How Can one Use SSL Or TSL To Secure Visitor’s Information?
Everywhere you turn nowadays, it seems that there is someone looking to benefit at the expense of someone else. Cons, cheats, and thieves seem to be a dime a dozen in today’s day and age, and as technology advances, as do the skills of criminal. The Internet is no safe haven from such activities. There are many unsavory people out there trying to benefit from many Internet crimes, ranging to identity theft to credit card fraud.
What makes this very perplexing is that many websites require their visitors to supply some sorts of personal information about themselves. Depending on the website, you may be required to enter your name, address, date of birth, credit card information, and much more information that you would very much like to keep out of the hands of the Internet criminal.
As the owner of a website, the onus is on you to secure your web visitor’s information. If your service requires personal information of some kind, then you will need to take measures to ensure that your customer’s information is safe. But how do you do this? After all, your visitors are running a web browser on their local machines and their information is traveling across the open Internet to your website. What can you do?
The answer is to use some form of encryption between the web browser and your website. You can do this using SSL or TSL.
The Secure Sockets Layer (SSL) is a commonly used protocol for managing the security of a message transmission on the Internet. SSL uses a program layer located between the Internet’s Hypertext Transfer Protocol (HTTP) and Transport Control Protocol (TCP) layers. In layman’s terms, the data is encrypted in a user’s web browser, using an encryption key that belongs to the website. The data is transferred from the web browser to the website in this encrypted format, where it is unencrypted by the web server software to be used by the website. This ensures that a user’s personal information is not being transferred in readable format for anyone to capture and read as it crosses the Internet.
Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. TLS allows the server and client to authenticate each other and to negotiate an encryption algorithm and cryptographic keys before data is exchanged. TLS is the successor to the Secure Sockets Layer (SSL), and is based on that technology. In this way, one can say that SSL has evolved into the TLS protocol.
So, now you know what methods are available to secure your communications, but what do you need to do to integrate it into your website?
For starters, find out what security options are available from your web hosting provider. If you host your own website, you will need to check your web server software to find out what kind of encryption it will support. Next, you need to get a certificate for your website. A certificate is required for security authentication between the web browser and your web server. Once you have installed your certificate on your web server, you will need to modify the pages of your website that you wish to secure to be called with the “https” protocol instead of the “http” protocol. For example, if you have a web page called “contactinfo.html” that asks for a series of personal information and then calls a page called “submitinfo.asp” to save it to your database, the link would be https://www.yoursite.com/submitinfo.asp. By specifying the “https” protocol at the beginning, you’ve told your web browser to utilize a secured layer to communicate with the web server. Here is a brief list of the steps that occur for SSL and TSL:• A URL is entered, such as https://www.yoursite.com in the web browser’s window. The https indicates that a secure session should be used.
• The server responds by sending the site’s certificate to the browser.
• The browser validated the certificate is valid.
• The browser then creates a session key, which is encrypted with the server’s public key, and sends it to the server.
• The browser and the server now communicate using the encryption that they have just agreed on.
Now that you know how it works, the next step is getting started. The premier issuer of digital certificates worldwide is Verisign (http://www.verisign.com). On their webpage can be found more in depth information in regards to how SSL can help your business and exactly what it takes to get started. For smaller websites, there is the possibility of shared certificates, where more than one website share one certificate. This is not as secure, but it does cut down on the costs. The website WhichSSL (http://www.whichssl.com) is an excellent resource for comparing different encryption options and providers to find the one that best suits your needs.
SSL and TSL encryption are a necessary tool for making your website secure for your visitors. By utilizing the information contained in this article, you should now be armed with the proper information to make an informative decision on what solution may be right for you and your visitors.
How Multiple Server Hosting Impacts Your Website’s Uptime
Hosting of web sites has essentially become a commodity. There is very little distinguishing one hosting company from the next. Core plans and features are the same and price is no longer a true determining feature. In fact, choosing a host based on the cheapest price can be more expensive in the long term with respect to reliability issues and possible loss of sales as a result of website downtime.
Selecting a host from the thousands of providers and resellers can be a very daunting task, which may result in a hit and miss approach. But although hosting may have become a commodity, one distinguishing feature that you must always look out for is reliability.
At the heart of any hosting company’s reliability is redundancy. This ensures that if a problem exists at one point, there will be an alternative which ensures continuity as seemlessly and transparently as possible.
