I recently spoke with a client who is selling about $3000 per hour on his site which equates to about $26 million per year.  When configuring his hosting solution this client elected not to implement many of the tools that we offer to ensure 100% uptime.  Ultimately this sounded like good material for a blog post.  I specifically wrote this post for educate hosting consumers on the high availability options available from their providers.  Most of this will be a basic review for the average hosting industry operator.

As a precursor, most quality hosting providers have significant redundancy built into their facilities and networks.  This guaranteed redundancy typically is expressed as either 4 or 5 - 9’s (99.99 – 99.999%) of facility redundancy.  A facility with 4 - 9’s is engineered to have no more than 53 minutes of downtime in a year, a facility with 5 - 9’s is engineered to have no more than 5 minutes of facility downtime per year.   Typically providers will refer to these facilities as either Tier 3 or Tier 4 datacenters. Hosting providers reassure clients with Service Level Agreements (SLA’s) that pay their customers penalties for downtime, but these payments can be insignificant when compared to the sales lost by an outage.  Often clients focus on the facility and network redundancies provided by their hosting company and pay less attention to the redundancy of their individual solution.  Unfortunately, more downtime is caused by server and security issues than facility and network issues.

If your website requires 100% uptime you should implement the following technologies:

• RAID – It doesn’t matter (to me) if you implement RAID1, RAID5 or any other variant - hard drive failure is one of the most likely events to impact a client.  It almost seems comical to include this, but in the past I spoken with people who can’t tolerate downtime but say they can’t afford RAID. 
• Load Balanced Web and Application Servers – No single server can run indefinitely without failing.  Load balanced servers are some of the best investments you can make in eliminating downtime.
• Clustered or Mirrored Database Servers – Again servers have limited life, they get old… they fail.  The chance of two failing simultaneously is much less likely.
• Hot Secondary Site – No single datacenter can run forever, this option will double your cost but prevent the 5 - 53 minutes of possible annual downtime from the failure of a single Tier 3/4 facility described above. 
• Backups – Classically backups are to prevent data loss, with the redundancy described above you may not think you need them.  But the most common form of data loss is accidental deletion of data.  If the only data you have is live data, this can cause issues.
• Appropriate Security – This includes an application firewall, Intrusion Protection System (IPS), antivirus, updated patches and redundant physical firewalls.  Security issues and hackers can cause significant downtime unless reasonable precautions are taken.

While the configurations describe above aren’t for everyone, if you require 100% uptime you need something similar.  Otherwise you are making the financial decision that some downtime is acceptable and likely.  How likely is based on what combination of the above strategies you implement.  Finally if you are hosted in the cloud, most cloud implantations natively utilize some of this redundancy (like RAID) but these best practices should be equally applied to cloud installations to ensure high availability.  For more on the cloud see my previous post - How can the cloud be down?  http://www.thewhir.com/blog/Stacy_Griggs/123009_How_can_the_cloud_be_down

This morning I noticed a comment by former SAP CEO Hasso Plattner regarding what I will generally term convergence. I thought it was an interesting summary. Essentially he stated that SAP needs to rapidly embrace … super-large in-memory systems, parallel computing, on-demand software, cloud computing, and mobile phones as components that competitors are exploiting these technologies, too.

Cool stuff - 2010 is teeing up to be an interesting year, a year of real transition and I think a great year for hosting investment and M&A - 2010 will not be a year in the doldrums.

This is going to be a busy year. This weeks headlines week include IBM's $360M green data center in North Carolina, Savvis adding 10k square feet in Chicago, Layered Tech picking up $20M investment from Accel-KKR and Interxion raising €200 million ($278M). I know that only adds up to $658M but there those were the quick and easy headlines.

There be another billion $ next week.

Over the past ten years the US Government built data-centers at the rate of one every 6 days. Now they are going to spin many off, they don’t run them as well as the private sector. I see opportunity, a time not to stand still.

As we conjure up cloud definitions and I continue to research and write my treatise regarding cloud valuations for this blog, we are not in the doldrums.

I am looking forward to the Parallels Summit in Miami later this month and believe it will confirm my thoughts. Not a year to stand still.

Yes it is going to be a most interesting year. I think Thomas Paine stated a management style that just may be perfect for 2010..."Lead, follow, or get out of the way.

