MacStadium Knowledge Base

Networking

FAQs
Can I connect to a hosted Mac from behind my office firewall?

If need to create a private connection between your office and a hosted Mac or private cloud at MacStadium, we provide two types of firewall access.

We offer access to our managed, shared firewall for $50 per month. Engineers at MacStadium will consult with you or your IT experts to configure and maintain your subscriptions behind this firewall. Our managed, shared firewall solution is built on Cisco ASA hardware.

Our top-level solution is a dedicated firewall or pair of dedicated firewalls from the Cisco ASA 5500 series. This solution will initially be initially configured by our network engineers before being turned over to you to be self-managed by you or your IT staff. We’re happy to assist with future configuration if you’re unfamiliar with Cisco ASA solutions.

With the Cisco ASA platform, customers commonly configure solutions such as these:

  • Create a permanent VPN tunnel between corporate office Local Area Network and servers located at one of the three MacStadium datacenters.
  • Enable ports for remote access to allow remote users to VPN into their MacStadium servers.
  • Establish extensive firewall policies, protecting and securing their servers from the internet as needed. This is often preferred over software firewall policies which are placed directly on the servers. Managing a firewall at the network level in front of your hardware is easier to configure and troubleshoot when multiple servers are involved or when many locations are being connected.

Some of these solutions are only available with the dedicated hardware option. Our sales engineering team can further explain your options.

Can we securely connect to our MacStadium servers by whitelisting the public IP addresses?

Do you need secure remote (SSH, SFTP, etc.) access to or from your MacStadium servers to machines at a third party provider like Amazon Web Services, Google Cloud Platform, or Microsoft Azure?

Your public IP addresses are yours to use and are not shared. Once assigned to a subscription or account, they are not used for any other purpose. You’re free to whitelist those IP’s on your remote AWS, GCP, or Azure servers for remote access to your MacStadium dedicated servers and/or virtual machines.

Does MacStadium provide DNS services?

We offer complimentary DNS domain hosting for your Mac via a web interface known as ‘ISPConfig’. With this interface, you can setup DNS zones and create/edit zone records.

MacStadium engineering can setup a reverse DNS PTR record for your machine at no cost. This is essential if you are hosting a Mail server or something similar with your Mac.

Please open a support ticket for DNS record change requests.

You can also find more information about DNS zone maintenance here.

How can I enable file sharing between multiple dedicated servers?

We can either place your dedicated servers in a PVLAN community where your IP addresses would not change or setup a dedicated VLAN with a new, dedicated subnet. The PVLAN option is free. With the dedicated VLAN you would have to pay per month for the size subnet you desired.

You can open a support ticket to have either option configured.

How fast is the internet connection?

Regardless of the MacStadium hosting plan you subscribe to, every Mac subscription includes a dedicated ethernet port with either 100Mbps on the Pro Plan or 1000Mbps (1 Gigabit) on the Elite Plan. We do not cap, throttle, or restrict your utilization and both plans take advantage of symmetric connections. Read more about connection speed.

How is bandwidth usage calculated?

For dedicated servers, we provide complimentary real-time and historical network usage graphs at the port and network edge in your customer dashboard. Usage is calculated hourly, daily, weekly, and monthly for you to monitor in real time.

If you are on a bulk plan with many servers under a single invoice, we can not guarantee access to the network usage graphs.

Customers with private cloud environments will not have access to the network usage graphs in their customer dashboards. Instead, we will provide complimentary access through Logic Monitor to track usage on all available resources in your environment.

How secure is the connection to servers at MacStadium?

MacStadium’s engineering team has spared no expense in providing a variety of standard and optional, premium security measures. Read more about our firewall options and our security practices.

Is network traffic throttled?

We do not throttle or groom network traffic in any way. Whether your servers are on the Pro or Elite hosting plan, you’ll get full 100Mbps or 1000Mbps, respectively, upstream and downstream.

All connections are also by default wide open. We do not block any ports on servers at the time of configuration.

What is a PVLAN/VLAN? Can I have one configured for multiple data centers?

As a best practice and for network stability, it is recommended to limit layer 2 size to a single geographical location. A PVLAN or VLAN is a layer 2 configuration. Layer 2 does not and can not extend between data centers.

When customers are in different data centers they should be able to inherently communicate between each other like any two servers on the internet. Public internet connected servers will not be able to see each other as if they are on the same LAN segment.

What web service can I use to check the speed of my server?

We recommend using beta.speedtest.net. It’s an HTML5 version of the popular speed test tool by Ookla.

We’vealso tested other services like speedof.me in our data centers and have seen issues with accuracy and consistency based on the tool as well as the internet browser used (e.g. Safari vs. Chrome).

We have also written about speed tests in the past. In our blog, you can review our Hosting Elite Gigabit Speed Test and Hosting Pro 100Mbps Speed Test benchmark videos.

Why can't my servers talk to each other?

If you have multiple servers at a single MacStadium data center and wish for them to "see" each other without touching the public internet, a Private VLAN (PVLAN) or Virtual LAN (VLAN) can be created to enable this. Open a support ticket and our engineering team will explain the options based on your current account and subscriptions.

By default, dedicated and colocated servers are not able to communicate or “see” each other on the layer 2 network within a single MacStadium data center. This is to isolate  customers from one another and facilitate security.

Why do I get DNS resolution errors on my NAS?

If you’ve added a NAS subscription to your account, you may get errors that look like this:

“The system has detected that your DNS server cannot resolve host, and some applications might not work properly. Please go to “Control Panel > Network > TCP/IP” and check if the DNS server and default gateway is correct. You may contact your ISP (Internet service provider) for the DNS server information.”

There’s no need to panic as you can safely ignore this error. This is happening because in its current configuration, the NAS is not exposed to an outside internet connection. You can set this error to not alert in your NAS settings.

Why do I have recurring issues connecting to my colocated server running an older version of OS X?

There is a network issue related to ARP in OS X which causes significant packet loss in redundant Cisco Networks. If you are running OS X 10.9 or 10.10 on a Mac mini colocated with us, this issue needs to be patched in the OS X networking stack. You can find a tool in your customer dashboard  that allows you to check the status of and apply the patch at any time.

Click here for a step-by-step tutorial.

Why is there a unique hostname on the IP address for my subscription based server?

If you receive a server with an IP address that has an existing hostname, please get in touch with us via a support ticket to have it removed or if necessary replaced.

PTR records are a complimentary, manual service we offer to customers. Individual IP addresses are re-used and assigned randomly at MacStadium. If you are a new customer and the IP address for a server you’ve subscribed to has a hostname on it, then the previous user of that IP address may have manually requested a PTR record added to that IP address. This is rare, but still a possibility.