Ok, lets just imagine here for a second.A managed host with all the features provided to a client from doing regular OS updates, doing kernel updates, keeping the server secure, keeping the logs clean, keeping spam databases up to date, making backups on a regular basis, solve issues with the OS and all that good stuff that any dedicated server user would want. Basically, a pro-active managed host.After providing all these services, is a managed host obligated to give the client root access?I mean isin't it easier for the client to just post a ticket and get the job done in a few minutes? And besides, now often does a client who require managed hosting need to do something in shell WITH root access?If anything, they are only prone to break stuff that they are not be familiar with and then the host has to look around to see what caused the issue. I mean, that is one of the reasons someone signs up for a managed host, to make sure they don't have to use the CLI and keep stuff up to date instead of concentrating on their business, right?What are your thoughts on this matter?I'd appreciate if you posted your reasoning along with the vote.I think the choice should be up to the customer. If they want root access, they should be able to have it (whether they need it or not). If the host is worried that the user may break something, then they can have in their policies that if the user gets root access that they are not responsible for user damage.In my opinion if you aren't going to give root access then I wouldn't sell the service as a dedicated server. I'd brand it differently such as just "Managed Hosting" and go into details about the specs of the machine the user will have all to themselves.I would sell it more as a "solution" (yes I know it's a buzz word) than an actual server. I.e. you have a client that has a large vbulletin forum, instead of selling him another dedicated server explain how you are going to move the MySQL server over to another machine and what the cost increase vs. benefits will be.But a dedicated server means that the server is DEDICATED to one customer. I don't see how calling it a fully managed dedicated server is misleading at all. We've always offered fully managed dedicated servers, but won't give out root on those. If you want us to manage your server 100% - then we'll cover everything, but we're not going to dink around with your screw ups and trying to "prove" that it was your fault and not ours. However, we have started doing a semi-managed solution - which is basically the same thing, but with root access AND we limit the number of hours we'll put into your server per month (regardless of the issue). These two solutions seem to satisfy both crowds.--TinaMy thoughts exactly Tina.I think the choice should be up to the customer. If they want root access, they should be able to have it (whether they need it or not). If the host is worried that the user may break something, then they can have in their policies that if the user gets root access that they are not responsible for user damage.Even if one could see its a user damage, how often do you think the user will admit "ok I did it" or actually explain what were they doing that made the server go down?Its basically time consuming to back track their steps and find out what they were actually doing and be able to fix it.I'm sure the user doesnt care who started the problem, they ordered a managed server, they want it fixed no matter what. And if you dont fix it....you know all the drama that goes on here on WHT.Even if one could see its a user damage, how often do you think the user will admit "ok I did it" or actually explain what were they doing that made the server go down?
Its basically time consuming to back track their steps and find out what they were actually doing and be able to fix it.
I'm sure the user doesnt care who started the problem, they ordered a managed server, they want it fixed no matter what. And if you dont fix it....you know all the drama that goes on here on WHT.
I agree, but still if a user is buying a dedicated server (even if it is a fully managed dedicated server) it is usually implied that they will have root access. I know many fully managed providers that give the root password upon request, and most give a disclaimer along with it.
Otherwise, the server should explicitly be advertised without root access. In that case, then it's up to the potential customer if your offer meets their requirements or not before purchasing.
If you advertise a fully managed dedicated server and do not explicitly say root access is not given, I think some people will be surprised afterwards.I agree, but still if a user is buying a dedicated server (even if it is a fully managed dedicated server) it is usually implied that they will have root access. I know many fully managed providers that give the root password upon request, and most give a disclaimer along with it.
Otherwise, the server should explicitly be advertised without root access. In that case, then it's up to the potential customer if your offer meets their requirements or not before purchasing.
If you advertise a fully managed dedicated server and do not explicitly say root access is not given, I think some people will be surprised afterwards.
This has nothing to do with whether a fully managed dedicated server customer should get root or not - this has everything to do with whether or not a provider states this upfront. Common sense 101.
--TinaI don't agree with you AH-Tina.Fully Managed or Not, some customer needs root access to do some things as long as they do not touch the main configuration or install any softwares that you do not know or aware of.It is simply a way of organizing with the clients of the things they can do or not. It is their server and they have the choice.Of course, you are free to choose your own definition of "Fully Managed Dedicated" thing.NetI don't agree with you AH-Tina.
Fully Managed or Not, some customer needs root access to do some things as long as they do not touch the main configuration or install any softwares that you do not know or aware of.
It is simply a way of organizing with the clients of the things they can do or not. It is their server and they have the choice.
Of course, you are free to choose your own definition of "Fully Managed Dedicated" thing.
Net
If a customer needs root access, then they don't need fully managed (by our definition of fully managed). With a fully managed server, you're paying your host to handle EVERYTHING that needs to be done as root. That's why its called FULLY managed. If your host isn't handling those things for you, then drop it down to a semi-managed solution or find a different host.
Personally, if I was paying for a full service car wash - and then I felt the need to get out and start wiping down my hubcaps on my own...I'd wonder why the heck I was paying for full service.
--TinaIf a customer needs root access, then they don't need fully managed (by our definition of fully managed). With a fully managed server, you're paying your host to handle EVERYTHING that needs to be done as root. That's why its called FULLY managed. If your host isn't handling those things for you, then drop it down to a semi-managed solution or find a different host.
Personally, if I was paying for a full service car wash - and then I felt the need to get out and start wiping down my hubcaps on my own...I'd wonder why the heck I was paying for full service.
--Tina
I just hope you are not washing all your servers
Well, that is how you run your business Tina. No question about it.
But we will stick with our own definition Goodluck!
