VPS Hosting & General Questions

Hello, I am attempting to choose from the litany of VPS providers and plans for my use case. I also have a few questions regarding deployment on a VPS and utilization of the SDK. To provide brief context, I run several services on my home server (game servers, websites, Jellyfin, etc.) that I plan to expose to upwards to ~20 users, although its doubtful that all users would be concurrently accessing services at any point in time. I have experimented with OpenZiti locally, but have not yet utilized external access via a tunneler.

Question 1:

Hardware and network requirements do not seem to be laid out in documentation, although I found this helpful discussion here. I wish I could test the load of my services / users, but this is hard to do without having a VPS in place. Is anyone here in a similar boat to me that has advice on a VPS option that worked for them? I could always start small and scale up, but I’d love to pick and stick with something that just works and isn’t overkill!

Question 2:

An additional question that I have regarding VPS deployment is seperation of the controller and router. Is “best practice” keeping the controller on one VM instance, and the router on another? This seems to be the case in the deployment guides for public cloud. Is it okay to have them on the same VM, would this pose any issue?

Question 3:

Additionally, I wanted to better comprehend the data flow as described here. As I understand it, when a client with a tunneler establishes a connection to my public edge router on the VPS, the controller (also on the VPS) connects my private router on the home server to the public router. Hence, the user may access the service on my lab. Does traffic then rely on the bandwidth and throughput of the public router? If so, should the VM hosting the public router be more powerful in regards to computing power and networking capabilities?

Question 4:

I would like to utilize the SDK to create a splash page for my home server, revealing the services available to the connecting identity. I have not looked into SDK deeply, but this would likely utilize ziti-sdk-browser. Is this functionality within the scope of the SDK? I am assuming I’d have to query the controller to identify the services available to the user. I can definitely figure out how to do this myself, I just wanted to know if this is even possible before investing the time to do so.

Thank you so much for your time!

[EDIT] I have attempted to use Oracle’s Always Free Tier, but my region is out of hosts. I would rather pay for a VPS than wait for Oracle.

Hi @B3ntCable, welcome to the community and to OpenZiti!

It is really quite hard to know to be honest. Every provider is different so it's not really easy. From your post, ~20 users I would expect a small 2cpu with a modest 8g of ram vps to be just fine. OpenZiti is largely CPU dependant, but 20 concurrent users shouldn't be taxing at all.

This is a 'taste' question. MY personal recommendation is "deploy controller and router on one machine until you KNOW you need more scale". Then move the router as needed. Having a router on the controller allows you to do neat stuff like using OpenZiti to ssh to the machine or defining a service to protect the controllers management api, stuff like that. I think having a tunneler of some kind (a router with tunneling enabled) is the way to go. BUT, when NetFoundry deploys controllers, that's not how we do it because we're deploying a service for paying customers. We have different needs. My personal overlays always have a router adjacent to the controller - 1 vps.

Generally, yes. This is often the case with OpenZiti at this time and it's one of the reasons NATs are never an issue for us at all. At this time our recommendations for 'private' routers is that the home/private network space have the firewall entirely closed. You could choose to open the firewall and have people connect to the router directly in that private address space if you want, but that requires firewall rules and maybe IP rules and it's just not quite as easy to maintain. So generally, yes all traffic is rendezvoused through the "public" router. Kinda answered the question about power before, but for 20 users I really doubt the CPU would struggle horribly.

Neat! You could do that, but to be honest that's what the tunneler clients kinda do already. I'm not sure it's something I would do? As for the ziti-sdk-browser I think that's getting developed a fair bit lately and I'm not up to speed on where it's at really. Have you seen a tunneler? Here's a windows example, in case it helps?

image402×552 18 KB

Hopefully that answers your questions, have fun!

Clint,

I really appreciate your response! Thank you so much for getting back to me.

I will try out the specs you estimated and will adjust according to use. Like you said, its hard to pinpoint exactly what I'd need, but I definitely think I will use a controller / router on a single VPS for now.

The example of the tunneler was very helpful, as I had not used one yet. It would be rather redundant to create a webpage then, haha! Still would love to experiment with the SDK, so I am sure I will find a better use case.

Thanks again,

Caleb

A quick follow-up for anyone browsing the discourse in the future:

If you are like me, with just a few users, I’d recommend Oracle’s Always-Free tier offerings. The trick is to change your account to Pay-As-You-Go (which does require a card authorization), but by doing so, you gain priority in creating Always-Free instances.