This document discusses hardware, software, and security considerations for web hosting providers. It covers server hardware options like full servers versus appliances. It also discusses software choices like operating systems, databases, and e-commerce solutions. Additional topics include data center infrastructure, high-speed connectivity options, and customer relationship management software. The overall message is that hosting providers need to carefully choose and support robust hardware, software, and services to effectively partner with e-commerce merchants.

1. E-Commerce:
Part II Covering Your Back-End
What You Should Know About Hardware, Software and Security
by Jim Thompson and Mike Woodward
Illustration by Brian Biggs
In the last issue of WH Mag, we intro- HARDWARE IS THERE AN APPLIANCE IN
duced you to Alfred Fuller, inventor of Running a web hosting operation takes YOUR FUTURE?
door-to-door selling. When a salesman servers — lots of servers. There are many Servers or appliances? That’s a question
from the Fuller Brush Company arrived choices, but essentially, machines come with no single right answer. Ultimately,
at his customers’ doors, all they saw was in two flavors: full-fledged servers and the choice depends on the need.
his smiling face, his magnetic personality appliances.
and his line of brushes. The business “We don’t use appliances,” is the terse
Although there was a time when each reply from the Loop, a small ISP in the
model seemed simple: Pack up the
served distinct purposes, the boundaries Los Angeles area.
products, ring a few door bells and watch
between servers and appliances are
the cash roll in. But there was whole lot “A server can grow with a customer, an
blurring. Major manufacturers such as
more going on behind the scenes. The appliance can’t,” is the opinion of
Sun, IBM, Compaq, Hewlett-Packard
Fuller Brush men depended on the Haralds Jass, president and CEO of
and Intel have diversified their focus on
company’s back office staff to handle Superb Internet. “Thus [an appliance]
high end machines and added lower cost
issues such as manufacturing, distri- has the potential to greatly impair the
and more compact appliances to their
bution, accounting, sales support and growth of a business. Many current
product lines. (Sun has gone as far as
customer care. appliances on the market are a step back-
acquiring Cobalt Networks, the leading
Today’s online merchants are in a appliance maker.) Meanwhile, newer wards in service-provider solutions.”
position similar to Alfred Fuller’s. An hardware players Cobalt, NetMachines, Not everyone feels as strongly on this
attractive web site alone does not a prof- Network Engines, StarBox Netsystems subject as Jass. Appliance advocates feel
itable business make. Therefore, e-tailers and others offer both general purpose that the current generation of products
rely on their hosting providers to help server appliances along with appliances offer immediate cost and time savings. In
orchestrate and automate back-offic that handle specific tasks. addition, each new release brings more
processes to the point where all that robust, flexible and scalable machines.
Will a Santa site be able to scale from
needs to be added is the customer. Meanwhile, you can stack multiple units
four hits a day in March to million of
A web host’s job is to determine what simultaneous visitors in December? To a in a rack to quickly attain the function-
level of service — in terms of capital, large extent, the answer is found in its ality you need.
technological and staffing resources — hosting provider’s hardware. The first But Jass’ considerations are of paramount
it’s able to offer customers. To serve as an thing on a web host’s shopping list importance. Hardware can make or break
effective partner to e-tail merchants, a should be servers that are big enough a service provider’s ability to grow with
hosting provider must make hardware, and powerful enough to handle the his customers.
software, skill level and service-plan incoming load around the clock, One manufacturer that’s won kudos
upgrades part of its way of life. during any day of the year. from appliances fans is Starbox
“If my server goes down, a lump of coal WEB HOSTING MAGAZINE
will be the least of your worries, punk!”

2. WEB HOSTING MAGAZINE

3. Netsystems (starbox.net), which offers new type of service provider that inte-
an Apache-based device aimed specifi- grates Internet data centers with
cally at web hosts in three different size high-bandwidth optical backbones,
categories: 500 users, 1,000 users and thus eliminating bottlenecks on the
2,000 users. In the works is a name Internet. They offer high speed net-
server, a firewall appliance, a web- working and data center services to
caching device and an e-commerce ASPs, ISPs, and web hosts who can
appliance. Another appliance maker, then resell services such as email and e-
Mirapoint (mirapoint.com), offers commerce to both business and
scalable mail-serving devices. The residential customers.
