WDTalk

Virtual private servers (VPS) – have historically offered some middle ground between shared web hosting services and dedicated hosting services, both in control and cost, but recently the gap in cost between virtual and dedicated servers has diminished … making upgrades from shared to dedicated web hosting very attractive.

A virtual private server separates you from – other customers on a physical web server, running on a copy of its own operating system, but it shares CPU and RAM resources of the physical web server with other VPSs running on that server.

A dedicated server, on the other hand, is – a physical web server leased and controlled by the end client, without sharing physical CPU and RAM resources with other sites. Its very much like owning your own server, without the huge capital asset investment.

Most hosts offer a mix of unmanaged versus managed services for dedicated servers. Unmanaged plans typically offer the basics – the hardware, operating system, control panel and Internet connection.

In a VPS, a single physical server is partitioned – so that it appears as multiple servers. The physical server boots normally, then runs a program to boot each VPS within a virtualization environment.

There are two kinds of virtualizations – software and hardware based. Software based environments share the same kernel and require the main node’s resources. In a web hosting environment, quota incrementing and decrementing in real time is possible without restarting the node. In a hardware based virtualization, real hardware resources are partitioned, eliminating burst or real time quota modification. This lends to a (potentially) more secure environment.

With a dedicated server, you have – more flexibility and control. Dedicated servers have historically been the server of choice for complex business or high end eCommerce sites, but have recently become very popular substitutes for VPS servers and less complex solutions.

Dedicated servers housed in data centers offer – redundant power sources, HVAC sytems, state of the art security and advanced performance services.

The bottom line: Moving websites from a shared environment to either a VPS or dedicated server is a significant event. Its a major upgrade in the IT infrastructure supporting your business. Whereas the move from shared to dedicated was historically cost-prohibitive, and VPS offered some middle ground, technology has rapidly evolved to narrow that gap.

Upgrading should be based on more than cost

Upgrading your IT technology, in this case to VPS or dedicated is now a business decision based on more than cost. It’s based on resources you control that will map your business success for years or decades.

With the price gap narrowing, dedicated services are rapidly becoming the plan of choice for business savvy entreprenuers.

Updated April 1 2011 – This is still HIGHLY relevant. See this story.

December 2009 – I just read an article this afternoon about the fastest growing security threat in the hosting industry. Apparently this threat has grown over a hundred fold in just the last year alone. What is it?

SQL Injection

Why have SQL injection attempts grown so dramatically? It was pointed out, and I agree, because the bad guys are using (very sophisticated) automated tools. More and more, we’re seeing attempts not only to be disruptive, rather to be focused on identity theft. Anyone remember Heartland Payment Systems and TJX?

Who is Susceptible?

Certainly, if you’re processing lots of credit cards, you need to guard against SQL injection, but even if you aren’t, this exploit needs to be addressed. I did a quick Google search for SQL injection prevention and stumbled upon an SQL Injection Cheat Sheet at http://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet. Since most SQL injection exploits are due to lax coding and poor application design practices, prevention measures like those outlined on this site can significantly minimize your risk of being compromised.

From Owasp.org

“SQL Injection flaws are introduced when software developers create dynamic database queries that include user supplied input. To avoid SQL injection flaws is simple. Developers need to either:
a) stop writing dynamic queries; and/or
b) prevent user supplied input which contains malicious SQL from affecting the logic of the executed query.”

Web design has become a hot topic recently (updated)

Everywhere you look, there’s advice on what works and what doesn’t work in web design (including coding for SEO). While the intent of websites is to convey information, the design of your site weighs heavily whether anyone will actually find and read your content. If you’re running ecommerce, design becomes critical.

Users spend most of their time on OTHER websites
Their experiences on other websites form their expectations for YOUR website. Take some time to research what others in your industry are posting. Your competitor may market inferior products and services, but still outsell you online. Why? The perceived value of their products and services may be enhanced because of the way they’re presented online.

What turns users OFF?

