[Gllug] recommend a (web) hosting company for linux box

[Simon Wilcox]

On Wed, 27 Aug 2003, Tethys wrote:

> Simon Wilcox writes:
> 
> >It depends on what you need. I would suggest that for most hosting needs,
> >taking a server managed up to OS level would be the best bet as the
> >hosting provider should then be resonsible for any upgrades/patches to the
> >OS, leaving you free to concentrate on your applications.
> 
> Nice theory. Beware that whatever the contract says, your service provider
> may not actually do this in real life, and you may find your servers
> unpatched against published security vulnerabilities. Not that this is
> the bitter voice of experience or anything...

Of course not, that kind of thing never happens... :-)
 
I have had similar problems in the past where the supplier didn't patch in
a timely fashion. We ended up spending almost as much time checking up on
their activity as it would have taken us to do the pacthing ourselves.  
Added to the anxiety of not knowing what would happen next we ended up
throwing them off the machine and taking it over.

My lessons from that were:

* Always obtain a copy of their notification & patching procedures (run
away if they don't have written procedures !)

* Make sure it includes plenty of client notification so that you know 
what's happening to your machine (even if it is a mail to say 
"vulnerability X does not applyto your machine").

* Always make sure that the SLA defines how quickly servers will be 
patched from the time a patch is available

* Always make sure there is commercial recourse if they fail to meet the 
deadline, for instance a rebate for every missed deadline with an opt-out 
clause if you are unsatisfied with their response

As always, do your market research throughly before contracting out any 
critical service !

Simon.


-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug