Aldryic C'boas
The Pony
What is wrong with you people. (Yes, that was rhetorical). One looks at the VPS industry, and it's small wonder that people regard VPS providers as a joke; something just to utilize when you just have a couple bucks laying around. Companies filled with kids that couldn't write their own code if their lives depended on it - dependant on shoddy, repeatedly compromised systems like Solus to do the work they have no clue how to perform on their own.
Providers that continuously make asses of themselves publicly - basking in the attention of hate-filled drama threads, doing anything they can to make a sale; then having the audacity to cram clients onto overloaded, bargin-bin hardware and scream at them if they dare post any kind of public complaint. Children that frequently 'employ' people that they have never met, and are oft school kids themselves, to be their directors and administrators. Operators that can't even be bothered to vet their own orders and have to rely on unverified public input to make their decisions for them - if they even bother to do that. Some of you clownshoes will accept any order that comes in if it means another payment. It's absolutely embarrassing. I don't even like to tell people that I work for a VPS company any more. "Oh, you're one of 'those'." "No, no, we're actually a real establishment." "Sure, that's what they all say."
Still with me? Good, let's change up the tone a bit.
Presentation / Professionalism
If you're a provider, and you read through the last couple of paragraphs without getting upset, offended, or taking any of that personally? Pat yourself on the back. Seriously - you already have the thick skin and right attitude that so many people desperately need. You can (and likely do) deal with clients that are far more obnoxious and scathing than my little routine there, and maintain a professional approach to handling them.
And if you did get offended? Don't beat yourself up over it - it's a natural reaction, and overcoming that can take an incredible amount of self control. When you get obnoxious tickets, don't respond to them right away. You'll default to wanting to be defensive, which leads to justification, which can very easily lead to saying something you will regret. Take a short break, they're not going anywhere, and do something you enjoy. Pour a drink, have a smoke, put a snake in a co-worker's desk - just take five minutes to 'reset' your mentality. You'll find it much easier to come back to that ticket after and give a professional reply. Not only will this satisfy most clients (let's face it, real jerks are rare, and most of these tickets are just people having a bad day), but it also protects you from any kind of public fallout should they decide to go run to here/WHT/LET and scream about how you bad-mouthed them.
Software / Panels
It's not easy to create in-house platforms (as an increasing number of people are finding out - the hard way). Management systems like SolusVM and WHMCS are incredibly complex (often excessively so), and not everyone is going to have the time, patience, and aptitude to build in-house systems. But at the very least, you should be comfortable with making minor modifications or addons to the systems you do use. Hooks for WHMCS to automate some of your daily management; simple scripts to tie into SolusVM's API and take care of some clean up; even learning to setup and maintain your own database replication to ensure reliable backups. Not only will this help in building your own programming skills, but will also greatly familiarize you with the platform's back end. That knowledge is invaluable for troubleshooting problems on your own without having to rely on their support team, and also gives you a better understanding of what all you will need to consider if you do decide to create an in-house replacement.
There's nothing inherently wrong with using third party software, you just have to be very cautious about what you trust. We've all seen (and in some cases, experienced) the horror stories of vulnerabilities against WHMCS and SolusVM. Having a strong familiarity with the systems you use will help you secure them properly. These management panels are tools, not shortcuts - and in inexperienced hands, a nail gun is just as likely to cause a great deal of grief as it is to properly secure a fixture.
Avoiding Fraud and Abuse
Low cost of entry. One of the biggest benefits of the VPS Market is also one of its greatest liabilities. Whether it's a provider just starting out that can't afford to specialize in more costly services, or the folks that are forced to compete based on price alone, the typically low cost of a VPS service is irresistible to skids, spammers, and abusers. Sure, some days you might really need the sales, but turning away a 5$ order is always preferable to having to give out 500$ in SLA credit for outages and people upset over their neighbours landing them on an SBL.
You're going to see abuse of one kind or another no matter what you do, but there are a few things you can do to drastically limit just how much you get:
Contact Information: Take a few moments to review the information a client submitted when signing up before you accept their order. Did they give you a fake address, mail-forwarding, or other non-residential location? Likely worth looking into. Fake name or initials? They don't want their actions traced back to them. Sure, some folks simply don't like putting their real information out there - but as I explain to our clients, trust is a two way street. If they don't trust you to take appropriate measures to keep their information private, can they really expect that you trust them to not cause any trouble?
