Web hosting reminds me of home insurance. Everyone knows they need it. If you’re feeling lucky or you enjoy the adrenaline rush of huge risks, you tend to take a minimalist view. If you’re a pessimist or if you just happen to have experienced enough of life’s uncertainties then you get a bit more pragmatic. Our home was destroyed by a tornado several years ago. As you can imagine, even though our family thankfully emerged unscathed, the recovery for us and our entire neighborhood was daunting. Sadly, some of our neighbors found out at that time that their “bargains” on insurance weren’t such a deal after all.
The same applies to hosting. It’s funny that, although the question of “what’s the best host for __x__?” is one of the most frequently asked questions on networking sites, after a thorough answer it’s typically voiced with a subsequent follow up “oh (insert awkward silence here)…well, I really wasn’t meaning to spend that much!” Please understand I’m not advocating coming to your hosting options without concern for costs, but these must be put into perspective: what are you hoping to accomplish and how many headaches do you want to still entertain once online? We are talking about your most ubiquitous customer touch point, right? If you’re engaging in online commerce, we’re talking about revenue streams and customer satisfaction, right?
Since this is actually a large topic, my plan is to summarize top level issues in this post and, if time allows, get more granular in a subsequent post or two.
Decision matrix #1—questions to ask yourself at the outset:
1. Security and reliability—you need to start with these seemingly less exciting points, imo, compared to features, etc. Do you have critical, private data you’ll be storing on a database? (And please don’t tell me you’ll be storing credit card data—ever!) If you’re storing sensitive data, move away from shared hosting, unless, of course, you’re operating on shared servers with independent virtual servers. The related topic of performance, particularly of virtual database servers is important but out of scope for this post. What about DR? How is that handled and what’s the expected worse case scenario for downtime?
2. Features—what components, tools and tangential systems are on my “must have” list vs. those provided or available? Are these extensible? Can these be at all integrated with my back end systems? Are there business user tools available or does all interaction need to come through my internal IT support? Do I need internal IT support or can I better use those resources elsewhere?
3. Support—what is the support structure of the provider? Who do I contact and how? Who within my organization can make support calls? What is the skill set of those on support? How about level 2 & 3 support? What are their expectations of me and my staff? If needed, can I get someone on the phone 24×7 or am I limited to email or online chat support?
4. Qualifications—who are some of your hosting provider’s customers? You may not yet be an IKEA or Barnes & Noble, but your provider should be able to suggest success stories for organizations roughly similar to yours. Additionally, if they’re doing only commerce, they should already have already successfully passed PCI compliance audits, so you may want to ask about that as well.
5. How much involvement can you afford? — Specifically, your own tech resources staffed to maintain the operation. My opinion, you can rarely afford to staff adequately with your own resources so lean heavily on managed service providers. They’re really cheap at the price. Unless you originally got into business with the dream and end goal of running a data center.
6. Along the lines of “why did you get into business in the first place?” and “what are your core-competencies?” do you really want to own any hardware or software? Probably not, so move away from collocation. If you convert these costs (often capitalized) into monthly expenses as part of your lease/managed services agreement, you may find increased appeal on the financial end.
Assumption: most people will find they don’t want to host themselves nor, if they’re sharp, will they want to co-lo (co-lo makes sense if you’ve got some exiting servers but outside of that condition it’s probably not a factor). Additionally, most will be looking for either shared or dedicated hosting.
Now, if you simply Google something like “web host comparison” you’ll often get sites that may look legitimate but under the covers are marketing masquerading as a real site. Just be careful where you step. Here are a couple of lists with less vendor affiliation and more comparison of services:
http://webhost.thelist.com/
http://www.websitehostdirectory.com/
For those looking to host applications, more than sites, and particularly if you’d like to do this at not cost, check out:
http://en.wikipedia.org/wiki/Comparison_of_free_software_hosting_facilities
So much for the high notes. I hope to get a chance to address hosting in a low-end vs. high-end comparison in the future. For now, I hope this helps.
