cpanel 11.25 unveiled · slide cpanel 11.25 unveiled ip validation and cpanel.*, webmail.* and...
TRANSCRIPT
cPanel 11.25 Unveiledhttp://cPanel.net/releases/1125/
David Grega Technical Sales Representative Kevin Asklund Level 3 Technical AnalystJ.D. Lightsey Perl DeveloperKenneth Power Quality Assurance ManagerMario Rodriguez Strategic Partner Manager
1
cPanel 11.25 UnveiledSlide
Today’s Presentation
Today we are focusing our discussion on the release of version 11.25 of cPanel and WHM.
Why version 11.25 is important for you.Discussion of new and enhanced functionality in cPanel/WHM version 11.25Best practices for using cPanel/WHM 11.25Near-term product roadmap of cPanel and WHMQuestion and Answer Session (1 hour)
2
cPanel 11.25 UnveiledSlide
Asking Questions at Today’s Webinar
Please type questions in the window on your right.We will be addressing questions during the Question and Answer (Q&A)
session after the presentation.If your question is about a specific slide, please note the slide number in
your question. This allows us to go back to the slide when addressing your question.
3
cPanel 11.25 UnveiledSlide
You can view our community forums at: http://forums.cPanel.net
4
Version 11.25
cPanel is a continually evolving product.Many of the features of 11.25 are features you recommended.Major release, representing over 12 months of development effort.Over 50% more of the code base has been touched than for 11.24You can recommend features on our forum, please have 1 feature per
thread. If you want 5 features, please make 5 separate threads.
cPanel 11.25 UnveiledSlide
Simple
Secure
Cutting Edge
Reliable
Extensible
Universal Support
Web Developer-Friendly
White-Label Reseller Support
You’re In Control
Reasons for Using cPanel and WHM 11.25
5
cPanel 11.25 UnveiledSlide
Simple
6
cPanel 11.25 UnveiledSlide
Enhanced DNS Clustering
Updates are sent in batches to reduce memory consumptionAutomatic disabling of unresponsive cluster membersPrevention of the propagation of outdated DNS informationFaster restarting of BIND
cPanel and WHM Server
DNSONLY Server
Unresponsive DNSONLY Server
7Simple
cPanel 11.25 UnveiledSlide
Enhanced Mail System
Significant improvements throughout mailing systemOne Exim® process for listening on multiple portsImproved quota lookup efficiency
8Simple
cPanel 11.25 UnveiledSlide
Single Email Page
Without leaving this page, you can:Change passwordsChange quotasAdd accountsSearch for an accountSort the list of accountsDelete accounts
9Simple
cPanel » Mail » Email Accounts
cPanel 11.25 UnveiledSlide
Reorganized Security section of WHM
10Simple
cPanel 11.25 UnveiledSlide
Improvements for Server Administrators
Page title now includes the server’s short hostname.Example: server1 is displayed for server1.example.comMore efficient to administer multiple cPanel/WHM servers.
Inspired by a discussion on our community forums: http://forums.cpanel.net/f5/show-hostname-whm-say-near-load-display-98637.html
11Simple
cPanel 11.25 UnveiledSlide
Faster Load Times
Cleaner HTMLFewer HTTP requests
If you used custom branding in 11.24 or earlier and want to make use of the CSS optimization, refer to:
http://docs.cpanel.net/twiki/pub/AllDocumentation/ReleaseNotes/branding_css_usage.pdf
Version 11.24
Version 11.25
YSlow Overall Performance Score
Optimized CSSFaster, improved input validation.
12Simple
cPanel 11.25 UnveiledSlide
Web Server Improvements
Faster httpd.conf (Web server configuration) generation processFaster account creation times.
Where to serve pages for user Kevin
Where to serve pages for user Dave
Where to serve pages for user Ken
Where to serve pages for user Mario
Web Server Configuration
13Simple
cPanel 11.25 UnveiledSlide
Faster, Less Resource-Intensive Backups
Reduced CPU Utilization
Data
Data
Data
Tar without gz
DataData
DataData
Data Backup Copy of Data
14Simple
cPanel 11.25 UnveiledSlide
Other Performance Improvements
Startup time on all cPanel binaries reduced by up to 40%Web Disk service (allowing users to view their web space as a network
attached disk drive) now uses less CPU resourcesMore robust log daemon (cpanellogd) eliminating delays in log processing
Version 11.24
Version 11.25
Startup Time of cPanel Binaries
15Simple
cPanel 11.25 UnveiledSlide
Secure
16
cPanel 11.25 UnveiledSlide
Security is an Ongoing Process
cPanel/WHM provides the tools to make hardening your server easier.You understand the needs of your customers.Security in shared hosting is often a balance of customer needs with inconvenience
introduced by some security methods.Also, today’s security settings may not be sufficient for tomorrow’s security threats,
so one must constantly understand and compensate for the latest security trends.