NetI just hope you are not washing all your servers
I'm not a cleaning kinda gal. My cleaning woman was giving me cleaning tips today - which I found quite ironic.
--TinaIf a customer needs root access, then they don't need fully managed (by our definition of fully managed). With a fully managed server, you're paying your host to handle EVERYTHING that needs to be done as root. That's why its called FULLY managed. If your host isn't handling those things for you, then drop it down to a semi-managed solution or find a different host.Personally, if I was paying for a full service car wash - and then I felt the need to get out and start wiping down my hubcaps on my own...I'd wonder why the heck I was paying for full service. --TinaA little different.... you are not locked in your car. You can prewash your wheels before you go to the wash. . Fully managaged or not, you are restricting access which equals to service restriction. You might as well offer it as a "semi-dedicated" reseller account. At least I don't see the difference without root.If a customer needs root access, then they don't need fully managed (by our definition of fully managed). With a fully managed server, you're paying your host to handle EVERYTHING that needs to be done as root. That's why its called FULLY managed. If your host isn't handling those things for you, then drop it down to a semi-managed solution or find a different host.Personally, if I was paying for a full service car wash - and then I felt the need to get out and start wiping down my hubcaps on my own...I'd wonder why the heck I was paying for full service. --TinaI disagree.. What if a user wanted to poke around the server and see what is what. Maybe they just want to run something simple such as TOP? It doesn't mean the host is letting them down, they are just curious..I disagree.. What if a user wanted to poke around the server and see what is what. Maybe they just want to run something simple such as TOP? It doesn't mean the host is letting them down, they are just curious..
If we're providing a FULLY managed server, we don't need someone "poking around" the server. People with root access do all sorts of insecure stupid things.
If you're paying for a fully managed server, your provider should be doing everything you need them to do as root. Otherwise, why are you paying for fully managed service? That just doesn't make sense to me.
If you want root, get a semi-managed server - where you can have root access and then you can fall back on your provider when you screw stuff up.
Anyway, that's my viewpoint. Fully managed server - no root, but your provider should handle every little thing that you need done as root. Don't like not having root? Get a semi-managed and have root with a set number of admin hours included in the package. That seems to cover both types of needs and works very well from what we've experienced.
--TinaMaybe they just want to run something simple such as TOP?
Top doesn't require root to run.
It's worthless (kind of) without root, as you can't kill processes you don't own, etc, but it's still not required to run as root.
As for the question
Root or not
This is a question that will never go away. As a Managed Services Provider, myself, I know fully what kind of damage a customer can do to their server, and the ideal of it being disabled, not a bad ideal.
On the other hand, as a consumer, I would never spend that kind of money for a 'managed server' without full root access.
When denying root access to customers, you take on full responsibility. This means that you MUST update everything and keep everything up to date. Too many providers (including some advertising 'remote admin' packages) just don't do that. This makes for a very large security risk for hosts, and a bad thing for clients.
This isn't , of course, to mention the fact that no one host can support everything. There are hundreds of thousands (if not millions) of tiny little packages and addons available for Linux, and to ask your host to support it, well, just insane. So, what happens when you need ffmpeg compiled a certain way, and even that doesn't work? Well, you've got to debug the situation to find out WHY it's not working, and, of course, you'll probably have to give (inssertsoftwarecompanyhere) access to deal with the problem. Maybe root, maybe not, but most likely yes, to deal with the full problem.
Personally, again, I'd never pay that much for 'non root access', but for some it's worth it. To those some, make VERY sure that your provider is keeping you up to date, because if they don't, you're screwed.Lets say the host is in fact updating the server on a regular basis, no doubt about it. So for those who are agreeing to give root access to FULLY managed dedicated servers, it is OK for the client to install whatever the heck they want and update whatever they want and then break things (like not compiling php after a mysql update) and create holes to an already secured server as opposed to the host, who have full knowledge of what they did on the server, that kept the server up to date from day one?I am not biased towards not giving root access but that really does not make any sense. I've known people working in huge companies with huge databases and everyone has some sort of read/write access to the database but only 1-2 people in the company know the actual root password of the main database. Cause stuff usually break when people poke around and then no body wants to come forward when something like it does happen but they expect the IT dept to fix it either way.So the client can "fool" or "poke" around and break stuff and then complain to the host complaining xyz is not working (despite the warnings the hosts give to the client of having root access) and the host has to spend all that time to find the problem when the client is not willing to tell what they were doing (most of the time their excuse is "I was just looking around and suddenly I got kicked out," yea right!).So all of this is alright in your books?So all of this is alright in your books?
Being someone that welcomes problems and how to solve them, typically, yes it would be ok.
I've been working in the Linux field for a good number of years now, and, typically, I don't run across much that I can't solve (config or not), and my clients know that if they need something done, contacting me is the best solution. If I don't support the application, I tell them that, and route them another way.
Typically, the most a 'client' will screw up is configuration files which can easily be remedied and fixed if you know what you're doing in the server.
All in all, if the client doesn't want to tell me what they did to break the server, then I can't help them, and I let them know this straight off. Things don't just 'change', we all know that, buut what one person says means nothing means everything (and usually solves trivial problems).
It's a catch 22. If you don't know what you're doing with a server, then you don't need root access. If, however, you DO, then you should have the OPTION of having it enabled.I guess we can go back and forth at this all day but ultimately its what works for the company I guess.I wonder how other managed server providers work such as inetu, rackspace, datapipe, navisite among others?Wow, the polls are equal, 8 and 8. Except Tina, none of the "DO NOT give root" access are replying.I would love to hear from them, just to see what is their justification.I wonder how other managed server providers work such as inetu, rackspace, datapipe, navisite among others?
