10 counter-intuitive tips on how to choose a reliable hosting provider

ispmanager.com - Oct 14 - - Dev Community

We've put together a ten-point checklist of questions you should ask when choosing a hosting provider.

Check whether the hosting company is operating legally

Check the following documents from the hosting company to ensure you don't end up dealing with scammers.

Registration and license. The host must be registered as a legal entity in its country. This can be checked in company registers on government websites. Some jurisdictions also require special licenses to provide hosting services.
For example, in China, a company must have an ICP (Internet Content Provider) license. In the USA, you can check the registration of a hosting company on the corresponding websites of each state.

Security certifications. For example, ISO/IEC 27001 and PCI DSS for processing payment data.

→ How and where is the hosting provider registered? What supporting documents can it provide?

Draft a request to the hosting provider

Hosting companies can provide different ranges of service:

  • Highly specialized. For example, on only a certain model – SaaS, PaaS, or IaaS. Otherwise, you can rent dedicated servers based on Apple solutions.
  • Comprehensive – using several models and, for example, renting dedicated servers and server colocation.

It’s one thing if you need to rent equipment or install your own server in a data center. It’s quite another if you are looking for a quick solution to launch, say, a website, online store, or cloud storage. If you don't need unique customization, a hosting that provides SaaS services will do. And if you don't want to deal with hardware and operating systems, but need full access to software, PaaS solutions are a good choice.

Choosing a hosting provider will be easier if you ask the following questions:

  1. What services the hosting company provides. Consider whether you’ll need a new cloud model or other service solutions in the future. For example, cloud computing, machine learning tools, or more control over software.
  2. What hardware configurations the hosting provider uses. This is important if your tasks require a certain number of GPU cards or your software runs on a specific version of an OS.
  3. Whether the equipment you need is available or needs to be ordered. Sometimes, the hosting provider may offer more than is available on short notice. Then, you’ll have to wait several weeks or even months for server components to arrive.
  4. What software is provided and supported by the hosting company. For example, do you need certain operating systems? Do you have time to deploy and check the functionality of the software you need? If not, hopefully, you are accustomed to using a certain hosting control panel.
  5. What the bandwidth and latency of the data link is. Hosting services can come cheap, but the bandwidth will likely be insufficient. For example, you won't be able to do a cloud backup of a large amount of data and the latency will prevent you from enjoyably playing Minecraft on your server.

→ What is important to you now, and what might you need when your project has grown?

Calculate the actual cost of hosting

Not all services are included in a server rental rate; you’ll have to pay extra for some.

Check what services and products are included in the rates and whether there are any discounts available. Watch out for:

  1. Administration. Hosting companies usually include technical support for equipment, including power checks and reboots, in their standard rates. They may include maintenance if the components of the rented server fail as there will be problems with accessibility if the lines are down. However, other than basic tasks, server software administration sometimes costs extra. This may include assistance in migration, customization, assembly or modification of equipment configurations, and customization of the OS and software beyond the standard configurations.
  2. What hardware configurations the provider offers. This is important if you require a certain number of GPU cards or your software runs on specific OS versions.
  3. Software that’s tied to a number of users. Licenses for some software that hosting providers offer (for free or not) may only allow a limited number of users. Examples include licenses for a certain number of cores for Windows or for the number of accounts or domains for a hosting control panel.
  4. Advanced features. Some companies block advanced system features without paying a monthly subscription fee. They may also charge for the number of processor cores used. Meanwhile, for server versions of Windows, Microsoft charges for the amount of data stored during backup and for network traffic.
  5. Promotional offers. Hosting companies can lower or waive service fees if you take advantage of their promotional offers.

→ Can you study the full list of paid services before ordering hosting?

Clarify SLA uptime and downtime and the tech support schedule

The norm is for the provider to guarantee an uptime of 90%, notify of planned downtime in advance, and reimburse for any time in excess of that.

System downtime for maintenance or upgrades is usually scheduled in the local time where the hosting is located. Make sure that the tech support hours, work shifts at the data center, and the hosting company's scheduling of outages work for your time zone. This is important because sometimes, access to the mashroom is not 24/7, but only possible during weekday afternoons, for example. Yes, tech support is usually available 24/7 but you may have to wait for a new shift to start at the data center.

