CryptoServers
Launch server

VPS vs Dedicated bare-metal

Concrete thresholds — CPU steal, working-set RAM, disk write bandwidth, network egress — at which KVM stops being enough.

Updated 2026-05-03 Decision guide Provider-agnostic

A VPS is a slice of a hypervisor — fast to provision, easy to resize, shared with neighbours, and excellent value at typical web-server, VPN, mail, IRC, and node workloads. A dedicated bare-metal server is the whole machine — more expensive, more isolated, IPMI-accessible, ECC-RAM-exposed, and free from the noisy-neighbour variable that dominates VPS tail-latency. The decision hinges on four measurable thresholds, not on marketing axes: sustained CPU steal time, working-set RAM size, sustained disk write bandwidth, and sustained network egress. Below all four thresholds, a properly-provisioned VPS delivers within 3-8% of bare-metal performance for typical workloads — almost imperceptible in production unless you specifically benchmark for it. Past any one of the thresholds, the bare-metal upgrade pays for itself the day you provision because the variable that was previously dragging your P99 latency disappears. This page lays out the thresholds in vmstat / iostat terms, sets out the cost crossover (which is closer than most buyers assume — a Shield-tier dedicated runs roughly $24/month above a Pro-tier VPS for double the cores, triple the RAM and mirrored storage), and answers the ECC, IPMI, BGP and security-isolation questions that typically come up at the upgrade decision.

Side-by-side specifications

VPS vs Dedicated bare-metal — at a glance

Numbers and citations are sourced from primary references (Constitutional courts, RFCs, project documentation) wherever available. See the citations block below the FAQ.

Property VPS Dedicated bare-metal
Cost (entry tier, 2026) $16.99-69.00/month $79-599/month
CPU isolation Shared cores via KVM scheduler Single tenant — no other workloads on the silicon
CPU steal time 0-5% typical, can spike on noisy hosts Always 0% (no neighbour to steal from)
RAM type DDR4/DDR5 ECC (host-level) DDR4/DDR5 ECC, exposed to the OS
Storage Shared NVMe namespace, isolated quotas Dedicated NVMe drives, hardware or software RAID
IPMI / out-of-band No — panel-level reboot only Yes — full BMC console + ISO mounting
Custom kernel Allowed (KVM passes through) Full freedom — you ARE the host
Live migration Yes (between hosts on maintenance) No — physical machine
Hot resize (CPU/RAM) Yes, no reboot for vCPU and RAM No — chassis-bound
Snapshot speed Hourly with 7-day retention, panel-driven On-demand via backup volume; no native hourly tier
BGP /29 or /48 announcement Not on VPS plans (shared prefix) Yes — bring an LOA, get a session
Best for Most workloads under 24 GB working set High-RAM, high-IO, single-tenant or BGP-needing workloads
Decision matrix

Pick VPS when… / Pick Dedicated bare-metal when…

Map your workload to the column where more bullets apply. If the count is even, default to the cheaper or simpler option — the marginal difference rarely justifies the extra cost.

Pick VPS when

VPS (KVM hypervisor slice)

Fast deploy, hot-resize, predictable per-month pricing, 92-97% of bare-metal performance for typical web/VPN/mail/node workloads.

  • Your sustained CPU steal time stays below 5% under peak load. If vmstat 1 rarely shows steal (st) above 5, the hypervisor slice is delivering and you're not paying for hardware you can't use.
  • Your working set fits comfortably in 24 GB or less of RAM and your disk write throughput stays under 400 MB/s sustained. Below those points, a Gen4 NVMe-backed VPS gives you the same I/O profile as bare-metal.
  • You need to scale workers horizontally rather than vertically. Spinning up four VPS instances in four jurisdictions for $80/month total beats a single $200 dedicated server for redundancy-driven workloads.
  • You want hot-resize without downtime. KVM lets us add vCPU and RAM to a running VM; bare-metal resize means migrating to a different chassis.
Pick Dedicated bare-metal when

Dedicated bare-metal

Single tenant, no steal time, ECC RAM, IPMI access, hardware-level isolation, and headroom for sustained 5+ Gbps egress or 64+ GB working sets.

