| Posted by HNLV, 01-29-2008, 12:56 PM | | Ok, lets just imagine here for a second.
A managed host with all the features provided to a client from doing regular OS updates, doing kernel updates, keeping the server secure, keeping the logs clean, keeping spam databases up to date, making backups on a regular basis, solve issues with the OS and all that good stuff that any dedicated server user would want. Basically, a pro-active managed host.
After providing all these services, is a managed host obligated to give the client root access?
I mean isin't it easier for the client to just post a ticket and get the job done in a few minutes? And besides, now often does a client who require managed hosting need to do something in shell WITH root access?
If anything, they are only prone to break stuff that they are not be familiar with and then the host has to look around to see what caused the issue. I mean, that is one of the reasons someone signs up for a managed host, to make sure they don't have to use the CLI and keep stuff up to date instead of concentrating on their business, right?
What are your thoughts on this matter?
I'd appreciate if you posted your reasoning along with the vote.
Last edited by HNLV; 01-29-2008 at 01:00 PM.
|
| Posted by ServerManagement, 01-29-2008, 02:24 PM | | I think the choice should be up to the customer. If they want root access, they should be able to have it (whether they need it or not). If the host is worried that the user may break something, then they can have in their policies that if the user gets root access that they are not responsible for user damage.
|
| Posted by dollar, 01-29-2008, 02:28 PM | | In my opinion if you aren't going to give root access then I wouldn't sell the service as a dedicated server. I'd brand it differently such as just "Managed Hosting" and go into details about the specs of the machine the user will have all to themselves.
I would sell it more as a "solution" (yes I know it's a buzz word) than an actual server. I.e. you have a client that has a large vbulletin forum, instead of selling him another dedicated server explain how you are going to move the MySQL server over to another machine and what the cost increase vs. benefits will be.
|
| Posted by Tina J, 01-29-2008, 02:36 PM | | But a dedicated server means that the server is DEDICATED to one customer. I don't see how calling it a fully managed dedicated server is misleading at all.
We've always offered fully managed dedicated servers, but won't give out root on those. If you want us to manage your server 100% - then we'll cover everything, but we're not going to dink around with your screw ups and trying to "prove" that it was your fault and not ours.
However, we have started doing a semi-managed solution - which is basically the same thing, but with root access AND we limit the number of hours we'll put into your server per month (regardless of the issue).
These two solutions seem to satisfy both crowds.
--Tina
|
| Posted by HNLV, 01-29-2008, 02:57 PM | | My thoughts exactly Tina.
|
| Posted by HNLV, 01-29-2008, 03:04 PM | | Even if one could see its a user damage, how often do you think the user will admit "ok I did it" or actually explain what were they doing that made the server go down?
Its basically time consuming to back track their steps and find out what they were actually doing and be able to fix it.
I'm sure the user doesnt care who started the problem, they ordered a managed server, they want it fixed no matter what. And if you dont fix it....you know all the drama that goes on here on WHT.
|
| Posted by ServerManagement, 01-30-2008, 04:27 AM | | I agree, but still if a user is buying a dedicated server (even if it is a fully managed dedicated server) it is usually implied that they will have root access. I know many fully managed providers that give the root password upon request, and most give a disclaimer along with it.
Otherwise, the server should explicitly be advertised without root access. In that case, then it's up to the potential customer if your offer meets their requirements or not before purchasing.
If you advertise a fully managed dedicated server and do not explicitly say root access is not given, I think some people will be surprised afterwards.
|
| Posted by Tina J, 01-30-2008, 04:30 AM | | This has nothing to do with whether a fully managed dedicated server customer should get root or not - this has everything to do with whether or not a provider states this upfront. Common sense 101.
--Tina
|
| Posted by net, 01-30-2008, 04:37 AM | | I don't agree with you AH-Tina.
Fully Managed or Not, some customer needs root access to do some things as long as they do not touch the main configuration or install any softwares that you do not know or aware of.
It is simply a way of organizing with the clients of the things they can do or not. It is their server and they have the choice.
Of course, you are free to choose your own definition of "Fully Managed Dedicated" thing.
Net
|
| Posted by Tina J, 01-30-2008, 04:42 AM | | If a customer needs root access, then they don't need fully managed (by our definition of fully managed). With a fully managed server, you're paying your host to handle EVERYTHING that needs to be done as root. That's why its called FULLY managed. If your host isn't handling those things for you, then drop it down to a semi-managed solution or find a different host.
Personally, if I was paying for a full service car wash - and then I felt the need to get out and start wiping down my hubcaps on my own...I'd wonder why the heck I was paying for full service.
--Tina
|
| Posted by net, 01-30-2008, 04:49 AM | | I just hope you are not washing all your servers :-)
Well, that is how you run your business Tina. No question about it.
But we will stick with our own definition :-) Goodluck!
Net
|
| Posted by Tina J, 01-30-2008, 05:00 AM | | I'm not a cleaning kinda gal. My cleaning woman was giving me cleaning tips today - which I found quite ironic.
--Tina
|
| Posted by IH-Chris, 01-30-2008, 05:48 AM | | A little different.... you are not locked in your car. You can prewash your wheels before you go to the wash. . Fully managaged or not, you are restricting access which equals to service restriction. You might as well offer it as a "semi-dedicated" reseller account. At least I don't see the difference without root.
|
| Posted by rv_irl, 01-30-2008, 05:53 AM | | I disagree.. What if a user wanted to poke around the server and see what is what. Maybe they just want to run something simple such as TOP? It doesn't mean the host is letting them down, they are just curious..
|
| Posted by Tina J, 01-30-2008, 11:45 AM | | If we're providing a FULLY managed server, we don't need someone "poking around" the server. People with root access do all sorts of insecure stupid things.
If you're paying for a fully managed server, your provider should be doing everything you need them to do as root. Otherwise, why are you paying for fully managed service? That just doesn't make sense to me.
If you want root, get a semi-managed server - where you can have root access and then you can fall back on your provider when you screw stuff up.
Anyway, that's my viewpoint. Fully managed server - no root, but your provider should handle every little thing that you need done as root. Don't like not having root? Get a semi-managed and have root with a set number of admin hours included in the package. That seems to cover both types of needs and works very well from what we've experienced.
--Tina
|
| Posted by whmcsguru, 01-30-2008, 11:54 AM | | Top doesn't require root to run.
It's worthless (kind of) without root, as you can't kill processes you don't own, etc, but it's still not required to run as root.
As for the question
This is a question that will never go away. As a Managed Services Provider, myself, I know fully what kind of damage a customer can do to their server, and the ideal of it being disabled, not a bad ideal.
On the other hand, as a consumer, I would never spend that kind of money for a 'managed server' without full root access.
When denying root access to customers, you take on full responsibility. This means that you MUST update everything and keep everything up to date. Too many providers (including some advertising 'remote admin' packages) just don't do that. This makes for a very large security risk for hosts, and a bad thing for clients.
This isn't , of course, to mention the fact that no one host can support everything. There are hundreds of thousands (if not millions) of tiny little packages and addons available for Linux, and to ask your host to support it, well, just insane. So, what happens when you need ffmpeg compiled a particular way, and even that doesn't work? Well, you've got to debug the situation to find out WHY it's not working, and, of course, you'll probably have to give (inssertsoftwarecompanyhere) access to deal with the problem. Maybe root, maybe not, but most likely yes, to deal with the full problem.
Personally, again, I'd never pay that much for 'non root access', but for some it's worth it. To those some, make VERY sure that your provider is keeping you up to date, because if they don't, you're screwed.
|
| Posted by HNLV, 01-30-2008, 01:45 PM | | Lets say the host is in fact updating the server on a regular basis, no doubt about it. So for those who are agreeing to give root access to FULLY managed dedicated servers, it is OK for the client to install whatever the heck they want and update whatever they want and then break things (like not compiling php after a mysql update) and create holes to an already secured server as opposed to the host, who have full knowledge of what they did on the server, that kept the server up to date from day one?