I can't speak for the others, but at last check (admitttedly a while back), rackspace gave full root access to clients. Of course, rackspace doesn't provide 'fully managed' services either.If we're providing a FULLY managed server, we don't need someone "poking around" the server. People with root access do all sorts of insecure stupid things.If you're paying for a fully managed server, your provider should be doing everything you need them to do as root. Otherwise, why are you paying for fully managed service? That just doesn't make sense to me. If you want root, get a semi-managed server - where you can have root access and then you can fall back on your provider when you screw stuff up.Anyway, that's my viewpoint. Fully managed server - no root, but your provider should handle every little thing that you need done as root. Don't like not having root? Get a semi-managed and have root with a set number of admin hours included in the package. That seems to cover both types of needs and works very well from what we've experienced.--TinaIt seems like a lazy way of being a managed provider. If I didn't have a clue about what I was doing, I would get a managed server so anything I screw up, the company can fix. If you are going to restrict certain things because your fully managed services find it too much of a chore to fix, then it's another story.I think you might have got the wrong idea, I dont think it has to do anything with being lazy.Its more about security and the like, which is what the client pays for to keep the server safe. If they inadvertently do something which might create a breach then who is to blame?It seems like a lazy way of being a managed provider. If I didn't have a clue about what I was doing, I would get a managed server so anything I screw up, the company can fix. If you are going to restrict certain things because your fully managed services find it too much of a chore to fix, then it's another story.
Its not being lazy, its making sure that we can stand behind a service that we offer. If we say FULLY MANAGED, we mean that we will go to great lengths to make sure that every root access need is taken care of.
If we have to add in "customer screwed up apache, again." time into that...we would have to significantly raise our pricing. There's already a Rackspace out there covering that market.
If you want to pay us to fix your screw-ups while you learn, then go with a semi-managed solution and we'll be more than happy to - but there's a limit to how much free time we'll provide you.
--TinaGive them root access - if they don't have root access, do they really have a dedi box or are they a single shared account on their own box?Dedicated box means they have a box dedicated just for them. Root or no root doesn't define that.--TinaGive them root access - if they don't have root access, do they really have a dedi box or are they a single shared account on their own box?What are you talking about? dedicated means dedicated resources. Shared hosting means shared resources. What has that have to do with a shared account?EDIT: didn't see your comment.Its not being lazy, its making sure that we can stand behind a service that we offer. If we say FULLY MANAGED, we mean that we will go to great lengths to make sure that every root access need is taken care of. If we have to add in "customer screwed up apache, again." time into that...we would have to significantly raise our pricing. There's already a Rackspace out there covering that market. If you want to pay us to fix your screw-ups while you learn, then go with a semi-managed solution and we'll be more than happy to - but there's a limit to how much free time we'll provide you.--TinaHence RackSpace calls it a managed solution. The client screws up, and they will fix it. That is what I call a managed solution. Not being restricted to what I can or cannot do for the sake of the support team not spending time on things that go wrong. I don't call that managed. Nobody said anything about learning Hence RackSpace calls it a managed solution. The client screws up, and they will fix it.
Rackspace also gave a customer of ours a quote of close to $3000 for a managed solution. We quoted them at $750 and the only difference is that they don't get root access.
Had the customer wanted root access, they could have our semi-managed solution - and the only difference would have been the number of hours per month we'd provide admin time. They'd need a HUGE amount of billable hours in order to reach Rackspace's $3000 price tag.
So, I guess the difference is whatever you want to call it. We call it semi-managed at $xxx with 8 hours admin time...Rackspace calls it managed at $xxxx a month with no limit. Fully managed, to us, mean we take care of everything because you either don't want to or can't. :agree:
--TinaThe way I see it, a fully managed server should never need the client logging into the server as root (as its the management companies job), so essentially its no different then not providing root access.For example, I have several managed clusters, where the clients have not logged into them EVER. They have been running for months without the client ever needing to login for any such reason. We accommodate them in any way they need, adding subdomains, heck modifying their adsense on their vbulletin forum, this is also why these clients pay large sums of money for service. They have root access but, they will NEVER have to use it as they have no need.On the other side of the token, we have clients who do NOT have root access what so ever. They have no complaints.My believe of 'fully managed' is they should NEVER EVER have to touch root.Enterprise grade customers generally will not care if they have root or not, they want their application online no matter what it takes, and generally will not want to login for fear of damaging that reality.Hence RackSpace calls it a managed solution. The client screws up, and they will fix it. That is what I call a managed solution. Not being restricted to what I can or cannot do for the sake of the support team not spending time on things that go wrong. I don't call that managed. Nobody said anything about learning Side note on rackspace. Rackspace supports a limited software set. I wouldn't recommend them to anyone.Enterprise grade customers generally will not care if they have root or not, they want their application online no matter what it takes, and generally will not want to login for fear of damaging that reality.
Exactly. Unfortunately, we get the occasional corporate client who's IT guy (and I use that job title very loosely) will complain to the boss that he needs to get in and tweak things. We recently had one of those such clients wipe out the gateway on their box and then scream at us that we either firewalled them or our network was down.
--TinaExactly. Unfortunately, we get the occasional corporate client who's IT guy (and I use that job title very loosely) will complain to the boss that he needs to get in and tweak things. We recently had one of those such clients wipe out the gateway on their box and then scream at us that we either firewalled them or our network was down.
--Tina
In cases like those, I kindly explain to the bossman that we are perfectly capable of making what ever tweaks they need if they tell us what they need, it usually goes over well.In cases like those, I kindly explain to the bossman that we are perfectly capable of making what ever tweaks they need if they tell us what they need, it usually goes over well.
