{"componentChunkName":"component---src-templates-blog-list-jsx","path":"/blog/21/","result":{"data":{"prismic":{"allFeaturedblogs":{"edges":[{"node":{"featured_blogs_enabled":true,"heading":[{"type":"paragraph","text":"Featured posts","spans":[]}],"featured_blog_1":{"__typename":"PRISMIC_Blog","_linkType":"Link.document","blog_header_image":{"dimensions":{"width":790,"height":395},"alt":null,"copyright":null,"url":"https://images.prismic.io/www-static/6d8d81b1-971a-4313-b033-b4e125cb14a0_MondoDB-blog-header-790x395.PNG?auto=compress,format"},"blog_headline":[{"type":"heading1","text":"Introducing DigitalOcean Managed MongoDB – a fully managed, database as a service for modern apps","spans":[]}],"blog_post_date":"2021-06-29","blog_post_content":[{"type":"paragraph","text":"MongoDB is one of the most popular databases, and it’s ideal for apps that evolve rapidly and need to handle huge volumes of data and traffic. It offers advantages like flexible document schemas, code-native data access, change-friendly design, and easy horizontal scale-out.","spans":[{"start":22,"end":44,"type":"hyperlink","data":{"link_type":"Web","url":"https://db-engines.com/en/ranking","target":"_blank"}}]},{"type":"paragraph","text":"However, building and maintaining MongoDB clusters from the ground up can be a huge undertaking. Developers often complain that they have to spend their valuable time and resources on database management. Well, we’ve been listening and have some great news: accessing and managing MongoDB on DigitalOcean just got a lot simpler!","spans":[]},{"type":"paragraph","text":"We are excited to announce that DigitalOcean Managed MongoDB is now in General Availability. Managed MongoDB is a fully managed, database as a service (DBaaS) offering from DigitalOcean, built in partnership with and certified by MongoDB Inc. It provides you all the technical capabilities that make MongoDB so beloved in the developer community. Together we have ensured that you will get access to all the latest releases of the MongoDB document database as they become available.","spans":[{"start":32,"end":91,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/products/managed-databases-mongodb/"}},{"start":230,"end":241,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.mongodb.com/","target":"_blank"}}]},{"type":"paragraph","text":"Managed MongoDB simplifies the MongoDB administration. Developers of all skill levels, even those who do not have prior experience in databases, can spin up MongoDB clusters in just a few minutes. We handle the provisioning, managing, scaling, updates, backups, and security of your MongoDB clusters, allowing you to offload the complex, time consuming –yet critical – database administration tasks to us. This empowers you to focus on what really matters: building awesome apps.","spans":[]},{"type":"embed","oembed":{"height":113,"width":200,"embed_url":"https://www.youtube.com/watch?v=NvHQSV7jnKA","type":"video","version":"1.0","title":"Create a MongoDB Database on DigitalOcean","author_name":"DigitalOcean","author_url":"https://www.youtube.com/c/Digitalocean","provider_name":"YouTube","provider_url":"https://www.youtube.com/","cache_age":null,"thumbnail_url":"https://i.ytimg.com/vi/NvHQSV7jnKA/hqdefault.jpg","thumbnail_width":480,"thumbnail_height":360,"html":"<iframe width=\"200\" height=\"113\" src=\"https://www.youtube.com/embed/NvHQSV7jnKA?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen></iframe>"}},{"type":"heading2","text":"Benefits of Managed MongoDB","spans":[]},{"type":"paragraph","text":"","spans":[]},{"type":"list-item","text":"Easy set up and maintenance: We create the database clusters for you. Simply choose the cluster configuration (e.g., memory, disk size, number of nodes, etc.), and the data center in which you want to host the database. Follow a few simple steps and your database cluster will be up and running in a matter of minutes. You can spin up clusters using the cloud control panel, CLI, or API.\n\n","spans":[{"start":0,"end":28,"type":"strong"}]},{"type":"list-item","text":"Automatic daily backups with point in time recovery: Data is one of the most important assets of an app, so it’s critical to backup your database. We take backups of your entire clusters automatically on a daily basis, for free. We also provide a point in time recovery for 7 days, that way if things go wrong due to human error, machine error, or some combination of both, you can easily restore the database as it was at any point in the previous 7 days. \n\n","spans":[{"start":0,"end":52,"type":"strong"}]},{"type":"list-item","text":"Automatic updates and access to latest MongoDB releases: You get access to MongoDB 4.4. This is the latest release of MongoDB and comes packed with numerous enhancements like hedged reads, rust, and swift drivers. Since we have developed Managed MongoDB in partnership with MongoDB Inc, you will always get access to new releases as they become available. With Managed MongoDB, the updates happen automatically. Just select a date and time for the updates and we take care of the rest. This makes it easy to stay up to date with MongoDB releases without disrupting your business.\n\n","spans":[{"start":0,"end":56,"type":"strong"},{"start":148,"end":169,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.mongodb.com/new","target":"_blank"}}]},{"type":"list-item","text":"High availability with automated failover: If your database goes down, it can take down the entire app, leading to bad customer experiences. With Managed MongoDB, you can easily minimize the downtime for your database and make it highly available with standby nodes. Standby nodes add redundancy, so if for example the primary node fails, the standby node is immediately promoted to primary and begins serving requests while we provision a replacement standby node in the background.\n\n","spans":[{"start":0,"end":42,"type":"strong"}]},{"type":"list-item","text":"Scale up easily to handle traffic spikes: As your app gains traction and the usage grows, it’s important to have a database that can keep up with the increased demand. With Managed MongoDB, you can easily scale up the size of database nodes when needed.\n\n","spans":[{"start":0,"end":41,"type":"strong"}]},{"type":"list-item","text":"Secure by default: Since data is critical, it also needs to be secure. We encrypt data at rest with LUKS and in transit with SSL. When you create a new cluster, it’s placed in a VPC network by default that provides a more secure connection between resources. You can also restrict access to your nodes to prevent brute-force password and denial-of-service attacks.","spans":[{"start":0,"end":18,"type":"strong"},{"start":178,"end":189,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/docs/networking/vpc/"}}]},{"type":"heading2","text":"The need for Managed Databases","spans":[]},{"type":"paragraph","text":"DigitalOcean’s mission is to simplify cloud computing so developers, startups, and SMBs can spend more time building software that changes the world. While databases are a critical component to any application, building, maintaining, and scaling them can be complex and time consuming. For developers that are building apps for their business, database administration is often not a core focus area. But it’s quite common to find developers that write the code and then also roll up their sleeves to maintain databases. Such users would rather offload the tedious database administration and focus their limited time and energy on building and enhancing their apps. ","spans":[]},{"type":"paragraph","text":"With this in mind, we introduced Managed Databases a couple of years ago and are excited to add Managed MongoDB to our portfolio. With this release, DigitalOcean Managed Databases now supports the following engines:","spans":[{"start":33,"end":50,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/products/managed-databases/"}}]},{"type":"image","url":"https://images.prismic.io/www-static/87745cc1-1c5f-4463-b104-104b7fc30dc7_managed-databases-logos.png?auto=compress,format","alt":null,"copyright":null,"dimensions":{"width":849,"height":104}},{"type":"paragraph","text":"Managed MongoDB launch comes on the heels of DigitalOcean App Platform, a modern, reimagined PaaS (Platform as a Service) that we released a few months ago. App Platform makes it very easy to build, deploy, and scale apps and static sites. You can deploy code by simply pointing to your GitHub and GitLab repos, and App Platform will do all the heavy lifting of managing infrastructure, app runtimes, and dependencies. App Platform, along with Managed Databases, helps fulfill DigitalOcean’s mission by empowering developers, startups, and SMBs to focus more on their apps, and less on the underlying infrastructure and databases.","spans":[{"start":45,"end":70,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/products/app-platform/"}}]},{"type":"heading2","text":"How Managed MongoDB works","spans":[]},{"type":"paragraph","text":"DigitalOcean provides you with various compute options to build your apps like:","spans":[]},{"type":"list-item","text":"Droplets: On-demand, Linux virtual machines suitable for production business applications and personal passion projects.","spans":[{"start":0,"end":8,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/products/droplets/"}}]},{"type":"list-item","text":"DigitalOcean Kubernetes: Managed Kubernetes with automatic scaling, upgrades, and a free control plane.","spans":[{"start":0,"end":23,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/products/kubernetes/"}}]},{"type":"list-item","text":"DigitalOcean App Platform: A fully managed Platform as a Service.","spans":[{"start":0,"end":25,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/products/app-platform/"}}]},{"type":"paragraph","text":"No matter which compute option you choose to build your apps, you can easily add Managed MongoDB to it. In addition to this, Managed MongoDB also integrates with the Node.js 1-Click App from DigitalOcean Marketplace making it a lot easier to build Node.js apps.","spans":[{"start":166,"end":215,"type":"hyperlink","data":{"link_type":"Web","url":"https://marketplace.digitalocean.com/apps/nodejs"}}]},{"type":"heading2","text":"Simple, predictable pricing","spans":[]},{"type":"paragraph","text":"Just like all DigitalOcean products, Managed MongoDB provides simple, predictable pricing that allows you to control costs and prevent any surprise bills. You can spin up a database cluster for just $15/month, or a highly available three-node replica set for $45/month. Click here for more information.","spans":[{"start":270,"end":301,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/pricing/#managed-databases"}}]},{"type":"heading2","text":"Regional availability","spans":[]},{"type":"paragraph","text":"Managed MongoDB is currently available in the following regions:","spans":[]},{"type":"list-item","text":"NYC3 (New York, USA)","spans":[]},{"type":"list-item","text":"FRA1 (Frankfurt, Germany)","spans":[]},{"type":"list-item","text":"AMS3 (Amsterdam, Netherlands)","spans":[]},{"type":"paragraph","text":"We will be making Managed Mongo available in other regions soon. Please check out the release notes for most up to date information on regional availability.","spans":[{"start":86,"end":99,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/docs/release-notes/"}}]},{"type":"heading2","text":"Join us at deploy, DigitalOcean’s virtual user conference","spans":[]},{"type":"paragraph","text":"Today we have deploy, DigitalOcean’s signature user conference, which focuses on celebrating, educating, and connecting awesome builders from all over the world.","spans":[{"start":14,"end":20,"type":"hyperlink","data":{"link_type":"Web","url":"https://deploy.digitalocean.com/home"}}]},{"type":"paragraph","text":"Check out the keynote session from DigitalOcean's CEO, Yancey Spruill, in which he talks about where we're headed as a company and shares some exciting product updates. His keynote will be followed by sessions from community members, engineers, customers, and other experts that are building technologies and businesses powered by the cloud. With live Q&A and an active Discord server, there’s ample opportunity to engage and learn something new. Click here to attend the deploy