DEV Community: Alex

The Stack I Run Has Landmines. I Run It Anyway.

Alex — Fri, 19 Jun 2026 01:35:21 +0000

Originally published at www.kznhost.com

Every site on KZNhost lives on the same stack: CyberPanel and LiteSpeed, on ARM, in the EU. Not cPanel — not because cPanel is bad, but because it quietly charges a licence fee every month for the privilege.

LiteSpeed is faster than Apache where it counts, and its cache actually understands WordPress instead of guessing at it. CyberPanel is free and built around it. On paper, it's the best performance-per-euro you can buy.

On paper.

In production, this stack hides landmines. Delete a website and it can leave debris that ambushes the next account. Spin one up on cloud hardware and it'll quietly point the domain at an address that no longer exists. Edit a page, swear nothing changed, lose an hour — because the cache isn't where you'd think to look.

None of these are dealbreakers. All of them are a bad afternoon if you've never met them before.

I've met all of them. That's the entire point of KZNhost: the fast stack, without you learning its failure modes the hard way. One plan, EU data, run by the same engineer who runs a NOC. You don't have to know where the landmines are — I already do.

€9.99/mo. One plan, no tiers. → Deploy · the full stack · vs cPanel

The NOC Math Nobody Runs Before They Hire

Alex — Fri, 19 Jun 2026 01:35:20 +0000

Originally published at www.tothenoc.com

Someone, right now, is building a business case for an in-house NOC. One headline number: an engineer's salary. One conclusion: "cheaper than outsourcing." They're about to be wrong in a way that only shows up at 3 a.m. on a Sunday.

A NOC's whole job is to be watching when nobody else is. That's 8,760 hours a year. One engineer covers maybe 1,800 of them — after holidays, sick days, and sleep. True round-the-clock coverage takes four and a half people before anyone takes a vacation. Not one.

So the real choice was never "salary vs. fee." It's four idle desks vs. coverage you only pay for when it matters.

And here's the part that stings: most of those desks are tier-1 — people who see a red light and forward it. They don't fix anything. You're paying a room to escalate problems to the one person who can actually solve them.

We built ToTheNOC to skip that room.

There's a version of this where in-house is exactly right. There's a far more common version where it quietly bleeds a budget for two years before anyone notices. Which one are you building?

When everything fails, we don't. → the full cost breakdown · why we run no tier-1 team

Managed Hosting vs a VPS: Which One Professionals Actually Need

Alex — Wed, 03 Jun 2026 22:54:17 +0000

Originally published at www.kznhost.com

Sooner or later every professional who runs a website hits the same fork in the road: rent a VPS and run it yourself, or pay for managed hosting and let someone else run it. The industry will happily sell you either. Almost nobody will tell you honestly which one you actually need. So here it is.

What a VPS Actually Costs

The monthly price of a VPS is the cheapest part of it. A VPS hands you a root password and an empty box. From that moment everything is yours: operating system updates, security patches, firewall rules, the web server, PHP, the database, mail deliverability, SSL renewal, backups, and monitoring. None of it is optional if you want the site to stay up and stay secure.

The real cost is measured in hours. The hours you spend patching instead of billing clients. The hours you lose when an update breaks something at the wrong time. And the specific, memorable cost of a server going down at 3am when the only person on call is you.

What Managed Hosting Takes Off Your Plate

Managed hosting is, fundamentally, someone else owning that list. The stack is maintained for you. Security defaults are applied out of the box. Backups run on a schedule. Updates happen without you scheduling a maintenance window in your own evening. When something at the infrastructure level breaks, it is not your pager that goes off.

You trade root access - and the control that comes with it - for your time back. For most professionals, that is the right trade.

The Professional's Real Math

Run the numbers the way you would for a client. Take your hourly rate. Estimate the hours per month you actually spend on server administration - patching, debugging, the occasional fire. Multiply. Compare that number to a managed hosting fee.

For a designer, developer, agency, or consultant who bills for their time, the managed fee is almost always smaller than the cost of the hours a VPS quietly consumes. You are not paying for hosting. You are buying back the hours you would otherwise spend being an unpaid sysadmin.

When a VPS Is the Right Call

This is where most hosting companies go quiet, so to be clear - a VPS is genuinely the better choice when:

You actually enjoy running infrastructure, and the ops time is not a cost to you.
You need a custom stack - specific software, unusual services, or full control over every layer.
You are running something that does not fit a shared, managed environment: high-traffic custom applications, non-standard runtimes, or hardware-specific workloads.

