This documentation is archived and is not being maintained.

Managing Your E-Commerce Business

Office 2003

This article is an excerpt from Managing Your E-Commerce Business, Second Edition from Microsoft Press (ISBN 0-7356-1275-7, copyright Microsoft Press 2003; all rights reserved). The author, Brenda Kienan, has written feature articles for CNET and Web Review and has been a speaker at the Stanford Conference on E-Commerce. She teaches in San Jose State University's E-Commerce Management program, in San Francisco State's Web Design Intensive, and in UC Berkeley Extension's Webmastering certificate program.

Brenda Kienan provides consulting services to e-commerce and online publishing clients. Her credits include E*Trade,,, and the Magellan Internet Directory (later acquired by Excite). She has acted as a strategic consultant for a joint project of AskJeeves and IDG Books, for a wireless content provider, and for a large education company.

The author of Small Business Solutions for E-Commerce, Brenda Kienan has also co-authored (with Daniel A. Tauber) numerous books on computer and Internet topics, including Mastering FrontPage, Webmastering for Dummies (going into its second edition) Surfing the Internet with Netscape Navigator (more than 125,000 in print), and SimCity 2000 Strategies and Secrets (cited by Ingram as a longstanding bestseller).

No part of these chapters may be reproduced, stored in a retrieval system or transmitted in any form or by any meanselectronic, electrostatic, mechanical, photocopying, recording or otherwisewithout the prior written permission of the publisher, except in the case of brief quotations embodied in critical articles or reviews.

Chapter 10: Understanding the Back End and Hosting


What Is a Server?
Choosing a Platform
Choosing a Server
Considering Your Hosting Options
Choosing a Hosting Company
The Power of Databases
The Basics of Transaction Systems
Building Your Transaction System vs. Buying It
Keeping Your Site Running Night and Day

You don't have to be a general contractor to own a house, and you don't have to be an automotive engineer to own and operate a car. Likewise, you don't have to be a programmer or a database developer to have an e-commerce website. Even so, you should know enough about the back end of a website to discuss the maintenance of your website intelligently and make smart business decisions. Just as being knowledgeable about construction enables you to buy a house with a sound structure and knowing the basics of mechanics enables you to see that your car is running smoothly, being at least conversant in back-end technologies helps you ensure that your e-commerce website remains in good working condition. You'll be far better qualified to make solid business choices about your site and troubleshoot some issues yourself if you understand the general technological underpinnings.

Note   This chapter is meant to help you make effective management decisions about the behind-the-scenes technology that drives your e-commerce website. It will make you more conversant with the technical issues, but it's not meant to make you into a developer.

Chapter 1 described the components that make up the back end of a website. To refresh your memory: The behind-the-scenes technical stuff that makes it possible for your e-commerce website to work includes the following components:

  • The web server that delivers the web pages
  • The database server that stores and delivers product information
  • The mail server that sends out newsletters, as well as any other specialized servers that handle specific applications (streaming media, chat, and so on)
  • The transaction systems—scripts (special, simple software programming), encryption systems, shopping cart software, and more—that enable your site to accept credit card payments

Let's start our exploration of the back end by looking at what a server is.

Note   If you create and run your e-commerce site using a packaged solution such as Microsoft bCentral Business Web, you don't have to deal with the issues of choosing and maintaining the platform, servers, and transaction systems; the packaged solution will have made those choices for you, and maintenance will be part of the package deal. However, if you're trying to decide whether to host the site yourself, host it elsewhere, or go with a more sophisticated packaged solution, you'll want to know what the issues are. Read on.

What Is a Server?

A server is essentially a computer that "serves" by providing files or data in response to requests from client computers (individual desktop computers). The tricky part, though, is that several servers can exist on one computer because what makes the computer a server is the server software that runs on it. On a single computer, you can have a web server that serves your web pages, a database server that enables any databases (containing, for example, product information, content, or a dealer or outlet locator), and a mail server that handles your e-mail newsletters or discussion group. Alternatively, you can have just one type of server on one computer and another on another computer. For the purposes of this chapter, server will mean a computer that has server software running on it. When server software is discussed, it will be referred to as a specific type of server software.

Note   The decision about whether to run a database server and a web server on the same computer is often based on performance. Requiring a server to do double duty can make it run more slowly, and a user accessing the site might experience a slower response from the site.

A server has to be hosted somewhere. Hosting refers both to the storing of software and data on a server and to the operation and maintenance of a server in a given location. Your server (or servers, if you need more than one) can be hosted onsite (on your premises) or offsite (at an ISP or a dedicated hosting company that accepts responsibility for maintaining your server on its premises). ISPs and hosting companies often run shared servers, or servers that host many customers at once.

Tip   ISPs often offer economical website hosting among other services. This option can be appropriate if your site is only a small part of your overall business. But if you're operating a site that is mission-critical, you'll want to invest in the services of a dedicated website-hosting company. Such companies might charge more, but they often offer greater attentiveness to the proper functioning of your server, along with 24-hour support and service in case something goes wrong. (See the upcoming sections titled "Reliability Issues" and "Support Issues.") In this chapter, when we refer to a "hosting company," we mean either a dedicated hosting company or an ISP providing website-hosting services.

To some degree, the questions you address in deciding what server, platform, and hosting options to go with are chicken-or-egg questions. For example, whether you host your server onsite or offsite can have bearing on which server solution you choose, and that will influence which platform you use. If you have already chosen the platform, your choices in server software will be more narrow.

Note   The difference between a server and a website is that a server is a computer with server software running on it; the website also runs on the server and is the sum of the website's content and its supporting back-end systems.

Choosing a Platform

The platform your website runs on is simply the operating system used on the computer that serves your website. You cannot use a desktop operating system (such as Microsoft Windows Me or Windows 98) as the platform for your web server. While desktop operating systems are fine for your desktop computer or laptop, they're not designed for serving a website 24/7 (24 hours a day, seven days a week). A web server must be very robust to perform the varied tasks required for serving a website (especially when the website includes a database, mail server, or transaction system). The server also has to have powerful security features. So among Microsoft products, your best bet is an operating system such as one of the versions of Microsoft Windows 2000 created for hosting servers (Windows 2000 Server or Windows 2000 Advanced Server) or Microsoft Windows NT Server.

