CloudLinux improves the stability of a server by limiting each client in an isolated, secure environment called a Lightweight Virtual Environment (LVE), a kernel technology developed by CloudLinux.
In shared hosting, the most common reason for downtime is a single account slowing down other accounts on the server. If one customer is using an unfair amount of resources (e.g. due to being under a DDoS attack, poorly written script, etc.), the server would become slow or go down completely, affecting all other customers on the server.
With CloudLinux, we are able to isolate the impact to the offending tenant only, while all other sites remain unaffected. CloudLinux improves the general stability and performance of the server by imposing limits on the number of resources that can be consumed by a single user.
What happens when an account reaches its resource limits?
This depends on the type of ‘resource’ you are hitting.
For example, if you are hitting CPU, or IO then the site will begin to slow down (or, will be ‘throttled’). However, if you are hitting ‘Entry Processes’ (EP) or ‘Memory’ (PMEM) limits then the site will display a ‘503 Error’.
The account consuming too many resources will temporarily stop working until their resource usage returns to normal. Meanwhile, the other tenants on the server will continue to run normally.
When an account hits the ‘LVE Limits’ for a particular resource, we record something we call a ‘fault’, along with a ‘snapshot’ which allow us to diagnose why those limits are being hit. These are explained below…
LVE ‘Faults’
An LVE ‘Fault’ is a recording of the ‘resource type’ being hit, along with the time / date / username
LVE ‘Snapshots’
When an LVE fault occurs, a snapshot is recorded. A snapshot is a list of processes running at the time of the LVE fault being hit, allowing users to further investigate the reason an account is hitting those resource limits.
Several snapshots can be generated for a particular ‘fault’ or incident.
Limits are put in place to protect against abusers and bad scripts, and not restrict normal usage of an account. We have set very generous limits for our hosting plans, and thus customers’ will not see a degrade in performance, but rather see the reliability and stability of their server improve over time.
CageFS
CloudLinux includes CageFS – a virtualized per-user file system that uniquely isolating each customer’s files and running processes, preventing users from seeing each other and potentially exploiting sensitive information. CageFS offers complete isolation and prevents a large number of attacks, such as privilege escalation and information disclosure attacks.
How to monitor resource usage
At any time you can see how much server resources your account is consuming. Simply log into cPanel and look at the resource usage stats on the right-hand side.
Resource usage is calculated relative to the limits applied to your account only, and not the entire server.
For example, if your account allows 2 CPU Cores and 2048 MB RAM:
- A CPU usage of 50% would mean that your account is currently maxing out 1 CPU Core.
- Memory usage of 50% would mean that your account is using 1024 MB RAM.