Cloud Best Practices
Optimize your performance, secure your data and reduce your costs with recommendations from the CLOUDSTORE.AFRICA team.
Cloud Architecture
Right-sizing
Start with a modest configuration and scale up based on your actual needs. An oversized VPS wastes resources; undersized, it becomes a bottleneck.
Service separation
Isolate your services on dedicated VPS: web server, database, cache. This architecture facilitates scaling and maintenance.
Choose the right location
Host your data closest to your end users. Reduce latency and comply with local legal requirements (data sovereignty).
Containerization
Use Docker to isolate your applications, facilitate deployments and ensure environment reproducibility.
Horizontal scalability
Design your applications to add multiple instances rather than endlessly growing a single server. Use a load balancer to distribute traffic.
Infrastructure as Code
Document and automate your infrastructure with tools like Ansible, Terraform or shell scripts. This facilitates reconstruction in case of incident.
Performance
Web Optimization
- Enable Gzip/Brotli compression on your web server (Nginx/Apache).
- Configure HTTP caching with appropriate Cache-Control headers.
- Use a CDN for static assets (images, CSS, JS).
- Optimize your images: compress them and use modern formats (WebP, AVIF).
- Minify CSS, JavaScript and HTML in production.
Database Optimization
- Properly index your tables by analyzing slow queries (SLOW QUERY LOG).
- Use a query cache (Redis, Memcached) for frequently accessed data.
- Perform regular optimizations (OPTIMIZE TABLE, ANALYZE TABLE).
- Configure the InnoDB pool (innodb_buffer_pool_size) to 70-80% of available RAM.
- Avoid SELECT * queries; only select necessary columns.
Server Optimization
- Adjust PHP-FPM worker count based on your actual load.
- Enable OPcache for PHP (speeds up PHP execution by 3 to 5 times).
- Monitor available memory and adjust limits as needed.
- Use SSD NVMe disks (available on all CLOUDSTORE.AFRICA VPS).
Security
Strong authentication
CRITICALUse unique and complex passwords for each service. Enable two-factor authentication (2FA) wherever possible.
Active firewall
CRITICALOnly expose strictly necessary ports to the Internet. Any unused port must be closed. Use UFW or iptables.
HTTPS everywhere
Enable HTTPS on all your sites and applications. Let's Encrypt certificates are free and install in minutes.
Principle of least privilege
Each service and user should only have access to resources strictly necessary for their operation. Avoid shared accounts.
Regular security audits
Perform periodic vulnerability scans with Lynis, OpenVAS or Nmap. Fix identified vulnerabilities promptly.
Security alerts
Subscribe to security bulletins (CVE, CERT, vendors). Act quickly when critical vulnerabilities are discovered.
Storage & Data Management
3-2-1 Backup Policy
3 copies of your data, on 2 different media, including 1 off-site. Backups must be automated and tested regularly.
Data Organization
Structure your data logically and document it. Differentiate temporary data, application data and critical data.
Compression and Archiving
Compress rarely accessed data. Archive old logs. Delete temporary and orphan files regularly.
Sensitive Data Encryption
Encrypt personal and confidential data at rest. Use LUKS for partitions or GPG for sensitive files.
| Data type | Recommended frequency | Retention | Priority |
|---|---|---|---|
| Production databases | Daily (or hourly) | 30 days minimum | CRITIQUE |
| Application files | Daily | 15 days | HAUTE |
| System configurations | On each change | All versions | MOYENNE |
| Application logs | Weekly | 90 days | NORMALE |
| Static data (media) | Weekly | 3 months | NORMALE |
Cost Optimization
Monitor actual usage
Regularly analyze your consumption metrics (CPU, RAM, bandwidth). A VPS at 5% load can be replaced with a lower tier.
Remove unused resources
Delete obsolete snapshots, unattached volumes, and expired services. Dormant resources generate unnecessary costs.
Annual subscription
Opt for annual subscriptions when you are certain of your needs. They generally offer a significant discount compared to monthly.
Use resources efficiently
Schedule resource-intensive tasks (backups, batch processing) outside peak hours. Optimize SQL queries to reduce CPU load.
Service Continuity
Zero-downtime deployments
- Always test updates in a pre-production environment before deploying to production.
- Use Blue-Green or Canary deployment strategies for critical applications.
- Create a VPS snapshot before any major modification.
- Maintain a documented and tested runbook.
Disaster Recovery Plan (DRP)
- Define your RPO (Recovery Point Objective): how much data can you afford to lose?
- Define your RTO (Recovery Time Objective): how long can you afford to be offline?
- Document and test your restoration procedure at least once per quarter.
- Consider real-time replication to a secondary site for critical services.
Crisis Communication
- Prepare a maintenance page with a clear message for your users.
- Define a communication channel in advance for incidents (email, SMS, social media).
- Document your incidents and resolutions to continuously improve your infrastructure.
Support & Communication
Document your infrastructure
Maintain an up-to-date inventory of your resources: VPS, domains, SSL certificates, expiration dates and critical configurations.
Open detailed tickets
When contacting support, provide: server IP, error logs, actions taken before the incident, and exact error messages.
Enable notifications
Enable email alerts in your dashboard to be notified of renewals, planned maintenance and security alerts.
Check the documentation
Our knowledge base (Blog) contains tutorials and practical guides. Check it before opening a support ticket.
Need personalized support?
Our team of experts is available to help you optimize your cloud infrastructure in Africa.