Yeah, same here.
I think the issue can't be black and white because there is no set standard of what "fully managed" means.
In my mind, and many others, fully managed simply means that if it needs to be done...the host should do it. In that case, its just silly for the customer to have root.
Rackspace's managed solution and what most people are calling Fully Managed - would fall under our semi-managed solution. Its basically the same thing, just being called by a different name.
--TinaWe give root on all our plans including fully managed. Our TOS says and customers are warned if in doubt do not do it ask us for help, if you screw it up we will charge hourly to fix it. But if you want root you got it. We have had very few problems where customers have messed a system up, most of them ask us first before they run a command they are unsure of then we either do it for them or tell them how to do it if they want to run it. A lot of them like to go in and do a few things themselves like tailing log files for heavy users of mail services etc.. , rather than putting in a ticket and waiting for us to do it for them. It makes them feel like they own the server and empowers them, making the whole experience of having a server more satisfying. Then again we have customers that do not want root and want us to do everything for them which we do also. It is up to the customer to decide what they want. I personally don't see the big deal about it.We give root on all our plans including fully managed.
Our TOS says and customers are warned if in doubt do not do it ask us for help, if you screw it up we will charge hourly to fix it. But if you want root you got it.
We have had very few problems where customers have messed a system up, most of them ask us first before they run a command they are unsure of then we either do it for them or tell them how to do it if they want to run it.
I personally don't see the big deal about it.
I think a lot of it has to do with pricing. We don't give root on fully managed boxes, but our prices reflect that because we know what our average monthly time spent per box is. So, its cost-effective for both the customer and us to not allow root.
Semi-managed, which is what most of you are referring to as "Fully managed", is priced with that in mind as well.
--TinaRackspace also gave a customer of ours a quote of close to $3000 for a managed solution. We quoted them at $750 and the only difference is that they don't get root access. Had the customer wanted root access, they could have our semi-managed solution - and the only difference would have been the number of hours per month we'd provide admin time. They'd need a HUGE amount of billable hours in order to reach Rackspace's $3000 price tag.So, I guess the difference is whatever you want to call it. We call it semi-managed at $xxx with 8 hours admin time...Rackspace calls it managed at $xxxx a month with no limit. Fully managed, to us, mean we take care of everything because you either don't want to or can't. :agree: --TinaRegardless of the price, I would call that a true managed solution..I think we're crossing over onto definitions here rather than if the client should have it, or the right to have it..Every company is going to have a different definition of managed, and quite honestly, every company has. Nothing wrong with your policy of giving or not giving root access. At the end of the day, so long as the customer knows about it, then its fine.. I'm saying for me, my definition of an ideal managed solution would be where the company will without hesitation give me root access and if I do screw anything up, they will fix it. That is my idea of a full managed solution. But you can't tell me what I want or should want and shouldn't want. If I want something and am willing to pay for it, then I don't see why it should be classed as wrong.I think a lot of it has to do with pricing. We don't give root on fully managed boxes, but our prices reflect that because we know what our average monthly time spent per box is. So, its cost-effective for both the customer and us to not allow root.Semi-managed, which is what most of you are referring to as "Fully managed", is priced with that in mind as well.--TinaNo I am not referring to only semi managed, our fully managed plan is just as fully managed as your are. The only thing we do not do under fully managed is get into programming their site for them. If they want root give em root you will find most do not screw up that often and if they do it is a easy fix most of the time.No I am not referring to only semi managed, our fully managed plan is just as fully managed as your are.
I'm not referring to what's offered. I'm referring to price. You charge more for your fully managed servers and you give root access. We charge less and don't give root access, but there's less work for us to do. We price our semi-managed (which is actually what your fully managed plans are) higher with that in mind.
--TinaI'm not referring to what's offered. I'm referring to price. You charge more for your fully managed servers and you give root access. We charge less and don't give root access, but there's less work for us to do. We price our semi-managed (which is actually what your fully managed plans are) higher with that in mind.--TinaHuh? so yo charge more for your semi managed plans than you do your fully managed plans? How does that work?Huh? so yo charge more for your semi managed plans than you do your fully managed plans?
How does that work?
Because what you call a Fully Managed server is what we call a Semi-managed server - its the same thing. Looking at your plans and looking at ours, the pricing adds up to be about the same.
What we call a Fully Managed server is a 100% managed dedicated server hosting solution (if you want to put a fancy name to it). We can charge less for it because there's less work involved for us and, as we all know, time = money.
--TinaI am confused then. Your web sites says Fully managed Monitor & Proactive Response.Semi managed Monitor & Notification Not sure what that means to you. But it sounds a lot like our fully managed and semi managed where the difference is with semi we do not have Proactive Response and our fully managed does. That is why we charge more for the fully managed. If you are doing the same but charging more are you getting many takers?I am confused then.
Your web sites says Fully managed Monitor & Proactive Response.
Semi managed Monitor & Notification
Not sure what that means to you. But it sounds a lot like our fully managed and semi managed where the difference is with semi we do not have Proactive Response and our fully managed does. That is why we charge more for the fully managed.
If you are doing the same but charging more are you getting many takers?
Fully Managed = We monitor it, get the pages at 3 am and react to fix the problem. Customer doesn't even need to be bothered.
Semi Managed = We monitor, but customer can get the notification and decide what they want to do (fix it or page/call us to fix it). If they want us to get a notice and proactively react as well, that's fine too.
The only differences between Fully and Semi is the root access issue - and unlimited admin time per month -vs- 8 hours admin time per month and DNS cluster/no cluster.
We find that semi-managed customers require more intervention. We don't actually charge more per month for those, but due to the admin hour limit I consider that costing more. For what its worth, no one has ever come anywhere near that limit.