Earlier this year the business.com domain name sold for (gasping for air here!) in excess of $300M US. While that specific instance is a
record, and certainly caught news wind, I continue to doubt its value. But that’s just me. I think it’s an occasion of multiple bidders (and there were several high profile organizations in on the action) at an auction all “perceiving” increased value because the others are also perceiving that sense of value. E.g., is a 1950’s era Les Paul guitar worth $20K to over $50K? Intrinsically, no. However, there will never be another one produced. Others, primarily investors who aren’t even marginally decent guitar players, think that fact adds value, so they bid on EBay to monstrous dimensions. Is that truly shopping victoriously?
We all take risks, that is, if we’re indeed doing our job well. They’re calculated. They’re mitigated. But they’re still risks. Despite my perception that Business.com was overpriced by several orders of magnitude, someone, some group more likely, felt otherwise. Only time will tell if their risks were well handled or foolish.
Let me ask a question. Prior to implementation, promotion, launch, more promotion, and adoption, what were the respective values of ebay, yahoo, google, linkedin, flickr, youtube, etc., etc.? That’s the basis for my perception. Succinctly, I’d rather have some crazy, off-the-wall domain name that I bought for chump change, focus strategic energies into a successful marketing campaign, then promote the site and its value with the cash saved. In general I believe that’s the wisest approach for almost all instances with perhaps the primary deviation being domain names built upon branding or, to a lesser extent, niche markets. Oh, and personal names 
Some businesses handle their approach to digital assets well. They’re the firms that know where they’re headed with branding, with products over their respective life cycles, and the markets they want to penetrate and in which they want to grow. They have a gut feel for global reach. They’re not going to be caught off-guard with email from some back alley domain hoarder, who, attempting to strike hearts with fear, asserts others are laying claim to “their domain name”.cn, .hk, .asia, etc., which he says he can fix for a price, nor are they going to fall prey to a bidding war over online real estate of questionable value. These are the firms that tend to truly win.
Makes me wonder if they also bought Business.cn? If they didn’t I might know someone who can fix it for a price.
Please pass the anti-hoax spray before I get bitten again
Okay, you probably also have good friends, family members and co-workers who love to share everything from amusing to alarming news, photos, and alerts via email. Sharing can be good. Broadcast emails to everyone in your address book is not and particularly so if it’s something intrinsically false.
The following story, although not in the form you see below, was forwarded to me by a good friend, which was forwarded from a forward, from a forward, etc. Despite the trust I have in my friend I do not trust forwards from unknown sources, so, being the annoyingly cautious person I am, I bothered to check it out. It’s not hard to do. Just (please!) Google some of the text in your amazing/alarming message or visit some of these hoax-busting sites:
http://hoaxbusters.ciac.org/
http://urbanlegends.about.com/
http://www.museumofhoaxes.com/
The email that was sent supposedly reflected a holiday confession from Ben Stein. Perhaps you’ve seen it. The message, at least the basic thrust, is marginally corroborated at http://www.snopes.com/politics/soapbox/benstein2.asp (an excellent location for the original context of this message) as well as at Ben Stein’s website (benstein.com).
As with many, many forwarded messages, what you get in your in box is easily tainted by the opinions and good intentions of so many others along the line. And, occasionally, someone with the compassion and integrity of Catbert. So for the real story, I’ve omitted the message that was forwarded to me and just present the transcript. It’s good and worth a read. The incidental lesson: always check your sources; if you’re not sure, don’t quote them. A basic journalism principle that has applicability in what we broadcast to others in email for you never know who will forward what you’ve written to the world, with your name and email attached. What’s really weird but unfortunately not too surprising is that the errant version of the quote (which is also available on the snopes site) was included in its entirety on a number of blog sites, again errantly attributing to Mr. Stein words he never spoke or wrote.