conference.","spans":[{"start":14,"end":69,"type":"hyperlink","data":{"link_type":"Web","url":"https://deploy.digitalocean.com/agenda/session/552806"}},{"start":347,"end":384,"type":"hyperlink","data":{"link_type":"Web","url":"http://do.co/deploy-discord"}},{"start":461,"end":489,"type":"hyperlink","data":{"link_type":"Web","url":"http://do.co/deploy"}}]},{"type":"paragraph","text":"We are also launching a hackathon for DigitalOcean Managed MongoDB. Learn how you can participate, submit an app and get a t-shirt.","spans":[{"start":24,"end":66,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/mongodb-hackathon"}}]},{"type":"paragraph","text":"We hope you will give Managed MongoDB a try. Here are some sample datasets and sample apps that you can use to kick the tires. Check out the docs and let us know what you think!","spans":[{"start":22,"end":43,"type":"hyperlink","data":{"link_type":"Web","url":"https://cloud.digitalocean.com/databases/new?engine=mongodb"}},{"start":59,"end":90,"type":"hyperlink","data":{"link_type":"Web","url":"https://github.com/do-community/mongodb-resources","target":"_blank"}},{"start":141,"end":145,"type":"hyperlink","data":{"link_type":"Web","url":"https://docs.digitalocean.com/products/databases/mongodb/"}}]},{"type":"paragraph","text":"If you’d like to have a conversation about using DigitalOcean and Managed MongoDB in your business, please feel free to contact our sales team.","spans":[{"start":120,"end":142,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/company/contact/sales/"}}]},{"type":"paragraph","text":"Happy coding!","spans":[]},{"type":"paragraph","text":"André Bearfield","spans":[]},{"type":"paragraph","text":"Director of Product Management","spans":[]}],"tags":[{"tag1":{"__typename":"PRISMIC_Tag","tag":"Product Updates","_linkType":"Link.document","_meta":{"uid":"product-updates"}}}],"author":{"__typename":"PRISMIC_Author","author_name":"André Bearfield","author_image":{"dimensions":{"width":553,"height":547},"alt":"André Bearfield","copyright":null,"url":"https://images.prismic.io/www-static/fdc7c85186f0a850b04083e1d4306bd1c19772e8_andre-bearfield.png?auto=compress,format"},"_meta":{"uid":"andre-bearfield"}},"_meta":{"uid":"introducing-digitalocean-managed-mongodb"}},"featured_blog_2":{"__typename":"PRISMIC_Blog","_linkType":"Link.document","blog_header_image":{"dimensions":{"width":790,"height":400},"alt":"Droplet Console","copyright":null,"url":"https://images.prismic.io/www-static/710499ae-78cc-4179-afc1-15793637b200_DODX3727-790x400-logo-2.jpg?auto=compress,format"},"blog_headline":[{"type":"heading1","text":"Securely connect to Droplets with SSH key pairs using a new Droplet Console","spans":[]}],"blog_post_date":"2021-08-10","blog_post_content":[{"type":"paragraph","text":"The famous author Ken Blanchard once said, “Feedback is the breakfast of champions.\" This is something we truly believe at DigitalOcean, and we always strive to enhance our products based on customer feedback.","spans":[]},{"type":"paragraph","text":"With this goal in mind, we are excited to introduce a new Droplet Console that will make it much easier to connect to your Droplets securely. The new Droplet Console provides one-click SSH access to your Droplets through a native-like SSH/Terminal experience. It also eliminates the need for a password or manual configuration of SSH keys. Starting today, we’re pleased to announce that the new Droplet Console is now available to all Droplet users.","spans":[]},{"type":"heading2","text":"Why you should be using Secure Shell (SSH) ","spans":[]},{"type":"paragraph","text":"Password-based security is notoriously insecure due to password fatigue and the overuse of passwords such as ‘123456’. Secure Shell or SSH is a network communication protocol that solves this by using passwordless solutions for encryption, enabling two computers to communicate and securely share data. At a high level, SSH works by creating cryptographic key pairs consisting of a public and private key, which are computer generated and stored separately to ensure their security. ","spans":[{"start":80,"end":117,"type":"hyperlink","data":{"link_type":"Web","url":"https://cybernews.com/best-password-managers/most-common-passwords/"}}]},{"type":"paragraph","text":"SSH has become the default encryption protocol for many industries, but it was difficult to use SSH keys with DigitalOcean’s current Recovery (VNC) console, which is why we developed our new Droplet Console. The new Droplet Console is backed by an agent that security supervises the key pair, while also providing one-click SSH access to our users. You can see the full list of features below.","spans":[]},{"type":"heading2","text":"The new Droplet Console: More time saving, less time wasting ","spans":[]},{"type":"paragraph","text":"The new Droplet Console is for everyone who is looking to build fast, secure apps and avoid hassles with SSH access & usability issues.","spans":[]},{"type":"paragraph","text":"In addition to easier SSH access, the new Droplet Console comes with:","spans":[]},{"type":"list-item","text":"Copy/paste text: Instead of typing lengthy key pairs and text manually, you can use copy/paste to save time. ","spans":[{"start":0,"end":17,"type":"strong"}]},{"type":"list-item","text":"Multi-color support: Multi-color support makes the console more useful and intuitive, and breaks the conventional standard appearance which is black text on a white background. ","spans":[{"start":0,"end":41,"type":"strong"}]},{"type":"list-item","text":"Multi-language support: DigitalOcean’s new Droplet Console supports multiple languages, meaning you can now type and view any content in any language that is supported by UTF-8","spans":[{"start":0,"end":24,"type":"strong"}]},{"type":"list-item","text":"OS/images supported: Linux distributions (Ubuntu(16.04 - 20.04), Fedora (32 & 33), Debian (9), CentOS (7.6 & 8.3), CentOS 8 Stream, Rocky Linux and Marketplace images.","spans":[{"start":0,"end":20,"type":"strong"},{"start":148,"end":159,"type":"hyperlink","data":{"link_type":"Web","url":"https://marketplace.digitalocean.com/"}}]},{"type":"paragraph","text":"The new Droplet Console is available by default on any new Droplets you spin up. You can also enable it manually on older Droplets. Click here to learn more!","spans":[{"start":132,"end":157,"type":"hyperlink","data":{"link_type":"Web","url":"https://docs.digitalocean.com/products/droplets/how-to/connect-with-console/"}}]},{"type":"paragraph","text":"Check out this short walkthrough video that shows the new Droplet Console in action: ","spans":[]},{"type":"embed","oembed":{"type":"video","embed_url":"https://www.youtube.com/watch?v=Qt7QihVuxiE","title":"Access Your Droplet Terminal Through the Web Console","provider_name":"YouTube","thumbnail_url":"https://i.ytimg.com/vi/Qt7QihVuxiE/hqdefault.jpg","provider_url":"https://www.youtube.com/","author_name":"DigitalOcean","author_url":"https://www.youtube.com/c/Digitalocean","height":113,"width":200,"version":"1.0","thumbnail_height":360,"thumbnail_width":480,"html":"<iframe width=\"200\" height=\"113\" src=\"https://www.youtube.com/embed/Qt7QihVuxiE?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen></iframe>"}},{"type":"paragraph","text":"We hope you’re excited about the new Droplet Console. You’re welcome to spin some Droplets up right now, and try out the new Droplet Console – why wait?","spans":[{"start":72,"end":103,"type":"hyperlink","data":{"link_type":"Web","url":"https://cloud.digitalocean.com/droplets/new"}}]},{"type":"paragraph","text":"Happy coding!","spans":[]},{"type":"paragraph","text":"Harsh Banwait, Senior Product Manager","spans":[]}],"tags":[{"tag1":{"__typename":"PRISMIC_Tag","tag":"Product Updates","_linkType":"Link.document","_meta":{"uid":"product-updates"}}}],"author":{"__typename":"PRISMIC_Author","author_name":"Harsh Banwait","author_image":{"dimensions":{"width":600,"height":399},"alt":null,"copyright":null,"url":"https://images.prismic.io/www-static/e83ff690-b20c-4d88-a2b6-57e562558cd6_download.png?auto=compress,format"},"_meta":{"uid":"harsh-banwait"}},"_meta":{"uid":"new-droplet-console-ssh-support"}},"featured_blog_3":{"__typename":"PRISMIC_Blog","_linkType":"Link.document","blog_header_image":{"dimensions":{"width":790,"height":400},"alt":null,"copyright":null,"url":"https://images.prismic.io/www-static/588e28d3-d41e-480b-937b-8c3b19201f6e_DODX3568-790x400-Blog.jpg?auto=compress,format"},"blog_headline":[{"type":"heading1","text":"How to scale your SaaS product without breaking the bank","spans":[]}],"blog_post_date":"2021-06-22","blog_post_content":[{"type":"paragraph","text":"These days, if you are in the business of software, chances are you are delivering or plan to deliver your services using a Software-as-a-Service (SaaS) model. A combination of internet-based delivery, subscription-based pricing, and low-friction product experiences have made SaaS solutions valuable tools for their users, and an excellent vehicle for software builders looking to distribute their products.","spans":[]},{"type":"paragraph","text":"These factors have made SaaS solutions ubiquitous; SaaS is the largest segment in the public cloud market, and is used to provide functionality ranging from personal finance apps for consumers, to productivity software for businesses, and even tools and services for software developers themselves to compose their applications and simplify their workflows. It is also not uncommon to find micro-SaaS applications being built for specific industries such as retail, job functions such as accounting or marketing, or tasks such as event management. ","spans":[]},{"type":"paragraph","text":"The best thing about this SaaS wave has been that it has allowed a new generation of software builders to build and monetize applications and participate in the digital economy. Previously, you had to be a big company with lots of resources, name recognition and distribution networks to successfully sell software products. Now, irrespective of whether you are a single person working on a passion project, a small team of developers in a startup, or a small and medium-sized business (SMB), the SaaS model enables you to express your ideas in the form of software and deliver them to customers anywhere in the world.","spans":[]},{"type":"heading2","text":"The unique challenges of building SaaS solutions","spans":[]},{"type":"paragraph","text":"","spans":[]},{"type":"paragraph","text":"Despite the opportunities that come with the widespread adoption of SaaS products, software builders still have to answer key questions in their journey to building successful SaaS products. Understanding what customers to target, features to prioritize, how to price your product, and how to acquire customers are all critical questions to figure out while you are also doing the important job of actually building and operating the product. ","spans":[]},{"type":"paragraph","text":"Writing the code, testing, deployment, monitoring the usage in production, and ensuring that your apps are able to handle the additional demand when customer base and usage grows are all essential and time-consuming tasks.","spans":[]},{"type":"paragraph","text":"Additionally, being able to test multiple ideas, pivot, and double down on the ideas that actually work is critical in early stages of SaaS development. Once growth comes, it is equally important to scale up without compromising on performance or reliability. Needless to say, all of this needs to be economically viable as well, since not everyone has the resources of large SaaS providers like Salesforce or Adobe.","spans":[]},{"type":"heading2","text":"Cloud Computing enables builders but also poses challenges","spans":[]},{"type":"paragraph","text":"","spans":[]},{"type":"paragraph","text":"Fortunately, for the act of building and operating your apps, cloud computing can help take some load off your shoulders. Unless you have the scale and resources of Facebook, chances are you are not going to set up your own data centers to host the computing infrastructure that powers your SaaS company. Public cloud infrastructure providers can bring great value to SaaS builders by providing on-demand computing services with usage-based pricing. However, just like how the legacy software companies weren't built for the SaaS model, the early (and big) cloud computing services were not optimized for the unique needs of small