Category Archives: The Mechanics

constru;ction workers causing problems

What If Your Site is Down? Availability

Clearly, your Web site doesn’t help your business if it’s down. Someone who visits it gets a very bad message of some sort. What kind of impression is made? That your business can’t even bother to keep its Web site working! Who would want to do business with such an organization?

This post deals with the issue of Web site availability for small business. I’ve been forced to confront this issue, because my hosting provider just experienced a 24 hour outage, the first such outage I’ve had with them in more than ten years of using their service.

Everyone wants their Web site to be up–all the time. More correctly, they would like hosting that makes their site always available inexpensive. However, there’s a tradeoff–today, barring widespread Internet failure, you can have whatever level of availability you want, if you’re willing to pay for it. Here are some of the issue and tradeoffs to consider.

Consider Your Needs

What’s the purpose of your site? If it’s to attract business, sign up newsletter subscriptions, and take the occasional online order, then perhaps the business can actually continue to run quite well if the site is down for, say, 24 hours. You don’t want it to be down very much, but you can tolerate an occasional outage.

Of course, if ecommerce is your main business, or some other online function, then you need to be up all the time, so that customers can spend money or do whatever they do with you any time they’d like to. You don’t want a customer who has decided to do business with you to go elsewhere because your site is down.

There are other issues important in hosting as well. For my hosting service, I use the WordFence security plugin, which has valuable security features. One of those features is a scan of all the code on the site, comparing it with the originally released WordPress code, for WordPress itself and plugins. I’ve seen this scan find penetrations of a site, so that I could fix them, before there was any other evidence of a problem. However, the scan takes a significant amount of cpu time to run. I’ve learned that most hosting services limit the cpu time per site so that this scan can’t run to completion. If you installed WordFence on such a site, you could have a penetration that wouldn’t be detected until the site started to malfunction.

Most small businesses, that don’t depend on their site for the daily business to operate, can withstand an outage that’s hours long. However, even a low-traffic site needs to have high limits on cpu time, so that sophisticated security tools can operate properly.

Recent Outage

The outage that my hosting service experienced last week is instructive. The service is provided by a large data center outside New York. It has backup power with on-site fuel for several days. It has multiple Internet connections from different vendors. Each site is monitored continuously, and if there’s a failure the people who manage the service get the site up and running again quickly. This should be the model of great availability, shouldn’t it? There shouldn’t be an outage longer than minutes.

Near the data center are four railroad tracks. Crossing the tracks is a bridge. Near that bridge, a crew was digging last week, and they realized they had “hit something”. That something was a major cable carrying a lot of Internet fiber. As it turns out, the independent Internet connections from the data center all connect to various upstream providers, and all of the upstream providers for the data center crossed the railroad tracks through the same cable! So the entire center was off the Internet, and all of my hosting service was down.

Because all of the upstreams crossed the tracks at the same place, there were no Internet connections from the center that could be used. Happily, the discipline of repairing fiber cables has advanced, so the repair was completed in about 12 hours.

I spent 30 years working for the IT office in a large government organization. We had multiple Internet connections, and we knew about disaster and disaster preparedness. However, one day a backhoe operating near the Washington beltway, near an overpass, cut a major fibre cable. And guess what? Although there were multiple Internet connections coming from our campus, with different companies, upstream the different providers all crossed the Beltway at the same overpass, in the same cable. Needless to say, considerable attention was given to the repair.

What’s the lesson to be drawn from this experience? That in spite of everything that’s done at a single location, Web availability is still subject o occasional outages that may be noticeably long. We all know that Amazon Web Services, that darling of availability and failover, occasionally experiences major outages.

Failover

The big question for availability is the question of failover. Usually, failover has three elements:

  • installing copies of the site on two different IP addresses
  • monitoring the site to detect a failure
  • changing the IP address used by the Internet to access the site to a backup when a failure is detected

I’ve recently looked at a lot of hosting offerings that mention the word “cloud”. Of course we all assume that the “cloud” will be highly available. Similarly, we assume that big companies that offer hosting are highly available.

