You’re thinking about acquiring a new software capability for your organization. Have you considered where the software is going to live? In an in-house computer? Piggy-backing on your website server? On a separate server? In the Cloud? There are advantages and disadvantages to each of these.
Let’s look at each in turn.
At a gut level, some people feel more secure in having software installed on a machine they own. Maybe this comes down to feeling it’s someplace real, as opposed to the nebulosity of cyberspace. As an advantage, this is really pretty negligible.
The real advantage to in-house hosting can be data security. If the computers where the software lives are not connected to the internet, there is no way those nasty hackers can steal the data that’s on them. Okay, that’s important. But there are a couple of problems here.
First, even if the software license permits installation on multiple machines, chances are you will want the data unified, stored in one and the same database. There are ways of doing this, but they involve buying and installing additional software to handle the database connections.
Secondly, do you really want these machines to be isolated from the internet? You could duplicate networks and computers at certain workstations, so that users there have access both to a secure network and another on the web. This is what many government offices do. The data is secure, but there are costs in money and complexity. An alternative is to use a firewall to protect parts of your local network from unauthorized access from outside the local network. You probably want and already have a firewall in any case.
But a firewalled local network is not going to permit working from home or smartphones, and the COVID lockdown has made the ability to do so all the more important. Data security for web applications is pretty good today, arguably competitive with that of fire-walled local networks. So you might want to consider the trade-offs between marginal gains in security versus accessibility.
In-house hosting is a distinctly bad idea if you want the software to be accessible on the internet. A learning management system is one example where you might want this. It is possible to set up a web server in your office, but why would you want to go to the expense and trouble involved? Some kind of web hosting is, in this case, a no-brainer.
A general disadvantage of in-house software hosting is that you are responsible for software maintenance. Either someone in your office will have to take care of installing, configuring, backing up and updating the software, or you will have to invite an outside contractor to come into your office and log on to your computers. Do you have someone with the necessary skills? Would you want to give an outsider this kind of access?
Using Your Website’s Server
Turning now to web-based software, let’s begin by clarifying terminology and the basics of the web apps.
A server is a simply a computer or software in a computer that handles functions for other ‘client’ computers. A web server is a such a server configured to make websites or other software content accessible on the internet.
When a user opens on a web page, ‘static’ browser-side code is downloaded to and displayed in his or her browser. If the page does no more than display information, that’s about all there is to it. If you want users to be able to send you data they enter, on the other hand, the data must be stored in the server, ordinarily in a database, where you will be able to see it. Server-side code is required to store, retrieve and manipulate the data. A web application software is simply an elaborate version of an interactive website.
Chances are you already have an informational website. Unless your website has a really high traffic load, it makes sense to have it hosted on a ‘shared’ web server, which is to say a server that handles accounts for multiple clients in one machine. This is the least expensive form of web hosting and in most cases will meet your needs, unless these include a need to burn money.
Shared web hosting usually includes, at no added cost, support for server-side software in the PHP programming language and a database. If you need software that must be accessible on line (a learning management system, again, is an example) or if data security is not a big issue, a PHP application running on your website’s shared hosting account can be a very good option. It will give you what you need at minimal added cost.
This option has additional advantages in software maintenance. The server itself is managed by the hosting provider. Most providers offer automated back-ups, security enhancements, email services and other add-ons. Then too, if you want to hire a contractor to configure the software on the server and maintain it, you just need to grant access to the server, not to your office or your computers.
But there are also downsides.
Limited data security is perhaps the biggest. You will not have back-end access to a shared server and so will not be able to install the additional software you need to secure web app data. Sensitive data has to be protected both as ‘data at rest’ in your database and ‘data in transit,’ moving from browsers to your application and back again.
Data at rest can be protected by using an encrypted database, but this is usually not available in shared website hosting.
