Why would you go with dedicated web hosting over managed hosting?

Good Day, Glenn:

In my experience, you can get away with non-managed servers under if one or more of the following conditions are met:

* You outsource the management

* The data center has economical management options that you can use on demand where the response time AND resolution time are within your business parameters.

* You have in-house security / server administration staff (sometimes part time will do).

* Your automation system for your environment is automated enough that most (if not all) system administration tasks are performed by the automation system.

The main draw back we've seen over the past 15-years in business is that either way -- non managed server or managed server -- does not guarantee a secure server.

http://www.dshield.org/ used to publish a report on how quickly brand new machines were compromised, and it was scary to see that in under 30 minutes (often under 15 minutes) new machines that were placed on the Internet were hacked.

A non-managed server comes like any other machine out of the box, completely insecure.

A managed server may or may not be secured by the provider based on what the provider considers to be the managed part of their services.

Furthermore, if you are going to do any form of ecommerce or otherwise touch credit card data, the environment should be able to pass PCI compliance scans and certification.

A non managed server will fail out of the box. Even a managed server that has been secured may fail if the provider did not handle the server hardening (the process of the initial -- key word) securing of the server in a way that meets current PCI compliance standards.

On the initial hardening, I would recommend that you check into regular security updates; one to two times a month typically work to keep a given server hardened enough to keep most hackers away. No machine is hacker proof; you can just make it as hard as possible so that most hackers spend their time on easier targets.

In terms of managed hosting, I would recommend that you check what is and is not included at what frequency.

I.e. secure server, but no patching. Secure server, but only patching when you ask for it. What type of monitoring, what frequency, etc.

I believe you would need to define what are your business requirements for your web site, and then base your search on that information.

One critical note, most server providers that quote uptime, typically only refer to network uptime.

Network uptime, email service uptime, web site uptime, etc. are all separate.

You could have 100% network uptime and still have your web site down if the web service (Apache, Microsoft IIS, etc.) gets hung up or goes down. You can have 100% network uptime, and have your mail server IP address on the major RBL's (real time black hole lists such as spamhaus.org, spamcop.net, and others)... and so on.

So as you look for a provider, you really need to (in my opinion) be able to clearly list what matters to you, and ask (in person or on the telephone) the hard questions as to a provider's ability to meet your specific needs.

Lastly, my pet peeve are companies that either list certifications (i.e. RedHat, Microsoft, etc.) or use slogans (I would list several, but that would also give away the companies behind them).

Over the last several years, we've migrated (Dynamic Net is a managed service provider and managed hosting provider) away from some of the big name providers who like to list certifications and have slogans that make you believe their support is top noch.

Most people tend to forget that the larger the provider, the greater the chance you will be a smaller and smaller fish to them; so that when you need them to jump rather than every last one of the staff asking how high as they start jumping for you, you get put on hold and eventually disconnected.

Thank you.