17Secure
cPanel 11.25 UnveiledSlide
Brute Force Protection Enhancements
Enhanced protection from malicious usersMore difficult to overwhelmFaster notification of attacksMore responsive
18Secure
WHM » Security Center » cPHulk Brute Force Protection
cPanel 11.25 UnveiledSlide
11.25 Recommended Security Settings at a Glance
19Secure
For updated and detailed documentation on recommended security settings, visit: http://docs.cpanel.net/twiki/pub/AllDocumentation/ReleaseNotes/recommended_settings.pdf
cPanel 11.25 UnveiledSlide
11.25 Recommended Security Settings at a Glance
20Secure
cPanel 11.25 UnveiledSlide
Why We Now Advise Against HTTP Authentication
Doesn’t allow for logging out of an authentication session.You remain authenticated until the browser application is terminated.
This is why many banks ask you to close your browser after logging out.Flushing HTTP credentials is not available in all browsers, nor reliableCross Site Request Forgery attacks (aka XSRF, CSRF and “Sea Surfing”) take
advantage of all of the above.
21Secure
WHM » Server Configuration » Tweak Settings » Security
cPanel 11.25 UnveiledSlide
If Security Tokens are Enabled...
URLs contain a token unique for that login sessionPrevents malicious users from successfully knowing which URL they need to
surreptitiously request to trigger execution of a command as part of a “Sea Surfing” attack.Any page requests without a token will simply result in a login prompt.
If you built or run custom scripts that use absolute URLs, you will need to rebuild them to use relative URLs instead. For further guidance, please contact our technical analysts at http://tickets.cPanel.net/submit
22Secure
WHM » Server Configuration » Tweak Settings » Security
cPanel 11.25 UnveiledSlide 23Secure
Example of XSRF Protection Screen
cPanel 11.25 UnveiledSlide
Cookie-Based Authentication
Malicious use of stolen cookies can be curbed by letting our software validate the IP addresses used on all logins.Mis-matches in IP addresses associated with a cookie will prompt for re-
authentication if IP validation is enabled.
24Secure
WHM » Server Configuration » Tweak Settings » Security
cPanel 11.25 UnveiledSlide
IP Validation and cpanel.*, webmail.* and whm.*
cpanel.*, webmail.* and whm.* subdomains are a feature called Proxy Subdomains.This is a reverse proxy.All connections appearing to be coming from localhost severely diminishes the
effectiveness of IP validation for cookies.Therefore, for improved security, it is recommended this functionality be disabled.
25Secure
WHM » Server Configuration » Tweak Settings » Domains
cPanel 11.25 UnveiledSlide
Don’t Forget the Basics!
Broadcasting usernames and passwords in plain text is a bad idea.You can force credentials to be sent via SSL/TLS encryptionA SSL certificate for the cPanel/Webmail/WHM service can be configured via the
Manage Service SSL Certificates screen in the Service Configuration section of WHM.
26Secure
WHM » Server Configuration » Tweak Settings » Redirection
cPanel 11.25 UnveiledSlide
Setting up a SSL Certificate for cPanel,
Webmail and WHM
27Secure
cPanel 11.25 UnveiledSlide 28Secure
Self-Signed SSL Certificates
Provide encryptionLack identity verificationModern web browsers require both.
cPanel 11.25 UnveiledSlide
Other services (such as cPanel/WHM/Webmail) do not inherit the SSL certificates set up for Apache®.
Installing SSL Certificates for cPanel Services
29Secure
cPanel 11.25 UnveiledSlide
You can force SSL connections to use the hostname on the SSL certificate.If the customer connects via SSL to a hostname not matching the SSL certificate, that
would generate a browser error about a mismatched hostname.This is configured via Tweak Settings.
