>Things to consider when you want your own web site

Registrar, ISP, web-hoster: Go for an all-in-one solution or keep them separate?

Even building portals or other internet software does not turn you into an expert when it comes to running your own homepage. I had to ask friends about domains, internet service providers and how to find a good web hoster. Here is what I learned. I won't cover content related aspects, just the basic infrastructure needed. If you are interested in how I construct and maintain my content

Things you need:

A domain name
Internet access
A web hoster

You can buy all of it from one source, e.g. 1und1.de etc. And doesn't single source sound very convincing? Only one company to call in case of problems? But luckily I had a friend who pointed out some reasons why you should go for separate packages.

You need one or more domain names. I went to register.com for my .org and .com domain and while this is certainly not the cheapest way to get a domain name it gave me quite a bit of flexibility. Register.com offers a menu which lets you define or change the domain name servers responsible for your domain, in other words: where your sites will be hosted. As long as you don't have a site register will simply display a "under construction" page. But the important point is that YOU can change this any time all by yourself. Just remember that DNS changes may take 24-48 hours to get propagated throughout the internet.

Picking a good domain name is important but not easy. The most important question is whether you go for a generic domain name like e.g. http://www.theserverside.com which can serve as a portal or for a personal site like kriha.org whichwill contain mostly your own content. A domain name with portal quality could finally turn into a community effort where many authors enter their content. A personal domain will most likely stay personal.

While you can buy your domains at your office through register.com's web interface (and your credit card) the next step is to buy a decent internet access for your home office. I got the ADSL version form 1und1.de which included a free DSL modem at that time. The modem, splitter and cables came straight from the german telecom and userid and password from 1and1. Installation is easy and my linux firewall was up and running in no time. Except that the connection went down frequently and it got worse after some hours. Finally I could not get longer connection times than 2 minutes. Ok, probably a problem with my linux box. Changed NIC's, drivers, kernels etc. No good. Tried to disassemble the modem. No good. Finally installed the DSL stuff on a Win2K laptop -no good. The telecom test programs indicated a hardware failure. After two weeks of continuous embarrassment in front of my daughters I realized: time to call german telecom on their free service number. The service personnel took my data and promised a so called port reset which took a day. No good. Called again - another port reset. No good. Finally I used the service number for businesses and here I met a technician who asked about the LED's at the modem. I told him that they were all red and his answer was: clearly a hardware problem and that I would get a new modem. I had told this to every person at the telecom but he was the first to acknowledge the problem. The new modem arrived two days later and I've had no problems since.

I learned a lot about DSL and the rppoe-driver, the linux boot procedure etc. and also a bit about german telecom. Whenever I called I ended up in a different call-center but they had my previous calls on record. Not bad given the number of service calls they probably get every day. And don't hang up when the telecom does not pick up the phone after a few rings: The telecom will interpret this behaviour as a Denial-of-service attack and disconnect your phone from the service number for some time. (They probably have a lot of bad modems out there...).

Some common myths: The documentation tells you not to turn you modem off. I do this every day and I had no problems yet. And no, you won't be susceptible for 190-dialers with a DSL connection. Just don't use the phone to call up some dubious web site.

A word on what an Internet Access Provider should provide: 1und1 offers a web based service that lets you control your account. You can even set limits on how much money you want to spend every month. Which leads over to the question of flatrate or flatrate. When I bought the DSL service I also bought the 1und1 flatrate - no time nor traffic limits. A couple of weeks later I got a letter from 1und1 where they cancelled my contract and offered different flatrate conditions. They said they could no longer offer the unlimited flatrate at that price because of some power users downloading day and night. They now offer a cheaper flatrate with either time or traffic limits. I was pissed of course but with my daughters in the neck....

I knew that AOL and german telecom still offered unlimited flatrates, so why couldn't 1und1 do the same? The reason is simple: AOL and german telecom have a lot of inexperienced users. Those users use little bandwidth and subsidize the power users. Smaller ISP have a different clientele and therefore cannot affort the flatrates. I went for 5 gigabyte a month with unlimited time and it still works for me. Additional gigabytes are not expensive.

A last point about your access provider: the german telecom tries to artificially restrict DSL to one machine only. This is nonsense of course. If you use a firewall - which you absolutely should - all your machines are behind des firewalls IP anyway.

I will discuss the physical infrastructure below.

The last piece missing is a good web hoster. I decided not to use my internet access provider - not because I had problems with 1und1 (OK, their script-heavy homepage really sucks and killed my browser right when I was about to order the DSL from them. I could not find out whether my order had gone through and after some grace period I tried it again - fully expecting two bills next month. Only one came. So much for transactions on the internet. At least I can use this story in my lecture on delivery guarantees in distributed systems)

And it was also not that 1und1 had broken its contract - I could understand the reasons behind and the new tarif while being not an unlimited flatrate was cheaper than the original contract and insofar fair.