--TinaWell as my Grand dad used to say to me. "Son that is why they make Ford and Chevy everyone gets a choice. "Well as my Grand dad used to say to me. "Son that is why they make Ford and Chevy everyone gets a choice. "Smart guy - was he a Ford or a Chevy man? Seriously, I think its just that we basically call the same thing (Service X) by different names (Fully Managed vs Semi-Managed). At this point, there is no standard on what Fully Managed, Semi-Managed and Managed Hosting actually encompasses. So, bottom line, the customer would be wise to figure out exactly what they're getting when they order. On that note, don't even get me started on VPS accounts. Probably 50% of the people who order a VPS account thinks they're getting simply a big ol' shared hosting account. --TinaIf a customer needs root access, then they don't need fully managed (by our definition of fully managed). With a fully managed server, you're paying your host to handle EVERYTHING that needs to be done as root.
Agreed. If they know what "root" is, they can ask for it and work out some half-managed deal where you go behind them fixing things they break as they pretend to know what they're doing...I would say as standard, no, but on user request grant ssh access for a period of time (predefined with the request), during this time the client's SLA is suspended, any change made during the time that the user had root access that causes a problem later on is also not covered by SLA. That covers us from users breaking their servers then trying to claim SLA credit for an issue they caused.
Its basically time consuming to back track their steps and find out what they were actually doing and be able to fix it.
I'm sure the user doesnt care who started the problem, they ordered a managed server, they want it fixed no matter what. And if you dont fix it....you know all the drama that goes on here on WHT.
I agree, but still if a user is buying a dedicated server (even if it is a fully managed dedicated server) it is usually implied that they will have root access. I know many fully managed providers that give the root password upon request, and most give a disclaimer along with it.
Otherwise, the server should explicitly be advertised without root access. In that case, then it's up to the potential customer if your offer meets their requirements or not before purchasing.
If you advertise a fully managed dedicated server and do not explicitly say root access is not given, I think some people will be surprised afterwards.I agree, but still if a user is buying a dedicated server (even if it is a fully managed dedicated server) it is usually implied that they will have root access. I know many fully managed providers that give the root password upon request, and most give a disclaimer along with it.
Otherwise, the server should explicitly be advertised without root access. In that case, then it's up to the potential customer if your offer meets their requirements or not before purchasing.
If you advertise a fully managed dedicated server and do not explicitly say root access is not given, I think some people will be surprised afterwards.
This has nothing to do with whether a fully managed dedicated server customer should get root or not - this has everything to do with whether or not a provider states this upfront. Common sense 101.
--TinaI don't agree with you AH-Tina.Fully Managed or Not, some customer needs root access to do some things as long as they do not touch the main configuration or install any softwares that you do not know or aware of.It is simply a way of organizing with the clients of the things they can do or not. It is their server and they have the choice.Of course, you are free to choose your own definition of "Fully Managed Dedicated" thing.NetI don't agree with you AH-Tina.
Fully Managed or Not, some customer needs root access to do some things as long as they do not touch the main configuration or install any softwares that you do not know or aware of.
It is simply a way of organizing with the clients of the things they can do or not. It is their server and they have the choice.
Of course, you are free to choose your own definition of "Fully Managed Dedicated" thing.
Net
If a customer needs root access, then they don't need fully managed (by our definition of fully managed). With a fully managed server, you're paying your host to handle EVERYTHING that needs to be done as root. That's why its called FULLY managed. If your host isn't handling those things for you, then drop it down to a semi-managed solution or find a different host.
Personally, if I was paying for a full service car wash - and then I felt the need to get out and start wiping down my hubcaps on my own...I'd wonder why the heck I was paying for full service.
--TinaIf a customer needs root access, then they don't need fully managed (by our definition of fully managed). With a fully managed server, you're paying your host to handle EVERYTHING that needs to be done as root. That's why its called FULLY managed. If your host isn't handling those things for you, then drop it down to a semi-managed solution or find a different host.
Personally, if I was paying for a full service car wash - and then I felt the need to get out and start wiping down my hubcaps on my own...I'd wonder why the heck I was paying for full service.
--Tina
I just hope you are not washing all your servers
Well, that is how you run your business Tina. No question about it.
But we will stick with our own definition Goodluck!
NetI just hope you are not washing all your servers
I'm not a cleaning kinda gal. My cleaning woman was giving me cleaning tips today - which I found quite ironic.
--TinaIf a customer needs root access, then they don't need fully managed (by our definition of fully managed). With a fully managed server, you're paying your host to handle EVERYTHING that needs to be done as root. That's why its called FULLY managed. If your host isn't handling those things for you, then drop it down to a semi-managed solution or find a different host.Personally, if I was paying for a full service car wash - and then I felt the need to get out and start wiping down my hubcaps on my own...I'd wonder why the heck I was paying for full service. --TinaA little different.... you are not locked in your car. You can prewash your wheels before you go to the wash. . Fully managaged or not, you are restricting access which equals to service restriction. You might as well offer it as a "semi-dedicated" reseller account. At least I don't see the difference without root.If a customer needs root access, then they don't need fully managed (by our definition of fully managed). With a fully managed server, you're paying your host to handle EVERYTHING that needs to be done as root. That's why its called FULLY managed. If your host isn't handling those things for you, then drop it down to a semi-managed solution or find a different host.Personally, if I was paying for a full service car wash - and then I felt the need to get out and start wiping down my hubcaps on my own...I'd wonder why the heck I was paying for full service. --TinaI disagree.. What if a user wanted to poke around the server and see what is what. Maybe they just want to run something simple such as TOP? It doesn't mean the host is letting them down, they are just curious..I disagree.. What if a user wanted to poke around the server and see what is what. Maybe they just want to run something simple such as TOP? It doesn't mean the host is letting them down, they are just curious..
