Explore Sign in Sign up
Echo Reply
Computers, Science, Technology, Xen Virtualization, Hosting, Photography, The Internet, Geekdom And More

Shared Web Hosting Is Not Dead

Published on June 29, 2010 at midnight by XC

An old colleague of mine was telling me of his plans to finally, after almost fifteen years of working for someone else, start his own hosting venture. My first instinct was of course to offer this poor soul some Lithium, seeing that his existing salary as CTO is more than triple the amount of profit he could expect from a start up web hosting venture in the first few years. I listened patiently as he unveiled his plan to take over the universe one domain at a time when all of a sudden he completely shocked me:

“I’m not doing shared, too much hassle and nobody wants it. Cloud, baby! CLOUD!”

Interestingly, I was just in the process of setting up a re-seller account for another friend when he dropped in. I didn’t say much, I just let him finish. He was looking for a sympathetic ear and he found one, I am well known for being rather prolific in my development of tools to make Xen easier for web hosts. I don’t think he was expecting my reply, which was:

“All these years, and you still don’t get it.”

As a web host, you must accomplish several things to be successful:

Find and keep customers
Innovate without annoying customers
Find and keep rock star employees

Sure, there’s a little more, but the rest falls mostly on your data center if you are just getting started.

This list seems simple, but it isn’t. Lets go down the list one by one and you’ll quickly see that you are looking at several very deep rabbit holes.

The Planet – A Teaching Disaster

Published on June 5, 2008 at midnight by XC

About 7000 people got a health dose of Murphy’s Law when The Planet’s H1 data center exploded this week. Whatever can go wrong will go wrong. Whatever can’t go wrong will probably go wrong too.

For those of you who don’t follow the hosting industry, The Planet had an explosion in their electrical room knock out three walls and damage (beyond repair) a substantial amount of their power distribution gear. Automatic transfer switches that allow the generators to kick in were also damaged. The exact cause of the explosion is still under investigation, all we know is that a conduit exploded.

The bizarre chain of events that followed should be sending us all back to the drawing board to re-write our disaster recovery plans.
The best designed facility in the world with double redundant everything is not going to help much if the local fire department does not give you clearance to power up the generators for hours after an incident. Meanwhile, the facility will begin to get rather warm. Hold that thought for some personal reflections:

I once had to clean up a really big mess (I am an electrician). I was called in to a hospital where a sister company of ours had a guy working on some switchgear. He dropped his ratchet across some live 1200 amp copper bars which sent him to intensive care missing 2/3 of his skin and half of his face. I had elevators, patient care machines, operating rooms, everything .. all down.

Layered Technologies Hikes Prices

Published on June 1, 2008 at midnight by XC

Holy cost of doing business Batman! Layered Tech, one of the largest providers of leased & racked commodity servers has raised prices across the board one more time. The latest increase means an additional $20 per server per month (on average) for most customers.

I have received not one, not five, not ten, not twenty but over thirty emails from clients who have servers at Layered Tech asking for a quote to move in a hurry.

Apparently, only 30 days notice of the hike was provided. That means roughly three weeks to migrate, since re-sellers have to give their own customers some notice. I think I’m going to buy stock in whatever company produces that coffee-like powder substance that I mix with hot water and drink.

Xen And The Art Of Web Hosting

Published on Jan. 8, 2008 at midnight by XC

I’m working on a pretty comprehensive book aimed at helping web hosting providers adopt Xen for some of their offerings. Xen ‘out of the box’ is a really nice platform designed to make as many people happy as possible. Web hosts have special needs that require special planning, a guide to planning and implementing Xen for IAAS providers would be entirely useful.

I’m planning on releasing the work under the GFDL (GNU Free Documentation License) so collaborators are more than welcome. Contact me if your interested in participating.