I am not biased towards not giving root access but that really does not make any sense. I've known people working in huge companies with huge databases and everyone has some sort of read/write access to the database but only 1-2 people in the company know the actual root password of the main database. Cause stuff usually break when people poke around and then no body wants to come forward when something like it does happen but they expect the IT dept to fix it either way.
So the client can "fool" or "poke" around and break stuff and then complain to the host complaining xyz is not working (despite the warnings the hosts give to the client of having root access) and the host has to spend all that time to find the problem when the client is not willing to tell what they were doing (most of the time their excuse is "I was just looking around and suddenly I got kicked out," yea right!).
So all of this is alright in your books?
Last edited by HNLV; 01-30-2008 at 01:49 PM.
|
| Posted by whmcsguru, 01-30-2008, 02:40 PM | | Being someone that welcomes problems and how to solve them, typically, yes it would be ok.
I've been working in the Linux field for a good number of years now, and, typically, I don't run across much that I can't solve (config or not), and my clients know that if they need something done, contacting me is the best solution. If I don't support the application, I tell them that, and route them another way.
Typically, the most a 'client' will screw up is configuration files which can easily be remedied and fixed if you know what you're doing in the server.
All in all, if the client doesn't want to tell me what they did to break the server, then I can't help them, and I let them know this straight off. Things don't just 'change', we all know that, buut what one person says means nothing means everything (and usually solves trivial problems).
It's a catch 22. If you don't know what you're doing with a server, then you don't need root access. If, however, you DO, then you should have the OPTION of having it enabled.
|
| Posted by HNLV, 01-30-2008, 03:32 PM | | I guess we can go back and forth at this all day but ultimately its what works for the company I guess.
I wonder how other managed server providers work such as inetu, rackspace, datapipe, navisite among others?
|
| Posted by HNLV, 01-30-2008, 03:39 PM | | Wow, the polls are equal, 8 and 8. Except Tina, none of the "DO NOT give root" access are replying.
I would love to hear from them, just to see what is their justification.
|
| Posted by whmcsguru, 01-30-2008, 03:52 PM | | I can't speak for the others, but at last check (admitttedly a while back), rackspace gave full root access to clients. Of course, rackspace doesn't provide 'fully managed' services either.
|
| Posted by rv_irl, 01-30-2008, 03:56 PM | | It seems like a lazy way of being a managed provider. If I didn't have a clue about what I was doing, I would get a managed server so anything I screw up, the company can fix. If you are going to restrict particular things because your fully managed services find it too much of a chore to fix, then it's another story.
|
| Posted by HNLV, 01-30-2008, 04:31 PM | | I think you might have got the wrong idea, I dont think it has to do anything with being lazy.
Its more about security and the like, which is what the client pays for to keep the server safe. If they inadvertently do something which might create a breach then who is to blame?
|
| Posted by Tina J, 01-30-2008, 04:45 PM | | Its not being lazy, its making sure that we can stand behind a service that we offer. If we say FULLY MANAGED, we mean that we will go to great lengths to make sure that every root access need is taken care of.
If we have to add in "customer screwed up apache, again." time into that...we would have to significantly raise our pricing. There's already a Rackspace out there covering that market.
If you want to pay us to fix your screw-ups while you learn, then go with a semi-managed solution and we'll be more than happy to - but there's a limit to how much free time we'll provide you.
--Tina
|
| Posted by dprundle, 01-30-2008, 04:49 PM | | Give them root access - if they don't have root access, do they really have a dedi box or are they a single shared account on their own box?
|
| Posted by Tina J, 01-30-2008, 04:50 PM | | Dedicated box means they have a box dedicated just for them. Root or no root doesn't define that.
--Tina
|
| Posted by HNLV, 01-30-2008, 04:53 PM | | What are you talking about?
dedicated means dedicated resources. Shared hosting means shared resources. What has that have to do with a shared account?
EDIT: didn't see your comment.
|
| Posted by rv_irl, 01-30-2008, 06:01 PM | | Hence RackSpace calls it a managed solution. The client screws up, and they will fix it. That is what I call a managed solution. Not being restricted to what I can or cannot do for the sake of the support team not spending time on things that go wrong. I don't call that managed.