When choosing among all the possible platforms for your website, take into account the following factors:

  • Any expertise you, your technical staff, your developer, or your web shop might already have. Tapping existing knowledge can save the time, trouble, and expense of retraining people on a new operating system.
  • The platform your preferred tools (such as HTML editors and scripting tools) work with, the servers they support, and the platform those servers run on. The tools you use might also come down to the expertise your team already has. For example, websites created using Microsoft FrontPage work best when hosted on Windows 2000 or Windows NT because FrontPage takes advantage of certain features offered by those platforms.
  • Your budget, obviously enough. Some operating systems cost more than others. However, don't forget to take into account the expense of training people and the cost of hardware, as well as the cost of down time if your platform isn't completely reliable.
Note   You definitely don't want to pay for your developer or web shop to tackle the learning curve associated with new software. If your preferred developer or shop is proficient in a certain platform, go with that. If your preferred platform is unfamiliar to a developer or shop and you feel strongly about your preferred platform, interview other candidates.

Choosing a Server

You can acquire a server through an outright purchase, a lease from the manufacturer, or a rental from an ISP or hosting company. If you host your site on a hosting company's server, you don't have to acquire a physical server at all; you share the hosting company's server with its other customers. The advantage of this approach is that you don't have to invest in your own server; the disadvantage (as developers will tell you) is that you might encounter limitations in your platform and server options as well as in what software you can run on the server. As you compare server options, pay special attention to performance, reliability, and support, as described in the upcoming sections.

Performance Issues

The level of performance a server offers is basically defined by the number of simultaneous users the server can handle. A more robust server machine with web server software on it can support more website users at any given time than a less capable server can. Performance is affected by many factors, the most important of which are the type and number of processors the server has, how much memory the computer has, and what type of hard disk it uses.

How processors affect performance

Your desktop computer most likely has a single processor, called the central processing unit (CPU). Servers, more often than desktop computers, have several processors. It's actually quite common for a server running web server software to have two or even four processors. Server performance is not a simple matter of a computer with two processors being twice as powerful as a computer with a single processor; however, the more processors a computer has, the more powerful it is.

The speed of the processors also affects performance. Speed is usually measured in megahertz (MHz), and the higher the number, the faster the processor. For example, a 650 MHz processor is faster than a 400 MHz processor. Higher speeds are measured in gigahertz (GHz); a 1 GHz processor is faster than a 650 MHz processor. The type of processor, in turn, affects the speed. More recent models generally provide greater speed and better overall performance. Pentium III processors are faster than Pentium II processors, for example.

How memory affects performance

A server must be capable of managing many tasks at once. These tasks can include responding to requests for web pages, querying a database for information, or running the transaction software required to process credit card transactions. Each task the server performs requires memory (random access memory, or RAM), and the more memory your server has, the more tasks it can perform simultaneously. It's common for servers to have at least 128 megabytes (MB) of RAM, but more RAM is preferable. As of this writing, 512 MB or even 1 GB (gigabyte, which equals 1024 MB) of RAM is common in robust servers.

How the hard disk affects performance

The server's hard disk influences its performance in a number of ways. The size of the hard disk determines how much can be stored on it, but it does not directly affect performance. Given that a website is made up of software, code, art, other graphics files, and scripts—all of which need storage space—the size of the hard disk dictates how large and complex the site can be. These days, the smallest hard disks are usually between 4 and 8 gigabytes (GB). To determine how much hard disk storage you'll need to host your website, add up these components:

  • Space required by the operating system (from 100 MB to a few GBs or more, depending on the platform you use)
  • Space needed for your website files (web pages, images, video, sound files, and so on)
  • Space needed for files required by the operating system, such as log files (at least 10 percent of the total disk space)
  • Space required for the web server and any other servers on the same machine, such as your database server or mail server
  • A "cushion" of extra space that the operating system can use for its own purposes (estimate another 10 percent of the total disk space)
Tip   You can't estimate the 10 percent you need for the log files and the 10 percent you need for a cushion until you know how much total space you'll need, but there's a problem: That 20 percent will be part of the total space you need. What to do? Simply assume that you'll need 10 to 30 times the amount of hard disk space the operating system requires and then work up or down from there. Following along in the example, if the operating system needs 1 GB, assume that you need 30 GB plus 20 percent.

Although, as mentioned, disk size doesn't have a direct effect on performance, the type of hard disk does. Many desktop computers use Integrated Device Electronics (IDE) hard disks, which are optimized for accessing a single file at a time. On your server, a Small Computer System Interface (SCSI) hard disk will be more up to the task. SCSI (pronounced "scuzzy") hard disks are much faster than IDE hard disks and are optimized for accessing many files at once. This is crucial for multiprocessing and will make or break your website when it gets the traffic you hope it will attract.

Note   Server performance is also affected by the type of content your website delivers. Serving "static" HTML pages (made up of routine uses of HTML) puts very little demand on a web server. But if your site serves dynamic content (meaning that pages are generated from a database) and uses some form of middleware (discussed later in this chapter), much more server power is required, even to serve the same number of pages. Your developer can help you figure out the additional requirements, based on your middleware package and any dynamically served content you plan to include.

Reliability Issues

The importance of reliability boils down to this: If your server crashes, users cannot access your website. A crash can result in lost revenue, lost credibility and loyalty, and lost time as you troubleshoot the problem and correct it. This downtime is expensive and should definitely be avoided. To ensure reliability, you should buy, lease, rent, or use a computer specifically built to act as a server. You can also beef up the hard disk by specifying a redundant array of independent disks (commonly known as a RAID disk) instead of the plain SCSI disk mentioned earlier. RAID uses multiple SCSI hard disks and stores files on them in such a way that if one of the disks fails, the system will continue to function.

To ensure even greater reliability, ask your developer to build redundancy into your systems. Redundancy is simply a matter of using one or more additional components as backup systems so that if one component fails, another takes over automatically. An entire server can be added as a backup, ensuring that if the main server fails, the redundant server will take over some or all operations.

Redundancy is also often provided for power supplies (components in all computers that convert the electricity provided by the power company into the type the computer actually needs) and network connections (components that plug computers into local networks or a hosting company's network). When a redundant power supply is added to a server, the server can continue running even if its primary power supply fails. An acronym you might run across in discussions of redundancy and power supplies is UPS, which means uninterruptible power supply. A UPS provides a temporary backup to the electricity supplied by the power company.

Note   Providing for redundancy does require more hardware and software, so it can bump up the cost of your back end pretty quickly. Whether this is a wise investment depends on whether your e-commerce website can stand any downtime.

Support Issues

Most of the time, your server will hum along just fine, but even well-maintained servers have been known to crash and you must be prepared for that. A server might crash because it is overloaded, because its hard disk gives out, or because a power surge fries its power supply.

You (or your developer or tech staff) can prevent some crashes by monitoring your system. Servers track their own activities and generate log files to store this information over a given time period. (Log files are further described and an illustration of one is shown in Chapter 13.) Tech people also often monitor the system by using utilities that provide reports on usage. Some of these utilities convert the log files into reports, making them easier to read. Others monitor the server and create animated graphical charts showing current usage. If you or your tech people see that your server is running at 75 percent of its capacity, you are pushing its limits. Just as you don't want to run your car at its highest RPMs at all times (because that creates greater wear and tear and prevents you from having any capacity to accelerate when you need to), you don't want to max out your server. You need a cushion for when you get spikes in website traffic, for example.

Support for a server includes monitoring it, troubleshooting any problems that arise, and solving the problems you find. Support can be provided by the hardware manufacturer, the server software developer, your hosting company, or your tech staff; who is responsible for what depends on your agreements with these entities and on the nature of the problem. Your first line of defense is your tech staff or (if you have a server support agreement with your hosting company) your hosting company's tech staff.

Support contracts are sometimes sold separately from the server itself, so keep in mind that when you purchase, lease, or rent a server, the deal won't necessarily include support. Similarly, when you rent space on a server from a hosting company, the deal might or might not include support. But having a support contract with your server manufacturer or hosting company is a very good idea; this is not the time to skimp. You might need support only rarely, but when you need it, you really need it. Without a contract for ongoing support, you'll find yourself scouting around for someone or some place to do the job. With poor support, it can take as long as a week to fix a problem. That's a lot of downtime for even the least mission-critical websites.

Some server vendors will sell you two-hour or three-hour support contracts. That means they'll guarantee a technician at your site within two or three hours of a reported problem, regardless of the day or time you call. Other contracts guarantee same-day or next-day response and repair. When you select among service contract options, again, remember that downtime can cost you dearly. Compare the cost of the service contract to the cost of lost revenue and credibility.

Note   If your company has an information services (IS) or information technology (IT) department, a vendor, in-house technician, or outside consultant might already be available to provide support for your server. If those options are available and serve all of your needs, you don't necessarily have to purchase a support contract from your server manufacturer or hosting company.

What to Look for in Technical Support

Technical support for your e-commerce endeavor should encompass three general areas: the hardware, the software (including the web server software and the database), and the website itself (including the content, the transaction system, and so on). It's unusual to get support for all of these areas from the same person or team. Even if you have a technical staff, they'll sometimes need assistance from others who have even more expertise with the specific hardware, software, or coding in question. When you purchase or lease a server or when you rent space on one, clarify what the support agreements are for both the hardware and the software. Likewise, when you have a developer create a site, database, or transaction system for you, clarify what the support agreement is. Not all support is created equal. Prices and levels of service vary widely, and it's important to know what you're paying for as well as how diligently promises and guarantees are kept. Check references just as you would when hiring a web shop (as described in Chapter 9).

Considering Your Hosting Options

As mentioned previously, the server hosting your website can reside at your location or at a hosting company; it's also possible to rent a portion of shared space on your hosting company's server (at the hosting company's location) and host your website in that rented space. Each option has its pros and cons.

Hosting Your Website In-House

Until recently, it was quite common for mid-sized to large companies to host their websites on their own servers (yes, in their own office buildings). This only made sense; the skills and resources needed to maintain a server were similar enough to the skills and resources many companies already had available among their IS or IT staff. However, websites have gained in importance; they aren't the IT department's little darlings any more. They require specialized, sophisticated support, with people in segmented jobs dedicated to keeping them running and keeping them secure in website-specific ways. That's why hosting companies have come into being—to fulfill the need for housing and maintaining servers with 24/7 connectivity. As time passes, fewer and fewer companies host their own websites; more often, a company entrusts the care and feeding of its web server and other back-end systems to a hosting company, whose core competency lies exactly with those tasks.

If you do decide to host your own website, you'll have full control over it. You can use the software you prefer (within the limitations of the hardware) without having to consider what your hosting company prefers or can support. On the other hand, you (or your staff) will be responsible for keeping the server running around the clock. When something goes wrong at 4:00 in the morning, you or someone in your organization will have to leap from bed and get up and fix it. Depending on what the problem is, this might mean getting the phone company or cable company out (presumably the next morning) to address a connectivity issue, or it might mean having someone (you or your staff) deal with a server crash. If you have full-time, expert technical staff hosting your site at your location on your server, the latter solution might be an option, but for most companies, it isn't advisable.

Note   While many IS and IT departments have the technical skills required to run a web server, most are geared toward maintaining a corporate network. Also, most of them work on a vastly different timetable than that required for running websites. These days, most companies have their IT people handle the corporate network and internal computers and arrange to have their website "live" at a hosting company.

If you do host your own site, you'll want to install a firewall to protect your web server and the other computers on your local network from trespassers. A firewall, shown in Figure 10-1, is a system that simply puts up a selective roadblock. It allows outsiders to access sites on your web server but prevents them from accessing any of your other computers or tampering with any of your files. If your company already has a firewall in place, you might have to make changes to the way the firewall is set up in order to accommodate your web server. You might even have to provide a separate, second firewall especially for the web server.

A firewall protects your internal systems from the outside world (click to see larger image)

Figure 10-1. A firewall protects your internal systems from the outside world. (Click picture to see larger image)

Keeping Your Server at a Hosting Company

If you keep your server (either your own server or a leased server) at a hosting company, you will gain access to the hosting company's generally high-speed Internet connectivity. (Placing your server at a hosting company is often called co-location or, in the vernacular, "co-lo.") Most hosting companies have multiple T1s or even higher-speed lines. You will also gain access to the hosting company's staff, which will be available (in varying degrees, depending on the level of service you purchase) to monitor and respond to problems. You might actually have to purchase a separate contract for full, round-the-clock support, but at a minimum any hosting company's staff will see to it that the connection between your server and the Internet is functioning. (Again, whether your server itself is functioning is often a separate issue. See the section titled "Support Issues" earlier in this chapter.)

Your hosting company might specify some limitations on what platform, server software, and other technologies you can use. If so, this is not an arbitrary set of rules. The hosting company is responsible for providing stable, secure, and fast connectivity to its clients; in order to do this, it can't allow anything to disrupt any aspect of its systems. Within any limitations imposed by the hosting company, if you keep your server at the hosting company, you can install and use your own software on the server.

Note   The cost of keeping your server at a hosting company can range from a few hundred dollars a month to thousands. The pricier options provide more service and usually guarantee that you'll experience less downtime. Hosting companies generally accomplish this level of service through reliable connections to the Internet and through hiring experienced staff to be on site around the clock. However, it's always wise to look carefully into any guarantees to be sure of both what is being promised and how the promise will be fulfilled.

Renting Space on a Hosting Company's Server

For smaller companies that don't need the power and sustenance of a fully staffed hosting operation with full-time support people, yet want more sophistication and control than is allowed by a prepackaged service such as those available from bCentral, renting space on a hosting company's server can be an economical and attractive option. (This option is referred to as using shared or virtual server space). You'll get space on a robust server without incurring the cost of buying, leasing, or renting a whole server. You'll also get the advantage of a professional staff that monitors and maintains the server all the time. (These people will not, however, monitor and maintain your website unless you sign a separate contract for that.) You—and everyone else who's using space on the server—can have your own domain name. You can run your own database transaction system (within whatever limitations the hosting company specifies), but the server software will be determined, provided, and maintained by the hosting company. The next section describes issues to address in choosing and dealing with a hosting company.

Choosing a Hosting Company

You don't have to limit your search for a hosting company to your immediate geographic region. Scout around for a good deal. (Microsoft Business, at, provides information about specific hosting companies that you can consider.) Research whether the hosting companies you're considering provide and are proficient in the platform and server options you prefer. You should also consider the issues of redundancy and support described earlier in this chapter.

Hosting Companies, Connectivity, and Bandwidth

Hosting companies differ in their level of connectivity, which is as important a concern as redundancy and support. The issues you must consider have to do with how the hosting company is connected to the Internet. The Internet has several backbones (main arteries), which are interconnected. Some hosting companies are connected to the backbones; some are simply connected to other, larger hosting companies that are in turn connected to the backbone. The closer a hosting company's connection to the backbone, the better the connection is. Also, hosting companies that have multiple redundant connections are better able to provide continuous service.

Hosting companies also differ in the level of bandwidth (how much data can be transmitted through the available lines) they offer. A hosting company's bandwidth is affected by the type of lines it uses and the capacity of those lines. T3 lines have more capacity than T1 lines, for example, because they have more bandwidth. (The DSL or ISDN lines you might have in your office or home do not have as much capacity as T3s or T1s because they have less bandwidth.) The number of lines a hosting company has also affects the overall bandwidth it has. When you set up an account with a hosting company, you'll be allotted a certain amount of bandwidth. If you need more later, the hosting company might charge additional fees for the extra service.

Tip   Because Internet connectivity between countries is often unreliable, you should use a hosting company in the country in which you'll be doing business. And because you'll want technicians to be available to answer your questions during your business hours, you might even want to consider a company that's within your time zone.

A smooth relationship with your hosting company depends on clearly defined roles and responsibilities. Here are some questions that you can discuss with your hosting company in detail:

  • Who will talk to whom when problems arise? Designate a single contact person within your company, and keep in mind that your hosting company will probably have several people on its end working various shifts.
  • What types of changes on your site is the hosting company authorized to make, and what types do you expect them to make? You'll want them to address problems with the server immediately, but remember that it is your website: You'll want control of changes to content and functionality.
  • Will they automatically notify you when they find a problem with your website? You certainly don't want to discover that the site is down at the very moment you're trying to show it off to associates or potential partners.
  • How reliable is their service, and what level of uptime do they guarantee? Different hosting companies offer varying levels of connectivity, which affects how much uptime they can guarantee.
  • How will they handle increases in site traffic? This is an issue regardless of how you've chosen to host your website. If you're hosting your site yourself, you'll need a plan for increasing the capacity of your connection to handle any increase in traffic. If your server is located at your hosting company or your site is on your hosting company's server, you'll need to know what they'll charge for additional bandwidth.
  • If you're renting space on your hosting company's shared server, how much hard disk space will be allotted to you and what will be the charge for additional hard disk space? Hosting companies usually start by assigning you 20 MB to 50 MB of hard disk space; if you need more, you have to pay for it. Find out the procedure for getting more space and what it will cost.
  • Do they support the server technologies required to run your site (for example, Microsoft Active Server Pages [ASP] or a Microsoft SQL Server database)? Again, this is an issue only if you're hosting your site on your hosting company's shared server. The hosting company will probably be willing to support only certain technologies and won't want to install new technologies just because you want them.
  • How proactive are they about security? What security measures are in place? What do they have in the way of firewalls and methods for making the building itself secure? Do they have a dedicated security team? Does the security team take responsibility for keeping only the hosting company's network secure, or do they also protect your server's security? How will they provide security for your server? Get specifics about these issues.

How these issues are handled will vary among hosting companies. As mentioned earlier, hosting companies often support only the actual Internet connection. They might not support the server unless the server in question is theirs and you are renting space on it. If the server is yours and something goes wrong with it, you'll have to address the problem yourself or call someone (not the hosting company) to troubleshoot. Some hosting companies provide basic support and will even back up your content on a regular basis. Others provide a higher level of support and will even go so far as to guarantee a certain level of uptime. Of course, you generally pay more for higher levels of support; which level of support is appropriate for you depends on how crucial it is that your site remain up and running at all times.

Tip   If you're using FrontPage to create a website that requires FrontPage Server Extensions in order to run properly, you'll have to verify that your hosting company supports the version of the FrontPage Server Extensions that corresponds to the version of FrontPage you're using. The FrontPage Server Extensions are special software that must be installed on the web server to enable some of the more advanced features of FrontPage.

The Power of Databases

A database is a system that makes organizing, storing, and accessing data easier. It is made up of records; each record is separated into a number of related elements called fields, which contain pieces of data. You can think of a phone book as a sort of metaphor for a database; each listing is a record, and the fields of the record, such as name, address, and phone number, contain data for that record. As another example, a typical record for a product catalog database has separate fields for the product name, price, and other distinct pieces of data related to the product. A collection of records in a database is known as a table. A database can be made up of a single table or many tables. All records within a table contain the same fields.

The following two basic types of databases are in common use today:

  • Flat file databases, which have a single table in which all the data is stored
  • Relational databases, which can accommodate multiple tables related through specific fields that they have in common

A good database is the bedrock of many an e-commerce website. Product catalogs, customer information, and inventory tracking are typically all stored in databases. When a database is created for a website's back end, scripts are written to call up the data in the database and present it on a web page to users of the website. When a user searches a website's database, he or she enters data into a web page form to submit a query, which is simply a question that is asked of the database.

That's the simple version of website databases. What you can do with a database-backed website is actually much more exciting than that.

Database-Backed Websites

Storing product data in a database allows you to update the information easily. The real power in having such a database, however, is that users can search the catalog of products in the database and the catalog can be coordinated with inventory, ordering, and tracking systems to automate purchase and fulfillment processes. Customers can search on any of the attributes of your products (size, color, price, weight, power, and so on), and they can also make a purchase in just a few steps (or even in one step, if their credit card data has been stored in a customer table in the database). This is made possible via database-generated catalog pages linked to the transaction system. Website users can "customize" a product before purchase (selecting, for example, the color by viewing an image of the product and clicking a "color chooser" to change the product's color). They can find a local dealer or retailer by searching on city, ZIP code, or the specific products the dealer or retailer carries. When the catalog database is tied into inventory management systems, the customer can be notified immediately as to whether an item is out of stock or on back order. Notification can occur in the form of a message appearing automatically on the order form web page or in the form of an e-mail message generated and sent out automatically.

Databases can be applied to websites in other ways as well. For example, all of the data supplied by users or customers who register on your site, sign up for your mailing list, participate in your online survey, or complete an online transaction can be stored in a database. That data can then be sorted, indexed, or categorized to provide you with reports on who is visiting your site or buying from your catalog.

Databases can also be used to store text, images, and other media in fields. Your website team or developers can then write scripts to call forth that material and place it into web pages. This is known as creating content dynamically.

Note   When you view a website, you can tell when web pages are being generated dynamically simply by looking at the URL. If the URL doesn't end in a filename with an extension such as .html or .htm but instead looks like a line of programming code, it's likely that a script (represented by the code you see) is pulling data from a database to create the page.

Storing content in a database and creating pages dynamically makes maintenance of large and complex websites a lot easier. Making changes to the navigation bar, for example, is less complicated if you can do it once in the database and have the change appear on all pages on the site. That definitely beats making the change, say, 500 times! Also, content producers who don't know HTML can enter content into a form that automatically drops the content into the database. They simply type the text into a field, click a button on the form, and the new content becomes part of the web page—all without the need for HTML coding.

Note   It's quite common to include in an HTML document a database call (a query to the database) that dynamically pulls some content from the database. This allows you to store content that's repeated often on the site in the database. You can then make any change to that content (for example, raising the price of a product) just one time in the database, and the change will be automatically displayed wherever that content appears.

Often, large websites that are made up of thousands of pages use content-management systems that work in tandem with databases to store, track, update, and publish website content. Chapter 11 describes content management tools and how to choose among them.

Adding a Site Search to Your Web Site

A database can also be used to add site search functionality to your website. This functionality can have a dramatic effect on the site's usability. When users can search a complex site for content that interests them, they will find that material and get your e-commerce message more quickly. The following two types of site searches are possible:

  • Full-text searches comb the text on the site's web pages (whether they are static HTML or content stored in a database) looking for words that match the search word or phrase the user specified.
  • Keyword searches sift through either keyword fields in a database or keyword META tags (as described in Chapters 8 and 12), again looking for words that match those the user specified.

In a full-text search, generally the list of matching web pages that is provided to the user is ranked by relevancy; meaning that the web page at the top of the list (the one with, say 100 percent or 90 percent "relevancy") is the one on which the search term appears most often in comparison to other words. This might seem fine, but if a user searches for pages devoted to Italian shoes and the page that discusses Italian shoes has the terms leather, sole, or hand-stitched on it a lot more often than Italian shoes, that page might not rise to the top of the relevancy list. In a keyword search, the list provided to the user is likely to be shorter and more focused. It might again be ranked by relevancy, but this time, because the relevancy ranking will be based only on a comparison of keywords to other keywords, it's more likely that tangential phrases won't skew the results.

Implementing a full-text search system is much easier than implementing a keyword search system. In both cases, the developer will have to configure the search software to run properly, but in the case of the keyword search a lot of content identification work needs to be done—you have to set up and manage the keywords! You or your staff must standardize them, document them, and apply them to the content by entering them correctly into each web page's keyword META tag or keyword database field. Then, forever after that, you have to maintain the keyword list and prevent the introduction of too many variations on the keywords.

Realizing that managing keywords is a daunting task, you, as many others, might think that for simplicity's sake you'll go with a full-text search. You might even think that you'll launch with a full-text search and implement keywords later, when you have time. Trust me: You'll never have time. There will always be something more urgent (such as posting the new product information, creating the perfect strategic partnership, or migrating the site to a more powerful server) than going page by page through your website to assign keywords and set up a new site search. Whether a full-text search or keyword search is best for your site is one of the many strategic decisions you will make.

Microsoft Windows 2000 Indexing Service is a site search tool that can be set up to do full-text searches of HTML files, Microsoft Office documents, or content stored in SQL Server databases. It can also be set up to do keyword searches; however, as most site search products on the market, it will be most successfully implemented if you decide up front to favor one type of search or the other.

Relational Databases vs. Flat File Databases

Relational databases soar where flat file databases fall. A relational database allows you to store a lot of data in multiple tables. The tables within one database generally have certain fields in common, through which a relationship is established. The classic example is a database that contains one table for customers and another for orders. Each customer has a record in the customers table, and each order has a record in the orders table. Each order placed by a certain customer does not have to contain all the information regarding that customer; instead, a link from the order to the customer record (in the customers table) through a single field contained in both tables, such as customerID, calls forth the customer information.

A flat file database has only one table, so every order recorded in a flat file database has to include all of the customer information. That means that when Sally places an order on Tuesday and then again on Thursday, both orders have to include all of Sally's identifying data, including her address, credit card information, and so on. This gets really repetitive. What's more, having to manage all those big, bloated records puts a severe load on a database server.

Even a relatively small flat file database can undermine server performance; a fairly large and complex relational database, on the other hand, places a far lighter load on the server. The downside of using a relational database can be expense. It can cost thousands of dollars just to license the software. Depending on the complexity of the database, you might also need a database server on which to run the database software. Then you generally have to bring in a developer to build the database. A flat file database also has to be built by a developer, but it is built from the ground up using no licensed database products, and it requires no special server.