Most hosts do employ redundant network connections. These are the high speed pipes that route data from the server to your web browser. But, redundant ‘multiple web servers’ have been extremely rare and very expensive, requiring costly routing equipment which has previously been used only in mission critical applications of Fortune 500 companies.
However, a very neat but little known Domain Name Server(DNS) feature called ’round robin’ allows the selection and provision of a particular IP address from a ‘pool’ of addresses when a DNS request arrives.
To understand what this has to do with server reliability it’s important to remember that the Domain Name Server (DNS) database maps a host name to their IP address. So instead of using a hard to remember series of numbers (IP address) we just type in your web browser www.yourdomain.com, to get to your website.
Now, typically it takes at at least 2 to 3 days to propagate or spread the word of your DNS info throughout the internet. That’s why when you register or transfer a domain name it isn’t immediately available to the person browsing the web.
This delay has stymied the security benefits of hosting your site on multiple servers, as your site would be down for a couple of days if something went awry with one server. You would have to change your DNS to reflect your second server and wait days before the change was picked up in routers on the internet.
However, the round robin DNS strategy solves this predicament, by mapping your domain name to more than one IP address.
Select hosting companies now employ the DNS round robin technique in conjunction with’failover monitoring’.
The DNS round robin failover monitoring process starts by a web hosting company setting up your site on two or more independent web servers (preferably with different IP blocks assigned to them). Your domain name will therefore have 2 or more IP Addresses assigned to it.
Then the failover monitor watches your web server(s) by dispatching data to a URL you specify and looking for particular text in the results. When the system detects that one of your IP addresses is returning an error, and the others aren’t, it pulls that IP address out of the list. The DNS then points your domain name to the working IP address/s.
If any of your IP’s come back online they are restored to the IP pool. This effectively and safely keeps your site online even if one of your web servers is down.
The average failure detection and recovery time with a system like this can be as low as 15 minutes. This time varies depending on the speed of your site and the nature of the failure and also how long other ISP’s cache (save) your DNS information.
The time taken for other ISP’s caching your information can be manipulated in the failover monitor by lowering the “time to live” (TTL) cache settings. These are the settings that other ISP’s will use to determine how long to cache your DNS information.
Of course you must bear in mind the matter of how frequently data is synchronized between your website’s servers. This will be the hosting company’s responsibility, and this may become complicated where databases and user sessions are involved.
The very expensive hardware based failover monitoring systems that point a virtual IP address to other ISP’s, while behind the scenes juggling a number of unique IP addresses on different servers, is of course the most ‘elegant’ solution to multi server hosting.
That way, the whole issue of ISP’s caching your information does not come into play.
Therefore, for site’s that need to have true 99.99995% uptime, without huge outlays of money, the technology is readily available and certain proprietory failure monitoring systems are now relatively cheap to apply.
How to estimate your website hosting needs
I write this article especially for people who are new to web hosting. This is why I will only talk about the basic needs (in a shared hosting environment): space, bandwidth. Most of the people looking for advanced features (scripting, databases) already know what they want/need anyway.
So let’s start with the space. Web space (disk space) is the amount of data you can store on the hard disk of the web server. Each web hosting accound comes with a certain amount of space, usually over 50 MB and less than 1000 MB.
Obviously, the amount of needed space depends on the size of the website. Most websites are composed of html (text) pages with a few images (gifs or jpegs) or even a little bit of Flash animation. Text is very economical; it occupies very little space. Images and flash are more expensive; they require a lot of space. If you’re new to the web you might think it’s great to have a lot of colorful images to make your website really beautiful. Don’t make this common mistake!
Your aim should be to say as much as you can on a page while maintaining it’s size under 50-60 KB including images. The reason? There are still lots of people using slow dial-up connections of under 56 Kbps. For them a 150 KB will take more that 21 seconds to load. A 60 KB page will take more than 8 seconds to load. That’s still a lot of time! A good page size is under 30 KB. A maximum page size is 50-60 KB.
Considering an average page size of 30 KB, you can put approximately 33 pages on 1Mb of space. If you have 10 MB of space available, you could host 330 pages. I only wish I had so many pages to put online. Don’t worry, I’m working on it!
The idea is this: unless you run a busy forum your needs for space are likely to be rather modest. Just keep in mind to achieve an average of 30KB/page and you should be more than fine even with 10 MB of web space.