Regardless Peabody Coal also has it right.

Later Tom -

More about Tom: NCC - the Hosting Business Broker   Twitter: - TomNCC and WebHostBusiness

 E-Mail Tom Direct

Check out the WHIR PCI Webinar next week.  Rick Wilson from Miva Merchant, Craig Fox from Pinnacle Cart and I will be discussing the following topics:

·         What is required of hosting providers?

·         What criteria are most difficult to achieve?

·         What should resellers be concerned about?

·         Are there problems with virtualization and compliance?

·         Where is there confusion and room for interpretation?

Plus any questions from the audience.  The Webinar will be Tuesday, February 16th from 2:00 – 3:00 PM EST.    Here is the link to register https://www2.gotomeeting.com/register/404119914

Virginia:

Conforms Virginia’s SPAM law to make it constitutional by addressing routing information, narrow the law to relate only to unsolicited commercial email. (HB 1)

Pennsylvania:

Amend unsolicited fax law to include emails sent by fax.  (HB 861)

Uses existing consumer protection laws to address spyware (S.B. 123)

New York:

Criminalize sending unsolicited, harassing, emails.  (A. 6597)

Unlawful use of spyware and malware.  (A. 3658 and S. 137); addition of criminal penalties for conduct similar to that in A. 3658 and S. 137. (A. 1758)

No software installations without the user’s actual, verifiable, consent.  (A. 1758)

Creates a Computer Spyware Consumer Protection Act.  (A. 6419)

Adds spyware to consumer protection laws.  (S. 4716)

Massachusetts:

Uses existing consumer protection laws to address spyware.  (H.B. 332 / 227)

West Virginia:

Uses existing consumer protection laws to address spyware.  (H.B. 3127)

Utah:

Includes spyware in prohibited internet content.  (S.B. 26)

Iowa:

Prohibits school officials from posting student photos on social networks.  (H.F. 518)

Illinois:

Requires parental consent for minor’s access to social networks.  (H.B. 1312)

Today's video features Jeff Hinkle, President of NetDepot.

I had a chance to talk to Jeff about a few things. First off, I found out what NetDepot does and what makes them unique as a business. Hinkle has been a part of the hosting world for a while so I asked him his opinions regarding virtualization and how that will enable high availability hosting. Check out the video and see what he has to say about all of this and more.

In the 10 weeks leading up to its 10th anniversary, UK web host and domain registrar LCN.com (www.lcn.com) has announced a new weekly promotion, which we've been covering in the WHIR's weekly web hosting sales and promos roundup. LCN.com hinted that it would have a special anniversary promotion on February 2 that its "competitors wouldn't dare to offer."

Now, the final promotion has arrived -- LCN.com is offering any one of its web or email hosting packages for 10 pence (less than 16 US cents) for an entire year. To access this deal, enter "birthday" as the promotion code.

This offers users significant savings on LCN.com's Premium Hosting plan normally worth $95.20 per year, which offers 5,000MB diskspace and transfer, 50 email accounts, spam protection, PHP, Perl & MySQL, low population servers and £80 in free online advertising.

And for businesses that only want email hosting, they can get LCN.com's Email Plus package that includes 50 email accounts each with 100MB of storage, 50 spam and virus protected mailboxes.

Also, since LCN.com is based in the UK, those elsewhere should note that "midnight" is GMT, and those in the Americas, should they take LCN.com up on its offer should decide well before midnight local time.

The mainstream media’s coverage and interest in cloud computing has been an exciting boon to our industry, although I’m not sure if I should laugh or cry every time I see an article mentioning an outage of a notable public cloud. I suppose it’s inevitable that with increased attention comes increased scrutiny and as they say in the newspaper business “if it bleeds it leads” – that seems to be the approach many journalists have taken to covering cloud outages.

The reality is networks crash. Routers and hard drives fail. While all data center operators and hosting/cloud providers take measures to build in various layers or redundancy, outages happen. This has and always will be the case for hosted services. In the end, this is why service level agreements (SLAs) exist and what truly matters is a provider’s transparency, customer service and credits.