If we're providing a FULLY managed server, we don't need someone "poking around" the server. People with root access do all sorts of insecure stupid things.
If you're paying for a fully managed server, your provider should be doing everything you need them to do as root. Otherwise, why are you paying for fully managed service? That just doesn't make sense to me.
If you want root, get a semi-managed server - where you can have root access and then you can fall back on your provider when you screw stuff up.
Anyway, that's my viewpoint. Fully managed server - no root, but your provider should handle every little thing that you need done as root. Don't like not having root? Get a semi-managed and have root with a set number of admin hours included in the package. That seems to cover both types of needs and works very well from what we've experienced.
--TinaMaybe they just want to run something simple such as TOP?
Top doesn't require root to run.
It's worthless (kind of) without root, as you can't kill processes you don't own, etc, but it's still not required to run as root.
As for the question
Root or not
This is a question that will never go away. As a Managed Services Provider, myself, I know fully what kind of damage a customer can do to their server, and the ideal of it being disabled, not a bad ideal.
On the other hand, as a consumer, I would never spend that kind of money for a 'managed server' without full root access.
When denying root access to customers, you take on full responsibility. This means that you MUST update everything and keep everything up to date. Too many providers (including some advertising 'remote admin' packages) just don't do that. This makes for a very large security risk for hosts, and a bad thing for clients.
This isn't , of course, to mention the fact that no one host can support everything. There are hundreds of thousands (if not millions) of tiny little packages and addons available for Linux, and to ask your host to support it, well, just insane. So, what happens when you need ffmpeg compiled a certain way, and even that doesn't work? Well, you've got to debug the situation to find out WHY it's not working, and, of course, you'll probably have to give (inssertsoftwarecompanyhere) access to deal with the problem. Maybe root, maybe not, but most likely yes, to deal with the full problem.
Personally, again, I'd never pay that much for 'non root access', but for some it's worth it. To those some, make VERY sure that your provider is keeping you up to date, because if they don't, you're screwed.Lets say the host is in fact updating the server on a regular basis, no doubt about it. So for those who are agreeing to give root access to FULLY managed dedicated servers, it is OK for the client to install whatever the heck they want and update whatever they want and then break things (like not compiling php after a mysql update) and create holes to an already secured server as opposed to the host, who have full knowledge of what they did on the server, that kept the server up to date from day one?I am not biased towards not giving root access but that really does not make any sense. I've known people working in huge companies with huge databases and everyone has some sort of read/write access to the database but only 1-2 people in the company know the actual root password of the main database. Cause stuff usually break when people poke around and then no body wants to come forward when something like it does happen but they expect the IT dept to fix it either way.So the client can "fool" or "poke" around and break stuff and then complain to the host complaining xyz is not working (despite the warnings the hosts give to the client of having root access) and the host has to spend all that time to find the problem when the client is not willing to tell what they were doing (most of the time their excuse is "I was just looking around and suddenly I got kicked out," yea right!).So all of this is alright in your books?So all of this is alright in your books?
Being someone that welcomes problems and how to solve them, typically, yes it would be ok.
I've been working in the Linux field for a good number of years now, and, typically, I don't run across much that I can't solve (config or not), and my clients know that if they need something done, contacting me is the best solution. If I don't support the application, I tell them that, and route them another way.
Typically, the most a 'client' will screw up is configuration files which can easily be remedied and fixed if you know what you're doing in the server.
All in all, if the client doesn't want to tell me what they did to break the server, then I can't help them, and I let them know this straight off. Things don't just 'change', we all know that, buut what one person says means nothing means everything (and usually solves trivial problems).
It's a catch 22. If you don't know what you're doing with a server, then you don't need root access. If, however, you DO, then you should have the OPTION of having it enabled.I guess we can go back and forth at this all day but ultimately its what works for the company I guess.I wonder how other managed server providers work such as inetu, rackspace, datapipe, navisite among others?Wow, the polls are equal, 8 and 8. Except Tina, none of the "DO NOT give root" access are replying.I would love to hear from them, just to see what is their justification.I wonder how other managed server providers work such as inetu, rackspace, datapipe, navisite among others?
I can't speak for the others, but at last check (admitttedly a while back), rackspace gave full root access to clients. Of course, rackspace doesn't provide 'fully managed' services either.If we're providing a FULLY managed server, we don't need someone "poking around" the server. People with root access do all sorts of insecure stupid things.If you're paying for a fully managed server, your provider should be doing everything you need them to do as root. Otherwise, why are you paying for fully managed service? That just doesn't make sense to me. If you want root, get a semi-managed server - where you can have root access and then you can fall back on your provider when you screw stuff up.Anyway, that's my viewpoint. Fully managed server - no root, but your provider should handle every little thing that you need done as root. Don't like not having root? Get a semi-managed and have root with a set number of admin hours included in the package. That seems to cover both types of needs and works very well from what we've experienced.--TinaIt seems like a lazy way of being a managed provider. If I didn't have a clue about what I was doing, I would get a managed server so anything I screw up, the company can fix. If you are going to restrict certain things because your fully managed services find it too much of a chore to fix, then it's another story.I think you might have got the wrong idea, I dont think it has to do anything with being lazy.Its more about security and the like, which is what the client pays for to keep the server safe. If they inadvertently do something which might create a breach then who is to blame?It seems like a lazy way of being a managed provider. If I didn't have a clue about what I was doing, I would get a managed server so anything I screw up, the company can fix. If you are going to restrict certain things because your fully managed services find it too much of a chore to fix, then it's another story.