Considerations for SSL connections
30Secure
WHM » Server Configuration » Tweak Settings » Redirection
cPanel 11.25 UnveiledSlide
Redirect connections on HTTP ports to HTTPS ports
Curbs server vulnerability caused by broadcasting passwords in plain text from customers who explicitly try to connect over plain-text connections.Connections to HTTP ports 2082, 2086 and 2095 can now automatically be
redirected to their HTTPS (secure) counterparts: 2083, 2087 and 2096 using a new tweak setting:
31Secure
WHM » Server Configuration » Tweak Settings » Redirection
cPanel 11.25 UnveiledSlide
Cutting Edge
32
cPanel 11.25 UnveiledSlideCutting Edge
Improved Password Strength Evaluation Algorithm
Ratings updated to more accurately indicate how difficult it is for today’s password cracking tools to be successful against a specific password.Our Password Strength Meter has been updated to make use of
this improved algorithm.The Password Generator is a button used to automatically
generate a strong password based on the above algorithm.Can be used with Password Strength Configuration tool to force
use of stronger passwords
33
cPanel 11.25 UnveiledSlide
Improved Mobile Theme
When you access cPanel via a mobile phone’s web browser, you will automatically be logged into the Mobile Theme of the cPanel interface.Mobile Theme now compatible with browsers with
limited JavaScript abilityMore efficient web server for faster access to cPanel
and WHM Reduction of authentication requests by up to 50%
(if using cookie authentication)
34Cutting Edge
cPanel 11.25 UnveiledSlide
Mobile Mail Improvements
IMAP IDLE (BlackBerry® FastMail) support, for near-real-time email delivery
Available if you use Dovecot, the default IMAP/POP3 server since 11.24Go to WHM » Service Configuration »
Mailserver Selection to switch to Dovecot from CourierLets you receive email in near real time,
rather than your phone having to connect to the server once every few minutes with traditional IMAP.
35Cutting Edge
cPanel » Mail » Email Accounts » Blackberry® FastMail Service Enabled
cPanel 11.25 UnveiledSlide
Maildir, the Preferred Solution for Mail Hosting
As mentioned in 2005, cPanel now uses Maildir.mbox support in cPanel/WHM has reached End of Life, contact our technical
analysts if you desire assistance for migrating to Maildir.This conversion can be accomplished by going to the Mail Directory Conversion
System option in WHM.
36Cutting Edge
cPanel 11.25 UnveiledSlide
Reliable
37
cPanel 11.25 UnveiledSlide
cPanel/WHM Quality Standards
We only use production-ready software, not betas or release candidates.All software is tested on a variety of cPanel environments to ensure compatibility.Extensive analysis is performed before we consider supporting additional
software to ensure the third party software can meet our quality standards.We understand it is statistically impossible to test against every possible
environment, so we welcome your feedback.
Quality Software
38Reliable
cPanel 11.25 UnveiledSlide
Improved Bandwidth Statistics
Improved bandwidth stats generation process.More reliable metricsMore accurate graphs
Bandwidth usage is now retained for 10 yearsBandwidth history is now fully transportable across architectures
39Reliable
cPanel 11.25 UnveiledSlide
Extensible
40
cPanel 11.25 UnveiledSlide
API Enhancements
Addition of 16 new functions to the XML APIJSON supportMore API2 functions, including functions for new cPanel functionalityFaster performance.
For information about new XML API functions, visit http://sdk.cPanel.net
41
{"status":1,"statusmsg":"Ok","acct":[{"startdate":"09 Jul 20 23:04","plan":"default","suspended":0,"theme":"x3","shell":"/usr/local/cpanel/bin/noshell","maxpop":"unlimited","maxlst":"unlimited","maxaddons":"*unknown*","suspendtime":null,"ip":"192.168.97.73","maxsub":"unlimited","domain":"nope.example.com","maxsql":"unlimited","partition":"home","maxftp":"unlimited","user":"nope","suspendreason":"not suspended","unix_startdate":1248145469,"diskused":"5M","maxparked":"*unknown*","email":"*unknown*","disklimit":"unlimited"
JSON XML
Extensible
cPanel 11.25 UnveiledSlide
Enhanced API2 Docs.
Our long-term project of improving the API2 Documentation has completedHelpful for developers looking to
remotely automate tasks within the cPanel interface.
42Extensible
The enhanced API2 documentation is available at: http://docs.cpanel.net/twiki/bin/view/ApiDocs/
Assistance with any of our APIs can be found in our Developer Discussion forum on http://forums.cPanel.net
cPanel 11.25 UnveiledSlide
Tasks that can be Accomplished using our APIs:
Modify what happens after server actions take place Modify the actual functionality of cPanel features (e.g. adding an email address)Create your own cPanel API functionsAdd your own icons and icon groups to cPanelAdd custom functionality to cPanel and WHMHave external software trigger actions within cPanel and WHM
APIs are how third party software like Fantastico and WHMCS interact with cPanel and WHM
cPanel and WHM is Extensible
43Extensible
cPanel 11.25 UnveiledSlide
Universal Support
44
cPanel 11.25 UnveiledSlideUniversal Support
The cPanel Support Staff
Technical analysts staffed 24/7 including holidaysVisit http://support.cPanel.net for determining your best support option.Courteous, prompt and quality service.Free migration services from select control panels.
Immediate Phone Support is available$65 from start, to resolution, of the issueAvailable at http://cPanel.net/store
For information about our free migration services, visit http://migrate.cPanel.net
45
cPanel 11.25 UnveiledSlideUniversal Support 46
cPanel 11.25 UnveiledSlide
Consult our migration specialists!http://migrate.cPanel.net Windows Migrations coming soon.