I found that most of the “cloud” offerings have backup and failover, but it’s entirely within a single computer center.  This means that a fire in the center, that took down the whole center, would take down all the sites. Loss of power if the backup didn’t work (that happens!) could also cause loss of all the sites. Of course, a loss of the Internet connection to the data center could also take all the hosted sites off the air.

The best approach to providing never-interrupted availability is for the two IP addresses to be at two different physical locations, at some distance from each other. In addition, the monitoring and switchover service must itself be highly available; it must itself be built so that it spans several locations. A quality distributed DNS service (that directs the Internet to an IP address for a domain name), along with two instances of quality hosting, are needed.

I’ve found that there are offerings of true 100% availability hosting service, but they are prohibitively expensive for small businesses. If you’re Home Depot, these services are just what you need, but for small businesses, there’s nothing that removes that risk of a whole data center being disabled or cut off from the Internet. At present, we’re all vulnerable to that enemy of Internet connectivity, the backhoe!

I’m staying with my present hosting provider, in spite of the outage, because of more than a decade of highly reliable service from them. They’ve provided excellent availability–and their service is free from the CPU limitations imposed by the major hosting providers that prevent complete security checks for my clients’ sites.

A 100% Solution

For clients who want 100% availability, I’ve begun work on a method to provide hosting service that won’t go down, even if a whole data center has a catastrophic failure or is taken off the Internet. It will involve the three ingredients for failover that are listed above, and the backup sites will be hosted geographically separate from the primary site, and there will be a highly available DDNS service to do the switchover.

Backups will be stored at a third location, independent from the first two, so the site can be restored even if both of the online copies are lost. In addition, if certain conditions are met by the site, additional special security features will be provided so that the site can’t be hacked.

This is an approach that’s intended for small businesses. If you’re the Washington Post, for example, I won’t be able to host you for $200 a year and provide 100% availability. But for small businesses, I have a way to provide very high availability.

I’ll make this 100% available service available to my clients. The approach I’m planning to use will let me offer it at or near my standard price for hosting service. If the price is the same, then I’ll be converting all my clients to 100% availability at no additional charge.

The Bottom Line

Today, the best way to handle this issue is to make it clear to business management that you don’t have 100% availability, that there will be outages that may last hours but they won’t be frequent, that there may be a year or more without an outage. Or, if you really need 100%, then simply pay for it. My offering of 100% Web site availability for small business is on the way, watch for it.

It's only fair to share...Share on Facebook
Facebook
Tweet about this on Twitter
Twitter
Share on LinkedIn
Linkedin
Share on Google+
Google+
Print this page
Print

Act Fast if Your Site Uses Certs from Symantec, Thawte, VeriSign, Equifax, GeoTrust or RapidSSL

HTTPS

In another issue, We’ve recommended that you should be running HTTPS, to protect your visitor’s interactions with you, and also to improve your ranking in Google search.  That’s still good advice.  However, HTTPS introduces some other complexities. One of them is the need to rely on a third party to issue the certificate that’s essential to running HTTPS on your site.  And what if that third party messes up?  We’re now learning what happens!

There have been multiple incidents of Symantec not following accepted industry procedures in the issuance of certificates.  Symantec is one of the largest issuers of certificates, so it tool a company the size of Google to stand up to them.  Symantec and other brands they own, listed in the title above, have been judged by Google to be not completely reliable.  So Google has established a time frame for ending Chrome’s support for these certificates.

What are the consequences of continuing to use these certificates as Google ends support for them?  Your visitors will see a security alert like the one at the top of the page.  That’s not what you want them to see!

There’s a good discussion of this issue in the WordFence blog, along with links to find the time-tables for nonrecognition of various certificates.

The Bottom Line

Check to see whether your site is using a certificate from Symantec or a Symantec company. If it is, make a change now.  If you’re using Dave’s Super Hosting Service, don’t worry, we don’t use Symantec certificates.

protect your site with https

Let’s encrypt! It’s time for HTTPS.

What’s HTTPS?

HTTPS is the secure version of the HTTP (hypertext transfer protocol) that our browsers use to access Web sites, that your visitors use to access your own Web site. HTTPS protects communications between the client program that your visitor uses and your Web server, so that eavesdroppers can’t listen in, no one can tamper with data that’s transmitted, and your Web site data can’t be forged.  HTTPS allows your visitors to visit your site in privacy.