If that is you, managed hosting will feel like a cage. Rent the VPS. We will tell you that honestly rather than sell you the wrong thing.

When You Need More Than Hosting

There is a third case that sits between the two: you need a custom or complex setup, but you do not want to be the one watching it at 3am. You want the control of a VPS and the coverage of managed hosting at the same time.

That is not a hosting plan. That is NOC territory. ToTheNOC - run by the same engineer behind KZNhost - handles exactly this: monitoring, maintenance, and incident response on infrastructure that does not fit a one-size box. If your setup is custom enough that off-the-shelf managed hosting will not cover it, that is the conversation to have.

The Bottom Line

A VPS gives you control and a list of responsibilities. Managed hosting gives you a working site and your evenings back. Neither is universally correct - the right answer depends on whether ops time is something you enjoy or something you are losing money to.

KZNhost is managed hosting for professionals who want their site to work and want to stop thinking about it - one plan, one stack, monitored by a senior engineer. We wrote about why we run a single plan if you want the reasoning. If your needs are bigger than that, talk to the NOC.

Deploy your site →

LiteSpeed Web Server vs Apache: The Architecture Difference

Alex — Wed, 03 Jun 2026 22:53:14 +0000

Originally published at www.kznhost.com

Apache has been the default web server for most of the internet's history. It is stable, it is everywhere, and almost every tutorial assumes it. LiteSpeed is a drop-in replacement that speaks the same configuration language - but underneath, it solves the core problem of serving web traffic in a fundamentally different way. That one architectural decision is why a WordPress site behaves differently on each.

Process-per-Request vs Event-Driven

Apache, in its common prefork and worker models, handles concurrency by assigning a process or thread to each connection. Ten thousand simultaneous visitors means ten thousand workers competing for memory. Under load, memory usage spikes, the server starts swapping, and response times degrade. The traditional fix is to throw more RAM at it.

LiteSpeed uses an event-driven architecture. A small number of worker processes each handle thousands of concurrent connections, without spawning a new process per request. Same hardware, dramatically lower memory consumption under the same load. The server does not fall over when traffic arrives in a burst - it absorbs it.

It Reads Your .htaccess - Natively

This is the detail that makes LiteSpeed a genuine drop-in rather than a migration project. Nginx is fast, but it ignores .htaccess entirely; moving a WordPress or legacy PHP app to Nginx means rewriting rules into the server config. LiteSpeed reads .htaccess the same way Apache does. Your rewrite rules, your redirects, your access controls - they work unchanged.

For WordPress specifically, that means LiteSpeed runs the same configurations Apache does, only with a different concurrency model behind them.

LSCache: Caching at the Server, Not the Plugin

This is where the gap becomes obvious. Plugins like W3 Total Cache and WP Rocket build cached pages, but serving them still invokes PHP - WordPress loads, checks for a cached file, and hands it over. LiteSpeed Cache operates at the server level. A cached page is served as static content, in milliseconds, with zero PHP execution and zero database queries.

The cache is also tag-aware: it knows to invalidate when you publish a post, update a plugin, or approve a comment. You do not manage it by hand.

Real Behaviour Under Load

The differences show up where it counts:

Time to First Byte: cache-warmed pages drop from a few hundred milliseconds to double digits.
Concurrency: LiteSpeed handles several times the concurrent requests at the same memory footprint.
Stability: traffic spikes that would push Apache into swap are absorbed without the same degradation.

These are not synthetic benchmarks run in a lab. This is how the server behaves when real visitors arrive at once.

HTTP/3, Security, and Modern Defaults

LiteSpeed supports HTTP/3 and QUIC natively, and integrates ModSecurity at the server level so malicious requests are filtered before they ever reach PHP. With Apache, much of this is bolted on after the fact. With LiteSpeed it is part of the same engine.

When Apache Still Makes Sense

Honest answer: if you depend on a specific Apache module with no LiteSpeed equivalent, or you are running a legacy application validated only against Apache, stay on Apache. Familiarity has real value when something works and you do not want to think about it.

For a modern WordPress or PHP site that needs to be fast under real traffic, the architecture difference favours LiteSpeed - which is why KZNhost runs it. We covered the full stack, including CyberPanel and Oracle Cloud ARM, in the stack behind KZNhost, and the hardware in the data center breakdown.