One more thing, if you feel compelled to forward a message to all your friends & family (all 143 of us), please, please use BCC email distribution. This isn’t rocket science. Like me, you may be painfully familiar with internet based scams/attacks/security risks because of your line of work, and I guess it’s incumbent upon us with that experience to instruct and warn those who are not. Unless you really love phishing attacks and endless gigabytes of spam over the years we at least need to try.
Oh, to those of my friends and family to whom I forwarded that web vid about charging your blackberry from an onion and Gatorade (which was a…er… ahem, a hoax—honest, I didn’t know!), you know what you can expect from me under the Christmas tree this year
–@–
Origins: Ben Stein, a lawyer by training, has also served as a speechwriter for President Richard M. Nixon, has to date authored sixteen books (both novels and non-fiction efforts), and continues to write editorials and columns for a number of prominent publications. He is perhaps best known to the world at large, however, for his in-front-of-the-camera work as the dreadfully dull economics teacher in the film Ferris Bueller’s Day Off (and his similar role as the monotonic science teacher Mr. Cantwell on the TV series The Wonder Years) and as the keenly competitive host of the Comedy Central game show Win Ben Stein’s Money.
Mr. Stein currently offers occasional commentaries for the CBS Sunday Morning news program, and the item quoted above is based on one such commentary, entitled “Confessions for the Holidays” and delivered by Mr. Stein on that program on 18 December 2005, one week before Christmas. However, the version widely circulated via e-mail includes some transcription errors and modifications that were not part of the piece as originally aired. Here is the full version as broadcast, taken from a CBS News transcript of the program:
CHARLES OSGOOD (host): We all have our own thoughts about the holidays. Here’s Ben Stein with his.BEN STEIN: Here at this happy time of year, a few confessions from my beating heart. I have no freaking clue who Nick and Jessica are.(Footage of People magazine; Us magazine)
STEIN: I see them on the cover of People and Us constantly when I’m buying my dog biscuits. I still don’t know. I often ask the checkers at the grocery stores who they are. They don’t know who Nick and Jessica are, either. Who are they? Will it change my life if I know who they are and why they’ve broken up? Why are they so darned important?
STEIN: If people want a creche, fine. The menorah a few hundred yards away is fine, too. I do not like getting pushed around for being a Jew, and I don’t think Christians like getting pushed around for being Christians. I think people who believe in God are sick and tired of getting pushed around, period. I have no idea where the concept came from that
With the latest trends in security vulnerabilities moving from old-school threats (e.g., email payloads) to more recent trends (phishing scams and XSS vulnerabilities), it seems we need to revise the notion of browser security “state”. Specifically, I’ve been thinking this should be tied to non-proprietary databases leveraging social network capabilities. Basically, a certain level of global security approval.
I realize there are risks that need to be mitigated in this—lots of work to be done here—but I’m hoping it will be birthed from a consortium and not one security company.
The result: one way to implement this would be a security toolbar. Of course, displaying this would be optional. This would show the relative sense of security realized from the global community. Somewhat akin to what you find in the Security Task Manager tool from Neuber GmbH, if you’ve ever used that. Essentially, STM users collectively vote on the perceived security level behind Windows processes and drivers. In this case, however, all vote on websites. A tangent to that would be setting acceptable security levels. You might only want to visit sites ranking higher than “6.4″, for example.
Secure Computing Corporation has an implementation of this model. Their “TrustedSource” (which bugs me that they used a “.org” extension when they’re every bit a for-profit entity) is what they call a “global threat correlation engine”. It’s basically an aggregated white list for global sites. Making the list is proprietary to Secure Computing’s interests; this is where I believe a non-partisan social net endorsement would be a better solution. That data needs to be protected, naturally, from external threat. It also needs to be outside the hands of any one entity to be of real value to all.
Don’t know if you’ve read the Microsoft announcement this week about Windows Server 2008. The news came out from Teched in Spain and, distilled down, there will be eight different versions available. Compare that with the three currently available (Standard, Enterprise, and Datacenter) and it doesn’t sound so bad. On the surface anyway.