Bandwidth is the amount of data that you’re allowed to transfer per month. It includes all uploads and downloads regardless of the protocol used (HTTP, FTP, POP etc.). Bandwidth depends very much on the average page size, but it also depends on the number of visitors your website will have and the average number of pages they visit. For an average page size of 30 KB, 20,000 visitors per month and 3 pages per visitor your website will need about 1800 MB (1.8 GB) of bandwidth per month. Most low cost hosting packages include that amount of bandwidth. Not to mention that 20,000 visitors per month is only a dream for most websites. Most don’t even have 2,000 visitors per month.
I took you through all those numbers just to give you an idea how to estimate your needs. If you’re just launching your website you will not need neither a huge amount of space, neither a huge amount of bandwidth. For 99% of people a hosting account with 10MB of space and 1Gb is more than enough.
Conclusion: Unless you have reasons to believe that your website will definitely have lots of visitors and unless you’ll offer movies or music for download (legally of course ), I see little reason for you to worry about space and bandwidth.
Just make your own calculations and also try to make sure that the host you choose allows account upgrades. That is to make sure you will be able to get more space and/or bandwidth if/when you need it without going through all the trouble of changing hosts.
Affordable is many times more than the price tag
“Some people tend to go for freebies, but would you take free eggs if they were offered on the parking lot of a supermarket? I know I wouldn’t”.
What is affordable anyway? At first, you could think it solely depends on the price. In most cases you end up realizing it’s rather far away from that. Taking the cheapest hosting service on internet is not far away from buying the cheapest house or a car available. I know you wouldn’t do that so read on and i’ll explain why you shouldn’t get the cheapest hosting service provider either.
There are many hosting companies out there offering web hosting for ridiculous prices. They offer everything unlimited for only 5.95 per month. At the same time they talk about global sales, special trained staff, fiberoptics, fully redundant cisco networks and so on but how can they get all the money for building the infrastructure, equipment and training then? Not from hosting. You can see it from their price tag.
While these companies render themselves economically unwit by the promises that are proved to be impossible, they also reaveal their true knowledge of technology by claiming to offer unlimited anything. The truth is, nothing is unlimited, except outer space, and this we are still unsure of. So unless we prove the space to continue forever and get it captured inside a hard disk cover, let’s just assume there is no such thing as unlimited. Especially when it comes to bandwidth and disk space.
The major concern when it comes to choosing a web host is the speed. Not the bandwidth or the disk space as you can always get more. But when it comes to server speed, or responsiveness, that is something that you cannot get with money. It’s just what it is and usually gets worse by the time when the server fills up. If your host offers unlimited features with a low price, you can be sure that the servers need to be filled with a lot of customers to get profit from the server. And that means slow speeds which will never get any better.
The next concern is what you can do with the service. Many companies like to play safe and simply install everyhing into their servers and offer that as a single package. But what happens on a computer that runs ASP, ASP.NET, PHP, Perl, Python, mySQL, MSSQL, SSI and so on? In worst cases, nothing. In a milder variation of the above, something but not what they truly intended. When they get it all working, the server will have so many workarounds configured and security holes created so that it should be drawn out of production to be repaired. Unfortunately on some companies this doesn’t apply and instead of being concerned about clients security, they’re more concerned to get everything somewhat working so they can write all the fancy features in a single ad on their site.
The time goes by, they apply some updates and nothing works. They apply some more funky configurations and get the computer running once again. This game resembles a lot of the spring-games I used to play when I was still a kid, trying to get the waterflow from melting snow going where I wanted. It’s not like you tell the flow where to go but where not to. No matter how hard I tried, the next morning the water was going where it wanted. The problem wasn’t with the tools or the technique, but the original idea of getting the water go forever where it wouldn’t go. This is very close to the idea of having all the technologies running on a single box. Cool, but doesn’t work.
When you get your site hosted on a server with the above configurations, you’ll force your webmaster coding in a broken environment. Many times with old drivers because the new ones caused problems. The code that the webmaster codes on the server is forcibly filled with workarounds similar to the ones in the operating system configuration. And when the time comes, that the hosting service provider discontinues their services because they were found to be impossible, you will need to switch hosts. For your surprise, the code won’t work on the new server. Why? Because the new server doesn’t have all those “special” configurations and “hot ideas” in the operating system.