• Excessive use of flash
• Poor navigation
• Excessive use of animated GIFs
• Obtrusive background images
• Unreadable font and background color combinations
• Clutter
• Blinking or scrolling text
• Blatant keyword stuffing
• Irrelevant content based on their search query
• Broken links
• Splash pages with no important information
• Internal links that pop up in new windows
• Itty bitty type points
• No way back to the previous page
• No way back to the home page
• More than 2 or 3 consecutive words in ALL CAPS
• For ecommerce – NO PRICING
• Poor grammar
• Audio with no OFF option or auto loading
• Loooooooooooong paragraphs
• Embarrassing misspellings
• Slooooooooooooow page loading times

What turns users ON?
This ties directly to what users become accustomed to on other sites. You don’t have to spend thousands on design work – just enough to give you an edge or a niche. Of course, these help:

• Effective use of flash
• Fast page load times
• Appropriate amount of white space
• Relevant content based on search query
• For ecommerce – PRICING
• Inuitive navigation
• Unique theme with READABLE font and background color combinations
• Professionally written content
• Easy to get from Point “Search Query” to Point “Buy”

Recommendations

• If your plan is to make money from advertising, then go for a ratio of not less than 70-80% editorial to 20-30% advertising.
• Avoid pop up windows unless it’s for a feature like LiveChat.
• Compress your images to increase your load times.
• Don’t make any line of text longer than 500 pixels. Longer lines of text make it difficult for the viewer to scan back to the next line.
• Increase your leading (the space between lines) to at least 1.5. This will help readibility.
• Don’t underline words if they’re not hyperlinks, and do use color/descriptive words to highlight links.
• Test your links frequently to assure they’re functioning correctly.
• Don’t hotlink to other sites (other than your own).

Successful websites, in other words – sites that receive lots of relevant traffic, incorporate measured amounts of white space to:

• Ensure legibility & readability
• Enhance attractiveness & professional image, and
• Solidify brand awareness 

Cross Industry Tips
White space is any space that isn’t occupied by other visible elements. This can be the space between characters, words, lines, paragraphs, images and sections of your website. Whereas the direct mail industry leans to big, bold and in-your-face (minimal white space) because that’s what works for them, this strategy doesn’t transcend well to websites.

The newspaper industry has a term called “above the fold.” I used to be newspaper reporter (long ago), for a small weekly published in Pensacola, FL. In terms of value, everything on the front page was gold. Who wants their story buried 6 pages back? Websites share that dilemma as well. Everything displayed without scrolling attributes to first impressions.

Whitespace Balance
While a large part of the battle is just getting prospects to your site, the next battle is keeping them there. If you use too little white space, your site may appear cluttered, and too much white space, seem empty. White space is an important facet of a website’s design, as it compliments your site’s content, helping to emphasize your products or services.

White space helps navigation
Active white space, or white space that’s intentionally added, can help visitors to your site navigate easier, by providing structure for your navigation bar, content, header and footer. Content that is structured and follows a predictable pattern throughout your site helps visitors find the information that brought them to your site from search queries or other marketing strategies.

Passive white space, on the other hand is not so clearly defined. Some say it’s the product of poor layout design. Others contend it’s more about modifying space to improve the readability of your content – type family, letter spacing, line length and leading (space between the lines). These tie directly to readability and legibility.

Readability and Legibility
You can have the best, well thought out and researched content, but if it’s not easily readable, your visitors will move on to other sites. If your selection of color schemes – font versus background colors clash, your visitors will move on to other sites. If you write in long unbroken blocks of text, your visitors will …. you get the point!

An example – which is easier to read?

Hard copy newspapers are expected to have dense content, but they still need to be readable. Websites, on the other hand, need an industry specific blend or balance of white space. Generally, the more upscale your product is, the more white space is used to portray its value. Overlaying images of  products on your website with cluttered or in-your-face bold text diminishes the perception of its value.

How does white space brand your product or service?

My recommendation
First, research what your competitors are presenting online. Why? Because your visitors either just came from their site, or will visit their site after leaving yours. Comparison shopping on the Internet has never been easier. What will set your site apart, aside from your Unique Selling Proposition (USP)? Optimizing your site for the right balance of white space may not seem important, but image or the perception of value is so much more important than it used to be. Selling on price alone rarely works long term. Branding your business image helps you own your niche in the industry.

