Choosing a Java hosting provider

TL;DR: Go for a VPS. I now use Digitalocean, they’re awesome.

Selecting a web hosting provider is a tough job for any web developer that wants to put a Java/JEE web application online. The choice is much simpler when it comes to publishing a PHP web site and there are a load of cheap (and sometimes quite reliable) PHP hosting providers to choose from with LAMP being the de facto standard in the web hosting world. But when it comes to Java hosting providers the picture becomes blurrier. The common thing that all these environments need is a Java container. The most popular choice is Tomcat but there are providers that use Resin, Weblogic or Websphere (the latter two are full fledged JEE containers).
With the raise of lightweight J2EE servers started by the Spring folks, a little revolution began in the Java world: running enterprise-grade JEE webapps without the need for an EJB container; a servlet container is enough. Tomcat should fill the bill for just about any Java web application that doesn’t use EJBs. The advantage that comes from running a servlet container is the smaller footprint compared with an EJB container. This is critical when it comes to selecting hosting environments since you’re paying for resources (especially RAM) that have to be sized to accommodate the memory requirements of the web application.

Self hosting: Home-based dedicated server (near $0)
homepcYou can use your home internet connection and a PC where the web container runs and deploys your web application. There is an obvious advantage since the server is physically located close to the development team: complete control and physical access to the machine. The other big plus is the price: you’re already paying for the internet connection and chances are you already have a PC that can be transformed into a server. And chances are that you already have a development environment that can be the basis of the production deployment. Here are the shortcomings:- Bandwidth limitations: the webserver where the webapp lives will upload content to the web browsers that access the application. The upload bandwidth is smaller than the download bandwidth and will result in longer load times for web clients.
– Some internet providers cap the internet traffic so you may run beyond the limit.
– You may violate contractual obligations you agreed with your Internet provider by running your own web server.
– The internet connection is not reliable: provider’s downtime directly translates in downtime for your webapp.

Managed hosting ($6 and up)
This is the cheapest solution but it poses the most restrictions. The main limitation is the inability to deploy webapps that depend on Java bytecode manipulation at runtime, mainly Hibernate and Spring. This is due to classloading security constraints that prevent the bytecode manipulation libraries (CGLIB or javassist) to perform runtime code enhancements.
Working with managed hosting environments poses more limitations:
– Deployment: some popular hosting providers deploy once a day: you drop the war file or the exploded war in a specific folder on the hosted environment and it will be deployed at a specific time picked by the provider (more here). If it fails, you have to wait another day till the app will be redeployed or pick a provider that supports instant drop&deploy.
– Debugging a failed deployment: I couldn’t make log4j write the log into a location on my hosted file space so I had to resort to a JDBC appender to actually see what causes a failed deployment. This required two deployments (one to try a location on the hosted folder and a second one to use the JDBC appender; that’s two days due to the deployment constraint detailed above) and the issue turned out to be the classloader security issue preventing CGLIB to change the bytecode. I have only tried to deploy a war file with Hibernate and Spring dependencies in Godaddy’s Java hosting environment (their Linux Deluxe plan) before I gave up on managed Java hosting.
– Sharing the environment with other webapps. Your app will be deployed along with other applications and compete for the same resources.
– Access to server logs and traffic stats is very limited. You can only use Google Analytics (or similar) but not Awstats (at least not for free).
– Outgoing traffic may be restricted or blocked.

Unmanaged hosting solutions
Unmanaged doesn’t necessarily mean that the hosting company doesn’t manage anything, they just leave the actual OS administration in your hands so you’ll have a physical server under your complete control, everything else from network management to hardware maintenance is done by the hosting company. You/your team has to have solid server administration knowledge: Linux, Apache, Java AppServers, software firewall (iptables), backup/restore, monitoring, security, patching, DNS and more. A web administrator inside your team usually takes care of all these details. After the machine is up and running you are free to install and run any Java container and deploy your application.
Below are the options when choosing to run a dedicated server.

Colocated server ($70 and up)
mountcoloYou can colocate the server which means that you buy then ship your own rack-mountable server to a data centre where it will be installed by on-site technicians. The monthly fee you’ll pay starts at around $70 (prices are per one unit which is a slot in the rack) and includes the rack space rental, network connectivity, location security, 24/7 power (not counting mishaps), etc. Denial of Service prevention services are usually provided as part of the package.
There is complete freedom in terms of the deployment environment since you own it. However, there are two problems that come with this solution:
– Initial cost associated with buying rack-mountable servers that usually start from $1.5k (check SuperMicro, they’re good). These machines contain redundant components to cope with failures.
– Maintenance: When components break you have to manage their replacement. If the whole machine crashes then your website will be offline until the machine is replaced.

