Over-sold or under-sold?
Many hosts have and still do over-sell their infrastructure. While it’s no good for performance on Shared Hosting accounts, the impact can be far more severe when it comes to VPS platforms. As a Virtual Private Server is an allocation of a physical server’s resources, there are maximums that exist (ie. total number of compute threads, RAM capacity, SSD storage, network throughput).
While many of those hosts will get away with few outages, situations can occur as we’ve stepped out below. Setting the scene firstly:
- Server has (for example) 32 cores, 256GB RAM and 2TB of SSD storage.
That’s all that is installed in the example server – no more past that.
- Talking in 4-core server (VPS) only, you could safely fit 6-7 on that server.
Each VPS could have up to 32GB of RAM to stay below the installed 256GB.
- SSD storage for each Virtual Server could be 256GB, staying under the 2TB
If that particular server only sold 6-7 quad-core Virtual Servers then it should remain stable. However, allocated resources and consumed resources can be very different things. Some servers will fairly reliably stay below the 50% utilisation mark, so a provider might choose to up-sell some customers from 4 cores to 6 cores, as on average the physical server under-pinning those 6-7 Virtual Servers sits at 50-70% CPU utilisation.
That’s where the danger is – the same as if they choose to risk it by allocating more RAM or SSD than is physically installed. Stable until the demand for resources flares up – at which point the chance of the physical server not crashing entirely is low. You then have a nasty situation where they have to power up the Virtual Servers slowly as booting them all at once would crash the server again.
How does LEOPARD.host get around this?
We refuse to over-sell our Hosting and VPS infrastructure – reliability is paramount to our customers’ success online.
Our physical servers under-pinning our Virtual Private Server offering are Dell EMC multi-node Cloud systems, with Intel Xeon CPUs and ECC* RAM powering them. Spare compute (CPU), memory (RAM) and storage (RAID10 SSD) is always reserved to ensure that the hypervisors can operate safely, and that load spikes can be catered for as they occur.
*ECC = Error Correction Code: More resistant to faulting from errors.
Full or partial virtualisation?
The virtualisation market (ie. software that allows you to cut up a physical server into many virtual servers) is quite crowded, and it tends to see new entrants come and go. Development requirements to keep a virtualisation system reliable, quick and secure is significant. There are many options from VMware, Solus, Virtualizor and more. While they all virtualise to some degree, what really matters is the technology they use to do it.
KVM is the gold standard, and in most cases is what you should look for while searching for a VPS. Kernel Virtual Machines allow full access to your own kernel, rather than other (para-virtualised) systems that merely offer you access to a shared kernel. Not only do those systems restrict your access and control, they also open yourself and the host up to potential problems if there’s a serious (ie. 0-day) kernel-level vulnerability.
Hosts who only para-virtualise can end up with the hypervisor’s kernel in a vulnerable state meaning that ALL Virtual Servers using it are at risk too. The chance of an attacker gaining access not just to a single VPS but to the under-lying hypervisor is far greater (kernel commonality).
How does LEOPARD.host virtualise?
We only offer KVM Virtual Servers, and provide a wide range of Linux distributions and derivatives on-order. You can upload custom ISOs too!
Choose from AlmaLinux, CentOS, Debian, Ubuntu, Kali and more, and feel free to experiment with your kernel configuration (and fallback options) until you’re happy! (Provided it’s not a production system, in which case pick a stable kernel branch and keep it up-to-date to improve security!)
A wise option if you’re a fan of hands-free maintenance is to pick up a KernelCare license which looks after kernel updates without the traditional need to restart your server after it’s applied. It cleverly rolls the updated kernel modules/etc into place as it can, keeping your server protected without downtime. The cost is small considering the protection it gives you. Worried about security? Let us know how we can help you!