I bought a memory enhancement program in the mid 90′s to correct for what I thought was memory leakage. I noticed my computer running slower and slower, even after defragging my huge (60MB+) hard drive. That technology has improved over the years, but memory leakage issues still persist.

Memory leakage can cause serious problems
While most memory leakage is quite small and doesn’t present any serious problem in and of itself, the accumulated effect of running programs for hours on end can compound problems, sometimes leading to disastrous results.

So what is memory leakage, exactly, and how can we resolve it?
My original understanding was that certain programs, when closed, did not release their allotted space in memory – thus reducing the amount of memory available to other problems. Memory leakage is so much more complex than that. A slight bug in one program might interact with some other program causing increased allocations of memory until some program crashes (not necessarily the program with the leak). As a consumer, how would you know where to begin to isolate the cause? I’m not a developer, as I suspect most of us aren’t. Debugging code is best suited for the programmer geeks. I started my quest for answers with searches on Google, Bing, Yahoo and Wikipedia.

From Wikipedia
In computer science, a memory leak is a particular type of unintentional memory consumption by a computer program where the program fails to release memory when no longer needed.

• From Google – over 3.4 million results
• From Bing – over 8.1 million results
• From Yahoo – over 10.6 million results

I don’t really have time to search through 22 million results, so I’ll highlight a few results here.

Some contributing causes of serious memory leaks

• Leaks inside the operating system itself
• Leaks in system critical drivers
• Leaks in embedded devices
• Leaks in programming languages
• Leaks where programs are able to request memory that hasn’t been released, even when the program terminates

Memory Managers
Most memory managers can recover memory that has become unreachable (if it’s unreachable it retains no value), but they normally cannot free memory that remains reachable. And it’s worth noting that there are levels of reach ability – with strong or weak references. Add to that, every system has a finite amount of memory anyway, so if a memory leak is not contained (possibly by a reboot), it will eventually cause problems.

A simple Google search for Memory Management Programs returned over 68 million results. Yipes! A word of caution – many of these programs are outdated and in fact, produce some overhead of their own.

If you have a recommended program, please share its strengths and weaknesses with us here.

Is your mission critical data backed up and protected?

A quick Google search for remote backup software returned 6,810,000 results. I’d say that’s significant. I think everyone agrees that mission critical data needs to be backed up, but how is debatable. In the hundreds of businesses I’ve serviced over the years, most in-house IT departments used DAT tapes. Very few actually physically removed those tapes from their premises every day. Even fewer remotely backed up their data. So maybe the better question to ask would be, “To what degree is your mission critical data backed up and protected?”

As an ex-RMA Manager (for a local networking firm), I witnessed quite a few defective DAT drives doing hard time on my shelves. I’ve also seen my share of managers scrambling to recover lost data following “unscheduled events” like virus contamination or hacks. Do you think it can’t happen to you? Keeping your fingers crossed isn’t the wisest strategy to ensure your business’s continued success.

Disaster Recovery and Business Continuity Plans are Important
I always recommend incorporating comprehensive disaster recovery and business continuity plans, then periodically reviewing their effectiveness. One part of that plan should be remote offsite backups. Very often, incorporating a remote backup is as easy as downloading a software client onto your network server or personal computer. Many have setup wizards to walk you through the steps of connecting to the backup server, setting up your backup sets, creating a backup schedule and setting a secret encryption key. Typically, backup sets can be configured to run in a variety of ways – backing up data files at the end of the week or your My Documents folder multiple times per day.

Remote backups traveling across the Internet need to be encrypted so that you and only you have the ability to decrypt your data. I recommend programs that use DES, Triple-DES, Blowfish or Twofish algorithms for encryption.

Measuring the success of the data transfer is important. Look for programs with email notification of successful backups or backups with warnings (with log files attached).

Once your data is remotely backed up
Ok, you’ve backed up your data, but now have a need for one file, or an entire volume of data from two months ago. Is this possible? Simply answered – Yes. There are programs that allow instant access to any version of your data files, from the initial backup to the last incremental backup and EVERY version in between.