SaaS building teams. ","spans":[]},{"type":"paragraph","text":"Smaller SaaS teams face challenges with large cloud computing providers, including:","spans":[]},{"type":"heading4","text":"Too many technology options","spans":[]},{"type":"paragraph","text":"There are just too many options for tech stacks on which to build your SaaS - programming languages, application development frameworks, libraries, runtime environments, architectural patterns, and deployment models - and the list is growing by the day.","spans":[]},{"type":"heading4","text":"Complexity of cloud computing services","spans":[]},{"type":"paragraph","text":"Even when you have decided on a technology stack, there is a lot of cloud vendor-specific terminology you need to learn and heavy lifting you need to do to build on the cloud, not all of which contributes to making your SaaS applications successful.","spans":[]},{"type":"heading4","text":"Unpredictable costs","spans":[]},{"type":"paragraph","text":"The experimentation necessary in early stages of SaaS development, as well as the scaling of applications required during the growth phase, call for affordable and predictable pricing from your cloud provider. The last thing SaaS teams want is surprising and indecipherable bills from your cloud provider. Unfortunately, smaller businesses often experience unpredictable costs with cloud providers who are busy serving only the large enterprises.","spans":[]},{"type":"heading2","text":"DigitalOcean provides a simple, cost effective solution for SaaS builders","spans":[]},{"type":"paragraph","text":"Fortunately, at DigitalOcean we have a laser focus on small software development teams, who are trying to build the next generation of applications. Today, DigitalOcean customers are already building SaaS applications which serve all kinds of customers.","spans":[{"start":191,"end":217,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/solutions/saas/"}}]},{"type":"paragraph","text":"We believe SaaS builders should focus on building apps that power their business, and not spend their valuable time on managing infrastructure. That is exactly what we have been able to enable through our intuitive products that are built for scale and reliability.","spans":[{"start":205,"end":223,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/products/"}}]},{"type":"list-item","text":"Vidazoo is an advertising technology company specializing in video streaming and serving. It serves video ads to thousands of websites and handles close to 10 billion requests per day. \n\n“We are as much a data company as an adtech company. Our business relies on speedy and accurate data processing at massive scale. DigitalOcean provides us the perfect set of tools to operate our SaaS business profitably, while not making us feel the need to become full time system administrators. We plan to move a lot of our apps to DigitalOcean App Platform and other fully managed products.” - Roman Svichar, CTO of Vidazoo","spans":[{"start":0,"end":7,"type":"hyperlink","data":{"link_type":"Web","url":"https://vidazoo.com/"}},{"start":187,"end":583,"type":"em"}]},{"type":"paragraph","text":"We believe in meeting customers where they are. If they already have an understanding of cloud infrastructure technologies, they should be able to leverage that knowledge and get started with our products without any further ramp up.","spans":[]},{"type":"list-item","text":"Whatfix is an enterprise SaaS provider that offers a digital adoption platform to businesses. The company helps enterprises gain the full value of their investments in enterprise applications by providing real-time, interactive, and contextual guidance to users of those applications. \n\n“What we really love about the DigitalOcean platform is the ease of use. We feel like we know infrastructure and can handle most of the configuration and management. What we needed from a cloud was not bells and whistles but efficiency and reliability. DigitalOcean provides us a platform to build our apps and then gets out of the way. Just how we like it.” - Achyuth Krishna, Director of Engineering of Whatfix","spans":[{"start":0,"end":7,"type":"hyperlink","data":{"link_type":"Web","url":"https://whatfix.com/blog/driving-the-future-now-were-excited-to-announce-our-90-million-series-d-funding/"}},{"start":287,"end":648,"type":"em"}]},{"type":"paragraph","text":"We understand that scaling while maintaining reliability of applications and profitability of business is important, so we provide robust solutions which minimize downtime.","spans":[]},{"type":"list-item","text":"Centra is a SaaS-based e-commerce platform for global direct-to-consumer and wholesale e-commerce brands. Centra provides a powerful e-commerce backend that lets brands build pixel-perfect, custom designed, online flagship stores. \n\n“How do we enable our customers to create differentiated online experiences? How do we ensure their e-commerce apps stay up and running at all times? How do we scale on-demand when traffic grows or new customers come in? These are the questions that we ask ourselves every day. Thankfully, we have a partner in DigitalOcean that provides just the platform to answer those questions enabling us to guarantee 99.9% uptime for our clients.” - Martin Jensen, CEO of Centra","spans":[{"start":0,"end":6,"type":"hyperlink","data":{"link_type":"Web","url":"https://centra.com/"}},{"start":233,"end":673,"type":"em"}]},{"type":"paragraph","text":"These are just a few examples of SaaS businesses finding success on DigitalOcean. We are constantly amazed by the creativity and innovation that software builders are utilizing our platform for. If you are interested in learning more about product updates, technical deep-dives and best practices for building SaaS products and businesses, please contact us to learn how we can help you get started. ","spans":[{"start":340,"end":357,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/migrate/?utmmedium=blog","target":"_blank"}}]},{"type":"paragraph","text":"Come build with DigitalOcean!","spans":[]},{"type":"paragraph","text":"Looking to migrate your SaaS to DigitalOcean? Leverage free infrastructure credits, robust training, and technical support to ensure a worry-free migration.","spans":[{"start":0,"end":156,"type":"strong"},{"start":0,"end":156,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/migrate/?utmmedium=blog","target":"_blank"}}]},{"type":"paragraph","text":"","spans":[]},{"type":"paragraph","text":"Raman Sharma","spans":[]},{"type":"paragraph","text":"Vice President, Product & Programs Marketing","spans":[]}],"tags":[{"tag1":{"__typename":"PRISMIC_Tag","tag":"Developer Relations","_linkType":"Link.document","_meta":{"uid":"developer-relations"}}}],"author":{"__typename":"PRISMIC_Author","author_name":"Raman Sharma","author_image":{"dimensions":{"width":512,"height":512},"alt":null,"copyright":null,"url":"https://images.prismic.io/www-static/497b4b14-d192-493a-8b66-7ae176ba99f3_raman.png?auto=compress,format"},"_meta":{"uid":"raman-sharma"}},"_meta":{"uid":"how-to-scale-your-saas-product-without-breaking-the-bank"}}}}]}}},"pageContext":{"limit":12,"skip":240,"numPages":33,"currentPage":21,"data":[{"node":{"author":{"_linkType":"Link.document","author_name":"Stephanie Morillo","author_image":{"dimensions":{"width":188,"height":188},"alt":"Stephanie Morillo","copyright":null,"url":"https://images.prismic.io/www-static/88c5ec7b08345ce34cc82af6a32619bee69b1dae_stephanie_morillo-abc491ab.png?auto=compress,format"},"_meta":{"uid":"stephanie_morillo"}},"blog_header_image":{"dimensions":{"width":784,"height":418},"alt":"Hacktoberfest 2016 illustration","copyright":null,"url":"https://images.prismic.io/www-static/6b0f94d88fd3d4736d1e1c1ecfa5411a3fcc43bc_hero-4.png?auto=compress,format"},"blog_headline":[{"type":"heading1","text":"Ready, Set, Hacktoberfest!","spans":[]}],"blog_post_content":[{"type":"paragraph","text":"October is a special time for open source enthusiasts, open source beginners, and for us at DigitalOcean: It marks the start of Hacktoberfest, which enters its third year this Saturday, October 1!","spans":[{"start":128,"end":141,"type":"strong"}]},{"type":"heading3","text":"What's Hacktoberfest?","spans":[]},{"type":"paragraph","text":"Hacktoberfest—in partnership with GitHub—is a month-long celebration of open source software. Maintainers are invited to guide would-be contributors towards issues that will help move the project forward, and contributors get the opportunity to give back to both projects they like and ones they've just discovered. No contribution is too small—bug fixes and documentation updates are valid ways of participating.","spans":[]},{"type":"preformatted","text":"#Hacktoberfest 2015 swag arrived! Got 24 PRs merged in #ohmyfish#oh-my-fish! Thanks @digitaloceanpic.twitter.com/ttlfkdY13u\n— Derek Stavis (@derekstavis) January 9, 2016","spans":[]},{"type":"heading3","text":"Rules and Prizes","spans":[]},{"type":"paragraph","text":"To participate, first sign up on the Hacktoberfest site. And if you open up four pull requests between October 1 and October 31, you'll win a free, limited edition Hacktoberfest T-shirt. (Pull requests do not have to be merged and accepted; as long as they've been opened between the very start of October 1 and the very end of October 31, they count towards a free T-shirt.)","spans":[{"start":76,"end":94,"type":"strong"},{"start":202,"end":208,"type":"em"}]},{"type":"paragraph","text":"Connect with other Hacktoberfest participants (Hacktobefestants?) by using the hashtag, #Hacktoberfest, on your social media platform of choice.","spans":[]},{"type":"preformatted","text":"#HacktoberfestA photo posted by Coston (@costonperkins) on Dec 18, 2015 at 11:49am PST","spans":[]},{"type":"heading3","text":"What's Different This Year","spans":[]},{"type":"paragraph","text":"We wanted to make it easier for contributors to locate projects that needed help, and we also wanted project maintainers to have the ability to highlight issues that were ready to be worked on. To that end, we've introduced project labeling, allowing project maintainers to add a \"Hacktoberfest\" label to any issues that contributors could start working on. Browse participating projects on GitHub.","spans":[{"start":358,"end":387,"type":"hyperlink","data":{"link_type":"Web","url":"https://github.com/search?l=&amp;q=state%3Aopen+label%3Ahacktoberfest&amp;ref=advsearch&amp;type=Issues&amp;utf8=%E2%9C%93"}}]},{"type":"paragraph","text":"We've also put together a helpful list of resources for both project maintainers and contributors on the Hacktoberfest site.","spans":[{"start":34,"end":51,"type":"hyperlink","data":{"link_type":"Web","url":"https://hacktoberfest.digitalocean.com/#resources"}}]},{"type":"preformatted","text":"Thank you @digitalocean for my #hacktoberfest t-shirt! Can't wait for next year #opensourcepic.twitter.com/NpWP0kO05t\n— Maithu Venkatesh (@indecisivecoder) December 22, 2015","spans":[]},{"type":"preformatted","text":"Wearing my #hacktoberfest t-shirt today & my #GitHub sweater! I now have super powers! :D /cc @digitalocean@githubpic.twitter.com/baHcy5tzci\n— Eddie Jaoude (@eddiejaoude) January 15, 2016","spans":[]},{"type":"paragraph","text":"Ready to get started with Hacktoberfest? Sign up to participate today.","spans":[{"start":41,"end":69,"type":"hyperlink","data":{"link_type":"Web","url":"https://hacktoberfest.digitalocean.com/"}}]},{"type":"paragraph","text":"","spans":[]},{"type":"image","url":"https://images.prismic.io/www-static/2fef50f5944e65e85f23a35f02383fc15aba74a7_banner.png?auto=compress,format","alt":"Hacktoberfest","copyright":null,"dimensions":{"width":728,"height":90}}],"blog_post_date":"2016-09-26","tags":[{"tag1":{"tag":"Community","_linkType":"Link.document","_meta":{"uid":"community"}}}],"_meta":{"uid":"ready-set-hacktoberfest"}}},{"node":{"author":{"_linkType":"Link.document","author_name":"DigitalOcean","author_image":{"dimensions":{"width":600,"height":600},"alt":"Sammy avatar","copyright":null,"url":"https://images.prismic.io/www-static/a10e3c2eb15b74ee43f872be3044313423b1c9a9_sammy_avatar.png?auto=compress,format"},"_meta":{"uid":"digitalocean"}},"blog_header_image":{"dimensions":{"width":785,"height":419},"alt":"high memory droplets","copyright":null,"url":"https://images.prismic.io/www-static/1d1e82c2-8403-446b-be8a-f735b24c339f_hero.png?auto=compress,format"},"blog_headline":[{"type":"heading1","text":"Support