→ Is it convenient to work with the given uptime guarantee and downtime schedule? Can you wait for problems to be resolved until the next business day?

Check how data security is ensured at the hosting site

Fines for data breaches are increasing and legislation is tightening. Therefore, our list of questions for the hosting company about its data security is the longest one we have here.

Here's what you need to know when choosing a hosting provider:

  1. Encryption. How data is encrypted in transmission and at rest. The correct answers are TLS, AES, or stronger protocols.
  2. Data location. Where the data is stored, whether it meets your location requirements, and whether you would violate laws by storing it in that region. For example, if the hosting company handles data from California residents, it must comply with the CCPA. In Europe, compliance with GDPR regulations is required.
  3. Backup. How often data is backed up, how long backups are kept, and how easy it is to restore data.
  4. Data Access. Who has access to the data and what their roles and permissions are.
  5. Multifactor authentication. Is there support for 2FA and if so by which methods — TOTP, SMS, or email.
  6. Protection from DDoS attacks. Whether the hosting provides protection from DDoS and at what level — L3, L4, L7, or intelligent attacks.
  7. How user deletion works and on what timeframe. What happens to virtual machines and servers when they are abandoned, how long user backups are stored, and what data is saved after a user is deleted.
  8. What secure coding practices and regular code inspections the hosting company applies. For example, whether the hosting provider uses tools for static and dynamic code analysis, checks input and output data, and maintains error logs.
  9. How often an application is pentested and whether you can get the results. Whether and what kind of pentests have been conducted, internal or external, and what attack vectors have been used. What the overall security level of the hosting provider is.
  10. Is there a vulnerability disclosure or bug bounty program in place? Does the host participate in a rewards program for finding vulnerabilities? Whether the info about the vulnerabilities identified and fixed is freely available.
  11. Have there been any data leaks and are there any known successful attacks on the hosting company? Is there any public information about successful attacks on the company, are there any reviews mentioning clients getting hacked due to the fault of the host?

→ Are projects on this hosting provider sufficiently protected? Are any laws violated?

Find out what the incident response and stability of the hosting company's tech support is

No hosting company can guarantee perfect security or uptime. However, a reliable provider will quickly sort everything out or help to do so if something goes wrong on the client's side.

Here are some questions to quickly gauge what speed of response to expect for any potential incidents:

  1. What technical support the provider provides and in what time frame.
  2. What the channels for getting technical support are.
  3. What the host's incident response plan is.
  4. How customers are notified in the event of an incident.
  5. What the history of violations, regulatory inquiries, and incidents looks like.
  6. What the disaster recovery plan is and how often it is tested.

→ Are your chosen hosting provider’s tech support style, incident response, and incident history appropriate for you?

Find out the available migration options when changing hosting providers

Sometimes change is good. Maybe you find a better price/quality ratio elsewhere or your data security requirements have increased. Or maybe your hosting company often suffers DDoS attacks or server crashes. Sometimes a project grows to the point that your provider’s tech support or equipment can no longer cope.

Here are some questions for your new hosting company:

  1. What happens if we move from our old hosting provider? It is useful to take advantage of a trial period to see whether the new hosting and its tech support will fit your needs.
  2. Will there be any help with the migration? Some hosts offer migration services. For example, they assess the project infrastructure, select the best relocation options, or are ready to take on the migration themselves.
  3. Will there be additional fees for relocation assistance? Check the list of services if you are offered a discounted or even free migration. You may have to pay for software administration and customization or migration design.
  4. What operating systems and business applications are available for pre-installation on the new hosting? Make sure you can migrate your infrastructure without surprises such as unsupported OS hardware or having to find experts for software that the new hosting staff can't help you with.
  5. With what other systems can the infrastructure integrate? Does the new hosting support the same virtualization tools or dashboards as the old one? Can the entire data be migrated as virtual machine images or file systems, or can the data be migrated from cloud storage?
  6. Is there any helpful information, documentation, or guide available on how to migrate to the new hosting service? The hosting provider may already have ready-made instructions for moving data and infrastructure that suit your project to help you migrate on your own.

