Advice Needed On VPS Hosting

Posted on 2013-05-21
Last Modified: 2013-05-23
I have a pretty active e-commerce site, on shared hosting, that needs a new host because it's presently failing monthly PCI compliance scans, due exclusively to issues -- very few, in fact -- pertaining to the server environment -- none pertaining to the site itself or any of it's scripts. The current host will not help address these issues and has told me I am in violation of the user agreement by allowing the server to be scanned.

Consequently, I'm now looking into VPS hosting with a host that will work with me to resolve all server-related PCI compliance issues. But I've never had a VPS-hosted site before. And while I'm pretty "on the ball" technically, I may be averse to increasing the time it takes to run my site -- by which I mean I don't want to have to take on new obligations, such as having to manage a server, or pretty much anything else beyond... well, running my site.

My understanding is that a so called "fully managed" VPS hosting plan will enable me to simply continue running my site, with the host there to deal with all the server management issues that I've never had to deal with on shared hosting. My understanding is that I'll be able to become involved in managing the server if I wish to, but that there will otherwise be no need for this. My hope is that once the server is brought into compliance, I can continue worrying about only the same things I'd be worrying about if the site was still on shared hosting.

(I must sound like an incurious imbecile! But, really, I just want to make sure I know what I'm doing before taking this leap.)

Is my understanding correct, or will moving the site to a fully managed VPS require a new learning curve and that I take time for things I'm not currently aware of?

Question by:Jonathan Greenberg
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 53

Accepted Solution

Scott Fell,  EE MVE earned 500 total points
ID: 39186568
First, on those PCI scans, I swear they are programmed to find things that have no bearing on security but they need to find things to prove their costs.    For those small picky items, you can typically respond back with a reasonable excuse for a waiver of that item.

If you want to stay on some type of shared plan, newtek has always been pci compliant and they have shared windows and linux  24/7 email/phone support.  I like them for shared services.

When you make the jump to VPS or Dedicated, "Fully Managed" typically means the server has a control panel like Plesk or cPanel.  It does not typically mean it's on the same system as their shared service where the updates are overseen and people come running when there is intrusion detected.    

I made the jump because I needed more database power and the shared sql servers were not cutting it.  My experience with VPS at that time was there was not enough memory as the max was 2 gigs and I had a lot of issues with neighbors hogging CPU even though that was not supposed to happen.  The fix was either getting your slice moved or they shut down the naughty neighbor.    Using windows, my slice kept crashing because sql server wanted more memory so I jumped to dedicated.   After trying out a few services, I settled with for price/service.

If your site has been working out ok on our current shared service, it would be worth checking out  But if you need a private db, then you will need to go vps or dedicated.  By the way, some VPS hosting is not much different in price then low end dedicated...

Author Comment

by:Jonathan Greenberg
ID: 39188822
Hi, padas. Thanks so much for your response!

I haven't had any particular complaints about the scans, really.  I was easily able to address the detected vulnerabilities that resulted from my scripts, and the server-related issues mainly seem to pertain to simple things, such as keeping openSSH up to date.  I think I just need a host who is willing to work with me in addressing such issues.

So I think you're suggesting that if I don't want to have to deal with any new headaches, such as general server security and updates, then I need to stick with shared hosting.  OK, got it.

I'll check out Newtek.  Their Linux hosting plans' "security features" include "PCI-Compliant Facility," which would seem to indicate that they'll do whatever is needed to help me pass my PCI compliance scans.  I'll contact them and ask about this.  Their plans also include cPanel and "24/7/365 U.S.-based phone, email, and live chat customer support," which would be great.

Can you tell me about their support?  I've been with Rochen for the last couple of years.  Rochen is technically very much on their game, but they can be complete assholes to deal with, and I really don't want to have to pull any more hair out of my head dealing with anything other than competent, polite, helpful tech support people.  Are they smart, on the ball, and easy to deal with at Newtek?  This is critical to me.

Lastly, you mention that if I "need a private db," then I "will need to go vps or dedicated."  I'm not sure what you mean by that.  My site runs Joomla, so it's db powers that, along with a few custom web apps that I've developed.  It contains no credit card data, but it certainly needs to be protected and what I would refer to as "private."  But I don't see why the db would need to be on anything more secure than a reasonably well maintained shared hosting platform.  Do you mean something other than that?

Thanks very much, again, for your help, padas!

LVL 53

Assisted Solution

by:Scott Fell, EE MVE
Scott Fell,  EE MVE earned 500 total points
ID: 39188869
I have used newtek since about 1999.  Their support has always been great all hours.  I don't rely on them as much as I only have a handful of clients I have left on their shared service.  Most of my action is on my dedicated.  

I have run ecommerce on their shared servers without issue.  They have been very good to work with and helpful and feel confortable recommending.  

What I meant by private db is on your server rather then a shared db that comes with the shared plan. But if you are already used to that, then you are good.

Let them know what problems you are having.  You may not need to use an outside scan service if they can provide the documentation.   However, I would doubt if a scan found some obscure thing and that obscure thing would effect everybody else, it may or may not be able to be taken care of.  That would be true of any shared service.  

They use smartermail for email and I believe the folks that wrote smartermail started at newtek when it was crystaltech.  And I think the smartermail office is accross the street still.  So getting email server issues was always good with the exception of spam.  They use a couple of larger anti spam companies but I always had a few people that were spam magnets that nothing would fix.  Now I just force everybody to use google apps for business for their email and I never hear any complaints about too much spam.

Author Closing Comment

by:Jonathan Greenberg
ID: 39191430
Thanks for your help, padas!

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Australian government abolished Visa 457 earlier this April and this article describes how this decision might affect Australian IT scene and IT experts.
Dramatic changes are revolutionizing how we build and use technology. Every company is automating, digitizing, and modernizing operations. We need a better, more connected way to work together as teams so we can harness the insights from our system…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question