RAM-Intensive Workloads with High Memory Droplets","spans":[]}],"blog_post_content":[{"type":"paragraph","text":"At DigitalOcean, we aim to make it simple and intuitive for developers to build and scale their infrastructure, from an application running on a single Droplet to a highly distributed service running across thousands of Droplets. As applications grow and become more specialized, so too do the configurations needed to run them effectively. Recently, with the launch of Block Storage, we made it easy to scale storage independently from compute at a lower price point than before. Today, we're doing something similar for RAM with the release of High Memory Droplet plans.","spans":[{"start":370,"end":383,"type":"hyperlink","data":{"link_type":"Web","url":"https://assets.digitalocean.com/blog/static/block-storage-more-space-to-scale/"}}]},{"type":"paragraph","text":"Standard Droplets offer a great balance of RAM, CPU, and storage for most general use-cases. Our new High Memory Droplets are optimized for RAM-intensive use-cases such as high-performance databases, in-memory caches like Redis or Memcache, or search indexes.","spans":[]},{"type":"paragraph","text":"High Memory Droplet plans start with 16GB and scale up to 224GB of RAM with smaller ratios of local storage and CPU relative to Standard Plans. They are priced 25% lower than our Standard Plans on a per-gigabyte of RAM basis. Find all the details in the chart below and on our pricing page.","spans":[{"start":273,"end":289,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/pricing/"}}]},{"type":"paragraph","text":"","spans":[{"start":0,"end":0,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/pricing/"}}]},{"type":"image","url":"https://images.prismic.io/www-static/8a1863647562dd172b9e4e0b4991c64b09647732_price-chart.png?auto=compress,format","alt":"Pricing chart","copyright":null,"dimensions":{"width":768,"height":220}},{"type":"paragraph","text":"We're actively looking at ways to support more specialized workloads and provide a platform that enables developers to tailor their environment to their applications' needs. We'd love to hear how we can better support your use-case. Let us know in the comments or over on our UserVoice.","spans":[{"start":272,"end":285,"type":"hyperlink","data":{"link_type":"Web","url":"https://digitalocean.uservoice.com"}}]}],"blog_post_date":"2016-09-12","tags":[{"tag1":{"tag":"Product Updates","_linkType":"Link.document","_meta":{"uid":"product-updates"}}}],"_meta":{"uid":"high-memory-droplets"}}},{"node":{"author":{"_linkType":"Link.document","author_name":"DigitalOcean","author_image":{"dimensions":{"width":600,"height":600},"alt":"Sammy avatar","copyright":null,"url":"https://images.prismic.io/www-static/a10e3c2eb15b74ee43f872be3044313423b1c9a9_sammy_avatar.png?auto=compress,format"},"_meta":{"uid":"digitalocean"}},"blog_header_image":{"dimensions":{"width":1400,"height":750},"alt":"hatch","copyright":null,"url":"https://images.prismic.io/www-static/7bb44246-0999-4ba1-9ebd-aa3d1ea7b9c6_hero.png?auto=compress,format"},"blog_headline":[{"type":"heading1","text":"Introducing Hatch (Beta)","spans":[]}],"blog_post_content":[{"type":"paragraph","text":"We're excited to launch Hatch (currently in beta), an online incubator program designed to help and support startups. Infrastructure can be one of the largest expenses facing these companies as they begin to scale. With Hatch, startups can receive access to both DigitalOcean credit and a range of other resources like 1-on-1 technical consultations.","spans":[{"start":24,"end":49,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/hatch"}}]},{"type":"paragraph","text":"Our goal with Hatch is to give back to the startup ecosystem and provide support to founders around the world so they can focus on building their businesses and not worry about their infrastructure. Having come through the Techstars program, we know just how valuable this support network can be.","spans":[]},{"type":"paragraph","text":"The Hatch program includes a range of perks for startups to get started, including 12 months of DigitalOcean credit up to $100,000 (actual amount varies by partner organization). The program also offers various support services such as 1-on-1 technical consultations, access to mentorship opportunities, solutions engineering, and priority support. We're looking to go beyond just offering infrastructure credits. We want to provide founders with an educational and networking experience that will add tremendous value to their startup for the long term.","spans":[]},{"type":"heading2","text":"Is my startup eligible?","spans":[]},{"type":"paragraph","text":"Starting now, we are piloting the program to a small group of startups. While in beta, we'll be working to refine the offering and eligibility criteria for future bootstrapped and funded startups who apply.","spans":[]},{"type":"paragraph","text":"As of today (September 7, 2016), here are the Hatch eligibility requirements for startups:","spans":[]},{"type":"list-item","text":"Must be backed by a partner accelerator, incubator, or VC firm.","spans":[{"start":20,"end":62,"type":"hyperlink","data":{"link_type":"Web","url":"https://digitalocean.com/hatch/#Partners"}}]},{"type":"list-item","text":"Less than 24 months in company duration.","spans":[]},{"type":"list-item","text":"Less than $10 million raised, up to Series A.","spans":[]},{"type":"list-item","text":"Startups who've received previous DigitalOcean promotional credit may not be eligible to receive additional credit.","spans":[]},{"type":"paragraph","text":"You can apply to Hatch by visiting digitalocean.com/hatch and completing the online application. Want to learn more? Read the FAQ.","spans":[{"start":35,"end":57,"type":"hyperlink","data":{"link_type":"Web","url":"https://digitalocean.com/hatch"}},{"start":126,"end":129,"type":"hyperlink","data":{"link_type":"Web","url":"https://digitalocean.com/hatch/#FAQ"}}]},{"type":"heading2","text":"Want to become a partner?","spans":[]},{"type":"paragraph","text":"We're currently adding over a hundred accelerators, investors, and partners to introduce startups around the world to the Hatch community. If you're interested in becoming a portfolio partner of Hatch, you can apply here.","spans":[{"start":210,"end":220,"type":"hyperlink","data":{"link_type":"Web","url":"https://digitalocean.com/hatch/#PartnerApplication"}}]},{"type":"paragraph","text":"Is your startup eligible and do you plan on applying? We'd love to hear from you! Reach out to us on Twitter or use the #hatchyouridea hashtag to tell us what your startup is all about.","spans":[{"start":101,"end":108,"type":"hyperlink","data":{"link_type":"Web","url":"https://twitter.com/digitalocean"}}]}],"blog_post_date":"2016-09-06","tags":[{"tag1":{"tag":"Community","_linkType":"Link.document","_meta":{"uid":"community"}}}],"_meta":{"uid":"introducing-hatch"}}},{"node":{"author":{"_linkType":"Link.document","author_name":"Tommy Murphy","author_image":null,"_meta":{"uid":"tommy_murphy"}},"blog_header_image":{"dimensions":{"width":785,"height":419},"alt":null,"copyright":null,"url":"https://images.prismic.io/www-static/f91f044c-bd4a-44b3-acf8-a2d233442933_vault.png?auto=compress,format"},"blog_headline":[{"type":"heading1","text":"Using Vault as a Certificate Authority for Kubernetes","spans":[]}],"blog_post_content":[{"type":"paragraph","text":"The Delivery team at DigitalOcean is tasked to make shipping internal services quick and easy. In December of 2015, we set out to design and implement a platform built on top of Kubernetes. We wanted to follow the best practices for securing our cluster from the start, which included enabling mutual TLS authentication between all etcd and Kubernetes components.","spans":[{"start":178,"end":188,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-kubernetes-on-top-of-a-coreos-cluster"}}]},{"type":"paragraph","text":"However, this is easier said than done. DigitalOcean currently has 12 datacenters in 3 continents. We needed to deploy at least one Kubernetes cluster to each datacenter, but setting up the certificates for even a single Kubernetes cluster is a significant undertaking, not to mention dealing with certificate renewal and revocation for every datacenter.","spans":[]},{"type":"paragraph","text":"So, before we started expanding the number of clusters, we set out to automate all certificate management using Hashicorp's Vault. In this post, we'll go over the details of how we designed and implemented our certificate authority (CA).","spans":[{"start":112,"end":129,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.vaultproject.io/"}}]},{"type":"heading2","text":"Planning","spans":[]},{"type":"paragraph","text":"We found it helpful to look at all of the communication paths before designing the structure of our certificate authority.","spans":[]},{"type":"image","url":"https://images.prismic.io/www-static/3436dd99-b5a4-4b08-81cd-b7b4c036b498_communication_paths.png?auto=compress,format","alt":"communication path diagrams","copyright":null,"dimensions":{"width":1999,"height":876}},{"type":"paragraph","text":"All Kubernetes operations flow through the kube-apiserver and persist in the etcd datastore. etcd nodes should only accept communication from their peers and the API server. The kubelets or other clients must not be able to communicate with etcd directly. Otherwise, the kube-apiserver's access controls could be circumvented. We also need to ensure that consumers of the Kubernetes API are given an identity (a client certificate) to authenticate to kube-apiserver.","spans":[{"start":288,"end":303,"type":"hyperlink","data":{"link_type":"Web","url":"http://kubernetes.io/docs/admin/authorization/"}},{"start":400,"end":408,"type":"hyperlink","data":{"link_type":"Web","url":"http://kubernetes.io/docs/admin/authentication/"}}]},{"type":"paragraph","text":"With that information, we decided to create 2 certificate authorities per cluster. The first would be used to issue etcd related certificates (given to each etcd node and the kube-apiserver). The second certificate authority would be for Kubernetes, issuing the kube-apiserver and the other Kubernetes components their certificates. The diagram above shows the communications that use the etcd CA in dashed lines and the Kubernetes CA in solid lines.","spans":[]},{"type":"paragraph","text":"With the design finalized, we could move on to implementation. First, we created the CAs and configured the roles to issue certificates. We then configured vault policies to control access to CA roles and created authentication tokens with the necessary policies. Finally, we used the tokens to pull the certificates for each service.","spans":[]},{"type":"heading2","text":"Creating the CAs","spans":[]},{"type":"paragraph","text":"We wrote a script that bootstraps the CAs in Vault required for each new Kubernetes cluster. This script mounts new pki backends to cluster-unique paths and generates a 10 year root certificate for each pki backend.","spans":[]},{"type":"preformatted","text":"```[php]{`","spans":[]},{"type":"paragraph","text":"    vault mount -path $CLUSTER_ID/pki/$COMPONENT pki","spans":[]},{"type":"paragraph","text":"    vault mount-tune -max-lease-ttl=87600h $CLUSTER_ID/pki/etcd","spans":[]},{"type":"paragraph","text":"    vault write $CLUSTER_ID/pki/$COMPONENT/root/generate/internal \\","spans":[]},{"type":"paragraph","text":"    common_name=$CLUSTER_ID/pki/$COMPONENT ttl=87600h","spans":[]},{"type":"paragraph","text":"`}```","spans":[]},{"type":"paragraph","text":"In Kubernetes, it is possible to use the Common Name (CN) field of client certificates as their user name. We leveraged this by creating different roles for each set of CN certificate requests:","spans":[{"start":41,"end":52,"type":"hyperlink","data":{"link_type":"Web","url":"https://en.wikipedia.org/wiki/X.509#Sample_X.509_certificates"}}]},{"type":"preformatted","text":"```[php]{`","spans":[]},{"type":"paragraph","text":"    vault write $CLUSTER_ID/pki/etcd/roles/member \\","spans":[]},{"type":"paragraph","text":"        allow_any_name=true \\","spans":[]},{"type":"paragraph","text":"        max_ttl=\"720h\"","spans":[]},{"type":"paragraph","text":"`}```    ","spans":[]},{"type":"paragraph","text":"The role above, under