Cloud & Infrastructure Security

Server

About 5 min read

Last updated: 2026-04-16

What Is a Server

A server is a computer or software that provides services and data to other computers (clients) over a network. The term comes from "to serve" - servers receive requests and return processed results.

When you enter a URL in your browser, a web server receives the request and sends back HTML, images, and other content. Email delivery, domain name resolution, database queries - virtually every internet service relies on servers behind the scenes.

The word "server" can refer to both hardware (a physical machine) and software (Apache, Nginx, etc.). A single physical machine commonly runs multiple server software instances simultaneously.

Types of Servers

Web Server
Handles HTTP/HTTPS requests and serves web content (HTML, CSS, JavaScript, images). Apache, Nginx, and IIS are common examples. Also functions as reverse proxy and load balancer.
Mail Server
Processes email sending (SMTP) and receiving (POP3/IMAP). Examples include Postfix, Microsoft Exchange, and Gmail's backend.
DNS Server
Resolves domain names to IP addresses. Split into authoritative DNS servers (holding official domain records) and caching DNS servers (temporarily storing query results).
Database Server
Specializes in data storage, retrieval, and updates. MySQL, PostgreSQL, MongoDB, and Redis are common examples.

In practice, a single server may serve multiple roles, or a single role may be distributed across hundreds of servers. Large-scale web services typically separate web, application, and database servers, scaling each independently.

Physical Servers vs Cloud

On-Premises
Physical servers in your own data center. Full control over hardware and data location, but high upfront investment and weeks-to-months procurement time.
Cloud (IaaS/PaaS)
Virtual servers from providers like AWS, Azure, or GCP. Launch in minutes, auto-scale on demand, pay-as-you-go. May cost more than on-premises for stable, long-term workloads.
Hybrid
Combines on-premises and cloud. Sensitive data stays on-premises while variable workloads use cloud resources.

Serverless architectures (e.g., AWS Lambda) let developers build applications without managing servers. However, physical servers still run behind the scenes - "serverless" refers to the transfer of management responsibility, not the absence of servers.

Server Security Fundamentals

  • Patch management: Apply security patches promptly. Unpatched known vulnerabilities are the biggest risk. Automate updates to minimize delay.
  • Firewall configuration: Open only necessary ports and block access to unused services. Changing SSH from port 22 to a custom port reduces automated scanning.
  • Access control: Disable root login, minimize sudo privileges, and follow the IAM principle of least privilege.
  • Log monitoring: Regularly review access, authentication, and error logs. SIEM tools enable automated analysis.
  • Backups: Follow the 3-2-1 rule. Offline backups are essential for ransomware protection.

Choosing the Right Server

  • Traffic volume: A small site with a few thousand monthly page views can use shared hosting. Millions of monthly views require CDN integration and auto-scaling.
  • Availability requirements: 99.9% (about 8.7 hours downtime/year) vs 99.99% (about 52 minutes/year) have vastly different redundancy costs.
  • Data residency: GDPR and other regulations may require data to remain in specific regions, affecting cloud region selection.
  • Operational capacity: Managed services and serverless reduce operational burden but limit customization.

"Default to cloud" isn't always optimal. For predictable, stable workloads, reserved instances or dedicated servers may be more cost-effective. Clarify requirements before comparing options.

Common Misconceptions

Servers must be special high-performance computers
Technically, a home PC or Raspberry Pi can function as a server. 'Server' describes a network role, not hardware specifications. Commercial environments use server-grade hardware for reliability and redundancy.
Moving to the cloud eliminates server management
With IaaS (e.g., EC2), OS patching and security configuration remain your responsibility. Even with PaaS and serverless, application-level security, access control, and monitoring are your job. Understanding the <a href='/glossary/shared-responsibility-model'>shared responsibility model</a> is critical.
Serverless means no servers exist
Serverless means the cloud provider manages the servers. Physical servers still run behind the scenes. The term describes an operational model where developers don't handle provisioning or scaling.
Share

Related Terms

CDN (Content Delivery Network) A globally distributed network of edge servers that caches and delivers web cont… DNS (Domain Name System) A system that translates human-readable domain names (e.g., example.com) into IP… Firewall A security mechanism placed at network boundaries that inspects and controls inc… IaC (Infrastructure as Code) An approach to defining, provisioning, and managing infrastructure configuration… Container Security The comprehensive set of security practices for safely building, deploying, and … Cloud Shared Responsibility Model A security framework that clearly divides responsibilities between the cloud ser…

Related Articles

Where Is 'the Cloud' Actually Located? The Truth About Other People's Computers Learn that the cloud consists of physical servers in data centers worldwide, the network diagram 'cl… Why Updates Are Annoying but Necessary - The Real Danger of Clicking 'Later' Learn about the importance of security patches, how zero-day exploits work, the WannaCry (230,000 de… Cloud Storage Security: How to Keep Your Data Safe in the Cloud Weigh the convenience and risks of cloud storage, and learn practical measures like encryption and a…
← Glossary