In online retail conversions are obvious – the visitor needs to buy something. But a conversion can be any path the website owner wants a visitor to take. For insurance sites, it might be taking out a policy, and for automotive sites it might be booking a test drive. For this website, we want blog visitors like you to be exploring our services. Hint hint.

Regardless of your metric, a conversion is a very special thing. I’ve seen the word used in corporate boardrooms with the same awe and thoughtful silence that I’ve seen my sister, a mother of 3 children under 2, use the word ‘sleep’.

Conversion rates for successful websites are generally between 0.20% and 2%, depending on the type of site and the classification of a conversion. An organisation can devote considerable time and resources into pushing their conversion rate as high as possible. Efforts to increase conversions will generally focus on marketing and design. A nicer looking website will convert more, just as a well-placed Google advertisement will.

52% of online shoppers are likely to abandon their purchase if made to wait more than 2 seconds for a page to load

But there is a third area that is not often considered for it’s impact on conversions. That is, of course, the area of hosting. Hosting might seem out of place in a discussion about conversions but it’s impact is far greater than many realise.

One of the most effective hosting techniques for increasing conversions is to improve page load times. Research performed by Forrester in 2009 found that 52% of online shoppers are likely to abandon their purchase if made to wait more than 2 seconds for a page to load. This report was commissioned by Akamai, the world’s leading Content Delivery Network provider, and BrightHost is a hosting company which uses Akamai’s services. So it’s not surprising that we might pull that statistic out in this discussion.

Conversions, Performance, and Revenue

A business can succeed or fail based on one-tenth of a percent. It might not seem like a big number but it’s impact on a medium-sized online store can be remarkable. Allow me to use a fictional online retailer to demonstrate my point. For this exercise, let’s consider an e-commerce supplier with the following performance:

Both of these results can be achieved through better page performance. This is no different to making a bricks-and-mortar retail client wait 1 minute longer in a queue to be served. The faster you can interact with your visitors the more likely they are to buy from you.

Giving Away Sales

What happens when your site doesn’t work, or pages take too long to load? If we’re making $6,000,000 for the year, that’s an average hourly revenue of $685.

poor performance and downtime will not just cost you sales, it will give them to your competitors

If our website works 99.5% of the time, we can expect to see 44 hours in the year where it doesn’t work! That seemingly irrelevant 0.50% downtime has just cost us over $30,000!

That figure gets worse as we work to increase conversions and attract more visitors. But that’s not the end of it, there is the immediate loss of a sale, sure, but downtime and poor performance does much, much more damage…

• If you were advertising, you’ve paid for a click that had no chance of success
• New shoppers will hit Back in their browser, and click on the next ad or search result.
• Returning shoppers may feel frustrated, and less loyal to your brand

What I find most disturbing about this prospect is that poor performance and downtime will not just cost you sales, it will give them to your competitors! Everyone who wants to buy your well marketed and well presented product will feel driven to the competitors better performing website.

Australian businesses which are expanding into Asia can benefit from using our new Hong Kong facility to host content closer to their target markets. This dramatically improves performance and page load times, which will lead to increased conversions. Another key advantage of our offering is that it is managed and operated from our Melbourne offices, providing local representation and accountability.

This new facility has been developed as part of our long term strategy in the region. We’ve been fortunate enough to find some amazing partners to work with in the region and I’m pleased to say that some of our customers are already reaping the rewards of this investment.

Our Hong Kong site has been designed and built by BrightHost and is managed end-to-end by BrightHost, so our customers can have confidence in the solution. The design and operation of the site is based on our existing world-class Melbourne and Sydney facilities, but we’ve been able to introduce some new methodologies into this facility and we’ve been really excited by the results.

Click here for the full press release.

In this business you can always count on things breaking, no matter how hard you try to prevent it. Indeed, the first step to good network design is to accept that things will fail, so that you can plan accordingly.

The more complex and intricate a system is, the more difficult it will be to find and rectify the cause of any given fault.

A Complex Failure

I am of course referring to the recent three-day outage of Amazon Web Services. There can be no doubt that the AWS system is about as complex as hosting environments can get. Part of this is due to the sheer number of customers that AWS enjoys, but another part I believe is a result inherent to poor design.

Some may not agree with my summary that Amazon’s problems are the result of poor system design. For those, I’d venture the following three points:

• Amazon’s ‘Summary‘ of the outage is 11 pages long.
• It took the world’s largest cloud computing company 3 days to fix.
• The original problem was created through “routine maintenance” and thus, arguably, foreseeable.

