Soussan DAS Computer Consultants


Our Team
Solutions
Projects
Clients
Contact
Cool Stuff
 KeyholeKeyboardLaptop ComputerComputer Chip
 

A sip of Cloud Kool-Aid

I'm getting a whole lot of questions nowadays about the cloud. The chorus sounds a bit like all the creatures from Toy Story in the big machine looking skyward and chanting "The Claw..." except everyone is chanting "The Cloud..."

Instead of saying the same thing over and over again (which I've been doing variations of for more than a year now), here are some things the cloud vendors either aren't telling you or hope you aren't going to think about on your own.

Quote
Click Here for Press Release

What I mean by "The Cloud"

Since the first two university computers were connected via 56Kb wide area network connection there have been services you can use over the Internet. Early on it was Telnet and FTP, then HTTP, and now ... a whole lot more. Just because something goes over the web to another location, that is not what I'm talking about when I say "The Cloud". 

I am talking about paying an external entity for some kind of service they provide and your data is stored in some undefined location that you can't go visit if you wanted to. It might exist in multiple locations and allow you access to it in a seamless fashion. It might be spread out over multiple systems in people's homes who are donating storage to the collective storage pool in exchange for storing their own data in that same pool. You just don't know where or what it is, you just know the service somehow magically lets you touch that data when you want to.

Think of the cloud like your electric service. You don't know if the electricity you are using comes from a nuclear plant, a coal plant, or the guy a couple of streets down with all those solar panels and windmills on his farm. You just know that most of the time you have reliable electricity at any outlet in your home and you pay a monthly fee for that privilege.

That is what I mean by "The Cloud". If you rent space in a data center and put your server there, or if you rent space / time on a server of theirs, that is NOT what I mean by "The Cloud" - that is your server you access remotely, which some call a "Private Cloud"

What makes Cloud Kool-Aid cool?

The fact that you can pay a monthly fee and someone else handles all the heavy lifting. They setup the server(s), install software, do patches, keep it backed up, have redundancy, etc. Of course, this assumes it is a reliable provider. Hopefully if you are using cloud services you already know these things are happening. If not, you should do some due diligence. But that is another story.

For a small business, there is a lot of cash to plunk down on software and hardware and consulting or hiring someone that you don't have to do if you put it up in the cloud.

Lets do some quick math: Google Apps for Business, $50/user/year. 5 users, that is $250/year.

A startup company can have an older server for $300, SBS2003 or 2007 for $600 (less if you buy it second hand), plus some setup time. Lets say your out the door cost configured and running is $2000. Yeah, I didn't add AV but I did put in an external backup drive.

That is 8 years before the system is paid back! Why would I not want to go to the cloud?

Those costs per user per month are better the fewer users you have. At some point, they cross over and become way more expensive. See the next section where I do the math on hosted Exchange server that another client was looking into.

So costs and ease of administration are the two big wins when you are small. But what are the downsides?

The Internet compared to another big network

Your electric service is a great example of another network. In the 1907, only 8% of the dwellings were using electricity. By 1932, 80% of the urban dwellings had electrical service! (1)  That is a very short time - 25 years - to have that much technology change happen. It kind of follows the pattern the Internet has in the last 25 years.

In 1987, the Internet was a bunch of college campuses hooked together and a couple of businesses, usually ones that had relationships with those colleges. In fact, prior to 1984 if you didn't know the IP address by number of the system you wanted to talk to, you couldn't connect to it unless you put the name and number into your hosts file. Today, typing "www.microsoft.com" is easy and we expect it will just work. But it wouldn't not too many years ago.

The point is, our whole internet experience, as cool as it is today, is still in its infancy. We tech geeky type people built this cool thing that started off as something for us to do cool stuff with, and the rest of the world jumped into the pool and expanded what it could do by many orders of magnitude. Various telecom companies (and other entities) put down fiber across the country, expanding our ability to send data bits between any two points. It has all exploded so fast and is such a part of life today who could imagine a world where we can't get online from just about anywhere?

And then the bad people - people who want to steal your money - got wind of this and figured out that we built this whole big internet thing with the hope of doing some cool stuff and didn't really think about how bad people might use it. Yeah, there were computer viruses that got passed around on floppy disks a long time ago and even some that would spread over your local network. But now it is all about money! Cyber crime has eclipsed drug trafficking as the #1 money maker of the criminal world. There are enough stats on this online that I won't bother quoting a source for you.

And that industry too is just in its infancy!

