My Network of Servers
I used to advertise my network of servers here to persuade people to pay for hosting. I still maintain a number but not for commercial reasons anymore but mostly because I have gotten used to having access to them.
These are located in the UK, Germany and the US, with most of the traffic going to the ones in Germany and a backup one in New York called Queeg while everything is replicated in the UK. I also used to have Shodan and Xerxes in Texas when I did more hosting. I use Hetzner for hosting in Europe and Goscomb Technologies for hosting in the UK.
I also use them as a networking testbed; site-to-site VPN's run between distant systems, BGP keeps the whole thing routing and the entire setup is like a giant real-world lab only with higher uptime. There is also a full deployment of IPv6 in place across all sites. Hurricane Electric, Hetzner and Goscomb provide the upstream for my IPv6.
My network consists of three seperate locations with hyper-v hosts as a cluster, running a series of virtualised systems. My firewalls/routers are physical devices from Mikrotik.
- Delta2.nullify.net (Hyper-V) - Germany
- Theta.nullify.net (Hyper-V) - UK
- Chi.nullify.net (Hyper-V) - UK
- Omicron.nullify.net (Hyper-V)
- And the vm's (most used to be physical but I am consolidating):-
- Alpha.nullify.net (Web server) - Germany
- Epsilon.nullify.net (Directory services) - Germany
- Lambda.nullify.net (RDP and ScreenConnect server) - UK
- Tau.nullify.net (Communications/e-mail) - UK
- Beta.nullify.net (Communications/e-mail/xmpp/teamspeak) - Germany
- Kappa.nullify.net (SQL) - UK
- Iota.nullify.net (SQL) - Germany
- Ceto.nullify.net (Kubernetes) - UK
- Cronus.nullify.net (Kubernetes) - Germany
- (Plus some random VDI's that aren't worth naming)
Backup DNS for my domains is provided by Hurricane Electric and Gandi.
I use MS SQL Server replication to provide complete redundancy which takes the pressure off if anything does go wrong! There's a maximum of about a minutes delay before the replicas are in sync and you can update from any location which is very helpful.
The X509 certificate authority used to sign all private SSL certificates and IPSEC connections in use on this network is here for you to install as a trusted root if you need to use encrypted services.
Using a NullifyNetwork Smartcard/Cryptomate key
(I used to send these to people I hosted, now I don't - the number of people hosted here is very small at this point.)
If you have an SSH/SFTP, Remote Desktop or VPN account then you will possibly also have been given an ACS ACOS5 cryptographic smartcard in USB form factor, full size or a sim card. If you need to, you can download the ACOS5 PKCS#11 Libraries and the CryptoAPI middleware DLL's (this file includes the drivers for the Cryptomate keys inbuilt reader but not the admin tools).
This card cannot be duplicated and if you lose it you should notify me personally so I can immediately revoke your certificate(s). If you have stored other certificates on the same card you may need to contact other providers too.