AnyHosting

I’ve been experimenting with managed hosting lately. I ended up going with Fastservers.net for a pilot project, and so far it’s been totally smooth.

So far I’ve only had a West Coast US presence, and managed seems like the best way to get an East Coast and European presence (FS has datacenters on both coasts, as well as in Amsterdam and Tokyo).

I requested quotes from over a dozen different vendors, the primary reasons I went with them had to do with:

• responsiveness - they actually got back to every email, did not ask repeat questions, etc.
• upfront pricing - they included prices on my quotes, and did not hesitate to break it down for me to use for my internal reporting
• turnaround time - in addition to server/network uptime, their SLA covers bringing up new servers (within 24 hours) and hardware replacement (within 2 hours).

Anyway, exciting stuff. I should be able to go live with them very soon, going to just go with round-robin DNS for the initial launch, although I am starting to look into hosted GSLB vendors. I’m not sure that GSLB is such a great thing, but it seems like a marginally acceptable choice among the set of complete bagbiting loser WAN load-balancing methods out there that we have to work with out here in the real world (with apologies to jwz).

Now that I’ve settled into my new day job, I am going to start blogging here and working on web stuff again.

I’m getting very interested in the analytics and accounting side of things, so expect to see more of that here! I’ve got some articles in the pipeline, too.

In particular, I’m very keen on exploring more about how small businesses can take advantage of hosting services (managed hosting, cloud computing, etc. etc.) and how to determine when it makes sense to build your own infrastructure.

All the buzz about “cloud computing” is great, but isn’t it just a rehash of “dumb terminal”, “thin client” computing, that lost out big against the PC? Yes it is, but not for long; the browser does not need to be the modern equivalent of the terminal, chained to the call/response of HTTP requests in order to provide applications.

I wrote about this a while back, but I think it bears repeating.. HTML 5 includes support for “offline” applications, including client-side storage, which means that that in current and upcoming versions of Firefox, Safari, and Opera will support running web applications locally on the user’s computer, without needing to be in constant communication with the server.

Instead of asking your users to install your application in the traditional sense, visiting the website that hosts your application will cause the client to download and store everything needed to operate on the client side. The application can detect whether or not the computer is online, and attempt to connect to needed real-time, syncing, and other web services as needed, and only interrupt the user if absolutely necessary.

This means that the questionable reliability of having all of your applications hosted “in the cloud” is greatly mitigated, and impact on the end user is quite minimal. Even if your entire site is down, there’s no reason for that to interrupt the user of your snazzy application; in fact, with cross-site AJAX support, the user can continue to fetch and transmit data with other websites (I’m thinking a real-time price comparison site, or something like that, which today would be implemented completely server-side and just fall over in this scenario), so it may be totally acceptable for your site to receive the queued up responses from clients when it comes back up, depending on what your application does of course.

For IE support, you could use something like Google Gears or Adobe Flash’s offline capabilities, until Microsoft catches up to the rest of the world. This is the biggest pain point of the brave new offline world right now, however it’s a very real concern as Microsoft IE still has around 70% of the global web browser market share.. If this is something you need, check out Dojo’s storage classes as a high-level library to abstract away these details for you; if you’re doing a serious AJAX site nowadays you really should be using or at least intimiately familiar with the great toolkits like Dojo, Mochkit, JQuery, etc. There’s no need for handling each browser/version case by hand nowadays, unless you have a really good reason.

There’s a ton of business advice out there, and I tend to get one idea stuck in my head - do one thing, and do it well. There’s a similar idea behind the concept of the Unix shell and commands, although arguably fragmentation has muddied the waters quite a bit.

The tough part seems to be balancing what you think you do best against missed opportunities. Amazon saw the potential to lease out it’s datacenter, which is a huge shift toward developer-facing web services, from direct customer-facing web sites.

I don’t know yet whether this is a good or bad move for them, but it certainly takes guts. I wonder what kind of internal decision-making route this took, to get from someone’s idea to final implementation; it’s surprising to see this from a company already seeing huge success in it’s core business.

I guess I can see parallels in Google and Microsoft, who were able to parlay dominance in one area to success in others. Still, they tend to only actually be wildly successful in one area, and use that to support ventures in the others.

Not sure how I missed 3tera before, they look like an interesting entrant to the “utility computing” market, which everyone is excited about again since Amazon’s got into it.

I haven’t really done my due diligence on this company yet, but I checked out the slick demo  (bonus points that it shows their app running in Firefox, takes the worry of cross-browser compatbility off the table) and have been reading back issues of the blog, and it sounds like a pretty solid offering.

If you don’t have time to watch the demo, in a nutshell it looks like you can architect your own virtual datacenter using their browser-based drag’n'drop schematic editor, including things like load balancers, and they automatically instantiate everything for you.

The Dynamic Appliance idea sounds pretty cool, as the idea of being able to seamlessly tap into more supply when demand runs high (and not pay for supply when demand runs low) seems to be the whole point of the utility computing thing.

I worry a little about what happens to my servers if this company goes away, or if they’re bought and put into maintenance mode, etc. but this is a pretty normal worry for any company. I think open-sourcing more of their stuff would assuage this a bit since I wouldn’t necessarily have to reconfigure everything to move to a competitor, but I can certainly understand their business reasons for not doing this.

However, like I said I haven’t looked at them in-depth yet, so take these worries with a grain of salt. Hosting providers of all flavors are susceptible to this kind of thing, as they often have their own home-grown or customized administration software, so it’s generally a pain to move between different providers.

I think that to be a true commodity, switching between providers has to be no-brainer as it is for services like telephone and electricity: you get the same dial-tone and same voltage, just at a different pricing model. I think this issue will be forced if the utility computing idea really catches fire this time.