47Universal Support
cPanel 11.25 UnveiledSlide
Web Developer-Friendly
48
cPanel 11.25 UnveiledSlide
Database Soft Quotas
Displays disk space consumed by user’s databases as part of overall disk usage.Useful for web developers to realize how large their
databases are so they know when to optimize their databases.Enabled via Tweak SettingsRequires MySQL 5
49Web Developer-Friendly
cPanel 11.25 UnveiledSlide
White Label Reseller Support
50
cPanel 11.25 UnveiledSlide
Web Template Editor
Available to root and reseller users!Customize via WHM:
Account Suspended PageDefault Website PageAccount Move MessageFirewall Detection Screen
51White-Label Reseller Support
cPanel 11.25 UnveiledSlide
You’re In Control
52
cPanel 11.25 UnveiledSlide
Database Support Improvements
PhpMyAdmin 3MySQL® 5.1 supportUpgrade tool for going from MySQL 5.0 to 5.1
Downgrades of MySQL are unsafe.Therefore, MySQL Upgrades are one-way.
53You’re In Control
cPanel 11.25 UnveiledSlide
Enhanced Performance of Roundcube
RoundCube can now run using SQLiteNot automatically done when you upgrade to version 11.25One-way process, not reversible A simple process started by running the following command-line script: /scripts/convert_roundcube_mysql2sqlite
We recommend testing this on a pre-production server running cPanel/WHMcPanel Partner NOCs can have a license for a pre-production server at no
cost, contact cPanel Customer Service for details.
54You’re In Control
cPanel 11.25 UnveiledSlide
Reworked Language System
Right-to-left (RTL) language support added (for languages like Arabic)Now allows for fluent translation into any language. Less memory consumptionSet the foundation for WHM to be translated into other languages.
55You’re In Control
cPanel 11.25 UnveiledSlide
Improved MX Editor
An increased popularity of hosted mail solutions like Google™ Mail for Domains has resulted in customers desiring more control over mail delivery.We recommend, and default to,
automatically detecting the configuration.Version 11.25 introduces the
ability to now set multiple records at equal priority, allowing for balancing the load placed upon the mail servers.
56You’re In Control
cPanel 11.25 UnveiledSlide
DNS Editing via cPanel
Basic and Advanced EditorsAdvanced Editor is disabled via the disabled feature list by default.Simple DNS Zone Editor allows the addition of new records, but not the
modification of records automatically created by cPanel software. As a result, it is less likely for a customer to require technical assistance as a result of using the Simple DNS Zone Editor.Advanced DNS Zone Editor allows for the modification of all of that hosting
customer’s DNS Zones. You may want to upsell your customers to a hosting package where the Advanced
DNS Zone Editor is available, since it can cause an increased support load.
57You’re In Control
cPanel 11.25 UnveiledSlide 58You’re In Control
Simple DNS Editor
Advanced DNS Editor
cPanel 11.25 UnveiledSlide
Coming Soon
59
cPanel 11.25 UnveiledSlide
11.25.1 Security Policy
Password Aging Source IP Check
60
cPanel 11.25 UnveiledSlide
11.25.1 Database Name Mapping
Removing the requirement for the prefix username_ for database names and database users
61
cPanel 11.25 UnveiledSlide
11.25.2 New Message Center
Server Owners and Resellers can communicate via the cPanel interfaceTarget messages to users based on hosting package or features available to them.Useful for sending targeted messages to upsell specific customers
62
cPanel 11.25 UnveiledSlide
2010 Some of the Many Things We Are Working On:
IP version 6 supportNetwork Address Translation (NAT) supportDNSSEC support
63
cPanel 11.25 UnveiledSlide
2010 cPanel at Industry Events
March: WebHostingDayJuly: HostingConcPanel Conference 2010
64
cPanel 11.25 UnveiledSlide
21 Exhibitors239 Attendees from 12 countriesAccess to cPanel DevelopersTechnical and Executive Sessions
65
cPanel 11.25 UnveiledSlide
2010 cPanel Conference 2010
Location: Houston, TX
Additional information will be posted to the cPanel Events Page as it becomes available: http://cPanel.net/events
66
cPanel 11.25 UnveiledSlide
Version 11.25Questions and Answers
67
cPanel 11.25 UnveiledSlide
If your question was not answered today, please
email your inquiry to [email protected]
68
David Grega Technical Sales Representative
Kevin Asklund Level 3 Technical Analyst
J.D. Lightsey Perl Developer
Kenneth Power Quality Assurance Manager
Mario Rodriguez Strategic Partner Manager