The most important thing with Hetzner Servers is to monitor everything very closely:
- CPU Temperature
- Disks (SMART)
- Software- and Hardware raids
- Network (interface) errors
The servers are usually consumer-grade hardware components which have more often issues under heavy load so you have to expect down-times and broken components. However, if you are aware of that and you can easily shift around that with your software Hetzner will save you serious money (10 to 15 times cheaper than GCP and AWS). Also to mention is that their customer support is first class if you tell them all required details and exactly what to do. Usually they respond in minutes and do hardware replacements within an hour and small downtimes.
I believe if you don't go with the Server auction thing, then you get quite new hardware. So I guess you would not really have to expect a lot of downtime. But as always, downtimes can happen. Always plan accordingly.
As for temperature monitoring: how do you act on events? If the server runs heavy workloads for a while it will get hot, yes. Heck sometimes it goes above a threshold (say, 80 C) for a minute for seemingly no reason (maybe it is the period software update job?). But what do you do when you get a temperature notification? Shut the server down? For every such event? I am currently leaning towards not monitoring temperature at all because if the hardware breaks Hetzner will replace it anyway (I have backups).
You will have sole and unrestricted administration
rights to the dedicated hardware with root access.
Hetzner Online will not have access to the servers, and
will therefore not be able to provide server
I mean if I can't provision it, it's probably problematic to update it.
OTOH, if that's what you want (many enterprises think they do), this positioning and landing page puts Hetzner into consideration.
Someone like Vultr, Linode, or DO is positioned well to deliver an "AWS lite" offering. They all have decent hardware, lots of locations, and a good delivery history. A bit of work to put together ELB/EC2/Lambda/S3 equivalents and a control panel would open up a new market. Especially if they offered low egress pricing.
All they did here was pre-install openstack, but leave you to keep it updated. If you can't install it yourself, good luck upgrading it when a security release comes out.
I mentioned ELB/EC2/Lambda/S3 equivalents for 2 reasons. First, AWS is clearly the market share leader, so having a similar pattern might get more buyers. Second, it's a bit easier pattern for apps that aren't cloud aware. But, they could just offer hosted K8S with some add-on ingress controllers.
Check out OVH Labs they are in the process of deploying many more services https://www.runabove.com/index.xml
Which of these has S3 or ELB equivalents? I haven't seen that. I saw DO has failover ip addresses.
why not just hand your systems over to a smart 15 year old kid to run, and go take a nice beachside vacation in the meantime? probably would work out better.
For many the detail of the hardware does not matter Eg. "Once the packet hits the tin it's no longer my problem". Also talking about a £50k pile of servers as just "tin that needs to be racked" could be a backhanded way of signalling confidence in the task, where others might be intimidated by the cost of the equipment they are dealing with.
Bare Metal compared to GCP or AWS will save you about 75% of your operating costs.
Bare Metal compared to Heroku or Firebase will save you around 90% of your operating costs (a large part of this being caused by bandwidth, which is massively overpriced at Google and Amazon).
With those savings you can usually serve 5 to 10 times as many customers.
That might not be worth it if you’re in SV, and pay your devs the same wages Amazon or Google do (as then you’ll just pay more than with AWS or GCP), but if you’re in places where you pay half the wages Amazon or Google do4 , you can actually save a lot with this arrangement.
Fwiw I started on DO and migrated off to get better stability and block storage / proper load balancing. Which DO has since added.
The egress costs for AWS, GCE, and Azure are usually the big cost driver.
So saving on server cost literally did nothing. Our employee cost where 20x, 100x our hardware costs.
Not all startups aim for millions of free uses you will make money off of later.
(The show Silicon Valley actually showed that part quite well)
If we optimized and saved $100 per month on hardware at the cost of even 1 engineer hour, it would be a net loss.
I think a LOT of startups are very simple from the hardware level. You can go real far on just a few servers. And at that level, who care who manages them? Do what is easier.
I still agree with you, because no one should take setting up and running kube lightly – it’s actually a lot of work.
On the other hand, Google will run your Kube for free up to 5 nodes.
And there’s a few guides for setting it up automatically in vagrant, or on aws, or on Juju-managed clouds.
Sadly, Kube is very barebones – only doing scheduling, if you add a storage provider such as portworx (only block storage) or rook (block and object storage) you also gain that, but it doesn’t do any user auth functionality.
That’s something I’m atm still searching for, something allowing me to easily register and remove users, add them to groups and do RBAC, but without using ldap as backend, and with a way to get it working with OpenID Connect and OAuth 2.0, as well as with Shibboleth, Kerberos, and an LDAP compatibility layer (but with app-specific passwords there).
But why would you buy a VM with this configuration? 32gb of RAM for two boxes, with two i7s that have 4 3.40ghz cores? Lots of people have the impression that cloud is more expensive than owning your own iron, and it probably is, but the difference is made a lot larger if you don't consider TCO and you make no effort to actually adapt your needs to the cloud. Cloud's economics are based around horizontal scaling and provisioning on-demand. If you're hosting in the cloud, you don't get two big machines like this, you shard your app over a bunch of cheap machines and you spin up more/bigger instances to meet peak demand. If you're buying cloud hosting but you go into it with "have everything we need to meet peak load running 24/7," of course it's going to cost you an arm and a leg.
Frontendserver also: Only needs CPU and RAM.
- Hardware they offer is more prone to fail because of using home grade hardware for long time (especially HDD).
- It's almost impossible to convince them HDD is failing even with showing SMART logs. Hardware needs to fail so they will replace it.
- Hardware replacement times are quite fast (thanks to SLA). They replace it with another used HDD, if you want something newer, than they ask some money for replacing with less used HDD.
- They scan their network regularly for hosted malware, trojan etc. so if one of your sites get hijacked and has iframe viruses etc. Hetzner will null route your server.
- If your IP gets DDOS, null route.
- If you get DMCA warning, null route without waiting 24 hours.
- If your NAT leaks your internal traffic to WLAN, null route.
- It takes almost few day to lift null route ban on your server when you get in contact with support. It's okay for support tickets to wait in queue for long time because of service level but I believe null route tickets needs priority no matter what.
We decided to move over to another provider after having problems.
Hetzner also owns few other brands like Serverloft.
"serverloft ist ein Produkt der Host Europe GmbH."
doesnt say so on the english website thou
another german hosting provider also required you to at least respond to dmca + three strikes
* AMD Ryzen 5 1600X
* AMD Ryzen 7 1700X
Here is the email that I received in 2013:
At the end of last week, Hetzner technicians discovered a "backdoor" in one
of our internal monitoring systems (Nagios).
An investigation was launched immediately and showed that the administration
interface for dedicated root servers (Robot) had also been affected. Current
findings would suggest that fragments of our client database had been copied
As a result, we currently have to consider the client data stored in our Robot
To our knowledge, the malicious program that we have discovered is as yet
unknown and has never appeared before.
The malicious code used in the "backdoor" exclusively infects the RAM. First
analysis suggests that the malicious code directly infiltrates running Apache
and sshd processes. Here, the infection neither modifies the binaries of the
service which has been compromised, nor does it restart the service which has
The standard techniques used for analysis such as the examination of checksum
or tools such as "rkhunter" are therefore not able to track down the malicious
We have commissioned an external security company with a detailed analysis of
the incident to support our in-house administrators. At this stage, analysis
of the incident has not yet been completed.
The access passwords for your Robot client account are stored in our database
as Hash (SHA256) with salt. As a precaution, we recommend that you change your
client passwords in the Robot.
With credit cards, only the last three digits of the card number, the card type
and the expiry date are saved in our systems. All other card data is saved
solely by our payment service provider and referenced via a pseudo card number.
Therefore, as far as we are aware, credit card data has not been compromised.
Hetzner technicians are permanently working on localising and preventing possible
security vulnerabilities as well as ensuring that our systems and infrastructure
are kept as safe as possible. Data security is a very high priority for us. To
expedite clarification further, we have reported this incident to the data
security authority concerned.
Furthermore, we are in contact with the Federal Criminal Police Office (BKA) in
regard to this incident.
Naturally, we shall inform you of new developments immediately.
We very much regret this incident and thank you for your understanding and
trust in us.
A special FAQs page has been set up at
http://wiki.hetzner.de/index.php/Security_Issue/en to assist you with further
Hetzners website looks like an old shitty PHP hack because it very much is one.