Faсt is a web integrator from Magnitogorsk---the metallurgy capital of Russia---that creates, integrates, and promotes websites. Evgeniy Gabar, the company’s CTO, shared the company’s success story and explained how capital and regional customers differ, when the cloud is more convenient than dedicated servers, how the number of DDoS attacks have grown over the past few years, and why the Internet in Magnitogorsk is just sometimes plain old useless.
How’d you get started?
The company was founded in 2010 by two individuals: Sergei Mikhailov and Dmitriy Fatikhov; both were web developers and programmers. They made a few smaller sites on a local level. They later signed a few contracts with specialists in a related field: SEO. We’re good developers, they were good promoters; it was a good combination.
We quickly built our reputation because we were transparent and honest. We never abandoned a client, regardless of their attitude. Word of mouth eventually got around that these were reliable guys; that they deliver what they promise. By 2011, we were already working with clients from Moscow.
Do you still work together?
No. We started getting clients with more and more complex projects. Quality and complexity grew, as did expenses. Our partners worked in a lower price bracket, and in 2012, our paths split when we left for a higher bracket.
How hard is it for an agency “from the country” to enter the national market?
Now in 2017, this would be absolutely impossible without serious investment. Back then, competition was lighter; there weren’t any companies with fine-tuned business processes, there weren’t any companies with a major workforce. If we tried to do the same thing now, probably nothing would come out of it.
Customers are more mature now. In 2010, the requirements and technology were simpler, same with the frontend; there was no adaptivity or anything like that. If you follow the same path we did, then there should be partners and customers from Moscow and St. Petersburg. As far as promoting go, I think that SEO and development are two completely different things where the thinking is absolutely different. These should now be handled by different companies.
Are there any specifics for entering the national level as opposed to the regional level?
Business processes at the local level should be more concentrated on simpler projects, things that are more conventional and quick. This is because the requirements are lower, from attendance to implementation. A site gives you the chance to position yourself, improve a service, and expand geographically; regional companies pay less attention to the little things, to the design, the interface, the layout… Processes should be short: you don’t need a design department, a visual department with an art director; these are all serious expenses. When you start talking on the regional level about a team that’s going to work on a project, people are more scared than impressed.
Budgets are smaller, expectations are lower---the Internet outside major cities aren’t as developed. People aren’t as squeezed for time and a lot of things are in walking distance. I sometimes joke that the Internet in Magnitogorsk is somewhat useless: when I want to find a store or barber, I can’t look online; I have to wander around and read the shop signs. The city isn’t that small, but I, for example, couldn’t find a barbershop on Google even though there are tons in the city.
So do you consciously turn down small orders?
It’s not like we made a scoring system---we don’t filter our clients---we consciously reorganized our business process to raise quality. This incurred costs: we added different experts, project directors, and testers. And gradually over time, clients with lower requirements stopped contracting us. More serious customers started to appear with full-fledged designs and testing, and we needed a server environment specialist, total monitoring, etc.
And business has still be good?
Dmitriy Fatikhov says, “It’s important to be the best”. This really is important for us. But what does it mean to “be the best”? When everything’s built on this claim, you don’t even have to think about anything. We’ve always worked to improve ourself and our products, and not just at certain times, but constantly. Even now.
Do you ever turn down projects?
We can address this question a few different ways. Maybe the project is bigger than the budget… For example, we may get contacted by a company that needs to design an internal securities-trading service.
We understand that there are dozens (even hundreds!) of companies that have long had their fingers in that pie. It’s not worth us getting involved. Here, we won’t do it “better”. But in the area of DIY, by all means.
(after a pause) But if we understand that absolutely nobody deals with something, that there are no experts on the market; we’ll take it on. Otherwise we wouldn’t be using our time efficiently.
And if everything depends on technical abilities?
A meticulous and obnoxious customer is the best customer. We learn from them. Any time something doesn’t go quite that smoothly, it brings us to the next level. There were these kinds of projects where, for example, we had to assemble a cluster, and we weren’t that ready for it technically. We didn’t have the competence, but we raised the bar. Now we have a whole department of system administrators, and clusters are no longer a problem.
What would you say has been your most complicated project?
TechnoNICOL: over 16 million price entries, high attendance, constant price swapping, updates, different prices based on regions, and ERP synchronization. And this all had to work quickly.
Let’s talk a bit about us. How long have you been work working with us?
Since 2015. We had worked with Hetzner before that. Then we got a client who wanted to host with you. We gave it a try and liked it; we took a server with a configuration that performed better than with Hetzner, and your servers were in Russia.
Clients used to consider the personal data law, which requires personal data on Russian citizens be hosted in Russia, at a half glance. Now they take it much more seriously. And we, as reliable partners, should always keep this in mind, regardless of how are clients feel about it.
