We have had many conversations internally about what controls our VPS (Virtual Private Server) customers would want and what level of intervention they might be willing to put up with.
As in everything, there are trade offs. If we wanted to implement a system that would allow for things like changing a root password if the customer forgot it, we would need to implement an resident application on each server so we could maintain some level of control over the system regardless of customer’s passwords or other settings. However, naturally that represents a security issue for our customers. We would need to maintain root level access to the server via this daemon which at a minimum represents some level of a security hole.
The question we have been debating is this. Some customer will strongly desire that we be able to help them perform root level operations at any time, others would find it absolutely unacceptable that we have any root level access to their servers.
At this point, we have continued to maintain a policy of security first. Therefore we do not have any resident tools or daemons running on our customer’s servers. Many of our competitors do however, and hence the debate continues.
Let us know what you think. What are the tradeoffs in your application or system? Is it worth the security risk and trust?