Nobody said anything about learning
|
| Posted by Tina J, 01-30-2008, 06:19 PM | | Rackspace also gave a customer of ours a quote of close to $3000 for a managed solution. We quoted them at $750 and the only difference is that they don't get root access.
Had the customer wanted root access, they could have our semi-managed solution - and the only difference would have been the number of hours per month we'd provide admin time. They'd need a HUGE amount of billable hours in order to reach Rackspace's $3000 price tag.
So, I guess the difference is whatever you want to call it. We call it semi-managed at $xxx with 8 hours admin time...Rackspace calls it managed at $xxxx a month with no limit. Fully managed, to us, mean we take care of everything because you either don't want to or can't.
--Tina
|
| Posted by Steven, 01-30-2008, 06:22 PM | | The way I see it, a fully managed server should never need the client logging into the server as root (as its the management companies job), so essentially its no different then not providing root access.
For example, I have several managed clusters, where the clients have not logged into them EVER. They have been running for months without the client ever needing to login for any such reason. We accommodate them in any way they need, adding subdomains, heck modifying their adsense on their vbulletin forum, this is also why these clients pay large sums of money for service. They have root access but, they will NEVER have to use it as they have no need.
On the other side of the token, we have clients who do NOT have root access what so ever. They have no complaints.
My believe of 'fully managed' is they should NEVER EVER have to touch root.
Enterprise grade customers generally will not care if they have root or not, they want their application online no matter what it takes, and generally will not want to login for fear of damaging that reality.
Last edited by Steven; 01-30-2008 at 06:30 PM.
|
| Posted by Steven, 01-30-2008, 06:28 PM | | Side note on rackspace. Rackspace supports a limited software set. I wouldn't recommend them to anyone.
|
| Posted by Tina J, 01-30-2008, 06:37 PM | | Exactly. Unfortunately, we get the occasional corporate client who's IT guy (and I use that job title very loosely) will complain to the boss that he needs to get in and tweak things. We recently had one of those such clients wipe out the gateway on their box and then scream at us that we either firewalled them or our network was down.
--Tina
|
| Posted by Steven, 01-30-2008, 06:44 PM | | In cases like those, I kindly explain to the bossman that we are perfectly capable of making what ever tweaks they need if they tell us what they need, it usually goes over well.
|
| Posted by Tina J, 01-30-2008, 06:54 PM | | Yeah, same here.
I think the issue can't be black and white because there is no set standard of what "fully managed" means.
In my mind, and many others, fully managed simply means that if it needs to be done...the host should do it. In that case, its just silly for the customer to have root.
Rackspace's managed solution and what most people are calling Fully Managed - would fall under our semi-managed solution. Its basically the same thing, just being called by a different name.
--Tina
|
| Posted by The3bl, 01-30-2008, 07:29 PM | | We give root on all our plans including fully managed.
Our TOS says and customers are warned if in doubt do not do it ask us for help, if you screw it up we will charge hourly to fix it. But if you want root you got it.
We have had very few problems where customers have messed a system up, most of them ask us first before they run a command they are unsure of then we either do it for them or tell them how to do it if they want to run it.
A lot of them like to go in and do a few things themselves like tailing log files for heavy users of mail services etc.. , rather than putting in a ticket and waiting for us to do it for them. It makes them feel like they own the server and empowers them, making the whole experience of having a server more satisfying. Then again we have customers that do not want root and want us to do everything for them which we do also. It is up to the customer to decide what they want.
I personally don't see the big deal about it.
Last edited by The3bl; 01-30-2008 at 07:34 PM.
|
| Posted by Tina J, 01-30-2008, 07:35 PM | | I think a lot of it has to do with pricing. We don't give root on fully managed boxes, but our costs reflect that because we know what our average monthly time spent per box is. So, its cost-effective for both the customer and us to not allow root.
Semi-managed, which is what most of you are referring to as "Fully managed", is priced with that in mind as well.
--Tina
|
| Posted by rv_irl, 01-30-2008, 07:40 PM | | Regardless of the price, I would call that a true managed solution..
I think we're crossing over onto definitions here rather than if the client should have it, or the right to have it..
