VPS vs Dedicated bare-metal

Q: Comment savoir si mon VPS est réellement contraint ?

Run vmstat 1 for a peak hour and look at the st column. Sustained values above 5 mean a hypervisor neighbour is taking your scheduled CPU. Run iostat -x 1 and watch w_await (write latency in ms) and %util — if w_await sits above 5 ms or util pegs at 100% during normal load, your shared NVMe namespace is contended. Check free -m for swap activity; any swap-in on a hot path means you've outgrown your RAM tier. None of these warrant immediate dedicated; two of three sustained over a week does.

Seuils concrets — CPU steal, RAM de travail effective, bande passante d'écriture disque, sortie réseau — à partir desquels KVM ne suffit plus.

Mis à jour 2026-05-03 Guide de décision Indépendant des fournisseurs

A VPS is a slice of a hypervisor — fast to provision, easy to resize, shared with neighbours, and excellent value at typical web-server, VPN, mail, IRC, and node workloads. A dedicated bare-metal server is the whole machine — more expensive, more isolated, IPMI-accessible, ECC-RAM-exposed, and free from the noisy-neighbour variable that dominates VPS tail-latency. The decision hinges on four measurable thresholds, not on marketing axes: sustained CPU steal time, working-set RAM size, sustained disk write bandwidth, and sustained network egress. Below all four thresholds, a properly-provisioned VPS delivers within 3-8% of bare-metal performance for typical workloads — almost imperceptible in production unless you specifically benchmark for it. Past any one of the thresholds, the bare-metal upgrade pays for itself the day you provision because the variable that was previously dragging your P99 latency disappears. This page lays out the thresholds in vmstat / iostat terms, sets out the cost crossover (which is closer than most buyers assume — a Shield-tier dedicated runs roughly $24/month above a Pro-tier VPS for double the cores, triple the RAM and mirrored storage), and answers the ECC, IPMI, BGP and security-isolation questions that typically come up at the upgrade decision.

Spécifications côte à côte

VPS contre Dedicated bare-metal — en un coup d'œil

Les chiffres et citations sont tirés de références primaires (cours constitutionnelles, RFC, documentation de projets) dès que disponibles. Voir le bloc citations sous la FAQ.

Propriété	VPS	Dedicated bare-metal
Cost (entry tier, 2026)	$16.99-69.00/month	$79-599/month
CPU isolation	Shared cores via KVM scheduler	Single tenant — no other workloads on the silicon
CPU steal time	0-5% typical, can spike on noisy hosts	Always 0% (no neighbour to steal from)
RAM type	DDR4/DDR5 ECC (host-level)	DDR4/DDR5 ECC, exposed to the OS
Stockage	Shared NVMe namespace, isolated quotas	Dedicated NVMe drives, hardware or software RAID
IPMI / out-of-band	No — panel-level reboot only	Yes — full BMC console + ISO mounting
Custom kernel	Allowed (KVM passes through)	Full freedom — you ARE the host
Live migration	Yes (between hosts on maintenance)	No — physical machine
Hot resize (CPU/RAM)	Yes, no reboot for vCPU and RAM	No — chassis-bound
Snapshot speed	Hourly with 7-day retention, panel-driven	On-demand via backup volume; no native hourly tier
BGP /29 or /48 announcement	Not on VPS plans (shared prefix)	Yes — bring an LOA, get a session
Meilleur pour	Most workloads under 24 GB working set	High-RAM, high-IO, single-tenant or BGP-needing workloads

Matrice de décision

Choisir VPS quand… / Choisir Dedicated bare-metal quand…

Associez votre charge de travail à la colonne où le plus de points s'appliquent. Si les scores sont égaux, optez par défaut pour l'option la moins chère ou la plus simple — la différence marginale justifie rarement le coût supplémentaire.

Choisir VPS quand

VPS (tranche d'hyperviseur KVM)

Déploiement rapide, redimensionnement à chaud, tarification mensuelle prévisible, 92–97 % des performances bare-metal pour les charges web/VPN/mail/nœud typiques.