Can anyone guess at how may SKU’s there will be? Let me make it easier. Can anyone guess how many SKU’s there are today with only three versions? Answer: I don’t know. At least that will be the average answer, I’d venture, even from MSFT employees. Even going off Microsoft.com pages, you’ll get at least 12 versions for Server 2003, although not all can actually be purchased from MSFT. Where it gets more challenging is in the details. How many CAL’s do you need? Got virtual? Are you clustered? Oh, do you need an External Connector with that?
So, in reality, how many SKU’s will there be with the advent of Hyper-V, MSFT’s latest virtualization technology? This is where I begin thinking, “Man, this is ripe for online selection/configuration!” This is partly spurred on by the seeming difficulty in getting quick, qualified sales support from Redmond (actually, this is true of most large vendors, not just MSFT). Now, I’ve had the pleasure of working with their team in the Twin Cities, and they’ve been great, but there have been other times in other places where this has been a struggle.
This fits a classic scenario where selection/configuration pays off big: product complexity and limited sales resources. I want to go in with my project’s full requirements, and pull out some relatively precise budget planning numbers. I don’t have time for a full quote at this point. Well, they’ve got one, two, actually. I have to admit, I was surprised. Unfortunately, they only work for virtualization environments.
Isn’t the whole process a little too complicated to be left to the under-initiated? If only MSFT could work with Tacton, or one of the other leaders in online sales configuration, they could make life so much simpler and easy to understand for their customers. Now, if they could only make it cheaper. Until both happen, LAMP continues to look better and better to a lot of people looking for a way out of the forest.
Let me preface this: You may already be aware of some or all of these security threats but I found the following presentation as a whole both fascinating and alarming. This afternoon Ziff Davis and MessageLabs presented “Today’s Internet Security Landscape: A Closer Look at Evolving Threats” . It’s now available streamed and if you’re at all concerned about email security it’s an hour worth your time.
Did you ever wonder why you get those crazy emails about hot stock tips for some thoroughly obscure ticker symbol? Mark Sunner, Chief Security Analyst at MessageLabs, who gave the presentation, clears that up, explaining why it’s tied to identity theft and money laundering.
Man, I wish I didn’t have to say this but the architectural caliber of the latest malware is near brilliance; they’ve really got grid computing down. The presentation also gives some context as to how these tools of crime are funded, which is also enlightening. From StormWorm and SpamThrough to Russian and Ukrainian boutique spam bots (yes, they’ll craft custom “professional-grade” malware, configured to your specs, for a price) to social engineering preying on the onslaught of social networks, this was alarming. Don’t think I’ve lost this much color during a presentation since hearing about the true value of USD’s since departing from the gold standard.
That last point, the one about social networks, really bears clarification. We all place so much personal info on sites such as MySpace and LinkedIn, it shouldn’t come as an entire surprise that targeted attacks are starting to arise from that info. Specifcially, elements of crime getting at “C” level officers of organizations, or perhaps using that info as they craft new spam attacks. If you saw a message in your inbox that was from your CEO or CTO, and the message header seemed to mimic with near perfect accuracy the name and type of message you’d expect, and then, if within the body it said something like, “click here for project details”, wouldn’t you be inclined to open the message? How about if it was from someone in the upper echelons of your support organization stating “install this upgrade asap”?
That “near” perfection is achievable through data mined from social networking sites. Makes me wonder if I’m over reacting. But it also makes me wonder what sites like LinkedIn will do to protect their users, their sites’ integrity, and their overall business model.
I just finished reading Gartner’s “MarketScope for Sales Configuration, 3Q07”, by Gene Alvarez, which came out this week. Over the years I’ve read quite a bit from Gartner; for me, this one was more interesting, however, since I was among those interviewed for their published analysis. If you’re replaying scenes from “The Jerk”, with Steve Martin’s lead character wildly running about and shouting out, “The new phone books are here…the new phone books are here!” you may be a bit off, but, yeah, this one had my interest big time.