Data in transit must be protected by encryption that goes beyond the SSL layer, and this means a virtual private network (VPN). The VPN you need is NOT one of those you see advertised as offering you browsing privacy. Instead, you need a point-to-point VPN that encrypts data flowing both from browser to the server and back again. This requires VPN clients installed at both ends, and you are not going to be able to install a client on a shared server.
Another disadvantage of putting a web application on a shared web hosting server is that permitted bandwidth and the limitations of PHP will limit the traffic load the web app can handle. If you have a relatively small operation, this probably won’t matter. If you envision becoming big, however, you should anticipate this becoming a problem at some point. Instead of changing horses midstream, it might be better to opt for software with greater capacity from the get-go — something written for example in Node.js or, better, Java. Inexpensive website hosting cannot accommodate these higher-capacity languages.
If data security and/or capacity is a concern, you should consider a more capable web server. While technically such a web server might also host your website, it usually makes sense to have an information website hosted on a different shared server.
A Separate Server for You Web App
You’re getting serious when you have, say, a Java-capable web server, an encrypted database and point-to-point VPN. With this set-up, your software applications will be accessible on the internet to anyone you grant access to, and your data will arguably be as secure as it would be with a fire-walled local network. What’s more, the software will be able to handle vastly increased volumes of use. In short, you will have it all.
What need to get there is what is called a ‘virtual private server’ (VPS) or a dedicated server. A VPS lives in the same machine with several other accounts, like a shared account, but offers full control over the share which is yours. With a dedicated server, you have the whole machine to yourself. With either one, you can install whatever extra software you need. You can start out with a VPS and, if volume of use grows, seamlessly transition to a dedicated server.
You can use any one of many programming languages: Java, C++, Node.js, Python, Ruby and others. Even PHP on a VPS or dedicated server could give you much of what you need in data security. Some languages are better than others at handling high traffic volumes — Java, C++ and, in a different way, Node.js. Java is widely judged to be best in terms of both security and capacity and has a wide variety of ‘libraries’ that expand functionality. For these reasons, it is the most widely used language in web apps.
Inevitably, there are drawbacks to a separate web app server. These have to do with costs and maintenance:
- Hosting cost: A VPS is an order of magnitude more expensive than a shared website server, and a dedicated server is several times more costly yet.
- Cost of the software: Java is more difficult to program in than interpreted languages like PHP or Ruby, and developing software in Java tends to be more expensive for this reason.
- Maintenance: Far more extensive technical skills will be required to maintain the software, including familiarity with the language in which your web app was written. You are not likely to have these skills in-house and will therefore have to hire a contractor to manage the server and software for you. This will add again to the costs.
A VPS or dedicated server managed for you by a contractor is not very different from what you get with Software as a Service in cloud computing, which we turn to next.
Wikipedia defines cloud computing as ‘availability of computer system resources, . . without direct active management by the user.’ This means that you pay for 1) access to software, the hosting of which is managed by a provider (Software as a Service (SaaS)) or 2) access to computer resources managed by the provider (Infrastructure as a Service (IaaS) or Platform as a Service (PaaS)). IaaS and PaaS offer large organizations alternatives to maintaining their own data centres and are not relevant here.
As I suggested above, SaaS is not very different from a VPS or dedicated server managed by a contractor. There are several advantages: First, the SaaS provider owns the software you are getting access to, is familiar with the code, and is in a better position to maintain it. Secondly, you will paying just the provider, not both for hosting and for a contractor, and the cost may be lower. Thirdly, as the volume of use increases, usually capacity will increase to keep pace with it, seamlessly, in a manner invisible to you — except that you may be expected to pay more for the greater capacity.
The big disadvantage to SaaS is that, if the provider goes out of business, you risk losing access to the application and associated data. You should be careful to write protections against these losses into a contract for SaaS.
Adjutans Can Help
If you are looking for new software capabilities, we at Adjutans Technologies offer consultancy services that can, among other things, help you decide where the software should live. We also offer hosting management, development of both PHP and Java applications, and an SaaS learning management system.