Locking down clients
Locking down clients simply refers to implementing procedures to protect critical backup sets from being accidentally changed or deleted, while flexible enough for administers to view and change those settings that control the level of usage each client is offered.

When to backup?
Most organizations schedule backups in the evening, during lulls in their business operations. Some programs allow you to run in silent modes (in the background) without displaying any Windows or Task Bar icons – allowing you to run backups throughout the day.

What if my backup gets interrupted?
Let’s say you start a backup and you lose power. Will the remote server retain the ongoing transfer, or bite the bullet? Features like event managers allow you to resume interrupted backups.

Does remote backup software offer file filters?
Most do offer file filters that allow you to include or exclude files from the backup selection, mostly via file extensions.

Just the tip of the iceberg
There are so many things that can and do go wrong in business every day. One thing is for sure – if you have hardware, particularly IT hardware, it will go down sooner or later. Power supplies fail, memory modules flake out, hard drives crash, DAT drives melt down – stuff happens. Some issues can be resolved in minutes or hours, but others may take days or weeks.

Backing up your mission critical data is – an integral ingredient to averting disaster, but just the tip of the iceberg in developing and managing a comprehensive disaster recovery and business continuity plan that will ensure your business’s continued success. Step back and ask yourself, “What if?” What if a disgruntled employee, possibly a sysadmin, corrupted your main servers, then disappeared? What if your building burnt to the ground? What if that DAT drive refuses to release last night’s tape – holding it hostage with a strangle hold on its recording heads? What if? What if?

RAID is NOT a back up solution!!

RAID is a Redundant Array of Inexpensive Disks, designed by combining multiple disk drives into an array of disks. Why? To yield performance? Yes. To act as backup? No. Yet, many resellers still mistakenly believe a RAID solution sufficiently protects their data, and neglect to backup their mission critical data remotely or to tape. The Mean Time Between Failures (MTBF) of a RAID solution is the MTBF of an individual drive, divided by the number of drives in the array. You’re thinking, “Well, wait a second. This means that the MTBF becomes lower, not higher. How does that help?” Keep reading.

Disk arrays are designed to provide fault tolerance by redundantly storing information in a variety of methods.

RAID-0

RAID-0 is a striping solution. In level 0, data is split across the drives, resulting in higher data throughput.  Performance is enhanced, but the failure of any disk in the array results in data loss.  For improved performance in RAID0 solutions, synchronized spindles are recommended, especially when allocating small stripes. RAID0 solutions provide NO redundancy.

I would only recommend using RAID-O only if the data there is transient, as it WILL be eventually lost. Here especially, maintain remote offsite backups because of the increased risk.

RAID-1

RAID Level 1, on the other hand, does provide redundancy by writing data to two or more drives.  Reads tend to be faster, but writes slower as compared to a single drive, however if either drive fails, no data is lost. This is commonly called mirroring and only requires two drives.

If you have a failure of a single drive in a RAID1 array (either software or hardware) all you would have to is put a new drive in and tell the controller (or the software drivers) to rebuild the array. This is considered replacing a failed drive of an existing RAID array.

RAID1 is not economical past four hard drives. RAID1 OS disks are well worth their expense.

RAID-2

RAID Level 2 is intended for use with drives that don’t have built-in error detection. Unfortunately SCSI drives do support built-in error detection – not a good mix.

RAID-3

RAID Level 3 stripes data at a byte level across several drives, with parity stored on one of the drives.

RAID-4

RAID Level 4 stripes data (at a block level) across several drives, with parity stored on one drive. Parity facilitates recovery from any failed drive. Read times are the same as RAID0 and writes (even though relatively fast), require parity data to be updated each time.

RAID-5

The difference between 4 and 5 is that parity is spread across all drives in the array. Parity is no longer a bottleneck, but reads are slower than RAID-4.  You win some – you lose some.

As the disk count increases in a RAID-5 array, so does the storage efficiency. This is because there is one disk’s worth of redundancy (parity) per array. For example a 3-disk RAID-5 has one disk’s worth of parity and two disk’s worth of usable space, therefore the efficiency is 67%, i.e., 67% of the total disk space is available for user data.