company recently lured Gene Banman, a Yet another useful tool is caching
former Sun vice president, to be its pres- devices, which are placed between the
ident and chief operating officer. By end user and the main server. By
voting with his feet, Banman has given (telseon.com). It offers scalable band-
width within and between metropolitan caching frequently accessed data, site vis-
quite an endorsement to the function- itors enjoy faster response times while
ality of appliances. Yet another areas to service providers. The amount of
bandwidth is controlled by the service service providers benefit from reduced
manufacturer, Phobos (phobos.com), demands on main servers.
recently released a rack-mountable device provider, eliminating the necessity of
that off-loads all SSL processing, allowing buying more equipment and provisioning
ASSESS YOUR GOALS
web and e-commerce servers to provide another T-3 line as demand increases.
What’s a web host to do in the face of
both secure and non-secure services at the Yipes (www.yipes.com) currently offers endless hardware options? The answer
same high speeds without becoming over- the same service as Telseon directly to depends on its goals.
loaded with the additional overhead of customers with plans to make scalable
For mom-and-pop hosting providers tar-
security processing. bandwidth available to service providers
geting local small businesses, appliances
in the near future.
CONNECTIVITY may provide the easiest and most eco-
A PLACE FOR EVERYTHING nomical solution.
Once you’ve got a server system that’s
robust enough to handle the needs of Another issue hosting providers need to “I think there will continue to be a lot of
your hosted sites, the next thing to look consider is real estate. Some WH Mag smaller companies that provide hosting
at is sufficient connec- readers literally started in services and e-commerce hosting services
tivity. A T-1 line that “No playing video games until you their basements and garages. because smaller companies are able to
clean your server room!” As their businesses expand,
runs at 1.5-Mbps have that customer service and customer
simply won’t cut it for additional space is needed contact through the sales cycle and
more than one popular for their growing collection service cycle,” says David Rowe, director
site. You will end up of equipment. of marketing services and strategies for
falling victim to your For many, the solution is to Intel Online Services.
customers’ success. move to a data center, like On the other hand, for those of you whose
T-3 and OC-3 lines run between three those run by Exodus or AboveNet. In strategy is to build or maintain a large
and 30 times as fast as a T-1, but at a addition the peace of mind that comes hosting operation for high traffic e-com-
cost between 10 and 50 times that of the with round-the-clock monitoring and merce sites, it’s a good idea to make a
smaller pipe. High bandwidth lines also redundant mechanical, electrical, storage major data center your home base.
take a while to get provisioned. In most and telecommunications systems, these Developing your own data center is an
cases, you will need to place your con- facilities may also offer a wide range of extremely costly proposition. However,
nectivity order in October or even useful services. leasing, colocation and
September, if you want to be ready for “Both new and traditional service partnering are methods
the Christmas rush. providers need to meet the explosive a growing hosting
Web hosts should also pay attention to demand for next-generation services,” says provider can use to
other methods of expanding the pipeline. Pat Russo, executive vice president and speed the transition
Fast ethernet and soon, gigabit ethernet CEO, Service Provider Networks, Lucent from working next
solutions, may be some of the arrows Technologies. “To do that, they must link to the 1956 Dodge
you’ll want to have in your quiver. Look high speed data centers with very high- in the CEO’s garage
also to solutions such as scalable band- speed optical and wireless networks to to rolling out opera-
width on demand. eliminate Internet bottlenecks.” tions centers
worldwide. “Sorry! We had to take your
One company that provides gigabit One of the ways to meet next-generation site down because my dad
Ethernet solutions is Telseon demands is through partnering with a needed the garage.”
WEB HOSTING MAGAZINE

4. SOFTWARE packages, electronic customer relations viding training for service providers in
UNIX (or Linux or FreeBSD) or management (CRM), supply-chain man- the use of their product.