the cluster's etcd CA, can create a 30 day cert for any CN. The role below, under the Kubernetes CA, can only create a certificate with the CN of \"kubelet\".","spans":[]},{"type":"preformatted","text":"```[php]{`","spans":[]},{"type":"paragraph","text":"    vault write $CLUSTER_ID/pki/k8s/roles/kubelet \\","spans":[]},{"type":"paragraph","text":"        allowed_domains=\"kubelet\" \\","spans":[]},{"type":"paragraph","text":"        allow_bare_domains=true \\","spans":[]},{"type":"paragraph","text":"        allow_subdomains=false \\","spans":[]},{"type":"paragraph","text":"        max_ttl=\"720h\"","spans":[]},{"type":"paragraph","text":"    `}```","spans":[]},{"type":"paragraph","text":"We can create roles that are limited to individual CNs, such as \"kube-proxy\" or \"kube-scheduler\", for each component that we want to communicate with the kube-apiserver.","spans":[]},{"type":"paragraph","text":"Because we configure our kube-apiserver in a high availability configuration, separate from the kube-controller-manager, we also generated a shared secret for those components to use with the `--service-account-private-key-file`flag and write it to the generic secrets backend:","spans":[{"start":45,"end":76,"type":"hyperlink","data":{"link_type":"Web","url":"http://kubernetes.io/docs/admin/high-availability/"}},{"start":228,"end":232,"type":"hyperlink","data":{"link_type":"Web","url":"http://kubernetes.io/docs/admin/kube-controller-manager/"}},{"start":253,"end":276,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.vaultproject.io/docs/secrets/generic/index.html"}}]},{"type":"preformatted","text":"```[php]{`","spans":[]},{"type":"paragraph","text":"    openssl genrsa 4096 > token-key","spans":[]},{"type":"paragraph","text":"    vault write secret/$CLUSTER_ID/k8s/token key=@token-key","spans":[]},{"type":"paragraph","text":"    rm token-key","spans":[]},{"type":"paragraph","text":"    `}```","spans":[]},{"type":"paragraph","text":"In addition to these roles, we created individual policies for each component of the cluster which are used to restrict which paths individual vault tokens can access. Here, we created a policy for etcd members that will only have access to the path to create an etcd member certificate.","spans":[{"start":50,"end":58,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.vaultproject.io/docs/concepts/policies.html"}},{"start":143,"end":155,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.vaultproject.io/docs/concepts/tokens.html"}}]},{"type":"preformatted","text":"```[php]{`","spans":[]},{"type":"paragraph","text":"    cat <<EOT | vault policy-write $CLUSTER_ID/pki/etcd/member -","spans":[]},{"type":"paragraph","text":"    path \"$CLUSTER_ID/pki/etcd/issue/member\" {","spans":[]},{"type":"paragraph","text":"      policy = \"write\"","spans":[]},{"type":"paragraph","text":"    }","spans":[]},{"type":"paragraph","text":"    EOT","spans":[]},{"type":"paragraph","text":"    `}```","spans":[]},{"type":"paragraph","text":"This kube-apiserver policy only has access to the path to create a kube-apiserver certificate and to read the service account private key generated above.","spans":[]},{"type":"preformatted","text":"```[php]{`","spans":[]},{"type":"paragraph","text":"    cat <<EOT | vault policy-write $CLUSTER_ID/pki/k8s/kube-apiserver -","spans":[]},{"type":"paragraph","text":"    path \"$CLUSTER_ID/pki/k8s/issue/kube-apiserver\" {","spans":[]},{"type":"paragraph","text":"      policy = \"write\"","spans":[]},{"type":"paragraph","text":"    }","spans":[]},{"type":"paragraph","text":"    path \"secret/$CLUSTER_ID/k8s/token\" {","spans":[]},{"type":"paragraph","text":"      policy = \"read\"","spans":[]},{"type":"paragraph","text":"    }","spans":[]},{"type":"paragraph","text":"    EOT","spans":[]},{"type":"paragraph","text":"    `}```","spans":[]},{"type":"paragraph","text":"Now that we have the structure of CAs and policies created in Vault, we need to configure each component to fetch and renew its own certificates.","spans":[]},{"type":"heading2","text":"Getting Certificates","spans":[]},{"type":"paragraph","text":"We provided each machine with a Vault token that can be renewed indefinitely. This token is only granted the policies that it requires. We set up the token role in Vault with:","spans":[]},{"type":"preformatted","text":"```[php]{`","spans":[]},{"type":"paragraph","text":"    vault write auth/token/roles/k8s-$CLUSTER_ID \\","spans":[]},{"type":"paragraph","text":"    period=\"720h\" \\","spans":[]},{"type":"paragraph","text":"    orphan=true \\","spans":[]},{"type":"paragraph","text":"    allowed_policies=\"$CLUSTER_ID/pki/etcd/member,$CLUSTER_ID/pki/k8s/kube-apiserver...\"","spans":[]},{"type":"paragraph","text":"    `}```","spans":[]},{"type":"paragraph","text":"Then, we built tokens from that token role with the necessary policies for the given node. As an example, the etcd nodes were provisioned with a token generated from this command:","spans":[]},{"type":"preformatted","text":"```[php]{`","spans":[]},{"type":"paragraph","text":"    vault token-create \\","spans":[]},{"type":"paragraph","text":"      -policy=\"$CLUSTER_ID/pki/etcd/member\" \\","spans":[]},{"type":"paragraph","text":"      -role=\"k8s-$CLUSTER\"","spans":[]},{"type":"paragraph","text":"   `}``` ","spans":[]},{"type":"paragraph","text":"All that is left now is to configure each service with the appropriate certificates.","spans":[]},{"type":"heading2","text":"Configuring the Services","spans":[]},{"type":"paragraph","text":"We chose to use consul-template to configure services since it will take care of renewing the Vault token, fetching new certificates, and notifying the services to restart when new certificates are available. Our etcd node consul-template configuration is:","spans":[{"start":16,"end":31,"type":"hyperlink","data":{"link_type":"Web","url":"https://github.com/hashicorp/consul-template"}}]},{"type":"preformatted","text":"```[php]{`","spans":[]},{"type":"paragraph","text":"    {","spans":[]},{"type":"paragraph","text":"      \"template\": {","spans":[]},{"type":"paragraph","text":"        \"source\": \"/opt/consul-template/templates/cert.template\",","spans":[]},{"type":"paragraph","text":"        \"destination\": \"/opt/certs/etcd.serial\",","spans":[]},{"type":"paragraph","text":"        \"command\": \"/usr/sbin/service etcd restart\"","spans":[]},{"type":"paragraph","text":"      },","spans":[]},{"type":"paragraph","text":"      \"vault\": {","spans":[]},{"type":"paragraph","text":"        \"address\": \"VAULT_ADDRESS\",","spans":[]},{"type":"paragraph","text":"        \"token\": \"VAULT_TOKEN\",","spans":[]},{"type":"paragraph","text":"        \"renew\": true","spans":[]},{"type":"paragraph","text":"      }","spans":[]},{"type":"paragraph","text":"    }","spans":[]},{"type":"paragraph","text":"`}```    ","spans":[]},{"type":"paragraph","text":"Because consul-template will only write one file per template and we needed to split our certificate into its components (certificate, private key, and issuing certificate), we wrote a custom plugin that takes in the data, a file path, and an file owner. Our certificate template for etcd nodes uses this plugin:","spans":[{"start":185,"end":198,"type":"hyperlink","data":{"link_type":"Web","url":"https://gist.github.com/tam7t/1b45125ae4de13b3fc6fd0455954c08e"}}]},{"type":"preformatted","text":"```[php]{`","spans":[]},{"type":"paragraph","text":"    {{ with secret \"$CLUSTER_ID/pki/data/issue/member\" \"common_name=$FQDN\"}}","spans":[]},{"type":"paragraph","text":"    {{ .Data.serial_number }}","spans":[]},{"type":"paragraph","text":"    {{ .Data.certificate | plugin \"certdump\" \"/opt/certs/etcd-cert.pem\" \"etcd\"}}","spans":[]},{"type":"paragraph","text":"    {{ .Data.private_key | plugin \"certdump\" \"/opt/certs/etcd-key.pem\" \"etcd\"}}","spans":[]},{"type":"paragraph","text":"    {{ .Data.issuing_ca | plugin \"certdump\" \"/opt/certs/etcd-ca.pem\" \"etcd\"}}","spans":[]},{"type":"paragraph","text":"    {{ end }}","spans":[]},{"type":"paragraph","text":"   `}``` ","spans":[]},{"type":"paragraph","text":"The etcd process was then configured with the following options so that both peers and clients must present a certificate issued from Vault in order to communicate:","spans":[]},{"type":"preformatted","text":"```[php]{`","spans":[]},{"type":"paragraph","text":"    --peer-cert-file=/opt/certs/etcd-cert.pem ","spans":[]},{"type":"paragraph","text":"    --peer-key-file=/opt/certs/etcd-key.pem ","spans":[]},{"type":"paragraph","text":"    --peer-trusted-ca-file=/opt/certs/etcd-ca.pem ","spans":[]},{"type":"paragraph","text":"    --peer-client-cert-auth","spans":[]},{"type":"paragraph","text":"    --cert-file=/opt/certs/etcd-cert.pem ","spans":[]},{"type":"paragraph","text":"    --key-file=/opt/certs/etcd-key.pem ","spans":[]},{"type":"paragraph","text":"    --trusted-ca-file=/opt/certs/etcd-ca.pem ","spans":[]},{"type":"paragraph","text":"    --client-cert-auth","spans":[]},{"type":"paragraph","text":"    `}```","spans":[]},{"type":"paragraph","text":"The kube-apiserver has one certificate template for communicating with etcd and one for the Kubernetes components, and the process is configured with the appropriate flags: ","spans":[]},{"type":"preformatted","text":"```[php]{`","spans":[]},{"type":"paragraph","text":"    --etcd-certfile=/opt/certs/etcd-cert.pem ","spans":[]},{"type":"paragraph","text":"    --etcd-keyfile=/opt/certs/etcd-key.pem ","spans":[]},{"type":"paragraph","text":"    --etcd-cafile=/opt/certs/etcd-ca.pem","spans":[]},{"type":"paragraph","text":"    --tls-cert-file=/opt/certs/apiserver-cert.pem ","spans":[]},{"type":"paragraph","text":"    --tls-private-key-file=/opt/certs/apiserver-key.pem ","spans":[]},{"type":"paragraph","text":"    --client-ca-file=/opt/certs/apiserver-ca.pem ","spans":[]},{"type":"paragraph","text":"    `}```","spans":[]},{"type":"paragraph","text":"The first three etcd flags allow the kube-apiserver to communicate with etcd with a client certificate; the two TLS flags allow it to host the API over a TLS connection; the last flag allows it to verify clients by ensuring that their certificates were signed by the same CA that issued the kube-apiserver certificate.","spans":[]},{"type":"heading2","text":"Conclusion","spans":[]},{"type":"paragraph","text":"Each component of the architecture is issued a unique certificate and the entire process is fully automated. Additionally, we have an audit log of all certificates issued, and frequently exercise certificate expiration and rotation.","spans":[]},{"type":"paragraph","text":"We did have to put in some time up front to learn Vault, discover the appropriate command line arguments, and integrate the solution discussed here into our existing configuration management system. However, by using Vault as a certificate authority, we drastically reduced the effort required to set up and maintain many Kubernetes clusters.","spans":[]},{"type":"paragraph","text":"  ","spans":[]},{"type":"paragraph","text":"  by Tommy Murphy","spans":[{"start":5,"end":17,"type":"hyperlink","data":{"link_type":"Web","url":"https://twitter.com/tam7t"}}]}],"blog_post_date":"2016-09-05","tags":[{"tag1":{"tag":"Engineering","_linkType":"Link.document","_meta":{"uid":"engineering"}}}],"_meta":{"uid":"vault-and-kubernetes"}}},{"node":{"author":{"_linkType":"Link.document","author_name":"Una Kravets","author_image":null,"_meta":{"uid":"una_kravets"}},"blog_header_image":{"dimensions":{"width":1568,"height":836},"alt":null,"copyright":null,"url":"https://images.prismic.io/www-static/dc692094-7bc8-44f6-a13d-1f3cf9d8edc3_faster.png?auto=compress,format"},"blog_headline":[{"type":"heading1","text":"Faster and More Accessible: The New digitalocean.com","spans":[]}],"blog_post_content":[{"type":"paragraph","text":"It's here! The new digitalocean.com launched last week, and we're so excited to share it with you.","spans":[]},{"type":"paragraph","text":"We unified the site with our updated branding, but more importantly, we focused on improving the site's accessibility, organization, and performance. This means that you'll now have faster load times, less data burden, and a more consistent experience.","spans":[]},{"type":"paragraph","text":"This rebuild is a nod to the values at the core of our company: we want to build fast, reliable products that anyone can use. So