contents
042
8.2
022
036
054
046
032
051
022
The New Generation of service providers The rise of cloud computing is leading to opportunities for a new generation of service providers to tailor unique offerings for customers with added value at compelling prices.
004 | Ping! Zine magazine
028
041 028 Popular Social Sharing Options
042 Case Study: PA-DSS Compliance With Pinnacle Cart
032 A Look Back at Parallels
046 Dealing With Downtime
Summit 2010
036 Data Center Disaster Recovery
041 Keep Your Frontline People Informed
051 HostingCon 2010: Piloting Into the Cloud
052 ping! zine service directory 054 Revenge of the April Fool
bits & bytes
016
8.2
013
013
018
012 015
021
022
012 Parallels Launches Plesk Panel 9.5 013 Digital Realty Trust Builds
New Datacenters
Corelink Announces President
014 Hosting.com Joins
Cybersecurity Advisory Committee
015 iPad Developers Rapidly Developing Apps
016 SoftLayer Streams Masters Tournament 1 in 10 ‘Top Search’ Results are Malware 006 | Ping! Zine magazine
B&B worldwide 018 Google Vs Yellow Pages 020 1&1 Internet largest web host by known servers the International Data Center Efficiency Metric Agreement
021 EvoSwitch Sponsors Dutch Road Show for Preservation Antarctica
Protecting you. Protecting the environment. Protecting your wallet.
LotusCloud VM from Black Lotus is the first environmentally friendly distributed denial of service protection service and the only option to come in at under $100.00 per month for a full gigabit of protection. Your own fully scalable virtual machine functions just like a dedicated server and uses less than 7 watts of electricity (that’s 16 times more efficient). Find out more about becoming DDoS protected and reducing your carbon footprint http://ww at http://www.blacklotus.net or by calling (800) 789-1977.
sponsors 8.2
PING! ZINE 002 The Hosting News 003 Gawkwire.com 005 Young Copy 007 Black Lotus 009 Hostopia 010 CDG Commerce
Publisher Keith Duncan Managing Editor/Designer Derek Morris Executive Editor Robert Lang Senior Editor Dave Young Marketing Director Marcus Spencer
Editorial Staff Technical Editor John Burmeister Commentary Editor David Dunlap Marketing Editor Trey Gardner Headlines Editor Derek Vaughan
014 SpamHero 015 Press Advance 015 Assistanz 017 ISP System 019 WebHosting.uk.com
Contributing Writers Rob Farrell Christian Henning Sangeetha Naik Gary Orenstein Pingdom.com John Rath Quint Studer
024 Turnkey Internet 027 Versaweb 029 Parallels 034 Unity Mobile 038 Web Host Bootcamp 039 24x7 Easy Support 039 LinMin 040 Rackmount Specialists 043 Lagniappe Internet, LLC 044 Sprynex 048 eUKhost 050 HostingCon 2010 055 R1Soft 056 Host 4 Yourself
008 | Ping! Zine magazine
Contact Information Ping! Zine, LLC Post Office Box 516 Denham Springs, LA 70726 Phone (225) 791-3963 Website www.pingzine.com General Info info@pingzine.com Sales sales@pingzine.com Editor editor@pingzine.com Design design@pingzine.com
Ping! Zine Web Hosting Magazine Š April-May 2010, Published and Copyrighted 2010 by Ping! Zine, LLC, P.O. Box 516, Denham Springs, LA 70726. All rights reserved. Permission to reproduce part or all of this issue must be secured in writing from the publisher. For more information email: info@pingzine.com. Complementary subscriptions are at the discretion of the publisher and may be cancelled or modified at any time. Unsolicited submissions are welcome. We assume no liability for lost or damage of submissions. We assume no liability for the content of this issue and all points and ideas are strictly that of the writers involved and not that of the publisher, publishing company, printing company or editors. This issue of Ping! Zine has been printed on paper made by recycled used toilet paper. Don’t mind some of the brown spots on some of the pages, but feel free to add your own if you run out of TP while on the John. At least we can say we are honestly worth a crap then.
Ping! Zine magazine | 009
010 | Ping! Zine magazine
Ping! Zine magazine | 011
bits & bytes
Parallels Launches Plesk Panel 9.5
Parallels has launched Parallels Plesk Panel 9.5 with significant upgrades including Google Services for Websites, PCI compliance, free installation, migration and upgrade support, support of most virtualization platforms, self-diagnostic tools and automated bug fixers. It also includes free Parallels Sitebuilder 100 and free Parallels Billing 1000 (supporting USD, AUD, CAD and GBP) when purchased with Parallels Plesk Panel 9.5 Unlimited version.
012 | Ping! Zine magazine
Digital Realty Trust Builds New Datacenters Digital Realty Trust, Inc., the world’s largest wholesale datacenter provider, has announced plans to build out the next phase of over 170,000 square feet of new Turn-Key Datacenters® in five major metropolitan markets to meet escalating demand for its move-in ready datacenter space. The new Turn-Key facilities will be built in the Company’s following top markets: - Over 53,000 square feet of Turn-Key Datacenter space in Northern New Jersey; - Approximately 34,000 square feet of Turn-Key Datacenter space in the London metro area; - Approximately 29,600 square feet of Turn-Key Datacenter space in Northern Virginia; - Over 22,000 square feet of Turn-Key Datacenter space in San Francisco; and - Approximately 33,000 square feet of Turn-Key Datacenter space in the Dallas metro area. “In response to the increased demand for our Turn-Key product, we are accelerating our development plans in these key markets and expect construction to be completed by mid-year,” said Michael Foust, CEO of Digital Realty Trust. “Our redevelopment program is an essential component of our growth strategy. We are also focused on optimizing space in existing operating facilities to meet local demand for highly improved datacenter space while maximizing the returns to our shareholders,” Mr. Foust added. In addition to the above mentioned projects, the Company also announced construction plans to add datacenter space to the following strategic properties: - 600 Federal Street in downtown Chicago; - 210 North Tucker Boulevard in St. Louis, MO; - 113 North Meyers in Charlotte, NC; - 2323 Bryan Street in downtown Dallas, TX; and - The Quannapowitt Parkway property in the Boston, MA metro area. Digital Realty Trust Turn-Key Datacenter facilities provide state-of-the-art environments for supporting mission critical infrastructure, with advanced cooling, power, redundancy, and sustainability features to ensure that critical applications are available while optimizing energy efficiency. Digital Realty Trust’s Turn-Key Datacenters are scalable from hundreds of kilowatts of IT Load to megawatts of IT load and are located in markets throughout North America and Europe. Each TurnKey Datacenter facility is physically secure and features a state-of-the-art power and cooling architecture that has been optimized for green operation. Every Turn-Key Datacenter is built using the Company’s proprietary POD Architecture® and uses metered power to ensure that clients pay only for the power that they use.
Corelink Announces President/COO
CoreLink Data Centers announced the hiring of Michael Duckett as President and Chief Operating Officer. Duckett comes to Corelink from Terremark Worldwide, Inc. where he was Senior Vice President, Operations. While at Terremark, Duckett was a core member of the executive team that orchestrated high organic growth as well as successful execution of M&A opportunities. Prior to Terremark, Duckett ran the telecommunications & network operations for Florida Power & Light (FPL) where he was responsible, among other things, for all operations and related budgeting for the division.
Ping! Zine magazine | 013
bits & bytes
Hosting.com Joins Cybersecurity Advisory Committee Hosting.com has announced that Jim Garrity, Hosting. com Chief Security Strategist, has been selected to participate on California State Attorney General candidate Kamala Harris’s Advisory Committee on Cybersecurity. Harris, the two-term District Attorney of San Francisco now seeking the Democratic nomination for California Attorney General, recruited online security thought leaders from various sectors of the technology industry to discuss cybersecurity issues, industry trends, and threats. The group will also formulate policy recommendations designed to help stem security breaches and crimes. Heightened cybersecurity threats surrounding electronic trade, identity theft, e-commerce, intellectual property right protection, and financial crimes impelled Harris to create this advisory committee to solicit the best possible advice from experts in the field. “I am honored and grateful to have the leading experts in the field of cybersecurity advising me on matters of critical importance in our 21st century global economy,” said Harris. “I look forward to working with
this committee to bring innovative cyber crime-fighting solutions to California’s justice system.” “Kamala Harris moves far ahead of the threat curve by creating this task force,” noted Hosting.com Marketing Director Aaron Hollobaugh. “The high level of online success for California businesses poses one of the greatest threats for security breaches. We look forward to working with the other members of the Advisory Committee and Kamala herself to identify those threats and ensure legislation reduces their frequency and mitigates their impact.” Jim Garrity of Hosting.com will join other cybersecurity experts and thought leaders in frequent calls and meetings with Kamala Harris and her campaign staff to ensure existing and pending legislation takes the security enhancements and threats associated with it into full account. The inaugural meeting of the advisory committee will take place on Tuesday, April 13. The first session will focus on providing Harris with an update on the current state of cybersecurity, and proposing areas where administrative policies and legislation could help minimize risks and enhance privacy.
]
]
iPad Developers Rapidly Developing Apps With just under 6 billion mobile applications forecast to be downloaded this year, up from an estimated 2.4 billion in 2009*, app development has no indication of slowing down. First weekend sales of the iPad estimated over 700,000 units and iPhone app developers are switching gears and rapidly turning to iPad app development. In a survey of hundreds of iPhone app developers conducted by Optimum Lead Generation, the company behind iPadApplicationQuotes.com, a new website that connects business and entrepreneurs with experienced iPad app developers, the survey revealed: - 88% of iPhone app developers surveyed anticipate the porting of existing iPhone Apps to iPad Apps - 76% of iPhone app developers surveyed currently have at least 1 iPad App in development “iPad application development represents new ground and opportunity for mobile developers” said Gregg Weiss, Founder of iPadApplicationQuotes.com. “Larger screen size, faster processor and richer user experiences are all reasons developers are excited about creating apps for the iPad.” When asked why iPhone developers might continue to develop for iPhone vs move only to iPad, one developer said “Existing iPhone users might be more reluctant to spring another $500 for an iPad. That’s a big reason why I’m keeping with both platforms now”.
Ping! Zine magazine | 015
bits & bytes
SoftLayer Streams Masters Tournament SoftLayer Technologies was the provider of critical data center and network infrastructure used for streaming video of the 2010 Masters Golf Tournament live on the Internet, April 5 through 11. More than 600 SoftLayer servers were deployed for the webcast. The company hit network traffic peaks approaching 170Gbps on Thursday and 190Gbps on Friday of last week. Total network traffic was 40% above normal traffic loads. SoftLayer has more than 26,000 deployed servers in their three geographically diverse data centers, and over 300Gbps of total network capacity. The company is continuously expanding its network capabilities: its total capacity will more than double in the coming weeks, reaching 1,000Gbps with the launch of multiple new network Points of Presence and the addition of several network carriers. SoftLayer has been the partner of choice for content delivery networks that have webcast many major events that drew large online audiences, including pop icon Michael Jackson’s memorial service and the inauguration of President Barack Obama.
016 | Ping! Zine magazine
1 in 10 ‘Top Search’ Results are Malware Websense, Inc. revealed the findings from its bi-annual research report Websense Security Labs, State of Internet Security, Q3-Q4 2009. The full report can be downloaded at http://www.websense.com/threatreport. Major findings from the report include: • Websense® Security Labs™ identified 13.7 percent of searches for trending news/buzz words (as defined by Yahoo! Buzz & Google Trends) led to malware. Search engine optimization poisoning attacks target the top searches enabling hackers to drive traffic to their sites. • In contrast to the first half of the year where mass injection attacks like Gumblar, Beladen and Nine Ball promoted a sharp rise in the number of malicious Web sites, Websense Security Labs has seen a 3.3 percent decline in the growth of the number of Web sites compromised. Malware authors have replaced their traditional scattergun approach with focused efforts on Web 2.0 properties with higher traffic and multiple pages. • Overall, comparing the second half of 2009 with the same period in 2008, there has been an average growth of 225 percent in malicious Web sites. • Malware authors continue to capitalize on Web site reputation and exploiting user trust with the second half of 2009 revealing 71 percent of Web sites with malicious code are legitimate sites that have been compromised. • Web 2.0 sites allowing user-generated content are a top target for cybercriminals and spammers. Websense Defensio™ technology enabled Websense Security Labs to identify that 95 percent of user-generated comments to blogs, chat rooms and message boards are spam or malicious. • Websense Security Labs found that 35 percent of malicious Web attacks included data-stealing code, demonstrating that attackers are after essential information and data. • The Web continues to be the most popular vector for datastealing attacks. In the second half of 2009 the Websense Security Labs found that 58 percent of data-stealing attacks are conducted over the Web. • Tens of thousands of Hotmail, Gmail and Yahoo! email accounts were hacked and passwords stolen and posted online which resulted in a marked increase in the number of spam emails. • Websense Security Labs identified that 85.8 percent of all emails were spam. • During the second half of the year, 81 percent of emails contained a malicious link. Every hour, Websense Security Labs ThreatSeeker™ Network scans more than 40 million Web sites and ten million emails for unwanted content and malicious code. Using more than 50 million real-time data collecting systems, ThreatSeeker Network monitors and classifies Web, email and data content —providing Websense with unparalleled visibility into the state of content on the Internet and in email.
Ping! Zine magazine | 017
bits & bytes worldwide
Google Vs Yellow Pages A lot of fuss has been made over the Yellow Page and whether or not print is still viable. Obviously the Yellow Pages will do everything in their power to demonstrate their effectiveness, while online-players will have you believe the opposite. So who’s right? In a recent survey conducted by Melbourne SEO Services, a cross section of people from the streets of Melbourne were asked a series of questions to help answer the question. Questions asked included “How do you search for products and services you need?”, “What search engine do you use most?”, and “How often do you use Google?” The results were clear, with 53.85%, of respondents saying they haven’t used the yellow pages in the last year, while 100% of respondents said they use google every day. One respondent even commented “I reckon the yellow pages is obsolete: why would you spend money on the yellow pages when they’ll just as easily find you on Google?” Unfortunately for the Yellow Pages, surveys such as this aren’t the only indication Yellow Pages is falling from the public’s mind. Early indication could be taken from SuperMedia (Yellow Pages United States) who announced a decline in ‘09 profits citing, among other reasons, “… declining use of print yellow pages directories”. “It’s obvious the attitudes and habits of consumers have clearly shifted, with people switching to the internet to find products and services within their local area” says David Jenyns of Melbourne SEO, “I think the writing is on the wall for many offline print publications - the consumers are voting with their eye balls.” Furthermore, the Yellow Pages, seeing the decline in effectiveness of print media, is rapidly looking to the internet for alternative means to add value to their clients - most recently, entering into agreements with major search engines such as Google and Bing to provide sponsored business listings for their local customers. 018 | Ping! Zine magazine
This may be critical when you consider respondents were also asked to comment on their behaviours once a search had been entered into Google with 100% of peoples saying they don’t look past the first page. “People aren’t interested in understanding how Google works, they just trust Google’s results will be the most relevant and important,” David explains “For this reason, it’s now more important than ever to feature prominently on Google”. With all that being said, the print Yellow Pages will not disappear any time soon as businesses continue to buy advertising space. Who knows how long this will last but, as with any form of advertising, it only lasts as long as long as there is a positive return on investment for the business running those ads. To find out more about the survey and see the complete survey results please visit : http://www.melbourneseoservices.com/ google-vs-yellow-pages/ or call (03) 8060 5131 during office hours. Melbourne SEO Services is a boutique search engine marketing company based in Melbourne, Australia - helping small to medium sized business market their business more effectively online. To find out more about us, read our SEO blog. • Websense Security Labs identified that 85.8 percent of all emails were spam. • During the second half of the year, 81 percent of emails contained a malicious link. Every hour, Websense Security Labs ThreatSeeker™ Network scans more than 40 million Web sites and ten million emails for unwanted content and malicious code. Using more than 50 million real-time data collecting systems, ThreatSeeker Network monitors and classifies Web, email and data content —providing Websense with unparalleled visibility into the state of content on the Internet and in email.
Ping! Zine magazine | 019
bits & bytes worldwide
1&1 Internet largest web host by known servers According to independent sources, 1&1 Internet Inc. is the largest Web host by known servers in today’s technology industry. According to numbers recently reported by Intac.net, a respected resource for information about the IT industry, 1&1’s fleet of over 70,000 servers is larger than that of any other top player in the hosting industry. Comparatively, 1&1 is third in line for total number of servers behind other major players across the world of technology, including Intel and Google. This latest news mentions 1&1 in a comparison that looks at the total number of servers owned by some of the top players in technology and information management. The number of Web servers run by 1&1 has placed the company as the third largest technology provider amongst major companies in the industry. 1&1’s 70,000 servers was shy of taking the top two spots, which went to Intel and Google, with 100,000 and over 1,000,000 servers respectively. Other key organizations also mentioned include SBC Comm., Time Warner Cable, and AT&T, amongst others. The research however did not consider server numbers by Microsoft and HP, as these companies do not reveal corresponding numbers. 1&1’s operations, which span five major markets across Europe and North America, have grown to measure a total of over 70,000 servers. Its current server strength has surpassed other Web hosts in size, as indicated by numbers given in the article, for The Planet and Rackspace, along with OVH, a European Web host, and Akamai Technologies, a global internet hosting service. With over 10 million hosted domains and services provided for more than 9 million customer contracts, 1&1’s server strength has surpassed some of the top organizations in communications technology. Both Verizon and Facebook, the social networking platform, for example, had a combined total of just over 55,000 servers in comparison to 1&1’s 70,000.