It’s growing in importance, and it’s time for you to adopt it, if you haven’t already, both because you owe it to your visitors and because not adopting it will impede your efforts to use the Web to promote your business.

Today’s Usage

Adopting HTTPS, which uses the SSL (secure sockets layer) protocol to communicate, so that it’s called either HTTPS or SSL, today will put you somewhat ahead of the crowd, except for financial systems and medical systems, which have widely adopted HTTPS.  However, HTTPS adoption grew by 80% last year, so its time has arrived.  Mozilla has reported that more than half of pages visited by Firefox now use HTTPS:

sites accessed by firefox using HTTPS

This doesn’t mean that half of all sites now use HTTPS; far from it, in fact.  This result is strongly skewed by the use of HTTPS for financial and shopping sites and by Google, which all together carry a significant portion of all Web traffic.

How to Convert

The mechanics of conversion have become less onerous now that there are low-cost certificates available, that are required for implementing HTTPS.  Most Web hosting companies can help out with the implementation; it no longer needs to be expensive or difficult to convert to HTTPS.  You’ll notice that my own site now uses HTTPS.

The method of conversion depends on how your hosting service is implemented and the technology that dellivers your site, so a discussion of that here wouldn’t be of much value.  Just understand that the technical work to be done is not difficult and shouldn’t be costly.

Why Convert?  Here Are Five Reasons

1. Protect your visitors’ privacy

Your visitors deserve to be able to visit your site in privacy.  In these days of ever-intrusive commercial data collection, HTTPS helps your visitors keep their private activity on the Web private.  Outside the US, of course, a visitor can fear exposure to the state of his Web activity.  HTTPS is a way of respecting our visitors.

2. Search engine ranking

Google has announced that the use of HTTPS is a ranking factor in your position in search engine results.  This can be viewed as a carrot–Google is offering better placement in search engine results for use of HTTPS, or as a stick–use HTTPS or suffer a penalty.  But however you see it, it’s real, and there are benefits to you from adopting HTTPS.

3. Browsers will mark HTTP as insecure

Today, browsers typically show a small lock next to the URL when HTTPS is used.  However, both Firefox and Chrome are preparing to mark HTTP sites as dubious at first, and then as insecure.  This is not something you want shown to your visitors!

4. HTTP/2

Finally, in 2015, the successor to HTTP/1 has been adopted, and HTTP/2 has many improvements, especially in performance.  For compatibility reasons, browsers will support HTTP/2 only over HTTPS.  If you want to benefit from the evolution of the Web, particularly performance improvement when delivering data-heavy sites, you need to adopt HTTPS.

5. iOS and Android compatibility

iOS 9 has a strict requirement for HTTPS, and Andrioid M has a less strict but still real requirement.  If you intend to deliver content to iOS and Android smartphones, in the future you’ll have to use HTTPS, so changing now makes sense.

Dave’s Super Hosting Service

If you’re using Dave’s Super Hosting Service, don’t be concerned.  All the sites are being converted to HTTPS, using my own site as a test vehicle.

The Bottom Line

The first reason given, which is respect for the privacy of your visitors in this era of unprecedented snooping on all of us, is reason enough.  But if you add the second and then third reasons, it’s clear that you need to get on with it and adopt HTTPS if you haven’t already.

 

 

 

 

 

Private IP Address? Do I really need one?

Private IP Address:  The Gold Standard in Hosting.  Or Is It?

Recently I was looking for specialized Web hosting services, and when I asked at one company if their price included private IP addresses, the response I got was that “there is no benefit at all from having a private IP address, so why would you want one?”  For a long time, a private IP address has been the standard for high-quality Web hosting, and it’s still promoted as such by many hosting companies.  In this post, I review the reasons in favor of having a private IP address, and give you a concrete best-practice recommendation that can save you money while not subjecting you to SEO or other risk.

What Is a Private IP Address?

An IP address is a 32-bit number that identifies an interface to the Internet.  Every connection to the Internet has a unique IP address; routers on the Internet use these addresses to forward information back and forth between machines on the Internet that communicate.

