Get best of the week

Own server or public cloud?

image

When I once again prepared an analytical note for the management about the nuances of switching to a public cloud, I noticed that most of the articles on clouds (even on HabrĂ©) were written by those who sell them (although this, in general, is logical). Therefore, I decided to modify my note a bit to a more general picture and put it here. Thus, this argument about the advisability of using public clouds is no longer from the perspective of those who sell the clouds, but from the perspective of those who use them. I’ll warn you right away that I won’t draw any definite conclusions (or mention brands).

Cloud situations are different. For example, in a company that was far from IT, several years ago, I with great difficulty convinced the director to bring a couple of services to the public cloud, since the maintenance of a staff of qualified server administrators just for the sake of escorting these virtual machines would never have paid off, and eneykeyschiki, serving personal computers, not quite suitable for such tasks. Then they didn’t listen to me, but then life mercilessly proved me right: they couldn’t get an expert on the available budget, they didn’t buy iron, and as a result it all snuggled up, after which the servers moved to the cloud. In another case, a very large telecom operator persistently wanted to transfer 500 virtual machines of our (already different) company to itself. With a paradoxically low rent. And then I already adhered to the exact opposite, anti-cloud,position. After all, public clouds are a great tool, but, unfortunately, not a silver bullet. Why - I’ll try to reveal my point of view under the cut.

The cloud is now called everything, so let's immediately decide on the terms. The cloud is a model of providing on-demand access to a certain general fund of configurable computing resources (the definition for Wikipedia [ 1 ], shortened to our context ). According to the cloud model, various services can be provided:

  • VPS / VDS (Virtual Private / Dedicated Server - rental of virtual machines),
  • VDI (Virtual Desktop Infrastructure - rental of virtual desktops),
  • already banal and a little dying web application hosting,
  • SaaS (Software as a Service - application rental),
  • IaaS (Infrastructure as a Service - infrastructure rental),
  • DaaS (Desktop as a Service - another marketing name for VDI),
  • BaaS (Backup as a Service - rental infrastructure for backup)
  • « aaS», .

In fact, all this diversity comes down to renting virtual machines with one or another nuance of access and installed software.

Clouds are private (operating at the company's facilities to solve its problems) and public (operating for a wide range of people based on the operator). Update from comments: a service such as a virtual private cloud has now appeared . This is when a piece of yours is reserved for you in the public cloud, which you can manage more flexibly than the usual set of virtual machines. But this is still a virtual private cloud, not a private cloud.

Further, it will be about public clouds, which for simplicity I will call simply clouds. From the point of view of the issues considered, it is not so important that the company's own computing resources are presented: a private cloud or classic servers for individual tasks. Therefore , I will call the aggregate of our own computing resources of the company local servers or just servers , without going into particularities of the organization of the computing process. Thus, the promised comparison will be made between the rental of computing resources (“clouds”) and our own resources ( “Juche ideas” “servers”). It is based on my personal experience and experience communicating with colleagues. Of course, I do not pretend to be a comprehensive independent review, so I invite all those who disagree to definitely comment in the comments. Perhaps this will allow you to find errors or complement the comparison.

So, let's compare the two described approaches according to a number of criteria. For those who are too lazy to read the entire text, I highlighted italics in each paragraph , so you can skip what is obvious to you and not read everything.

Comparison of the cloud and native servers


Cost


You can often come across the claim that the clouds save on IT. It really is, but not always. To benefit from cloud hosting, you need to understand the mechanism of its formation: there are no miracles, especially in economics. If you not only reduce your costs, but also give an intermediary between you and the iron (the cloud operator) to earn bread and butter, this can be explained as follows.

  • - . , – - ( , , ..). , – [2] (, , , ..). , . 18 2 , ( ) ( ). . - – .
  • . – . , , , , . , 4 ! , , . , , , . , 3 ( , ). . , . , . , , . . , . - .
  • . « », . , , . , HPE « » , - .

Total: savings when using the cloud depends on the volume. The less your need for computing resources, the more profitable it is to rent. Not without reason large players of the IT market are building their own data centers.

