[Gllug] recommend a (web) hosting company for linux box
Simon Wilcox
essuu at ourshack.com
Wed Aug 27 15:52:20 UTC 2003
On Wed, 27 Aug 2003, Tethys wrote:
> Simon Wilcox writes:
>
> >It depends on what you need. I would suggest that for most hosting needs,
> >taking a server managed up to OS level would be the best bet as the
> >hosting provider should then be resonsible for any upgrades/patches to the
> >OS, leaving you free to concentrate on your applications.
>
> Nice theory. Beware that whatever the contract says, your service provider
> may not actually do this in real life, and you may find your servers
> unpatched against published security vulnerabilities. Not that this is
> the bitter voice of experience or anything...
Of course not, that kind of thing never happens... :-)
I have had similar problems in the past where the supplier didn't patch in
a timely fashion. We ended up spending almost as much time checking up on
their activity as it would have taken us to do the pacthing ourselves.
Added to the anxiety of not knowing what would happen next we ended up
throwing them off the machine and taking it over.
My lessons from that were:
* Always obtain a copy of their notification & patching procedures (run
away if they don't have written procedures !)
* Make sure it includes plenty of client notification so that you know
what's happening to your machine (even if it is a mail to say
"vulnerability X does not applyto your machine").
* Always make sure that the SLA defines how quickly servers will be
patched from the time a patch is available
* Always make sure there is commercial recourse if they fail to meet the
deadline, for instance a rebate for every missed deadline with an opt-out
clause if you are unsatisfied with their response
As always, do your market research throughly before contracting out any
critical service !
Simon.
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list