The reason was again my friend Bernhard who strongly suggested to separate ISP and web hoster. He had made some really bad experiences with STRATO where he had his domain registered and also bought his web space. STRATO had huge performance and reliability problems at that time and moving his site to a new provider turned out to be quite some hassle.

So what is important about a web hoster? My list contains the following items ordered by importance

Service response times and quality
Web based maintenance tool with web based e-mail support
Uptime
Support for active content (databases, languages, dedicated hosts etc.)

I decided to host my site with all-inkl.com. They had a free trial for one week and I could try the maintenance tool. After that I made a one year contract. My site does not use active content yet so I had few technical problems. Response times are good. Mail service had some problems (at one time they had an open relay configuration which caused my mails to be blocked by other mail servers (see http://www.openrelay.org) but that got fixed quickly after I reported the problem. Support works quick and honest - no dumb lies when something does not work.

My last problem was how to point my domain names kriha.org and kriha.com to my kriha.de domain at all-inkl. Their support told me that I could simply enter my domains into the domain maintenance tool and they sent me the names of their DNS servers. With those servers I replaced the default servers at register.com and after a day the all-inkl name servers answered DNS queries for my domains. Register.com also provides a web forwarding feature (e.g. from kriha.com to kriha.de) but they embed the target site into a framea and add banners ads from register.com. Not recommended.

Some minor problems: how do you update your site? This question has two parts. One asks for the proper tools and the other one deals with the firewall problem if you want to update your site from behind a firewall. The question about the update tool is simple: use sitecopy and create a fully automated update process. Sitecopy is extremely simple to use and configure and it is free for linux and windows platforms. Use "sitecopy --update krihaorg" to update you complete site. Sitecopy compares your local copy with your site and updates the site accordingly. For manual updates I use the free verison of ws_ftp.

The firewall problem can be used by tools like filemanager - a perl script which needs to be copied into your cgi-bin directory on your site. Make sure your hoster supports perl and DO NOT USE FTP WITH BINARY MODE SELECTED! Chances are that your hoster runs linux and if you try to upload from a windose box the perl script gets corrupted in binary mode.

And don't forget to put a password on your cgi-bin.

What does splitting necessary functions for site hosting buy me? One word: flexibility. If I want to create dynamic content with a technology my web hoster does not provide, I simply chose a new one and change the DNS server entries at register.com, my registrar. If my internet access provider turns out to be too expensive or I decide to switch to a non-telecom provider I have no problems doing so. My site service won't be interrupted, I don't have to write letters telling them to cancel my flatrare but to KEEP MY SITE etc. I could move to Switzerland and get a new access provider: no need to relocate my site.

The result is that the old saying about buying everything from one hand is definitely wrong when it comes to web sites and internet access. Internet technology uses clear interfaces and separates functionalities for a good reason. You should do the same when it comes to your homepage. Use the independence the internet offers you.

And how does your infrastructure look like?

A word on infrastructure. A home installation with TDSL might look like this:

One of the decisions you'll have to make is whether you should go for an embedded firwall/router/modem/switch device or if you should turn an old Pentium 133 MHZ into a linux firewall. The answer of course depends on your goals. If you want a simple solution and you don't know linux (or somebody with linux skills) the simplest solution is of course a small embedded control firewall. They are cheap nowadays. But you should think carefully about the services you want to let through the firewall. Check the default configuration of the device - many come with very unsafe settings. And watch your logfiles for activity. You'll be surprised how many portscans show up in your logs. NEVER let the windows netbios ports go through the firewall - this would expose internal network shares and resources to the internet.

And don't overestimate the protection achievable with the firewall. Install additional personal firewalls and virus checkers on your windose PCs. If somebody in your internal network wants to use extremely unsafe protocols like chats, netmeeting, peer-to-peer software like kazaa etc. you should think about splitting your internal network into a "safe" part and a "dangerous" part and route traffic between both through the firewall. This will probably require a linux box with IPTABLES. The advantage is absolute control over your network, the disadvantage is having a box running for long periods of time with the associated noise and fire danger. Since I hate noise in my home office I went for a used Knürr rack with temperature control unit. Best IT investment I ever made: everything, firewall PC, switches, modem, network printer is now inside the rack and doesn't make noise anymore.

An additional bonus is on-demand DSL connectivity which you can configure with the linux rppoe dsl driver package.

With an additional NIC in the firewall to separate the internal network into parts with different reliability the solution could look like this:.