To this end, I thought it would be an interesting exercise to compare the two leading infrastructure cloud services SLAs from Rackspace and Amazon. Although this meant coping with flashbacks from the 84-page report I wrote for Tier 1 Research back in 2001 on this very topic comparing the SLAs of the top 20 MSPs of the era, and I found it to be rather illuminating. Here’s a quick reference table:

Key Takeaways:

·         It was quite interesting to see the different approaches taken by the two. On the Cloud Servers side, Rackspace service guarantee of 100% uptime is a long-standing marketer’s tactic, which simply means they will pay for any down time that does occur. Amazon on the other hand has a more realistic guarantee of 99.95%, which actually translates into just over 4.3 hours of non-scheduled downtime a year.

·         The fact that Rackspace specifies a time-to-resolve guarantee and offers credits if it misses speaks to its heritage as a managed hoster first. This is something Amazon can and should put into place.

·         In terms of credits, Amazon caps their credit at 10% per period compared to Rackspace which will ultimately provide 100% credit if it is warranted. Separate but related on Storage, Amazon caps the credit at 25% whereas again Rackspace offers up to 100% if warranted. Again, Rackspace's approach is much more customer-centric.

·         Both Rackspace and Amazon put the burden of an SLA violation notification and credit request on their customer. This would be my biggest critique of both firms’ SLAs. It is something I advocated back in 2001 and nothing has changed: customers are already frustrated by an outage – why make them bear the administrative responsibility to prove the outage existed and chase you down for the credit owed? Other cloud providers may want to consider offering an automated credit function when outages occur (think Orbitz.com if someone books the same room as you at a lower price) as a way to differentiate from the market leaders.

In conclusion, while auto-paying for SLA violations would be an improvement for both Amazon and Rackspace, I also recommend all cloud service providers post their uptime front-and-center on their website. At the end of the day, the credit issued for downtime (even if it was automatic) tends to pale in comparison to the acute frustration and anxiety the customer is experiencing. Ultimately, the best SLA would be “our CEO will fly to your office personally to explain what happened” but we all know that just isn’t scalable.

Source Links

http://www.rackspacecloud.com/legal/sla  

http://aws.amazon.com/ec2-sla/

http://aws.amazon.com/s3-sla/

I recently came across a site for a colocation company with some unusual claims for physical security.  The Stone Mountain DataPlex in my home state of Kentucky claims the following security measures http://www.stonemountaindataplex.com/dcinfo.htm.

 ·         Guard Towers

·         Ground Radar

·         Infrared Cameras

·         License plate recognition systems

·         EMF Shielding

·         On site EMS personnel

·         On site SWAT quick response team

·         Blast proof doors

I wanted to put this on my blog for discussion - is there anyone (other than the federal government) that needs an onsite SWAT team or EMS personnel?  If so, are they willing to pay the premium this type of security would require?

Today's video highlights our latest networking event held in Los Angeles, California.The WHIR started hosting networking events all over the States in 2009. They were such a success, we decided to continue to host networking events in some of the same cities and some different, in 2010. LA was a great place to kick off the year as the event was well attended and a success for all involved. Thanks again to our sponsors, Giglinx,Telx,OpenSRS,Net2ez,AutomaticSiteMap and Enom for helping us put on a great party. Our next networking event is in Houston on February 18th, 2010. If you would like to attend please RSVP here. Hope to see you at one of our events in 2010!

As promised I have been doing quite a bit of researching and thinking on this cloud valuation issue.  A client turned me on to Dr. Randy H. Katz (photo left) over at UC Berkley, he is one of the authors of  “Above the Cloud: A Berkeley View of Cloud Computing”.  Some would consider the paper ancient history, published Feb. 10, 2009, but I think you will find it a good read and will be referenced in further editions.

Also as promised in my last blog I want to follow in Dr. Michio Kaku the theoretical physicist, Berkeley grad and Professor at the City College of New York footsteps. Big steps to follow, I hope to address this cloud valuation so that even your bank officer can understand.

So I thought we could start off with a couple of quotes, this one stolen (and credited) by the Berkeley study…they are simple enough…

"The interesting thing about cloud computing is that we've redefined cloud computing to include everything that we already do.” Oracle CEO Larry Ellison

Further in my research I read an interesting prediction from Appistry about the cloud stating:

“4- The Cloud will Shape Data, and Data will Shape the Cloud. The ubiquity of highly distributed cloud-like infrastructures, coupled with heightened expectations around application scalability, elasticity and robustness lead to increasing enterprise adoption of non-traditional approaches to data access and storage. Enterprise adoption of “NoSQL” data stores jumps in 2010, and the technology begins to work its way into the mainstream.”

Frankly I prefer Einsteins Rainbow Project quote in my previous blog...

but back to Larry Ellison..."Maybe I'm an idiot, but I have no idea what anyone is talking about. What is it? It's complete gibberish. It's insane. When is this idiocy going to stop?” the last sentence of  Larry Ellison’s previous quote.

Well back to cloud valuations… I was at a conference last year and someone thought that the electricity it uses would rate the cloud, a commodity, as you will. Frankly I had a hard time figuring out where they were going and a harder time buying off on that one. It could be because my new briefcase lock would not open. But I am readdressing that one, will get back to you if I see it has merit, just thought you should know.

So for this lesson I think you should really read the Berkeley treatise which includes this nifty little trade off equation:

Next time we may take a break into reality back to how to translate the cloud in real valuations respects. More than likely we will revert back to our  third grade math skills.

We will make it as simple as an iPad.

Later Tom -

More about Tom: NCC - the Hosting Business Broker   Twitter: - TomNCC and WebHostBusiness

 E-Mail Tom Direct

Today's video features David Gallo, CEO of SevenL Networks in Toronto,Canada.

Today's video also features WHIR writer David Hamilton, a.k.a The Hammer. David chats to Gallo about SevenL and how they're looking to expand over the coming months/years. Gallo makes some interesting points with regards to choosing a Canadian hoster as opposed to an American one. Check out the video and all he has to say about his business and the industry in general.

The two posters of defamatory material were ordered to remove the material from several websites.  When they refused, the subjects of the defamation presented the websites with the injunction they received and asked the operators to remove the posts.  All but one, ripoffreport, complied.  The subjects of the defamatory statements sued ripoffreport on the grounds that the website had violated the injunction.  The U.S. District Court for the Northern District of Illinois held it could not compel a third party website to remove defamatory material based on an injunction against a user.

The defamed individuals argued that the hosting contract between ripoffreport and its user led to the conclusion that ripoffreport was “acting in concert” with its users.  In order for a third party to be bound by an injunction, the third party must be acting in concert with the subject of the injunction.

The argument that a host’s contract, or simply the provision of services to users, leads to the host’s “acting in concert” or “aiding and abetting” the customer is made frequently.  The argument, and variations of it, typically go as follows:  user signs a contract with host; user posts material that violates the law; host’s contract prohibits use of their services to violate the law; by continuing to provide services to the user in light of the violation, host is aiding and abetting, or acting in concert, with user;  therefore host should be liable.  In almost every case in which this argument has been made, courts have refused to accept this argument.  Courts typically demand substantially more evidence of actual collusion in order to hold hosts liable for their customer’s bad acts.

In this case, ripoffreport’s terms of service contained a statement that material posted on the site would never be removed, even at the customer’s request, and gave ripoffreport the exclusive right to use customer posts.  The defamed parties argued that these statements were sufficient evidence that ripoffreport was acting in concert with its users.

The defamed individuals believed that in light of ripoffreport’s statement in its contract that no material would ever be removed, the contractual requirement that users post only truthful information was unenforceable.  The court held that without evidence that ripoffreport actually intended to protect and aid users who posted defamatory material, the terms of the contract, by themselves, did not lead to the conclusion that the website was aiding and abetting its users in their defamatory conduct.  The court further held that there was no evidence that ripoffreport was in contact with the users, or otherwise acting in concert with them to avoid application of the injunction.

There are two lessons from this case for hosts.  The first is that courts have routinely refused to accept the argument that simply because a host provides services, or has a contract, with someone doesn’t mean that they are liable as a third party for their customer’s actions.  Second, is that courts do believe that a host may be liable if evidence is presented that the host did aid and abet the activity.  While there is not much case law out there in which a host was found to be liable, good practice is always to communicate things like injunctions to your users and respond in a timely basis to complaints about them.  It is not good practice to do nothing and rely only on the CDA or decisions like this.