Sometimes we sysadmins get no respect. The boss wants everything to run perfectly all the time, but doesn't want to spend money.
Horror story #1: Makeshift or non-existent server rooms. My all-time favorite is the furnace room. Hot and filthy, now that's an ideal environment. Almost as bad as the furnace room is under a random desk, on a wobbly table, or on a random patch of floor, and anyone can mess with it.
Horror story #2: Bandwidth craziness. Some small shops can get away with flaky dialup-on-demand. This works fine for a low-volume mail server, or middle-of-the-night batch jobs. But not much else.
Horror Story #3: Theft. Some bad person breaks into your establishment and carts away your computers. There go all of your business records, and worse, customer data. But that's just the beginning of your troubles- customers have been known to sue when this occurs. Lawsuits get expensive fast.
Wherever you work, take a good look at the physical security. Are there windows? Drywall? Dropped ceilings? All three are ridiculously easy points of entry. How many people have keys to the main doors, and in what decade were the locks last changed? How much turnover is there on the cleaning and maintenance staff, and who the heck are they hiring, anyway?
A good commercial datacenter supplies physical security, lower bandwidth cost, 24x7 physical access, a clean, controlled environment. Hopefully you will never need to visit the facility in person, but if you do, it needs to be open at your convenience. Even if you have a good on-site server room, having separate, off-site storage and backup is smart. A free-lance consultant with a number of small customers can make good use of a rented facility. Businesses with a number of physical locations, or 'virtual' businesses with no physical offices, are prime candidates for using a commercial datacenter.
Fees and services vary wildly, there's no substitute for comparison shopping. The monthly cost will definitely be higher than stuffing that old Packard Bell into the furnace room. Most establishments bill month-to-month, and offer discounts for six months or a year, when paid in advance. Generally, you get what you pay for - more mission-critical = higher cost. Sometimes a cheap colo in a no-frills facility is all you need, sometimes nothing less than all bells and whistles will do. It depends on how valuable your data are, and what kind of uptime you require.
Hard Questions To Ask
There are a number of considerations for the wary sysadmin. After all, if the furnace room were a satisfactory solution, you wouldn't even be thinking about this.
Co-location is ideal for keeping maximum control. Own your servers, rent rack space. The monthly fee in a high-end facility pays for things like electricity, controlled climate, security, fire-suppression, 24x7 physical access, multiple fat backbones, bandwidth, and redundant power. The datacenter should also supply keyboard, mouse, and monitor. Everything else is your responsibility: keeping "leet haxors" out, upgrades, repairs, monitoring, managing services, and so forth.
Dedicated bandwidth is usually an option, at higher cost. Some other common options are locking cages, hardware/services/port monitoring, and onsite technicians. Which brings us to hard questions #1: What does the facility do to keep alien hands off your equipment? Are visitors monitored? Do they keep cardkeys up-to-date? How do they verify if visitors are legitimate?
Rack space is usually priced in U, or units, which are 1.75" tall. Some facilities will accept any box, towers, rack mounts, cubes, whatever. Some will take rackmount units only. Most will charge by how much space the box occupies, for example, $75 per U per month. Base pricing should include at least 128k bandwidth. Beware of bandwidth pricing gotchas: when they say 128k, they mean maximum throughput. It is common to impose a monthly transfer limit, and charge additional fees for going over that limit. In your contract, be sure to specify your acceptable minimum throughput.
Sometimes you can get a better deal leasing a server, rather than owning. It depends on what kind of deal the datacenter offers, and what your tax situation is. Yes Virginia, this has become a world where a person can do nothing without first consulting their attorney and tax advisor. If you lease, all maintenance and repairs should be the responsibility of the datacenter. Hard questions #2: what is their uptime guarantee? Do they keep spare parts on site? Do they include upgrades, and how much downtime will an upgrade or repair require? If they fail to meet their guarantee, how will you be compensated?
This is a lower-cost option, but shop carefully, for it is fraught with perils. You are sharing a box with goodness knows who. Many hard questions: Who has root? What services are permitted to run? Who controls them? How are your data protected from your box mates? Who is permitted hands-on access? What about a firewall? No one but datacenter staff should ever touch the physical box, and no users given shell accounts. This means some loss of control for you, and perhaps delays in making changes, as you will have to wait on the admin staff. However, if the price and service level are right, it is a nice option. Good establishments have nice Web-based interfaces for users to manage their accounts.
What does the facility look like? Is it clean and well-organized? Are the staff professional and helpful?
Always have a written contract that spells out exactly what services you are getting, how much they cost, and how you will be compensated for service failures, which is a large category: lost connectivity, hardware failure, theft, fire, intrusion, virus...There are business attorneys with expertise in high-tech, I recommend employing one. No pre-fab contract is cast in stone. All terms are negotiable, and having a sharp lawyer on your team is cheap insurance. It is better to prevent problems than to litigate.
Doing Business With A Friend
Even more important to get everything in writing, and use an attorney as an intermediary, that is how to remain friends.