Its not being lazy, its making sure that we can stand behind a service that we offer. If we say FULLY MANAGED, we mean that we will go to great lengths to make sure that every root access need is taken care of.
If we have to add in "customer screwed up apache, again." time into that...we would have to significantly raise our pricing. There's already a Rackspace out there covering that market.
If you want to pay us to fix your screw-ups while you learn, then go with a semi-managed solution and we'll be more than happy to - but there's a limit to how much free time we'll provide you.
--TinaGive them root access - if they don't have root access, do they really have a dedi box or are they a single shared account on their own box?Dedicated box means they have a box dedicated just for them. Root or no root doesn't define that.--TinaGive them root access - if they don't have root access, do they really have a dedi box or are they a single shared account on their own box?What are you talking about? dedicated means dedicated resources. Shared hosting means shared resources. What has that have to do with a shared account?EDIT: didn't see your comment.Its not being lazy, its making sure that we can stand behind a service that we offer. If we say FULLY MANAGED, we mean that we will go to great lengths to make sure that every root access need is taken care of. If we have to add in "customer screwed up apache, again." time into that...we would have to significantly raise our pricing. There's already a Rackspace out there covering that market. If you want to pay us to fix your screw-ups while you learn, then go with a semi-managed solution and we'll be more than happy to - but there's a limit to how much free time we'll provide you.--TinaHence RackSpace calls it a managed solution. The client screws up, and they will fix it. That is what I call a managed solution. Not being restricted to what I can or cannot do for the sake of the support team not spending time on things that go wrong. I don't call that managed. Nobody said anything about learning Hence RackSpace calls it a managed solution. The client screws up, and they will fix it.
Rackspace also gave a customer of ours a quote of close to $3000 for a managed solution. We quoted them at $750 and the only difference is that they don't get root access.
Had the customer wanted root access, they could have our semi-managed solution - and the only difference would have been the number of hours per month we'd provide admin time. They'd need a HUGE amount of billable hours in order to reach Rackspace's $3000 price tag.
So, I guess the difference is whatever you want to call it. We call it semi-managed at $xxx with 8 hours admin time...Rackspace calls it managed at $xxxx a month with no limit. Fully managed, to us, mean we take care of everything because you either don't want to or can't. :agree:
--TinaThe way I see it, a fully managed server should never need the client logging into the server as root (as its the management companies job), so essentially its no different then not providing root access.For example, I have several managed clusters, where the clients have not logged into them EVER. They have been running for months without the client ever needing to login for any such reason. We accommodate them in any way they need, adding subdomains, heck modifying their adsense on their vbulletin forum, this is also why these clients pay large sums of money for service. They have root access but, they will NEVER have to use it as they have no need.On the other side of the token, we have clients who do NOT have root access what so ever. They have no complaints.My believe of 'fully managed' is they should NEVER EVER have to touch root.Enterprise grade customers generally will not care if they have root or not, they want their application online no matter what it takes, and generally will not want to login for fear of damaging that reality.Hence RackSpace calls it a managed solution. The client screws up, and they will fix it. That is what I call a managed solution. Not being restricted to what I can or cannot do for the sake of the support team not spending time on things that go wrong. I don't call that managed. Nobody said anything about learning Side note on rackspace. Rackspace supports a limited software set. I wouldn't recommend them to anyone.Enterprise grade customers generally will not care if they have root or not, they want their application online no matter what it takes, and generally will not want to login for fear of damaging that reality.
Exactly. Unfortunately, we get the occasional corporate client who's IT guy (and I use that job title very loosely) will complain to the boss that he needs to get in and tweak things. We recently had one of those such clients wipe out the gateway on their box and then scream at us that we either firewalled them or our network was down.
--TinaExactly. Unfortunately, we get the occasional corporate client who's IT guy (and I use that job title very loosely) will complain to the boss that he needs to get in and tweak things. We recently had one of those such clients wipe out the gateway on their box and then scream at us that we either firewalled them or our network was down.
--Tina
In cases like those, I kindly explain to the bossman that we are perfectly capable of making what ever tweaks they need if they tell us what they need, it usually goes over well.In cases like those, I kindly explain to the bossman that we are perfectly capable of making what ever tweaks they need if they tell us what they need, it usually goes over well.
Yeah, same here.
I think the issue can't be black and white because there is no set standard of what "fully managed" means.
In my mind, and many others, fully managed simply means that if it needs to be done...the host should do it. In that case, its just silly for the customer to have root.
Rackspace's managed solution and what most people are calling Fully Managed - would fall under our semi-managed solution. Its basically the same thing, just being called by a different name.
--TinaWe give root on all our plans including fully managed. Our TOS says and customers are warned if in doubt do not do it ask us for help, if you screw it up we will charge hourly to fix it. But if you want root you got it. We have had very few problems where customers have messed a system up, most of them ask us first before they run a command they are unsure of then we either do it for them or tell them how to do it if they want to run it. A lot of them like to go in and do a few things themselves like tailing log files for heavy users of mail services etc.. , rather than putting in a ticket and waiting for us to do it for them. It makes them feel like they own the server and empowers them, making the whole experience of having a server more satisfying. Then again we have customers that do not want root and want us to do everything for them which we do also. It is up to the customer to decide what they want. I personally don't see the big deal about it.We give root on all our plans including fully managed.
Our TOS says and customers are warned if in doubt do not do it ask us for help, if you screw it up we will charge hourly to fix it. But if you want root you got it.
We have had very few problems where customers have messed a system up, most of them ask us first before they run a command they are unsure of then we either do it for them or tell them how to do it if they want to run it.
