Panic time! Your company’s senior (OK, only) UNIX systems administrator has
just given notice… Do you have any alternative options for supporting all
those critical servers and applications?
I recently consulted with a company that had a mission critical financial and
project management application that had thousands of network hits a day. The
company had been supporting the system in their so-called data center – OK it
was more a data closet, well really just a closet. Leave me alone, at least the
machine was not sitting under somebody’s desk! When their systems administrator
left, I suggested using a managed service provider for systems support. For
about $200/month, they had a fully supported server system and no need for a
full-time UNIX systems administrator anymore.
Wow, is it that cheap? It sounds too good to be true. Here is another example
of the advantages of using a managed service provider. Recently I worked on a
project to create a website for WIND, a non-profit organization helping
unemployed professionals network to new positions. The organization has no
budget, a strictly volunteer rotating labor force, and no facilities. I.e. they
have no machine room, no hardware, and no place to put their non-existent server
system. Whatever they did needed to be extremely cheap and virtual. After
talking to a couple of local non-profits to see if they would be willing to host
the site, I researched commercial sites. “We found a large number of companies
offered good services for very reasonable prices. For under $50/month we were
able to select two shared Linux servers, one for development, and one for
production, in a fully staffed datacenter. The service included a complete set
of website development tools, including Tomcat, MySQL, Java, Perl and 400MBs of
disk. What more could we ask for at that price?” said P.J. Gardner, information
architect at Gardner Information Designs, Inc. and WIND Web project team lead.
Fundamentally, there are three options for supporting servers and applications,
DIY (Do it yourself), COLO (Co-Location Services) or a MSP (Managed Services
Provider). Each has its advantages and disadvantages. Depending on your
company’s needs, one or more will be best suited for your company’s situation.
The best methodology will depend on your specific business and budget. What are
the differences between the three tactics? Let us look at each method in turn
with a discussion of the advantages and disadvantages of each. Are there some
best practice guidelines about which approach to take for my systems? The good,
the bad, and the ugly of outsourcing your server support.
DIY(Do It Yourself) – On-site administration
First, there’s the old-fashioned method – doing it yourself. “Do it
yourself” means you use the equipment you already own including servers,
network connection, and all infrastructures on your existing company network.
You provide all systems, network and hardware support. This means that if you
have a big external site, the access bandwidth is coming out of the same
bandwidth you use for your company network. If your system disk crashes or your
site is compromised, you are completely responsible for maintenance and repair.
Ten years ago, this was really the only way to support your servers, so many IT
people do not think about supporting their systems any other way.
You own everything and if anything goes wrong, it is completely your
responsibility. There are no third party providers to blame. Today, unless you
already have a large external facing infrastructure (i.e. a datacenter), there
is no real advantage to using your own resources for supporting your external
The disadvantages are endless. Unless you are an expert systems administrator
with experience managing a datacenter, you are potentially exposing your company
network and servers to outside security attacks, power problems, network service
interruptions and the myriad of other things that can go wrong with a computer
system. If your system is already installed on-site, you are all too familiar
with these headaches. Do not underestimate the damage a denial of service
attack can cause to your corporate Internet connection. You will have many
unhappy internal and external customers.
Since the DIY costs are buried in your general IT budget, it is very hard to
quantify your actual expenses, but they can be quite high in terms of lost
productivity and risk. The reality is that this approach can be VERY expensive
unless you have a large installation and staff to support it, i.e. you have a
datacenter that you are maintaining already.
With the co-location option, you are purchasing the right to place your own
equipment in the service provider’s datacenter. That is, you place your own
servers in rented rack space in a fully supported datacenter. If you are lucky,
sometimes the datacenter will supply keyboard, mouse, and monitor. Everything
else is your responsibility: keeping out hacker/crackers, upgrades, repairs,
monitoring, managing services, and so forth. Many providers do not even offer
this service, since it can be quite expensive for the provider.
Co-location is ideal for keeping maximum control of your equipment and your
systems. If you already own the system, it could save you the cost of
purchasing a new one. You do gain the advantage of using the MSP’s bandwidth
and support services. If you have a particularly unusual set of systems and
application requirements, this may be your only option.
Most of the larger ASP and ISPs do not even offer this service, except to their
very largest and most valuable customers. Speaking from the ISP perspective,
ISPs hate co-location customers. They are expensive to maintain, pose a
security risk to the data center, are hard to administer and generally make it
more difficult to manage the datacenter. Genuity used to offer the service
until someone ran the numbers and found that it was actually costing the company
more money that they could possibly get back in revenue. They offered all of
their co-location customers upgraded managed service for the same price and
Genuity still made money on the deal!
