AnyHosting

Vendor lock-in is a serious concern for any business, and is a pretty tough problem in web hosting specifically.

All of the major control panels like cPanel, Plesk, etc. are licensed at substantial fees, which cut into what you as a web host must charge each user. There are open-source alternatives such as ISPConfig and  GNUPanel, but this of course means that you will be taking on a lot more of the support burden, although you are of course free to make and keep any customizations or enhancements that you like, unlike cPanel or Plesk.

Besides licensing fees, the other snare to recognize is switching costs. As the LAMP (Linux, Apache, MySQL, PHP) stack has grown in popularity, it has become quite easy to move from one web host to another. Don’t like DreamHost? Move to Linnode. Don’t like them? Try RimuHosting.

However with the slick new cloud computing services like Amazon’s EC2 and Google’s App Engine, there is a ton of opportunity and also some things to watch out for:

• EC2 can run a regular Linux VM, but the management tools and other services like S3 (storage), queueing, billing etc. will not work out-of-the-box elsewhere
• App Engine lets you use the free and open-source Python programming language and the popular Django web framework, but you must use Google’s storage service. It can be used in a very SQL-like way, or hidden behind Django’s ORM however

I am going to continue using both Amazon and Google’s services, but I am being very careful about putting all of my eggs in one basket. There are some impressive updates in the pipeline, but you might want to think twice about letting any one company collect the tolls on your users.

You can read more about vendor lock-in and switching costs at Wikipedia.

I’ve been trying out the cloud computing service Google App Engine for a simple dynamic site. I’ll publish more details on this as it gets further along.

I have heard and read a lot about App Engine, so I knew roughly what to expect, but I am still impressed with it. It is a very simple model, it’s basically CGI with a 10-second limit. Only the Python programming language is supported right now (although they plan to add more), and the Django web framework is pre-installed. There is a nice little SDK for running the environment locally, which I just noticed is open-source as well (Apache license).

The really incredible thing about this is that it runs on and takes advantage of Google’s massive server infrastructure. In-memory or persistent storage is super fast and easy to use, and no need to worry about redundancy of individual servers (this is probably why they use the CGI+shared storage model, way simpler to distribute applications on-demand).

Today the roadmap was updated to include a few very cool features coming later this year:

• Support for running scheduled tasks
• Task queues for performing background processing
• Ability to receive and process incoming email
• Support for sending and receiving XMPP (Jabber) messages

This environment being so easy to use and the cost being low due, which is likely because the price of hosting so marginal to Google (I imagine that they are effectively outsourcing spare capacity) plus these new features pretty much replace the need for a traditional shared or dedicated server.

They haven’t yet started charging for the service, but proposed pricing is available, and they plan to start charging this year. The price is quite low considering the feature set, is pay-per-use, and is comparable with the popular cloud computing service Amazon Web Services (AWS).

The difference between this and something like AWS is that while it is much easier to get from start to finish on Google App Engine, one must (likely) re-write your application in Python, using Google’s libraries. You’ve got less flexibility than a shared PHP host, for example; you can’t easily take your code elsewhere. AWS is on the other end of the spectrum, more like dedicated servers where you can install anything you want: Linux or Windows, PHP or .Net, etc.

In any case I highly recommend checking out Google App Engine, especially if you’re doing any new development. If you’re looking to move your existing servers to the cloud, then I think Amazon Web Services still has the edge here.

I have been following the excellent Data Center Knowledge blog lately, they have a good write-up on Cisco getting into the server business.

However it’s pretty unclear to me what “unified computing” means exactly, it seems like they are talking about some kind of virtualization approach, the end result being that you can buy all your server and networking gear from Cisco and have your own private cloud.

Hard to tell though, the NY times article is pretty fluffy (“New tools developed by VMWare, the market leader, make it possible to shuffle business applications around a data center just by pointing a computer mouse at an icon on the screen.”) and the Cisco blog posts are fairly grandiose (“If not us, who? If not now, when?”).