Windows (NT or 2000)? This is the first agement and systems management.
choice hosting providers are faced with in FULL E-COMMERCE PACKAGES
Storefront software is just what the
terms of software. BroadVision is well supported in the
name implies — a platform for
According to the folks at industry with established B2B and B-2-C
setting up online what resembles
Uneven Internet packages. Recently allied with Hewlett-
a traditional store. It helps the e-
(uneven.com), “NT is Packard and Sun to provide a hardware/
tailer to arrange products by
easier to use than software package, the company offers
category and allows the shopper
UNIX, but UNIX is personalized e-business applications as
to search for, order and pay
usually faster and can well as CRM. Although it is
for merchandise.
run Apache.” moving from a propri-
The goal of customer-relations etary language
A recent survey by software is to enhance and personalize toward
Netcraft (netcraft.com/survey/) indicates online-shopping experiences with an eye XML and
that Apache is being used on more web to getting the product through the Java, current “No general! Not B2 support!
servers than all other software combined. payment and delivery process. Supply- analysis We need B2B support!”
Part of the reason is that it’s free; another is chain management solutions control reports that
that it’s a reliable, stable platform. production rates and parts ordering to it lags behind some competitors, such as
Outside of the open source world, minimize warehouse time and space. InterShop and IBM in this regard.
Microsoft is the overwhelming market Integration between these two systems,
IBM (ibm.com) offers its WebSphere
leader. Some of the most popular e-com- plus accounting, marketing and sales,
suite in competition to Broadvision. The
merce packages only run under requires a systems-management package.
company has allied with Ariba
Windows. Hosting providers will either There are literally thousands of products (ariba.com) to market supply-chain man-
have to make their UNIX-based to choose from in each category, ranging agement solutions. As one of the largest
machines work with NT/2000 or pur- from full-service solutions from the likes companies in the world, it also offer
chase dedicated servers that operate on of BroadVision (broadvision.com) to spe- smart cards and application servers, as
those systems. cialized packages from Miva (miva.com), well as e-commerce solutions. IBM pro-
for instance, which are designed for a vides advice and training both in its
DATABASE SERVER specific purpose. products and for general information
The next issue at hand is the database
Customers want to choose, “a fully about the set up and operations of e-
server. While there are many choices,
managed service where the vendor pro- commerce sites.
most industry players stick with the tried
and true. “There are two database servers vides all the assets and integration as part Intershop (intershop.com) is one of the
that support the majority of the e-com- of the service,” Intel Online’s Rowe leaders in online-storefront software. Its
merce world: SQL 7 and Oracle 8,” says explains. Finding e-store software you package includes Intershop Enfinity and
Intel OnLine’s David Rowe. can work with and support is key to Intershop 4.0. The company has tradi-
helping your clients. tionally focused on small to medium
Microsoft’s SQL Server is the database
Web hosts who want to be competitive businesses, but now also offers an enter-
for the Windows family. Oracle 8i, cur-
and keep their clients happy must be prise-level product, Intershop
rently in release 3, is Apache compatible.
familiar with many different solutions. Marketplace Tool Kit, which connects
Oracle continues to migrate to hosted
Not only should you know sell-side applications to e-marketplaces.
solutions with its new Oracle 9i, its phi-
about the most popular Over its history, Intershop has developed
losophy being that software is becoming
packages, but the search for a strong track record of allying with and
a hosted service more than a product.
better solutions should never supporting service providers.
So you’ve gotten the OS issues and end. Every day new, more Yet another major player in the e-
database software packages squared away? powerful and more cost effective commerce software sphere is
These are but the tip of the iceberg in e- e-commerce tools are offered. InterWorld (interworld.com). Its
commerce solutions. There remains The key to increasing your client primary strength lies in B2C
dozen of decisions to be made in terms base and your revenues may be in one software. InterWorld’s
of software for designing, maintaining of those new offerings. You also need Commerce Exchange suite
and monitoring e-commerce sites. to know your software well enough to offers transaction man-
be able to offer training and support for agement, personalization,
E-COMMERCE PACKAGES
your customers. Software providers are content management and a variety of
E-commerce software can be broken
more than willing to help out by pro- merchandising features.
down into these categories: storefront
WEB HOSTING MAGAZINE

5. When companies as large as Sun and unlimited integration of product choices, shopping from presentation through pur-
Netscape (recently assimilated by AOL this can be overwhelming to the con- chase. A recent report by Ovum
— resistance was futile) get together, sumer,” says Online Insight’s Ken Forster. (ovum.com) states that consumers expect
their offering cannot be ignored. IPlanet CRM is the attempt to overcome the their online experiences to match or
(iplanet.com) offers, in its own words, e- problem of too much information exceeds real-world experiences. Here are a
commerce solutions “from silicon to scaring away the customer. The visitor to few shopper-pleasing offerings:
eyeballs.” As a hardware/software combi- a site doesn’t want to look at every pair of In August, Oracle came up with a nice
nation of formidable parentage, it brings brown shoes made, just the ones that little loss leader — it’s giving away (or
the advantages of Sun’s hardware and interest him. was as of press time) its Sales Force
Netscape’s Enterprise Server software. CRM allows online merchants to cus- Automation (SFA) package online. This
tomize their offerings to meet the needs of package provides pipeline management,
STOREFRONT SOFTWARE FOR
individual customers. There are any which is the funneling of goods from
THE MASSES number of ways of accomplishing this: manufacturer to consumer, along with
The companies listed above offer online visitor surveys, demographic analysis (poor calendaring, expense and travel man-
storefronts as part of a full e-commerce people don’t shop at Neiman-Marcus very agement. Of course, Oracle is not in
package. These are the big boys whose business to lose money. The most likely
solutions meet enterprise-level needs. reason behind this giveaway is to attract
However, for those not in the business of customers to incorporate more elements
hosting large numbers of Global 2000 of its CRM package.
companies, one of the following mass-
market players may serve as a more Siebel (siebel.com) is one of the larger
appropriate partner. competitor to Oracle in the CRM arena. It
offers a full suite of applications for sales
Miva (miva.com) offers storefront solu- force, call centers and marketing, among
tions and credit-card enabled order forms other solutions. Its field and sales services
as part of Miva Merchant, its e-com- include online configuration and pricing as
merce package. It also participates in well as hand-held voice and wireless
different types of comarketing with software. It also has a full suite of B-B,
hosting partners, according to company B2C, auctioning and marketing software.
spokesperson Sherry Isler.
E.piphany (epiphany.com) offers web-
iHTML from of InLine Internet Systems based CRM applications with real-time
(inline.com) offers site solutions ranging analysis. The customer’s current
from database driven e-commerce sites to often) and the use of algorithms to person-
alize the shopping experience. behavior is calculated real-time into the
simple brochureware. “Most of our interaction he’s having with the site. It
partners are smaller web hosting com- In simple language, an algorithm is a offers the E.phiphany E.5 system, an
panies,” says CEO Russ Cobbe. symbolic formula running through a “analytical and operational” customer-
Mercantec (mercantec.com), which con- number of steps that can remember the relations management package that
centrates on the small to medium steps it went through. In practical terms “coordinates and unifies, in real-time,”
businesses, markets its SoftCart package to it means that when a visitor signs on to a all interactions with customers.
service providers, as well as individual busi- web site, his past behavior can be recalled
nesses. “Mercantec considers its channel and used to present him with customized A MORE PERSONALIZED
[service providers] to be key partners and product offerings, designed specifically EXPERIENCE
treats them as such,” says the company’s for him. What makes an algorithm Online Insight (onlineinsight.com) offers
Product Manager, Bob Honn. “intelligent” is its ability to adjust to one of the most innovative ways of per-
changing circumstances. sonalizing web sites. Its current solution
CRM SOFTWARE Closely allied with customer-response is a two-fold product. On one hand, an
CRM software aims to do what old programs is the idea of data mining, or intelligent algorithms uses a query-and-
Alfred Fuller aimed to do: know that looking for patterns in data. This is not response format to guide the consumer
your Aunt Harriet’s birthday was coming just a new presentation of existing data. to product choices that meet his needs.
and make you a special offer on a boar- True data mining can find and present On the other hand, the aggregate data is
bristle brush. It helps tailor the buying previously unknown relationships among collected and analyzed to provide
experience to the individual shopper and and within existing data. feedback to the merchant. This process
gives them the feeling that the merchant allows not only a more efficient shopping
care about them and their needs. MANAGING SHOPPING experience, but literally improves the site
“While the power of the Internet enables Again, a great many companies offer e- each time it’s accessed.
