How to tame clouds: examples of practical use. Cloud issues
The second post from Mikhail Mikheev 's series of copyright texts " How to tame clouds: examples of practical use ."
In the first post I mentioned the main advantages of cloud infrastructure, and promised to tell you about the disadvantages.
First, repeat the pros :
Problem 1: Dependence on the communication channel.
The Internet fell between us and the cloud data center - that's all. Extinguish the light.
Why this problem is not very scary:
Problem 2: the dependence of the availability of our infrastructure on the hosting staff. Suddenly they hired students who, knowing nothing and not knowing how to kill our virtual girls?
The unchastity of this problem is probably the easiest to justify. The corporate cloud service provider’s business is accessibility and accessibility again, any idle time is a loss of reputation and money in the form of fines, so the level of motivation in organizing the quality of services is significantly higher than that of the internal IT service.
Problem 3: Dependence on global hosting problems. And what if, for example, all the iron comes to them and takes it away?
Here you need to look at a specific service provider of cloud services. Where he placed his equipment, what level of physical security of the data center, there is for example a platform where and with the court's decision is not easy to get. In particular, IT-GRAD clouds are located in such a data center.
Problem 4: not any software will work in a virtual machine.
If the program requires only a processor, memory, disks, a network, a simple video card and usb for peripherals - everything is ok. Otherwise - otherwise. Sad but true. On the other hand, one can easily disagree with this. "With this" in the sense that this is a problem. There are few server applications that are not enough for modern virtual servers. And the old applications, which today will not work anywhere, except for virtual servers - just can be found. For example, from the experience of our customers - at the moment, only thanks to VMware virtualization tools can we continue to use software that works, for example, only for Windows 3.1.
Problem 5: data privacy - their admins can access our information.
According to the mind, this problem should be reformulated: “We don’t want privacy to become worse after transferring services from our server to an external data center.” The situation further forks: a) or we talk about sensitive data, and we’re talking about confidentiality) in general, and not professionally. The first case is the subject of a separate discussion, the result of which can be squeezed into the framework of a tweet: “Really critical services from the point of view of confidentiality are not taken out.” But in the second case - relevant for b lshinstva services of most companies - will focus in more detail. Question: "Do you have confidentiality now?" Answer: “Something like that?” Or can you give a more intelligible answer? Are responsible people assigned? Have legal, technical, organizational and psychological measures been taken? If the answer is “no”, it means that the company is not protected in any way from the internal administrators, but with a legal entity, a cloud provider, this area can be regulated much, much better.
Question : "After the transfer of services to the cloud, will the situation with the confidentiality of our data become worse?"
Answer : “No. We would say that it will be better. ”Remember, at the beginning I wrote the phrase“ Really critical privacy-sensitive services are not taken out ”? It is not entirely correct. Today, there are specialized security tools for vSphere, and for specific projects they can be applied and applied successfully. At the moment we are talking mainly about the products of Security Code. I mean, with the economic and / or other advantages of using an external cloud for a project, the idea in no case should not be abandoned due to the availability of sensitive data - it is worth raising this question, exploring the possibilities and, often, seeing that using special tools is sufficient the level of confidentiality is realizable. The first post was devoted to introducing the question, the advantages in general were described, and the task was set - to illustrate the possibilities. Now we talk about problems - and about their solution. Then we will return to the task - because we need to solve it ...
In the first post I mentioned the main advantages of cloud infrastructure, and promised to tell you about the disadvantages.
First, repeat the pros :
- There is no need to invest in the acquisition of hardware, software, the introduction of all this.
- A drastic reduction in time costs before work begins.
')
Good quote:
Clouds and ERPcontinuation in the original source
What benefits can be obtained from the use of "clouds" in the process of implementing the ERP system. The implementation team came and estimated the needs for iron approximately - very roughly estimated. Further, the customer’s IT department began a search for this server system (they chose a manufacturer, brand, and agreed on delivery). Most often, the server did not arrive faster than in 2-4 weeks, but it was often possible to wait a couple of months. In parallel, issues were solved with the work of remote units - or a centralized server and communication channels, or variants with distributed databases (which also require communication channels). At that time, while the server was waiting, the system was configured either on a temporary server (which is already old, but still a pity to throw out) or on the implementers' computers (NAV and 1C live on a laptop easily, Axapta is difficult, but it can also work - talking about OEBS or SAP does not go - we are considering implementation in small or medium-sized firms). Then there are two options - there is a server by the time the system is started or not yet. If it does, then after the server arrives, the OS and ERP installation process begins, and the settings are configured and transferred (almost always the arrival of an IT specialist from the implementation company is required). And then everything is already configured on the future working server. If not, then the system starts on the old server, and after a while, when the server arrives, the transfer is performed (transferring a working system is a pleasure below average). Until that time, there are brakes and other delights of old iron. Also, at the beginning of work, the companies where there are remote divisions started various problems related to the operation of remote divisions. For example, the most common problem is setting up printers for terminal access to the server. In addition, various glitches when setting up a VPN, etc. etc. - there are almost always problems. Of course, after some time they are solved, but the nerves are shaking. Well, at the very end, after about six months of industrial exploitation, it turns out the actual load on the iron. And in 99.9% of cases one of three is detected - either the server is unnecessarily powerful and is not used by 25% (at peak loads up to 50%), or the server as a whole is weak and a more powerful model is needed, or the optimal processor / memory ratio / disk subsystem (something more powerful than necessary, but something is missing). What could be a similar project now when using clouds (cloud computing)? (As it is written in the credits of some films, the plot is based on real events)) ...