I personally don't see the big deal about it.
I think a lot of it has to do with pricing. We don't give root on fully managed boxes, but our prices reflect that because we know what our average monthly time spent per box is. So, its cost-effective for both the customer and us to not allow root.
Semi-managed, which is what most of you are referring to as "Fully managed", is priced with that in mind as well.
--TinaRackspace also gave a customer of ours a quote of close to $3000 for a managed solution. We quoted them at $750 and the only difference is that they don't get root access. Had the customer wanted root access, they could have our semi-managed solution - and the only difference would have been the number of hours per month we'd provide admin time. They'd need a HUGE amount of billable hours in order to reach Rackspace's $3000 price tag.So, I guess the difference is whatever you want to call it. We call it semi-managed at $xxx with 8 hours admin time...Rackspace calls it managed at $xxxx a month with no limit. Fully managed, to us, mean we take care of everything because you either don't want to or can't. :agree: --TinaRegardless of the price, I would call that a true managed solution..I think we're crossing over onto definitions here rather than if the client should have it, or the right to have it..Every company is going to have a different definition of managed, and quite honestly, every company has. Nothing wrong with your policy of giving or not giving root access. At the end of the day, so long as the customer knows about it, then its fine.. I'm saying for me, my definition of an ideal managed solution would be where the company will without hesitation give me root access and if I do screw anything up, they will fix it. That is my idea of a full managed solution. But you can't tell me what I want or should want and shouldn't want. If I want something and am willing to pay for it, then I don't see why it should be classed as wrong.I think a lot of it has to do with pricing. We don't give root on fully managed boxes, but our prices reflect that because we know what our average monthly time spent per box is. So, its cost-effective for both the customer and us to not allow root.Semi-managed, which is what most of you are referring to as "Fully managed", is priced with that in mind as well.--TinaNo I am not referring to only semi managed, our fully managed plan is just as fully managed as your are. The only thing we do not do under fully managed is get into programming their site for them. If they want root give em root you will find most do not screw up that often and if they do it is a easy fix most of the time.No I am not referring to only semi managed, our fully managed plan is just as fully managed as your are.
I'm not referring to what's offered. I'm referring to price. You charge more for your fully managed servers and you give root access. We charge less and don't give root access, but there's less work for us to do. We price our semi-managed (which is actually what your fully managed plans are) higher with that in mind.
--TinaI'm not referring to what's offered. I'm referring to price. You charge more for your fully managed servers and you give root access. We charge less and don't give root access, but there's less work for us to do. We price our semi-managed (which is actually what your fully managed plans are) higher with that in mind.--TinaHuh? so yo charge more for your semi managed plans than you do your fully managed plans? How does that work?Huh? so yo charge more for your semi managed plans than you do your fully managed plans?
How does that work?
Because what you call a Fully Managed server is what we call a Semi-managed server - its the same thing. Looking at your plans and looking at ours, the pricing adds up to be about the same.
What we call a Fully Managed server is a 100% managed dedicated server hosting solution (if you want to put a fancy name to it). We can charge less for it because there's less work involved for us and, as we all know, time = money.
--TinaI am confused then. Your web sites says Fully managed Monitor & Proactive Response.Semi managed Monitor & Notification Not sure what that means to you. But it sounds a lot like our fully managed and semi managed where the difference is with semi we do not have Proactive Response and our fully managed does. That is why we charge more for the fully managed. If you are doing the same but charging more are you getting many takers?I am confused then.
Your web sites says Fully managed Monitor & Proactive Response.
Semi managed Monitor & Notification
Not sure what that means to you. But it sounds a lot like our fully managed and semi managed where the difference is with semi we do not have Proactive Response and our fully managed does. That is why we charge more for the fully managed.
If you are doing the same but charging more are you getting many takers?
Fully Managed = We monitor it, get the pages at 3 am and react to fix the problem. Customer doesn't even need to be bothered.
Semi Managed = We monitor, but customer can get the notification and decide what they want to do (fix it or page/call us to fix it). If they want us to get a notice and proactively react as well, that's fine too.
The only differences between Fully and Semi is the root access issue - and unlimited admin time per month -vs- 8 hours admin time per month and DNS cluster/no cluster.
We find that semi-managed customers require more intervention. We don't actually charge more per month for those, but due to the admin hour limit I consider that costing more. For what its worth, no one has ever come anywhere near that limit.
--TinaWell as my Grand dad used to say to me. "Son that is why they make Ford and Chevy everyone gets a choice. "Well as my Grand dad used to say to me. "Son that is why they make Ford and Chevy everyone gets a choice. "Smart guy - was he a Ford or a Chevy man? Seriously, I think its just that we basically call the same thing (Service X) by different names (Fully Managed vs Semi-Managed). At this point, there is no standard on what Fully Managed, Semi-Managed and Managed Hosting actually encompasses. So, bottom line, the customer would be wise to figure out exactly what they're getting when they order. On that note, don't even get me started on VPS accounts. Probably 50% of the people who order a VPS account thinks they're getting simply a big ol' shared hosting account. --TinaIf a customer needs root access, then they don't need fully managed (by our definition of fully managed). With a fully managed server, you're paying your host to handle EVERYTHING that needs to be done as root.
Agreed. If they know what "root" is, they can ask for it and work out some half-managed deal where you go behind them fixing things they break as they pretend to know what they're doing...I would say as standard, no, but on user request grant ssh access for a period of time (predefined with the request), during this time the client's SLA is suspended, any change made during the time that the user had root access that causes a problem later on is also not covered by SLA. That covers us from users breaking their servers then trying to claim SLA credit for an issue they caused.