The questions to ask are...not quite endless
Ones I've asked in some form or another over the years, rather more categorised than when asked
* what disk space and bandwidth will be available?
* when/how do you inform of nearing/exceeding the above?
* what are the consequences of exceeding the above?
* what maximum concurrent connections are allowed?
* what costs/penalties/time/options to upgrade service plan?
* What are your standard and optional redundancies?
Note: in case of server failure, utility failure, etc.
* What backups/fail overs are or can be in place?
* what failures/outages have occurred in the past five years?
SLA: Service Level Agreement
* What type (kind and degree) and amount of uptime do you guarantee?
* How do you manage, inform/report about maintenance, downtime?
* How (and for what) do you monitor your network?
* For what else are you accountable/responsible?
* What are the penalties/remedies should you breach the SLA?
I recommend reading - and following - the points raised in Choosing a hosting provider: 10 questions to ask your provider, PDF file 799KB.
The following are the questions...the followups and reasoning are even more useful.
1. What is your security policy?
2. How do you handle security breaches?
3. What is the platform under my application?
4. Do you offer SSL (HTTPS)?
5. Do you backup?
6. Who is responsible for installing applications and CMS platforms (e.g. WordPress)?
7. Can I disable applications and services I’m not using?
8. Who is responsible for updating applications and software?
9. Do you do any security monitoring?
10. How are uploads secured?
Two general queries that quickly separate those who have a clue from those with hell desk script:
* describe your security infrastructure.
* can you accommodate additional security features?
If you really want to get into the nitty gritty the following is a start
* are you ISO9001
---to an American host: can you provide an SAS 70
* is SSH and/or SFTP default/standard?
* (for non-dedicated servers) do you utilise OS-level virtualisation and if so, which, to what benefit?
* do your DB processes and web servers run as root?
* What is your policy on upgrading; particularly the OS, the web server, the database(s), PHP/perl/etc., et al to the latest versions?
* is PHP run as an apache module or as FastCGI?
* how varied are the communication channels, i.e. phone, email?
* what is response time for each channel?
* which channel(s) are free? billable? to what extent?
* does service quality change by time?
* is service by hell desk script book or competent technician or both?
* where is customer support based from?
---does that change, i.e. by time of contact, depth/severity of problem?
* for how long has host company been in business?
* for how long has the service plan I want been offered?
* what are the most common problems encountered by users of the plan I want?
Many/most hosts will cringe and redirect at much of the above...they are what you see is what you get fast food type operations...
Perhaps the most important question is to ask, not of your host but of yourself, is: how seriously do I take my business?