Payment Information: Accepting PayPal, or other gateways with a verbose IPN? Take a moment to look at your transaction log. If you're seeing a high amount of fraud or disputes, it's worth considering enacting a policy where payment must come from a verified PayPal account, and/or requiring that the name on said PayPal account match the information they registered with.
Order Information: A new registrant that rings up 300$ in service for his first order, especially if wanting to pay via Credit Card, will likely cause you some heartbreak. At the very least get positive identification on the person to cover your own back for when the card issuer comes looking for blood over the stolen CC transaction. Same applies to someone suddenly jumping in and ordering a bulk number of IPs. Get some justification, find out what they're wanting to do with it before you turn them loose. Pay attention to hostnames - there are plenty of skids stupid enough to sign up and name their service 'ccbooter' and such.
Service Quality
It's very easy to just throw up some OpenVZ nodes and start cramming them with '300TB BW' plans, overselling the resources several times over. Overselling itself is a sensitive topic for many, and not one I'll get into - but just be aware of what your nodes can actually handle. Get a feeling for just how much stress your nodes can comfortably bear - and then err on the side of caution and expect double that in live production. You don't actually need to have abusive users on a node to see performance degradation - all it takes is a handful of moderate-usage clients having top of the hour cron jobs to bring a node to its knees if you're not careful.
Quality over quantity should be your goal. You want clients to sign up not because they heard that you sell more VPSes than anyone else, but because they've heard that the VPSes you sell are stable and offer steady, reliable performance. Having more clients/nodes than everyone else counts for nothing when your churn rate is so high that you have to offer ridiculous yearly sales for quick cash to try and make ends meet. Which leads us to:
Pricing
Yes, it's a competitive market. But as we've all witnessed time and again, trying to use price as your competitive edge is a recipe for disaster. Plan out your plan/node designations in advance, and ensure that even if your nodes are only half filled, you're still in the black at the end of the month. Keep your pricing standardized and stable. If you wish to offer coupons, do so with specific limitations in mind - don't just discount an already-available service with no restrictions, or you'll quickly find that many of your clients that already have that plan at normal cost have no problems with cancelling their current service to re-subscribe at the lower rate.
Extended billing cycles can be appealing, but must be used in moderation. Don't offer a ridiculous discount for paying a year+ up front - you may end up with a nice pocketbook for the month, but then you're back to not seeing recurring income from those sales again for a long time. By all means, give minor benefits for paying annually - but not so nice that it would cause fiscal trouble should many of your clients decide to switch over.
Set your pricing for what you feel is a fair cost for what you offer. If you must use your competition as a guideline for pricing, start a little ways higher than the midpoint between highest and lowest costs. One of the worst things you can do is start off at a low price point - while it's unlikely that you'll ever see cancellations should you decide to lower costs, starting low and then realizing you can't make ends meet will result in a punishing bleed once you try to raise existing costs.
Security & Trust
I already went over software security earlier in the post - this concerns more the people you choose to employ and work with. You don't have to be best friends with your employees (and indeed, it is often better if you are not), but you must be cautious in whom you decide to hire on. Ask yourself if you would be comfortable with the person house-sitting for you while you were away. If you wouldn't trust them in your home, why would you ever trust them with explicit access to your clients' personal information, payment details, and essentially root access to their services with you?
Even if you do trust them implicitly - are they the right person for the job? Do you trust them because they are professional and have a solid reputation and work ethic? Or do you trust them because they sell you weed and you need a ticket monkey? It's not just your company at stake - it's your reputation, and more importantly, your clients' trust. If you want to hire on a student because they have the enthusiasm, and perhaps even the technical know-how to get the job done - great. I mean hey, everyone has to start somewhere, and helping someone gain the experience they need to make a foothold in their chosen career path is a noble thing. But make no illusions about who they are - and under no circumstances have the audacity to tell your clients that your employee is an 'expert/professional'.
Trust is a *major* deciding factor in this market; especially given the numerous compromises, scandals, providers allowing NSA data taps in exchange for amnesty, and so on. Earn your client's trust, and you'll likely have a client for life. Break that trust, and you might as well resign yourself to endless clean up from skid usage, who will be the only group still willing to use your services.
Wrap Up
At the end of the day, the decisions you make are what shape the quality of your service, and the reputation of your company. There is no easy short cut to establishing and maintaining a successful VPS operation - you have to be willing to put in the time, effort, and dedication to stay afloat. And what works for one company might not work for you - but what's important is that you know your limits, both in performance and in your pocketbook, and not get into something over your head. Need help or advice? Ask around. There are plenty of folks that are more than happy to give advice.