Rent a dedicated server ($100 and up)
fullrackInstead of buying your own server, you can choose to rent a dedicated server from the hosting provider. Kevin Rose unveils how digg.com was initially hosted on dedicated servers rented from Ev1Servers.net (see full article). The benefit of this solution is the lower initial cost compared to colocation, beginning at around $100/month and of course the complete control over the environment. The drawbacks are the same as colocation except for servicing the box that falls under the hosting provider’s responsibility.

Virtual Private Server ($20 and up)

vpsnodesA VPS ” is a method of partitioning a physical server computer into multiple servers”. Each of these partitions behaves like a full fledged server, has an IP address and can be reachable from the internet. The computers that are VPS partitioned, sit on the hosting provider’s infrastructure. The provider is responsible for network connectivity, bandwidth and continuity of service in case of physical server failure. There are two main VPS software providers: Virtuozzo and Xen. Of the two, I recommend Xen-based VPS providers since the virtualized machines cannot be oversold and thus you’ll get consistent performance for the money (a detailed explanation here). The main benefit of the VPS is the excellent price/performance ratio starting as low as $20/month. Another big advantage is the ability to “resize” the virtual partition on demand in a matter of minutes (you’ll pay more of course), add more virtual machines to your deployment () as well as “relocating” it to a different data center
if the provider has multiple locations (West Coast and East Coast for instance). Root access is also provided. The drawbacks are:
– the operating systems that you can run are controlled by the hosting provider and usually are Linux distributions (here’s an example). However, the choices are very popular Linux distros.
– you have to have server administration expertise.
I run this blog, spincloud.com and the rest of my web properties on a VPS. I use the excellent Linode after I had switched from Slicehost, having performance issues. I am quite happy with Linode, their service rocks and they’ve been delivering consistent performance since day one.

Cloud services (EC2: $100 and up)
cloudCloud computing is today’s trend. The company that kick-started the trend was Amazon with their Elastic Computing Cloud. EC2 is actually an advanced form of VPS: you can run your own virtual machine image (or AMI) or pick one from the existing stock. After the AMI is booted and configured, you have the liberty of installing any Java environment. You get root access too.
From the high profile websites, Smugmug uses EC2 and S3 and they save money doing so. In fact Smugmug was one of the early adopters of Amazon’s cloud services.
Drawbacks:
– If you reboot the machine or if it simply crashes then all data is lost, including any database records you happen to have. This was a real problem for developers until Amazon added the possibility to mount a persistent S3 volume in an EC2 instance. S3 stands for Simple Storage Service and is Amazon’s offering for cloud-based storage.
– You have to learn new terminology and set of skills that are applicable to Amazon’s problem-set only. You’ll also tie the solution to a single vendor.
The cost for an EC2+S3 starts at close to $100/month.
If you’re thinking of using the dirt-cheap (starts free) Google AppEngine for deploying a Java application you’re out of luck, they only support Python. Update: Google has added Java support to Appengine. at the begining of April. I have a dev account and I’ll evaluate it in a separate post.

Common concerns when selecting a hosting provider
Price
Don’t pick a service just because it’s cheap. Perform some due diligence on the company, where their data centers are located and how good their service is. You don’t want your website hosted on the wrong side of the world. Monitor WebHostingTalk forums; hosting providers often run promotions there.
Look for monthly plans and don’t commit to yearly plans since you may end-up being unhappy with the provider and with no choice to get out of the contract.
Be suspicious when you see associated setup fees coming with setting-up an account. They are not refundable and good hosting providers simply don’t have them.

Uptime
You want no interruption in service for your web servers so uptime is a must. You can’t afford to have downtime since it translates directly into lost customers and ultimately lost business. Look for hosting providers that offer SLAs (Service level agreements) and have proven reliability. Netcraft is a neat tool that measures the reliability of hosting providers on a monthly basis. Look for the providers that guarantee five nines (99.999%) uptime, that is five minutes a year.

Technical support
My personal experience is that I used the tech support while I was using a shared web hosting. I haven’t used any after moving to the VPS.

Transfer volume
Perform some basic calculations for the required traffic based on the expected traffic and data volume sent out. Providers bundle 200GB/month or more in their offerings these days. This should be enough for most of the cases. Make sure your website doesn’t get cut-off if your traffic spikes and/or you’re not paying a ridiculous amount of money per GB if you go beyond your quota.

Security
All hosting providers offer a form of protection against DDOS but you are responsible for the software that runs on the server. I got the online forum I was running for Newsplorer hacked a couple of years ago because I didn’t upgrade the forum software to patch a security vulnerability that was promptly exploited.

Backup
Hosting providers offer backups or you can do it yourself with a bit of effort and some cron knowledge. Save the backed-up files on a different location (I use S3 for my backup needs but there are free solutions too).

Tagged with: ,
Posted in hardware, java, software, tools