When I was a kid, I had this friend. Actually, friend is probably too strong a word, he was a kid I had to hang out with sometimes because our mothers worked together.
Anyway, this kid’s father had this obsession with the price of gas. Granted, it was the seventies and everyone was a little obsessed. Invariably, when I was riding with them to go somewhere, this dad would always need to fill up. And he would drive us all over town looking to save even a penny on a gallon of gas. He just couldn’t bring himself to consider paying that extra cent, even if it meant he’d waste less time, gas and effort just filling up closer to home. He’d also buy gas from the sketchiest stations and then counteract the filthy, watered-down swill with a slug of this incredibly expensive fuel additive, thus further obliviating any sort of cost savings. This was my first lesson in the ugly side of extreme price sensitivity, irrational purchasing behavior and, of course, the fallibility of adults. Hard but necessary lessons for a ten year-old.
We all know that guy. And sometimes, we are that guy. Paying $100/month for a minimally viable web host seems absurd when there are ads everywhere touting $4.99 web hosting with unlimited email, support and a free toaster. But as with all things, you get what you pay for.
I could tell you hosting horror stories that would have you sprinting to the closest chapter of Luddites United. But I’m not, I’m just going to give you several quick tips and things to consider when choosing a web host. Please bear in mind that this list should be considered for general purpose hosting. E-commerce, financial, HIPAA, back-office interfacing and other specialized features have a whole other set of considerations, I’ll cover some of them in a later blog post.
By way of framing this post, this information is aimed at medium to larger-sized companies. Mom and Pop shops, small independent retailers, sole proprietorships, tradespeople, etc. can probably get away with less. But if you’re over $5MM in annual revenue, you should take your web hosting seriously.
What is it worth to you?
You need to ask yourself in specific terms what is the actual value of good solid hosting. What’s it worth to my company’s reputation to have a site that’s always up, fast and available? What’s the impact if we get hacked or are knocked offline by a DDOS attack? What’s the value in having a host that’s proactive in monitoring my site, letting me know when things are awry and helping out when problems occur? You’ll find that the value of these items adds up quickly.
Now for some specifics.
Can you use virtual servers?
We’re firmly in the virtual server camp and have been for years. We run virtualized servers in the office and all of our production servers are virtual as well. Having virtual servers gives the host and you a great deal of flexibility in scaling resources up and down, moving servers, effective point-in-time backups or snapshots and reliable performance. Some might think that it’s just another type of shared hosting and you’re subject to the same pitfalls. But it’s very different animals between virtual servers and the shared hosting of yesterday. Virtual Private Servers, or VPSs are just that, private. A breach of one private server is highly unlikely to give the hacker access to another VPS, even if it’s running on the same host. The operating systems that run these large virtual server farms were built from the ground-up for protection and stability.
Some might question VPS performance, thinking that physical servers or actual dedicated hardware will give you the most bang for your buck. The reality is that these hosts that run the VPSs are many times more powerful than any physical server that you could afford and the systems can be configured to allow your VPS to access a substantial portion of that power. This, coupled with the redundancy and scalability that virtual servers offer, make VPSs the clear winner over physical servers.
Do you need a dedicated server?
Generally, if you are considering a virtual server, you’ll get the whole thing. You’ll get root access to install whatever software you’d like (subject to the host’s usage guidelines). However, there are occasions where you might just want to host your site in a shared environment. For us, sites with low traffic, low complexity and low risk if breached are the only candidates for this type of hosting. But you can save some money, effort and headaches if you fall into this group.
For the most part, however, you should consider your own dedicated VPS.
Do you need managed service?
Once you have your own server, it’s going to need care and feeding beyond 110 volts and cool, dark shelf on which to sit. All modern operating systems, by which I mean *nix (Linux and other variations) and Windows, need regular patching. We patch all of our servers at least weekly and more often when advised by the various security bulletins to which we subscribe. It’s not difficult work but you need to have a skilled resource in place to handle this regular task.
For an additional fee, some hosting companies will handle this for you and it’s a worthwhile add-on to consider. It’s usually called managed service and the levels of service vary. At the very least you’ll want a company that will handle all routine and out-of-band patching. Again, consider your resources and what this is worth to you to not have to worry about it.
What other features would be helpful?
In addition to basic hosting, here are a few services that we find ourselves using over and over again. You can find these services offered by many specialty vendors but having them all in one place with the hosting company usually makes it a lot easier to setup and manage.