020 | Ping! Zine magazine
the International Data Center Efficiency Metric Agreement Recently, Green Grid announced that government agencies in Europe, the United States, and Japan have all agreed to utilize the Power Usage Effectiveness Metric in order to help measure the energy efficiency of data centers. This agreement has been a continuing process that began in early February during a meeting between key agencies including the US Department of Energy, US EPA, European Commission JRC Code of Conduct, and the Green IT Promotion Council and Ministry of Economy, Trade, and Industry, both of Japan. This agreement was designed to create a standardized set of guidelines that every company around the world can use to measure the energy efficiency of their data centers. It also gives companies a way to quantify the successes of energy-reducing techniques that are used at facilities around the globe. A standard sets of metrics will make global communication much more successful and useful in regards to maximizing the efficiency of data centers. While this is a fantastic starting point, this agreement will need to be followed up with continued global communication, cooperation, and standardization in order to be successful in the long term. Let’s take a look at some potential sticking points that could cause waves in the future if additional agreements cannot be met. 1. Creating Additional Metrics Coming out this agreement, it was also noted that organizations will need to create additional metrics in order to achieve the goals and results that were set forth in the initial agreement. It could be troubling if these additional metrics are not created soon. A task force has been created to determine when these groups will meet again. The timing of these meetings will be largely based on the amount of progress that is being made. 2. A Lot of Flexibility While flexibility is great, it can also quickly become a source of conflict. Every participating country will either endorse or adopt guidelines to improve data center energy efficiency. This is done to accomplish some of the goals set within the agreement as well as to test out new sets of metrics, defining each metric, defining how each metric should be measured, and establishing clear avenues for communication in regards to developing new metrics. With every country being given the ability to do what they wish in regards to the definition, collection, and creation of new metrics, the sense of standardization that this agreement is predicated on could quickly disappear. While this agreement is obviously a fantastic first step in global cooperation in regards to data center energy efficiency, there is a lot more work that needs to be done. It is always important to applaud the first steps of new agreements, at the same time, it is important to recognize that a lot of work still needs to be done. Author’s Bio: Roko Nastic is writer and editor at WebmasterFormat. com, website developed to help webmasters bulid and mantain successfull websites. Visitors to WebmasterFormat can enjoy a lot of useful tips, latest news and help in finding the best web hosting companies.
EvoSwitch Sponsors Dutch Road Show for Preservation Antarctica The ‘Leadership for Antarctica’ road show, which targets organizations that want to be leaders in sustainable business operations, will be held in the Netherlands from 1 May to 30 June 2010. The promotional tour visits the organizations with the aid of a sustainable sailing yacht on a trailer and was initiated by the Dutch company Bolster Group (http://english.teambolster.com/) with support from EvoSwitch (www.evoswitch.com), the CO2 neutral data center for ICT infrastructures based in Amsterdam. In the course of the tour, the sailing yacht – a Dehler 22 – drops anchor at a different big Dutch organization every day. Siemens, BMW and the Dutch Ministry of Economic Affairs are among the organizations that support the initiative by Bolster Group and EvoSwitch and will be visited by the yacht. Board members of the organizations are then invited on board to receive information on concrete ways to realize sustainable business operations. Bolster Group’s international operations serve companies like Shell, TNT, PricewaterhouseCoopers, T-mobile and the Dutch Directorate-General for Public Works and Water Management. In collaboration with EvoSwitch, the company expects to reach most of the management boards of top 500 companies. ‘We contacted EvoSwitch as a sponsoring partner because it is the first CO2 neutral data center in the Netherlands,’ explains Rogier ‘t Hooft, Managing Director of Bolster Group. ‘ICT infrastructures tend to consume a lot of power. With their extensive knowledge of sustainable ICT infrastructures, EvoSwitch can make a significant contribution to the promotional tour.’ The management board of EvoSwitch will discuss the options for a sustainable, energy saving setup of ICT infrastructures during the tour. In addition, a secure space outside the heavily secured EvoSwitch ICT data center will serve as a daily refuge for the sailing yacht in 2010. ‘The Green Fan’ label A green ICT infrastructure setup results in an energy saving and therefore cost benefit but is often invisible to the outside world. Publicizing a green ICT setup may help companies invest in
environmentally friendly solutions. For this reason EvoSwitch will link The Green Fan label (www.thegreenfan.com) to the promotional tour by featuring its logo and discussing it in the knowledge sessions with executives. ‘The Green Fan is a logo reserved for EvoSwitch customers,’ says Eric Boonstra, the Managing Director of EvoSwitch. ‘By featuring the green label on their websites, they can show to the world that they have a green ICT infrastructure thanks to a significant energy saving and investments in CO2 compensation. As such it may stimulate the organization to put green ICT on the management agenda as an important theme. Such a label can act as an eye opener for top managers, regardless of whether they are using this specific green label. It enables us to demonstrate that green ICT can absolutely become a tangible asset for stakeholders.’ Leadership program with a trip to Antarctica The road show precedes a more in-depth substantial program relating to leadership and sustainability to be kicked off by Bolster Group towards the end of 2010. The program, in which several managers visited during the road show will participate, has a practice driven setup and embraces concrete, suitably sustainable projects for the participating organizations. The program is based on 4 pillars and focuses on the positive impact of sustainability on cost reduction, customer image, attracting talent, and a proactive approach to legislation. In the program, Bolster Group is collaborating with the US based organization 2041. The year refers to the ideology and activities of the polar adventurer Robert Swan (53). His organization ‘2041’ works to preserve Antarctica and the environment in general. He chose this remarkable name for his organization because the treaty that protects the untamed nature of Antarctica will expire in 2014. In that year, the treaty may be subject to changes that may endanger nature in the Antarctic region. An expedition to Antarctica is part of the sustainability leadership program in the Netherlands. Together with Robert Swan, several top managers will experience the overwhelming beauty of untouched nature and the impact of deterioration. Ping! Zine magazine | 021
gary orenstein
The rise
of cloud computing is leading to opportunities for a new generation of service providers to tailor unique offerings for customers with added value at compelling prices
>>
Recognizing the interest of companies to adopt cloud computing and service-based offerings, these new service providers are at the cusp of significant market growth. Planning and architecting the right infrastructure up front will be critical to their success.
022 | Ping! Zine magazine
In planning its offerings, new service providers must find ways to scale quickly, easily and cost effectively. They must also be in a position to retain the utmost flexibility as market demands shift and evolve. Finding the right IT infrastructure for these requirements is no easy task.
This article outlines the key considerations for new service providers architecting and building innovative offerings. In particular, we explore the major issues around data; where is it coming from, how to store and manage it, and how to build a file serving and storage
infrastructure that scales easily, maintains the highest availability and keeps overall costs low. This article is a must read for existing service providers who are already underway, or for those planning a new service.
Ping! Zine magazine | 023
024 | Ping! Zine magazine
Market Momentum for Software Services
The market momentum for software as a service (SaaS) continues to increase. In 2009 Business Week Research Services found these top six reasons business choose SaaS: 1. Reduce capital and/or operating costs 2. Simplify technology management 3. Enable focus on core competencies 4. Speed of solution implementation 5. Improve service levels to staff and users 6. Access to SaaS provider’s business expertise Additionally, IDC is forecasting significant growth in the SaaS market: · By the end of 2009, 76% of U.S. organizations will use at least one SaaSdelivered application for business use. · The percentage of U.S. firms which plan to spend at least 25% of their IT budgets on SaaS applications will increase from 23% in 2008 to nearly 45% in 2010. While we are likely to see some consolidation around major SaaS providers such as Salesforce.com, these market drivers and growth numbers point to a tremendous opportunity for service providers of all shapes and sizes.
Entering the Era of Billions
Current Web and cloud applications have completely thrown a wrench into the traditional methods of handling large volumes of data. Today we live in the Era of Billions where companies deliver applications that routinely process billions of requests to a similar astronomical number of objects. Some of the most prominent examples are listed here:
Understanding Cloud-Scale File Workloads
Cloud-scale workloads tend to follow a similar pattern for file access over time. Initially, new file data is extremely active from a user request perspective. Consider the pictures that you put up after a group event that everyone wants to see. These initial file views are the most critical to the application provider because they are the revenue-generating clicks, and therefore must meet the following requirements: 1. Peak Performance is needed to satisfy the user demand for file access. Since the requests to new file content are closely tied to revenue (either through a subscription fee and user satisfaction or though advertising revenue), application providers cannot afford to lag behind. 2. Continuous Availability means that there can be no interruption in service, even through failures in the underlying hardware. Again, since this is the revenue generating stage, an interruption means lost dollars. 3. Cost Efficiency as measured by dollars per read keeps application providers focused on making the most of their system resources. However, these criteria change quickly after the initial period of file activity. At a certain point, most of the file data goes from being a revenue-generating asset to being a resource-draining liability. Meaning that most software-as-a-service applications keep data for an extended period of time (sometimes forever, theoretically!), and therefore the need for new metrics focused on driving down cost. In this scenario the following metrics are most important: 1. Consistent Performance. If a file has not been accessed in months, the likelihood that many users need it in milliseconds is extremely low. Rather, these users expect their data to be available, but given the circumstances a reduced level of performance is tolerated and in some cases even expected.
But what is important to understand is that we have jumped far pass the primary metric of capacity, or the number of terabytes or petabytes needed to store this data. What matters now is the number of users and the number of files that must be handled for these workloads. Systems designed as few as five years ago simply are not prepared to handle the scale of simultaneous users and high volumes of objects, common to scale-out Web and cloud applications. When everyone is both a content creator as well as consumer, new approaches are required.
