April 29, 2011 at 12:25How to tame the clouds: practical examples. Cloud problems
The second post from a series of copyright texts by Mikhail Mikheev " How to tame the clouds: examples of practical use ."
In the first post, I mentioned the main advantages of cloud infrastructure, and I promised to talk about the cons.
First, let's repeat the pros :
Problem 1: dependence on the communication channel.
The Internet has fallen between us and the cloud data center - that's it. Put out the light.
Why this problem is not very scary:
Problem 2: the dependence of the availability of our infrastructure on the hosting staff. Suddenly they hired students who, knowing nothing and not knowing how to kill our virtuals ?!
The fearlessness of this problem is probably easiest to justify. The business cloud service provider’s business service provider is accessibility and, once again, accessibility, any simple one is a loss of reputation and money in the form of fines, so the level of motivation in organizing the quality of services is much higher than that of the internal IT service.
Problem 3: Dependence on global host issues. But what if, for example, they come to them and take away all the iron?
Here you need to look at a specific service provider of cloud services. Where he placed his equipment, what level of physical security of the data center, for example, there are sites where it’s not easy to get with the court’s decision. In particular, IT-GRAD clouds are located in such a data center.
Problem 4: not all software will work in a virtual machine.
If the program requires only a processor, memory, disks, a network, a simple video card and usb for peripherals - everything is ok. Otherwise, differently. Sad, but true. On the other hand, one can easily disagree with this. “With this” in the sense that this is a problem. Server applications that are not enough of what modern virtual servers provide are few. And old applications that today will not work anywhere other than virtual servers can be found. For example, from the experience of our customers - at the moment, only thanks to VMware virtualization can you continue to operate software that works, for example, only on Windows 3.1.
Problem 5: data privacy - their admins can access our information.
In my mind, this problem should be reformulated: “We don’t want privacy to become worse after transferring services from our server to an external data center.” The situation then branches out: a) we are talking about sensitive data and we are talking about confidentiality professionally) or we are talking in general, and not professionally. The first case is the subject of a separate discussion, the result of which can be squeezed into a tweet: “Services that are really critical from the point of view of confidentiality are not taken out.” But in the second case, relevant for lshinstva services of most companies - will focus in more detail. Question: "Now what about your privacy?" Answer: “Something like that?” Or can you give a more intelligible answer? Are responsible people appointed? Are legal, technical, organizational and psychological measures? If the answer is “no”, this means that the company is not protected in any way from internal administrators, but with an legal entity - a cloud provider - this area can be regulated much, much better.
Question : “After transferring services to the cloud, will the privacy situation of our data become worse?”
Answer: "Not. We would say that it will get better. ”Remember, in the beginning I wrote the phrase“ Services really critical from the point of view of confidentiality are not taken out ”? She is not quite correct. Security tools specialized for vSphere are already appearing today, and for specific projects they can be applied and applied successfully. Currently, we are talking mainly about the products of the Security Code company. I mean, with the economic and / or other advantages of using an external cloud for a project, you don’t have to give up the idea because of the availability of sensitive data - it’s worth raising this question, exploring the possibilities and, often, seeing that using special tools is enough the level of confidentiality is realizable. The first post was dedicated to the introduction to the question, the advantages were described in a general way, and the task was set - to illustrate the possibilities. Now we talked about the problems - and their solution. Next we will return to the task - after all, it is necessary to solve it ...
In the first post, I mentioned the main advantages of cloud infrastructure, and I promised to talk about the cons.
First, let's repeat the pros :
- There is no need to invest in the acquisition of iron, software, the introduction of all this.
- A dramatic reduction in the time taken to get started.
