Why we moved our company to Pterodactyl and what it has meant for business.

in panel, guestpost, hosting, analysis

Who, what, where, when?

My name is Jack Jenkins, but you may know me by my alias drizzy.vip, and I run Crident. In May we will be turning three.

Until October of 2017 we used TCAdmin exclusively on about 20 machines at peak as our core server game panel. I hated every day of it, as I would inevitably wake up to a list of TCAdmin-related issues from angry customers — issues that we had little control over. Going into the impacted machines and updating/restarting the monitors until they started finally working again was tedious. Copying vague errors en-masse to the one-man TCAdmin support team for a — granted, quick — solution was part of a daily routine. This daily occurence lead to some days where I simply walked away and went back to bed. TCAdmin wasted more hours of my life than YouTube.

After we switched to Pterodactyl — and made customizations, thus dubbing it DinoPanel — I expected at least a fair amount of issues, especially while first rolling the panel out. When I try to think about explaining this period of our company, it's hard to put into words the genuine changes Pterodactyl had on the people which naturally form the company. Better yet, the issues I expected to occur? They never happened.

Pterodactyl vs TCAdmin

People often ask for comparisons between TCAdmin and Pterodactyl, so this is here to hopefully put the nail in the coffin. Pterodactyl is in a totally different league to TCAdmin — allow me to explain:

Design

Design is a compound point, highlighting both the visual design and under-the-hood design choices. At the login page you can tell Pterodactyl has put thought into every detail — from the smart, intuitive and sleek re-capacha integration, all the way through to the simple password reset process.

Separation of the administrative & user control areas allows for a more user-centric design and an overall better end-user expierence. This design also enables additional security measures that can applied to the admin area without impacting the user expierence. Under the hood things really step up a notch — taking full advantage of leading technologies and frameworks — such as PHP7 & Laravel — for the control panel. The Daemon is built on Node with plans to be replaced down the road by a Golang based version. To contrast, TCAdmin is mostly built on ASP.NET.

TCAdmin does have a Linux version of their software which is essentially just using mono to provide the Windows dependencies. Their Linux version is significantly slower than the Windows version and they acknowledge that it is also much more unstable. It's so bad that they've added options into their mono configuration to reboot the software after a predefined amount of requests or errors. This is a real option in their configuration because they know how incredibly unstable and slow their software is on Linux — especially as traffic and use grows.

Moving on, Pterodactyl uses Docker to manage game services and perform isolated resource allocation. Docker is a fast and well supported virtualization technology, intrinsically making it a perfect choice for a game panel such as Pterodactyl. TCAdmin has made no attempt at sandboxing by default which leads perfectly into my second point of discussion: security.

Security

Security would be the single area that Pterodactyl takes the most obvious lead. By utilizing Docker containers for each service, servers can be isolated from not only eachother but the entire parent system — thus preventing the machine being broken into through methods that haunt systems such as TCAdmin.

The issue with TCAdmin's security is not that it's bad. The issue is that it's not there. There is no safe-guard in place for the kinds of attacks discussed above on TCAdmin. TCAdmin also appears to encourage emailing users their passwords by default, especially through their official WHMCS module. We're in 2018, stop emailing passwords to users. TCAdmin only recently added the option to salt users passwords, which to my knowledge is still off by default.

In support tickets TCAdmin frequently request SSH/RDP login but provide no way to give them this information securely. It is just posted in a ticket stored in plain text. Unless specifically requested, there is no redaction of this information from tickets after problems are resolved.

Performance

Performance being one of the harder ones to gauge, I'll try to keep brief. We had TCAdmin running on a seriously overkill dedicated web server — alone because I didn't trust it — and it only grew slower as our numbers increased. I got into the habit of opening all the pages I thought I would need in advance, knowing that they'll otherwise hold me up by upward of ten seconds while I wait for actions to complete. TCAdmin is built on ASP.NET and is dependent on a Windows IIS web server. The Linux version appears to act like an IIS server, and while I'm unsure exactly how it works it still becomes very unstable and slow. Eventually TCAdmin support convinced us to move our setup onto an expensive VPS which they would effectively manage for us. I think they realized the volume of issues we were having was causing an impact on our business and this was an attempt to get us running our panel on Windows — which they assured me was much more stable.

Pterodactyl is as lightning fast as you would expect from any modern web application. It ultimately comes down to your database and web-server speed. This isn't to say you need a high performance VPS or Dedicated Server to run Pterodactyl though — because it's also very lightweight. Installing Pterodactyl with a local database on any moderate VPS will provide unmatched speeds when compared to TCAdmin. Obviously, the distance to remote servers will always be an issue that software alone cannot fix, but Pterodactyl's design has done a pretty good job of it. Using websockets for certain tasks allows users to receive information directly from the machine running their game server rather than the Panel having to act as a middleman. This in turn reduces the load on your web-server feeding back into good design choices mentioned above.

Opensource

Opensource software has advantages and disadvantages when compared to closed source software. Some argue that opensource software is fundimentally less secure: your codebase is exposed and malicious individuals can hunt for security issues more easily than on closed source platforms. On the other hand, opensource software allows anyone to identify and report security issues. Pterodactyl has had multiple security issues ranging in level of severity reported by users, and all have been promptly addressed and disclosed.

Opensource does however come with the risk of abandonment. The project owners don't need their projects — and they're not dependent on them in some cases. If you deploy opensource software in a capacity that you'll need maintained it's important to consider if you'll be able to maintain it should the project become inactive.

In Conclusion

Today we're running nearly 35 dedicated machines on Pterodactyl, with hundreds of active game servers. I'm not sure we would be able to do that on TCAdmin. We're also able to do all of this with a significantly reduced monthly expenditure due to the opensource nature of Pterodactyl. I want to take a minute to appreciate the time Dane has put into this project: one of the developers behind the scenes and the founder of Pterodactyl.

Comments