But not only direct costs should be taken into account when substantiating a technical solution. A financial risk assessment (for example, a violation of the availability of the service) and additional costs (for example, for a full backup outside the cloud) can change everything, even if the cloud initially seemed to be a profitable solution. These nuances will be described later.

Flexibility


The reasoning about the cost above was valid for long-term server hosting. But it also happens that capacities are needed once, for a short period: for some kind of event, scientific work, etc. Major examples include the Olympics, the World Cup, the Universiade, or mass telecommuting during a new virus pandemic (“shit happens”). Therefore, even if you need a large number of servers and infrastructure, but for a short period after which they will become useless, then acquiring your own resources and building engineering systems is unlikely to pay off (and it is not a fact that you will manage to do this). It’s easier to rent.

For a small event, the resource requirement, significant for you, may turn out to be a statistical error for the operator.

For large projects, not every cloud operator has enough elasticity to provide 100,500 virtual machines at your first request. But even in this case, when the operator plans to purchase them, in the payback model, he will transfer only part of the costs to your project, counting on the subsequent leasing of these resources to other customers.

Total: for urgent and one-time events, computing power rental is well suited. Clouds are more flexible to needs. And this is a question not only of price, but also of timing: the operator already has qualified personnel, scaling plans and experience that cannot be quickly bought even for a lot of money.

CapEx vs. OpEx


The business loves to convert capital costs (CapEx) to operational (OpEx). This is especially fond of all sorts of financial directors who are divorced from the "physics" of the process. They are preferable to regularly pay in small portions, even if there is an overpayment, than to buy some kind of resource at once and then depreciate it for a long time. Those. these people rent a server profitable than to buy it. And here the grains of cloud sellers fall on fertile soil. The economist will gladly send his company to the cloud, even despite the heart attack of the IT director or the head of the department responsible for security.

But things change unexpectedly when it comes to state or semi-state companies. In most cases, they prefer CapEx over operating costs. Moreover, this does not happen at all from the desire to save, but from the features of planning. The task is often set as follows: "What would we buy now, so that we can use it for a long time when there will be no money?" At least this is what happens in Russian education, healthcare, science, etc. Periodically they are given programs for development, competitiveness, modernization, digitalization, etc. The fact that the expensive equipment purchased has a deadline for the recommended work (and not “until it breaks”), and also that it needs not free maintenance, repair, spare parts, etc.(with a very rough estimate, 10-15% of the cost of equipment for each year of operation is laid) is usually not taken into account. But this is a topic for another discussion.

: , OpEx, – CapEx. , « – », .


For some reason, leaders often see the opinion that the clouds are extremely accessible: “we will give it to outsourcing professionals and will have someone to ask (and why not - everything works for them like that)”.

But the problem is that everyone is falling. That's all. Both professionals and amateurs. Someone less often, someone more often. But sooner or later, that's all. Google, Yandex, Amazon fell. It is rather important here how the consequences of such falls are eliminated. And then, whether you yourself can do something in an emergency or wait for the mercy of the provider (i.e. do you have backup and spare capacity). For example, in 2011 1C-Bitrix fell in the cloud from Amazon [ 3 ] (in the article, good conclusions, by the way); but in 2018, Bitrix24 spent three days (!) in the cloud of CorpSoft [ 4]. Moreover, in the latter case, according to the victims, they ordered placement services in two supposedly independent data centers of one operator, but ... both fell simultaneously. Therefore, for particularly critical systems, it is better to use not just different data centers, but data acetons of different operators.

The cause of the data center failure can be not only a technical malfunction. There are still legal problems. So, for example, recently the assets were shared by the owners of Ayhor [ 5 ] and Masterhost [ 6 ]. These showdowns resulted in an unexpected shutdown of customers' cars. Very unpleasant. And this is another reason to use different cloud operators for backups.

Roskomnadzor added quite a bit of heat to the availability of clouds, when in 2018 it began to block randomly address foreign and even Russian sites in a square-nested way in the fight against telegram. There will not even give links - everyone already knows.

Due to the many risks, some companies contain replicas of their resources from different operators in different countries (mainly whose markets their activity is focused on). But all this affects the cost of the clouds.

The examples I cited are, of course, notable cases (and by no means all), but hundreds and even thousands of smaller drops (taking this opportunity, I send greetings to Mikhail Klimarev, the owner of ZaTelecom channel , in which there is an interesting section #HERAX).

Total: rumors about the reliability of the clouds are greatly exaggerated. They suffer not only from technical failures, but also due to the actions of owners, authorities and even other tenants (there are clouds with a toxic reputation that are blocked by firewalls and antiviruses). If the availability of services is critical for you, then when using the cloud, you should have a plan for emergency “landing” of resources at your own capacities or to another operator (at least in an abbreviated form).

Network load


When planning a move to the cloud, this factor is sometimes underestimated. We must not forget about these processes:
  • backup backup outside the cloud (all clouds offer backup at their capacities, but if you need data, you should store them somewhere outside; just remember the de-energized Aichora data center);
  • , - ;
  • , , ( , , ).

: . .


Transferring data from one cloud to another is difficult.

Firstly, due to the limited bandwidth of the network that we talked about (imagine that you had a sharp need to pick up a couple of TB in an up-to-date state, and even do it on the fly, that is, without stopping the virtual cars).

Secondly, due to the lack of universal tools. Cloud owners are not interested in you taking away virtual machines from them and are not working well in this direction.

Thirdly, if the cloud "fell", then you already do not have tools for data extraction. In your data center, in the end, you can even remove disks from non-working equipment. In the cloud, such a trick will not work. And here we again return to the replicas and backups made in advance.

But there is a flip side to the coin. Some data owners are afraid of their blocking or theft more than loss. Now we will not go into details in which cases it is necessary, but, I think, many IT professionals have encountered such problems in their practice. In this case, customers, on the contrary, are interested in the cloud being located somewhere away from the office, preferably in another country.

Indeed, it happens that people in masks come to the office and seal the data center or take out the servers. Cloud data, in another jurisdiction, is most likely not to be affected. And in the event of such force majeure, at least the online part of the business will be able to continue its work. Or, at a minimum, the data will not leak.

Theoretically, a situation is possible, when on the contrary, data and hardware in a remote data center will be captured. But here it all depends on the nature of your activity and who your enemies are (or whose enemy you are).

Total: if you are afraid of physical data removal or blocking, then a remote cloud will help you. But it can also become a problem, with problems with its availability.

Financial security


It was said above that pulling data out of the cloud is not so easy. Especially when it comes to moving to permanent residence complex systems with many relationships. For large companies, a cloud change is a whole story that can drag on for years. The cloud operator understands this, therefore, it acts with its customers like a dealer who sits down on his “product”. First free, then individual discounts, and then you can raise prices.
At the end of 2019, an unpleasant story happened: RosNIIROS sold almost 490 thousand of its “white” IP addresses, which it leased to organizations of education, science and others, the Czech company Reliable Communications. The first thing the new owner did was to raise the rental prices of these addresses 10-12 times. And simply because it can (and because RIPN kept its subscribers at prices “below the market”). But then the prosecutor's office was excited, although not for price increases, but for other aspects of the deal. And the deal was won back [ 7 ]. Prices returned to their previous level, but the sediment remained.

This example is of little concern to the cloud market, but a similar situation is possible on it. Imagine that you have a large IT business and some kind of yellow operator proposes to you: due to your exceptional size and market position, you will receive a 80% discount and use our cloud. You agree and move. For a couple of years, everything is fine, financiers are happy, you already sell cheap services to your customers and you’re quite used to the price ... as the yellow operator starts to experience problems due to its ill-conceived tariff policy, “cuts bones”, announces the cloud as a non-core asset and sells it to the blue operator . The new owner of the cloud tells you how he appreciates the old customer, but still be kind and pay the market. And here your expenses sharply increase five times. In my opinion, it’s a very real scenario, although it still did not have a place in life.And even if you had a tricky agreement that limited the growth of value, most likely there is a way to simply terminate it.

In the end, you are not safe from the fact that the cloud operator simply did not include development in its tariffs, and then faced with the need for large investments and will raise prices (or simply close). This happens when managers live one day and minute KPIs.

Total: be careful with discounts and special offers on clouds. They come and go, and infrastructure is for a long time. You should always be prepared to withstand market prices.

Staff requirements


When you maintain a small fleet of your own servers (for example, a couple of production servers and storage), you may run into a personnel problem. You simply will have nowhere to take the personnel of the appropriate qualifications for the competent maintenance of hardware, virtualization environment and backup. And the problem is not only in money. The server administration industry is changing very rapidly. Therefore, a person with good qualifications will just be bored, and he will gradually degrade in such a small field of activity (“overkvalifayd”, as personnel officers say), and a person whom you take “for growth” can quickly leave you (or vice versa linger too long, not particularly improving). In addition, one administrator is always a point of failure. A minimum of 2-3 people is needed who can insure each other on vacations and on sick leave.

In such cases, outsourcing of administrators, an extended contract for server administration, or the public cloud that we are discussing helps out.

For small projects, cloud deployment of machines, removal of backups, etc. It will take a couple of clicks (it’s really really unloading) and will allow you to save on staff. But complex projects, the interaction of several clouds with replication and monitoring may, on the contrary, require more people with completely different skills.

Total: clouds are relevant for you if the volume of maintenance does not allow you to maintain at least a small department of administrators of "hardware" with a more or less uniform load. In this case, you can save on staff. But the transition to the cloud for large projects will not necessarily lead to a reduction in staff and even vice versa can increase it.

SLA Compliance


Service Level Agreement, aka SLA, aka a service quality agreement cannot always be verified. You cannot afford to constantly drive benchmarks, and simply monitoring the performance of a virtual machine may not always indicate problems. The operator, deliberately or inadvertently, can limit the read speed, the CPU quota provided, the network bandwidth, and so on.

In addition, you cannot check in advance the provider’s promises about platform independence (see the Bitrix24 case above) and typical troubleshooting times. Here only your trust, which is not the most reliable thing. The operator, on the contrary, knowing about the low probabilities of really major accidents, may not invest in reservations for years and save on technology and people living for today. Of course, only very bad and greedy people do this. But they exist.

Total: cloud SLA may not meet expectations / agreements due to hidden savings from the operator. Proving it may be difficult or impossible.

Legal requirements


As the saying goes, " Dura Lex, Sed Lex ": many states make requirements for the mandatory protection of information (personal data, bank secrets, etc.). Compliance with national requirements is best (and sometimes only possible) in the national cloud or in your own data center. For example, it is problematic to process the data of citizens of the Russian Federation in the Amazon cloud. At a minimum, their copy should be on domestic servers.

It also happens that the modern Lex in the field of information security is too Dura, but also impossible to do (I will not give examples, so as not to cause too much discussion about the feasibility of certain measures of the famous package). Then it is better to buy a cloud service from an operator who is ready to take all the risks upon himself. In fact, it acts as a “roof” (some large operators are good friends with regulatory authorities, therefore, they easily take on such obligations and services). But it may turn out that cloud security is only on paper or only against specific threats (again, see the history of Bitrix24, where the company chose hosting for the requirements of the regulator).

: – . , , , .


Some engineering and scientific systems are very, very bad at moving to the cloud. Either for security reasons (burglar alarm, access control and management system - ACS, automated process control systems - APCS) or for cost reasons (video surveillance if it contains hundreds and thousands of cameras, special computers, supercomputers, multi-terabyte results computed tomography, etc.). Their operating organization is simply forced to maintain the engineering infrastructure of a server or small data center. These costs relate to conditionally constant costs, therefore, if they already exist, the organization can use them to organize other computing processes.

I also note that the data center engineering systems can cost more than its computing and software fillings. And in terms of reliability, they should not be inferior to the actual IT solutions. And here, too, there may be preconditions for saving. For example, if you have access to very cheap and uninterrupted (well-reserved) electricity, or a powerful cooling system, or your own unused rooms, or something like that, then developing your own data center may be more profitable than clouds.

: , , . - . - , .


From all of the above it follows that the use of clouds has many nuances. If you imagine a predictably developing small or medium business of local importance with a non-IT profile, then the clouds are your choice. In all other cases, it is necessary to carefully consider not only the direct cost, but also the risks to the business and reputation.
I hope that everything written here will be useful to someone. At least my boss liked the report on the possibilities of moving to the cloud, on the basis of which I wrote this article in a general way.

More articles:


All Articles