On-demand Scalable Servers
Make sure that you can scale your server up and down yourself as needed. It’s usually better to have access to this feature directly than relying on the hosting company to turn it up and down for you. When you need a feature like this, you really need it and every minute is critical. You also don't want to have to sign any new agreements or paperwork for these changes. You just want to fiddle with the dials and get billed accordingly.
Most systems require you to reboot your server but make sure you understand how long this process can take. Sometimes your server can be down for an extended period while the upgrade it happening. It’s always best to plan ahead on things like this.
Many hosts offer 24/7/365 site and server monitoring. Take them up on this and look for options to add notifications to emails, SMS and other communication routes. There’s nothing worse than a customer casually mentioning that they couldn’t get into your website last night or that Google is blasting a big red warning every time they tried to open your site up. At the very least, you need to know about problems before your customers do.
Content Delivery Network or CDN
CDNs allow you to serve up a lot of content very quickly to a lot of users. They’re independent of your server and are usually made up of hundreds or even thousands of servers scattered around the globe. Your site needs to be configured properly to us it but CDNs can be an invaluable tool for taking the load off of your server. We use them when we’re serving up video or other large digital assets, files that would cripple the server if we allowed them to be delivered straight from the box. We usually only leverage them when we need them but you should consider your own traffic needs; it might warrant making them a permanent part of the hosting mix. There are outside vendors that you can contract with if your host doesn’t offer a CDN but it’s been our experience that integrated solutions work best.
Mail Delivery Assistance
All websites send out emails at some point. Whether as confirmations back to the user for certain actions or notifications to you about certain events on the site, reliable email communications to and from the web server is a must. Unfortunately, this type of email has gotten harder and harder to send and be received reliably. Most email hosts, Google’s Gmail included, have gotten very strict about the source and nature of emails that they’ll allow into their systems. We used to spend an inordinate amount of time setting up specialized DNS records and fiddling with various nuances of email server configuration to try and present our emails in the best light and keep them from running afoul of the spam filters. Now we just point our email servers at the ones provided by the hosting company and they take care of the rest. It’s not an absolute guarantee of delivery but we found a much lower incidence of these web-generated emails being flagged as spam or simply ignored.
How important is security?
Discussing the security aspects of hosting would be a series of posts all by itself but we’ve found one bellwether to be to look at how locked down the servers are to access. The ISPs that require a VPN, encrypted tunnel or other secure method to access the server as an admin usually means that they’re more buttoned up on the security side of things. They know that the most common attack vectors into a website or server aren’t necessarily through the front door but via the back doors that we use to access the various consoles and admin functions. If you keep these doors locked tight, you’re going to keep most of the riffraff at bay. Yes, it does make the server more of a pain to get into and can sometime limit where you can access your server from but these inconveniences pale in comparison to the world of grief you’ll face if you server is compromised.
How important is longevity?
Another interesting correlation that we’ve seen over the years is what happens to a hosting company when they get bought. Invariably, they turn to crap. I’m sure that some might argue that mergers and consolidations in the industry have had a positive effect of the nature of hosting. I’m sure they help to cut costs and improve the bottom-line but the quality and consistency of service always suffers. We’ve had some wonderful relationships with smaller ISPs that turned to you-know-what once the ink was dry on their buyout. It’s just the nature of the business. Margins are razor-thin and something has to give in order to squeeze any financial benefit out of a merger. For this reason, we tend to stick with larger hosting companies that have grown slowly and organically, rather than through gobbling up system after system. Sometime it’s really hard to tell how a firm arrived in the shape that it is today. We usually know because we’ve been around for eighteen years and we’ve seen the convulsions this industry has undergone. But whenever possible, try to assess the genesis of your hosting company. If they mention more than two or three forebears in the “About Us”, keep looking.
Is it realistic to host the site yourself?
Unless you’re in the hosting business or a Fortune 100 company, it’s probably not a good idea to host your site yourself. I have no doubt that your IT department could eventually get really good at it but this is one place where cost considerations re-intrude. They’re never going to be as good for the price you’d pay at any reputable large-scale hosting firm. Let them manage the account and hold the hosting company accountable. Your IT department already got enough to do. This goes double for building your website.
So there it is. Yes, a cheap web host is tempting, but typically not ideal for business needs. We’re happy to share our thoughts on the best website hosting companies out there. We’ve got some strong recommendations, anecdotes and funny/sad hosting stories we’d be glad to regale you with. We can’t relate them here because that would be...indelicate. Drop us a line and we’ll chat.