Then we started to look at the private cloud. It’s scalable, and we have a lot of projects with inconsistent workloads. If there are peaks, like Black Friday, we can prepare for this by adding resources in a day. We don’t need to have any long conversations with the host or migrate anything. In literally a few clicks, in a few seconds---any day, without the user even knowing it.
But the key reason why we started to send clients your way is because you don’t make clients share resources: we don’t suffer from attacks on our neighbors or their faulty code.
What services do you use?
Dedicated servers, Virtual Private Cloud, and Anti DDoS. Our productions primarily operate on the cloud. For more resource-intensive projects, we use dedicated servers.
There’s no need to reconfigure anything, consult with anyone, or do anything. The configuration is very functional. If we need to set up resources, increase volume, connect or transfer disks, this is done simply in the cloud with just a click of the mouse. For anyone with experience, this is very easy.
We plan on transferring our dev servers for testing and trials from Hetzner to you.
Was there something there that you didn’t like?
The approach. European providers, they’re more focused on European users, and business processes are set up in a European fashion. The same with bookkeeping; they can’t even register us as a legal entity. And as a whole, when working on a project or with services, it’s not always clear at first glance how everything works or how payments work: when, what, how much. Interactions with provider representatives aren’t transparent---it was difficult for me to clearly submit a claim to tech support, even though there were tens of options and, supposedly, every one was what I needed--but I couldn’t narrow it down to one. I would chalk it up to their mentality. Moreover, it was harder to coordinate with tech support in European time.
Also, when Russian banks process foreign currency accounts, they take 30% commission.
What was it about the mentality?
If I just quickly ask a question that was in the FAQ, they’d say, “Read it, don’t bother us with this nonsense”. Selectel explains everything in their tickets without any problems, just more friendly…
How do you decided if a project will be in the cloud or on a dedicated server?
We determine this based on the volume: if we understand that a project has over 100 GB of static content or even 50 GB---which is, like, the average shop---we’ll put it in the cloud. If it needs more space, we’ll suggest a dedicated server.
To a large extent, we choose Selectel servers based on power---servers with that much power and so many configuration we’ve only seen here so far. And, of course, it’s convenient that the cloud and dedicated servers are on one network.
But dedicated server are also sometimes more convenient…
Firstly, nobody’s encroaching in on us here. Secondly, if we don’t need the scalability of the cloud, then performance is initially more important. For clients, there’s the question about price; buying a metal server for a month is cheaper than gathering those resource in the cloud. However, some clients have a prejudice from experience; just the cloud and nothing else. They’ve said that some hosts took a whole week to change a broken RAM module, and then clients were just sick of dedicated servers.
And have you needed DDoS protection?
Yes. You can see this for yourself on TV and the Internet. It’s really serious, by no means a joke. As of late, cybercrime, tailored DDoS attack, hacking attempts, it’s all real. If before, when this was much more rare and the attack algorithms were more transparent, we could manually fend them off, close certain IPs or a pool, for example. We could analyze logs and somehow fended them off for a few hours. Now, attacks are more refined, and Anti DDoS really helps us out. And nobody, not the client or us, needs to perform any heroics to neutralize the attacks. We and our clients handle business tasks, and DDoS---they’re your servers, let them handle it (laughs).
How much more common have attacks become and when’d this happen? Can you make a comparison?
You used to hear the phrase “DDoS attack” once a year, maximum; now it’s every two hours or so. They could easily be cut off or taken down with checks. Roughly by 2016, you’d see attacks once every two months on average where a site would be partially unavailable for a few days (!). Or they’d wear out performance so that visitors couldn’t even work
Attacks started to pop up that would change their algorithms; we’d fend of one, and then in a few days, another attack would start that our new protection couldn’t save us from. We’d sit, analyze, clients would be hanging on the phone with shaking hands. Even five-minute attacks freak out our clients; nobody needs that. Nobody should feel like their resources are being threatened.
In the end, we’ve been recommending everyone DDoS protection for the past half a year. We used to do this on precedent: catch an attack, order the service, forget about it. But we’ve reached the point where everybody’s running, everyone’s gone grey. Now, it’s a sort of standard.
Fact was founded in 2010. Their head office is in Magnitogorsk with branches in St. Petersburg and Orenburg. In 2016, Fact was ranked number one for developers of online shops in the “Runet Ratings” highest price bracket and 12th in Russia for web developers and integrators according to Tagline. The company leads for its number of certified 1C-Bitrix developers. Fact services clients like the online shop TechnoNICOL, the Siberian Generating Company energy holding, Mitsubishi Electric, and many more.