At this point you will need to contact your webmaster to get things working. And pray the god that you can contact the same webmaster you previously used as he hopefully remembers even somehing about the workarounds in the code and why they were implemented. Getting a new webmaster would probably lead to rewriting the whole code. At least it should be cheaper that way. Sounds pricey? It is, especially when you take into account how much time and money were used with the initial code while coding in all the workarounds we’re about to trash.
So when choosing an affordable host, you should search for a host with reasonable prices compared to the services they offer. This way they can afford keeping all the technology working top notch. This way your environment will be stable and working and the development on the server should be as fast and cheap as possible. Do not believe in marketing gimmicks like unlimited mailboxes, disk space, bandwidth or anything. It’s not even possible and it only proves that the company is driven by marketing people biased to improving their own economy. Not the customer’s. When it feels too good to be true, then it is exactly that.
Web Hosts – Keeping Customers Happy
The web hosting industry is one of the most competitive industries on the Internet today. Web hosts are constantly thinking of new advertising campaigns in the hope of attracting more interest to their company; and, hence to attract more customers. While this is an important goal for any web host it is just as important to recognize and value the customers you already have.
Put your customer needs first.
Acknowledge your customers’ feedback and then do something about it; make sure there is a place on your web site or in your control panel for customers to make remarks or offer suggestions about your services or products. Use these suggestions to improve your company. Even if you receive negative feedback, use this feedback positively; it’s better to fix customer concerns as soon as possible to benefit your company’s success in the long run.
Provide staff management training.
Web hosts can say they have reliable staff and offer support around the clock. Though behind the scenes the story is very different; try to accomplish what you preach, it is no use to anyone having staff with bad organizational skills and poor communication skills. Having a clear vision of your company’s goals, providing regular training and being involved with your staff, will contribute greatly to efficiently managing your business.
Offer fast and reliable support.
If there is something going critically wrong with a web site, customers can’t be sitting around for days waiting to get their problems solved. Any critical support requests should be answered in just a matter of an hour or two; and, any other requests should be responded to in no more than 24 hours. Hosts should be offering around the clock support, especially if their market is global.
Reliable support is also crucial.
The most common complaint that people have with their web hosting companies is that, sure they get their support requests answered fast but, their host has either not fixed their problem properly or they have no idea what the support team are talking about, too technical. Many people don’t understand all the terminology of website hosting, support staff needs to be trained in good communication skills too.
When receiving a support request it is much better to make sure the client’s problem has been fixed properly, make sure your support staff test everything they fix! Not only will you find that you will be receiving less support requests, but your clients will be a lot happier also. One advantage to happy clients is more referrals!
Give your customers freedom.
Many people tend to sign up with a web host who will offer a discount if you sign a yearly contract with them. However most people who do this get ‘stuck’; if they are unhappy with their web host they will lose a large proportion of their fee if they cancel their contract. One way to keep your clients happy is to give them the option of paying monthly; this way your customers will have the freedom to change their account packages at any time.
Your clients should be given freedom to administer their own accounts. A good way to provide this is to ensure your clients have their own customizable control panel. This is true freedom, where a client can administer every key aspect of their account from: viewing their account details and billing details; to, for example, interactively adding a new web site, ftp logins, mail accounts, and new users.
Keep your customers well informed.
Let your customers know about any thing that could possibly affect their websites. Keep your customers informed on issues such as general maintenance, for example: when, and how often, backups are done on the servers; these are a crucial necessity to keeping servers running well, but clients have to be told this. If there is a customer issue that may take a while to fix, it is much better to inform them of the issue and let them know you will get back to them as soon as possible. Customers shouldn’t feel like they are left out in the cold, wondering why it is taking so long to fix their problem.
A web host who doesn’t recognize the importance of providing good service to their customers will quickly loose their customers and will fade out very quickly. Customers need to feel as though they can trust their web hosts. They need to know that the hard work they put into developing their web site will be complemented by having a great web host; one that is concerned with providing the best service for ALL their customers.
Remember the more happy customers you have the more successful your web hosting company will be, and the more growth you will see.
Why You Need A Domain Name
On the World Wide Web your domain name is your own unique identity. No two parties can ever hold the same domain name simultaneously; therefore your Internet identity is totally unique. If you have a business site on the Internet your domain name is your own online brand and in a sense you can use your domain name as your online business card. With your own domain name your web site, and e-mail addresses for example will have that professional look, being unique to your business. Many people often miss the importance of having and then keeping their domain name until they lose it. Once this happens they soon realize that they have lost their whole online identity. How does a domain name work?