2. Resiliency. Again, if a file has not been accessed for a while, protection mechanisms for the data can be a bit more relaxed assuming recovery is guaranteed. Specifically, waiting a few minutes or even an hour for a RAID rebuild when going to view a year-old file is a perfectly acceptable service level when given the need to drive down costs. 3. Lowest Cost per Terabyte. This metric becomes the guiding principal for older data. As the capacity numbers shoot up dramatically, and service providers commit to keeping data forever, the only criteria that really counts is driving down the storage cost as much as possible while meeting the minimum thresholds for performance and resiliency.
Ping! Zine magazine | 025
Product Requirements for Service Providers
The secret for service providers is finding a simple, scalable file serving solution to support scale out applications. To stand out from the crowd, service providers need to focus on differentiating its applications and making use of best-of-breed file serving and storage infrastructure wherever possible.
The key service provider requirements for file serving and storage include: Straddle the Cost Spectrum As outlined in the Cloud-Scale File Serving requirements chart above, service providers must be able to effectively tackle file workloads that range from peak performance to lowest cost per terabyte with minimal administration . Simple Management For service providers, profits come when they can continue to scale their infrastructure without having to scale their costs. A file serving and storage system that bundles hundreds or thousands of nodes in a single global namespace provides just such an advantage for service providers. Keeping Up With the Era of Billions Service providers, by the very nature of sharing application across many users, have to deal with incredibly large file counts. Having the ability to optimize file serving, particularly with the proliferation of small files so common to Web and cloud applications is critical. Instant Additions for Throughput and Capacity Service providers need to scale quickly to accommodate new customers and additional workloads. Additional capacity, throughput, I/O and processing capability should be readily available with minimal administration and no downtime. Always Available Service providers deliver critical applications to their customers, and customers rely on their providers to maintain continuous uptime. File serving and storage solutions must be continuously available to meet such stringent demands. Shared Infrastructure Service provider business models rely on the ability to share underlying infrastructure while segmenting access to that infrastructure at the application layer. This allows the service provider to amortize the cost of the underlying infrastructure across multiple customers and provide services at compelling price points. Therefore any underlying file serving and storage infrastructure should support such a shared model.
Introduction to Cloud-Scale File Serving and Storage
Cloud-scale file serving and storage meets the requirements of service providers across these categories. Let’s examine some of the potential product
implementations to get there. Seamless Combination of Hardware Platforms Cloud-scale workloads tend to shift from high-activity to a need for highdensity storage. On the high-activity side, it is important to balance storage capacity with network bandwidth, I/O capability, CPU power and memory. As an example, a 1U server with four drives balances these requirements extremely well for high-activity workloads. However, many customers prefer denser hardware platforms when the data becomes dormant. In this case a 3U server with multiple drives might be a more appropriate option. Being able to combine multiple platforms within one solution, and automatically manage data placement helps service providers tackle the shifting requirements of cloudscale workloads. Simplicity in a Single Namespace When dealing with tens to hundreds of terabytes of information, managing that across multiple independent systems is a troublesome and time consuming process. Far easier is the ability to have a single namespace across hundreds to thousands of terabytes. In this way, service providers are managing a single system instead of dozens or more. The time and cost savings are enormous when the management and administration overhead remains low regardless of system size. Single Disk I/O Optimizations for Small Files With the proliferation of small files in Web and cloud applications, service providers need a way to serve those files efficiently. Since disk latency is the last mechanical stand in the data center, optimizing small file retrieval by mapping small files to specific block locations on disks allows for massive increases in performance. This is imperative to avoid the small file bottlenecks so common with traditional file systems. True Scale-out While many vendors talk scale-out, only a few can deliver on the promise beyond a dozen or so nodes. Service providers often have to scale to dozens or hundreds of nodes and cannot be forced to implement their own load balancing and sharing for systems that cannot scale. They require the ability to continually add nodes for increased capacity and performance. Further, the addition of new nodes in a cloud-scale file serving environments should deliver linear performance improvements. Far too common is a diminishing marginal return for new nodes… this is unacceptable with today’s workload demands. No Single Point of Failure Cloud-scale file serving and storage relies on commodity hardware to deliver performance at scale with the lowest possible cost. But inevitably hardware will fail, and solutions need to have the software smarts to maintain continuous operation regardless of underlying hardware components. Similarly things such as software upgrades should happen while the system is up and running and applications can continue uninterrupted. Mixed Workload Application Support Service providers often need to support many applications. Historically this required deploying multiple systems each optimized for a specific workload. Cloud-scale file serving and storage can handle many various workloads within a single cluster, enabling service providers to amortize the infrastructure cost over many applications and customers.
Conclusions
Customers are looking for software-as-a-service solutions today and service providers are in a unique position to deliver value to the market. However, picking and choosing the right infrastructure is critical to the service providers’ success and sustainability. Cloud-scale file serving and storage provides the right tools at the right cost for many of today’s SaaS applications. P!
Writer’s Bio: Gary Orenstein is vice president, technical solutions at MaxiScale. Orenstein, who has extensive data center infrastructure and network storage experience, has served in leadership marketing roles at numerous networking and storage companies. In addition to being a regular contributor to GigaOM, Orenstein hosts the podcast, The Cloud Computing Show. 026 | Ping! Zine magazine
Ping! Zine magazine | 027
pingdom.com
Popular Social Sharing Options Two thirds of the top 100 blogs have a dedicated “share on Twitter” option
Examining share button usage To get an idea of how common the various social sharing options are we went through the Technorati top 100 blogs and examined what kind of share buttons they are using. To keep the scope of this survey within reason, we focused on the more common options out there.
few cases, prominent text links) that are included in connection with each post on a blog, not options included in some general “share this” popup like the widgets provided by AddThis and ShareThis. However, since a general share option is so common, we included that as its own button category in the statistics.
We looked at dedicated, visible buttons for sharing on Twitter, Facebook, Digg, Reddit, StumbleUpon, Yahoo Buzz, Delicious and Google Buzz.
Share button usage among the top 100 blogs So let’s get right to the results. First, here is a chart showing a summary of the results of our survey (the number of blogs using the different social sharing options):
To clarify, with “dedicated buttons” we mean standalone buttons (or in a
Most Blogs Encourage Sharing...
of their content on services like Twitter, Facebook, Digg, Reddit, and so on, usually via prominent buttons in connection with each post. It’s a win-win situation for the bloggers and their readers. The bloggers make it easy for their readers to share content they like, and by sharing, readers drive more traffic to the blogs. A ton of social sharing options are out there, but which ones are bloggers relying on the most?
028 || Ping! magazine 028 Ping!Zine Zine magazine
Above: Dedicated, standalone buttons/options for sharing on the top 100 blogs. Note that the “general share option” usually contains many more share options, including several not listed here.
Profit. With the Parallels Service Provider Partner Program. The needs of your customers are changing, fast. Parallels’ Service Provider Partner Program helps you adopt enabling technologies — like virtualization and automation — so you can better serve your customers, bring more value to your offerings, and increase revenue for your business.
Learn how you can become a Parallels Partner by visiting www.parallels.com/partners. Ping! Zine magazine | 029
m Both Twitter and Facebook buttons are now more common than Digg buttons. Digg is no longer the king of social sharing, at least as far as these 100 blogs are concerned.
Google Buzz, a flop with bloggers? As you can see in the chart on the previous page, Google Buzz hasn’t made much of an impact on bloggers so far, at least not enough for them to integrate a Google Buzz share button with their posts. It’s of course still early days for Google’s new social media tool, so this may change significantly over the coming year.
m Twitter is the most common share button. Two thirds of the top 100 blogs have a dedicated “share on Twitter” option.
Perhaps part of the reason is that there is no official Google Buzz share button. Instead, bloggers have started to make their own.
m A Facebook share button is present on 58 of the top 100 blogs. In most cases, it’s coupled with a Twitter button.
Here below are the “third-party” Buzz share buttons we found when going through the top 100 blogs. We’re sure there are other variations out there as well.
Quick observations on share button usage Here are some of our observations on share button usage among the top blogs.
m Digg buttons are present on just under half of the top 100 blogs. While we don’t know what this looked like a couple of years ago, an educated guess is that this used to be a higher number. m Digg buttons are twice as common as Reddit or StumbleUpon buttons. m 58 of the top 100 blogs include a general, expandable share this button; 19 of those blogs have no other share buttons. m Dedicated MySpace and LinkedIn share buttons are rare, but they do show up in some of the blogs. We didn’t include them in this survey, though. m 6 of the top 100 blogs have no sharing options at all. m Email buttons are very common. We didn’t include “email this article” buttons since we focused on share options connected to specific services (like Digg and Twitter), but they were actually more common than we thought they would be. Had we included them, they would have been among the top sharing options. m The war of the Buzzes. The “other” Buzz, the Digg clone from Yahoo, is currently a much more popular share option than Google Buzz, which only showed up on six blogs. That last point leads us to an interesting question…
030 | Ping! Zine magazine
Above: Google Buzz buttons we found. The two farthest to the left are from Mashable. Others are from, in order from left to right, The Next Web, GigaOM (and Engadget), Business Insider, and TechCrunch.