Same site, different engine. Deploy yours →

CyberPanel vs WHM: Server Management Without the License Tax

Alex — Wed, 03 Jun 2026 22:53:13 +0000

Originally published at www.kznhost.com

Most people never see WHM. They see cPanel - the dashboard where you click around to manage a website. WHM is the layer underneath it: the control room the host actually operates the server from. If you run servers, WHM is the part that matters. If you buy hosting, it is the part quietly setting your price.

KZNhost does not run WHM. We run CyberPanel. Here is what that difference actually means.

What WHM Actually Is

WHM - WebHost Manager - is the server-side administration panel for cPanel. cPanel is what the end user touches; WHM is what the administrator or reseller uses to create accounts, assign packages, configure services, manage DNS zones, and carve a server into reseller tiers. One server, one WHM, many cPanel accounts under it.

It is mature software. It has been the industry default for two decades and it does the job. The question was never whether WHM works. The question is what it costs to run, and how that cost reaches you.

What CyberPanel Does Instead

CyberPanel is an open-source control panel built around LiteSpeed. It covers the same administrative ground as WHM: creating hosting accounts, defining packages and quotas, managing DNS through PowerDNS, provisioning email, issuing SSL certificates, and isolating accounts from each other.

The difference is not the feature checklist. Both manage accounts. The difference is the engine underneath and the licensing model wrapped around it.

The Licensing Math Nobody Advertises

cPanel moved to per-account licensing several years ago. The more accounts a host runs, the more they pay - every month, forever. That cost does not vanish. It is built into the price you pay for a plan, the same way a restaurant builds rent into the price of a meal.

CyberPanel's core is open source. There is no per-account tax. On a single-plan host like KZNhost that overhead simply does not exist - which is part of how the plan stays a flat EUR9.99/month with no tiered upsell waiting at renewal.

This is not a small line item at scale. It is one of the structural reasons cPanel hosts drift toward upsells and tier ladders: they have a recurring per-account cost to recover.

Account and Resource Management

In WHM an administrator defines feature lists and packages, then assigns accounts to them. CyberPanel uses packages too - disk quota, bandwidth, email and database limits - applied per website. Account isolation, PHP version per site, and resource limits are all managed from the panel.

For the person running the server, the day-to-day is comparable. You are creating accounts, setting limits, and keeping tenants from stepping on each other. CyberPanel does this on top of LiteSpeed, which changes how the server behaves under load - but that is a web-server story, not a panel story.

DNS, Mail, and SSL Out of the Box

WHM typically pairs with BIND for DNS and Exim for mail. CyberPanel ships with PowerDNS - a production-grade authoritative nameserver - and Postfix plus Dovecot for mail, with DKIM, SPF, and DMARC configured rather than left as an afterthought. SSL is automated through Let's Encrypt with renewal handled for you.

None of this is exotic. It is the same set of services every host needs. The point is that CyberPanel assembles them without a license meter running in the background.

Why This Matters If You Are the Customer

You will never log into WHM or CyberPanel as a KZNhost customer - you get a clean panel for your own site. But the choice underneath affects two things you do feel: the price, and who is actually running the box.

The licensing model shapes the price. The operator shapes the reliability. At KZNhost the server is run and monitored by a senior NOC engineer, on infrastructure built for the stack rather than inherited from a default. The panel is a means to that end, not the product.

If you want the deeper end-user comparison, we covered CyberPanel and LiteSpeed versus cPanel from the performance side separately. And if you want to see the hardware it all runs on, that is in the data center breakdown.

One stack. One plan. No license tax passed to you. Deploy your first site →

Why One Hosting Plan Is Better Than Forty

Alex — Tue, 26 May 2026 23:52:30 +0000

Originally published at www.kznhost.com

The tier trap

Open any major hosting provider's pricing page and you'll find somewhere between 4 and 40 plans. Starter, Business, Professional, Enterprise, Plus, Pro, Turbo, Max. The differences between them are deliberately confusing — enough RAM to matter, but not enough to make the decision obvious. Enough storage to get started, but you'll need to upgrade within a year.

This isn't an accident. It's a business model. Get you in at the lowest price, wait for you to hit a limit, upsell. The hosting company profits from your growth friction. You pay for the privilege of figuring out which plan you actually need.

The single plan logic

KZNhost has one plan: three domains, 15GB SSD, unlimited bandwidth, SSL, daily backups, email hosting, one-click WordPress. €9.99/month.

That's it. No tiers, no upsells, no "but if you want email you need the Business plan." Everything a professional website needs is included. Nothing you don't need is bundled in to justify a higher price point.

