“Hello Mr. Mechanic! That car over there is mine. It started making a knocking noise a couple of days ago, usually happens when I brake. Can I book it in? Here’s the keys.”

What you’d be unlikely to do is walk into the garage and just say:
“Car’s broke. Fix it”

Obviously the mechanic would need to know where your car was for starters and you’d probably want give them a clue as to what was broken so they knew where to look instead of spending hours (for which you’re paying!) randomly testing different components.

Pretty much common sense, really!

That said, you’d be surprised how often our Support team receive emails from customers which really give us very little to go on. While we’ll do our best, if you want your problem to be diagnosed and resolved as quickly and efficiently as possible you do need to try and meet us half way – we’re often very dependent on the information you provide to us. If you omit that information, chances are your next response from us will be various questions to try to narrow down the options, instead of a resolution to your issue.

There are two reasons we need customers to be open with us:
Firstly, if we have the full details of your issue, chances are we’ll know the resolution (or know exactly where to look) and be able to provide a first point resolution. And secondly, if we have the full details, we won’t have to resort to guessing, which at best significantly delays your reply as we try to find out what could be wrong and at worst means we could perform an unwanted action.

So, here’s my guide to exactly what information we need from you in order to assist you as effectively as possible:

1) Raise a Support Ticket instead of sending a general email.
This confirms your identity as it comes from your Control Panel, so there’s no need for us to get back to you with security checks.

2) Be specific about the service to which you’re referring.
Include the relevant domain name or VPS IP address etc. Simple, but if you have multiple services then we need to know what one you’re talking about!

3) Tell us exactly what the problem is.
Provide full details of what isn’t working for you. Is something timing out? Are you getting a login issue etc?

4) Tell us whether it’s permanent or intermittent.
This is an important one. If your problem is intermittent, we’ll need to do multiple tests to get a range of results.

5) Send us any Error Messages.
The single most used feature in diagnosing an issue. Even if you think the error is in a foreign language, there’s a good chance it will mean something to us so just copy and paste it and we’ll see.

6) Let us know if you’ve made any changes recently.
It may be coincidence, but it’s probably best to let us make that call. Had you done anything different around the time your problem started? Over 90% of support tickets we get regarding a VPS suddenly blocking access to a user have resulted in comments along the lines of “I can’t think what would have caused it. I mean, I was only adding some extra firewall rules in and closing ports”.

So there you go, six simple steps that will only take you a couple of minutes, but the end result is getting a resolution back to you and saving yourself a considerable amount of time in the long run.

When do you perform your maintenance?

We perform this overnight on the last Wednesday of each month. We have a set period as this means we can always make sure we have the correct staffing present to make sure any maintenance goes as smoothly as possible.

Any different tasks that crop up requiring non-urgent maintenance will be added to this monthly schedule.

What sort of tasks do you perform?

Generally, it’s housekeeping. We need to make sure our platforms are always up-to-date with any new patches and releases and optimised to run as efficiently as possible.

Keeping on top of all this means we can schedule in some planned maintenance (often with no noticeable effects to customers) and ensure we do not ever risk a situation occurring where unmaintained servers start suffering from performance issues, or a worse case scenario of unscheduled downtime.

Will the maintenance always involve downtime?

No, the majority of the maintenance will not be noticeable to the majority of customers.

Our shared hosting is all load balanced and run in large clusters, so our sys-admins can work on one particular cluster whilst the others carry on serving as normal. The days of single-points of failures are generally in the past for most shared platforms.

Some work to specific VPS hosts or certain network aspects may involve unavailability, however we always keep this to a minimum.

There has been maintenance on dates other than the last Wednesday of each month. Why’s that?

Basically, we need to make a judgement call when a new issue develops.

If something is fairly minor and will not have any negative effects, it’s fine waiting until the monthly window to fit into the normal schedule.

If something poses a risk, however, we have to decide if we need an interim maintenance window rather than waiting until our next scheduled maintenance window.

The classic example here is new security vulnerabilities in operating systems. When these are announced then they really need addressing straight away or we would be putting customers at risk. It would be irresponsible of us to drag our heels with something like this if the maintenance window was not until a couple of weeks away, as that’s a couple of weeks we would be leaving our customers vulnerable.

I hear other providers don’t have as many maintenance windows as Daily. Why is that?