It remains to be seen if Google will release an official button down the line. Perhaps they won’t. After all, Twitter doesn’t have an official share button either, and that hasn’t stopped them from becoming the most popular sharing option out there. All it takes is some third party to step up and provide one, like Tweetmeme did for Twitter. Final words This survey confirms that Twitter and Facebook buttons have become the main sharing mechanisms out there. That both of them have pushed down Digg from the sharing throne is now beyond all doubt. Facebook with its 400+ million users may be the giant in terms of users, but it seems that the top bloggers as a group consider Twitter a more relevant social sharing platform. Not by much, but the difference is there. We also found it extremely interesting that a few of the blogs have no social sharing options whatsoever that we can find. Why a blog would completely ignore this aspect, we’re not sure. P!
twitter & facebook buttons are now more common than digg buttons
Offer More. With Parallels Automation. With the Parallels Automation suite, you can completely automate your business and empower your customers, from a single software platform. Parallels increases your revenue per user by enabling the widest set of automated services including hosted Microsoft Exchange with many add-on services, shared hosting, Microsoft SharePoint, virtual private servers, SaaS and more. Don’t settle for just another plain vanilla solution — give your customers more of the good stuff with Parallels Automation!
www.parallels.com/pas Ping! Zine magazine | 031
chrisitan henning
Parallels Summit Christian Henning of FindMyHost.com visits Miami for fun under the sun and takes a hard look at Parallels legacy products.
2010
Held at the Fontainebleau Resort in Miami, attendance was strong for Parallels Summit 2010 and included many of the top Web Hosting companies from the United States and Europe. Sessions and discussions included Industry experts providing detailed information on potential growth for Hosting companies to consider. Parallels enabled attendees to get up close and personal with Parallels software engineers to ask questions and also demo current and future releases of software. Attendees could also get certified on Parallels products at the Summit so they can provide better support to their customers. Hundreds of vendors also attended and showcased how their products work cohesively with Parallels software offerings. Parallels, Inc., a privately held company based near Seattle, Washington develops desktop, server virtualization, and web hosting operations software. Over the years, Parallels has acquired some of the most popular control panel platforms available to Web Designers and Web Hosts. SWsoft’s acquisition of Parallels was kept under wraps until January 2004, two years before Parallels desktop software received widespread popular acclaim. Brief history of Parallels acquisitions: 2003 - Yippi-Yeah! E-Business GmbH (makers of Confixx) and Plesk 2004 - Parallels (SWsoft and Parallels operated independently until 2008). 2007 - Positive Software (H-Sphere) 2008 - ModernGigabyte, LLC (ModernBill) 2008 - WebHostAutomation Ltd developers of HELM Control Panel Control panels such as Helm, H-Sphere, Confixx, and even ModernBill have been brought in to Parallels very recently. Web Hosts who utilize the products acquired by Parallels want to know what Parallels future plans encompass. Web Hosts still using these platforms are wondering what they can expect from Parallels in the way of support, upgrades, and security patches. Hosts with hundreds or thousands of customers are also wondering about possible migrations if support for their chosen platform is dropped. Do they need to convert over to Plesk as soon as possible? Can Parallels help in migrating their customers off the old legacy control panels to Plesk? Most Web Hosts know what a pain and nightmare migrations can be when you are dealing with thousands of accounts. Compatibility issues, billing, automation, and downtime are all concerns. Hosts who decide migration is too large a product or too expensive may choose to remain on Helm, Confixx, or H-Sphere. In this case, Hosts need to know if they can expect timely security updates and new feature updates.
032 | Ping! Zine magazine
I posed a few questions to Parallels upper management concerning all of these acquisitions, name changes, and future plans in the hopes concerned Web Hosts and Web Designers understand the product life cycle of their respective platforms.
Parallels Q & A
I sat down with Parallels’ Craig Bartholomew, Vice President of Panel Products for a Q&A session. What is Parallels end goal for legacy products such as Helm, Confixx, and H-Sphere? Parallels’ end goal is to have satisfied customers. Many hosters have built their Hosting businesses around Helm, Confixx, or H-Sphere and Parallels wants to see these hosters grow, prosper, and offer more services over time. Will any new development be done on Helm, Confixx, or H-Sphere? There is a dedicated team of developers working on Helm, Confixx, and H-Sphere. They prioritize customer requests and work on meeting the needs of the customer base. What can current users of legacy software expect in the way of security updates and patches? The development team does patches and updates – including hotfixes in the environment of the hosters on critical issues. Does Parallels have an end-of-life date set for any of these legacy platforms? If so, is there a timeframe you can share with us for each? Hosting is a service business, and hosters need confidence that they can keep their service running without stoppage and risk. Parallels has no end-of-life date for any of these hosting systems. Will Parallels help migrate Web Hosts from Helm, Confixx, or H-Sphere to Plesk? If so, what are the costs associated with this? Parallels is offering free Transfer Assistance for any customer who wishes to move to the new Plesk 9.5. Parallels has issued new License Keys for Plesk 9.5 to qualify Hosters for this free service – which will only be available for 9.5. This release is hotfix-capable and provides greater security with PCI Compliance. Does Parallels have any plans on acquiring other control panels or virtualization companies? Parallels is always interested in companies with strong technologies built by intelligent people and used by loyal customer bases.
Ping! Zine magazine | 033
034 || Ping! 034 Ping!Zine Zinemagazine magazine
I also posed similar questions to Serguei Beloussov, CEO and chairman in a oneon-one meeting. Serguei said to expect security updates and patches. However all new development involving new features had been stopped on Helm, Confixx, and H-Sphere. Good news for Web Hosts using Parallels products is that for the time being, Parallels plans on supporting all acquired panels. Support and security updates will be maintained for the foreseeable future. As Craig Bartholomew mentioned in the Q & A session, security patches and updates would be released as needed. This is indeed reassuring to Web Hosts who have made the decision to remain on platforms other than Plesk. Furthermore, those who wish to migrate will receive free assistance from Parallels when moving to the new release of Plesk 9.5. While migration is never an easy task, having a company such as Parallels offering free migration assistance is a good option for large and small web hosts with limited time or budgets.
Every cloud has a silver lining
Some may argue that acquisitions are all about gaining market share and not improving the product. Some may also argue that Parallels is guilty of buying their competition only to force customers into their product line. The truth is Web Hosts still have alternatives with cPanel, Direct Admin, and other billing control panels on the market. There will always be those who are unhappy with choosing a platform only for it to be discontinued, purchased, or phased out. The up side for panels acquired by Parallels is that there is a very strong desire within Parallels to turn out top notch software with features and automation as key components. P! Writer's Bio: Christian Henning is a 15 year veteran of web hosting. Learning the web hosting ropes at Catalog.com (now WebHero.com) and eventually founding his own company - FindMyHost.com. FindMyHost.com specializes in Approved Host Certification aiding web hosts to build their brand awareness and also serving as a resource for consumers locating a quality web hosting provider. Visit www.findmyhost.com to submit your company's services or contact us for help in locating your next web host provider.
Ping! Zine magazine | 035
john rath
Disaster Recovery
addresses the very facility that, under normal conditions protects the technology – the Data Center.
036 | Ping! Zine magazine
6
The people aspect of a DR plan is an entire topic of its own and is of course a vital piece to address. Processes, policy and procedures are also crucial and there are a number of excellent resources available to assist in developing the right mix for your business. An easy and effective way to tackle process is by following the ITIL (Information Technology Infrastructure Library) guidelines. Additionally there are templates, consultants and best practices that can be applied when it comes to writing the definitive DR plan document for your company. A substantial portion of the disaster recovery strategy addresses the very facility that, under normal conditions protects the technology – the Data Center. Depending on the size of the IT infrastructure and budget, there are many options and levels of protection available.
Data Center
Disaster Recovery
Protecting company data and ensuring 24 x 7 x 365 uptime of IT infrastructure requires people, process, and technology. It just so happens those same components are essential to extending that protection and assurance through a disaster recovery (DR) strategy. Whether natural or man-made, a disaster is defined as something that makes the continuation of standard functions impossible.
Three options for recovery strategies for the physical data center include cold, warm or hot sites. A cold site is a standby data center facility that contains no equipment, but has the right electrical, environmental and telecommunication accommodations. This is the least expensive option, however it makes for a much longer recovery time objective. A number of businesses offer shared cold site services and it can be an economical choice compared to not having anywhere to go in the event of a disaster. A warm site contains all IT equipment and is ready to go live, but does not have live data and would require a brief setup period when initiated out of the DR plan. A hot site is a fully equipped location ready to take over operations at a
moment’s notice, and is frequently backed up to or contains continuously replicated data. While this is the more expensive option, it will provide the most flexibility and lowest recovery time objective. Site selection is an important component of the recoverability of the data center. If more than one disaster recovery site is feasible for the business and budget, one strategy could be to have a secondary data center within the same general region of the country as the primary, and then have a tertiary facility in a completely opposite or distant region of the country or the world. If your DR plan or budget does not call for that level of redundancy the same
6
Data Center Disaster Recovery
two or three site strategy can be implemented with collocation or hosting providers around the globe. When selecting a collocation provider, apply the same rigid requirements to vendors as you would to building your own facility. Look at relevant site selection criteria for the provider, to see that where they are located has a lower potential impact from natural disasters. Available network connections in the facility and connectivity to your primary data center should be investigated as well, especially in the case of looking to it as a hot site. For extreme data protection and recovery needs there are data centers built in underground, military-grade bunkers that shield against all natural disasters as well as an EMP (Electromagnetic Pulse) or nuclear blasts.