Every company is going to have a different definition of managed, and quite honestly, every company has. Nothing wrong with your policy of giving or not giving root access. At the end of the day, so long as the customer knows about it, then its fine..
I'm saying for me, my definition of an ideal managed solution would be where the company will without hesitation give me root access and if I do screw anything up, they will fix it. That is my idea of a full managed solution. But you can't tell me what I want or should want and shouldn't want. If I want something and am willing to pay for it, then I don't see why it should be classed as wrong.
|
| Posted by The3bl, 01-30-2008, 07:54 PM | | No I am not referring to only semi managed, our fully managed plan is just as fully managed as your are. The only thing we do not do under fully managed is get into programming their site for them.
If they want root give em root you will find most do not screw up that often and if they do it is a easy fix most of the time.
|
| Posted by Tina J, 01-30-2008, 07:59 PM | | I'm not referring to what's offered. I'm referring to price. You charge more for your fully managed servers and you give root access. We charge less and don't give root access, but there's less work for us to do. We price our semi-managed (which is actually what your fully managed plans are) higher with that in mind.
--Tina
|
| Posted by The3bl, 01-30-2008, 08:02 PM | | Huh? so yo charge more for your semi managed plans than you do your fully managed plans?
How does that work?
|
| Posted by Tina J, 01-30-2008, 08:07 PM | | Because what you call a Fully Managed server is what we call a Semi-managed server - its the same thing. Looking at your plans and looking at ours, the pricing adds up to be about the same.
What we call a Fully Managed server is a 100% managed dedicated server hosting solution (if you want to put a fancy name to it). We can charge less for it because there's less work involved for us and, as we all know, time = money.
--Tina
|
| Posted by The3bl, 01-30-2008, 08:12 PM | | I am confused then.
Your web sites says Fully managed Monitor & Proactive Response.
Semi managed Monitor & Notification
Not sure what that means to you. But it sounds a lot like our fully managed and semi managed where the difference is with semi we do not have Proactive Response and our fully managed does. That is why we charge more for the fully managed.
If you are doing the same but charging more are you getting many takers?
|
| Posted by Tina J, 01-30-2008, 08:22 PM | | Fully Managed = We monitor it, get the pages at 3 am and react to fix the problem. Customer doesn't even need to be bothered.
Semi Managed = We monitor, but customer can get the notification and decide what they want to do (fix it or page/call us to fix it). If they want us to get a notice and proactively react as well, that's fine too.
The only differences between Fully and Semi is the root access issue - and unlimited admin time per month -vs- 8 hours admin time per month and DNS cluster/no cluster.
We find that semi-managed customers require more intervention. We don't actually charge more per month for those, but due to the admin hour limit I consider that costing more. For what its worth, no one has ever come anywhere near that limit.
--Tina
|
| Posted by The3bl, 01-30-2008, 08:29 PM | | Well as my Grand dad used to say to me.
"Son that is why they make Ford and Chevy everyone gets a choice. "
|
| Posted by Tina J, 01-30-2008, 08:47 PM | | Smart guy - was he a Ford or a Chevy man?
Seriously, I think its just that we basically call the same thing (Service X) by different names (Fully Managed vs Semi-Managed). At this point, there is no standard on what Fully Managed, Semi-Managed and Managed Hosting actually encompasses.
So, bottom line, the customer would be wise to figure out exactly what they're getting when they order. On that note, don't even get me started on VPS accounts. Probably 50% of the people who order a VPS account thinks they're getting simply a big ol' shared hosting account.
--Tina
|
| Posted by Richard, 02-01-2008, 12:32 PM | | Agreed. If they know what "root" is, they can ask for it and work out some half-managed deal where you go behind them fixing things they break as they pretend to know what they're doing...
|
| Posted by Toby H, 02-13-2008, 04:53 AM | | I would say as standard, no, but on user request grant ssh access for a period of time (predefined with the request), during this time the client's SLA is suspended, any change made during the time that the user had root access that causes a problem later on is also not covered by SLA. That covers us from users breaking their servers then trying to claim SLA credit for an issue they caused.
|
|
 Add to Favourites
 Print this Article
|
