Funny you should ask this because I just got finished setting this up myself this week.
The reason I did this is because my shared host got sold and pretty much crapped out. Virtually no technical support, just "we're having problems, no ETA" has been going on for weeks.
I am a software developer and not a network engineer, but honestly it was not difficult at all and I got good support. I'm not sure if I'm allowed to mention services here, but after much searching I used ServerIntellect (www.serverintellect.com).
The name servers for me changed over in about 10 minutes, so nothing to that.
They include software for setting up all your domains, etc., that looks a lot like shared hosting. It was a breeze.
Their VPS is limited to Win/2003+IIS6 but uses SQL/Server 2005 or 2008. It's not much more money to go to a dedicated server where you can get Win/2008+IIS7 and VPN into your server instead of RDP if you like.
VPS and dedicated include service to do all patches. You can choose the schedule. They will handle all the backups (small extra monthly charge), they even have an optional service where they test your site every five minutes to make sure it responds. Does your shared host do that?
If you are using SQL/Server, VPS and dedicated have huge advantages, but for me I wanted control over the bandwidth which you do not get in Shared. With Shared your response time will be inconsistent depending on what else is going on on the server.
With VPS and dedicated, the bandwidth, RAM, CPU are guaranteed, so you can be sure nobody else will affect your response time.
I think it is easier to handle with one login and a control panel to handle all your sites in one place. Perhaps, you have your shared host already setup that way.
I found the DNS part of it a breeze, IIS and basic Windows server admin also to be very straightforward.
So, I think it depends on more than just cost. If you have shared hosting at $8/mo per site and that is working for you with consistent response time; great, why move?
If you want more control over features like SQL/Server, etc., ASP features not ordinarily offered or just more consistent response time, and a lot of other things through one simple interface and/or RDP -- and unlimited # of websites for one monthly price then VPS or dedicated is a good choice and it's still managed for you.
Although I'm getting a 99.995% SLA, for what you could save, you could also have a VPS elsewhere for automatic failover if the sites are static or you know how to do SQL/Server replication. Though serverintellect says they will replace whatever is needed usually within 15 minutes, but latest 4 hours -- with RAID, seems unlikely that would occur. Could happen with your shared host as well, I guess.
Best Answer
It's part of the HTTP 1.1 protocol.
Specifically, the HTTP 1.1 protocol includes a header called "host:" which specifies which web site on a particular server the client is attempting to access.
So, if snoopy.net and woodstock.org both share 192.0.32.10 and your browser is trying to get content from
http://snoopy.net/doghouse
the specific http request would look like:If the desired url is
http://woodstock.org/seeds
the request would look likeIn both cases, there would be a tcp socket between your computer and port 80 of the server. The server would know to get content from /var/www/snoopy.net or /var/www/woodstock.org/ based on the Host header.
There would be other headers for cookies and other stuff like browser type and allowed content, but the "Host" header specifically is what allows the web server to know which virtual web site is desired.
There's more in the RFC2616.
This is also why https sites must** have their own IP address -- the ssl key exchange and certificate verification take place prior to the http transaction, so the http server won't know to give out the certificate for "woodstock.org" or "snoopy.net" when it receives an https connection on port 443 of 192.0.32.10.
edit
** in the comments Grawity points out that there are extensions to SSL in the TLS spec that allow the server to know which web site the user is attempting to access, and that most modern web browsers have these extensions, so must is a bit too strong.