Your sustained CPU steal time stays below 5% under peak load. If vmstat 1 rarely shows steal (st) above 5, the hypervisor slice is delivering and you're not paying for hardware you can't use.
Your working set fits comfortably in 24 GB or less of RAM and your disk write throughput stays under 400 MB/s sustained. Below those points, a Gen4 NVMe-backed VPS gives you the same I/O profile as bare-metal.
You need to scale workers horizontally rather than vertically. Spinning up four VPS instances in four jurisdictions for $80/month total beats a single $200 dedicated server for redundancy-driven workloads.
Vous voulez un redimensionnement à chaud sans interruption. KVM nous permet d'ajouter vCPU et RAM à une VM en marche ; le redimensionnement bare-metal implique une migration vers un autre châssis.

Choisir Dedicated bare-metal quand

Dédié bare-metal

Locataire unique, aucun steal time, RAM ECC, accès IPMI, isolation au niveau matériel et marge pour une sortie soutenue à 5 Gbps+ ou des jeux de travail de 64 Go+.

Votre CPU steal soutenu dépasse régulièrement 5 % sur un VPS. C'est un signal mesurable qu'un voisin bruyant gagne dans l'ordonnanceur — le bare-metal élimine entièrement la variable.
You need 64 GB+ of ECC RAM for a hot working set (Bitcoin txindex, large Postgres, Lightning routing hub, public Matrix homeserver, archive node). Dedicated is the cleanest path to that headroom with ECC reliability.
Vous voulez l'IPMI / la gestion hors-bande pour récupérer en mode « console même quand l'OS est figé ». Les offres VPS ne l'exposent pas ; le bare-metal oui.
Vous faites tourner des charges exigeant une isolation stricte — recherche en sécurité, traitement de données réglementées, ou simple préférence forte pour la mono-location sans hyperviseur.
Vous avez besoin d'un noyau sur mesure, d'un firmware sur mesure, d'un /29 ou /48 annoncé en BGP, ou d'un RAID matériel — standards sur bare-metal, souvent contraints sur un VPS.

FAQ

VPS contre Dedicated bare-metal — questions traitées

Comment savoir si mon VPS est réellement contraint ?

Run vmstat 1 for a peak hour and look at the st column. Sustained values above 5 mean a hypervisor neighbour is taking your scheduled CPU. Run iostat -x 1 and watch w_await (write latency in ms) and %util — if w_await sits above 5 ms or util pegs at 100% during normal load, your shared NVMe namespace is contended. Check free -m for swap activity; any swap-in on a hot path means you've outgrown your RAM tier. None of these warrant immediate dedicated; two of three sustained over a week does.

Un dédié bare-metal est-il réellement plus rapide qu'un VPS de mêmes specs ?

Marginally for typical workloads, dramatically for I/O-bound ones. KVM with virtio drivers and AES-NI passthrough delivers within 3-8% of bare-metal CPU performance — almost imperceptible for web servers, VPNs, and node software. Storage is where the gap widens: a single dedicated NVMe drive in a chassis you own runs at full PCIe Gen4 throughput (7 GB/s read), while a VPS slice on a shared namespace might be capped at 1-2 GB/s by quota. For database-heavy or archive workloads, the dedicated win is immediate and large.

Que signifie réellement le CPU steal time ?

Steal time is the percentage of wall-clock during which your virtual CPU was ready to run but the hypervisor scheduled a different VM's vCPU on the underlying core. The Linux kernel exposes it via /proc/stat (the steal field) and tools like vmstat, top and mpstat surface it. On a well-provisioned host with reasonable overcommit it stays near 0; on an oversold host it spikes to 20%+ during your peak hours, dragging your P99 latency disproportionately.

Quand le coût bascule-t-il réellement du VPS vers le dédié ?