The backdrop: I’ve worked extensively with online configuration and have conducted detailed comparative analysis from many providers in the past, which I’m assuming is the reason Gartner was interested in my perspective. At the outset of our most recent project, I had set up an in house “Selection/Configuration” mini-conference for our organization, more or less a parade of vendors diving into their technical and business capabilities. Most of those were represented in the recent Gartner report, which made it even a bit more interesting to me.
Now, unless you’re really fascinated by the topic of online sales configuration, addressing this in depth here would move even the most stalwart audience into a soporific stupor so I’ll leave that to other venues and other discussions. If you’ve specific questions outside the scope of this post please feel free to email me. What I’d like to cover here is the results, at least from my vantage point.
During the phone interview with Gartner, which lasted less than an hour, I answered a number of open ended questions (“Why did you choose this product?”, “What others did you consider?”, “How are we using it?”, and the like). I actually had an enjoyable time talking with the author since he was well familiar with online configuration and the vendors involved. We went on to discuss more specifics such as customer satisfaction and the comparative strengths between some of the products he was evaluating. Wrapping up, I was looking forward to seeing the end results of his analysis in print. Let’s see, that was toward the end of June so the remaining interviews (I’ll assume there were multiple others like mine—Gartner is fairly secretive about their process details, and I can respect that), analysis, authoring, and publication process took about four months.
The Results. You’re probably well familiar with the legendary Gartner “magic quadrant”. I was glad in this instance that they refrained from boxing in the vendors in that array this time. Limiting assessments to four graduated “vision”/”capabilities” quadrants doesn’t really has seldom, if ever, given anyone effective reference tools. In this analysis, rather than the “MQ”, there’s a ratings matrix in which each of the vendors is given one of five overall ratings: strong negative, caution, promising, positive, and strong positive. Whew—not much granularity here! In all fairness, there are a few paragraphs given to vendor/product details, and maybe that’s the better focus. When I think of all the attributes I pulled together in our assessment I think Gartner could have gone a little further here. However, again trying to be fair, the analysis is looking at a larger picture than just feature lists.
There’s one disparity that warrants mention, and this is one that only those involved in online configuration and online commerce may be able to closely relate. When stacking up vendor to vendor, I believe it would have been better to focus exclusively on the configuration capability, not the commerce component. Frankly, this is where, imo, Mr. Alvarez missed a bit.
Commerce tools are exceptionally demanding animals. If you’ve got an exceptional, best-of-breed configurator, do you want to also attempt to develop a best-of-breed commerce engine? Or, would you rather augment your business case by easily integrating with best-of-breed tools?
Scanning the vendor line up, some are rewarded for having good commerce engines while others are penalized for not building those themselves. My take on it is this is not necessarily wise. I’d much rather be able to deal with a “best tools in the box” approach, particularly if they’ve demonstrated effective integration with past deployments.
Further, some key configuration issues aren’t addressed thoroughly and some aren’t covered at all. For example, a key issue with configuration engines is the nature of their modeled data interpretation: are they rules based or constraints based? This was not compared within the analysis. I’d underscore this is a huge data maintenance issue. When calculating the ongoing costs involved in online configuration, data maintenance will typically easily eclipse all other costs. You don’t want to stumble on this topic. Constraint based systems largely tend to be less labor intensive as you build and maintain your data models.
In summary, since I’m familiar with a number of these players, who do I think should have been rated higher? Although the Swedish firm, Tacton, is not a software behemoth like Oracle or SAP (and for this we can give thanks) the integration that they demonstrate is outstanding, their data modeling is lucid, and their support and deployment options work very well. I couldn’t justify rating any of the other vendors more highly (and may have rated some of the others a bit lower). Tacton plays exceptionally well with IBM’s WebSphere Commerce, which is a powerhouse in online B2B and B2C commerce. They also have a very impressive array of other application partners, including Microsoft, Autodesk and Dassault Systems (SMARTEAM and SolidWorks). It’s clear that Tacton understands not only configuration, but how to move in a veritable arsenal of high impact supporting systems, all in a best-of-breed environment.