To understand why you need a domain name you first need to know how a domain name works.
A domain name is an addressing construct, used for finding and identifying computers on the Internet. Computers use Internet Protocol (IP) Addresses, which are a series of numbers used to identify each other on the Internet; however, many people find it hard to remember IP Addresses. Because of this, domain names were developed so that easily remembered names and phrases could be used to identify entities in the Internet instead of using an IP Address.
For example, the domain name M6.net identifies the company M6.net. When a user types the domain name M6.net in their browser or sends an email to M6.net, the Domain Name System (DNS) will translate the domain name into IP numbers. These are then used by the Internet to connect the user to M6.net’s web presence.
What should I use as a domain name?
You can use a word or phrase as a domain name. When thinking of a domain name, think of catchy words or phrases that are easy to remember and that will bring more traffic to your site. Try to use a domain name that is relevant to your web site. If your web site is a business site, it is a good idea to use the companies name as the domain name or if your site is a personal site try to think of a domain name that is related to the topic of your web site.
Also try to keep your domain name as short as possible, around 5 to 20 characters is fine. The shorter the domain name the easier it will be to remember.
One thing to keep in mind is assumed spelling issues; if you think up a ‘clever’ domain name such as 1luv4u.com, One Love For You (dating service), people may type in oneloveforyou.com believing this is the domain name; or oneluv4u.com, or 1love4you.com etc. This leads to brand problems. In this case the ‘oneloveforyou.com’ name would be best. Another unfortunate example: Flo Office Supplies ? flooffice.com?
How do I acquire a domain name?
There are two main ways you can get a domain name. You can either register your domain name yourself or you can get your web host or ISP (Internet Service Provider) to register it for you.
To register a domain name yourself you will need to choose a Registrar. A Registrar is an ICANN accredited domain registration company. There are hundreds of Registrars on the Internet nowadays. The market is becoming increasingly competitive; which means that you can purchase domains names for a low yearly fee.
Most web hosting companies will offer domain registration services to their clients. When you register a domain name through a web host they will register your domain name for you through their own approved registrar. An advantage to having your web host register your domain name for you is that, they have probably done this process many times before; they have all the necessary information ready at hand. This process will save you time and, as long as you give the ?correct? domain name desired, there will be no unfamiliar dealings with Registrars.
Why should I keep my domain name registered?
If you loose your domain name you can loose your whole online identity.
Because you can only register a domain name for a year or so, you will need to make sure that you renew it before the expiry date. Once your domain name expires you will no longer own that domain name. Your Registrar will then own it and be able to sell your domain name to the highest bidder. To make sure you don’t lose your domain name you will need to make sure you renew your domain name at least two weeks before it expires.
Also make sure that your information is registered properly, especially if you didn’t register your domain name yourself. Ensure that your information is displayed as the registrant, administrative and billing contacts; most importantly make sure that the email addresses for these contacts are ACTIVE. When you receive any information about your domain name, such as renewals, price changes, etc? an email will be sent to this email address. If you can’t receive any mail from the email addresses listed under the domain names contact then you are at risk of not receiving important notifications about your domain names, which could result in loosing your domain name.
People often miss the importance of having their own unique domain name for their web sites. A domain name represents you, your company and your online presence; as does a ?business card?. If you don’t have your own domain name you won’t be able to promote your own online identity and web site on the World Wide Web.
What is Root Access, Can I Live Without It?
In the world of web hosting, there are a lot of web hosting providers who compete with each other with long lists of features and benefits. On many of these lists you will see the term “Root Access”. To be honest, many of the people with websites today will never need Root Access, and many of them do not even know what it is.
In the world of UNIX and Linux, security is based on permissions. This extends to both the file system and access permissions. This security system is very flexible, and allows a system administrator to set up unique security access constraints to only allow certain users to see certain areas and access certain files and applications.
In order to administrate something like this, a “master” account is needed. This account, the “root” account, has full access to the machine at “root” level meaning the lowest level of access you can have (or, in other words, the best access). Having “root access”, you can do many things the typical user account cannot do. This includes full manipulation of the file system, as well as administrating the current running processes. There is a danger here. Someone who is not a seasoned administrator can do a lot of damage to a machine, due merely to the amount of power that is available at their fingertips.
Do you need this kind of access? That depends. To be honest, unless you have your own server, either dedicated or collocated, chances are that you will not need (or receive) root access. Root is something required for server maintenance, and if you are having your website hosted by a hosting company on a machine with twenty other websites, it’s a safe bet that your hosting provider is not going to give up root access to the box. It would be the hosting provider’s job to administer the server to keep it running smoothly.
Web Hosting Benefits Of A Dedicated Server
Hosting your web sites on your own dedicated server may seem a little expensive in comparison to shared web hosting, but the end result is more advantageous. Shared web hosting, no matter how well managed, cannot be 100% reliable and stable. However if you have your own dedicated server you can manage to avoid most of the variables affecting the reliability and stability of a server, commonly experienced by shared hosting accounts; variables such as: overload, bad codes and scripts from other users (especially beginners); and, too many applications and components uploaded, and so on.
On a dedicated server you will install only software and applications you want to use, while on a shared hosting server you will find a host of other software and applications installed for other users.
By the very nature of the account, a dedicated server: reduces your dependency on the web host; and bypasses time delays and possible expenses incurred from these. With dedicated server hosting you can provide instant support to your own clients whenever required, which is not possible if you are on a shared server. A reliable and fast support service is vital for your own business growth just like the stability and reliability you wish for your own website. In business, reliability is reflected through word-of-mouth as one of the most effective promotional activities.
For people with clients, such as Graphic Designers and Web Designers a dedicated server is invaluable. A dedicated server will bring extra income into the studio, not just as a hosting facility, but, as a designer knows only too well, for the extra ‘bread and butter’ income value. If you have 24hour access to your own dedicated server then you can adjust, correct or update a clients website in minutes, allowing you to keep the dollar back in your studio and not in someone else’s. Ready availability results in reduced labor costs for the client, but higher studio-income frequency for the designer. Hence you will see the return of all your regular offline clients, bringing their web work with them.
The need for a dedicated server to your average shared server user is realized when stats tell you: how quickly people left your site because it was taking too much time to download; or how many daily visitors you are down by, because your site was not up. The true negative is the worry of how many lost visitors could have been your future paying-customers. The loss could easily equal the value of the upgrade to a Dedicated Server!
For a business, a website that is quickly downloadable and up all the time gives the visitor encouragement that your service is just as reliable, hence you will be more likely to make a sale. It will also enhance the company’s image and encourage existing customers to refer your service to others. This will result in more sales for less promotion.
Which Web Server – Linux or NT?
If you’ve been lurking in the various forums and newsgroups devoted to webmastering, you could hardly fail to notice the heated debate going on at this time. No, it’s not which is the best browser. This debate is about web servers. More precisely, which one is better: Apache or Internet Information Server (IIS).
To tell you the truth, I’ve used them both (and a few others as well) and the simple plain truth of the matter is these two web server platforms are really functionally equivalent.
Ease Of Use
IIS is much easier for the novice as operators can maintain it from easy-to-use screens and forms. Windows 2000, on the other hand, costs a lot more than other operating systems such as Linux, FreeBSD and Unix.
Straight Apache requires a huge learning curve to learn how to operate and administer. Everything is configured in extremely obscure text files, and these configurations are done by hand (although you can purchase add-on utilities to enable entry of much of this information from screens and forms.)
Security
The security model of IIS is one of the best ever designed, based as it is upon NTFS (the security model of Windows NT and Windows 2000). This model is far superior to the anything provided with Apache for non-Windows systems. Of course, on Windows, Apache can use NTFS as well.
Of course, IIS has been plagued with a number of vulnerabilities lately, and these are a concern. It’s common to patch IIS at least monthly, and to install a new service release (a collection of patches) twice a year. Most of the bugs were worked out of Apache (prior to version 2) long ago. Of course, with the release of version two of Apache you can expect a number of security and other flaws to surface – these are a normal part of a product’s life cycle.
Customization
IIS does NOT have the equivalent of HTACCESS. The HTACCESS file in Apache is used to individually configure virtual sites (web sites) without restarting the web server. However, on IIS you have a very flexible method of configuration with ISAPI filters and other similar methods. Both methods (HTACCESS and ISAPI filters) are very obscure and for advanced webmasters.
