Advice Needed On VPS Hosting
I have a pretty active e-commerce site, on shared hosting, that needs a new host because it's presently failing monthly PCI compliance scans, due exclusively to issues -- very few, in fact -- pertaining to the server environment -- none pertaining to the site itself or any of it's scripts. The current host will not help address these issues and has told me I am in violation of the user agreement by allowing the server to be scanned.
Consequently, I'm now looking into VPS hosting with a host that will work with me to resolve all server-related PCI compliance issues. But I've never had a VPS-hosted site before. And while I'm pretty "on the ball" technically, I may be averse to increasing the time it takes to run my site -- by which I mean I don't want to have to take on new obligations, such as having to manage a server, or pretty much anything else beyond... well, running my site.
My understanding is that a so called "fully managed" VPS hosting plan will enable me to simply continue running my site, with the host there to deal with all the server management issues that I've never had to deal with on shared hosting. My understanding is that I'll be able to become involved in managing the server if I wish to, but that there will otherwise be no need for this. My hope is that once the server is brought into compliance, I can continue worrying about only the same things I'd be worrying about if the site was still on shared hosting.
(I must sound like an incurious imbecile! But, really, I just want to make sure I know what I'm doing before taking this leap.)
Is my understanding correct, or will moving the site to a fully managed VPS require a new learning curve and that I take time for things I'm not currently aware of?
Thanks!
Consequently, I'm now looking into VPS hosting with a host that will work with me to resolve all server-related PCI compliance issues. But I've never had a VPS-hosted site before. And while I'm pretty "on the ball" technically, I may be averse to increasing the time it takes to run my site -- by which I mean I don't want to have to take on new obligations, such as having to manage a server, or pretty much anything else beyond... well, running my site.
My understanding is that a so called "fully managed" VPS hosting plan will enable me to simply continue running my site, with the host there to deal with all the server management issues that I've never had to deal with on shared hosting. My understanding is that I'll be able to become involved in managing the server if I wish to, but that there will otherwise be no need for this. My hope is that once the server is brought into compliance, I can continue worrying about only the same things I'd be worrying about if the site was still on shared hosting.
(I must sound like an incurious imbecile! But, really, I just want to make sure I know what I'm doing before taking this leap.)
Is my understanding correct, or will moving the site to a fully managed VPS require a new learning curve and that I take time for things I'm not currently aware of?
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for your help, padas!
ASKER
I haven't had any particular complaints about the scans, really. I was easily able to address the detected vulnerabilities that resulted from my scripts, and the server-related issues mainly seem to pertain to simple things, such as keeping openSSH up to date. I think I just need a host who is willing to work with me in addressing such issues.
So I think you're suggesting that if I don't want to have to deal with any new headaches, such as general server security and updates, then I need to stick with shared hosting. OK, got it.
I'll check out Newtek. Their Linux hosting plans' "security features" include "PCI-Compliant Facility," which would seem to indicate that they'll do whatever is needed to help me pass my PCI compliance scans. I'll contact them and ask about this. Their plans also include cPanel and "24/7/365 U.S.-based phone, email, and live chat customer support," which would be great.
Can you tell me about their support? I've been with Rochen for the last couple of years. Rochen is technically very much on their game, but they can be complete assholes to deal with, and I really don't want to have to pull any more hair out of my head dealing with anything other than competent, polite, helpful tech support people. Are they smart, on the ball, and easy to deal with at Newtek? This is critical to me.
Lastly, you mention that if I "need a private db," then I "will need to go vps or dedicated." I'm not sure what you mean by that. My site runs Joomla, so it's db powers that, along with a few custom web apps that I've developed. It contains no credit card data, but it certainly needs to be protected and what I would refer to as "private." But I don't see why the db would need to be on anything more secure than a reasonably well maintained shared hosting platform. Do you mean something other than that?
Thanks very much, again, for your help, padas!
Regards,
Jon