Panic time! Your company’s senior (OK, only) UNIX systems administrator has just given notice… Do you have any alternative options for supporting all those critical servers and applications?
I recently consulted with a company that had a mission critical financial and project management application that had thousands of network hits a day. The company had been supporting the system in their so-called data center – OK it was more a data closet, well really just a closet. Leave me alone, at least the machine was not sitting under somebody’s desk! When their systems administrator left, I suggested using a managed service provider for systems support. For about $200/month, they had a fully supported server system and no need for a full-time UNIX systems administrator anymore.
Wow, is it that cheap? It sounds too good to be true. Here is another example of the advantages of using a managed service provider. Recently I worked on a project to create a website for WIND, a non-profit organization helping unemployed professionals network to new positions. The organization has no budget, a strictly volunteer rotating labor force, and no facilities. I.e. they have no machine room, no hardware, and no place to put their non-existent server system. Whatever they did needed to be extremely cheap and virtual. After talking to a couple of local non-profits to see if they would be willing to host the site, I researched commercial sites. "We found a large number of companies offered good services for very reasonable prices. For under $50/month we were able to select two shared Linux servers, one for development, and one for production, in a fully staffed datacenter. The service included a complete set of website development tools, including Tomcat, MySQL, Java, Perl and 400MBs of disk. What more could we ask for at that price?" said P.J. Gardner, information architect at Gardner Information Designs, Inc. and WIND Web project team lead.
Fundamentally, there are three options for supporting servers and applications, DIY (Do it yourself), COLO (Co-Location Services) or a MSP (Managed Services Provider). Each has its advantages and disadvantages. Depending on your company’s needs, one or more will be best suited for your company’s situation. The best methodology will depend on your specific business and budget. What are the differences between the three tactics? Let us look at each method in turn with a discussion of the advantages and disadvantages of each. Are there some best practice guidelines about which approach to take for my systems? The good, the bad, and the ugly of outsourcing your server support.
DIY(Do It Yourself) – On-site administration
First, there's the old-fashioned method – doing it yourself. "Do it yourself" means you use the equipment you already own including servers, network connection, and all infrastructures on your existing company network. You provide all systems, network and hardware support. This means that if you have a big external site, the access bandwidth is coming out of the same bandwidth you use for your company network. If your system disk crashes or your site is compromised, you are completely responsible for maintenance and repair. Ten years ago, this was really the only way to support your servers, so many IT people do not think about supporting their systems any other way.
You own everything and if anything goes wrong, it is completely your responsibility. There are no third party providers to blame. Today, unless you already have a large external facing infrastructure (i.e. a datacenter), there is no real advantage to using your own resources for supporting your external facing servers.
The disadvantages are endless. Unless you are an expert systems administrator with experience managing a datacenter, you are potentially exposing your company network and servers to outside security attacks, power problems, network service interruptions and the myriad of other things that can go wrong with a computer system. If your system is already installed on-site, you are all too familiar with these headaches. Do not underestimate the damage a denial of service attack can cause to your corporate Internet connection. You will have many unhappy internal and external customers.
Since the DIY costs are buried in your general IT budget, it is very hard to quantify your actual expenses, but they can be quite high in terms of lost productivity and risk. The reality is that this approach can be VERY expensive unless you have a large installation and staff to support it, i.e. you have a datacenter that you are maintaining already.
With the co-location option, you are purchasing the right to place your own equipment in the service provider's datacenter. That is, you place your own servers in rented rack space in a fully supported datacenter. If you are lucky, sometimes the datacenter will supply keyboard, mouse, and monitor. Everything else is your responsibility: keeping out hacker/crackers, upgrades, repairs, monitoring, managing services, and so forth. Many providers do not even offer this service, since it can be quite expensive for the provider.
Co-location is ideal for keeping maximum control of your equipment and your systems. If you already own the system, it could save you the cost of purchasing a new one. You do gain the advantage of using the MSP’s bandwidth and support services. If you have a particularly unusual set of systems and application requirements, this may be your only option.
Most of the larger ASP and ISPs do not even offer this service, except to their very largest and most valuable customers. Speaking from the ISP perspective, ISPs hate co-location customers. They are expensive to maintain, pose a security risk to the data center, are hard to administer and generally make it more difficult to manage the datacenter. Genuity used to offer the service until someone ran the numbers and found that it was actually costing the company more money that they could possibly get back in revenue. They offered all of their co-location customers upgraded managed service for the same price and Genuity still made money on the deal!