Just don't be that guy that keeps asking if you'll solve their problems for them. Nobody likes that guy.
Providers that continuously make asses of themselves publicly - basking in the attention of hate-filled drama threads, doing anything they can to make a sale; then having the audacity to cram clients onto overloaded, bargin-bin hardware and scream at them if they dare post any kind of public complaint. Children that frequently 'employ' people that they have never met, and are oft school kids themselves, to be their directors and administrators. Operators that can't even be bothered to vet their own orders and have to rely on unverified public input to make their decisions for them - if they even bother to do that. Some of you clownshoes will accept any order that comes in if it means another payment. It's absolutely embarrassing. I don't even like to tell people that I work for a VPS company any more. "Oh, you're one of 'those'." "No, no, we're actually a real establishment." "Sure, that's what they all say."
Still with me? Good, let's change up the tone a bit.
Presentation / Professionalism
If you're a provider, and you read through the last couple of paragraphs without getting upset, offended, or taking any of that personally? Pat yourself on the back. Seriously - you already have the thick skin and right attitude that so many people desperately need. You can (and likely do) deal with clients that are far more obnoxious and scathing than my little routine there, and maintain a professional approach to handling them.
And if you did get offended? Don't beat yourself up over it - it's a natural reaction, and overcoming that can take an incredible amount of self control. When you get obnoxious tickets, don't respond to them right away. You'll default to wanting to be defensive, which leads to justification, which can very easily lead to saying something you will regret. Take a short break, they're not going anywhere, and do something you enjoy. Pour a drink, have a smoke, put a snake in a co-worker's desk - just take five minutes to 'reset' your mentality. You'll find it much easier to come back to that ticket after and give a professional reply. Not only will this satisfy most clients (let's face it, real jerks are rare, and most of these tickets are just people having a bad day), but it also protects you from any kind of public fallout should they decide to go run to here/WHT/LET and scream about how you bad-mouthed them.
Software / Panels
It's not easy to create in-house platforms (as an increasing number of people are finding out - the hard way). Management systems like SolusVM and WHMCS are incredibly complex (often excessively so), and not everyone is going to have the time, patience, and aptitude to build in-house systems. But at the very least, you should be comfortable with making minor modifications or addons to the systems you do use. Hooks for WHMCS to automate some of your daily management; simple scripts to tie into SolusVM's API and take care of some clean up; even learning to setup and maintain your own database replication to ensure reliable backups. Not only will this help in building your own programming skills, but will also greatly familiarize you with the platform's back end. That knowledge is invaluable for troubleshooting problems on your own without having to rely on their support team, and also gives you a better understanding of what all you will need to consider if you do decide to create an in-house replacement.
There's nothing inherently wrong with using third party software, you just have to be very cautious about what you trust. We've all seen (and in some cases, experienced) the horror stories of vulnerabilities against WHMCS and SolusVM. Having a strong familiarity with the systems you use will help you secure them properly. These management panels are tools, not shortcuts - and in inexperienced hands, a nail gun is just as likely to cause a great deal of grief as it is to properly secure a fixture.
Avoiding Fraud and Abuse
Low cost of entry. One of the biggest benefits of the VPS Market is also one of its greatest liabilities. Whether it's a provider just starting out that can't afford to specialize in more costly services, or the folks that are forced to compete based on price alone, the typically low cost of a VPS service is irresistible to skids, spammers, and abusers. Sure, some days you might really need the sales, but turning away a 5$ order is always preferable to having to give out 500$ in SLA credit for outages and people upset over their neighbours landing them on an SBL.
You're going to see abuse of one kind or another no matter what you do, but there are a few things you can do to drastically limit just how much you get:
Contact Information: Take a few moments to review the information a client submitted when signing up before you accept their order. Did they give you a fake address, mail-forwarding, or other non-residential location? Likely worth looking into. Fake name or initials? They don't want their actions traced back to them. Sure, some folks simply don't like putting their real information out there - but as I explain to our clients, trust is a two way street. If they don't trust you to take appropriate measures to keep their information private, can they really expect that you trust them to not cause any trouble?
Payment Information: Accepting PayPal, or other gateways with a verbose IPN? Take a moment to look at your transaction log. If you're seeing a high amount of fraud or disputes, it's worth considering enacting a policy where payment must come from a verified PayPal account, and/or requiring that the name on said PayPal account match the information they registered with.