Good quote:
Clouds and ERPcontinuation in the original source
What are the benefits of using "clouds" in the process of implementing an ERP system. The implementation team came and roughly estimated the needs for iron - very roughly estimated. Further, the IT department of the customer began a search for this server system (they chose the manufacturer, brand, agreed on the delivery). Most often, the server arrived no faster than after 2-4 weeks, but often it was possible to wait a couple of months. In parallel, issues were solved with the work of remote units — either a centralized server and communication channels, or options with distributed bases (which also require communication channels). While the server was waiting, the system was set up either on some temporary server (which is already old, but still a pity to throw it away) or on computers of intruders (NAV and 1C live on a laptop easily, Axapta hardly but it can also work - we are not talking about OEBS or SAP - we are considering implementation in small or medium-sized companies). Then there are two options - the server is at the time the system starts or it is not there yet. If there is, then after the server arrives, the OS and ERP installation procedure begins, and settings are configured and transferred (the arrival of an IT specialist from the implementing company is almost always required). And then everything is already configured on the future production server. If not already, then the system starts on the old server, and after a while, when the server arrives, the transfer is performed (moving a working system is a pleasure below average). Until this time, there are brakes and other charms of old iron. Also, at the beginning of work, firms with remote units began to experience various problems associated with the work of remote units. For instance, the most common problem is setting up printers for terminal access to the server. In addition, various glitches when setting up a VPN, etc. etc. - There are almost always problems. Of course, after a while they are solved, but the nerves shake. Well, at the very end, after about six months of industrial operation, the actual load on the iron is found out. And in 99.9% of cases one of three things is detected - either the server is excessively powerful and is not used by 25% (in peak loads up to 50%), or the server as a whole is weak and a more powerful model is needed, or the processor / memory ratio is not optimal / disk subsystem (something more powerful than necessary, but something is missing). What could be a similar project now when using clouds (cloud computing)? (As written in the credits of some films, the plot is based on real events)) ... In addition, various glitches when setting up a VPN, etc. etc. - There are almost always problems. Of course, after a while they are solved, but the nerves shake. Well, at the very end, after about six months of industrial operation, the actual load on the iron is found out. And in 99.9% of cases one of three things is detected - either the server is excessively powerful and is not used by 25% (in peak loads up to 50%), or the server as a whole is weak and a more powerful model is needed, or the processor / memory ratio is not optimal / disk subsystem (something more powerful than necessary, but something is missing). What could be a similar project now when using clouds (cloud computing)? (As written in the credits of some films, the plot is based on real events)) ... In addition, various glitches when setting up a VPN, etc. etc. - There are almost always problems. Of course, after a while they are solved, but the nerves shake. Well, at the very end, after about six months of industrial operation, the actual load on the iron is found out. And in 99.9% of cases one of three things is detected - either the server is excessively powerful and is not used by 25% (in peak loads up to 50%), or the server as a whole is weak and a more powerful model is needed, or the processor / memory ratio is not optimal / disk subsystem (something more powerful than necessary, but something is missing). What could be a similar project now when using clouds (cloud computing)? (As written in the credits of some films, the plot is based on real events)) ... after a while they are solved, but the nerves shake. Well, at the very end, after about six months of industrial operation, the actual load on the iron is found out. And in 99.9% of cases one of three things is detected - either the server is excessively powerful and is not used by 25% (in peak loads up to 50%), or the server as a whole is weak and a more powerful model is needed, or the processor / memory ratio is not optimal / disk subsystem (something more powerful than necessary, but something is missing). What could be a similar project now when using clouds (cloud computing)? (As written in the credits of some films, the plot is based on real events)) ... after a while they are solved, but the nerves shake. Well, at the very end, after about six months of industrial operation, the actual load on the iron is found out. And in 99.9% of cases one of three things is detected - either the server is excessively powerful and is not used by 25% (in peak loads up to 50%), or the server as a whole is weak and a more powerful model is needed, or the processor / memory ratio is not optimal / disk subsystem (something more powerful than necessary, but something is missing). What could be a similar project now when using clouds (cloud computing)? (As written in the credits of some films, the plot is based on real events)) ... In 9% of cases, one of three cases is detected - either the server is excessively powerful and is not used by 25% (in peak loads up to 50%), or the server is generally weak and a more powerful model is needed, or the processor / memory / disk subsystem ratio is not optimal ( something more powerful than necessary, but something is missing). What could be a similar project now when using clouds (cloud computing)? (As written in the credits of some films, the plot is based on real events)) ... In 9% of cases, one of three cases is detected - either the server is excessively powerful and is not used by 25% (in peak loads up to 50%), or the server is generally weak and a more powerful model is needed, or the processor / memory / disk subsystem ratio is not optimal ( something more powerful than necessary, but something is missing). What could be a similar project now when using clouds (cloud computing)? (As written in the credits of some films, the plot is based on real events)) ...