Things to cover would be (but not limited to)

Physical layer and topology (switches, routers, etc)
Types of storage (quirks and benefits of each)
Selecting hardware for Xen nodes
Building from source vs relying on the OS packages
More in depth explanation of network options (bridging, routing, failover, shaping, throttling, etc)
Accounting system design (Bandwidth, CPU usage, etc)
Overview of many available tools (libvirt, enomalism, xen-tools and dozens more)
Logistical issues (distributed locking, migration, etc)
Administrative pitfalls

… likely, a lot more. It really is a book when you consider the topics like network storage. Almost an entire chapter would be devoted to explaining the differences between using iscsi on dom-0 to feed guests block devices from network storage, or just using initiators in the guests. AoE, lvm/clvm, gfs and ocfs2 have their own quirks when it comes to Xen as well.

Ci Host Robbed At Gunpoint (Again)

Published on Nov. 4, 2007 at midnight by XC

Its been disclosed, yet again, that CI Host Chicago was indeed stormed by armed robbers who stole 20+ servers and assorted network gear on October 2nd. This makes the fourth time since 2005 that CI Host Chicago has been robbed in this manner.

CI Host delayed disclosing the theft of their customer’s co-located computers for several days, maintaining that the machines were not available due to a core router issue.
Rather clever thieves used a high power industrial saw to cut through the building’s exterior wall which permitted them entry into the data center. The robbers tazed, beat, blindfolded and bound the night manager then proceeded to remove computers, many owned by CI Host customers.

The event has triggered a mass exodus of CI Host customers to other facilities, many citing feeling most disturbed about the lack of immediate disclosure regarding the thefts.

This is why bomb shelters make great data centers More about this is available at The Reg, Slashdot and Web Hosting Talk.

Lying to your customers is never, ever a good idea.

Why Always Blame The Web Host?

Published on Oct. 28, 2007 at midnight by XC

A friend of mine (and operator of a small hosting company) was chatting with me about a client who insisted that his web site was hacked because the “server was insecure”. Every time I hear that, I chuckle. I’m hearing it at an alarming rate lately, as many people are getting fed up with larger hosting companies and seeking better, more personal service.

Clients want easy access to the person who can “get things done”. I’ve picked up lots of business simply because I allow clients access to my various instant messenger IDs, for instance. I don’t think people realize that using smaller companies means a bit more work on the customer’s end.

Moving is a hassle and comes with risks. Most of you are well aware that changing your web site’s IP address results in a month long sag in search engine referrals. Many blame their new host for this phenomenon, not knowing any better.

Some move, finding their web site hacked only hours after changing hosts. Since the only thing different is the host, it must be the host’s fault that the hack was successful, right? That train of thought is just plain incorrect and rather dangerous. Every web host has a slightly different setup, from firewalls to Apache configurations. Some use programs like Snort or other custom string matching packet inspection to filter out nasty hack attempts, preventing hackers from even reaching the web server with malformed requests.

Virtualization Does Not Decrease Security!

Published on Oct. 26, 2007 at midnight by XC

Theo de Raadt made some rather general (and sweeping) statements regarding how virtualization might or might not increase or decrease security. I’m not at all concerned with the things that he suggests.

Many programmers have never had to deal with the hosting (IAAS) industry. When you sell access to GNU/Linux (Or BSD) computers to anyone with $5 and a PayPal account or credit card, your administrative world becomes rather interesting. We, (IAAS providers) have literally no control over what users of our network are going to upload and do with the resources that they purchase. Virtualization is our only real hope of damage control.

Minimizing the reach of potential damage at the application level through the use of a well known, tested and proven hypervisor such as Xen DRAMATICALLY increases overall security. Raadt failed to realize, the level of increased security obtained through virtualization is completely relative to how volatile the network in question was prior to adopting the technology.
Raadt argued that since x86 platforms do not provide suitable page protection (and isolation) that every hypervisor is inherently weak. He’s not incorrect about the intrinsic quirks of the x86 architecture, however, show me one exploit? Show me one vulnerability in Xen (besides a quirky python boot loader) that has been exploited causing a breach. The pygrub issue does not represent the type of hole he’s describing. He can’t demonstrate an exploit, there isn’t one.