For a workload that fits 16 GB RAM and 200 GB disk, a $40-55/month VPS is cheaper than any dedicated tier. For 24-32 GB RAM and 400-640 GB disk, the gap narrows — Pro-tier VPS at $55-70/month vs Shield-tier dedicated at $79/month is a $20-30 question for 2× the cores and mirrored storage. Past 64 GB RAM or 1 TB+ disk requirements, dedicated becomes the cheaper option per unit of resource. The crossover is workload-specific; map your peak resource needs to the price grid before assuming dedicated is "always more expensive".

Ai-je besoin d'IPMI pour une charge de travail courante ?

Probably not for a small VPS-replacement workload, definitely yes for production-critical bare-metal. IPMI gives you a virtual console, power-cycle control, and ISO-mounting that survives a borked kernel update or a misconfigured firewall that locked SSH. On a VPS, the panel offers reboot and reinstall as ticket-free options; on dedicated, IPMI is your only out-of-band recovery path. Lose IPMI, lose remote-hands cost-free recovery.

Puis-je faire tourner un relais Tor sur un dédié, et qu'est-ce que j'y gagne ?

Yes, and the gains are mostly headroom. A vps-growth handles a 10-50 TB/month Tor relay comfortably; bare-metal lets you run two or three relays plus an exit plus a hidden service from one chassis without resource competition. For a single relay, VPS is more cost-effective. For an operator running a small fleet (>3 relays, or one big exit), dedicated's steal-time-zero CPU and dedicated NIC are operationally cleaner.

Et la RAM ECC — le VPS l'expose-t-il à l'invité ?

Host-level ECC is universal at quality providers (no SEU corruption flips your guest's memory silently), but the guest VM itself sees plain virtio memory and cannot trigger ECC-aware pathways at the kernel level. Bare-metal exposes ECC fully — your Linux kernel sees the EDAC subsystem, can log corrected errors, and can act on them. For workloads where memory-corruption-as-correctness-bug matters (financial systems, blockchain consensus code, large in-memory databases), bare-metal's exposed ECC is meaningfully different.

Un serveur dédié est-il plus sûr qu'un VPS sur le plan de la sécurité ?

For most threats, no — both run a properly hardened OS and the attack surface is largely the same userspace software. Where dedicated wins is the elimination of cross-VM side-channel attack categories (Spectre/Meltdown variants, last-level-cache timing leaks). These are exotic attacks, but they exist; a single-tenant box has no co-located adversary by definition. For regulated-data workloads where the compliance framework demands hardware-level isolation, dedicated is the documented answer.

Citations

Sources primaires

D'où proviennent les chiffres et les affirmations juridiques ci-dessus. Nous renvoyons à la source primaire plutôt qu'à un re-publieur dès que c'est possible.

Noyau Linux — documentation des statistiques de l'ordonnanceur (définition du CPU steal) https://www.kernel.org/doc/html/latest/scheduler/sched-stats.html
Page de manuel vmstat (interprétation du steal time) https://man7.org/linux/man-pages/man8/vmstat.8.html
Page de manuel iostat (interprétation de w_await et %util) https://man7.org/linux/man-pages/man8/iostat.8.html
IETF RFC 7575 — Réseau autonome (pertinent pour BGP-depuis-hébergeur) https://www.rfc-editor.org/rfc/rfc7575
Wikipédia — Intelligent Platform Management Interface https://en.wikipedia.org/wiki/Intelligent_Platform_Management_Interface

Continuer à comparer

Comparaisons associées

Bitcoin vs Monero

Bitcoin vs Monero pour payer l'hébergement — délai de règlement, frais, confidentialité on-chain, aptitude au remboursement, et un arbre de décision pratique.

Lire la comparaison

Pays-Bas vs Roumanie

Pays-Bas vs Roumanie pour l'hébergement offshore — peering AMS-IX vs niveau de prix bucarestois, posture sur le contenu, alignement RGPD, et où chacun l'emporte.

Lire la comparaison

Décidé ? Déployer en 60 secondes

Pas d'e-mail, pas d'identifiant, pas de compte. Choisissez une offre, payez en crypto, obtenez root.

Lancer un serveur Toutes les comparaisons