15 Sep Web Hosting Stack
At Mindpack Studios, we do everything in our power to keep your data secure, fast, and as feature rich as possible. If you throw some fast hardware on a network and fire up a couple services you could be quickly on your way to hosting a few websites and databases. But that is a only a few pieces of the puzzle, a puzzle that needs to be assembled in full to deliver results that stay consistent with high performance under most circumstances.
In this article, I’ll talk briefly about a few of the things we do to keep your data delivery at high speed to give a bit of insight as to the initial setup and regular maintenance required to keep everything well oiled and operating nominally.
Step 1 – Hardware Assembly
All of our hosted servers are custom built for the primary services they will be running. Putting the appropriate hardware in the appropriate locations saves us resources and allows us to deliver the highest quality of service at the lowest prices. High speed write drives do little good on our DNS servers but are greatly important on our DB logging servers. Memory for disk cache is surely important for Web servers, but even more hugely important for relational databases.
The big point here is to know your resources. CPU performance for website hosting has become much more important over the years; memory is imperative, especially enough for drive and DB caches; and enterprise SSD’s are definitely not all created equally.
Mindpack Studios regularly analyzes hardware responses and equipment for best use scenarios. Then long before any clients would see issues in production, we push the hardware to its limits in controlled environments to see if anything catches fire.
Step 2 – Network Congestion
For security purposes I won’t give too many details here, but we can briefly mention that we do prioritize certain types of traffic that are pertinent to high speed web delivery. In addition, firewalls are designed to block a majority of data that is unacceptable to a specific network segment or server. But most importantly, the goal here is to keep a sharp eye on the systems and notification tools that can predict a possible issue before it happens.
We have created a management system within the network here. KYNGIN, along with some additional tools, allows us to preemptively see any issues that may be creeping up before they actually cause a more serious problem. Higher latencies or issues that may appear as slightly erratic behavior can be looked into and repaired long before any outage actually takes place.
Step 3 – DNS Resolution
DNS is an important step in the process of speedy web delivery. Mindpack Studios operates four distinct DNS servers; two are here in the Chicagoland Region while one is on the east coast and one on the west. All DNS servers are are regularly monitored, maintained, and provided ample resources.
A majority of all DNS resolution happens on the primary and secondary nameservers which were custom assembled specifically for DNS. Its design is to handle large amounts of DNS requests and diagnostic logging, the latter of which produces an intense amount of data that can be used to preemptively determine potential bottlenecks or issues well before they arrive.
Step 4 – OS Tuning & Filesystem
We’ve moved through many OS’s over the years; a huge part of our hosting history is on a Linux flavor of some type. Linux always did well for us in the past – it is an absolutely great OS. Yet, the feature sets of FreeBSD seemed to infect our network quite quickly over the last 10 years. The more Linux servers we used, the more features we wish we had from FreeBSD. So as servers retired, we found more of a reason to build new servers using FreeBSD.
Our goals that have always gone a bit like this: 1) security, 2) reliability, 3) performance, and 4) open source. Well, for Mindpack Studios, FreeBSD is currently the solution that fits these goals best. We still regularly keep other operating systems on the network for performance testing or required software services, but FreeBSD handles a majority of our hosting, and likely will for some time to come.
FreeBSD gives us some great options for performance tuning, debugging, resource delegation, network protection, and service isolation all built on a rock solid filesystem. I’d like to say that FreeBSD is a magic bullet for website hosting, but it’s actually comparable in performance as Linux; our tests come up very similar when using either OS for AMP (Apache, MySQL, PHP) hosting. Where FreeBSD truly shines alone is in the verbose feature set that allows us to quickly determine if a potential problem may be appearing before the potential becomes an outage reality.
Step 5 – Service Configurations
A majority of our website hosting uses Apache, MySQL, and PHP. Each service offers hundreds of lines of configuration that needs to be tweaked to eek every last bit of performance out of the three products. Without detailing hundreds of configuration options, it’s pretty tough to explain why this step is important, but as a quick brief, I’d say that it’s easy to gain 2-3x performance out of a system just by appropriately configuring these services while still staying secure and feature rich (or probably more if you didn’t care about security or feature sets).
When new versions of each product come out, we run testing on development servers to make sure there isn’t any performance losses and that all new versions stay stable and act as expected before deployment. Once confirmed and tested, we take the new versions online, or in the case of our KYNGIN customers, we allow them notification and wait for an agreed upon time that they will be safe launching new services.
Step 6 – Security
Our hosting stack has a few layers of additional included security.
At the lower levels, we have network access restrictions, QOS, and intrusion detection. At the higher levels, we offer rate limiting options and web access firewall configurations. Somewhere between we have switches with OS level firewalls and VLAN access control to keep our network securely segregated.
For management and access, we offer SFTP and SSL solutions along with some custom tuned engines that repair and analyze permissions on a regular basis; these notify us with any errors if the systems can’t repair the problems on their own.
Step 7 – KYNGIN
It’s worth mentioning at this point that KYNGIN was originally developed as a management resource for websites, e-mail, and DNS. Most of the performance we deliver is due to clever hardware and intensive software configuration. But without KYNGIN, we do believe that the configuration errors would go up considerably, and therefore configurations that reduce security or performance would have gone overlooked due to under-configuration.
The other point should be made that because of KYNGIN, we’ve analyzed far more configuration minutiae that we otherwise may not have looked deeply into. By including feature sets that customers have requested, we’ve added security and performance features that have definitely saved resources and reduced possible overloading issues that couldn’t have happened otherwise.
That is, KYNGIN gives us more resolution into our network than other solutions can.
This was by no means a detailed report of our hosting platform, but instead hopefully a brief guideline of some of the features and setup required to keep Mindpack Studios hosting at the speeds it delivers. For additional information, take a deeper look at some real world results with our benchmarks articles. And of course, if you have any thoughts or questions, or want even more details, please feel free to contact us at any time.