Regardless of your opinion, I’m sure you can agree that a three day man-made outage is unacceptable for any business.

I’m Pro-Cloud

Following the Amazon outage, critics across the Internet went into a frenzy. It seems to me that the vast majority went straight into blaming the cloud and highlighted the outage as a key argument against our current evolutionary trend.

The problem with the anti-cloud argument is that it assumes that cloud computing is a relatively new thing that’s still untested. The fact is that most cloud computing operations provide nothing more than a new way of presenting and interacting with existing tech. If ‘existing tech’ means well designed and maintained simple systems, then problems of this scale and complexity cannot occur.

For the CIO, there’s nothing new here. The job of a CIO is to choose suppliers who have well-designed systems and a strong technical capability. Choosing a cloud computing provider is no exception and needs no special rules, but here’s a couple of thoughts on what to look for when choosing a cloud provider:

• Get a copy of their technical network diagram. The simpler the network is, the easier it is to fix.
• Ask about training and documentation. Can staff easily understand the environment?
• Do they have a disaster recovery plan? Is it clear and is it rehearsed?

Unlike in the real world, if a user is unable to access your site, your competitors are never more than one or two clicks away. If I go to a site and it’s down for maintenance or worse showing an error, I’m not going to waste any time thinking about them. I’ll go simply somewhere else.

So here it is from the other side of the coin…

Most websites start simply and only need a single web server and database server to hum along. When a website is successful or belongs to a large brand with lots of customers, a single web server just won’t be able to serve enough customers at one time. Left unaddressed, you might find that you’re now facing some tough questions from some unforgiving folk:

• Why is our site so slow?
• Why is our site down all the time?
• Why does the site have to go down while maintenance/upgrades?

As nice as it would be, simply adding more web servers will create more problems then it will fix. This comes down to the problem of sticking a visitor to one of the web servers in your new farm. If a visitor is suddenly moved from one server to another, they will lose their session data and things like their shopping cart will disappear.

This is where load balancers come in.  When a user comes in from the internet and hits the load balancer, based on one of a few different algorithms the load balancer will decide which server is best suited to receive that user. This “balances” your site’s traffic across two or more servers and then remembers where that user went so their future requests stay with the same server.

Benefits of Load Balancing

So what makes load balancers so special? Well I’m glad you asked! Because of their ability to remember users and find the fastest servers to send new users to, load balancers help growing websites to:

• Handle spikes in traffic by smoothly and quickly adding new servers
• Perform maintenance and upgrades without downtime
• Reduce downtime by sending users on broken servers to standby servers
• Decrease page load times by compressing and caching content on-the-fly

Got an advertising campaign coming out soon?  Expecting a temporary spike in traffic? Load balancers let you quickly add new servers and afterwards, when it’s died down a bit we can take them out and have cake to celebrate.  It’s an easy and smooth process, and a good example of how well this solution is able to scale with changing requirements.

Load balancers can also be used to perform SSL transactions, or to cache and compress content with specific hardware circuits, which decreases the load on each individual web server and improves page load times.

Overview

Obviously this article is brief and intended to give only a basic overview of the concepts. These devices are an invaluable tool in providing scalable, high up time, and above all reliable websites. The ability to keep a web site online during maintenance and deployments is invaluable in the quest to offer your visitors the best experience available..

When it comes to SQL Server databases, there is a simple and cost-effective way to protect your data. The solution involves keeping two identical copies of the data in two geographically separate locations, using a technique calls SQL Server Transaction Log Shipping.

At first glance, a set up like this seems too complex and expensive, but in reality Transaction Log Shipping, or TLS, makes it easy to set up and maintain two copies of a database. Log shipping takes advantage of the transaction log backup and restore functionality found in SQL servers. As you would have guessed by now, you do of course need two database servers and depending on the number of write transactions performed, a reliable high-capacity connection between them.

The entire process can be explained in 3 steps:

• Backup the transaction logs on the primary server.
• Copy these logs to the standby server
• Restore the logs on the standby server

By default, the transaction log backup occurs every 15 mins. You can change this depending on your business requirements, have it run every minute if you want to but make sure that the log backup doesn’t take longer than a minute to complete. Personally I feel that 15 minutes is ideal.

On the standby server, the databases can be restored in two ways; No Recovery Mode or Standby Mode. No Recovery Mode doesn’t allow user access to the recovery database whereas Standby Mode allows read-only operations to be performed.   You also have the option of setting up a monitoring server. This monitor needs to be set up on a separate server, to prevent from creating a single point of failure.