We can’t speak for other companies specifically (firstly because I don’t know their internal policies and secondly because I don’t want to get into trouble!), but the example I often give to customers who ask is this:

- How often does your home PC have a new Windows Update?

Forget about service packs, let’s just say security updates for windows, networking, IE, bug fixes etc. There’s probably a few a month at a guess. It’s just the same on servers in this respect (if not more so).

Now if there’s a new security update for, let’s say IIS 7 on Windows VPS, then that’s going to be the same for IIS7 at Daily.co.uk or any other company running that system.

If you think that it’s bad that Daily are scheduling in maintenance to address a known security vulnerability and it’s good that another company are leaving a known vulnerability active on their systems, then just play that through in your head for a few minutes and think of the implications. Is it really that good that for the sake of avoiding a planned maintenance window at times designed to minimise disruption, your site and data is at risk from exploit?

Let’s put it another way: If the brake warning light on your car dashboard comes on, do you get your brakes checked or do you just take the bulb out of the warning light? One scenario means you have to get your car into a garage and then carry on as normal; the other scenario means you’ll probably carry on fine with the “out of sight, out of mind” attitude until you find yourself whizzing across a roundabout with no brakes looking like you’re in the Batmobile.

The fact that you’re not being told about a problem does not mean there is not a problem. Any sys-admin who sticks his or her head in the sand and hopes a problem goes away is turning their network into a hacker’s paradise!

So do not all providers keep their servers and systems updated?

Again, we couldn’t comment on specifics, but if in doubt – ask them.

Most companies should be able to list any of their recent updates and the reasons for them and you can then see for yourself what sort of durations you are looking at.

If you have a VPS, then also check to see if they do even perform updates themselves. Hopefully they do on the hosts and hardware, but you may be required to manage any updates yourself within your VPS.

So does Daily perform maintenance too frequent, too slow or just right?

It’s not an exact science, but to summarise:

- We schedule a monthly maintenance window in which any non-urgent tasks can wait to be carried out at once.

- If anything urgent comes up in the meantime, we’ll perform high priority maintenance if there is a valid security risk or if performance could be decreased significantly by leaving it until the monthly window

- We also make sure that as much maintenance as possible is seamless. Downtime is always a last resort

When it comes to risk taking, everyone has different ideas of what’s acceptable but we always act as is befitting of a responsible host.

If anyone finds any maintenance an inconvenience, we do apologise – that’s not our intention. However we’d like to think you can sleep sounder at night knowing any outages are always as short as possible in periods you know about in advance, rather than trying to access your services in the middle of the day and finding them off-line!

Picture a row of houses on a street (perhaps a cul-de-sac). All the houses were built by the same builders and have the same security features, like good locks and alarms. Occasionally an opportunistic burglar may sniff around but not get anywhere as they can see all the houses are locked and there are alarms ready to go off.

Then one day, a resident decides to go out to the shops but doesn’t switch their alarm on and leaves all their doors and windows wide open.

One of the opportunistic burglars sees what they consider an invitation so strolls in, grabs a DVD player, and scarpers.

What this does not mean is that:

1) The burglar now has access to every single house on the street just because he/she has managed to find one that is insecure.

2) The reason the burglar managed to get into the house is because the builders of all the houses left some gaping security flaw (like a back door with no lock).

It’s pretty clear exactly what has happened here. The burglar only took advantage of this one house because this was the only home owner who made some mistakes. It’s no good having all these security features as standard if the owner is not going to use them.

Now think about web hosting using the same logic.

Daily ensures all the servers are fully locked down, patched, firewalled and running up-to-date, stable software with various intrusion alarms. Making sure our customers’ data is secure is one of our utmost priorities

When we do hear of customers being hacked, 99.9% of the time this is where a customer has used some sort of PHP blog or Content Management System (for example, WordPress, Joomla, Gallery etc.) but has not kept it properly secured

The most common reason for having an insecure site is:

1) A really weak password (e.g. liverpool1)

2) Not updating the CMS software to the latest stable versions (remember, programs like this are constantly being updated by the vendors/providers every time a new vulnerability is found, so any customers who install it and then never maintain it could well be in for a nasty shock)

3) Installing add-ons that are not secure or again, not installing updates to them when released.

4) Setting the wrong permissions (666 or 777 to make them globally readable/writeable)

To a hacker or someone intent on damaging websites, an insecure site is just as inviting as an open door is to a burglar.