Note   Many businesses find Microsoft Access a good solution for harnessing the power of relational databases. Access is a relational database designed primarily for desktop computers. It allows multiple tables of information and allows you to create relationships among these tables just as you would using other, more powerful database software. While Access databases cannot support hundreds of users accessing millions of records (as SQL Server can), it can support a few users accessing thousands of records and it performs far better than a flat file database would. And if your web business soars, it is relatively easy to migrate from Access to SQL Server.

Choosing Middleware

Operating between the database and the web server is special software known as middleware, which does the job of transporting data. Various types of middleware take different approaches to the job. Some allow you to simply add special code (much like HMTL code) into the HTML that defines your web pages to call forth data from the database. Others require you to insert special scripts into the HTML that defines the web pages. Still others require that you use specific authoring tools to create the entire website (rather than creating it with HTML); you then have to always work within the environment of the authoring tool.

When you select middleware, look at compatibility with your database software. Consider, also, whether those who'll be using the middleware have the necessary programming expertise. Some middleware requires programming experience, and some doesn't. One approach to middleware is ASP, which allows you to insert scripts into HTML files.

Note   Middleware is not the only option for transferring data from the database to the web server. You can use standard programming languages (such as C++ or C#) to create programs that run on the server and manipulate your database. While this requires more expertise than using middleware, the result can be especially efficient and reliable. However, for most purposes, middleware is fine.

At the higher end, Microsoft .NET Enterprise Servers include development tools that act as middleware. These include Commerce Server, which allows programmers to create b2c and b2b transaction systems; and BizTalk Server, which allows programmers to create websites with b2b features and components. In fact, both products are often used along with other Microsoft .NET Enterprise Servers (such as SQL Server) to build very robust websites with complex functionality.

Maintaining a Database

Like nearly everything else on a website, the database must be maintained. Maintenance of the database content can be performed by even the most non-technically adept users via easy-to-use forms and other utilities. Some common maintenance tasks that fall into this category include:

  • Adding and removing records as your data changes. For example, in the case of a product catalog database, you'll need to add new records as you add new merchandise and remove records as you discontinue items.
  • Making changes to the data stored in the database. You might want to change the description of a product or some of the other information you keep in the database. (This is useful, for example, if you begin carrying a product in a new color.)

The developer who creates your database system should provide you with simple, password-protected forms that make adding and changing data easier. These forms might look like nothing more than HTML pages; you can use your web browser to work with them. While you cannot do backups via a web browser, your developer should identify the procedure for making backups and give you complete, easy-to-follow instructions.

Other database maintenance tasks include reviewing log files, monitoring server performance, and verifying that the hard disk is not overloaded. These tasks (similar to those necessary for maintaining a web server) are typically the responsibility of those more technically adept than the average manager. Do not wait until you have problems to find someone to handle such matters. Establish a maintenance agreement with your database developer when your system is first built. Regular maintenance will save you from unexpected downtime and poor performance.

Be sure that someone is creating a backup copy of your database regularly (as well as a backup copy of the rest of your site). Backing up your database is not necessarily included in the regular backup of your site that you, your developer, or your hosting company does. Because of the way that some databases work, special tools might be needed. Verify with your developer that those tools are in place and backups are occurring.

Also, don't wait until your database crashes to find out whether the backups are good. Have your developer test your backups occasionally by randomly selecting a file or a table from your database and restoring it from the backup.

Caution   When you restore a file to test your backup system, don't overwrite the live database. If it turns out that the backup data is bad, you will have caused the very situation you were trying to avoid. Instead, restore the data to your staging server and test it there. Seeing something restored from the backup is the only way to know for sure that your data is being protected.

The Basics of Transaction Systems

A transaction system is the behind-the-scenes combination of programming, databases, payment paths, and business rules that enables you to sell goods and accept payment from your customers. The elements that make up most e-commerce transaction systems include the following:

  • A catalog (in the form of a database) that lists products available for sale along with data (such as the price, descriptive information, and perhaps a photo) describing those products.
  • A database that stores customer information (at least temporarily), as well as the customer's choices about shipping and payment methods, and tracks purchases during the transaction process.
  • A shopping cart (comprised of scripts or programming) that tracks what the customer selects for purchase while browsing the website. When a customer clicks a Buy button, the scripts that make up the shopping cart system add the selected items to a record in the database that deals with purchases.
  • A purchase system (more scripts and programming) that pulls together the selections the customer made from the catalog (information from the shopping cart) and the payment and shipping information (from the customer database).
  • A credit transaction processing system (usually consisting of licensed software) provided by a company such as CyberCash ( or CyberSource ( that facilitates online credit transactions.
  • A connection or interface that triggers a fulfillment system that sends the order to a warehouse or otherwise sees to it that the ordered items will be shipped.

All of these elements work together behind the scenes when a user makes a purchase. In the best possible scenario, the user will be aware of only a few steps in the sales and transaction process: selecting the item or items of interest, viewing the order, entering credit card information, selecting a shipping method, and submitting the order. A confirmation web page or e-mail will signal that the order was successfully entered.

But in reality, a complex back-end system of programming, security-enforcing encryption, databases, credit and financial information transmission, and order fulfillment is at work. From a business perspective, it is important that you understand the need for a high level of security in that system and the nature of the relationships with the various financial institutions involved. So read on.

Security in E-Commerce Transaction Systems

Protecting the security of credit card data as it is stored and transmitted is crucial to the success of an e-commerce transaction system. Without assurance that their credit card data is safe, customers simply won't buy. And security breaches undermine the credibility of both the affected site and the e-commerce industry as a whole.

When security is effective, it goes unnoticed. Security in e-commerce is accomplished through a combination of encryption (data scrambling so that even trespassers cannot use it), barriers to intruders such as firewalls, and policies regarding who has what sort of access to the confidential data. When you set up an e-commerce transaction system, a certain amount of the system will be within your area of responsibility. For example, it will be up to you or your staff or developer to make secure your servers and any forms into which users will enter confidential data. (Your developer will know how to do this, but it is your job to provide a reminder.)

Any purchase system that accepts payment from a customer and authorizes a charge to the customer's credit card should use the industry standard security protocol, Secure Sockets Layer (SSL). SSL accomplishes security by encrypting data. When you view a web page, you can tell that this type of security is in place because the page's URL starts with https: instead of the more common http:. A special icon (in Microsoft Internet Explorer 5, it is a lock) might also appear on the status bar of the browser window.