One important thing to bear in mind with regards to Log Shipping is that, in the case of a disaster where the primary server has gone offline, some minimal level of user interaction is required to make the standby server the new primary. This is where monitoring of your setup comes into play. You need to know immediately when things don’t work according to the plan. Monitoring your disaster readiness is the most crucial and most often ignored aspects of an environment.

There’s a few gotchyas to look out for:

• The database must use full or bulk recovery model. If you have a Simple recovery model in your current enviroment, converting it to full or bulk recovery is a fairly straightforward process.
• The standby server should have a similar spec compared to the primary server, if you want to maintain a consistent user experience. No point in having a standby server, which cannot handle the load when it needs to.
• Appropriate permissions need to be in place. This can be easily verified during the initial setup process, if there’s a failure during setup, double check your permissions.
• There’s also a not so widely known requirement, but the primary and standby servers, should have the same case-sensitivity settings.

For some businesses Log Shipping might not be the ideal solution but it in my opinion, its one of the easiest, most cost effective ways to protect your data.

If you’re an engineer you can probably appreciate my belief that the warning signs were there at Sony, and that they undoubtedly had people calling security issues, out only to be told the budget wouldn’t cover it. We see this every day, and I must defend the managers because security spending tends to be a bottomless pit and few know quite where to start.

Mind you, I wouldn’t want to try rationalising my views to anyone at Sony right about now.

Preventable Breaches

A Verizon Business/US Secret Service 2010 report concluded that 96% of security breaches were “avoidable through simple or intermediate controls”. That figure might seem a bit ridiculous yet most of the clean-up operations I’ve been involved in resulted from easily avoidable hacks.

Fortunately there are 5 simple, low-cost controls you can deploy which will dramatically increase security without sending the bean counters into a spin.

By making sure that your supplier enables these five simple controls, you can open your server to the world with confidence that your data and your brand are secure.

Five Controls for Secure Hosting

These steps form part of any effective Defense in Depth strategy. Defense in Depth is the process of ensuring that a failure of any one security system does not compromise the protected application, because secondary and even tertiary systems are in place.

Control #1: Intrusion Prevention System

An Intrusion Prevention System, or IPS, is a network device which automatically scans all incoming unencrypted traffic for known malicious signatures and abnormalities. This includes things like SQL injection attempts, server exploits, and Denial of Service attempts. If it detects a malicious request, the IPS blocks the traffic before it reaches the actual web server.

With daily signature database updates, an IPS provides a significant security bonus by automatically blocking the vast majority of common and automated attacks.

Control #2: Outbound Firewall

Most servers have a firewall protecting against unwanted incoming traffic but frankly this is almost pointless. Simply by putting a server on the Internet you’re inviting people to come play with it, and you’ll be intentionally opening services which may be vulnerable. An Intrusion Prevention System is the only way to effectively filter incoming traffic.

An outbound firewall stops a successful vulnerability exploit from become a successful hack. If the code an attacker can insert into your website can’t report in for updates and instructions, it becomes a bull without horns.

Control #3: Tripwire

It’s a common misconception that you’ll know when you’ve been hacked. The reality is quite different. I’ve consulted on instances were servers have been hacked and left that way for months before anybody noticed!

Using a tripwire system on your server will help you when a sophisticated enough attack has bypassed your other defenses. A Tripwire system monitors critical system files and sets off an alarm whenever they change unexpectedly. It’s your last line of defence and if you don’t have it you’re basically running on hope.

Control #4: Isolation

To be a competitive hosting company, you need to share some resources among your clients. One extreme method of this is to put multiple customers on the same network segment, having them share the same firewall and security systems. This means that each customers’ server is fully exposed to other customer servers.

Yes, sharing security resources saves money but it completely defeats the purpose. If you open your server to anybody else, internal or external, you become dependent on their ability to secure their own server.

Control #5: Vulnerability Scanning

Scanning involves a trusted, independent vendor periodically testing your server for weakness using the latest techniques. This ensures that if your security systems are failing or no longer up to the task, you’ll find out about it the easy way.

The Plug

It wouldn’t be a corporate blog without the corporate plug! All of the controls discussed here, and more, are included by default all of our Dedicated Cloud Server options. We see security as the biggest threat facing any online brand and we’ve deployed multiple controls and processes to ensure that our customers enjoy some of the most robust hosting around, without having to ask for it.