038 | Ping! Zine magazine
A Design Alternative for the provisioning of a DR site is the data center container.
Many major hardware vendors have container products available that provide a modular, mobile solution for rapid deployment. The data center container is based on ISO standard shipping containers and typically come in 20 foot or 40 foot configurations. Think of it as an enclosed row in your brick and mortar facility that contains the supporting elements of a data center, but can be built and delivered in a matter of weeks instead of months or years. Maybe your site selection for a disaster recovery site is any one of five places – depending on the disaster event you can then select the best fit for where to deliver the container(s) to. Additionally there are manufacturers
that offer containerized power and cooling solutions to compliment a data center container. The Cisco NERV (Network Emergency Response Vehicle) is a mobile command and control center that delivers mobile-IP enabled solutions. Another alternative has come about over the past several years in the form of cloud computing. With the advent of virtualization and cloud computing, the portability of server images and data can be extended to aid disaster recovery. Cloud providers allow for a massive scale as well as the easy and quick setup of virtual infrastructure. Services like Amazon Elastic Compute Cloud (EC2) offer a variety of options for a flexible, controlled and geographically disperse cloud.
Amazon EC2 has location options, composed of regions and availability zones. Availability zones are distinct locations that are insulated from failures in other zones, while providing inexpensive, low latency network connectivity to other zones. Many other providers have private clouds, virtual private clouds, or public cloud offerings suited to a variety of needs. Before diving to deep into the disaster recovery plan for the data center, remember the overall orchestration of it with the business and IT requirements for recovery. Another major influence to the disaster recovery planning process is the Business Continuity Plan (BCP). The BCP long-term plans for how the business will continue to operate after a disaster greatly impact what data center decisions to make for a disaster recovery plan. P! Writer's Bio: John Rath is an independent consultant and blogger at Datacenterlinks.com
040 || Ping! Ping! Zine 040 Zinemagazine magazine
quint studer
Pass It On
Five Ways to Keep Your Frontline People Informed 1
Strategic Rounding
This tactic is based on a practice from the world of medicine. (Think of a physician making the daily rounds to check on patients.) Essentially, leaders take an hour a day or so to touch base with employees, make a personal connection, find out what is (and isn't) working well, and so forth. Besides being a proven leadership tactic, says Studer, rounding is a great way to keep people up to speed on changes in the organization's "big picture" and to solicit any questions or concerns. 2
Employee Forums
Hold these company-wide meetings regularly. They are great opportunities to hold financial impact crash courses, to update people on changes in the external environment, and to solicit their feedback and ideas. 3
Newsletters
These should not be "data downloads" or senior leader photo-ops. Rather, fill them with articles about important external changes and the company's response to them. Really connect the dots for readers. And be sure to include tips on what employees can do personally to make a difference in the company's bottom line. 4
Communication Boards
Studer recommends putting physical (not just virtual) bulletin boards in a common area that convey an ever-changing "snapshot" of the company's bottom line. Include monthly and year-to-date financial reports as well as how the numbers break down by department. You can also include info about industry changes, new hires, community impact, and so forth. 5
Standards of Behavior Updates
If you don't know, Standards of Behavior guidelines spell out how employees are to present themselves at work: from phone etiquette, to how to respond to gossip, to key words to use when customers ask tough questions. You may already have a Standards contract in place...but was it written five years ago? Maybe it's no longer relevant. Make sure your Standards reflect your company's reality today. If not, ask employees to rethink and revise them. It's a great way to get people deeply engaged in thinking about the new reality and how they can best respond to it. P!
About the Book: Straight A Leadership: Alignment, Action, Accountability (Fire Starter Publishing, 2009, ISBN: 9780-9840794-1-4, $28.00) is available at bookstores nationwide, major online booksellers, and directly from the publisher by calling (866) 354-3473. Copies also can be purchased online through the Studer Group website at www.studergroup.com.
Ping! Zine magazine | 041
DAVE YOUNG
Case Study
A
PA-DSS Compliance
With Shopping Software, Pinnacle Cart re you using an ecommerce solution that’s PA-DSS Compliant? If your ecommerce solution stores credit card information and is not certified by the Payment Card Industry (PCI) Security Standards Council, your credit card information could be in jeopardy. To make sure your ecommerce solution is PA-DSS compliant, innovative shopping cart software companies are taking the next step.
Meet PA-DSS Compliant Pinnacle Cart Pinnacle Cart, a shopping cart software system, is taking data security to a new level by becoming one of the first Payment Application Data Security Standard (PA-DSS) ecommerce applications. Developed for online merchants to have a complete ecommerce platform for selling products and services. PA-DSS is a security standard developed by the PCI Security Council and applies specifically to payment applications. “Since the PCI Security Council set a deadline of July 2010 for all merchants who accept credit cards on their site to be on a PA-DSS compliant solution to maintain their PCI compliance, we felt as an organization we must get our application in line and meet the requirements set forth by the council,” says Craig Fox, Product Development and Marketing Manager. “Meeting this requirement not only makes the application more secure, but will save our existing and new customers any potential penalties by not being on a complaint solution.”
042 | Ping! Zine magazine
What is PCI Compliant? PCI Compliant is a set of comprehensive requirements for enhancing payment account data security for merchants using credit card processing services. PCI was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. International, to help facilitate the broad adoption of consistent data security measures on a global basis. PA-DSS is basically a subset of PCI compliance specific to the application or software that is being used by merchants. What does a PCI Compliant shopping cart do for your business? Most merchant account companies now require a merchant to become PCI compliant to accept credit cards. “When customers promote this certification to their potential customers, it reduces the fear a new customer might have when ordering from a new site,” says Fox. “Ultimately, this increases sales conversions for anyone using the certified version of our cart.” Will open-source shopping carts become obsolete? For many years, tens of thousands of customers have turned to open source shopping cart platforms. Open source means the software is distributed freely and maintained by a group of developers. Shopping cart users are attracted to open source due to lack of licensing fees and support costs typically associated with commercial based systems. But according
Ping! Zine magazine | 043
044 | Ping! Zine magazine
Case Study
to Fox, companies using Open Source platforms need to make sure they are not storing or transmitting credit card information to payment gateways as this may violate their PCI certification. “As a rule of thumb, if you’re using a non-compliant application, you will need to move your customer over to a complaint payment page to accept credit cards,” says Fox. PayPal and Google Checkout offer these types of payment methods, but the downside of these methods is you can expect to see cart abandonment rates rise as they are moved from your store to the page where payment is accepted.” What does it take to become PA-DSS certified? Getting PA-DSS certified is not an easy task and takes more than just filling out an application and waiting for approval. Pinnacle Cart’s quest for PA-DSS certification required more resources and time than they originally expected, starting with properly choosing the right QSA to ensure they had familiarity with online shopping cart applications. Securing a qualified QSA to review the Pinnacle Cart code base and internal processes took over two months. After signing a contract with the QSA, their management and technical teams went through an extensive interview process. After the interview, documentation was provided relating to their software and development processes. “Our QSA was provided a copy of our software and they started
the process of testing the application with their lab to make sure all of the requirements were met,” says Fox. “Next, we were provided a list of changes and recommendations for the software and we began a remediation process until we meet all of the standards outlined to get Pinnacle Cart PA-DSS certified.” Pinnacle Cart already had most of the PA-DSS requirements built into the platform, but some features were added and changed to reach compliance. “We were familiar with PABP (the precursor to PA-DSS) and had already started to move our platform to conform to most of the provisions outlined,” says Fox. Final words on PA-DSS compliance PA-DSS is not specific to just ecommerce applications. The goal is to help software vendors and others develop secure payment applications that do not store prohibited data such as full magnetic stripe, CVV2 or PIN data, and to ensure their payment applications support compliance with PA-DSS. Shopping cart owners, customers, and end-users need to be especially aware of the dangers of not implementing, migrating, or using an ecommerce platform that meets PCI Compliant standards. P!
Shopping cart owners,
customers, and end-users need to be especially aware of the dangers of not implementing, migrating, or using an ecommerce platform that meets PCI Compliant standards.
Writer's Bio: Dave Young is a professional writer, technical writer, website auditor, marketing consultant, SEO guru, and founder of Young Copy, a leading promotional and technical writing services firm. Visit www.youngcopy.com to learn how you can boost your company’s revenues.
Ping! Zine magazine | 045
sangeetha naik
Dealing with Downtime You get a call at 2am in the morning. One of your servers, with over a 1000 shared accounts on them has gone down. You rush to the office (thank God it's close to home) and find your support staff frantically working on the server and at the same time trying to field calls and emails from irate customers. After several tense moments, the cause is found. The load is very high, causing services to fail. Your support staff suggests a reboot instead of diagnosing the reason for the high load. You say ok, go ahead, as long as the load comes back to normal and all services run properly. Reboot done, and the team spends the rest of the night replying to customers. Later, you have no clue why the load went up the way it did because there were no logs.
046 | Ping! Zine magazine
server ; ; ; security
Downtime is serious.
