Business needs of a optimal secure Magento hosting
- Reasonable response times for each hit – server response is a critical factor to overall page load time.
- Appropriate use of memory and other resources.
- Cost effective solution – neither a cheap solution that may not work nor an over engineered expensive one that may never get used.
- Path to scalability should be well defined depending on the business need for the next 3, 6 or 12 months.
- best possible security for your customers’ data and the infrastructure.
- Serve valid human traffic and keep BOTs out.
- Reasonable protection against DOS attacks.
- Web Application Firewall to keep application hacks like SQL Injection at bay
- Backup and disaster recovery
- Efficiently done automatically in background
- Minifiy css and js assets
- Generation images of various sizes needed in the app
- Optimize images on load or on generation
- Configurable alerting when site slows or breaks
- Dashboard to see system performance
- Debug help for developers when something breaks
Renting a server for hosting is now a commodity. Most vendors have very similar offerings. A multi vendor strategy that as far as possible avoids vendor lockin is needed. Managed hosting from a provider with multi vendor capability will help you keep your processes and choices clear.
Can this be achieved?
Hosting a Magento website does not have to be either an ignored problem nor should it be rocket science (or maybe magic even). Firm scientific principles can be used to ensure a website is well hosted and has alerts when the system goes out of capacity.
Our standard Magento stack and some configurations :
- serves static content.
- use fastcgi and php-fpm to serve Magento traffic.
- load balance as you scale or as per traffic pattern.
- rate limit from a single IP to protect against DOS attacks.
- restrict bad IPs from accessing the sites.
- allow or keep away BOTS based on their User Agent signature.
- Used for storing cache and sessions in memory
- Configurations of Full Page Cache include memory limiting
- sessions rejection based on rate preventing the famous Magento lock
- oracle mysql is improving but Percona and Mariadb perform better even now
- Percona has a better toolset
- Mysql for Magento requires configured balance between memory available and cache sizes
- Cloud tool to analyze log file data from live site
- Dashboard to show crucial parameters from the site
- Alerting when site slows or gives error
- Alerts from analyzing actual hits on the site
- See Top 10 IPs, BOTS to help decide what to block or allow
- Rate limit blocking to help find good from bad
- Automatic and offline minification of css and js assets
- Automatic Image optimization on upload and generation of images