Efficiency = (DiskCount-1) / DiskCount

A degraded RAID-5 is an array with a failed disk. If the user tries to read a block on the failed disk the RAID software will have to access all the other disks in the array to reconstruct that missing data. However if the user tries to read a block on one of the remaining good disks then nothing special happens. The data is simply read from the disk.

RAID -10

RAID10 is a combination of mirroring and striping. Each disk block is completely duplicated on its drives mirror.  If a drive in the RAID10 array dies, data is returned from its mirror drive in a single read with only minor performance reduction. What happens though when you lose the mirror drive during recovery? Ouch!

Still most hard drives failures are related to manufacturing defects, so one pro-active approach is to mirror each drive with one from a different manufacturer’s lot number.  I’m still reading a thread in one forum about massive simultaneous Seagate 1.5TB drive failures. Multiple simultaneous drive failures in any RAID array is not as uncommon as you may think. Think about this. Most companies buy the hard drives they install in servers from preferred vendors, and buy in volume to get discount pricing. If there’s a manufacturing defect in that lot of hard drives, the MTBF of each of those drives is very similar. When one drive fails, does it put a heavier load on the remaining drives in the array? Hard drives have moving parts, thus will eventually wear out. RAID cards do fail as well, but that’s very rare.

RAID arrays provide a buffer to swap drives without powering down, but it’s still very necessary to maintain offsite remote backup in case your server completely crashes. Years ago, I had a client bring in a server that had lightning damage – charred black components – DOA.  Minus a RAID array (in this case, the server was fried – LOL), you can still recover from backups. Downtime is the persuasive consideration, as your customers will notice, thus increasing the likelihood of churn. If your site gets hacked or you accidentally delete half your root partition, RAID will provide no protection.

The common (minimum) configurations are 2 drives in RAID-1 and 4 drives in RAID-10 as that is the most economical setup to get an array benefit. RAID-5 can be provisioned with 3 drives to give you a stripe and a parity drive.

Hardware versus Software RAID Solutions

Software RAID solutions occupy their hosts system memory and CPU resources (system dependent) – degrading overall server performance. Hardware RAID solutions allow the host server to execute user applications while the array adapter’s processor simultaneously executes the array functions.

What about fault tolerance?

Software based solutions generally require a separate boot drive, which is NOT included in the array. If the boot drive is in the array and it fails, the software array will not boot, as it must be read from the disk and executed from resident memory.

Hardware arrays are highly fault tolerant since its array logic is based in hardware, eliminating the need to boot from software.

Horror stories of multiple simultaneous drive failures in RAID arrays

I’ve seen threads pop up in forums, a little more frequently, about multiple simultaneous drive failures in RAID arrays. I recall an episode related to Seagate hard drives. Seagate’s SD1A firmware update, meant to fix problems with its Barracuda 7200.11 models, only managed to make things worse-bricking the drives of those who bothered to install it. They pulled their update pending validation. Barracuda owners who flashed their disks with the firmware found that after they rebooted, they’d receive a system disk failure error message. Backups, if they were stored on the same drive that was flashed, also became unavailable. Wait a moment! Who does backups on the same drive? I saw one analogy that went like this. It’s like installing seat belts in a car, but not allowing you to buckle them until you’ve been thrown through the windshield.

I’ve seen threads from quite a few furious OPs in various forums flaming their hosts because their mission critical data was lost forever because of multiple simultaneous drive failures in a RAID array on their server. When they picked their host, they were on the same forums asking for FREE this and FREE that – lowest cost – yet the data they intended to entrust to that host was mission critical to their business. This whole concept slays me. Your data is your business.

My recommendation

My preference is hot swappable hard drives – always have a hot spare, and if possible a second hot spare. Be sure to back up your data remotely and on tape. One hardcore statistic is that over 80% of companies that have lost their data go out of business within one year. Don’t allow yourself to be part of that statistic. Don’t rely solely on RAID array solutions to protect your data. Make them one part of a disaster recovery and business continuity plan. Redundant solutions (remote and tape back ups) should be a vital component of that plan.