For SSL to work, a certificate (a digital document that proves your identity) must be issued to you by a certification authority (an organization that is entrusted with vouching for others in this way). Again, your developer will take care of this. Note, however, that you must provide documentation to the developer to send to the certification authority. This might include bank references, a notarized statement or application, and other supporting documentation. Obviously, given that your developer is privy to your secure systems and confidential data, it's imperative that you select a knowledgeable, reputable developer and maintain a good working relationship with him or her; see Chapter 9 for pointers.

Note   A database of people's credit card numbers is a tempting target for unscrupulous, hacking thieves. Because of this, transaction systems normally store credit card numbers only temporarily. They are immediately passed to a third-party credit processing company, which sends back a transaction authorization number. It is that number that's actually stored in your database. This setup works because the number pertains only to one transaction and doesn't provide an electronic path the thief can follow to the credit card number itself.

Occasional security audits will turn up any holes in your systems. A security audit might take the form of a review of the code and systems, or it might include the additional tactic of approaching the site as a user would. In the latter case, an attempt is made to retrieve information a user shouldn't be able to access; for example, the test might involve acting as a user who is entering data into the system in a manner the scripts aren't set up to accept. In an improperly secured system, that action (which a perfectly innocent user might accidentally take) can trigger access to confidential data.

You can either hire a company that specializes in security audits to investigate your site, or you can ask a developer to do it. Hiring a specialized company is the more expensive option, but the company will probably provide a certain level of expertise in such audits. If you go the developer route, keep in mind that the developer who created the site might not be the most objective judge of the site's security system. On the other hand, a different developer who is on equal footing with yours might audit the site with an eye toward wrangling the job of beefing up your security and maintaining the site away from your developer. Get references, and scrutinize the experience and motivations of any developer you hire for an audit just as you would if you were hiring a developer to create your systems.

How Credit Card Transactions Work

From the customer's point of view, a credit card provides an easy way to make purchases and pay later. However, credit cards can be viewed from several other vantage points. From the viewpoint of your business when you are accepting payment, a credit card is both a convenient method for receiving payment and an assurance that the credit card user is creditworthy enough for you to assume that payment will actually occur. From your bank's point of view, a credit card is actually a short-term loan to your business. This is because your bank—the "acquiring" bank—makes payment to your business's merchant account days before it receives payment from the customer's bank. But the customer's bank—the "issuing" bank—actually pays the acquiring bank before it receives payment from the customer!

From the viewpoint of the banks involved, then, and despite the overall security of the credit card system, some risk is involved in handling credit card transactions. A customer might decline the charge or even default on payment, for example. And e-commerce adds an additional layer of risk for the banks. To understand why this is so, consider the steps involved in accepting a credit card in the physical world:

  1. The customer presents the credit card to the merchant. The card is "swiped" through a reader or imprinted on hard copy. The card numbers are recorded directly from the card held in the customer's hand.
  2. The merchant gets an authorization number for the purchase amount from the customer's bank over a terminal or a phone line.
  3. The merchant gets the customer's signature on a credit slip, which creates a legally binding contract.
  4. The merchant provides merchandise in exchange for the signed credit slip.

At the end of this process, payment is authorized and transferred. Everyone is fairly well assured that the entire transaction will proceed as expected. In an online setting, however, the customer is not physically present and cannot sign a credit slip. There is no signed "contract" that authorizes payment for an electronic sale. This makes banks nervous. (The merchant also can't verify the signature's validity, which removes one level of "security" from the whole process.) In their nervousness, banks want more assurance that e-commerce merchants are using secure systems; they also are inspired to charge online merchants higher fees.

As of this writing, new technologies are being developed to address these issues. E-signatures (described briefly in Chapter 3) might change the landscape of e-commerce payment systems. In the meantime, banks find the size of the e-commerce market and the level of security that is generally afforded by online systems persuasive enough to accept credit card transactions conducted over the Internet.

Note   In a traditional credit card transaction, the merchant gets an authorization number from the issuing bank the moment the customer signs the slip and before the customer receives the product. When you plan and build your e-commerce website, ask your developer to have your system get the authorization number and verify the billing address against bank records before the credit card is formally "accepted." Also have the developer make sure that payment will occur quickly (while the product is being shipped to the customer).

Getting Set Up for Credit Card Transactions

Because e-commerce credit card transactions are riskier for banks than face-to-face credit card transactions and because online payment systems have to be secure, the sign-up process for online merchants that want to accept credit cards is different than for brick-and-mortar merchants. First of all, the banks are a bit choosier. Also, the process involves different steps and some additional players. Not only do you have to deal with your bank and the credit card companies, but you also have to deal with companies that sell credit card processing software. Let's look at the process step by step.

Open a merchant account

The first step is to go to a bank and tell them you want to accept credit card payment over the Internet. You can start with the bank that handles your existing business accounts. If that bank doesn't offer e-commerce accounts, you might get referred to a bank that does or you can try to get references from other e-commerce merchants. Once you have a bank to work with, you will most likely open a separate account from the one you might already have for your business. The bank will also provide you with an application and contract for the credit card companies you'll be dealing with, which is distinct from your contract with the bank.

Note   The rules for taxing Internet sales are basically the same as the rules for taxing mail-order sales. For most small to mid-sized businesses, that means you must collect and pay sales tax according to your regional laws. Businesses with many locations must collect and pay taxes according to the regional laws of any place where they have a nexus (a business center).

Choose credit card processing software

In a brick-and-mortar store, a salesperson swipes a customer's card through a device that transmits information about the sale to the bank and credit card companies in an instant. In e-commerce, that role is played by credit card processing software companies (such as CyberCash and CyberSource). They provide software that resides on your server and transmits transaction data securely.

As you consider which credit card processing software to use, take into account which companies your developer has worked with before. As always, you don't want to pay for the learning curve and you do want to tap into your developer's expertise. Consider, also, which company's software your hosting company already has installed. (Your hosting company might not want to install new, unfamiliar software.) You'll also want to take costs into account. Companies that provide credit card processing software charge some combination of a setup fee and a per-transaction fee. Some also charge a monthly minimum fee when a merchant has not generated enough transactions to be a profitable client.

Integrate the credit card processing software with your transaction system.