→ Will the move be transparent in terms of the process, costs, and risks?

Clarify whether it’s possible to integrate with the hosting service via API or install additional software

Sometimes it is more convenient for the host's clients to manage servers and services through a web panel, and sometimes through an API. For some, it is important to be able to earn money on reselling services from their hosting company. Moreover, some need to install additional hardware and software solutions on the host's servers.

Here's a list of questions if you can’t live without a few of the extras mentioned above:

  1. Does the provider have an API to provide access without the provider's web panel? What are the capabilities of that API and can it be used to automate your own projects?
  2. Does the hosting company allow reselling of its services and under what conditions? Is it possible to integrate your hosting and that of the hosting provider?
  3. Can additional hardware and software solutions be installed on the host's servers? Will the host allow you to connect hardware and software configured your way? Does the host have a Smart Remote Hands service, that is, when the hosting company takes over the tasks like hardware installation or maintenance?

→ Will you have the ability to install third-party software or hardware from the host and automate the hosting experience via API?

Verify the reliability of the hosting company

Here are some questions you can use to gauge the reliability of the hosting provider:

  1. How stable the host is financially, legally, and geopolitically?
  2. Is it possible to first deploy a pilot of your project to identify possible risks and problems when working with the selected host? These may be non-obvious but critical problems with tech support, network speed, or the need for additional fees.
  3. If you plan to expand your business in the future, can the hosting provider offer the scale of disk space, RAM, GPU, and CPU time you'll need?

→ How painful will it be for your project if the hosting company closes unexpectedly?

Will you have freedom in your choice of software and hardware?

Some hosts depend on specific software and hardware vendors. It is more difficult and expensive to migrate away from them. Sometimes it is even impossible to extract your data.

For example, if you migrate a database from the Azure cloud, you will not be able to get a backup of it in the usual *.bak and *.trn formats. Instead, the database dump will be provided in the *.bacpac format. Even if you manage to transfer the data, it will require far more time.

Or, for example, the software for working with neural networks is customized for certain versions of CUDA or Torch libraries, and new GPU-hosting boards require the latest versions thereof. You will have to spend money on adapting your code to them.

Questions that help you assess the risks:

  1. Is the hardware and software that the host is using open or closed? If it is open, ask for an overview of the open API interfaces. The hosting company will provide a link to evaluate whether it is easy to input and output data.
  2. What’s the data return plan? If you decide to leave the host, in what time frame and in what format will the company return your data?
  3. What backup capabilities do they have? E.g., data backup and recovery technologies, APIs, and options for extracting, transforming, and loading data and files.
  4. What’s the cost of re-licensing? If the provider uses closed solutions, calculate the cost of migration and the possibility of transferring licenses to another host.
  5. Is there a vendor lock? Evaluate possible problems arising from your solutions being tied to specific hardware. Is it possible to supply certain drivers, what are the specifics of the hardware configuration, and is it possible to reproduce them on another host's hardware?

→ Will you be tied to the host's solutions and the software and hardware they use, especially proprietary software? Will you be able to transfer licenses for the proprietary software you purchase to a new host?

Quick checklist

  1. How and where is the hosting registered? What supporting documents can it provide?
  2. What is important now, and what might be needed when your project grows?
  3. Is there an opportunity to explore the full list of paid services before ordering hosting?
  4. Are you comfortable working with this level of uptime and downtime schedule? Can you wait for problems to be resolved until the next business day?
  5. Is your hosted project sufficiently protected? Are any laws violated?
  6. Do your chosen hosting provider’s tech support style, incident response, and incident history suit your needs?
  7. Will the move be transparent in terms of the process, cost, and risks?
  8. Will you have the ability to install third-party software or hardware from the host and automate the hosting experience via API?
  9. How painful will it be for your project if the hosting company closes unexpectedly?
  10. Will you be tied to the host's solutions and the software and hardware they use, especially proprietary software? Will you be able to transfer licenses for the proprietary software you purchase to a new host?

This article was originally published on the ispmanager blog

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .