The honest one-liner
If you can plot a hockey-stick on your CPU steal time, you've already outgrown the VPS. Steal above 5% sustained means a neighbour is winning the scheduler — your latency P99 will reflect it long before your average load looks bad.
Below that, a VPS is almost always the right call. KVM with NVMe-local storage and AES-NI on a modern EPYC core gets you within 3–8% of bare-metal for typical web, VPN, mail, IRC and Lightning workloads. The 92–97% you keep is well worth the pricing delta and the live-resize ergonomics.
When the VPS still fits — clearly
Personal egress (your own WireGuard or OpenVPN endpoint), a Tor relay below 25 MB/s sustained, a single-user mail server, a Bitcoin pruned node, a Monero remote node serving fewer than a few hundred wallets, a Matrix homeserver for a small community, a private game server, a personal seedbox below 240 GB of working set — all of these run comfortably on a VPS and gain very little from going bare-metal.
Why: their bottleneck is rarely raw CPU. It's network reach, IP reputation, jurisdictional posture, and whether the host throttles port 25 or shapes p2p traffic. A VPS that gives you full root, raw sockets, unmetered uplink and editable rDNS is functionally identical to bare-metal for these loads.
The four signals a workload has outgrown the VPS
Sustained CPU steal above 5%. Run `vmstat 1` for a peak hour. If `st` regularly sits above 5, you're sharing a core with someone hot. We re-host neighbours when steal climbs, but a dedicated host removes the variable entirely.
Working set exceeds 24 GB and is latency-sensitive. RAM contention on KVM is rare on our hosts (we don't oversell memory), but a dataset the size of a Bitcoin txindex (~120 GB on disk, hot pages 10–30 GB) starts to hit ARC eviction patterns where 64 GB ECC headroom changes behaviour. Lightning routing nodes, Matrix Synapse with 200+ federated rooms, and Postgres-heavy CI databases all hit this earlier than people expect.
Disk write bandwidth above 400 MB/s sustained. Single Gen4 NVMe handles this on a VPS. Two Gen4 NVMe in mirror on a dedicated tier handles it without the GC pauses that come with shared NVMe namespaces.
Network egress above 5 Gbps sustained. We sell VPS plans with 10 Gbps unmetered, and they really do hit 10 Gbps for short bursts — but a sustained 5+ Gbps for hours on end is more comfortable on dedicated hardware where the NIC is yours alone.
Where dedicated wins outright
Bitcoin Core or Ethereum archive nodes you intend to operate for years without re-IBD'ing. The 36-hour IBD on a single-socket EPYC with 2× Gen4 NVMe in software RAID is night-and-day faster than the 3–4 day IBD on a Business-tier VPS, and once it's done, the disk reliability matters more than the throughput.
Lightning routing hubs targeting 1000+ channels and large capacity. HTLC throughput is CPU-bound under load, and dedicated cores eliminate the steal-time tail that occasionally causes channel-state staleness.
Public Matrix homeservers with thousands of federated rooms. Postgres on its own NVMe + Synapse workers on the other NVMe + Redis on a third namespace = three I/O lanes with zero contention.
Self-hosted CI with build farms running Docker-in-Docker, sysbox, or Firecracker microVMs at scale. Nested virtualisation works on KVM, but bare-metal eliminates the second-layer paravirt overhead.
BGP-announced /29 or /48 with your own AS-path. We provision BGP sessions on dedicated tiers from Bastion up; on VPS plans, you share our prefixes.
The pricing arithmetic
A vps-pro at $54.99/month gives you 8 vCPU on Xeon Gold 6430, 24 GB DDR5 ECC, 400 GB NVMe, 5 Gbps unmetered. A ded-shield at $79/month gives you 16 cores / 32 threads of EPYC 7313P, 64 GB DDR4 ECC, 2× 1 TB NVMe, 1 Gbps unmetered. The dedicated tier costs $24/month more for roughly 2× the CPU, 2.7× the RAM, 5× the disk, with mirrored storage.
If your workload is CPU-, RAM-, or storage-bound, the bump pays for itself the day you provision. If it's network-bound at 5+ Gbps, the VPS keeps winning until you size up to a Bastion or higher with 10 Gbps included.
Crypto-billed monthly with no minimums means you can run dedicated for one month while you're stress-testing, then drop back to VPS if the load profile turns out to be lighter than feared. There's no annual commitment that locks you in.
Migration playbook
Rsync + cutover window: provision the dedicated host in the same jurisdiction, rsync your dataset over the local network (we have 10+ Gbps internal between hosts in the same DC), set up a maintenance page on the VPS, do a final sync, swap DNS or IP failover. Total downtime: typically 2–10 minutes for a few-hundred-gig dataset.
If your IP matters (Lightning channels, federated Matrix homeserver, mail rDNS), we can move the /29 across hosts in the same DC without re-IPing — open a panel ticket and we do it in 24 hours during a quiet window.
If you can't afford any downtime: split-brain for a day. Keep both hosts live, change the application to write to both, fail reads to the dedicated, then cut writes once the dedicated is authoritative. This is the shape of every database migration we've watched customers run successfully.