Efficiency
According to several reports that I’ve come across lately IIS is more efficient than Apache. My own testing has led me to conclude the performance of the two is roughly the same for static pages. PHP (the server side scripting platform common on Apache) tends to be more efficient than ASP (the server side scripting system for IIS) according to many sources, although I have tested neither for speed.
Hardware Requirements
I have run both web server platforms on large and small boxes of many different configurations, and I’ve found they require much the same hardware. This is not surprising, since the two platforms basically do the same thing.
When you configure Windows and IIS, it’s a good idea to strip the operating system of unneeded functions. This reduces the size box you need (as well as increasing security).
I’ve run both platforms on 64mb of memory with a single 5600 RPM IDE drive and 200mhtrz processors with reasonable response time (all things considered). I’ve also run them on dual 2gigahertz systems with 15k RPM SCSI raid 10 drives with incredible performance. The two platforms are equivalent in hardware needs.
Large Server Farms
Microsoft has worked hard on load balancing, so there are more options available for IIS and Windows 2000 for this than other operating systems. In fact, Windows 2000 clustering (the ability to run several servers using the same disks) is very advanced and makes disaster recovery a breeze.
Disaster Recovery
IIS backup solutions (those which are provided with Windows 2000) are surprisingly weak. There is no way to back up the metabase (all of the IIS configuration parameters) from one machine and restore it to another (which makes disaster recovery difficult). On the other hand, with Apache it’s just a matter of saving all of the configuration text files.
Language and other support
IIS and Apache both support CGI, SSI and PERL (ActivePerl on IIS is excellent). IIS natively supports ASP and I’m sure you could find PHP if you looked (I have not). Apache tends towards PHP, although you can install something like Chilisoft ASP if you want.
CGI, SSI and PERL are performance hogs and security nightmares in both web platforms.
Stability
Both web platforms are rock solid stable. I have run apache servers which have stayed up for longer than a year without a reboot, and my IIS servers have run for years with the only rebooting required is the occasional service pack and security patch. Neither web platform (or OS for that matter) has even once crashed due to a bug.
Operating System Integration
IIS and Windows 2000 is a more “integrated” environment than Apache, since IIS is targeted specifically for the operating system. This has the advantage that the GUI and controls of IIS look and feel the same as every other tool on Windows.
On the other hand, you can find Apache for just about any platform, including Lunix, Unix, BSD, and even such things as OpenVMS. If you need to be able to move between platforms, then Apache is a great choice.
Email
SMTP on IIS is primitive but functional. This is because it is only provided to allow scripts and such to send email from the server. If you need additional email support, you are expected to use Exchange or some other email system.
Apache does not support SMTP (sendmail), although a version is usually provided on the target system. The provided email solution is full featured – but you must be very sure to check the configuration to be sure your system is not an open relay.
The IIS SMTP module is configured through the standard Windows 2000 entry system, while Sendmail requires configuration file editing. IIS SMTP is absolutely trivial to maintain; Sendmail can be a challenge.
DNS
DNS on Windows 2000 is far, far superior to anything available on Unix or Linux. Bind (he DNS for Unix and similar systems) has traditionally suffered from a huge number of security vulnerabilities) and is very involved to maintain.
My own experience with DNS servers indicates the best solution is a dedicated DNS application box. These are inexpensive (for a business), easy-to-configure and much more secure than either the Windows 2000 version or the Unix version.
Search Engines
There is NO difference as far as search engines are concerned between Apache and IIS (or any other web server, for that matter).
Conclusions
I’m sure I could write for hours and hours about this subject (and perhaps I will in an article on my own web site). Basically, IIS and Apache do the same thing. They have a vastly different design philosophy, however, and the underlying operating systems have even wider differences.
My experience is that Linux and Unix people prefer apache, and windows people prefer IIS.
To me, the choice of webserver really comes down to “what are you and your group comfortable with?” If your experience is with apache, linux or unix, then you probably want to stick with Apache. If your experience is with Windows, then you will probably be uncomfortable with Apache.
I’ve used both (and several others) and quite frankly, to me, it does not matter. Drop me on a server running apache or IIS, and I will feel at home.
Testing web hosting companies
In the final stages of your search for a good web hosting company, a very important step is to test “the finalists”. Because most web hosting companies have client support email(s) listed openly on their website, testing the quality and speed of their support is quite easy. All you have to do is send an email with one or more questions.
