in Stockholm holds 22U, and our server and switch for the time being requires 4U.
This means that we have room for putting 18 new servers if we need to in the future.
The switch currently has a 10 Gbit/s fiber connection, and each server has a 2 x 1 Gbit/s connection while operating in dual bonding. Thus, we’ve increased our maximum capacity from 2 Gbit/s to 6 Gbit/s when making our upgrades.
We have also renegotiated our terms with our ISP to increase our capacity. If needed, we can increase our speed on the switch from 10 Gbit/s to 40 Gbit/s.
Upgrades of client configurations
No client configurations have to be changed.
To accommodate the server updates, we’ve created a page on our website containing client configurations specific for each server. You can find the page on your dashboard; thus, it is only available to signed-in customers.
The new configuration file page makes it easier to configure your iOS/Android device, and a computer can be connected at the same time.
Even if it’s not mandatory to update the client configuration, we strongly recommend Mac OS X users to do so as we’ve increased the security of the new configurations further.
Thanks to ebqt from Flashback, we’ve added a script that automatically shuts down uTorrent and BitTorrent should you ever lose your connection to the OVPN.
The script, named reconnecting.sh, also contains the possibility to turn off your Wi-Fi/Ethernet should your OVPN connection be lost at any time.
A huge thanks to ebqt for writing the script!
Update of the status page
The server status page is using a public REST API that we are developing, meaning we will be able to integrate our API in other applications. We have yet to release any documentation of the API, but we expect to release it within a few weeks.