If or when someone does take advantage of an insure site, then just like the scenario above:

1) The hacker does not have access to other customer websites – only the insecure one he/she has found

2) The hacker does not have access to the root functions of our servers and platforms. They will only have access to some parts of the home directory of the insecure site they found.

We do understand that the first reaction of some customers when they see their website replaced with a “hacker’s calling card” is that all of Daily has been compromised, but we can’t emphasise enough that this is not the case.

Our message to all customers is: if you are installing third party programs, scripts, or CMS solutions etc. you must ensure you keep them secure!

- Don’t set incorrect permissions to overcome some error (don’t sacrifice security to overcome coding issues)

- Don’t set weak passwords

- Do sign up for any mailing lists and check the providers site to ensure you update to any newly released and stable versions or security patches ASAP

A strong password should ideally be:

1) At least 8 characters long

2) Contain both upper and lower case characters

3) Contain letters, numbers and other symbols (such as $, %, @, #)

4) Not from any dictionary word (i.e. it should be random)

Many people just don’t understand the importance of a strong password – but these days there are many tools (such as programs that sends multiple password requests to “guess” the correct one and gain them access) available to people intent on no good to allow them to gain access to websites and email accounts.

These programs are getting increasingly clever and have their own algorithms to try the most commonly used passwords. Not sure what I’m talking about? Google seach for “Brute forcing passwords” to see what I mean.

When we do raise a password issue with a customer, we often hear “I need something easy to remember” as a defence for weak passwords. It’s understandable, but the reality is that the primary purpose of a password is to provide security. Being easily memorable is secondary – and you can always use mnemonics to make it easier for you to remember a stronger password. It boils down to this: do you really want your pet’s name to be the only thing protecting your website or emails?

I really can’t emphasise enough: don’t skimp on security!

Windows Live mail is a free mail client that is often downloaded at the same time as Windows Live Messenger and other Microsoft services.  We find that many users prefer using this free client  to something like Outlook Express, so we’ve put together a tutorial to walk you through – you can find it how to set up your email using Windows Live Mail.

This tends to make our Support guys splutter their tea and and our system administrators look like they’ve been electrocuted, as something very, very major (in fact, several things) would have to have happened if a customer was having to alert us to a server problem. So, by way of reassurance:

All of our various servers and platforms are fully monitored 24/7/365  – we’re generally going to know within seconds if there is an issue on any of them. Picture a 80′s sci-fi film, as that’s what our office will resemble  if something does go wrong – screens start flashing red and white, about six system administrator mobile telephones will sound simultaneously with SMS alerts, we’ll get calls from our teams working remotely, and so on.

When calls suggesting there’s a problem with one of our services come in, the reality is often that there isn’t a fault with our servers, but rather a basic user issue so there’s no need to panic. Two recent examples:

- A call saying all our email servers were offline was actually because the user had forgotten his mailbox password, saw the “username or password is incorrect” error message and suspected our mail platform had gone offline.

- Another call was reporting a fault with our web servers as the user was seeing a default error when trying to access their website. This turned out to be because the user had no working internet connection.

So just for reference:

If there is ever a fault on any of our systems, we are alerted straight away and we will always update our Status Page (www.dailystatus.co.uk – this is maintained completely separately from every other system we operate) explaining what is happening, who it will affect and when the resolution or next update is expected.

We strongly recommend customers add our Status Page to their favourite places/bookmarks in their browser so that it’s easy to find if you ever need to check whether we’re dealing with a service issue. There is also a link in the top right corner of our www.daily.co.uk website.

This is a rare occurrence as we put a lot of work into making sure our service is always top notch, but I like to be very transparent when we do have a complaint as after all there must be some reason for it to reach us in the first place and it could give us ideas for where we can improve things.

In this case, a customer cited network issues as a problem but did not actually provide specific details, such as what was happening, when it was happening or to what domain names, to help us identify the problem. Our Support guys did track down the customer’s account (from the email address and customer name), but there was just the one service on the account and that did not really tie into the query.  So, they replied explaining what they had found and asking for clarification.

The actual complaint we then received was that the customer was unhappy that our teams were clarifying the issue with them and that we should have been able to work it out by seeing a domain name in the email address alone.