how did we make our site twice as fast and WCAG AA compliant? Read on:","spans":[]},{"type":"image","url":"https://images.prismic.io/www-static/4b758198-33fb-4972-8475-1b095bd41067_site.jpg?auto=compress,format","alt":"website","copyright":null,"dimensions":{"width":1999,"height":1008}},{"type":"heading2","text":"Accessibility","spans":[]},{"type":"paragraph","text":"One of the biggest concerns we had for our website redesign was making it accessible for users with low vision, people who use screen readers, and users who navigate via keyboard. Our primary focus was to be WCAG 2.0 AA compliant in terms of color contrast and to use accurately semantic HTML. This alone took care of most of the accessibility concerns we faced.","spans":[{"start":208,"end":216,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.w3.org/WAI/intro/wcag"}}]},{"type":"paragraph","text":"We also made sure to include text with any descriptive icons and images. Where we couldn't use native HTML or SVG elements, we used ARIA roles and attributes, especially focusing on our forms and interactive elements. The design team did explorations based on the various ways people may perceive color and put our components through a variety of tests to make sure these were also accounted for.","spans":[]},{"type":"image","url":"https://images.prismic.io/www-static/895ff693-06c1-4e94-9787-adb87b232e12_visionview.png?auto=compress,format","alt":"control panel color palette","copyright":null,"dimensions":{"width":1570,"height":1370}},{"type":"paragraph","text":"We keep track of our progress on an internally-hosted application called pa11y, and when we uploaded our new site to the staging server initially, seeing the drop in errors and warnings made all of the audits worth it:","spans":[{"start":73,"end":78,"type":"hyperlink","data":{"link_type":"Web","url":"https://una.im/pa11y-dash/"}}]},{"type":"image","url":"https://images.prismic.io/www-static/cde90e03-3642-4ab4-9197-5089b6399958_pa11y.jpg?auto=compress,format","alt":"pa11y dashboard","copyright":null,"dimensions":{"width":1570,"height":823}},{"type":"heading2","text":"A Unified System","spans":[]},{"type":"paragraph","text":"The old digitalocean.com CSS had thousands of rules, declarations, and unique colors. The un-gzipped file size came out to a whopping 306 kB.","spans":[]},{"type":"paragraph","text":"For the redesign, we implemented a new design system called Float based on reusable components and utility classes to simplify and streamline our styles. With the Float framework, which we hope to open source soon, we were able to get the CSS file size down to almost a quarter of its original size: **only 80kB!**","spans":[]},{"type":"paragraph","text":"We also dramatically reduced the complexity of our CSS and unified our design. We now have:","spans":[]},{"type":"list-item","text":"978 rules, down from 3200+","spans":[]},{"type":"list-item","text":"26 unique colors, down from over 100","spans":[]},{"type":"list-item","text":"5 unique background colors, down from 59","spans":[]},{"type":"list-item","text":"7 media queries, down from 61","spans":[]},{"type":"paragraph","text":"This framework allowed us to have a reference to existing code contained in a map that we referenced instead of creating new variable units. This is how we got reduced the size of our media queries by 89%. We also used utility classes (such as `u-mb--large`, which translates to \"utility, margin-bottom, large\") to unify our margin and padding sizes, which reduced the number of unique spacing resets previously sent down to users by 75%.","spans":[]},{"type":"paragraph","text":"Not only is the CSS more unified throughout the site, both visually and variably, it is also much more performant as a result, saving users both time and data.","spans":[]},{"type":"heading2","text":"Front-end Performance","spans":[]},{"type":"paragraph","text":"The largest pain point in terms of load time on the web in general is easily media assets. According to the HTTP archive, as of July 15 of 2016, the average web page is 2409 kB. Images make up about 63% of this, at an average of 1549 kB. On the new digitalocean.com, we've kept this in mind, and had a higher goal for our site assets: less than 1000 kB with a very fast first load time.","spans":[{"start":83,"end":89,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.keycdn.com/blog/web-performance-advice/"}}]},{"type":"paragraph","text":"We use SVG images for most of our media and icons throughout the site, which are generally much smaller than `.jpg` or `.png` formats due to their nature; SVGs are instructions for painting images rather than raster full images themselves. This also means that the images can scale and shrink with no loss of quality in their designs across various devices.","spans":[]},{"type":"paragraph","text":"We've also built an icon sprite system using `<symbol>` and `<use>` to access these icons. This way, they can be shared in a single resource download for the user throughout the site. Like our scripts, we minify these sprites to eliminate additional white space, as well as minify all of our media assets automatically through our `gulp`-based build process.","spans":[]},{"type":"paragraph","text":"There was one asset, however, that rang in at 600 kB on the old digitalocean.com: the animated gif on the homepage. Gifs are huge file formats, but can be very convenient. To minify this asset as much as possible, we manually edited it in Photoshop to reduce the color range to necessary colors and manipulated the frame count by hand. This saved 200 kB from the already-automatically-optimized gif alone without reducing its physical size, getting our site down to that goal of less than 1000 kB.","spans":[]},{"type":"image","url":"https://images.prismic.io/www-static/ff3e3bfd-689e-4f43-9b66-ad3d5b4262d7_site-comparison-summ.png?auto=compress,format","alt":"site comparison summary","copyright":null,"dimensions":{"width":1761,"height":569}},{"type":"paragraph","text":"","spans":[]},{"type":"heading2","text":"Conclusion","spans":[]},{"type":"paragraph","text":"There is always more work to be done in terms of improved performance and better accessibility, but we're proud of the improvements we've made so far and we'd love to hear what you think of the new digitalocean.com!","spans":[]}],"blog_post_date":"2016-08-17","tags":[{"tag1":{"tag":"Design","_linkType":"Link.document","_meta":{"uid":"design"}}}],"_meta":{"uid":"faster-and-more-accessible-the-new-digitaloceancom"}}},{"node":{"author":{"_linkType":"Link.document","author_name":"Rafael Rosa","author_image":{"dimensions":{"width":250,"height":250},"alt":"Rafael Rosa","copyright":null,"url":"https://images.prismic.io/www-static/6326cb734e557630247062ec390166664f5d3b63_77d07a0ba7bc27b40afc8f5932c57417.png?auto=compress,format"},"_meta":{"uid":"rafael_rosa"}},"blog_header_image":{"dimensions":{"width":785,"height":419},"alt":"introducing block storage","copyright":null,"url":"https://images.prismic.io/www-static/1cc14265-6279-4707-80e0-1952ebaf6ac3_hero.png?auto=compress,format"},"blog_headline":[{"type":"heading1","text":"Block Storage: More Space to Scale","spans":[]}],"blog_post_content":[{"type":"paragraph","text":"At DigitalOcean, our vision has always been to build a platform that allows developers to run their infrastructure at scale without getting in their way. To date, the top feature request from our community has been to have the ability to add additional disk space to their Droplets. Today, we are excited to introduce Block Storage to make that possible.","spans":[{"start":167,"end":186,"type":"hyperlink","data":{"link_type":"Web","url":"https://digitalocean.uservoice.com/forums/136585-digitalocean/suggestions/3127077-extra-diskspace"}},{"start":318,"end":331,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/products/storage/"}},{"start":318,"end":331,"type":"strong"}]},{"type":"paragraph","text":"Over the past few months, our product and engineering teams have been working to deliver a storage service that is as simple and intuitive as our compute, the Droplet. With the help of more than 15,000 beta users, we have designed an experience that is focused on reducing friction and allowing you to scale with ease.","spans":[{"start":195,"end":212,"type":"hyperlink","data":{"link_type":"Web","url":"https://twitter.com/search?src=typd&amp;q=digitalocean%20upcoming%20storage"}}]},{"type":"paragraph","text":"With Block Storage, you can now scale your storage independently of your compute and have more control over how you grow your infrastructure, enabling you to build and scale larger applications more easily. Like the Droplet, Block Storage is SSD-based and has an easy-to-use API. Our pricing model is straightforward, based only on capacity: $0.10/GB per month. There are no complicated formulas necessary to determine your overall cost.","spans":[{"start":342,"end":360,"type":"strong"}]},{"type":"paragraph","text":"Let's get to some details:","spans":[]},{"type":"heading3","text":"Highly Available and Redundant","spans":[]},{"type":"paragraph","text":"Block Storage stores data on hardware that is separated from the Droplet and replicated multiple times across different racks, reducing the chances of data loss in the event of hardware failure.","spans":[]},{"type":"heading3","text":"Scalable and Flexible","spans":[]},{"type":"paragraph","text":"You can easily scale up and resize your Storage volumes from 1GB to 16TB and move them between Droplets via the control panel or API. As your storage needs grow, you can expand an existing volume or add more volumes to your Droplet.","spans":[]},{"type":"heading3","text":"Reliable and Secure","spans":[]},{"type":"paragraph","text":"All the data is encrypted at rest and transmitted to the Droplets over isolated networks.","spans":[]},{"type":"heading3","text":"Multiple Regions","spans":[]},{"type":"paragraph","text":"You can create Block Storage volumes right now in NYC1 and our new SFO2 region. FRA1 is next in line and will be available in the coming weeks. We're working quickly to expand to other regions. More updates to come.","spans":[{"start":50,"end":54,"type":"strong"},{"start":67,"end":71,"type":"strong"},{"start":80,"end":84,"type":"strong"}]},{"type":"paragraph","text":"Update: As of Monday, August 1st Block Storage is now live in FRA1! Stay tuned for more updates as it rolls out across our regions.","spans":[{"start":0,"end":7,"type":"strong"},{"start":68,"end":95,"type":"hyperlink","data":{"link_type":"Web","url":"http://twitter.com/digitalocean"}}]},{"type":"heading3","text":"Getting Started","spans":[]},{"type":"paragraph","text":"When you log in to your dashboard, you will see a new Volumes tab that has an overview of your volumes:","spans":[{"start":9,"end":33,"type":"hyperlink","data":{"link_type":"Web","url":"https://cloud.digitalocean.com/login"}}]},{"type":"image","url":"https://images.prismic.io/www-static/6b612457b8f38befdd9337e24a72d8b93099dfed_volumes-overview.png?auto=compress,format","alt":"Volumes overview","copyright":null,"dimensions":{"width":1036,"height":657}},{"type":"paragraph","text":"You will also be able to add volumes right from a Droplet's page:","spans":[]},{"type":"image","url":"https://images.prismic.io/www-static/ca22a4b9375b8d5018380a09ac30ab11281dafed_droplet-page.png?auto=compress,format","alt":"Volumes tab on Droplet page","copyright":null,"dimensions":{"width":1040,"height":855}},{"type":"paragraph","text":"Once you have a volume attached to your Droplet, use the simple copy and paste instructions displayed on your dashboard to configure it. For more information on working with your Block Storage volumes, read our community tutorials about Linux filesystems and tools and our introduction to Block Storage.","spans":[{"start":237,"end":264,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/community/tags/storage?type=tutorials"}},{"start":273,"end":302,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/community/tutorials/how-to-use-block-storage-on-digitalocean"}}]},{"type":"paragraph","text":"Like all DigitalOcean resources, you can also automate provisioning using our brand new volumes API or doctl, the official DigitalOcean command-line