When the Clouds break; Risks in the Public Cloud

Posted by Edward in Cloud Computing, Strategy on Dec 28th, 2009 | 2 responses
If you like this article, please share it with your friends:
When the Clouds break; Risks in the Public Cloud

There is a lot of hype as well as valid discussion about the benefits of Cloud Computing. And while we hope that the faith we put in this elastic environment to scale and provide the flexibility we need to ensure our web applications are always running and performing at optimal levels for all our visitors, there will be times when things don’t go as planned. In this article I will look at a number of these issues with this new technology.

Note that these cases apply can equally to public and private clouds, just as they can to any type of hosted environment. These are not new situations, and the cloud in itself does not magically solve them, but the elastic nature of the cloud can often sweep them under the carpet.

Performance

In a single-server environment it is easy to see that when all your local resources are used up, things will run slowly or stop completely. In the cloud, the same thing is true, but the likelihood of it occurring is (mostly) mitigated by the fact that there is an extensive (but finite) network of computing resources available to scale the output of the web application, limited only by the number of devices available for the application to scale across.

Let’s look at Twitter as an example. In October 2009 we saw lots of “Twitter is over capacity” tweets. If you look at the data these are usually localised to a geographic region. Most of the tweets were Spanish when I checked and I am guessing this was South America experiencing the edge effect of their access route to Twitter becoming over capacity, ie their “corner” of the cloud had reached capacity, because (here in the UK) everything was running perfectly. So, although Twitter’s private cloud appeared to be running correctly (since tweets were being managed), some of the public parts of the network used to access it were not. For an overview of the Twitter infrastructure see this post (may be NSFW due to partial nudity involved to illustrate the discussion of the shared hosting used for Twitter status pages).

Moral of the story: Don’t just consider the availability of resources to run your web application, consider the availability of access points to reach it. Remember, ALL of these are shared, so you don’t want to fall foul of other people’s success. This risk is present for any form of hosting, but Cloud hosting serves to magnify this risk due to higher volumes of sites utilising these access points.

Security

Security in the public cloud space carries many of the same risks as shared hosting since, at some stage in the infrastructure, you will be sharing an IP address, and if this is compromised there is a risk that your data may also be compromised (unless your application has been coded using secure coding principles). You may have read others talking about the risk that your hosting company may have to give up its data to law enforcement agencies if they are subpoenaed, but this is true of any hosting company and any form of hosting and there is nothing you can do about it.

Back to your site security – your site may be vulnerable to, or a target for, hacking. Sites built using popular open source systems such as WordPress, phpBB, Drupal, etc., need to be patched regularly and continuously to stay ahead of the day when the site gets hacked and defaced, or, worse still, user data is stolen. Bespoke sites need to be coded securely and, while they are bespoke and less likely to be attacked, need to be monitored as they may eventually get on to the radar of hackers. Security probes put a continuous strain on the CPU and consume resources almost invisibly – they hardly appear in your bandwidth stats, and probably won’t appear in your web stats. But you will have to pay for them; and this blog is an example of this – the traffic and bandwidth are low relative to the Compute Cycles that are being consumed in order to operate it.

Relevant posts on Cloud Security (although the first is a little sensational in places) are:

Moral of the story: Code securely in the Cloud, monitor how many and what types of sites are on the same IP as you, and definitely monitor Compute Cycles. If you are using open source software, patch often.

Disaster Recovery

This is often overlooked when setting up any form of hosting – the most important question in the client’s mind is “how much is it going to cost?” And they don’t usually want to pay much. Consequently, lower cost services – and this includes Public Cloud Hosting – do not include a backup option, or any means for disaster recovery. So, if there is a problem (with security, or systems failure at the hosting facility) you can quickly find yourself with no means of recovery.