Our stance in situations like this

The instruction I give the Support Team when they receive a query lacking specific details is to find out what they can from the information we have. On more than one occasion we have needed to perform a bit of detective work  to find the exact thing to which a customer is referring. Provided that once we’ve done this we can be certain we have pin-pointed the exact service with which there’s an issue, we can take action to resolve the query.

However if there is any doubt, then we need to clarify the situation with the customer before taking action. One of my pet hates is answering a question with another question, but we simply cannot resort to guessing when it involves actions on a customer account. Should we guess incorrectly then at the best we will be spending time investigating the wrong issue and increasing our resolution time and at the worse we could be making unwanted changes to another service the customer has.

In summary:

1. When you raise a support query with us, please be as specific as you can about the service you’re referring to and the problem you’re having. At the very least we have to know the domain name to which you’re referring. More tips on helping us to resolve your query quickly.
2. If you leave something out, our teams will try to figure it out from any other details you supplied and deal with your query as normal. We will not automatically reply asking for details if we can get them from other sources.
3. If it really isn’t apparent what your query relates to or we have to get some more information from you, we will always clarify with you before taking action.

.

I’m sure that the majority of our customers are happy with our stance here and understand that if we reply asking for specific details it’s not just a way of “getting rid of a ticket”, but because we want to help you in the best possible way and we need that information to be able to do so.

I would also think it a safe assumption that if our teams really were “tossing coins” when uncertain about a task, then we’d probably be getting a lot more complaints!

This could be anything – a seagull swooping down and flying off with my wallet when I’m lying on the beach with a Cuba Libre, some master criminals breaking into my safe in the hotel room, or, more realistically, I get some luggage stolen or just misplace something important and find myself trying to deal with an awkward situation while abroad.

I have a routine now where I make the most of my Daily Drive by having a folder on it which contains:

1) Scans of the content of my wallet (cards, including driving licence)

2) Scans of my passport

3) Scans of my wallet itself

4) Scans of the holiday tickets and details

This way, I have the reassurance of knowing that if the worse case scenario did happen I would be in much less of a pickle as I can access a copy of all my important documents as soon as I’m near an Internet enabled machine.

It’s also a lot easier cancelling lost cards if you have a copy of them to hand, especially as the number to call if you lose a card is normally on the card itself!

Check out our DailyDrive offerings here: http://www.daily.co.uk/products/online-backup/index.html

An investment in a filing cabinet worked wonders briefly, until of course I needed to take a file out to check the documents. I’m not all that good at returning things from where I got them from.

This usually means that several piles of paper build up around my house, containing everything from my counterpart driving licence to the local takeaway menu. After they’ve accumulated a few mug rings they will eventually make it back up to the same room as the filing cabinet at least, where they form new piles.

Roll on a few months and I’ll go to get that vital document, see the missing section in the filing cabinet and then begin the systematic destruction of my house looking for the elusive document.

This is where my DailyDrive has saved my sanity.

Now, any important documents I get are scanned in straight away.

In the last couple of  months alone I have added:

- Some PDFs with the complete details of the car insurance

- A single .png for the insurance certificate and MOT certificate

- A .png of my counterpart driving licence and photocard driving licence, taken prior to posting them off to the DVLA for renewal

- a .pdf with all my holiday documents for the next trip away planned

This means the master copies can go into the filing cabinet and almost never need to come out again.

Everything else can appear at the tap of a few keys from any Internet enabled machine, all stored securely on the DailyDrive with a simple option to print out any duplicates I need.

More importantly, if it comes to searching for a document then I can let me computer do it for me instead of turning the house upside down!

If you don’t have one already, check out our DailyDrive offerings: http://www.daily.co.uk/products/online-backup/index.html

We have this limit in place because we need to make sure for the sake of all of our other customers that our email facilities are being used for just that, email. If you do have large files they need to get from A to B, email really isn’t the most efficient method to use. Instead, for transferring large files, it’s best to use programs which have been designed for the purpose – FTP (file transfer protocol) programs (we’ve used these in the past for sending artwork to magazines for our advertising, for example). There are plenty of free programs available which make it easy to connect to some designated webspace – we use Filezilla in this article about connecting to your web hosting via FTP.

If you’d still prefer to use email, you may want to check out our DailyDrive packages. These allow you to upload files to an online storage area and you can then email links to other people to enable them to access the files and download them at their leisure.