May 2010 Archives

Google recently released a SSL enabled version of their main page, which is no bad thing. However it turns out there's a bit of a nasty side effect for companies doing search analytics. When you go from an SSL site to a site without SSL, most modern browsers will stripe out the referrer data. In the case of going from an SSL enabled Google to a normal non-ssl site, it means that the non-ssl site will have no idea of what search terms were used.

Of course there is a way around this. The simplest is just to SSL enable the site. If you go from one SSL enabled site to another SSL enabled site, the referrer data is retained. There are other such as Google appending something like ?query="search term" to each url it returns, however even if this is implemented I can see it being an optional for the user.

Of course the problem with SSL certs is that you need a dedicated IP Address for each SSL enabled site. There's extensions to TLS which would mean that you could host multiple name based virtual hosts on one IP, see Section 3.1 of RFC3546, but I have yet to see significant support for this. As it stands at the moment, IPV6 is probably better supported than the Server Name Indication extension of TLS.

So, if a company wants a fast way of getting the referrer from an SSL Google query, the handiest method is probably to SSL enable their site, which means a dedicated IP address. Anyone who has got this far in the post probably already knows that IPv4 addresses are slowly running out. If every SEO in the place suddenly wants to enable SSL on their customer's sites, there's suddenly going to a lot of pressure on the IPv4 address space.

I know that if a relativity small percentage of shared hosting sites at work wanted to SSL enable their sites in the morning, we'd run out of available IPv4 addresses in a flash. However, we do have ~4,000,000,000 IPv6 addresses available which should be sufficient! It's just a pity that most ISPs wouldn't be able to get to them at the moment.

The big winner in this would be the companies selling the SSL certs. People could use a self signed cert, but do they really want customers/potential clients to have to click through the various warnings. There's other options such as CACert, but not all browsers will recognise them as a valid cert.

My own opinion is that the lack of referrers is no bad thing. It might force sites to stop using under hand tricks and just put up proper content.

It would seem that random pie in the sky figures about server virtualisation is one of my berserker buttons. I work in IT, hence I know that everything in IT is a compromise. So when someone on twitter quoted figures from a Sunday Business Post article stating that the HSE were using 200 servers, and then immediately proclaimed that virtualisation would reduce that number by 75%, I had to respond. Anyone on twitter is free to look it up.

At work we use virtualised servers extensively. Our whole shared hosting/VPS platform is built on Virtuozzo. We have numerous other services which are virtualised in the the background using other technologies such as Xen, KVM, Hyper-V etc. It is a brilliant tool when deployed properly and has plenty of other benefits such as being able to move an virtual server to new hardware in a hurry.

However, if you are to believe the marketing hype, virtualisation will immediately save you X% where X is ridiculously large number like 70 or 80. What they always seem to fail to mention is that they're presuming that you're massively under utilising your current hardware.

This leads to a lovely self fulfilling prophecy. The people who move over are the ones underutilising their current hardware and they will see massive savings. These savings are due to bad planning and over speccing the hardware in the first place though, and virtualisation is the ideal technology to consolidate the hardware while keeping the outward facing infrastructure looking the same. This means there's a massive selection bias in the figures which virtualisation vendors quote, as they seem to only use these customers as examples.

If we then look to the other end of the spectrum, people properly utilising their existing infrastructure. Here virtualisation will still give plenty of benefits. For example, being able to move a virtualised server from physical server to physical server, often with no downtime. However, then you have to consider virtualisation overhead. As virtualisation is simple abstracting away the hardware, there is going to be an overhead in the translation. Depending on the technology used the overhead might be minimal or it might be large enough that new hardware is required to account for it.

There will also be no savings due to less hardware in this scenario as the virtualisation isn't being used for consolidation, but for ease of management. If it's a commercial virtualisation product such as VMWare, there's going to be extra cost involved. This cost might be offset in deceased administration time, but it's not going to be anything near the figures normally quoted for savings.

To go back to what started all this off, the 200 servers in the HSE. We have no way of knowing what the utilisation is like on these servers. For all we know, it's a fairly heavy Java based app running on them and the systems are well utilised. It's also possible that they are underutilised, but without knowing what they're actually doing, it's not possible to pull random figures like 75% out of the air.