It is possible to adopt the DIY approach and build your own backup and disaster recovery solutions, but good web companies prefer to specialise in one or two aspects of the whole picture – for example, design, coding, CSS, SEO, etc. When it comes to system administration and hosting, these are usually not handled, or outsourced. A good web company will look for a solution that protects its clients in the worst case, and if the (Cloud) Hosting provider does not offer these options, then the promise of the benefits of Cloud Computing can quickly be erased if your web company doesn’t address these issues.

Private Clouds may offer these third-party services as ISPs already offer for dedicated servers – these are often called Managed Services and provide an array of support from patching and upgrading servers, through to backups and 24/7 monitoring.

Moral of the story: Think about the worst case scenario, and what it would cost you to start over. Think about how you solve this issue – through the DIY route, or via third-party managed services of some sort. Talk to your web company to find out what they can do for you.

Personal Experience

I have been experimenting with the adoption of Cloud Computing and, in general things have gone well. It has also highlighted the amount of “under the radar” traffic sites like WordPress blogs get, and how new this technology is.

The benefits have been clearly demonstrated to me – the availability and scalability of the hosting environment to provide consistent performance of the website. As have the risks – random short periods of downtime due to routing issues and database server quirks.

Since Cloud Hosting is a new technology, it is suffering from the inherent issues with anything new – it doesn’t always work, and the people setting it up haven’t quite figured out all the details yet. However, this doesn’t mean it’s not ready and that you should not adopt it. If you are prepared to live with a few glitches (like unexpected downtime when a database cluster has an issue, or an access point gets routed back on itself by the team setting it up and all the websites it serves disappear for an hour) and put some disaster recovery in place (which you should do whichever hosting service you use) then you will be ahead of the competition. Remember that many of your competitors probably used virtual, shared (cheap) hosting and suffer from the same sorts of issues – unexpected downtime, no disaster recovery, and little or no support – so you’ll be getting a better future-proof platform with lower mid-term risks once the ISPs sort out the complicated details of operating this new type of fluid environment.

My company has been using managed dedicated servers from Rackspace for some time now – these are about the best in the business and benefit from 24/7 monitoring and a team on standby to intervene if anything happens to your own database or web server. Issues are resolved within a few minutes. It’s great.

A move to Public Cloud Hosting – to enable greater scalability of business (ours and our clients) at affordable rates – introduces risks which we will need to mitigate to be truly effective. The Public Cloud is managed 24/7 – it has to be to be viable as a business for companies like Rackspace, Amazon and others – but resolutions to issues take more than 5 minutes as they affect much greater sections of infrastructure than just a single server when it has a problem.

Moral of the story: The Public Cloud is a fantastic opportunity but there are risks which need to be mitigated. If you are going to adopt the Public Cloud as a platform to grow your business, ensure you understand the risks and partner with companies that understand them also. This will ensure you mitigate the risks and enjoy good results from your chosen hosting platform.

Reblog this post [with Zemanta]
Delicious
Save

2 Responses to “When the Clouds break; Risks in the Public Cloud”

  1. Desktop Backup: Traditional, and Torrent-Like « A Work in Progress says:
    December 29, 2009 at 11:15

    [...] When the Clouds break; Risks in the Public Cloud (brilliantthinking.net) [...]

  2. Dare to Think - Cloud Computing’s Back End says:
    January 21, 2010 at 14:17

    [...] When the Clouds break; Risks in the Public Cloud (brilliantthinking.net) [...]

Leave a Reply

Subscription Options

Subscribe via RSS Subscribe via Email

Popular Posts

Tags

apple arctic Carbon footprint censorship climate change cloud computing co2 Design Domain Name System Dropbox Earth energy Facebook Flash flooding global warming Graphic Design Greenhouse gas health ice internet iPhone law LinkedIn Live Mesh marketing media Microsoft Peer-to-peer Philosophy Renewable security SEO Social media Social Network spam SugarSync tax transport twitter Web 2.0 Web design Web Hosting Website Wi-Fi

TwitterCounter

FeedBurner Stats

Powered by Wordpress