Continuing our series of request-for-quote deep dives, this article looks at a recent managed Windows hosting RFQ reviewed by the Atlantic.Net pre-sales team. The request covered a migration involving Windows Server, Microsoft SQL Server, and SmarterMail in a single managed environment.

An RFQ is the formal document a buyer sends to hosting providers when comparing migration options. It typically sets out the required compute, storage, networking, licensing, security, backup, support, and pricing expectations, then asks each provider to respond line by line. For buyers, the value is not just in whether a provider says “yes” to each requirement, but in how clearly they explain what is included, what is conditional, and what falls outside the managed scope.

In this case, the customer was a small IT consultancy running a hosting reseller business on the East Coast. The existing managed cloud VM had become less predictable: performance was inconsistent, support response had declined, and monthly costs had increased. The customer wanted to move a Windows Server, Microsoft SQL Server, and SmarterMail stack to a new managed hosting provider within a few weeks.

On paper, many managed hosting proposals can look similar. Daily backups, managed firewalls, 24x7x365 support, IPv4 allocation, security tools, and multi-year discounts are common line items. The difference is in the detail. A credible RFQ response explains where the platform is strong, where support boundaries apply, how pricing works, and what trade-offs the customer should understand before migration begins.

Atlantic.Net’s response covered storage redundancy, firewall capabilities, backup policy, support response targets, multi-year pricing, migration-phase pricing, data center selection, and the support boundary around SmarterMail. The sections below walk through those categories and show how a managed Windows and Microsoft SQL Server hosting quote can be evaluated line by line.

What Atlantic.Net Can Deliver from Day One

Atlantic.Net offers cloud deployments on shared infrastructure and dedicated hosts. We also have a unique set of managed services that can be wrapped around the customer’s environment.

Storage and redundancy. The cloud platform runs on NVMe SSD storage with RAID 10 at the local storage level and cluster-level redundancy above it. The platform is designed for high availability. Planned host maintenance can be handled through VM migration, while host-failure behavior depends on the underlying cluster design and may involve failover. Storage is encrypted at rest. The configuration scoped to this customer’s brief was 8 vCPU, 64 GB RAM, and 400 GB of NVMe SSD storage.

IPv4 and IPv6. A /29 IPv4 allocation and full IPv6 support are included at no extra charge on this configuration. The customer had asked about IPv6 filtering in the context of firewall rules; the answer was that both IPv4 and IPv6 are handled by the managed FortiGate firewall.

Operating system and database. The customer wanted Windows Server 2025 and SQL Server 2022. Both were supported for the scoped environment. SQL Server 2022 Web Edition is supported for eligible hosted web workloads, subject to Microsoft service-provider licensing terms.

Firewall. The managed firewall is FortiGate-based and is fully managed by the Atlantic.Net 24x7x365 US-based support team. The customer specifically asked about both geographic and IPv6 filtering. Custom allow and deny rules can be configured, and country-level geo-blocking is supported.

DDoS. DDoS mitigation runs via Cloudflare. The Atlantic.Net data centers are directly peered with Cloudflare, which matters for both latency and reliability during an active mitigation event.

Endpoint security. The Trend Micro Security Suite provides protection against malware and ransomware, as well as endpoint protection. This runs as a managed layer, not a self-managed installation.

Backups. Daily managed backups are included, with file-level restore capability. Backup storage runs on separate storage nodes, not the same physical storage as the VM, and is encrypted at rest. The combination of cluster-level VM redundancy and a separate encrypted backup tier means the customer has two distinct layers of data protection rather than a single system doubling as both.

How Atlantic.Net Handles Support Response Targets

Support response time is one of the most-requested items in a managed-hosting RFQ and one of the most inconsistently answered. Many providers publish response-time SLAs as hard contractual commitments with remediation clauses; others qualify them so heavily in the body of the contract that the headline number is effectively meaningless. Atlantic.Net’s approach is different, and it is worth explaining why.

Atlantic.Net publishes Service Level Objectives for support response times. The targets are: Critical issues: 15 minutes; High severity: 1 hour; Normal requests: 4 business hours. Phone calls are prioritized over portal-submitted tickets, particularly when an issue is active and service-impacting.

The reasoning is operational rather than legal. Support response handling depends on the nature of the issue, the accuracy of the priority the customer assigned, the depth of investigation the issue requires, and whether the ticket is tied to an active service-impacting event or a routine change request. A rigid SLA that commits to a 15-minute response regardless of those variables creates the wrong incentives: it rewards fast first-contact acknowledgment over competent triage, and it penalizes the team for being honest when an investigation exceeds the SLA window.

An SLO is an operational target that the team manages against. It exists to be met consistently. Pairing that with US-based phone-priority routing for active issues means that the customer who calls with a production problem reaches a technician who can actually work the issue, rather than a ticket queue that has already missed its first-response window.

For customers who have come from providers with rigid SLA structures and found that the legal commitment didn’t translate into faster resolution, that distinction may be more meaningful than it first appears. The commitment here is to the outcome. Atlantic.Net’s Cloud Service Level Agreement covers infrastructure-layer availability separately; the 100% SLA on network, hardware, and power is a distinct and contractual commitment. The SLO framework applies to support response.

What We Can and Cannot Do

Two requests in this RFQ received direct negative answers. Both are worth recording in full because providers who decline are easier to plan around than those who hedge.

No migration-phase discount. The customer asked twice. The first ask was a standard request for a reduced rate during the migration window. The second was to start on a smaller configuration during migration, scale to the full spec at go-live, and apply the discount to the smaller-configuration period. Atlantic.Net presented the best available customized options. Atlantic.Net offers a 10 percent discount on a 24-month commitment and a 20 percent discount on a 36-month commitment. Those discounts apply throughout the term of the agreement.

Atlantic.Net offers a discount structure that is tied to the full agreement term rather than a temporary migration period. Atlantic.Net’s role during a migration is to deliver a fully configured environment on day one from the delivery date, which requires the full specification from the start. A reduced-spec migration environment that must be reconfigured at go-live adds a change event to what is already a complex transition period. The discount structure Atlantic.Net offers is applied to the commitment term, not to a partial service period. Regardless, Atlantic.Net stands ready to assist clients with a customized solution that is a win-win for all.

No data center pricing or capability differential. The customer asked whether Ashburn, Virginia, or New Jersey offered better pricing or capabilities for their use case. The answer was no: for this scoped configuration, Ashburn, Virginia, and New Jersey offered the same capabilities at the same price. The customer can choose the location that best fits their geography, latency requirements, or client base, and they will get the same configuration at the same price either way.

For a small to mid-size reseller managing a portfolio of client environments, predictability has genuine value. Uniform pricing is a simpler model to plan around.

SmarterMail

Atlantic.Net does not normally provide full application-level support for SmarterMail from the outset; , we were more than happy to install SmarterMail and configure it for the customer’s environment. Atlantic.Net’s Migration Assistance Team can assist with mailbox and domain configuration migration from the previous provider. The caveat is that ongoing application-level support for SmarterMail is limited.

What that means in practice: the managed environment covers the layers that Atlantic.Net operates. Windows Server, IIS, the SQL Server instance on which SmarterMail depends, the FortiGate firewall, OS-level patching, daily backups, and the Trend Micro endpoint suite.

All of those layers are fully managed. SmarterMail itself sits on top of that infrastructure. The customer brings the SmarterMail license, and either the customer or SmarterTools’ own support team leads on application-level questions: delivery rules, spam filter configuration, webmail interface issues, domain-specific mail routing, and anything that requires knowledge of SmarterMail’s internal configuration model.

Setting up the right expectation was a sensible choice for both sides. The customer running SmarterMail for a portfolio of reseller clients typically knows the application well enough to manage it at the application layer. What they need from a managed host is a stable, well-secured, well-patched foundation underneath it, and that is exactly what is in scope. A provider that promises full SmarterMail application support without a SmarterTools certification to back it up may find that commitment does not hold under complex domain configurations or during a version upgrade. Stating the right expectations up front avoids that problem entirely.

What the RFQ Looks Like as a Production Configuration

The customer joined Atlantic.Net this year and is currently running from the Ashburn, Virginia, data center. The production configuration is 8 vCPU, 64 GB of RAM, and 400 GB of NVMe SSD storage. Storage uses RAID 10 at the local storage level, with cluster-level redundancy across the platform and encryption at rest. Planned host maintenance can be handled through VM migration, while host-failure behavior depends on the underlying cluster design and may involve failover. A /29 IPv4 allocation and full IPv6 support are included with the configuration.

The operating environment is Windows Server 2025. Microsoft SQL Server Web Edition 2022 runs on the same managed basis. The FortiGate-managed firewall provides IPv4 and IPv6 filtering, custom allow and deny rules, and country-level geo-blocking, fully managed by Atlantic.Net’s 24x7x365 US-based support team. The Trend Micro Security Suite provides malware and ransomware protection, as well as endpoint protection. DDoS mitigation runs through Cloudflare via the direct peering at the Atlantic.Net data center. Daily managed backups with file-level restore are stored on separate encrypted storage nodes.

SmarterMail installation and configuration were included. Support runs 24x7x365, is US-based, and response SLOs are 15 minutes for Critical, 1 hour for High, and 4 business hours for Normal. The Atlantic.Net managed cloud hosting platform carries a 100% SLA on infrastructure availability.

Reading the Quote You Receive

A managed-hosting RFQ response is, in the end, a document that has to survive contact with a real production environment.

Atlantic.Net’s response to this customer’s RFQ is a worked example of what that pattern looks like across a Windows, Microsoft SQL Server, and SmarterMail stack. The caveat in SmarterMail names the boundary in terms of what is and is not managed. A customer can set that document next to two or three competitor responses and read each provider’s pattern instead of just totaling the bullet points.

If you are evaluating Atlantic.Net for a similar Windows stack migration, walk us through your application stack, storage and redundancy requirements, firewall and backup expectations, preferred data center, and the multi-year commitment you are willing to make. Atlantic.Net’s pre-sales team can review the requirements line by line and define what is included, what is conditional, and where support boundaries apply.