Your Web site is a collection of files that are delivered in response to requests that arrive over the Internet by a program called a Web server.  That server program runs in a computer that’s attached to the Internet, that has an IP address.  The server can be set up so that a number of Web sites share a single IP address, so that the server distributes information based on the domain name.  It can also be set up so that each site has its own IP address, and the server distributes information from one site or another based on the IP address it is given.

A site hosted at a shared IP address is not necessarily slower to load than a site with a dedicated IP address.  It’s true that the Web server for the shared IP address has one more step to perform when delivering pages, but that step happens so fast that it’s not a significant factor in the load time of your site.  The important determinants of load time for your site are the total capacity of the computer hosting all the sites and the number of sites it hosts (with either shared or dedicated IP addresses), the computing demands placed by the sites, and the limits on computer resources placed by the hosting providers.  Note that the reason $5 a month hosting is available is because that comes with low limits on resources used by the site.

What Are Potential Google Problems?

The Web server works just the same in either case.  The questions about private IP addresses revolve around what actors other than the Web server might do in various circumstances.  For example, suppose one of the sites hosted on an IP address is penalized by Google for something that Google doesn’t like.  Suppose this is something extreme such as buying incoming links.  Will Google penalize all the sites that use the same IP address?

Matt Cutts, who is still in charge of the ranking effort at Google, told us back in 2010 that Google treats sites on shared hosting the same way as sites with a dedicated IP address.  Here’s a video with Matt Cutts explaining the situation.

From what he says, you don’t want to share an IP address with thousands of spammy sites, but under normal conditions, using shared hosting will not get you into trouble with Google.

Google tends to do its ranking based on domain names and not IP addresses, so their first intent will be to not be influenced by other sites at the same IP address, except in extreme situations.  You need to be protected against those situations, but that doesn’t mean that you need a dedicated IP address because of Google.

What Are Other Potential Problems?

While Google doesn’t classify based on IP address, there other services on the Internet that do.  Very much so in all the services associated with email.  Estimates are that as much as 86% of all email is spam, as many as 400 billion spam emails per day.  Because of this volume, email providers are under pressure from their customers to control spam email.  .  There are active exchanges of email addresses and IP addresses that are identified as distributing spam email.  If your IP address ever gets put on one of those lists, even if the spam isn’t from you, you’ll have a significant amount of work to do proving that you’re legitimate, possibly to several different organizations.

During that time, your email or your customers’ email is blocked from delivery!  Imagine the impact on customers if they can’t get or send email because of a spam blocking problem.  This problem can damage the reputation of a company and make customers less interested in doing business with them.

Avoiding Problems

First, check to see whether your site has a dedicated IP address.  You can find out by clicking  here and entering your URL.  While you’re at it, you can see how big companies manage their IP addresses.

It’s interesting to use the tool to get a sense of IP address management of other organizations.  Look up gm.com and you’ll see that this IP address has the home sites for GM’s major brands, a logical approach.  That IP address is shared by XX domains.  If you look up ge.com, you’ll see less discipline–their IP address is shared by more than 1,000 domains, many of which do not appear to be associated with GE.  It appears that GE simply bought inexpensive hosting service, without addressing the IP address question.  Another interesting domain to check is ibm.com–you’ll see that it shares an IP address with amazon.com.

If your firm has multiple Web sites, it’s OK for them to share a common IP address, presuming that your firm has control over what’s done with those domain names and the associated email behavior.

A Caution About Email

My friend Tim Brady makes the interesting observation that a dediated IP address for Web hosting does not guarantee you a dedicated IP address for email!  That is, you could pay extra for a dedicated IP address for your site, thinking that you were protected against the actions of others, only to find that your email is being shepherded through mass servers with many domains sharing an IP address for their email.

If you decide that you want a dedicate IP address, be sure to clarify with your hosting provider vendor that your email will be sent from your dedicated IP address.  Another approach is to have your company’s email processed by Google, whose gmail service is economical and very dependable.

The Bottom Line

Use a dedicated IP address for your company’s sites.  The market value for a dedicated IP address is about $5 a month; you can afford it.  The cost is a lot less than the direct and indirect costs of having your IP address blacklisted.