I guess I’ll just have to wait until they actually have something to sell. I would rather have a step towards commoditization and not away from it. If Cisco is going to sell solid-state servers with the same kind of support and reliability as their networking gear, then that sounds great. It so far does not sound like that is what this is.

One of the major concerns I have with running my own CMS like Joomla or Drupal (or blogging software like Wordpress for that matter) is keeping it up to date. These kinds of tasks are often seen as annoying busywork, and nobody wants to break a site that is working already, but having your site broken into and/or defaced via the CMS is a definite possibility.

This has happened to Wordpress quite a bit, which is one reason I advise people to use a hosted service if at all possible. The makers of Wordpress do their hosting, and you can find support on lots of low-cost web hosts.

Any recommendations for sites providing CMS hosting (including applying security updates)?

I’ve been experimenting with managed hosting lately. I ended up going with Fastservers.net for a pilot project, and so far it’s been totally smooth.

So far I’ve only had a West Coast US presence, and managed seems like the best way to get an East Coast and European presence (FS has datacenters on both coasts, as well as in Amsterdam and Tokyo).

I requested quotes from over a dozen different vendors, the primary reasons I went with them had to do with:

• responsiveness – they actually got back to every email, did not ask repeat questions, etc.
• upfront pricing – they included prices on my quotes, and did not hesitate to break it down for me to use for my internal reporting
• turnaround time – in addition to server/network uptime, their SLA covers bringing up new servers (within 24 hours) and hardware replacement (within 2 hours).

Anyway, exciting stuff. I should be able to go live with them very soon, going to just go with round-robin DNS for the initial launch, although I am starting to look into hosted GSLB vendors. I’m not sure that GSLB is such a great thing, but it seems like a marginally acceptable choice among the set of complete bagbiting loser WAN load-balancing methods out there that we have to work with out here in the real world (with apologies to jwz).

Now that I’ve settled into my new day job, I am going to start blogging here and working on web stuff again.

I’m getting very interested in the analytics and accounting side of things, so expect to see more of that here! I’ve got some articles in the pipeline, too.

In particular, I’m very keen on exploring more about how small businesses can take advantage of hosting services (managed hosting, cloud computing, etc. etc.) and how to determine when it makes sense to build your own infrastructure.

All the buzz about “cloud computing” is great, but isn’t it just a rehash of “dumb terminal”, “thin client” computing, that lost out big against the PC? Yes it is, but not for long; the browser does not need to be the modern equivalent of the terminal, chained to the call/response of HTTP requests in order to provide applications.

I wrote about this a while back, but I think it bears repeating.. HTML 5 includes support for “offline” applications, including client-side storage, which means that that in current and upcoming versions of Firefox, Safari, and Opera will support running web applications locally on the user’s computer, without needing to be in constant communication with the server.

Instead of asking your users to install your application in the traditional sense, visiting the website that hosts your application will cause the client to download and store everything needed to operate on the client side. The application can detect whether or not the computer is online, and attempt to connect to needed real-time, syncing, and other web services as needed, and only interrupt the user if absolutely necessary.

This means that the questionable reliability of having all of your applications hosted “in the cloud” is greatly mitigated, and impact on the end user is quite minimal. Even if your entire site is down, there’s no reason for that to interrupt the user of your snazzy application; in fact, with cross-site AJAX support, the user can continue to fetch and transmit data with other websites (I’m thinking a real-time price comparison site, or something like that, which today would be implemented completely server-side and just fall over in this scenario), so it may be totally acceptable for your site to receive the queued up responses from clients when it comes back up, depending on what your application does of course.

For IE support, you could use something like Google Gears or Adobe Flash’s offline capabilities, until Microsoft catches up to the rest of the world. This is the biggest pain point of the brave new offline world right now, however it’s a very real concern as Microsoft IE still has around 70% of the global web browser market share.. If this is something you need, check out Dojo’s storage classes as a high-level library to abstract away these details for you; if you’re doing a serious AJAX site nowadays you really should be using or at least intimiately familiar with the great toolkits like Dojo, Mochkit, JQuery, etc. There’s no need for handling each browser/version case by hand nowadays, unless you have a really good reason.