The logic behind this is simple: I built this hosting environment for myself first. I needed something that handled multiple domains, had real storage for media-heavy sites, and didn't require me to think about bandwidth caps. One package that covered everything. Then I opened it to clients who had the same requirements.

What 15GB actually covers

15GB of SSD storage is more than most professional websites will ever use. A typical WordPress installation with plugins is 500MB-1GB. A photography portfolio with hundreds of high-resolution images might use 3-5GB. A small business site with regular blog posts might reach 2GB after several years.

The sites that legitimately need more than 15GB are either media distribution platforms (not what this hosting is for) or sites that haven't been maintained — storing five years of unoptimized image uploads, plugin files from abandoned installs, and database bloat. Good maintenance keeps sites lean.

Why three domains?

Most professionals have more than one project. A developer with a portfolio site, a side project, and a client site they're managing. A designer with their main brand, a studio site, and a personal blog. Three domains covers the realistic use case without selling you capacity you'll never use.

Each domain gets its own isolated hosting environment, SSL certificate, and email hosting. Not subdomains of a shared domain. Real separate domains.

The NOC monitoring angle

What makes KZNhost different from standard managed hosting isn't the plan structure — it's what's running behind it. The infrastructure is monitored by ToTheNOC, a boutique NOC operation run by the same engineer who built and maintains this hosting environment.

That means when something goes wrong — and eventually something always does — the person who knows the infrastructure best is already watching it. Not a ticket queue. Not a helpdesk reading a runbook. The engineer who built the stack.

Most hosting companies at this price point don't offer that. You're on shared infrastructure managed by a team that might have 10,000 other customers. Response times reflect that reality.

Who this is for

KZNhost is for professionals who want their hosting to work and want to stop thinking about it. Designers, developers, photographers, agencies, small businesses. People who are excellent at what they do and have no interest in managing infrastructure.

It's not for high-traffic e-commerce sites processing thousands of transactions per day. It's not for video streaming platforms. It's not for anyone who needs dedicated hardware or custom server configurations. If that's you, there are better options and I'll tell you so.

KZNhost is managed hosting by a senior NOC engineer. Deploy your hosting or read about the stack.

When You Need Outsourced NOC Monitoring (And When You Dont)

Alex — Tue, 26 May 2026 23:49:16 +0000

Originally published at www.tothenoc.com

The honest answer is: it depends.

Most articles about outsourced NOC monitoring are written by people trying to sell you outsourced NOC monitoring. This one isn't. I run a boutique NOC operation — one engineer, no call centers — and I'll tell you exactly when outsourcing makes sense, and when it doesn't.

What outsourced NOC monitoring actually is

NOC stands for Network Operations Center. Monitoring means eyes on your infrastructure 24/7 — servers, network devices, services, response times, error rates. When something goes wrong, you want to know before your users do.

Outsourcing that function means you're paying a third party to do it instead of hiring in-house staff. The range is enormous: from automated alert forwarding services ($50/mo) to full staffed NOC teams ($10,000+/mo) to boutique single-engineer operations like ToTheNOC.

When outsourced NOC monitoring makes sense

You're an SMB without in-house IT staff. You have infrastructure — servers, firewalls, cloud resources — but no one whose job it is to watch them. Hiring a sysadmin costs $80,000+/year before benefits. A NOC retainer costs a fraction of that, and you get someone who's seen more failure modes in a year than most in-house hires see in a decade.

You're an MSP who needs after-hours coverage. Your team covers 9-5. Incidents don't respect business hours. Outsourcing NOC coverage for nights and weekends is standard practice for MSPs who want to offer 24/7 SLAs without paying 24/7 salaries.

You have a specific stack and need someone who knows it. Cisco firewalls, VMware, AWS, Windows Server — these aren't interchangeable skills. If your infrastructure is specific, you want a NOC that has actual experience with your stack, not someone reading documentation at 3am.

Downtime is expensive. If an hour of downtime costs you $5,000 in lost revenue, a NOC retainer at $700/month is trivially justified. If an hour of downtime costs you nothing, it probably isn't.

When outsourced NOC monitoring doesn't make sense

You're a two-person startup with a $20/month VPS. You don't need NOC monitoring. You need good backups and Uptime Robot. Save your money.

Your infrastructure changes every week. NOC monitoring works best on stable environments. If you're constantly rebuilding, the onboarding overhead outweighs the benefit.