How Busy Is Your Xen Host?

Published on Oct. 22, 2007 at midnight by XC

Several people have written to me asking how to determine how ‘busy’ their Xen hosting provider’s servers have become. I just love new buzzwords, ‘busy’ now indicates how many VPS accounts that a web host packs on a single machine.

To scope out a Xen host, you need to ask them some questions about their processors, drives and network hardware. Xen does not ‘burst’ resources to any single VPS. By default, Xen gives each VPS on the server an equal share of resources, proportional to how many CPU’s the VPS is assigned.

Once your VPS has booted, Xen will not take away from your assigned memory. If you booted with 256 MB, you will keep 256 MB. Nobody else can use your RAM unless the host ‘shrinks’ your VPS to free up memory in order to give it to someone else. You’d notice this quickly. If you want to make sure that you buy a VPS that really delivers everything that Xen has to offer, here’s some questions to ask your host and explanations of why to ask them:

What kind of processors are in your Xen servers, how many are there?

You want to hear “2 way dual core (something)” , ask them for a link to the type of processor and motherboard that they’re using. This is not “top secret” information. You want to see something (relatively) new.

Do you pin your VPS’s on certain cores to balance things out, or do you just rely on Xen’s credit scheduler to give equal share?

A Xen host can give your VPS (in theory) up to 32 CPU’s. Most give out 1, 2 or 4 depending on what you pay.

Net Industries Are Shifting Away From Outsourcing

Published on Oct. 3, 2007 at midnight by XC

I’m a freelance consultant, technically, I am ‘outsourced help’. I’m starting to see a trend (at least in the ISP / hosting industries) to shift away from outsourced help and hire people in-house.

I still get work, not many people know how to do what I do. The freelancing industry leaves you with a feast or famine income, when its time to eat there’s plenty, you better put some away for the unpredictable slow spells. Sometimes I feel like a squirrel.

Many hosts are now placing job ads mandating U.S. Citizens rather than putting their projects out for bid on popular freelance resource sites. Being curious by nature (and watching my nest eggs) I have to wonder what sparked this trend. I am a native ‘Baltimorian’ however my IP address often says differently due to traveling. There are several possibilities that I’ve considered, I’m not yet done considering –

American English is very difficult to understand for those who were taught a more international form of English. Jargon, idioms and metaphors are extremely confusing. I’ve been in Manila for over three years, I had to completely re-train my written and verbal English skills to be properly understood. Many find difficulties in communicating more frustrating than the worth of the contract employee. Customer complaints have quite a bit to do with this.
Security concerns are a big problem, especially for ISP and hosting companies.

Shared Hosting, A Very Bad Idea.

Published on Sept. 25, 2007 at midnight by XC

I’m going to describe a horror story. It might not be scary for you, Mr. I own 20 servers, however it is scary for many people who rely on their web site for income.

Let us make a test / meta case, joe.com . Joe likes, .. (hmm) baseball. So, Joe spends the time needed to learn PHP programming and develops a community that focuses on baseball. His favorite team is the .. (hmm) wilderbeasts.

Joe purchases hosting from xyz host, which promises ‘superior’ everything. He develops a custom web presence that does very well, he spends lots of time marketing his web site. Joe now has 1500+ users who view his site daily, some of them click on his advertisements which helps to fund Joe’s monthly paycheck.

Joe is an out-of-work IT guy. No job, he’s too old, his job was sent to India.

Joe pays the $35 that xyz host wants, uploads his stuff, everything is going well. A month later, the Wilderbeast team makes it into the world series. Joe publishes a commentary which is picked up on Digg.com. Out of the blue, Joe’s web site gets 2 million visitors, because of Digg and how many people use it.

Sadly, Joe’s host terminated his account, wiped all of his data and databases and sent him packing because his web site was over-using server resources and interfering with the 500 other domains hosted on that server. Now Joe’s 1500 users go somewhere else. Bah, why must this be?

Sound familiar? Joe became a victim of his own success.