CRM, the software that manages
WEB HOSTING MAGAZINE

6. Another approach to giving the con- vendors like IBM, Cisco or Sun, they kind of monitoring for intrusion.
sumer a personalized shopping likely have already familiarized you with Known as IDS (Intrusion Detection
experience is to put a real person into the their security offerings. If you’re a start- Systems), these protocols are either
equation. Live Person (liveperson.com) up provider, patching together installed on the host machines or on
does just that. At crucial junctures in the equipment and customers, while trying the network. Each system, of course,
shopping process pop-ups appear that to keep one step ahead of intruders, some has its advantages and blind spots, and
allow the consumer to chat online with a of the first places you should visit are the more complete coverage is provided
live operator. web sites of these vendors. All of them when the two types are combined.
The live operator has access to data col- offer a wide range of services and infor- Host-based IDS are not as fast as
lected from the shopper, allowing them mation to help you better address network IDS, but their strengths
to answer questions intelli- security concerns. include stronger intrusion analysis.
gently and accurately. One Firewalls, which are a combination of Additionally, they focus on data specific
advantage is that, since hardware and software implementing to the host and have a lower entry cost
this live person interaction security between two or more networks, than network systems. IDS operate by
is occurring in a are the most basic element of a security examining the system, event and
chat format, the system. They come in three basic flavors: security logs on Windows NT and the
operator is able to Packet filtering routers restrict traffic by syslog in a UNIX environment. Since
“Your live operator went to service several looking at the sources and destinations of they are using logs containing actual
lunch. Say hello to a customers at a individual packets. Proxy/circuit level events, they can verify whether a
smooth operator, baby!”
time. The use gateways act as an intermediary by given attack
of ASP technology also means there is no requiring each user to first connect to the was successful.
hardware or software to install. firewall. Application proxy firewalls One of the flaws
extend the proxy/circuit firewall to the of an IDS is that
CREATING A MARKETPLACE application level by inspecting traffic to they cannot
The next step beyond hosting a single ensure that it conforms to the particular detect every type
store is to combine individual storefronts application’s protocol. of intrusion,
into a larger marketplace. Such a collabo-
A common addition or enhancement to a most notably,
rative effort can pay big dividends
firewall is called a DMZ (de-militarized those that are
including links between multiple mer-
zone). In most cases, this is a combination launched from the key-
chants’ sites, group buying opportunities
of firewalls and bastion hosts (themselves a board of a critical
and the sharing of software and
gateway between internal and external net- server and, therefore,
hardware. Another plus is that shoppers
works). Generally a DMZ sits outside the don’t cross the network.
can be kept in-house and not be lost to
main firewall, acting as an additional In such cases, a host-
the competition. For the web host, this
barrier to intrusion. based system can be effective. since they
translates into more flexibility, higher
The basic function of a firewall is to can detect infiltrations that may be
profits and ease of management.
restrict to the minimum what a service unseen by network- based IDS. Also,
The focus of Actinic Catalog since the host-based system examines
requires to implement an application. In
(actinic.com) is to assist ISPs and web de-encrypted data, it will see attacks
other words, it limits communications.
hosts with the set-up and maintenance of that can be missed by a network system.
Internal systems may need to initiate con-
multi-store e-commerce sites. It does so Although host-based systems don’t offer
nections with a server on a DMZ network,
by supplying a hosting engine, pre-con- true real-time response, when properly
but not the other way around. Access for a
figured to run on a service provider’s implemented, they come very close.
database server, for example, should be
servers. Release 3.0 of the product
limited to web servers that retrieve infor-
received excellent reviews. Release 4.0 NETWORK-BASED IDS
mation from the database and internal
was launched in late September. While the initial cost of a host-based
systems used by database administrators.
system is lower than that of a network-
SECURITY CONCERNS Firewalls should also hide internal based one, network systems can be
The number-one consumer concern in network architecture and addressing from strategically deployed to monitor traffic
making purchases over the Internet is external users. Finally, the firewall should destined for multiple systems. On
security. Buyers want assurances that itself be difficult to scan by limiting what network systems, software only has to
credit card numbers won’t disappear into protocols may pass through it. be loaded and configured once, instead
the Internet cloud, only to reappear in of on a variety of different systems.
some hacker’s computer. INTRUSION DETECTION This lowers the total cost of own-
Most of the commercially available ership in an enterprise
If you’re working with one of the major
security systems include some environment.
“North Korea just called. For a couple of bags of
WEB HOSTING MAGAZINE rice, we can put our network in the DMZ.”