There’s a ton of business advice out there, and I tend to get one idea stuck in my head – do one thing, and do it well. There’s a similar idea behind the concept of the Unix shell and commands, although arguably fragmentation has muddied the waters quite a bit.

The tough part seems to be balancing what you think you do best against missed opportunities. Amazon saw the potential to lease out it’s datacenter, which is a huge shift toward developer-facing web services, from direct customer-facing web sites.

I don’t know yet whether this is a good or bad move for them, but it certainly takes guts. I wonder what kind of internal decision-making route this took, to get from someone’s idea to final implementation; it’s surprising to see this from a company already seeing huge success in it’s core business.

I guess I can see parallels in Google and Microsoft, who were able to parlay dominance in one area to success in others. Still, they tend to only actually be wildly successful in one area, and use that to support ventures in the others.

Not sure how I missed 3tera before, they look like an interesting entrant to the “utility computing” market, which everyone is excited about again since Amazon’s got into it.

I haven’t really done my due diligence on this company yet, but I checked out the slick demo  (bonus points that it shows their app running in Firefox, takes the worry of cross-browser compatbility off the table) and have been reading back issues of the blog, and it sounds like a pretty solid offering.

If you don’t have time to watch the demo, in a nutshell it looks like you can architect your own virtual datacenter using their browser-based drag’n'drop schematic editor, including things like load balancers, and they automatically instantiate everything for you.

The Dynamic Appliance idea sounds pretty cool, as the idea of being able to seamlessly tap into more supply when demand runs high (and not pay for supply when demand runs low) seems to be the whole point of the utility computing thing.

I worry a little about what happens to my servers if this company goes away, or if they’re bought and put into maintenance mode, etc. but this is a pretty normal worry for any company. I think open-sourcing more of their stuff would assuage this a bit since I wouldn’t necessarily have to reconfigure everything to move to a competitor, but I can certainly understand their business reasons for not doing this.

However, like I said I haven’t looked at them in-depth yet, so take these worries with a grain of salt. Hosting providers of all flavors are susceptible to this kind of thing, as they often have their own home-grown or customized administration software, so it’s generally a pain to move between different providers.

I think that to be a true commodity, switching between providers has to be no-brainer as it is for services like telephone and electricity: you get the same dial-tone and same voltage, just at a different pricing model. I think this issue will be forced if the utility computing idea really catches fire this time.

I’m thinking about doing series of how-to style articles on more technical subjects, here are some thoughts on a starting point: how to install and use Ubuntu Server, with AnyHosting as a case study.

AnyHosting currently uses Ubuntu Server (LTS) on a Rimuhosting.com virtual host. Ubuntu is very easy to install and use as a desktop, but if you haven’t done administration purely from the command line then Server can be a bit daunting. There are excellent starter guides and forums on the Ubuntu website.

Services

The following external services are provided (description followed by Ubuntu package name) :

• web server – apache2
• SMTP(+SSL) email server – postfix
• IMAP/POP(+SSL) email server – courier
• FTP – proftpd

Additionally, there are some internal services running, which are not visible from the internet (blocked by the “iptables” firewall):

• Database – mysql
• Monitoring/auto-recovery service – monit
• Automatic installation of security updates – cron-apt
• Log monitoring and reporting – logwatch logcheck
• Append-only network backups – rsync

Security

All unused ports are blocked. Any connection attempts are logged and reported. FTP and email services authenticate against the database, so clients do not need system or shell accounts.

For shared hosting, Apache is configured to proxy to chrooted installs which users have access to (as discussed previously). This is not as secure as having a real separate VM or better yet a separate machine for each web hosting client, but therein lies the dilemma of low-cost shared hosting versus moderate-to-high priced dedicated hosting.

The primary goal is to protect legitimate users from eachother; protecting the system from unauthorized intrusion (and detecting such intrustion) probably deserves it’s own series of articles, however the last few services listed in the “Services” section above should give some clues.

EDIT 01/14/08 18:33 PST – logcheck, not logwatch