Your developer will pull the account software and credit card processing software together with your databases and the scripts that make everything work. To ensure smooth integration, keep your developer in the loop, especially as you choose credit card processing software. Your developer should be able to advise you on the fine points of your options and how they fit with other choices you've made for your system.

Note   As you organize your transaction system, remember to deal with fulfillment (the process of shipping the product to the customer). A small e-commerce endeavor's fulfillment system might consist simply of generating an e-mail message that triggers shipment. In a more sophisticated system, scripts will run automatically when an order is placed. The order then appears along with other orders in the warehouse or shipping location's existing fulfillment system.

Fees and Charges for Credit Card Transactions

Banks charge your customers monthly fees as well as interest on any outstanding balances. They also charge you, the merchant, for every credit card transaction that occurs at your place of business. The specific mix of fees charged and their amounts vary from bank to bank, but you generally pay the following:

  • Setup fees for opening an account.
  • The discount rate, which is a percentage of each transaction that the bank keeps as part of its compensation. Discount rates vary drastically from bank to bank. They also vary based on the type of business you do. Generally, e-commerce companies pay a higher rate than brick-and-mortar businesses.
  • Special charges for credits to the customer (when a transaction is canceled or a product is returned) or for special services such as providing printed statements rather than electronic statements or transferring funds between accounts.
Tip   Be sure that any credits to customers for returned products or canceled orders are processed quickly at your end. If you credit the purchase back to the customer, you'll pay a fee, but it might be only 15 cents. If, instead, the customer has to request a credit (because, for example, you took too long to process the return), the fee you pay can be $20 or even as much as $50, depending on the bank's policy.

Other Forms of E-Commerce Payment

Because credit cards are familiar to customers and easy to use, and because their underlying payment systems already exist, credit cards are the dominant method of payment in e-commerce. However, other methods of payment do exist:

  • In a direct debit system, the customer enters his or her bank account number along with some identifying information and money is directly transferred from that account to a merchant account when a sale occurs. This method is not commonly used in e-commerce because it doesn't provide adequate security.
  • A wallet system allows the customer to transfer funds from a bank account or credit card to an electronic "wallet." Once the funds are in the wallet, the customer can use that amount to make purchases. This option requires the customer to have a special account with the wallet company and requires the merchant to sign up with the wallet company so the customers can use the feature at the merchant's site. (Microsoft Passport provides this type of service and is available at You'll find special instructions there for setting this up.) This technology is an alternative for companies that sell products priced so low that they don't warrant the expense (to the merchant) of credit card fees.
  • Yet another system, offered by companies such as eCharge (, bills the customer's telephone service account for e-commerce transactions. Essentially, the customer purchases a product or service through a website and the charge later appears on the customer's phone bill.

Armed with some understanding of transaction systems, payment methods, and other back-end issues, you're now in a position to consider just how your systems will be built.

Building Your Transaction System vs. Buying It

In Internet years gone by, the only option for creating a transaction system was to build it from scratch. That is still an option, but these days you might be better off customizing a transaction system built on top of purchased components or buying a complete, prepackaged transaction system (which you can then customize if only slightly). Each build-or-buy option has advantages and disadvantages, such as the following:

  • Building from scratch involves hiring a developer (or team), specifying what you want the system to do, and paying for its development. The advantage is that your custom-built system can do virtually anything you want. The disadvantage is that this is an expensive and time-consuming way to go. Further, the end result (at least in its first iteration) is as likely to be as bug-ridden as the first version of any software. And finally, the system will not be familiar to those who must work on it after your developer does. For most companies (even large ones), building from scratch is not a good choice.
  • Customizing based on purchased components involves licensing a product such as Microsoft Commerce Server and having a developer create custom programming to make it fit your needs. This method can net you almost the same level of customization you'd get if you built from scratch, but the economics are far better.
  • Buying a fully functioning transaction system involves purchasing a complete system that you can customize, but only minimally. Such systems generally include all the components of a transaction system (catalog, databases, scripts, and so on). They can sometimes be customized with your own look and feel for the transaction and catalog pages, but they usually offer only limited functionality. For example, you might not be able to show two related products on a single web page (you can't easily cross-sell or upsell), as you would with a more powerful solution.
Note   Small and mid-sized businesses might consider using the Microsoft bCentral Business Web or Commerce Manager services to build and run a complete transaction system and sell products online or to offer online auctions or join and do business in other electronic marketplaces.

Of course, whether you decide to build a transaction system or buy one, you must still address the issue of support—keeping your site humming around the clock.

Keeping Your Site Running Night and Day

In the brick-and-mortar world, storefronts have posted hours. They open and close at specified times. But websites are expected to be up and running around the clock. A great advantage to doing business online is that your products and services are available to your customers when they want them, regardless of whether they're viewing your site from their desks at lunchtime in California, from home in the afternoon in France, or in the middle of the night in New York. When you commit to doing business on the Internet, you commit to having your site up and running at all times. Unfortunately, servers sometimes crash, and because they run day and night, they can crash at 3:00 in the morning, at dinnertime, or at any other inconvenient hour. Regardless of who is hosting your site, you must take this into account. You have to decide who will handle server emergencies.

As discussed earlier in this chapter, how seriously you take off-hours server failures will depend on how critical the constant operation of your site is to your business. How such failures will be handled depends on your hosting arrangement and support agreements. If you're hosting your site yourself, you (or someone you designate) will have to handle off-hours problems. If your site is hosted at a hosting company, the hosting company might provide 24-hour monitoring and (depending on your support agreement) might do basic emergency maintenance. In these cases, you might be in the enviable position of never knowing that anything went wrong until an error report arrives via e-mail the next day.

Note   Microsoft back-end and transaction products come with tools for maintenance and for monitoring usage. Also, third-party tools and reporting agencies can monitor uptime and report site crashes via either e-mail or pager (for a fee). One such system is Keynote Red Alert (

As is true of so much in life, preventing emergencies is far better than reacting to them. To prevent server emergencies—and website downtime—your best bet is to engage in a proactive program of server maintenance. Many managers don't fully comprehend the necessity of monitoring server logs, keeping an eye on usage, and preventing server overload by building redundancy into systems as needed. When your server is running smoothly, server maintenance might seem like an expendable concern. However, trust your developer and technical staff when they say it is necessary. Downtime leads to lost sales, which no manager or business owner likes to see. A very small investment in regular server maintenance can save you from experiencing inconvenient server emergencies and expensive downtime.