24-7 SLA - visual

Keep your e-commerce and lead-gen running: an SLA to save the day

Nick Veenhof

If you depend on your website as a revenue-stream, consider upping your game and investing in a 24/7 SLA agreement for your full stack, instead of the usual 9/5 SLA. The small monthly extra fee far outweighs the risk of losing revenue. Need proof? Read on to find out more about what happened to one of our clients!

Visual - incoming rockets attacking a web page
If your website is a key component of your business model, beware of attacks! (visual: Sagor Kumar sr, via Wikimedia)

Imagine you’ve just invested a lot of money in a website, so that you can jump on the digital transformation bandwagon. After a successful period of using your website as a lead-generation tool, you decide to turn it up a notch and add e-commerce capabilities to your site. (More technical tidbits here, together with some insights for SMEs in Dutch) As we have demonstrated before, Drupal is a perfect cornerstone technology that will guide you through such transformation.

In this example, it is clear that our customer started small but is slowly growing and starting to depend more and more on his online presence. This customer's business model is now not just open during office hours, but 24/7. If his website goes down, so will his sales.

To illustrate this, bear with me for a quick back-of-the-envelope calculation.
Imagine that you are selling 5 items an hour, at 30 euros per order. Five times thirty makes 150 euro per hour. If your website goes down for 4 hours, it could potentially cost you 600 euro. This is a very conservative estimate for a small webshop. As soon as you start talking larger turnover numbers, the potential loss rises dramatically.

When this happens, you should know in full detail what to expect from your hosting provider, as it could easily costs you thousands in revenue if your site goes down and you don’t have anyone to rely on and reach out to.

Even the smallest of side-project webshops could easily lose 600 euros to a 4-hour downtime


Why bother with an SLA?

The agreement of knowing who is responsible for what and within which timeframe is called an SLA (Service Level Agreement). To illustrate the importance of a good SLA and a solid relationship between you as a customer and your SLA provider, let me tell you about an actual situation that happened to our infra team at Dropsolid only the other day.


The case

Last Friday, we received an alert that the CPU load on one of our shared hosting environments had spiked to a critical load (up from the usual 4 to over 75). After a quick investigation by my colleague Bruno, it became apparent that Apache was spawning an unproportional amount of processes, which was eating up all of our resources. This had an impact on the performance of all of the websites hosted on this server and even caused our Solr to crash (due to resource starvation).

Looking into our access logs, one site stood out. It was being hit with hundreds of requests and our database queue had trouble keeping up with all of the queries. Our Varnish caching service didn’t help in preventing load, since every call went to the back-end. This was due to the webshop’s shopping basket cookies.

The attack looked for all intents and purposes like a denial of service attack. But the traffic was coming from too many different IPs to try to blacklist them all, so this turned out to be a DDoS attack.

In order to prevent further failure, as this was a shared server, we needed to reduce the load on the server - otherwise it would have brought the entire server down, together with all the websites that were running on it. After some quick research, we found an easy and quick solution that would limit both the connections and the bandwidth used for only one vhost.

Bruno enabled an Apache module called mod_bw and added the following configuration to the offending website’s vhost:

<Virtualhost *:80>
    <Directory "/path/to/htdocs">
		BandWidthModule On
		ForceBandWidthModule On
		BandWidth all 5000
    		MaxConnection all 50

How does this work behind the scenes? Well, the mod_bw Apache module works as an output filter in the Apache filter chain, which provides the capability to limit bandwidth used by the vhost or limit the maximum number of connections to it. In this example, it limited the bandwidth to 5000KB and a maximum of 50 connections.

When a user starts to download something, the data gets funneled through the module. It will ‘split’ the data into smaller pieces and then start sending each piece with a small delay (of less than one second), reducing the download speed of the user.


Timely intervention: the clock is always ticking

The solution mentioned above - all credit for this goes to my colleague Bruno for the quick intervention and analysis of the sequence of events, by the way - allowed us to handle the DDOS attack on the site without causing downtime for the other sites that were located on that same server. Because the customer didn’t have an SLA at the time, the limitation was being held in place until after the weekend. The attack lasted quite a while and the site was impacted throughout the weekend due to this limitation. The potential income loss was rather large, though fortunately our customer was not impacted too heavily in this case. With a 24/7 SLA, the customer would have been able to rely on people resources to further tweak the limitations manually and separate the attack from actual traffic, so that the site could have been up and running in full force again that same evening.


24/7 SLA: a no-brainer for revenue and lead-generating sites

I hope this demonstrates that a 24/7 SLA can help you mitigate as many factors as possible so that your lead-generating machine (aka your website) or your digital revenue stream (same) are working day and night. Make sure you weigh all the pros and cons before making such a decision - yet be aware that when something breaks, humans are still needed to dig in and solve problems that cannot always be predicted. The technical stack that keeps your website up and running is complex and however unfortunate it might sound, the human beings behind it also need sleep and a decent paycheck.

At Dropsolid, we aim to automate as much as possible, including our services. If an emergency is triggered, we are ready to assist you. Dropsolid offers different kind of SLAs on top of hosting your digital experiences, so we can help you grow alongside your business needs. Just get in touch and let's have a chat about how we can help you to make your deployment run more smoothly - be it on our own hosting or with your own hosting provider. The proof of the pudding is in the eating!

Tell me more      More blogs

Recommended articles
Calculate your Drupal 7 migration cost
Help! What happens with my Facebook Pixel after the Apple (iOS 14) update?
Headless or decoupled: must-have or hype?
3 reasons to invest in your digital customer experience
Google introduces 3 new SEO factors in 2021 (Core Web Vitals)