  • Your sustained CPU steal regularly exceeds 5% on a VPS. That's a measurable signal that a noisy neighbour is winning the scheduler — bare-metal removes the variable entirely.
  • You need 64 GB+ of ECC RAM for a hot working set (Bitcoin txindex, large Postgres, Lightning routing hub, public Matrix homeserver, archive node). Dedicated is the cleanest path to that headroom with ECC reliability.
  • You want IPMI / out-of-band management for "console even when the OS is hung" recovery. VPS plans don't expose this; bare-metal does.
  • You're running workloads with a hard isolation requirement — security research, regulated-data processing, or just a strong preference for hypervisor-free single-tenancy.
  • You need a custom kernel, custom firmware, BGP-announced /29 or /48, or hardware-level RAID — all standard on bare-metal, often constrained on a VPS.
FAQ

VPS vs Dedicated bare-metal — questions answered

How do I tell if my VPS is actually constrained?
Run vmstat 1 for a peak hour and look at the st column. Sustained values above 5 mean a hypervisor neighbour is taking your scheduled CPU. Run iostat -x 1 and watch w_await (write latency in ms) and %util — if w_await sits above 5 ms or util pegs at 100% during normal load, your shared NVMe namespace is contended. Check free -m for swap activity; any swap-in on a hot path means you've outgrown your RAM tier. None of these warrant immediate dedicated; two of three sustained over a week does.
Is dedicated bare-metal really faster than a same-spec VPS?
Marginally for typical workloads, dramatically for I/O-bound ones. KVM with virtio drivers and AES-NI passthrough delivers within 3-8% of bare-metal CPU performance — almost imperceptible for web servers, VPNs, and node software. Storage is where the gap widens: a single dedicated NVMe drive in a chassis you own runs at full PCIe Gen4 throughput (7 GB/s read), while a VPS slice on a shared namespace might be capped at 1-2 GB/s by quota. For database-heavy or archive workloads, the dedicated win is immediate and large.
What does CPU steal time actually mean?
Steal time is the percentage of wall-clock during which your virtual CPU was ready to run but the hypervisor scheduled a different VM's vCPU on the underlying core. The Linux kernel exposes it via /proc/stat (the steal field) and tools like vmstat, top and mpstat surface it. On a well-provisioned host with reasonable overcommit it stays near 0; on an oversold host it spikes to 20%+ during your peak hours, dragging your P99 latency disproportionately.
When does the cost crossover from VPS to dedicated actually happen?
For a workload that fits 16 GB RAM and 200 GB disk, a $40-55/month VPS is cheaper than any dedicated tier. For 24-32 GB RAM and 400-640 GB disk, the gap narrows — Pro-tier VPS at $55-70/month vs Shield-tier dedicated at $79/month is a $20-30 question for 2× the cores and mirrored storage. Past 64 GB RAM or 1 TB+ disk requirements, dedicated becomes the cheaper option per unit of resource. The crossover is workload-specific; map your peak resource needs to the price grid before assuming dedicated is "always more expensive".
Do I need IPMI for a typical workload?
Probably not for a small VPS-replacement workload, definitely yes for production-critical bare-metal. IPMI gives you a virtual console, power-cycle control, and ISO-mounting that survives a borked kernel update or a misconfigured firewall that locked SSH. On a VPS, the panel offers reboot and reinstall as ticket-free options; on dedicated, IPMI is your only out-of-band recovery path. Lose IPMI, lose remote-hands cost-free recovery.
Can I run a Tor relay on dedicated and what would I gain?
Yes, and the gains are mostly headroom. A vps-growth handles a 10-50 TB/month Tor relay comfortably; bare-metal lets you run two or three relays plus an exit plus a hidden service from one chassis without resource competition. For a single relay, VPS is more cost-effective. For an operator running a small fleet (>3 relays, or one big exit), dedicated's steal-time-zero CPU and dedicated NIC are operationally cleaner.
What about ECC RAM — does VPS expose it to the guest?
Host-level ECC is universal at quality providers (no SEU corruption flips your guest's memory silently), but the guest VM itself sees plain virtio memory and cannot trigger ECC-aware pathways at the kernel level. Bare-metal exposes ECC fully — your Linux kernel sees the EDAC subsystem, can log corrected errors, and can act on them. For workloads where memory-corruption-as-correctness-bug matters (financial systems, blockchain consensus code, large in-memory databases), bare-metal's exposed ECC is meaningfully different.
Is a dedicated server safer than a VPS in security terms?
For most threats, no — both run a properly hardened OS and the attack surface is largely the same userspace software. Where dedicated wins is the elimination of cross-VM side-channel attack categories (Spectre/Meltdown variants, last-level-cache timing leaks). These are exotic attacks, but they exist; a single-tenant box has no co-located adversary by definition. For regulated-data workloads where the compliance framework demands hardware-level isolation, dedicated is the documented answer.
Citations

Primary sources

Where the numbers and legal claims above come from. We link to the primary source rather than to a re-publisher whenever it is available.

Keep deciding

Related comparisons

Bitcoin vs Monero

Bitcoin vs Monero for paying for hosting — settlement time, fees, on-chain privacy, refund suitability, and a practical decision tree.

Read comparison

Netherlands vs Romania

Netherlands vs Romania for offshore hosting — AMS-IX peering vs Bucharest price-tier, content posture, EU GDPR alignment, and where each one wins.

Read comparison

Decided? Deploy in 60 seconds

No email, no ID, no account. Pick a plan, pay in crypto, get root.

Launch a server All comparisons