client.","spans":[{"start":88,"end":99,"type":"hyperlink","data":{"link_type":"Web","url":"https://developers.digitalocean.com/documentation/v2/#block-storage"}},{"start":103,"end":155,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/community/tutorials/how-to-use-doctl-the-official-digitalocean-command-line-client"}}]},{"type":"heading3","text":"Thank You","spans":[]},{"type":"paragraph","text":"The whole team at DigitalOcean would like to thank all the beta testers who helped shape Block Storage and everyone who continues to provide feedback and offer suggestions. There is so much more we are excited to share with you in the future as we continue to strive to simplify infrastructure.","spans":[{"start":154,"end":171,"type":"hyperlink","data":{"link_type":"Web","url":"https://digitalocean.uservoice.com"}}]}],"blog_post_date":"2016-07-12","tags":[{"tag1":{"tag":"Product Updates","_linkType":"Link.document","_meta":{"uid":"product-updates"}}},{"tag1":{"tag":"News","_linkType":"Link.document","_meta":{"uid":"news"}}}],"_meta":{"uid":"block-storage-more-space-to-scale"}}},{"node":{"author":{"_linkType":"Link.document","author_name":"DigitalOcean","author_image":{"dimensions":{"width":600,"height":600},"alt":"Sammy avatar","copyright":null,"url":"https://images.prismic.io/www-static/a10e3c2eb15b74ee43f872be3044313423b1c9a9_sammy_avatar.png?auto=compress,format"},"_meta":{"uid":"digitalocean"}},"blog_header_image":{"dimensions":{"width":784,"height":419},"alt":"san francisco sf2","copyright":null,"url":"https://images.prismic.io/www-static/70e8977e-892c-4f85-b9dd-bd8ea5bcce85_hero.png?auto=compress,format"},"blog_headline":[{"type":"heading1","text":"Announcing SFO2: Hello Again San Francisco!","spans":[]}],"blog_post_content":[{"type":"paragraph","text":"Great news: SFO2 is now live! It will be our second West Coast datacenter joining SFO1, one of our most popular. By adding a second datacenter to the region, we are enabling developers to build out more resilient infrastructure. Creating redundancy by scaling across multiple datacenters in the same region enables more robust applications.","spans":[{"start":12,"end":16,"type":"strong"}]},{"type":"paragraph","text":"When architecting for high-availability, replicating your data and being able to failover from one datacenter to another can keep application downtime to a minimum even in the face an unlikely outage. SFO2 opens up the possibility for our users in the region to design more fault-tolerant infrastructure.","spans":[]},{"type":"paragraph","text":"SFO2 comes with our latest hypervisor design, and the datacenter is equipped with 40GbE networking. Built with Block Storage in mind, the feature will be available here on day one of general availability.","spans":[{"start":111,"end":124,"type":"strong"}]},{"type":"paragraph","text":"Offering both new features and greater reliability, we think this one of our most exciting datacenter launches yet.","spans":[]},{"type":"paragraph","text":"Deploy your first Droplet in SFO2 today!","spans":[{"start":0,"end":39,"type":"hyperlink","data":{"link_type":"Web","url":"https://cloud.digitalocean.com/droplets/new?region=sfo2"}}]}],"blog_post_date":"2016-07-11","tags":[{"tag1":{"tag":"News","_linkType":"Link.document","_meta":{"uid":"news"}}}],"_meta":{"uid":"announcing-sfo2"}}},{"node":{"author":{"_linkType":"Link.document","author_name":"Ben Uretsky","author_image":{"dimensions":{"width":197,"height":197},"alt":"Ben Uretsky","copyright":null,"url":"https://images.prismic.io/www-static/9c33dc1465bf14e543a18d402452f77970d3b4c1_aaeaaqaaaaaaaa3gaaaajdbmyjgxnzvjlti2zwutnddlzi04mgyxltlhyjfhotnlytgzna.jpg?auto=compress,format"},"_meta":{"uid":"ben_uretsky"}},"blog_header_image":null,"blog_headline":[{"type":"heading1","text":"Update on the NRA Trademark Complaint","spans":[]}],"blog_post_content":[{"type":"paragraph","text":"Yesterday, network access was taken down to sharethesafety.org which was hosted on our service by a customer, an intermediate platform provider. We want to let you know what happened.","spans":[]},{"type":"paragraph","text":"On June 23rd, we received notice from the NRA's counsel that sharethesafety.org was infringing NRA's trademarks. The NRA demanded that we remedy the problem by removing the material. In response, we followed our standard procedures for trademark infringement notices and informed the customer immediately of the NRA's demands. We provided more than 5 days for the customer to respond to or resolve the issue. We also spoke to the customer on several occasions to inform them that we intended to take action on the trademark claim. They chose not to remove the violating material. Accordingly, our Trust & Safety team restricted network access to their Droplet, which caused an outage to all of their user's websites hosted on that Droplet. In less than 2 hours of the outage, the customer was able to address the trademark notice, and network access was immediately restored.","spans":[]},{"type":"paragraph","text":"DigitalOcean followed procedures that help protect us from having to resolve what can be complicated disputes between third party rights holders and our customers regarding IP issues. In this case we should have given greater care to the customer's voice and their right to engage in parody. In retrospect, we believe that the website identified in the NRA's takedown notice was not a trademark infringement but was instead protected by the First Amendment. We at DigitalOcean champion freedom of speech and the free and open web.","spans":[]},{"type":"paragraph","text":"Going forward, we will be working closely with our legal counsel to review our Trust & Safety procedures so we can make better decisions. We are committed to providing our customers with the best level of service and supporting their rights and freedoms. That is our responsibility as an infrastructure service provider and one that I take very seriously.","spans":[]},{"type":"paragraph","text":"Sincerely,","spans":[]},{"type":"paragraph","text":"Ben Uretsky","spans":[]},{"type":"paragraph","text":"Co-Founder & CEO","spans":[]}],"blog_post_date":"2016-06-29","tags":[{"tag1":{"tag":"News","_linkType":"Link.document","_meta":{"uid":"news"}}}],"_meta":{"uid":"update-on-the-nra-trademark-complaint"}}},{"node":{"author":{"_linkType":"Link.document","author_name":"Josh Viney","author_image":{"dimensions":{"width":250,"height":250},"alt":"Josh Viney","copyright":null,"url":"https://images.prismic.io/www-static/a2f3442df272c869c0482d6e5ecc23d3fbc6baf1_f2e1ef84a186a79c8c642193dbbed89f.jpg?auto=compress,format"},"_meta":{"uid":"josh_viney"}},"blog_header_image":{"dimensions":{"width":784,"height":418},"alt":"teams ship","copyright":null,"url":"https://images.prismic.io/www-static/2a2cae79-3060-4f2e-a832-30859e99dc92_hero.png?auto=compress,format"},"blog_headline":[{"type":"heading1","text":"Teams: Work Better Together","spans":[]}],"blog_post_content":[{"type":"paragraph","text":"At DigitalOcean we know that it takes teamwork to build and ship great things to the world. Our own products wouldn't exist without passionate, hard-working teams collaborating to create easy-to-use experiences for developers.","spans":[]},{"type":"paragraph","text":"A year ago we launched Teams on DigitalOcean to \"better support teams of developers and companies working on large-scale and established applications.\" The first iteration focused on developer teams managing larger, more complex, production systems by organizing all of their infrastructure under one roof, with one invoice, and no shared credentials.","spans":[{"start":23,"end":44,"type":"hyperlink","data":{"link_type":"Web","url":"https://assets.digitalocean.com/blog/static/team-accounts-share-resources-not-passwords/"}}]},{"type":"paragraph","text":"Since then, over 30,000 teams have been created, with some of those teams having hundreds of members. We felt this was a good first step, and we were interested to hear what you had to say about how we could help your teams work better. The feedback we received was resounding:","spans":[]},{"type":"list-item","text":"Developers often contribute to multiple teams at the same time and want to easily switch between them without having multiple logins","spans":[]},{"type":"list-item","text":"Managers need easy-to-use tools to help make sure that everyone has access to the right teams at the right time","spans":[]},{"type":"list-item","text":"Teams, even within the same organization, often have different budgets that need to be managed by different departments","spans":[]},{"type":"paragraph","text":"We are happy to announce that, as of today, we've made it even easier to work with your teams using DigitalOcean. These improvements make scaling team collaboration simple.","spans":[]},{"type":"heading3","text":"One account, multiple teams","spans":[]},{"type":"paragraph","text":"Team members are no longer restricted to membership in a single team. With a single login, everyone can now be a part of up to 10 teams.","spans":[]},{"type":"heading3","text":"Easily switch between teams and your personal account","spans":[]},{"type":"paragraph","text":"There is now an easy-to-use dropdown for switching between your personal account and teams, located at the top-right of the control panel.","spans":[]},{"type":"image","url":"https://images.prismic.io/www-static/1bf9210b25296ad11190646ef29f174c6ef48cb9_cp.png?auto=compress,format","alt":"Switching teams","copyright":null,"dimensions":{"width":750,"height":410}},{"type":"heading3","text":"Better invitations & team management","spans":[]},{"type":"paragraph","text":"It's easier than ever to invite members of your team. We added Gmail support, so you can connect and quickly invite your existing team in just a few clicks. Team owners can now see which team members have turned on two-factor-auth, and we've added better search and sorting functionality to help really large teams easily manage their members.","spans":[]},{"type":"heading3","text":"New role for \"billing\"","spans":[]},{"type":"paragraph","text":"Lastly, for teams who need someone to make sure everything keeps running smoothly, there is a new \"billing\" role within a team, which grants access to your account's billing settings but not Droplets.","spans":[]},{"type":"heading3","text":"Keep the ideas coming","spans":[]},{"type":"paragraph","text":"Thank you to everyone who has used Teams and provided feedback. We hope these improvements help make it a little easier for you to build and ship great things. Please keep the feedback coming. We would love to hear from you!","spans":[{"start":167,"end":191,"type":"hyperlink","data":{"link_type":"Web","url":"https://digitalocean.uservoice.com/"}}]}],"blog_post_date":"2016-06-14","tags":[{"tag1":{"tag":"Product Updates","_linkType":"Link.document","_meta":{"uid":"product-updates"}}}],"_meta":{"uid":"teams-work-better-together"}}},{"node":{"author":{"_linkType":"Link.document","author_name":"DigitalOcean","author_image":{"dimensions":{"width":600,"height":600},"alt":"Sammy avatar","copyright":null,"url":"https://images.prismic.io/www-static/a10e3c2eb15b74ee43f872be3044313423b1c9a9_sammy_avatar.png?auto=compress,format"},"_meta":{"uid":"digitalocean"}},"blog_header_image":{"dimensions":{"width":784,"height":393},"alt":"Namaste India illustration with words Introducing Our Bangalore Region text","copyright":null,"url":"https://images.prismic.io/www-static/f56678231bf22603bbbcf34edc114d0737eeac75_hero-3.png?auto=compress,format"},"blog_headline":[{"type":"heading1","text":"Introducing Our Bangalore Region: BLR1","spans":[]}],"blog_post_content":[{"type":"paragraph","text":"Today we are excited to announce the launch of our first datacenter in India and our twelfth globally. Developers can now launch Droplets in our newest region, Bangalore (BLR1)!","spans":[]},{"type":"paragraph","text":"Our community has been requesting an India region for a while now, and we're thrilled to announce that it is now finally available. We will continue to offer a single pricing plan across all of our datacenters worldwide, including Bangalore, with SSD cloud servers starting at $5 USD per month.","spans":[{"start":34,"end":49,"type":"hyperlink","data":{"link_type":"Web","url":"https://digitalocean.uservoice.com/forums/136585-digitalocean/suggestions/4135044-india-datacenter"}}]},{"type":"paragraph","text":"Our goal is to empower developers and software companies around the world to build amazing things, and our robust, affordable, and simple infrastructure is making the cloud more accessible than ever. Today, India is home to the fastest growing ecosystem of startups and entrepreneurs, with approximately 4,000 startups launching this past year. With the number of software developers throughout India expected to grow to over 5 million by the year 2018, this region is poised to unleash a tremendous amount of innovation in the next decade. We want to be there to support every startup to grow and succeed.","spans":[]},{"type":"paragraph","text":"We're focused on making it easier than ever before for startups and teams of software developers from India, and around the world, to deploy and scale their applications.  