Would you trust a company that allows unescorted visitors into its data
center? Although you do get access to the high quality infrastructure, your
provider might limit machine access time for maintenance and upgrades. The more
reputable companies provide an escort for machine access, but watch out that,
those time charges can really add up quickly if you have a major system upgrade
planned. The costs for this option vary, it might be less than a dedicated
managed server, but it is unlikely to be cheaper than a shared managed server.
This more depends on the service provider’s willingness to offer the service.
Managed Service Providers (MSP)
A managed service provider (MSP) provides delivery and management of network-
based services, applications, and equipment to enterprises, residences, or other
service providers. Managed service providers can be either hosting companies or
access providers. Their services can range from fully outsourced network
management arrangements, including advanced features like IP telephony,
messaging and call center, virtual private network (VPNs), and managed
firewalls, to simply providing hosting services for your company external
website. Internet Service Providers (ISP) first offered these services starting
about 8 years ago, when they found that they could sell extra capacity in their
datacenters to their customers. The MSP usually has a myriad of options to
choose from including but not limited to the amount of disk space, number of
processors, platform (Linux, Windows or Solaris generally), server access (web
based, ftp and/or telnet) and available bandwidth. MSP services some in two
basic flavors – shared and dedicated.
When you purchase a dedicated server, you are buying the use of an entire
machine reserved for your use alone. The MSP still builds the machine for you
using their standard specification and supports it fully. You will generally
have more flexibility about what tools you are permitted to install and nobody
but you can crash the machine (an unlikely scenario nowadays). If your
application is large or you require specialized software, this may be the only
option available. The cost for a dedicated server can be surprisingly
reasonable, starting at around $150/month.
If you are on a tight budget and you have a standard application (a storefront
web server or brochure ware, for example) you might consider a shared solution.
Again, as the dedicated option outlined above, you can choose the amount of disk
space, available bandwidth, platform, and tool set to work with. Be aware, when
you buy shared services, you are sharing a machine with other customers. It
sounds dangerous because you will never know whom you are sharing your site
with, but it is completely transparent. If the MSP is at all reputable, this
can be a very inexpensive and secure option. If you find this arrangement
makes you nervous at all, pay the extra for a dedicated server.
Shared services are not only for web hosting either. You can purchase helpdesk
services, disk storage, ERP systems, and almost any type of system you need.
This is the Application Service Provider (ASP) model of providing services. A
few years ago during the Internet boom, everyone thought that ASPs were going to
be the next wave of IT transformation. While the promise has so far not caught
up with the hype, for the right application, this can still be a viable and cost
The advantage to using Managed Hosting Services are that you are able to
purchase the service and support of a fully managed datacenter that you are
unlikely to desire or afford to build and maintain yourself. These datacenters
are constantly updated with the latest security, network, and systems
technology, another expensive headache you do not need. Outsourcing your server
support can be a very cost effective approach because you can purchase exactly
the services that you need, when you need them. Expansion is a simple matter of
purchasing additional services. Numerous large and small companies provide
these services ranging from Worldcom and ATT to tiny specialized downstream
There are some disadvantages to choosing this service model. If you have any
special requirements, you will need to find a MSP that has the special tools
that you need. Since hundreds of companies provide these services, it should
not be difficult to find what you are looking for, but the more specialized your
needs, the more dependent you are on a specific provider. Another potential
downside – this industry is going through a serious shakedown. Many providers
will washout in the next few years as the industry consolidates. One way of
minimizing your risk is to use two MSP companies; if one goes out of business,
you will have time to transfer your account to another with no service
Face it you are literally putting your family jewels in another company’s hands.
You are understandably nervous. Do diligence and through research before you
commit to the company can help alleviate your fears.
Five key questions to ask when choosing an MSP:
- Business Track record – How long has this company been in business, what
are its prospects? Check its D&B rating.
- Quality of facilities – What do they look like? How many facilities does
the company have? Does it have full redundant power and network connectivity?
Is it subleasing space from another provider?
- Upstream providers – Who is it getting service from? Does it
have multiple network access points?
- Administration tools – Does it have a set of administrative tools for
you? Are they easy to use and secure?
- Tech support – Is it available 7×24? What is its guaranteed
response time if there is a issue? Is it proactive when there is a
Your company website, Intranet, ERP and other systems are now business critical
systems. In the past, you have always supported them on-site but you know that
your IT resources are stretched very thin. Does it make sense to move your
application servers to a managed services provider instead of supporting them in
house or using a co-location service? Yes. A Managed Services Provider can
offer security, levels of support, bandwidth and a price for every budget that
you could never hope to match any other way.
Beth Cohen is president of Luth Computer Specialists, Inc., a consulting
practice specializing in IT infrastructure for smaller companies. She has been
in the trenches supporting company IT infrastructure for over 20 years in a
number of different fields including architecture, construction, engineering,
software, telecommunications, and research. She is currently writing a book
about IT for the small enterprise and pursuing an Information Age MBA from