Order Information: A new registrant that rings up 300$ in service for his first order, especially if wanting to pay via Credit Card, will likely cause you some heartbreak. At the very least get positive identification on the person to cover your own back for when the card issuer comes looking for blood over the stolen CC transaction. Same applies to someone suddenly jumping in and ordering a bulk number of IPs. Get some justification, find out what they're wanting to do with it before you turn them loose. Pay attention to hostnames - there are plenty of skids stupid enough to sign up and name their service 'ccbooter' and such.
Service Quality
It's very easy to just throw up some OpenVZ nodes and start cramming them with '300TB BW' plans, overselling the resources several times over. Overselling itself is a sensitive topic for many, and not one I'll get into - but just be aware of what your nodes can actually handle. Get a feeling for just how much stress your nodes can comfortably bear - and then err on the side of caution and expect double that in live production. You don't actually need to have abusive users on a node to see performance degradation - all it takes is a handful of moderate-usage clients having top of the hour cron jobs to bring a node to its knees if you're not careful.
Quality over quantity should be your goal. You want clients to sign up not because they heard that you sell more VPSes than anyone else, but because they've heard that the VPSes you sell are stable and offer steady, reliable performance. Having more clients/nodes than everyone else counts for nothing when your churn rate is so high that you have to offer ridiculous yearly sales for quick cash to try and make ends meet. Which leads us to:
Pricing
Yes, it's a competitive market. But as we've all witnessed time and again, trying to use price as your competitive edge is a recipe for disaster. Plan out your plan/node designations in advance, and ensure that even if your nodes are only half filled, you're still in the black at the end of the month. Keep your pricing standardized and stable. If you wish to offer coupons, do so with specific limitations in mind - don't just discount an already-available service with no restrictions, or you'll quickly find that many of your clients that already have that plan at normal cost have no problems with cancelling their current service to re-subscribe at the lower rate.
Extended billing cycles can be appealing, but must be used in moderation. Don't offer a ridiculous discount for paying a year+ up front - you may end up with a nice pocketbook for the month, but then you're back to not seeing recurring income from those sales again for a long time. By all means, give minor benefits for paying annually - but not so nice that it would cause fiscal trouble should many of your clients decide to switch over.
Set your pricing for what you feel is a fair cost for what you offer. If you must use your competition as a guideline for pricing, start a little ways higher than the midpoint between highest and lowest costs. One of the worst things you can do is start off at a low price point - while it's unlikely that you'll ever see cancellations should you decide to lower costs, starting low and then realizing you can't make ends meet will result in a punishing bleed once you try to raise existing costs.
Security & Trust
I already went over software security earlier in the post - this concerns more the people you choose to employ and work with. You don't have to be best friends with your employees (and indeed, it is often better if you are not), but you must be cautious in whom you decide to hire on. Ask yourself if you would be comfortable with the person house-sitting for you while you were away. If you wouldn't trust them in your home, why would you ever trust them with explicit access to your clients' personal information, payment details, and essentially root access to their services with you?
Even if you do trust them implicitly - are they the right person for the job? Do you trust them because they are professional and have a solid reputation and work ethic? Or do you trust them because they sell you weed and you need a ticket monkey? It's not just your company at stake - it's your reputation, and more importantly, your clients' trust. If you want to hire on a student because they have the enthusiasm, and perhaps even the technical know-how to get the job done - great. I mean hey, everyone has to start somewhere, and helping someone gain the experience they need to make a foothold in their chosen career path is a noble thing. But make no illusions about who they are - and under no circumstances have the audacity to tell your clients that your employee is an 'expert/professional'.
Trust is a *major* deciding factor in this market; especially given the numerous compromises, scandals, providers allowing NSA data taps in exchange for amnesty, and so on. Earn your client's trust, and you'll likely have a client for life. Break that trust, and you might as well resign yourself to endless clean up from skid usage, who will be the only group still willing to use your services.
Wrap Up
At the end of the day, the decisions you make are what shape the quality of your service, and the reputation of your company. There is no easy short cut to establishing and maintaining a successful VPS operation - you have to be willing to put in the time, effort, and dedication to stay afloat. And what works for one company might not work for you - but what's important is that you know your limits, both in performance and in your pocketbook, and not get into something over your head. Need help or advice? Ask around. There are plenty of folks that are more than happy to give advice.
Just don't be that guy that keeps asking if you'll solve their problems for them. Nobody likes that guy.
Last edited by a moderator:
Good one.