Let’s take things step by step. First you have to find that email address. Usually you can find it in a “contact us” or “about us” section. Different email addresses result in different test results. What I mean by that is that you have to send an email to the SUPPORT team to verify the level of support, NOT the sales team.
There are different types of hosting companies: some web hosting companies answer their support emails a lot faster than they answer sales related emails, while others do exactly the opposite. You find that strange? Don’t! It’a all a metter of fosus. Generally, good companies focus on their current customers and they regard (not without reason) support tickets as more important than new sales. Sure, the sales department should be reasonably good too, but, as a customer, it’s reassuring to know that you come first when time is short.
I’m not saying that you shouldn’t send emails to the sales teams. Certain questions are to be sent to the sales department, but the department that really should be tested (customer wise) is the support department. The reason is that after you sign-up for the service you will deal almost exclusively with the support staff.
By sending a test email web several things can be verified (and compared):
1. The amount of time it takes to receive a response.
To get the most of of the test (and be able to make a valid comparison between different companies) you should take special care not to favor any company.
To test the response time accurately you have to ensure that all investigated companies are send the emails at roughly the same hour (their time, not your time). Today we have hosting companies with staff in USA, UK, Australia, Hong Kong etc. Why not “exactly” at the same time? Because this is not rocket science! Of course, be as precise as you possibly can, but don’t stress yourself too much.
Another thing is to select the right day in the week. As you might expect, in the weekend the response time can be somewhat longer. But, to put it short, I would send the e-mail Saturday night after midnight (their time, remember?). This should be the ultimate test.
Time evaluation: Anything under 6 hours can be considered a very good response in my opinion.
2. The quality of the response.
Answer quality has many facets. One of them is the quality of the information. Is the question answered precisely and correctly? Another one is the quantity of information. Is the answer incomplete, complete or provides all you ever wanted and a bit more?
Another is the clarity of the answer. Is the answer easy to understand, explains the “tech” words that you might not be familiar with or it sounds like gibberish?
Another is the structure of the answer. Is it well structured, stating with A and finishing with Z, or it’s all a mess?
3. The personal level of the conversation (and/or politeness)
There are different approaches to this politeness issue. Some hosting companies use the “Sir” formula and some web hosting companies use the “you” formula (I don’t thing there are many using the “Ya” word) . It’s all a matter of taste. There are web hosting companies employing the “friendly above all” approach and companies employing the “respectful above all” approach.
As I said, it’s a matter of taste. I usually prefer the friendly approach because it allows a “personal touch” and a slightly more relaxed conversation. But hey! Who am I to judge you! If you prefer to be called “Sir” or “Ma’am”, I am OK with that. Just tell me when you send me an email which type of conversation you prefer and I assure you I will do my best to respect your likes (and dislikes).
I guess those are the things we can test with a test email. Let’s devise now such a test email. This will be just a sample to give you a rough idea; you’re free to make-up your own test.
Note that because you’re not hosted by them yet, your question come from someone they don’t know and can’t verify if it’s a client or not. You could be asked to provide some form of client identification in order to receive an answer, but I doubt this will happen.
“Hi.
I have a small problem. I intend to learn PHP. I just wrote a small script and I saved it in a file that I uploaded it on the server. Whenever I load it, instead of getting the expected result, the page simply lists the code of the script. Is there something I can do about it?
Thank you very much.
Regards,
Your name”
Of course this test is mainly for UNIX/Linux servers with PHP (the majority of such servers are PHP enabled, but you should make sure about it in each case).
OK… So what are we looking for in the answer?
First of all, because the script doesn’t work and it simply gets listed, it’s almost obvious that the script file is not parsed by PHP. In 99% of the cases this is due to the fact that the file extension is not .php (e.g. “scriptfile.php”). Since in basic HTML design the files are saved as .htm or .html files, new web programmers save script files with one of those extensions too. This is a common mistake.
You can set .htm and .html files to be parsed by PHP too. They should explain this to you, suggest that you either change the file extension to .php or have .htm and .html files parsed by the server, and of course, instruct you how to do it.
Also, a very good support team would offer to do make the necessary changes provided that you tell them what’s the name of your account with them (website name).
And… this is about it. Simple huh?
Note: I’m sorry I can’t provide a test for Windows based servers, but I have no experience with them. I am open to Windows server test suggestions!
leave a comment