- Reducing (not increasing) maintenance costs (zp admins). You do not need to maintain the infrastructure of the lower level (server hardware, storage systems, network infrastructure, software that can be called low-level - vSphere, firewalls, NAT, and some other systems.
- No problems with the choice of configuration - to reduce or increase the resources allocated to the application (VM) resources is trivial.
- Ensuring high availability is cheap - commonplace troubles such as failure of a piece of hardware (whether it is a server infrastructure piece, network or storage system) do not lead to long downtime (in some cases there is not even a minimum idle time). This plus, in fact, is one of the leaders of the hit parade of reasons for choosing a cloud infrastructure.
- Dependence on the communication channel.
- Dependence on foreign students who administer the infrastructure.
- Dependence on hoster global failures (show masks, as the most popular disaster in our latitudes according to some sources).
- Not any software will work in a virtual machine.
- Data confidentiality - the leader of the hit parade of horror stories.
Problem 1: Dependence on the communication channel.
The Internet fell between us and the cloud data center - that's all. Extinguish the light.
Why this problem is not very scary:
- the channel falls, usually not often. However, you can evaluate the probability of this event for your company yourself;
- the channel is redundant, usually;
- if the channel fell on our side (usually it does not fall in the cloud data center or at its providers) - the normal operation of a modern company is not possible this way. It will not be worse to bring some services to the cloud if this assumption is true for your company. Moreover, if some services are accessed from outside (for example, web or mail servers), carrying them to an external cloud will allow them to become more accessible to external clients of these services.
Problem 2: the dependence of the availability of our infrastructure on the hosting staff. Suddenly they hired students who, knowing nothing and not knowing how to kill our virtual girls?
The unchastity of this problem is probably the easiest to justify. The corporate cloud service provider’s business is accessibility and accessibility again, any idle time is a loss of reputation and money in the form of fines, so the level of motivation in organizing the quality of services is significantly higher than that of the internal IT service.
Problem 3: Dependence on global hosting problems. And what if, for example, all the iron comes to them and takes it away?
Here you need to look at a specific service provider of cloud services. Where he placed his equipment, what level of physical security of the data center, there is for example a platform where and with the court's decision is not easy to get. In particular, IT-GRAD clouds are located in such a data center.
Problem 4: not any software will work in a virtual machine.
If the program requires only a processor, memory, disks, a network, a simple video card and usb for peripherals - everything is ok. Otherwise - otherwise. Sad but true. On the other hand, one can easily disagree with this. "With this" in the sense that this is a problem. There are few server applications that are not enough for modern virtual servers. And the old applications, which today will not work anywhere, except for virtual servers - just can be found. For example, from the experience of our customers - at the moment, only thanks to VMware virtualization tools can we continue to use software that works, for example, only for Windows 3.1.
Problem 5: data privacy - their admins can access our information.
According to the mind, this problem should be reformulated: “We don’t want privacy to become worse after transferring services from our server to an external data center.” The situation further forks: a) or we talk about sensitive data, and we’re talking about confidentiality) in general, and not professionally. The first case is the subject of a separate discussion, the result of which can be squeezed into the framework of a tweet: “Really critical services from the point of view of confidentiality are not taken out.” But in the second case - relevant for b lshinstva services of most companies - will focus in more detail. Question: "Do you have confidentiality now?" Answer: “Something like that?” Or can you give a more intelligible answer? Are responsible people assigned? Have legal, technical, organizational and psychological measures been taken? If the answer is “no”, it means that the company is not protected in any way from the internal administrators, but with a legal entity, a cloud provider, this area can be regulated much, much better.
We summarize
Question : "After the transfer of services to the cloud, will the situation with the confidentiality of our data become worse?"
Answer : “No. We would say that it will be better. ”Remember, at the beginning I wrote the phrase“ Really critical privacy-sensitive services are not taken out ”? It is not entirely correct. Today, there are specialized security tools for vSphere, and for specific projects they can be applied and applied successfully. At the moment we are talking mainly about the products of Security Code. I mean, with the economic and / or other advantages of using an external cloud for a project, the idea in no case should not be abandoned due to the availability of sensitive data - it is worth raising this question, exploring the possibilities and, often, seeing that using special tools is sufficient the level of confidentiality is realizable. The first post was devoted to introducing the question, the advantages in general were described, and the task was set - to illustrate the possibilities. Now we talk about problems - and about their solution. Then we will return to the task - because we need to solve it ...
Source: https://habr.com/ru/post/118371/
All Articles