In this age of social networking on twitter and facebook, bad news travels fast. This kind of negative publicity can seriously result in loss of reputation and customers within a single day. It’s no wonder, Hosts have to be on top of their business all day, every day. Downtime is a reality in the Hosting business. Do the math. Here are some commonly advertised service availability figures. · 99.9% availability equates to 8 hours, 45 minutes of downtime per year. · 99.99% availability equates to around 52 minutes of downtime per year. Even the most reliable WebHost has 52 minutes of downtime in a year. This downtime can be a result of scheduled or unscheduled events or both. In this article, we will look at ways to deal with both types of events.
Dealing with scheduled downtime
Scheduled downtime is a necessary part of server maintenance. A web host who regularly maintains the servers will reduce incidence of security vulnerabilities, increase performance and improve customer experience. A good host will have more scheduled downtimes than unscheduled downtimes. The most important way of dealing with scheduled downtime is through “Proactive Communication”. In this type of communication, you let customers know about the downtime before they find out about it on their own. Sounds simple, doesn’t it. The sad fact is that many Hosts do not follow it well enough. So lets see how this helps. How does proactive communication help Proactive communication is a very useful method for customer retention during downtime. · Gives you time to let your customers know all the great benefits they can hope to get with the changes in the system. · Reduces customer confusion · Helps customers inform their clients of downtime · Reduce flood of tickets during the downtime
· Customers appreciate that you let them in on your plans. How to setup proactive communication Before sending all of your customers an email, spend a few minutes deciding what you will tell them. A nicely formatted and complete email will reduce a lot of confusion and reduce the burden on your support team, especially when they are busy with the maintenance work. Here are some pointers. What to tell your customers during scheduled downtime. Tell them... · When the maintenance is scheduled (Exact date and time) · How long maintenance will last (down to the minutes) · What exactly will get disrupted (eg, web, email etc) · Reasons for maintenance · Benefits to the customer once the maintenance is done · How to contact support staff during maintenance (via email, forum etc) · Alternative arrangements they can do, if any. When to tell them · At least one week prior to the event. · Again, 24 hours before the event How to tell them · News section on website · Email · Social media (twitter, facebook) · Forum or blog
Dealing with Unscheduled downtime
Unscheduled downtime happen when something unexpected or untoward happens. The reasons for unscheduled downtime could include sudden increase in traffic, hacking attempts, old software leading to exploited vulnerabilities, DOS attacks, spam resulting in flooding of the queues, even the occasional hardware failure. No wonder it is a nightmarish scenario to deal with at 2am in the morning. So what can hosts do to prevent a massive downturn, in the event of a downtime. Simply follow the 2Ps. · Prevent downtime · Prepare for downtime Ping! Zine magazine | 047
048 | Ping! Zine magazine
server ; ; ; security
How to Prevent downtime Wouldn't you service your car periodically to prevent breakdowns and expensive repairs. The same way, a server is the engine on which your hosting business runs. An important way to prevent downtime is to maintain your server hardware and software periodically. This type of server administration is called Proactive Server Administration. In proactive server administration, always start by first securing the server with these steps. Note that these methods should be performed by a trained professional. · Make sure the software is all updated · Configure a firewall and restrict access to critical ports · Decide on minimum services and close unwanted services. · If you have shared accounts, check user security for weak passwords. · Enable extended logging so that detecting during disaster is easier. · Secure world writeable directories. Monitor availability of servers and individual services. For example, if your server load frequently goes high, you should be able to setup notifications that inform you of cut off load long before it becomes dangerously high. This helps you prevent downtime simply by checking on it, before the load creeps up and brings the server down. It is always useful to log all information for critical services, and to setup notifications for certain events. This helps in debugging and preventing future downtimes. The scenario I presented in the beginning, could have been prevented if logs were maintained. Keep track of exploits and service vulnerabilities. Sites like secunia.org and milw0rm.com have newsletters and mailing lists that you can sign on, thats gives you information first hand on any vulnerabilities. Take action before hackers do. Also, always conduct a monthly server audit to check for any suspect logins, spamming, server performance etc.
prepare for downtime The first step to prepare for downtime is to visualize your reaction if an unscheduled downtime took place. How would you contact your customers? Is your infrastructure up to speed to deal with an emergency. For example a helpdesk system, your website, phone lines and email are critical systems that should be available to engage with your customers in times of downtime. Some people wonder whether to communicate unscheduled downtime to customers. The downtime is going to last a few minutes. Should the host inform customers of unscheduled downtime? And the answer is Yes! The worst thing the host wants to do is to have customers find out by themselves, or worse, their customers. By being responsible and letting customers know, you seem to be on top of your business. Customers appreciate the fact that you informed them, rather than the other way around. Always prepare to send a lightening response to customers who are experiencing downtime. Here are a few things you should prepare. 1) Speed of response. You need to put up information on your website within minutes of the downtime at least. 2) Decide where you are going to put up this information on the website. How you are going to contact your customers. 3) Many times you need professional help in solving downtime issues. Form those relationships early on, so that they are available when you need them. 4) If you have an in-house team, make sure they are ready and knowledgeable to solve these issues when they happen. By prevention and careful preparedness, you can avoid downtimes taking a hit to your business and your customers' businesses. P!
Credits: Thanks to Amal A for all his help. Writer's Bio: Sangeetha Naik is co-Founder and Director, Bobcares.com. Bobcares provides Outsourced Tech support, Server administration and software development services to WebHosts . Bobcares currently supports over 50,000 servers. Ping! Zine magazine | 049
050 Zine magazine 050 | |Ping! Ping! Zine magazine
rob farrell
HostingCon 2010:
Piloting Into the Cloud Setting a Course for the Future >>>
Cloud is the hot topic taking the web hosting and hosted services industry by storm. Everyone is talking about it. Some are adapting to it. Even fewer are recognizing the impact cloud will have on web hosting in the years and decades to come.
Are you setting a course for the future? Join the web hosting industry at HostingCon 2010 this July in Austin, Texas to find out how to pilot your company into the cloud and set a course for the future that will lead to prosperity and profit. The HostingCon 2010 educational program is shaping up to be bigger and better than in any previous year. Here are a few of the ways we’re improving the program for the 2010 conference in Austin, Texas: · More Speaking Panels – Panels are one of the best ways to provide greater perspective and prevent bias within speaking sessions. We’re increasing the number of speaking panels by more than 35% for HostingCon 2010 to provide attendees with a deeper and more
meaningful understanding of hot topics in the industry. · New Session Tracks – Cloud is and will continue to be a major driver of change and adaptation in the web hosting industry for the foreseeable future. We’re adding a Cloud track across all 3 days of HostingCon 2010 to address cloud related issues, including the hot topics of cloud regulation and cloud standards. We’re also adding a one day Data Center track to address current issues and trends within the data center market. · New Speakers – New perspectives and ideas play an integral role in better understanding industry topics and trends. For HostingCon 2010, we’re increasing the amount of new speakers by more than 40% to provide attendees with more new knowledge and insights. Don’t miss the chance to learn about the latest trends and topics and network with the most influential players in the web hosting industry. Ensure you’re piloting your company into the cloud with confidence by registering for HostingCon 2010 today. P!
>>>
Time is running out to learn more and save big! Register for HostingCon 2010 before 5/31/2010 and save $140 on a full conference registration! Use the coupon code PINGZINE2010 when ordering to save an additional $60 on a full conference registration!
SPRYNEX www.sprynex.com Introducing Cheetah Hosting Control Panel
CODERO www.codero.com p: 1-877-999-2701 Focus on your business, not your servers.
de di c ate d h osti n g
FLV HOSTING www.flvhosting.com p: 1-888-409-3500 e: sales@flvhosting.com Providing Reliable Hosting HOST4YOURSELF www.host4yourself.com p: 866-435-5642 e: askus@host4yourself.com Smarter, Cheaper, Faster!
VIA NETWORKS www.vianetworks.net p: 1-800-749-1706 e: sales@vianetworks.net Built for the way you do business. WEBHOSTING.UK.COM www.webhosting.uk.com p: +44-191-303-8069 e: sales@webhosting.uk.com Your search for Managed Hosting Ends Here! CDG COMMERCE www.cdgcommerce.com p: 1-888-586-3346 e: sales@cdgcommerce.com The Future of e-commerce has arrived ELLUSCIENT TECHNOLOGY www.elluscientwebhosting.com p: 1-860-872-4505 e: erikelcsics@elluscient.com World-Class Hosting Starting at $5.95 LIONFIRE SOLUTIONS www.lionfiresolutions.com p: 1-800-521-5174 e: sales@lionfiresolutions.com One-Stop Server Shop. RACKMOUNT SPECIALISTS www.rackmountspecialists.com p: 1-877-767-1895 e: sales@rackmountspecialists.com Custom Servers and Workstations APPS4RENT www.apps4rent.com p: 1-866-716-2040 e: sales@apps4rent.com Resell Hosted Exchange/SharePoint Now! EUKHOST www.eukhost.com p: 0808-262-0255 e: sales@eukhost.com UK Reseller Hosting with FREE support!
TURNKEY INTERNET, INC www.turnkeyinternet.net/reseller p: 518-618-0999 e: support@turnkeyinternet.net Dedicated Hosting & Email Solutions.
SITE5 www.site5.com p: 1-888-748-3526 e: sales@site5.com Web Hosting for Webmasters
ULTRAVPS www.ultravps.com p: 1-866-960-0590 e: sales@ultravps.com Premium VPS Hosting
24x7 Easy Support www.247easysupport.com p: 1-209-476-8109 e: relaxnow@247easysupport.com Relax! Our 24x7 Easy Support Never Sleeps.
