In general, there are four levels of hosting service which differ according to their cost and how resources are allocated for your website. A good analogy for these differences is a parking lot. Shared servers are like a parking permit for a controlled access lot. You get in, but you have to then find an available parking spot, which may be difficult on a busy day, and some providers may sell more permits than they have spaces, betting on not everyone showing up. VPS (virtual private servers) equate to have a reserved parking space, that is always there for you whether you use it or not. A little more expensive, but the spot is always there. A dedicate server is then analogous to owning the parking garage. You always have all of the space needed, but this approach is overkill for most websites. Cloud computing is similar to valet parking with an hourly rate.
This is the most common and least expensive approach to hosting a web site where the resources of a single server are shared by multiple independent websites. This approach is made possible by the fact that most websites require only a very small portion of the full power of state-of-the-art web servers.
The lowest cost service is the shared page servers. This level of hosting service is sufficient for personal or limited page count and content websites. This service may be offered for free but has a limit on the number of website pages or storage space allowed. The hosting company will usually display advertising on your pages which is how they generate their income. If you want to eliminate the advertising, you will find the service is no longer free, although the cost is only a few dollars per month. The other limiting factor is that you must create your website by using proprietary builder tools and templates provided by the hosting provider. This can greatly limit your design options and what you can do in your website. If you then wish to change hosting companies at some future point, you will need to rebuild your website from scratch using the tools of your new hosting provider.
The next level up is shared application servers where file storage and bandwidth are partitioned such that multiple customers each have their own private accounts, databases, and file storage. Contemporary partitioning tools assure your account and data are relative secure. However, the processing power, and Internet bandwidth of the server are shared by all accounts on that server, on a first come first served basis. You also do not have access or control of the underlying operating system and overall platform configuration, which may limit what you are allowed to do or run on the server. The IP address of the server is also shared among all accounts which could cause some blacklisting problems.
For $5 to $50 a month, you get a fixed amount of storage space on the server, and a limit on CPU you aren't allowed to exceed, otherwise you application or website is suspended. A common marketing ploy used with this approach is an offer of unlimited bandwidth or storage. The hosting providers know that your CPU utilization limitation also limits the total amount of bandwidth you can use, so in reality while your bandwidth may be unlimited, your ability to use bandwidth is limited.
The main issue with shared servers is oversubscribing the servers. Providers bank on the fact all website are not active at the same time, so it is possible to have more websites installed on a server than can run if each were simultaneously active. For example instead of having 10 websites each with a cpu usage limit of 10%, the server may have 30 -40 websites, each with a usage limit of 10%. This is similar to selling more parking permits for a parking lot than available spaces, when you know only a fraction of the permit holders show up on any given day. If several websites become very active at the same time, performance of all web sites on the server will be diminished.
VPS (Virtual Private Server)
VPS is an improved but more expensive way to share server hardware across multiple websites. With VPS, it appears as if you have an entire computer dedicated to only your website while you are actually sharing the underlying server hardware with other virtual private spaces. With VPS, resources are dedicated and reserved for you, whether you use them or not. This is possible because of the extreme power of contemporary server configurations. An 8 cpu server with 20 gigabytes of memory can simultaneously support multiple single cpu, 2 gigabyte virtual machines. VPS also allow you to load and manage your own instance of an operating system, web server, database server, and other components you don’t get to control when using a shared server approach. As a virtual machine, you have full control over your complete machine configuration and what you can run on it. VPS also have IP addresses dedicated for their use only.
The primary benefit of VPS is having full control over server resources that are dedicated and reserved for your use without incurring the high cost of a dedicated machine. VPS are priced according to cpu class, memory, disk space, and bandwidth needed, and range in cost from $80 to $300 per month. The limitation of VPS is that if web site ever needs more resources than what is defined in your virtual machine, performance will degrade, and you will need to move to a more powerful virtual machine.
With dedicated servers, the server hardware is completely dedicated to your use. All of the capabilities are similar to VPS in that you have full control over all the software, operations system, configuration, etc. However, you are not limited to a specific amount of resources, and can utilize all that the server has to offer. The primary difference between virtual private servers and dedicated servers is the cost. Dedicated servers start at around $200 per month for a low end server, and then increase in cost according to size and power of the server selected. The process requirements of most websites are such that dedicated servers are overkill, and provide much more than could ever be used. You are paying for the full cost of a server regardless of how much you need or use it.
Cloud computing is an emerging new approach to hosting services and involves linking multiple computers together so that all users on all computers share all resources. The concept behind cloud computing is that instead of paying for a certain amount of capacity, you only pay for what you actually use, and when you use it. The amount of resources available to you expand and contract in real time as you need them and use them. For example, if in shared, virtual, and dedicated servers, you will have a storage allocation of say 20GB. This is what you pay for, even if your website only requires 3GBs. With cloud computing, you only pay for the 3GBs. If the size of your website grows, then you pay more. However, you also pay for processing power when you use it, bandwidth when you use it, data transfers when you use it, etc. The drawback of cloud computing is that your costs are unpredictable, and can become expensive if you have a sudden peak in unexpected activity.
HIPAA Compliant Hosting
One special class of service is HIPAA (Health Insurance Portability and Accountability) compliant hosting. HIPAA and the HITECH act provide regulatory requirements for the security of electronic health care information. These requirements directly impact the hosting approaches and configuration that can be used in health care applications. There are specific requirements for data encryption, as well as specific guidelines to use separate servers for different activities, as well as how that hardware can be shared. The end result is these regulations restrict the use of some cost reducing hosting approaches, thus HIPAA compliant hosting is more expensive, and typically starts at approximately $200/month.
PCI-DSS stands for the Payment Card Industry Data Security Standard. In order to accept credit card payments online or offline, you must comply with the credit card associations and networks rules concerning data security, with the objective to protect cardholder data. You are required to be PCI compliant if you accept any payment cards such as American Express, Discover Network, Diners Club International, JCB, MasterCard and Visa. This includes credit cards, debit cards, prepaid cards and gift cards.
When you accept payment cards online through a merchant account, some of the details of PCI compliance are handled by your website and hosting provider, some are handled by your merchant account provider (payment processor), and some aspects are handled by you (the merchant). The need for PCI-DSS compliance can impact hosting fees.