Handy Ops Tools (2020 Edition)

I've been working in Operations for about 10 years now. In that time I've worked in big corporate, small business, and all sizes of Government, and I've come across a lot of tools. I thought I'd share some of the tools I use on a daily basis that are free and do their jobs excellently.

Handy Ops Tools (2020 Edition)

Web Servers

SSL Certificates: Let's Encrypt

Free SSL certificates? Yes please! If you want a free SSL certificate for your website, I'd recommend using Let's Encrypt. If you're on Kubernetes, use Jetstack's Cert Mananger or if you're on a server, use EFF's CertBot. If you're having issues using Let's Encrypt, try Let's Debug.

SSL Testing: SSL Lab's SSL Test

I LOVE SSL. If you've read my article on TLS (which I'd recommend), you'd see that it's something I'm passionate about. The folks over at SSL Labs have done a GREAT job of providing a tool that will compare your TLS settings against a set of baselines and give you an A to E grade based on the outcome. They test supported TLS versions, Ciphers, vulnerabilities, and heaps of other things. I check every site I set up with SSL Labs so I can be sure it's as hardened as possible. This is my favourite tool on the list to use (Let's Encrypt would be, but I don't "use" it enough - they make it too easy to get certificates).

CDN: Cloudflare

Cloudflare are probably the most well-known CDN available. They provide a quality service and protect some of the largest websites in the world. That's why you should use Cloudflare: they know what they're doing and they're product is CDN, they do it well. They also provide a free plan that is very generous and will suit the needs of almost all small-to-medium users.

Mail

Provider: ProtonMail

I use ProtonMail for two reasons: they're privacy focused and secure. They do a great job of protecting customers and their communications. In most of my Ops roles, I've needed to communicate secure information with people. ProtonMail does the best job of providing a secure method for communication. You can get a 250 MB mailbox for free with a @protonmail.com/ch email address that includes all of the security features they're known for.

Forwarding: ImprovMX

A lot of companies have multiple domains. If you have addon domains that you want to maintain a mail presence for, but don't want to manage as part of your normal email administration, ImprovMX is for you. You set up your DNS records to point to ImprovMX's servers and your emails will be sent to the email address you specify. ImprovMX provide a great free tier, but you need to expose a public email address on your DNS (I'd suggest only using this for public-facing mailboxes).

I am a big nerd when it comes to configuring DNS. DMARCAnalyzer provides three tools for troubleshooting your mail-based DNS settings. They have tools for checking your SPFDKIM, and DMARC records. I've used this multiple times to troubleshoot SPF and DMARC records. It's a great service.

DNS

Provider: 1.1.1.1

Unlike most other Tech companies, Cloudflare doesn't have an advertising sales department. They have made a solid promise to provide secure DNS services, and have done a great job with 1.1.1.1. They have the traditional provider available, but also have a set of apps to configure your phone to work with their service. They make secure DNS easy. I'd recommend anyone using Google DNS move to 1.1.1.1, because you just can't trust an advertising company with data about your browsing habits.

Propagation Checker: DNS Checker

If you need to check whether your DNS changes have propagated, head here. This tool connects to multiple DNS servers around the globe and reports the current value of records.

DNS Cache Clearers: 1.1.1.1 and Google DNS

If you deploy new DNS records and want them to propagate quickly, you can head to both the tools for Cloudflare's 1.1.1.1 and Google's DNS service and purge their caches. You just need to enter your website's domain name and the record type, and these services will refresh their records across their networks.

Logging

Uptime Monitoring: Uptime Robot

If you love getting woken up in the middle of the night by emails indicating your site is down, Uptime Robot is great. They provide all of the standard features of uptime monitoring, with a generous free plans. They also provide a hosted status page service. It's a lot better than other competitors, while providing way better value for money. If you choose to pay for Uptime Robot, their plans are cheap and are great value for money.

Logging and Metrics: Stackdriver

Google's Stackdriver is fantastic. It has a great interface for logs and metrics, provides an incident response interface, and just works. It is far superior to most other cloud-provider logging offerings, and is much cheaper than most premium logging solutions. I would recommend Stackdriver to anyone with a small-to-medium project because it has so much functionality and is so cheap.

Automation

Workflow Automation: Zapier

Zapier is really expensive, and if you want to automate a lot of things I'd definitely recommend going with one of the multitude of serverless solutions out there and rolling your own. However, if your use falls within the 100 executions/month in the free plan, Zapier has a lot of great integrations with services and is easy to use. You can link it up to almost any system and get going immediately with very low touch. They have a lot of example "zaps", and they provide a lot of tools for how to extend and configure your own.

VPN

Managed: ProtonVPN

ProtonVPN does something that most other VPN companies do: they're open. Most VPN companies are very shady and cagey about their data access and logging practices. They make bold claims about their services without provide any real substantive evidence. However, ProtonVPN goes against the crowd: not only have they had their service audited by the likes of Mozilla, they have also open-sourced all of their apps, so you can see how their service works. If you want a VPN, there is no decision to make - just use ProtonVPN.

Roll-Your-Own: Outline

If you're in a super sensitive environment, you still might not trust a company to manage your VPN service. If this is the case, I'd highly recommend Outline, which is a VPN product that has been developed by Jigsaw, Alphabet's emerging threats research subsidiary. Outline provides a simple-to-use interface that connects to your choice of cloud provider and automatically builds a secure VPN server. Once the server is ready, a set of credentials are provided which you can distribute to users. That's it, it's really that easy.

Databases

PostgreSQL Configuration: PostgresqlCO.NF

If you need to know anything about any PostgreSQL configuration option, checkout the team at PostgresqlCO.NF. They have a full list of every parameter available for PostgreSQL, details of it, what it should generally be, and a list of related articles. It's great!