As an alternative, you can use Dave’s Super Hosting Service, which offers high performance, dedicated IP addresses, frequent backup to the AWS Cloud and special security protections.

Bargain Web Hosting: Really a Bargain?

Bargain Web Hosting:  Really a Bargain?

We’ve all seen ads for inexpensive Web hosting.  It’s even advertised during the Super Bowl!  You can get your site hosted for $1 a month.  Or even 99 cents a month!  What can be easier?  Should you use these cheap services?  This issue digs into the issues of cheap hosting providers, based on actual experience.

We see cheap hosting services advertised on the Super Bowl.  This tells us that lots of people are buying them, and also that they must be quite profitable for the vendors, since they can afford the huge cost of Super Bowl commercials.

We’re talking here about the difference between hosting that might cost, say $6 a month, compared to first-class hosting that you can get for about $20 a month.  So the cost difference isn’t great.  Does it matter?  Is it OK to go cheap on this?

Why So Cheap?

Why is it that companies can charge so little for Web hosting?  It’s easy to pay $30 a month for hosting service.  How then can some companies sell it for $1?  Or $3?  Or $6?  The answer, as usual, is that the service isn’t the same as the $30 product.  I’ve seen three primary areas where the vendors cut costs:

• resource limitations are placed on these sites, particularly cpu time they can use and RAM that they can use to service requests;

• multiple sites may share an IP address; and

• customer support may be limited.

Resource Limitations

On one occasion I moved a site from a moderately-priced hosting service at a big company to my own hosting service, that’s more expensive but doesn’t put stringent limits on CPU and RAM resources, and the same site, with no changes, loaded twice as fast on a better hosting service.

We all know that speed to load is a factor that Google considers in assigning page rank in search results.  Why?  Because they’d like to point their customers–searchers–to pages that provide good experience by loading fast.  So although loading speed is influenced by many factors, particularly site design,

If your site is hosted on a quality service, not only Google but your visitors will have a better experience when they visit your site.

In a more recent experience, a client was paying $16 a month for hosting service from one of the big companies.  When I ran a WordFence security scan of his site to find malicious software, the memory limitations imposed by the hosting service kept the scan from completing.  As it turns out, there was malware that was not being detected by the prematurely terminated scans; when the site was moved to a quality hosting service, the malware scan ran to completion, detecting and correcting the problems that went unfixed previously.

Shared IP Address

The very cheapest hosting services will have your site sharing an IP address with another site.  Google tells us that a shared IP address will not, by itself, hurt your position in their search results.  However, if your site shares an IP address with another site that gets infected with malware, then that IP address may be classified as one containing malware and suffer in search engine rankings.  Similarly, if the other site sharing your IP address either deliberately or through malware sends out spam, your IP address may be identified as a source of spam, so that your emails aren’t accepted by many  email servers.

A shared IP address saves money, but it’s a bad idea.

Limited Service

The big companies have various ways to limit service.  One of them doesn’t provide telephone service at all–you send them an email.  If they’re really interested they’ll call you back.  Later.  But at the moment you’re panicked or having problems–and you site is not delivering your message properly–you may not be able to get help.

You also may find that there is telephone support, but you have to wait a looooong time to reach them!  How much is your time worth while you’re on hold?  The most annoying part of this is that you’re likely to hear that “Your call is very important to us…”  while you know that it’s not so important that they bothered to hire enough people to keep up with the call volume.

Perhaps the most annoying way to chisel on support is to have multi-tier support.  You explain the problem first to someone who has limited knowledge, runs you through a script of actions for you to take, to screen out a couple of simple problems.  Then you are transferred to someone else who perhaps can actually help you.  Here, too, you’re paying for the cheap hosting service by wasting your own time.

The service that you want is a real person who can solve problems for you, available 24 hours a day.

The Bottom Line

Expect to spend $20 a month for site hosting.  Use pingdom.com to measure your site’s home page load time.  Run WordFence’s security scan on your site, and if it doesn’t complete, upgrade your hosting service or move to another service.

One way to get great hosting service is to use Dave’s Super Hosting Service; there are also other competent hosting providers.