Would you trust a company that allows unescorted visitors into its data center? Although you do get access to the high quality infrastructure, your provider might limit machine access time for maintenance and upgrades. The more reputable companies provide an escort for machine access, but watch out that, those time charges can really add up quickly if you have a major system upgrade planned. The costs for this option vary, it might be less than a dedicated managed server, but it is unlikely to be cheaper than a shared managed server. This more depends on the service provider’s willingness to offer the service.
Managed Service Providers (MSP)
A managed service provider (MSP) provides delivery and management of network- based services, applications, and equipment to enterprises, residences, or other service providers. Managed service providers can be either hosting companies or access providers. Their services can range from fully outsourced network management arrangements, including advanced features like IP telephony, messaging and call center, virtual private network (VPNs), and managed firewalls, to simply providing hosting services for your company external website. Internet Service Providers (ISP) first offered these services starting about 8 years ago, when they found that they could sell extra capacity in their datacenters to their customers. The MSP usually has a myriad of options to choose from including but not limited to the amount of disk space, number of processors, platform (Linux, Windows or Solaris generally), server access (web based, ftp and/or telnet) and available bandwidth. MSP services some in two basic flavors – shared and dedicated.
When you purchase a dedicated server, you are buying the use of an entire machine reserved for your use alone. The MSP still builds the machine for you using their standard specification and supports it fully. You will generally have more flexibility about what tools you are permitted to install and nobody but you can crash the machine (an unlikely scenario nowadays). If your application is large or you require specialized software, this may be the only option available. The cost for a dedicated server can be surprisingly reasonable, starting at around $150/month.
If you are on a tight budget and you have a standard application (a storefront web server or brochure ware, for example) you might consider a shared solution. Again, as the dedicated option outlined above, you can choose the amount of disk space, available bandwidth, platform, and tool set to work with. Be aware, when you buy shared services, you are sharing a machine with other customers. It sounds dangerous because you will never know whom you are sharing your site with, but it is completely transparent. If the MSP is at all reputable, this can be a very inexpensive and secure option. If you find this arrangement makes you nervous at all, pay the extra for a dedicated server.
Shared services are not only for web hosting either. You can purchase helpdesk services, disk storage, ERP systems, and almost any type of system you need. This is the Application Service Provider (ASP) model of providing services. A few years ago during the Internet boom, everyone thought that ASPs were going to be the next wave of IT transformation. While the promise has so far not caught up with the hype, for the right application, this can still be a viable and cost effective option.
The advantage to using Managed Hosting Services are that you are able to purchase the service and support of a fully managed datacenter that you are unlikely to desire or afford to build and maintain yourself. These datacenters are constantly updated with the latest security, network, and systems technology, another expensive headache you do not need. Outsourcing your server support can be a very cost effective approach because you can purchase exactly the services that you need, when you need them. Expansion is a simple matter of purchasing additional services. Numerous large and small companies provide these services ranging from Worldcom and ATT to tiny specialized downstream providers.
There are some disadvantages to choosing this service model. If you have any special requirements, you will need to find a MSP that has the special tools that you need. Since hundreds of companies provide these services, it should not be difficult to find what you are looking for, but the more specialized your needs, the more dependent you are on a specific provider. Another potential downside - this industry is going through a serious shakedown. Many providers will washout in the next few years as the industry consolidates. One way of minimizing your risk is to use two MSP companies; if one goes out of business, you will have time to transfer your account to another with no service disruption.
Face it you are literally putting your family jewels in another company’s hands. You are understandably nervous. Do diligence and through research before you commit to the company can help alleviate your fears.
Five key questions to ask when choosing an MSP:
- Business Track record – How long has this company been in business, what are its prospects? Check its D&B rating.
- Quality of facilities – What do they look like? How many facilities does the company have? Does it have full redundant power and network connectivity? Is it subleasing space from another provider?
- Upstream providers – Who is it getting service from? Does it have multiple network access points?
- Administration tools – Does it have a set of administrative tools for you? Are they easy to use and secure?
- Tech support – Is it available 7x24? What is its guaranteed response time if there is a issue? Is it proactive when there is a problem?
Your company website, Intranet, ERP and other systems are now business critical systems. In the past, you have always supported them on-site but you know that your IT resources are stretched very thin. Does it make sense to move your application servers to a managed services provider instead of supporting them in house or using a co-location service? Yes. A Managed Services Provider can offer security, levels of support, bandwidth and a price for every budget that you could never hope to match any other way.
Beth Cohen is president of Luth Computer Specialists, Inc., a consulting practice specializing in IT infrastructure for smaller companies. She has been in the trenches supporting company IT infrastructure for over 20 years in a number of different fields including architecture, construction, engineering, software, telecommunications, and research. She is currently writing a book about IT for the small enterprise and pursuing an Information Age MBA from Bentley College.