- Reduction (not increase) in maintenance costs (zp admins). There is no need to maintain the lower-level infrastructure (server hardware, storage systems, network infrastructure, software that can be called low-level - vSphere, firewalls, NAT, and some other systems.
- The absence of problems with the choice of configuration - to reduce or increase the resources allocated to the application (VM) is trivial.
- Providing high availability is cheap - commonplace troubles such as a hardware failure (whether it is a server infrastructure, network or storage system hardware) does not lead to long downtime (in some cases, there is not even minimal downtime). This plus, in fact, is one of the leaders of the charts of the charts of reasons to choose a cloud infrastructure.
- Dependence on the communication channel.
- Dependence on foreign students administering infrastructure.
- Dependence on global host failures (show masks, as the most popular according to some disaster data in our latitudes).
- Not all software will work in a virtual machine.
- Data privacy is the leader in the horror story charts.
Problem 1: dependence on the communication channel.
The Internet has fallen between us and the cloud data center - that's it. Put out the light.
Why this problem is not very scary:
- the channel falls, usually not often. However, you can evaluate the probability of this event for your company yourself;
- the channel is redundant, usually;
- if the channel fell on our side (usually it falls not in the cloud data center and not at its providers) - the normal operation of a modern company is not possible anyway. Moving some of the services to the cloud will not be worse if this assumption is true for your company. Moreover, if some of the services are accessed from outside (for example, the web or mail servers), moving them to an external cloud will allow for greater accessibility for external clients of these services.
Problem 2: the dependence of the availability of our infrastructure on the hosting staff. Suddenly they hired students who, knowing nothing and not knowing how to kill our virtuals ?!
The fearlessness of this problem is probably easiest to justify. The business cloud service provider’s business service provider is accessibility and, once again, accessibility, any simple one is a loss of reputation and money in the form of fines, so the level of motivation in organizing the quality of services is much higher than that of the internal IT service.
Problem 3: Dependence on global host issues. But what if, for example, they come to them and take away all the iron?
Here you need to look at a specific service provider of cloud services. Where he placed his equipment, what level of physical security of the data center, for example, there are sites where it’s not easy to get with the court’s decision. In particular, IT-GRAD clouds are located in such a data center.
Problem 4: not all software will work in a virtual machine.
If the program requires only a processor, memory, disks, a network, a simple video card and usb for peripherals - everything is ok. Otherwise, differently. Sad, but true. On the other hand, one can easily disagree with this. “With this” in the sense that this is a problem. Server applications that are not enough of what modern virtual servers provide are few. And old applications that today will not work anywhere other than virtual servers can be found. For example, from the experience of our customers - at the moment, only thanks to VMware virtualization can you continue to operate software that works, for example, only on Windows 3.1.
Problem 5: data privacy - their admins can access our information.
In my mind, this problem should be reformulated: “We don’t want privacy to become worse after transferring services from our server to an external data center.” The situation then branches out: a) we are talking about sensitive data and we are talking about confidentiality professionally) or we are talking in general, and not professionally. The first case is the subject of a separate discussion, the result of which can be squeezed into a tweet: “Services that are really critical from the point of view of confidentiality are not taken out.” But in the second case, relevant for lshinstva services of most companies - will focus in more detail. Question: "Now what about your privacy?" Answer: “Something like that?” Or can you give a more intelligible answer? Are responsible people appointed? Are legal, technical, organizational and psychological measures? If the answer is “no”, this means that the company is not protected in any way from internal administrators, but with an legal entity - a cloud provider - this area can be regulated much, much better.
Summarize
Question : “After transferring services to the cloud, will the privacy situation of our data become worse?”
Answer: "Not. We would say that it will get better. ”Remember, in the beginning I wrote the phrase“ Services really critical from the point of view of confidentiality are not taken out ”? She is not quite correct. Security tools specialized for vSphere are already appearing today, and for specific projects they can be applied and applied successfully. Currently, we are talking mainly about the products of the Security Code company. I mean, with the economic and / or other advantages of using an external cloud for a project, you don’t have to give up the idea because of the availability of sensitive data - it’s worth raising this question, exploring the possibilities and, often, seeing that using special tools is enough the level of confidentiality is realizable. The first post was dedicated to the introduction to the question, the advantages were described in a general way, and the task was set - to illustrate the possibilities. Now we talked about the problems - and their solution. Next we will return to the task - after all, it is necessary to solve it ...