VERSAWEB www.versaweb.com p: 1-877-690-4900 e: sales@versaweb.com Affordable Dedicated Servers & More 052 | Ping! Zine magazine
e c o mme rc e
PARALLELS www.parallels.com p: 703-815-5670 e: sales@parallels.com Optimized Computing
h a r dwa r e
ISPSYSTEM www.ispsystem.com p: 1-941-462-1069 e: sales@ispsystem.com Web Server Control Panel
re se lle r ho s t i n g
HANDY NETWORKS www.handynetworks.com p: 877-704-2639 e: sales@handynetworks.com Specializing in Windows Hosting
r es ou rc es
c ol o c o n t r o l pa ne l
RELIACLOUD www.reliacloud.com p: 612-395-9000 e: sales@reliacloud.com Code PINGZINE for $25 new customer credit
d e d i c ate d hos ti ng
SERVICE DIRECTORY
cl oud
P!
GAWKWIRE.COM www.gawkwire.com e: news@gawkwire.com Web Hosting & Internet News Source
NETWIRE SOLUTIONS www.netwire-solutions.com e: sales@netwire-solutions.com Where your hosting begins one step at a time SUPREME CENTER HOSTING www.supremecenterhosting.com Use code PING15 at checkout to Save 15%
BINARY CANARY www.binarycanary.com/pz e: sales@binarycanary.com Free Website Monitoring Service
WEB HOST BOOTCAMP www.webhostbootcamp.net p: 1-800-935-6957 e: info@webhostbootcamp.net 24 Sessions, 8 Keynotes, 2 Fun Days!
BLACK LOTUS www.blacklotus.net p: 800-789-1977 e: sales@blacklotus.net First & Leading in DDoS Protection Solutions
YOUNG COPY www.youngcopy.com p: 513-248-1707 e: info@youngcopy.com Promotional & Technical Writing Services.
EASY ANTISPAM www.easyantispam.com p: 815-893-7285 e: sales@easyantispam.com TIRED OF SPAM?
ASSISTANZ www.assistanz.com p: 1-734-661-2392 e: sales@assistanz.com Your Outsourced Support Team INSTACARMA www.instacarma.com p: 1-800-810-6547 e: sales@instacarma.com Reputed Clients. Unmatched Expertise.
w e b to o l s & s ERV I C ES
THE HOSTING NEWS www.thehostingnews.com e: info@thehostingnews.com Gearing You Up For Business
LINMIN BARE METAL PROVISIONING www.LinMin.com p: 1-650-520-9549 e: info@LinMin.com Automate Linux & Windows Server Deployments R1SOFT www.r1soft.com p: 1-800-956-6198 e: sales@r1soft.com Continuous Data Protection Tools
BEANTOWNHOST.COM www.beantownhost.com e: sales@beantownhost.com Webhosting made easy!
SPAM HERO www.spamhero.com p: 1-888-355-HERO e: sales@spamhero.com Filter spam for unlimited emails on a domain!
DOREO HOSTING www.doreo.com e: sales@doreo.com cPanel Shared & Reseller Hosting
UNITY MOBILE ping.unitymobile.com p: 1-888-519-8561 Everything Mobile. Made Simple.
HOSTIVIA WEB HOSTING www.hostivia.com p: 1-877-690-4900 e: sales@hostivia.com High quality shared & reseller hosting services
HC VPS HOSTING www.hostcolor.com/vps p: 1-888-222-1495 e: info@hostcolor.com Virtuozzo VPS from only $19.95/month
HOSTOPIA www.onlinebusinesspartner.com p: 1-866-245-5150 e: completesolution@hostopia.com Hostopia your complete solution
vp s
sh ar ed h osti ng
s e rv e r s upp o rt
re s ou rc e s
PRESS ADVANCE www.pressadvance.com p: 612-605-6619 e: contact@pressadvance.com Web Hosting Press Releases and More
s h a re d h os ti ng
HOSTINGCON 2010 www.hostingcon.com p: 877-463-8468 e: info@hostingcon.com Learn. Network. Grow.
LAGNIAPPE INTERNET www.lagniappeinternet.com p: 1-877-877-0853 VPS Hosting from $26.95/Month
Ping! Zine magazine | 053
david dunlap
>>
Last year, I had a great deal of pranks played on me. You could say the office was getting back at me for the hell I had given them over the course of the year and on some level I am sure I deserved it... I suppose. This year though I got every person in the office back in spades. You see, I consider April Fool's as a blank check and I intended to collect.
Ground Guiding
>> If you have ever flown, you have probably seen
the ground guides with their cool orange vests, wielding flashlights with synchronized precision. In the spirit of such amazing prowess, me and a buddy of mine headed to the local mall. As I turned into the parking lot, my friend got out wearing an orange road worker vest and turned on his two flashlights. From that point on he guided me throughout the parking lot until we reached the drive through on the other side of the mall.
Forgotten Coffee Mug
>> I drive an old Lincoln. It has a cloth roof which
fits quite neatly into the next trick. For this trick you will need one coffee mug (preferably old), one car, and some sort of adhesive. Since I have a cloth top I went a wee bit further, using a knife and a three inch long, one inch wide piece of metal. I cut a small slit into the cloth top parallel to the windshield. I used construction adhesive to attach the piece of metal to the underside of the mug. I then slide the mug's metal bar into the slit on the roof. Tested once to make sure it wasn't going anywhere and away I drove. The amount of nice people in Nevada never ceases to amaze me. They were waving, smiling, some seemed like they were shouting a few things while pointing at the roof of my car. I smiled and waved back, enjoying the fine day. At a red light, one nice gentleman got out of his car to tell me I left my coffee mug on my car, priceless.
R e v e n g e o f t h e Ap r i l F o o l
x
An Ode to Duct Tape
>> No trickster's toolbox is complete without the
duct tape. This next prank is actually fairly easy and involves but one tool. Using copious amounts duct tape, crawl underneath your co-worker's desk and duct tape the drawer's in place. On some desks this normally means just the keyboard tray or center drawer, however, in my office all you need is a hammer to go the whole way. Simply remove the cheap cardboard backing from the factory cloned Walmart special desks, and duct tape away. Take extra care not to tear the cardboard and no one is the wiser.
Human Messaging Service
someone up and ask for someone else, we will use Bob for this >> Call example. Continue to have friends call up that number and ask for Bob. 7
or 8 times throughout the day ought to do it. Then have someone call up the number and say, "Hi this is Bob, do you have any messages for me?" P!
054 | Ping! Zine magazine
DEDICATED.HOST4YOURSELF.COM
HOST
YOURSELF
COST-EFFECTIVE DEDICATED & CO-LOCATED SERVERS
RAID
BONE SOL MULTI-CID
POWER HOUSE
Dual Harpertown 2x 5410 8GB RAM 4x 146GB 15Krpm SCSI HDDs Hardware RAID 4000GB Bandwidth
PLAT. NETWORK: $189 / MO STD. NETWORK: $169 / MO
SOLID
WORKH ORSE
ICE!
PLAT. NETWORK: $139 / MO STD. NETWORK: $114 / MO
Core I7 (Quad Core) 940 12GB RAM 2x 750GB SATA HDD 2000GB Bandwidthh
PLAT. NETWORK: $189 / MO STD. NETWORK: $159 / MO
DUAL C PU 1 LOW ’S PR Dual Xeon 2.8GHz, 1333MHz FSB 3GB RAM 2x 250GB SATA HDDs 2000GB Bandwidth
EDGE!
OR SPEED E
Dual Woodcrest 2x 5130 4GB RAM 2x 250GB SATA HDDs 2500GB Bandwidth
PLAT. NETWORK: $379 / MO STD. NETWORK: $349 / MO
CUTTIN G
Pentium 4, 3.0GHz w/ HTT 2GB RAM 2x 80GB SATA HDDs 1500GB Bandwidth
GO G REEN NEW Intel Atom 330 2GB RAM 160GB SATA HDD 1500GB Bandwidth
PLAT. NETWORK: $69 / MO STD. NETWORK: $55 / MO
All offers feature the choice of Standard Network (99.9% uptime SLA) in Scranton, PA or Mission Critical Platinum Peer 1 Network in Los Angeles, LA (ZERO downtime, ZERO packetloss). Servers and colo include full 100Mbps port, 5 IPs, FREE remote reboot port, FREE manual reboots, and FREE KVM over IP rental. Host4Yourself.com’s utterly unmatched support and 8 years of solid reputation comes standard! Semiannual or annual billing cycles get 7% off!
PLAT. NETWORK: $59 / MO STD. NETWORK: $49 / MO
OPTIONS/ UPGRADES:
REGISTERED PARTNER
CALL TODAY 866-435-5642 Or E-mail sales@host4yourself.com to request more information.
064 | Ping! Zine magazine
cPanel/WHM: $30 / mo DirectAdmin: $9 / mo Windows 2K3/2K8 Web: $10 / mo Windows 2K3/2K8 Std: $20 / mo Full Management: $15 / mo IPs: $5 per 8 or $40 per 128
AUTHORIZED PARTNER NOC