7. Network-based IDS also look at all a safe — all of which identification is necessary for e-com-
packet headers. Since many denial of have a rating. That merce security.
service attacks can only be found by rating tells the purchaser Another important security player is
looking at packet headers and host- how long a professional Internet Security Systems (iss.net). In
based systems do not examine packet with tools will take to get its own words, “not only does ISS offer
headers, network-based IDS are the to the contents. If an alarm doesn’t market-leading, best-of-breed security
only way to protect a system against alert a guard to come running, the management systems for
this type of attack. thief makes off with the jewels or, in security assessment, policy
Another major advantage of the your case, a client’s database. enforcement and intrusion detection
network-based systems is that they Those who offer web hosting services — all built on the company’s
operate in real-time. Attacks are must give their clients an assurance that SAFEsuitetm security-management
reported as they occur, allowing faster not only are you using the best of current platform — it also provides
notification and response. Since any technology to protect them, but superior customer service, con-
hacker worth his salt knows how to that you, or a service you employ, will sulting and education offerings
manipulate audit logs, the rapidity of be there when the alarm sounds. that significantly reduce the com-
network-based response means that he If you intend to be your own cop on plexity and expense inherent in
will not have time to remove the evi- the beat, you should look at some of protecting online assets.”
dence of his visit the companies offering security systems Each of the companies listed above not
before being solutions. Among these are @Stake only sells products or services, but also
found out. (atstake.com) whose chief science have web sites full of information.
The bottom line officer is a man named Mudge (and you Since, as a web host, you need to be
A hacker’s worth of salt.
is simply that thought that was Mr. Spock...). In spite informed to properly service your
each of these of a name that sounds more like a clients, these sites are an excellent
intrusion detection systems has strong crazed chef who makes candy, Mudge is place to begin increasing your
and weak points. One or the other may a highly respected cryptographer whose knowledge of security.
work best for the particular envi- company offers a rapid ramp-up to If you want to take a look at the other
ronment you are hosting, but it is likely secure server architecture. He has also side of things, visit Phrack Magazine.
that you will find some combination of co-authored a number of technical This is a magazine aimed at “hackers
the two gives you the overlapping papers and reports with Schneider. The with honor.” Like the rogue Samurai
security necessary to protect your @Stake web site is an excellent source or Ronin of medieval Japan, their skills
clients’ businesses. of information. are deadly, but their hearts are in the
Also, check out Entrust (entrust.com). right place. Though Dogpile lists its
WHO’S OUT THERE AND WHAT
Its offerings include security solutions URL as phrack.com, this link led
ARE THEY DOING? for both web and wireless transactions. nowhere. Back issues were available on
In addition to the large companies, Its customers include New York Life, world.std.com /~loki/security/phrack.
there are many smaller outfits that offer Chase Manhattan and the U.S.
special packages and options. If you E-commerce offers many opportunities
Government. It wholly owns a subsidiary along with a host of challenges for the
think the installation of a firewall called Cygnacom (cygnacom.com),
between your hosted storefront and your web host. It's an area that's changing
which specializes in public key infra- daily as it struggles to meet the demands
database server is enough, you need to structure (PKI), information security
think again. Counterpane (coun- of customers. We have looked at only a
consulting and security evaluations. small percentage of the hardware,
terpane.com), one of these companies,
points out the obvious, “If a firewall was PKI is a system of certificates and other software and security solutions available
perfect, you wouldn’t need an alarm.” registrations that verify and identify the in this crowded field. The one con-
parties in an Internet transaction. clusion that can be drawn is that, as a
Counterpane was started by the man Currently, there’s no industry-wide web host, you can't ignore the impor-
who literally wrote the book on cryp- standard for building a PKI or any tance of e-commerce
tography. Bruce Schneier is the author single PKI. While the and what it
of Applied Cryptography and a recog- industry differs on means to your
nized expert in the field. The idea which PKI will future. In the
behind his company is that security is be used and how words of Ted
an on-going process, not a product. to make one, Turner, you
The concept here is that there’s no there is general have to "lead,
perfect security technology. The analogy agreement that follow, or get out
Counterpane makes is to the purchase of this level of mutual of the way."
Posted with permission from Web Hosting. Copyright 2000.
#67528 Managed by Reprint Management Services, (717) 399-1900, www.reprintbuyer.com