We are excited to see what we can build together in Bangalore.","spans":[{"start":212,"end":220,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/company/careers#india-outreach-manager-"}}]},{"type":"paragraph","text":"No need to wait any longer. Spin up a Droplet in BLR1!","spans":[{"start":28,"end":53,"type":"hyperlink","data":{"link_type":"Web","url":"https://cloud.digitalocean.com/droplets/new?size=2gb&amp;region=blr1"}}]}],"blog_post_date":"2016-05-30","tags":[{"tag1":{"tag":"News","_linkType":"Link.document","_meta":{"uid":"news"}}}],"_meta":{"uid":"introducing-our-bangalore-region-blr1"}}},{"node":{"author":{"_linkType":"Link.document","author_name":"Zach Bouzan-Kaloustian","author_image":{"dimensions":{"width":250,"height":250},"alt":"Zach Bouzan-Kaloustian","copyright":null,"url":"https://images.prismic.io/www-static/6076c49b078b31d5b145ee96f4021e96d2712d08_be963f203fd2f6d0952c7ff4304005d0.jpg?auto=compress,format"},"_meta":{"uid":"zach_bouzan_kaloustian"}},"blog_header_image":null,"blog_headline":[{"type":"heading1","text":"Details on Expiring DigitalOcean Credits","spans":[]}],"blog_post_content":[{"type":"paragraph","text":"This post is an elaboration on changes to our terms of service regarding credit expiration. We want to explain what the changes are, provide insight into the thought process behind them, and clearly define what to expect regarding both your credits and future changes to our terms of service.","spans":[]},{"type":"paragraph","text":"We want to be open about our processes and where we made mistakes, and we encourage your comments below or via support emails.","spans":[{"start":111,"end":125,"type":"hyperlink","data":{"link_type":"Web","url":"https://cloud.digitalocean.com/support/tickets/new"}}]},{"type":"paragraph","text":"If you just want the TL;DR, check out our GitHub repo to review the changes to our Terms of Service, sections 5.8-5.14 about Credit Expiration.","spans":[{"start":42,"end":53,"type":"hyperlink","data":{"link_type":"Web","url":"https://github.com/digitalocean/tos/commit/f4bc18c545339b6b0c22959eaf43317e4e11e6ea"}},{"start":83,"end":99,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/legal/terms/"}}]},{"type":"heading2","text":"Why expire promotional credits?","spans":[]},{"type":"paragraph","text":"Since launching in 2012, DigitalOcean has granted over $30M in credit to our customers and community. With those credits, we fund open source projects, incentivize first-time customers to use our product, and reward those who refer friends to DigitalOcean.","spans":[]},{"type":"paragraph","text":"In late 2014, an audit revealed that we had millions of dollars in unused credit outstanding as liabilities on our balance sheet, as shown by the graph below.","spans":[]},{"type":"image","url":"https://images.prismic.io/www-static/268febd50959270cd62a640ab3a86df55bc86d17_graph.png?auto=compress,format","alt":"Unused credits","copyright":null,"dimensions":{"width":932,"height":611}},{"type":"paragraph","text":"Overall, credit expiration is necessary to decrease the liability on our balance sheet so that we can maintain healthy financials. As you'll read, it took over a year to realize we made these changes using the wrong process.","spans":[]},{"type":"heading2","text":"What happened?","spans":[]},{"type":"paragraph","text":"At the heart of all of this, we are a business that intends to be around for a very long time, so in March of 2015, we updated our Terms of Service to indicate that unused promotional credits would expire 12 months after being applied to an account. This notification was sent only via control panel notification.","spans":[{"start":131,"end":147,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/legal/terms/"}},{"start":286,"end":312,"type":"hyperlink","data":{"link_type":"Web","url":"https://cloud.digitalocean.com/notifications"}}]},{"type":"paragraph","text":"In early 2016, we started to write code to expire credit . When we looked at the current amount of outstanding credit, there was a large balance that wasn't covered in the 2015 terms update. We updated the terms again in March 2016 to include expiration for referral credits, but did not provide 12 months advanced notice to our customers. We also neglected to include all other types of credits that aren't promotional credits, such as SLA credits.","spans":[]},{"type":"paragraph","text":"On March 31st, we sent emails and control panel notifications to approximately 280,000 customers explaining that some or all of their account credit would be expiring on May 1st. This included all types of account credit over 12 months old. Through lots of customer feedback, we realized that this email came as a surprise, which we're truly sorry for. It was a mistake on our part to lump referral credit expiration and other credits into the May 1st expiration timeline because we had not provided adequate notice to our customers.","spans":[]},{"type":"heading2","text":"What was the feedback that we received?","spans":[]},{"type":"paragraph","text":"The feedback from roughly 650 customers and members of our community had a few themes, and the major point of contention was that we didn't provide enough notice. This can be articulated in a few ways. First, we need to make it more explicit in our product that credit can expire. Secondly, customers want more than 30 days notice. Lastly, we need to provide more clear updates to our terms of service.","spans":[]},{"type":"paragraph","text":"Internally, the sentiment from about 50 DigitalOcean employees closely mirrored what our customers were telling us. A few employees were concerned that we alienated some of our long-time supporters. In further discussions, we realized that our internal communication about this change wasn't as clear as it could have been, which certainly made us realize that our external communication must need more clarity, too. A member of our support team, Jon, summed it up neatly by remarking that we didn't do the wrong thing, but we did it in the wrong way.","spans":[]},{"type":"paragraph","text":"One thing was crystal clear: both our customers and our employees wanted us to be more explicit with changes to our terms and to take some immediate action to rectify the current situation. Cumulatively, all of the input set off about three weeks of work which we've outlined below.","spans":[]},{"type":"heading2","text":"What is the action plan?","spans":[]},{"type":"paragraph","text":"In the beginning of April, we created a Customer Advocacy Group whose overall mission is to make sure that we cultivate customer-focused decisions. This group is a permanent part of DigitalOcean, and its first task was to create an action plan for credit expiration based on the feedback we received balanced with our business goals. As a result of our group's work, we've implemented the following changes which we feel are a step in the right direction.","spans":[]},{"type":"paragraph","text":"First, we've updated our terms here, and put them into a GitHub repo so that you can see exactly what has changed. You can expect this for any future updates. Here are the highlights with respect to credit expiration:","spans":[{"start":13,"end":35,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/legal/terms/"}},{"start":55,"end":68,"type":"hyperlink","data":{"link_type":"Web","url":"https://github.com/digitalocean/tos"}}]},{"type":"o-list-item","text":"Promotional credit will expire 12 months after it has been issued or redeemed. This includes referral sign-up credit, promotion codes you've entered, or credit issued by DigitalOcean staff.","spans":[{"start":0,"end":18,"type":"strong"}]},{"type":"o-list-item","text":"Referral and SLA credit will now expire after 12 months of account inactivity, and no sooner than May 2017. This includes credits earned from referring customers to DigitalOcean and SLA credits.","spans":[{"start":0,"end":23,"type":"strong"}]},{"type":"paragraph","text":"Additionally, all credit redemption email notifications from now on will link to our terms about credit expiration so our policy is clear to future customers. Soon, we'll be able to expose the credit expiration date on your billing page as well.","spans":[]},{"type":"paragraph","text":"Secondly, we're emailing all of customers with much more detail about changes in our terms, which will be our process on all future changes. We're also providing a control panel notification with more detail and links to the GitHub repo. As time progresses, our aim is to provide more than 60 days notice for any expiring credits.","spans":[]},{"type":"paragraph","text":"Lastly, if you have credit that's expiring and you would like to utilize it, we highly encourage you to get in touch with our support team. We want to help with your development goals, and encourage you to provide details on how you're using DigitalOcean.","spans":[{"start":104,"end":138,"type":"hyperlink","data":{"link_type":"Web","url":"https://cloud.digitalocean.com/support/tickets/new"}}]},{"type":"paragraph","text":"by Zach Bouzan-Kaloustian, Director of Support,\n\nand the DigitalOcean Customer Advocacy Group","spans":[]}],"blog_post_date":"2016-04-25","tags":[{"tag1":{"tag":"News","_linkType":"Link.document","_meta":{"uid":"news"}}}],"_meta":{"uid":"details-on-expiring-digitalocean-credits"}}},{"node":{"author":{"_linkType":"Link.document","author_name":"DigitalOcean","author_image":{"dimensions":{"width":600,"height":600},"alt":"Sammy avatar","copyright":null,"url":"https://images.prismic.io/www-static/a10e3c2eb15b74ee43f872be3044313423b1c9a9_sammy_avatar.png?auto=compress,format"},"_meta":{"uid":"digitalocean"}},"blog_header_image":{"dimensions":{"width":784,"height":392},"alt":"Collage of images with servers in ocean and dolphins jumping in the middle with the logo CloudSound","copyright":null,"url":"https://images.prismic.io/www-static/85b48a0771e59a67aab0518518c87b8ec89fe409_hero.jpg?auto=compress,format"},"blog_headline":[{"type":"heading1","text":"Introducing CloudSound: The Music Your Server Makes","spans":[]}],"blog_post_content":[{"type":"paragraph","text":"If a server whirrs in a datacenter and no one is around to hear it, does it still make a sound? Yes, yes it does. And now you can confirm this with a simple click of your mouse.","spans":[]},{"type":"paragraph","text":"Today, we're introducing our new acoustic monitoring feature called CloudSound. CloudSound brings the ambient, meditative sounds of datacenters to the DO control panel. Users can now spin up Droplets to the calming hum of their servers running in the background.","spans":[{"start":68,"end":78,"type":"strong"}]},{"type":"image","url":"https://images.prismic.io/www-static/84c92bcfaf81a8501db71547a03faa3125e6c906_listen.png?auto=compress,format","alt":null,"copyright":null,"dimensions":{"width":1052,"height":486}},{"type":"paragraph","text":"We understand that the move from bare metal to the cloud can cause some anxiety. In the past, you knew your server was working because you could hear it working. Now? Only a deafening silence. With CloudSound, you're reassured that everything works with the steady, pleasant datacenter buzz of yesteryear...","spans":[{"start":145,"end":149,"type":"em"}]},{"type":"paragraph","text":"Is the sound of whirring servers through your headphones not enough? DigitalOcean is currently hiring people to work in our datacenters; experience CloudSound all the time!","spans":[{"start":69,"end":101,"type":"hyperlink","data":{"link_type":"Web","url":"https://www.digitalocean.com/company/careers/"}}]}],"blog_post_date":"2016-03-31","tags":[{"tag1":{"tag":"Community","_linkType":"Link.document","_meta":{"uid":"community"}}}],"_meta":{"uid":"introducing-cloudsound"}}}]}}}