Critical Factors in Selecting a Hosting Provider for Mission Critical Websites and Apps
Perhaps the majority of the time, our customers seek out advice in advance regarding hosting environments. Sometimes we recommend established hosting service providers we have had success working with over the years and sometimes we recommend public cloud environments. If our contract involves active maintenance and management, we lean toward Microsoft’s Azure Cloud. But there on a significant number of occasions we are asked to deploy the website and application solutions we create into hosting environments with established vendor relationships. Again, this works out fine most of the time.
But some recent events have demonstrated some of the challenges that can come from these arrangements. Twice in the last week we have been asked to jump in and help when a system or process has been disrupted by the hosting environment or the environment has not been available to assist when a disruption has occurred, resulting in significant outages, unnecessary heartache and costs, and more than a few sleepless nights for our customers’ in-house IT teams.
When we’re asked about what’s important to consider when choosing a hosting provider, here’s what we say.
We have seen well-designed and properly-coded websites costing tens of thousands of dollars fail because they were installed on $20 per month bargain hosting plans.
We are not criticizing inexpensive, shared hosting environments. They serve a real purpose. And if you have a simple, low-volume, brochure-site – a “static website” – you may not need more than that. But the majority of businesses want more from their website. Things like location-based services, custom applications, data-driven content, marketing apps, and more that have become common requirements for the modern business. Further, every increase in business flow increases the potential impact of website downtime on both revenue and satisfaction.
The point is that – if your website is important to your business – the dollar-cost of hosting is relevant only after other requirements are met. And that’s what we are going to talk about for the rest of this post.
Disciplined Update and Patching Procedure
Most of the time when people think of website and application hosting they think of resources – things like CPU (processors/cores), RAM (memory), and disk space. Those things are important, but the resource requirements are a bit different for every website and application depending on what you want to do with it. We’ll discuss resources a bit in a minute. But the truth of the matter is that – for all the talk of resources and datacenters and connectivity – the entire internet runs on software. It’s where the rubber meets the road and it impacts everything from Content Management Systems (CMSs), databases, and Operating Systems to network and firewall firmware.
No website was ever hacked and no data has ever been stolen because of insufficient RAM or a low-capacity fiber-channel. Simply stated, there is nothing more important to the overall security of your website or application than making sure that all the software in your technology stack is updated and patched.
Tech security is not just our mission, it’s one of our core values. So, it’s still surprising to us when we find hosting environments that have sub-standard and even non-existent updating and patching policies. But it’s not just important to make sure that updating and patching actually happens, but it has to be conducted professionally with proper communication and on a disciplined schedule that include scheduled maintenance windows.
That’s REALLY important because sometimes even a well-designed website or application can be disrupted by a software update. When the update or patch has been properly communicated and scheduled any conflicts that might present themselves can be anticipated and teams can prepare.
24-7 Support Is the Baseline
One of the issues we were brought in to help with recently was a situation where the client’s website went down for an unknown reason. The means “all hands on deck” to get the mission critical app back up and running. It also means that we need the help of the hosting provider. In this case, the hosting provider did not have anyone on site or on-call because the issue came up outside of their normal business hours.
In our opinion, high-quality 24-7 technical support is the standard these days at every price point. There just is no excuse for anything less.
Documented and Tested Backup and Restoration
No matter how exceptional the hardware and professional the system management, things still happen. Disks fail, data gets corrupted, sophisticated management systems cause occasional conflicts, and people make mistakes. That means backups are – and always will be – necessary.
Most hosting providers claim that they run back-ups. But the details matter. Here are the details you need to think about when it comes to back-ups:
- Is the host using modern, professional, and paid-for/supported backup solutions or are they using antiquated technology or un-supported/open-source solutions?
- Are they backing up everything or just the database?
- Is the backup stored locally (same disk array) or on a completely separate storage device? Geographic separation is best.
- How often are backups run and which backups are full vs which are incremental?
- Are backups available at any time via management portals or only through technical support upon request?
Obviously, we have our opinions as to the best practices related to each one of these topics. But the point is that – when your business depends on your website and application – you need to understand and evaluate these parameters. Further, you should test and verify that all backups are operating as expected b=prior to taking your project live in the production environment.
Having enough resources is important. But what “enough” is depends on the needs of the project. Importantly, in our experience projects require more resources over time – never less. This means that you need three things when it comes to resources:
- Breathing Room
Keep in mind that it is the hosting company’s economic interests to pack as many customers into as few physical resources as possible. The term used is “density,” and they have sessions at all the major hosting events with tips on how to get density ever higher.
It’s never a good to have your project hitting resource limitations on a server or cloud environment – especially if there is no more room to be had. If your project’s architecture specifications started out requiring 12 Gb RAM, but the latest database software update now requires 16 Gb, you do not want to have to migrate to a new server or cloud if it can be helped.
The best course of action is to allow for headroom across all of your resource requirements at the start AND to ensure that your hosting provider is managing density – not driving density – so that there is additional capacity at hand if it’s needed in a pinch. This is one of the reasons that large public cloud services have so much adoption – the extensibility is baked in to the infrastructure (ask us if you have any questions).
Updates and patches to software and firmware, professional 24-7 support, and effective backup protocols – these are the first things to evaluate when creating your short-list of potential hosting providers for your websites and applications. Having sufficient resources matters, but having ample headroom at the start and the ability to grow without headaches needs to be considered. And all four of those requirements should be defined and specified before pricing is even discussed.
We’ve helped many customers find the right hosting environments for their mission critical projects, and we’d be happy to help you too. If you have any questions, just let us know. We’re always happy to help.