You want someone to manage your infrastructure, not monitor it. Monitoring is watching and alerting. Management is making changes, applying patches, responding to incidents. These are different services with different scope and pricing. Know which one you need.

What to actually look for in a NOC provider

Response SLA with teeth. "We'll respond within 4 hours" means nothing if the contract doesn't define what "respond" means. Does it mean an acknowledgment email, or does it mean an engineer is actively working the issue?

Direct escalation path. When something is on fire, you should be able to reach a human who knows your environment. Not a ticket number. Not a tier-1 agent reading a script. A person.

Stack compatibility. Ask them what they've actually worked with. Cisco vs Fortigate vs SonicWall are not the same. AWS vs VMware vs bare metal are not the same. Vague answers are a red flag.

Onboarding process. A good NOC provider will want to understand your environment before they start monitoring it. If they can onboard you in 10 minutes with no questions, they're not really monitoring anything meaningful.

The boutique vs enterprise NOC trade-off

Large NOC providers have scale. They also have shift rotations, documentation dependencies, and tier-1 filters between you and anyone who can actually solve your problem. The engineer who monitored your environment last Tuesday might not be the one who responds to your incident on Saturday.

Boutique NOC operations like ToTheNOC trade scale for continuity. One engineer who knows your environment, your stack, your quirks. No handoff documentation because there's no handoff. That's a meaningful difference when something goes wrong at 2am.

The right choice depends on your infrastructure size, budget, and how much you value consistency vs coverage breadth. For most SMBs and MSPs in the 5-50 server range, boutique is the better fit.

Alexandru Cazan is a senior NOC engineer with 25+ years of remote infrastructure experience. Book a free 30-minute technical call to discuss your monitoring needs.

What a 4-Hour NOC Response SLA Actually Means at 3am

Alex — Tue, 26 May 2026 23:44:05 +0000

Originally published at www.tothenoc.com

SLAs are contracts. What matters is execution.

Every NOC provider advertises response SLAs. "4-hour response." "1-hour critical response." "24/7 coverage." These numbers are easy to print on a website. What they mean in practice varies enormously — and you usually only find out when something is already broken.

I've been on both sides of this. As a senior NOC engineer handling emergency responses, and as someone who's had to clean up after a "guaranteed 4-hour response" that turned into a 14-hour outage. Here's what actually matters.

What "response" means — and what it doesn't

Read the fine print on any SLA. "Response" is almost never defined as "your problem is solved." It usually means one of three things:

Acknowledgment: We received your alert. A ticket has been opened. An automated email was sent. This is the weakest possible definition.
Initial triage: An engineer has looked at the alert and classified the severity. Still no guarantee of resolution timeline.
Active engagement: An engineer is actively working the issue. This is what you actually want.

When evaluating a NOC provider, ask explicitly: "When you say 4-hour response, does that mean an engineer is actively working my issue within 4 hours, or that I've received an acknowledgment?" The answer tells you everything.

What actually happens at 3am when a server goes down

A realistic sequence with a well-run NOC:

T+0:00 — Monitoring system detects anomaly (service timeout, disk full, interface down)
T+0:02 — Alert fires. If it's a transient spike, it clears and nothing happens. If it persists:
T+0:05 — Engineer is paged. Not a bot. Not a tier-1 filter. An engineer.
T+0:10 — Engineer is logged in, running diagnostics. Checks logs, service status, recent changes.
T+0:20 — Root cause identified in most cases (disk, process crash, network, application). Remediation begins.
T+0:45 — Service restored or escalation path activated if issue requires vendor involvement.

That's what good looks like. A 4-hour SLA means the engineer is engaged within 4 hours of the alert — not that resolution takes 4 hours.

Red flags in NOC SLA agreements

SLA credits instead of resolution commitments. "If we miss our SLA, you get a credit on next month's invoice." A credit is nice. It doesn't fix your 6-hour outage. Ask about resolution commitments, not just credit policies.

Tiered escalation with undefined timelines. Tier-1 responds in 1 hour, escalates to tier-2 in 2 hours, tier-2 escalates to tier-3… By the time someone who can actually solve your problem is on the call, you're 6 hours in. For SMBs, a flat escalation path to a senior engineer is worth more than a multi-tier SLA.

Exclusions buried in the contract. "SLA applies during business hours." "SLA excludes third-party service outages." "SLA excludes hardware failures." Read the exclusions before you sign.

No documentation of your environment. If the NOC doesn't have documentation of your specific infrastructure — topology, credentials, runbooks — their engineer is starting from scratch during your incident. That costs time you don't have.

What the ToTheNOC response SLA actually means

When a client in the NOC Command plan has an incident, the SLA is under 4 hours — but in practice it's usually under 15 minutes. Why? Because there's no tier-1 filter. The alert goes directly to me. I know the client's environment because I documented it during onboarding. I'm not reading a wiki to figure out what credentials to use.

The advantage of a boutique NOC isn't just the SLA number — it's the context. One engineer who knows your environment responds faster and more effectively than a staffed NOC where the overnight shift has never seen your infrastructure before.

Questions to ask any NOC provider before signing

What does "response" mean in your SLA — acknowledgment, triage, or active engagement?
Who specifically responds to my incident at 3am — tier-1, tier-2, or a senior engineer?
What documentation will you maintain about my environment?
What are the SLA exclusions?
Can I see a sample incident report from a past engagement?
What's your escalation path if the on-call engineer can't resolve the issue?

Alexandru Cazan is a senior NOC engineer with 25+ years of remote infrastructure experience. Learn more about NOC Response services or book a free technical call.

CyberPanel + LiteSpeed vs cPanel: A NOC Engineers Infrastructure Assessment

Alex — Tue, 26 May 2026 23:38:55 +0000

Originally published at www.tothenoc.com

I've monitored both stacks in production. cPanel environments and CyberPanel + LiteSpeed environments behave very differently under pressure — and from a NOC perspective, that difference matters.

This isn't a feature comparison. It's an operational assessment from someone who gets paged when things go wrong at 3am.

How Hosting Stacks Fail at 3am

Most hosting outages aren't caused by hardware failure. They're caused by resource exhaustion — and how the stack handles resource exhaustion determines whether you get a 5-minute blip or a 45-minute incident.

Apache under load spawns processes. Each process consumes memory. Under a traffic spike or a runaway PHP script, Apache stacks up workers until the server OOMs or the kernel starts killing processes. Recovery requires intervention: restart Apache, clear the backlog, verify services came back clean. From alert to resolution: 15-30 minutes on a good night.

LiteSpeed under load queues requests within its event-driven worker model. It degrades gracefully — slow responses before failure, not hard crashes. When the pressure drops, it recovers without restart. From alert to resolution: often self-resolving within minutes.

That difference in failure mode is why I run KZNhost on LiteSpeed, and why I recommend it to clients evaluating hosting infrastructure.

Observability Differences

Monitoring a cPanel stack requires instrumenting multiple layers: Apache access/error logs, PHP-FPM logs, MySQL slow query log, WHM service checks. These don't talk to each other natively. You stitch them together with custom scripts or an RMM agent.

CyberPanel centralizes more of this. LiteSpeed's real-time statistics API surfaces connection counts, request queues, worker utilization, and cache hit rates in a single endpoint. For NOC monitoring, that's a meaningful reduction in integration overhead.

From my monitoring setup on KZNhost via ToTheNOC:

LiteSpeed real-time stats → alerting on worker saturation before it becomes an outage
LSCache hit rate → early warning on cache invalidation issues
PowerDNS query metrics → DNS anomaly detection
OCI ARM resource utilization → infrastructure headroom tracking

cPanel environments require more bespoke instrumentation to get to the same visibility. More moving parts, more maintenance, more things that drift out of alignment over time.

Security Surface Area

cPanel runs a lot of services. FTP, cPHulk, cPanel daemon, WHM, webmail, multiple mail services — many of them exposed by default. Hardening a cPanel server means systematically auditing and disabling what you don't need. Most environments never get fully hardened because it's tedious and breaking things is easy.

CyberPanel runs fewer services with a smaller default attack surface. LiteSpeed's ModSecurity integration filters at the server level — before PHP executes. That matters: a WAF that runs before your application code is categorically more effective than one that runs inside it.

From a NOC security monitoring perspective, fewer exposed services means fewer alert sources to tune and fewer false positives to triage. That's not a small thing when you're managing multiple client environments.

Operational Overhead Over Time

cPanel licensing has become a recurring cost variable — prices have increased multiple times in recent years, and the trajectory isn't downward. For hosting providers, that means either margin compression or passing costs to clients. For self-managed environments, it's a budget line that keeps growing.

CyberPanel's open-source core eliminates that variable. The commercial LiteSpeed license has predictable pricing. For environments I manage under NOC contract, predictable infrastructure costs are part of what makes long-term planning possible.

When cPanel Is Still the Right Answer

cPanel's ecosystem is massive. Legacy applications built around cPanel APIs, clients with deep muscle memory for the interface, hosts that need to support the full WHM reseller model — there are legitimate reasons to stay on cPanel.

If I'm assessing a client environment and they're running cPanel with no specific pain points, I'm not going to recommend a migration just to run a newer stack. Migrations carry risk. Stability has value.

But if a client is evaluating new infrastructure — greenfield deployment, migration from an underperforming host, scaling a current setup — CyberPanel + LiteSpeed is what I recommend. And it's what I run on KZNhost.

The NOC Verdict

Better failure mode behavior. Better observability. Smaller security surface. Predictable licensing costs. Faster performance at the same hardware spec.

CyberPanel + LiteSpeed wins on every operational metric I care about. That's why it's the stack I chose for infrastructure I'm responsible for monitoring 24/7.

If you're running infrastructure that needs NOC-level monitoring regardless of what control panel it's on — let's talk.

LiteSpeed + CyberPanel: The Stack Behind KZNhost

Alex — Tue, 26 May 2026 23:33:09 +0000

Originally published at www.kznhost.com

Most shared hosting runs Apache. That's the problem.

Apache has been the default web server for decades. It works. It's also not particularly fast for modern PHP workloads, it doesn't handle concurrent connections efficiently at scale, and it has no built-in caching layer worth mentioning.

LiteSpeed is a drop-in replacement for Apache — it reads the same .htaccess files, runs the same PHP, handles the same configurations — but it handles traffic fundamentally differently. Event-driven architecture instead of process-per-request. Built-in opcode cache. HTTP/3 support. And critically: LiteSpeed Cache, which is one of the most effective WordPress caching plugins available.

What LiteSpeed actually does for WordPress performance

A standard Apache + WordPress setup serves a page like this: PHP executes, queries the database, builds the HTML, sends it to the browser. Every request. Every time. Even if nothing has changed since the last request.

LiteSpeed with LSCache changes that. The first request builds the page. Subsequent requests are served from cache — static HTML, delivered in milliseconds, with zero PHP execution and zero database queries. For a typical WordPress blog or portfolio, that means pages load in under 100ms instead of 300-800ms.

The cache is also smart: it knows to invalidate when you publish a new post, when you update a plugin, when comments are approved. You don't manage it manually. It works.

Why CyberPanel instead of cPanel

cPanel is the industry standard control panel. It's also expensive per-account licensing, resource-heavy, and built around Apache. CyberPanel is a modern web hosting panel built specifically for LiteSpeed — it's the native control panel for this stack, not an afterthought.

For the end user, the practical differences are mostly invisible — you still get file management, email accounts, DNS management, SSL provisioning, one-click WordPress installs. The difference shows up in performance and resource usage: CyberPanel + LiteSpeed uses less RAM per site than cPanel + Apache, which means more headroom for the sites that actually need it.

The OCI ARM infrastructure layer

KZNhost runs on Oracle Cloud Infrastructure (OCI) ARM instances. ARM architecture has become the performance-per-watt winner for server workloads — AWS Graviton, Ampere Altra, Oracle ARM shapes all demonstrate that ARM handles PHP and web serving workloads at equivalent or better performance than x86 at lower cost.

The infrastructure running KZNhost is enterprise-grade Oracle Cloud — the same platform powering production workloads globally, not a VPS provider's oversubscribed hardware.

PowerDNS for DNS, Let's Encrypt for SSL

DNS is handled by PowerDNS — a production-grade authoritative nameserver used by large ISPs and enterprises, not a shared DNS service with inconsistent propagation times.

SSL certificates are provisioned automatically via Let's Encrypt. HTTPS is standard, not an add-on. HTTP/2 is enabled by default. Certificate renewal is automated.

The monitoring layer: ToTheNOC

The infrastructure runs under continuous NOC monitoring by ToTheNOC. That's not a sales line — it's the actual setup. The same engineer who built and maintains the hosting stack monitors it for uptime, performance degradation, disk space, and service health.

When something goes wrong, there's no support ticket. No tier-1 helpdesk. The person who knows the infrastructure responds. That's the operational model.

Summary: why this stack

LiteSpeed over Apache: faster PHP, built-in caching, HTTP/3
CyberPanel over cPanel: modern hosting panel, native LiteSpeed integration, lighter resource footprint
OCI ARM over commodity VPS: enterprise cloud infrastructure, Ampere Altra performance per cost
PowerDNS over shared DNS: production-grade nameserver, consistent propagation
NOC monitoring over standard uptime checks: engineer-level response, not just ping alerts

This is the stack I built for my own infrastructure and run for clients who want hosting that works without thinking about it.

KZNhost runs on LiteSpeed + CyberPanel + OCI ARM, monitored by ToTheNOC. One plan, €9.99/month.

CyberPanel + LiteSpeed vs cPanel: Why We Ditched the Industry Standard

Alex — Tue, 26 May 2026 23:33:08 +0000

Originally published at www.kznhost.com

Everyone runs cPanel. It's the default. The safe choice. The thing you pick when you don't want to think about it.

We thought about it. And we switched.

KZNhost runs on CyberPanel + LiteSpeed Web Server on Oracle Cloud ARM infrastructure. This isn't a marketing decision — it's an infrastructure decision made after running both stacks in production. Here's what that actually means for your sites.

The Stack Problem Nobody Talks About

cPanel is a control panel bolted on top of Apache (or sometimes Nginx). Apache was designed in 1995. It handles each request with a new process or thread — fine for 1999, expensive for 2026. Under load, memory usage spikes. Response times degrade. You throw more RAM at it and call it a day.

LiteSpeed was built as an Apache drop-in replacement that doesn't inherit Apache's concurrency model. It uses an event-driven architecture — one worker handles thousands of concurrent connections without spawning new processes. The result: same hardware, dramatically less resource consumption under load.

CyberPanel is the control panel built specifically for LiteSpeed. Not adapted for it. Built for it. That distinction matters.

Real Numbers, Not Marketing Copy

When we migrated our stack to CyberPanel + LiteSpeed on OCI ARM (Ampere Altra processors), we measured the difference on identical WordPress installations:

Time to First Byte (TTFB): dropped from ~380ms to ~90ms on cache-warmed pages
PHP workers under load: LiteSpeed handles 3x the concurrent requests at the same memory footprint
WordPress admin: noticeably faster — CyberPanel's LiteSpeed cache integrates at the server level, not plugin level
SSL provisioning: automated via Let's Encrypt, zero manual intervention

These aren't synthetic benchmarks. This is the stack your site runs on when you deploy on KZNhost.

What CyberPanel Actually Changes

Beyond the web server, CyberPanel changes how the entire hosting environment is managed:

DNS: PowerDNS instead of BIND. Faster propagation, cleaner management, better performance under query load.

Mail: Postfix + Dovecot with proper DKIM/SPF/DMARC configuration out of the box — not an afterthought.

Security: ModSecurity WAF integrated at the LiteSpeed level. Requests get filtered before they hit PHP. cPanel WAF runs after the web server has already done work.

Cache: LiteSpeed Cache (LSCache) operates as a server-level full-page cache. WordPress plugins like W3 Total Cache or WP Rocket work at the PHP level — they still invoke PHP to serve cached pages. LSCache serves cached pages without touching PHP at all.

The ARM Factor

Our infrastructure runs on Oracle Cloud ARM — Ampere Altra processors. ARM in the datacenter isn't the same ARM as your phone. Ampere Altra is purpose-built for server workloads: high core count, excellent memory bandwidth, low power consumption per operation.

Combined with LiteSpeed's efficient concurrency model, the result is a hosting stack that scales cleanly without the exponential resource costs of traditional x86 + Apache setups.

Why We Don't Offer cPanel

We run one plan. One stack. One infrastructure decision we stand behind.

cPanel licensing costs have increased significantly over the past few years — costs that hosting providers pass to customers. CyberPanel's open-source core eliminates that overhead. We pass the savings to you as part of a flat €9.99/month that doesn't tier up or surprise you with add-on fees.

If you need cPanel specifically — for a legacy application, for familiarity, for a specific workflow — we're probably not the right host. We're comfortable with that.

If you need a fast, well-maintained stack managed by a senior NOC engineer who monitors it around the clock via ToTheNOC — that's exactly what KZNhost is built for.

The Bottom Line

CyberPanel + LiteSpeed isn't the industry standard because the industry defaults to what's familiar, not what's optimal. We made a different call. The performance numbers back it up, the infrastructure cost model backs it up, and every site deployed on KZNhost runs on it.

You get 3 domains, 15GB SSD, unlimited bandwidth, and a stack that was engineered rather than inherited — for €9.99/month. No tiers. No gotchas.

Deploy your first site →