I’m thinking about doing series of how-to style articles on more technical subjects, here are some thoughts on a starting point: how to install and use Ubuntu Server, with AnyHosting as a case study.

AnyHosting currently uses Ubuntu Server (LTS) on a Rimuhosting.com virtual host. Ubuntu is very easy to install and use as a desktop, but if you haven’t done administration purely from the command line then Server can be a bit daunting. There are excellent starter guides and forums on the Ubuntu website.

Services

The following external services are provided (description followed by Ubuntu package name) :

• web server - apache2
• SMTP(+SSL) email server - postfix
• IMAP/POP(+SSL) email server - courier
• FTP - proftpd

Additionally, there are some internal services running, which are not visible from the internet (blocked by the “iptables” firewall):

• Database - mysql
• Monitoring/auto-recovery service - monit
• Automatic installation of security updates - cron-apt
• Log monitoring and reporting - logwatch logcheck
• Append-only network backups - rsync

Security

All unused ports are blocked. Any connection attempts are logged and reported. FTP and email services authenticate against the database, so clients do not need system or shell accounts.

For shared hosting, Apache is configured to proxy to chrooted installs which users have access to (as discussed previously). This is not as secure as having a real separate VM or better yet a separate machine for each web hosting client, but therein lies the dilemma of low-cost shared hosting versus moderate-to-high priced dedicated hosting.

The primary goal is to protect legitimate users from eachother; protecting the system from unauthorized intrusion (and detecting such intrustion) probably deserves it’s own series of articles, however the last few services listed in the “Services” section above should give some clues.

EDIT 01/14/08 18:33 PST - logcheck, not logwatch

If you run your own web, email, or other services, you need to be notified if these services are not up and running. There are tons of great choices available; which is right for you depends on your needs (how many operating systems do you support, what is your tolerance for complex configuration, how large of a system are we talking, etc). Two that I’ve used and can recommend are Nagios and Monit.

I’ve used Nagios in mixed Unix/Linux/Windows/MacOSX environments, and although it’s fairly time consuming to configure, it’s definitely very powerful. The workhorse of a Nagios system are plugins, which are simple Unix commands (they just return an exit code and optionally an informational message to tell Nagios whether the service is OK, in a warning state, or critical).

There are tons of Nagios plugins already written, which can check disk space, load average, monitor a specific TCP port, etc. Custom plugins can be written in any programming language that you like.

Nagios has a bunch of features like escalation (e.g. paging an on-call person if the service is down after an initial email), attempting to restart services, a web interface to schedule planned downtime and acknowledge outages, etc.

Nagios is great, but as I said it takes a little while to come up to speed on configuration, and if you only have one host it might be a bit more than you need. A much simpler system that I’ve been using on standalone hosts lately is Monit, which primarily exists to attempt auto-recovery and alert when service outages happen.

For example, if you want to try restarting your MySQL server before being paged, that’s really simple to specify in monitrc (the Monit config file):

check process mysql with pidfile /var/run/mysqld/mysqld.pid
  start program = "/etc/init.d/mysql start"
  stop program  = "/etc/init.d/mysql stop"
  if failed port 3306 then restart
  if 2 restarts within 3 cycles then timeout

You can also use Monit to restart or stop an application if it uses too much CPU, spawns too many children (as Apache does for each incoming connection), starts taking too much memory, etc. which can help to mitigate bugs and deal with denial of service attacks.

Monit isn’t a client/server system like Nagios, but this does not necessarily preclude you from configuring it centrally if you use a good deployment system (that’s a subject for a future blog post, though).

I’ve put up an article on Web Hosting Basics - the bare necessities of running your own site.

However this doesn’t really tell the whole story, so I’m going to start working on first blogging and then writing followup articles on the major themes, in no particular order:

• purchasing a domain
• choosing a hosting provider
• promoting your business

If hosting yourself:

• running a web server
• running an email (SMTP, POP, IMAP) server
• backups
• monitoring

I’ve just put up a new article in AnyHosting’s article section - “Reliable, scalable, and growable web services“.

This touches on a few of my previous posts,  just trying to distill it down for anyone out there searching for some basic information.

There have been decades-long arguments over which is better, the thin client or fat client approach the network computing. Many maintain that the Web is just another turn of the wheel back to the bad old days of computer terminals which are useless without a connection to the Big Computer in the Back; what good is a web browser without Google to search, or Flickr to see your photos?

Some of the real wins you get with a browser is that you can make it share the workload, through rendering and client-side scripting; the upcoming Firefox 3 supporting offline mode for applications, and the Google Gears plugin that does this right now for IE and Firefox are also great steps in the right direction.

The big misunderstanding here about both client-side scripting and offline mode are that it’s not about being on the plane and wanting to browse your photo collection (that’s just a side-effect), it’s about:

• seamlessness - if what the user is doing does not require the network, they shouldn’t be interrupted if their local network, the remote server, or anywhere in between is having problems
• responsiveness - local storage is generally faster than network; it’s also necessary to be local for interactivity and any kind of scripted animation (think gaming).
• privacy - some data you don’t want going across the network, period.

This is why I don’t really understand questions like “does offline mode still matter“  (or more harshly-worded criticisms of the idea) when you take the above into account. It’s about taking the best of the thin client world and the fat client world, and making applications that are always there for the person using them, and always responsive and fast, regardless of connection/network/server status.

The next big push has got to be blurring the line between web application and installed application, as well as the difference between online and offline. Using online office apps or webmail nowadays gives you an equivalent experience to running application, so what’s with the browser controls?

I’d like to be able to take my web applications out of the browser and manage them locally, and I’m not alone. Making apps more desktop-like seems to be the right way to get there.