Note: in this post I’ll be concentrating on IaaS (infrastructure as a service or VM hosting in the cloud). SaaS and PaaS are slightly different conversations.
I was having a conversation on Twitter with someone that I respect yesterday afternoon about designing a private cloud. He made an interesting comment that got me thinking. A pure private cloud – which is, at its core, hosting of VMs in an internal or colo hosted environment – is a lot of work and maybe a business should consider using an existing public cloud.
And you know, that’s a very good point. You might have gathered from yesterday’s post that there are a lot of unknowns when it comes to building a pure private cloud. With all that bother and stress, why not eliminate all the effort and set up an account with something like an Amazon EC2, rackspace, or a local “boutique” public cloud hoster, and get instant access to a scalable, elastic computing environment. On the upside, you get instant access, you don’t have the investment, you’ve none of the risk, and your business may even get to eliminate you from the payroll. Say, what?!?!!?!?
There are definitely times when public cloud is the right option. Obvious cases are when you’re putting together public facing applications. But are there times when it’s not the right option?
A respected friend made an interesting point when discussing the cloud last year. He asked if people were happy right now with their telephone or internet service providers. Did they live up to SLAs? How did they perform when things went wrong? I think it’s fair to say that these operators tend to suck at support, as do most service providers when we have a phone number/email address as our contact points. How exactly will a public cloud provider be any different? Often they aren’t. It doesn’t take much googling to find people who have that same experience with their hosters. And hey – I include the “big boys” in this too. I may have no data to back this up, but I bet you the smaller hoster will give you better effort at support because they will value your business more.
I think a big differentiator between internally and externally hosted infrastructure is the ability to get a response from support. If a manager needs something done internally then they can shout, threaten, cajole, etc. Stuff will get done when pressure is applied. What about external hosting? The rule of thumb that I’m using: the bigger the hoster, the less qualified and enabled the person on the other end of the phone/email will be. I know from experience that “customer care” are minimum wage and don’t care. You can escalate to threats and that leads to a “promise” of a supervisor call back (to get you off the line) or them hanging up. That urgent backup recovery that you can get pushed through internally in minutes may take 24 hours afterall in a public cloud.
But there is an SLA there to protect you! You might have 99.9% “guaranteed” up time from the hoster. But that isn’t a guarantee. It’s actually a promise that the hoster will refund you part/all of your payment for that month if they give you less that 99.9% up time. That might be useless if your business is relying on a public cloud for all internal operations. And the devil is in the details; how exactly is the SLA written in the contract and measured in reality? Don’t make any assumptions.
You might get over that SLA issue by geo-cluster your resources across many data centres. I know some hard core people who’ll insist that you should really geo-cluster your resources between different hosters in different locations! That’s the only guarantee of getting better uptime.
I’ve barked about the Patriot Act and the nature of the USA politicians quite a bit in the past. Fact: the Patriot Act applies to all American owned data centres (USA, Ireland, middle east, Asia) despite what some sales & marketing people say. If you need to comply with things like a European/Irish Data Protection Act then you need to stay clear of those data centres. That also means figuring out if your hoster is colo hosted in one of those data centres. Sure the risks are small – but they are real. I was at a lecture last year where a solicitor (lawyer) stated so, even though he argued that the risk was small and was OK with that small risk. I’d contradict by reminding people that the original draft of the Cyber Security Act (co written by Democrats and Republicans) wanted to give free access to all American hosted (anywhere) data to the US Department of Commerce. That got eliminated but who knows if that one sneaks it’s way back again. That would have given the US government free access to your businesses data. And there are historical cases where government organisations have used their access to data (legal or otherwise) to assist native companies in competitive scenarios. Compliance is complicated – usually requiring the legal folks to get involved. You may have issues with data leaving your state/country at all because of industry regulations, even if there are equal data protection laws in the other state/country. Laws are different everywhere and different industries have different rules. Don’t assume anything.
Sounds like I’m really down on public cloud and all for the private cloud. Not quite:
- If you need an online presence then public cloud can give you a secure location abstraction and huge bandwidth availability.
- If you choose your hoster carefully then you can be compliant with industry or state/national regulations.
- A public cloud can give you instant access to an infrastructure with instant huge scalability. You get none of the risk of designing a private cloud and none of the hassle/delays/capital investment associated with a private cloud. Plus, an internal infrastructure will only have limited scalability unless you have capital investment funds to burn.
- The finance folks might like the idea of a public cloud – so they can fire you/me or some of your colleagues. Call it operating cost reduction or rationalisation.
There’s no one answer for everyone. Some will go completely public. They’re likely to be smaller organisations. Some will go completely private. And some will have a mix of both (hybrid or cross-premises cloud). Anyway, that’s my rambling done with for the day.
Nice round up of concerns and possibilities Aidan. Varying degrees of hybrid clouds approaches might be the dominant variant in the years to come. Taste it, play with it, test it, see what it can do for your business or your customers. Live and learn. As Mary Jo Foley noted in http://www.zdnet.com/blog/microsoft/microsofts-cloud-buzzword-of-2011-hybrid/8947 “hybrid” could very well become the buzz word for 2011 and beyond. IAAS, PAAS & other *AAS are great but often focus on the world to be. How to get there is another matter. You can buy cloud but what/how/where and when is for us to find out.
Cheers, Didier