And this is where the computer network diverges significantly from the electrical power network - the criminals can't get quite as much money sucking free electricity off the grid as they can fooling people into giving them money or outright stealing it over the net.

One last thought before going back up into the cloud: The electrical grid is incredibly reliable. Mostly. In fact, how many of you wonder every time you flip a switch if the light will turn on or not? You probably don't give it much thought.

However, if you were in California in the years of the rolling blackouts (2000-2001), you did have those doubts. The times were great for the companies that made backup generators! Our neighborhood and state were impacted by the 2003 blackout that took out much of the east coast. So while it is OK to think the electrical network will work no matter what, you need to know that it isn't a 100% reliable solution.

And even with those problems, our electrical grid is way more reliable than your internet connection... especially since your internet connection likely depends on that electrical grid.

What makes Cloud Kool-Aid poisonous?

Reliability - If you take nothing else away from this article, remember this phrase: "There is no guarantee of service on the internet." In fact, it is worse - not only is there no guarantee for your local connection to the internet, but there is no guarantee that at any given point your data will make it through the twisty little maze of passages that are taken by each one of your data packets on their way from your computer to the other side of that cloud. The fact that it does work as well as it does most of the time is a testament to the engineers and protocol designers. Yes, a service can claim 5-nines (99.999% uptime) and can provide that level of service given the redundant sites, redundant power, redundant internet feeds to each site. All that doesn't matter if your local Comcast, Wow, AT&T, or whoever's circuit has a problem. Or if the hop your data takes jumping networks somewhere in Chicago is temporarily poisoned so your data goes east instead of west, never to be heard from again.

Or if someone pisses off the wrong people and become the victim of a Distributed Denial of Service attack (DDoS), all bets are off. I've been on both sides of a DDoS, both defending a company that was infected with bots and attacking others and neither one is a walk in the park.

There are so many ways the web doesn't work. It might not be often, but it does happen. When it does and you are surfing the web, you'll hit refresh a few times and maybe you get the service in a minute or two or maybe you shrug it off and try again in a couple of hours or tomorrow. When you are surfing around, watching videos on YouTube or posting updates on Facebook, it is usually nothing critical.

But lets change this - lets put some business critical function into that cloud service.

Lets take a service that many companies use the Internet for - Payroll. And lets make this a business must be ready today critical function - you have a union shop and the workers practically riot if they don't get their checks on time.

Or worse yet, lets put a whole hospital's data 'in the cloud'. Which is actually true. I was at a hospital with an extended family member in October 2015 when some road construction cut a fiber optic line.

This hopital went completely data dark.

I'm talking all the electronic nurse charting was offline, none of the patient vital stats telemetry worked, none of the machines that reported their data to a central monitor worked ... even the phone lines were down. I watched doctors and nurses stepping outside to make calls from their personal cell phones to get basic questions answered or medication approvals or consult with other professionals.

I don't know about you, but I certainly don't want to be taken care of at a medical facility with that level of risk. The bean counters likely decided to cost reduce and consolodate at a central location so they had no ability to functional effectively without their data feed. My design would certainly have had redundant local storage and facilties that did not require an internet connection in order to operate normally.

Their backup plan was in my opinion completely unacceptable.

What this means is when that service is not available for any reason, you had better have a backup plan - some alternate method of running your payroll, otherwise those workers will get nasty. Or a nurse to know what medication to give and when to give it.

I'll give a real world example that happened to me. I use various methods to remotely assist clients with their system problems. When a client doesn't need service very often or they are new enough that I've not yet setup remote access at their site, there is a third party remote control tool I can use to see their screen and take control of their mouse and keyboard.

The client was able to download and run the tool, but I couldn't get to the site - which was up and running - but I couldn't get to their site to setup the remote control session. The end problem had nothing to do with that site or service. Someone put a bad route into a routing table somewhere 'in the cloud' and my data bounced between two locations in downtown Chicago instead of making it to the remote control vendor's site.

So for that particular day and this new client, until Comcast and another internet backbone vendor (AT&T) cleared up the routing issue, I couldn't help that client's problem by looking at their system remotely. Luckily it wasn't anything critical - I could connect a day later and all was well.

Always have a backup plan

If this was a client I needed to guarantee I could always get in touch with and support remotely, I would have to have another method of connecting up to their network and helping them. Or in half an hour, if this was an emergency I could be at their front doorstep.

Speaking of backups...

I can talk for hours about backups - and there are a lot of backup services that are now "in the cloud" and touting their services as bigger, better, faster, cheaper, more reliable, etc.

But what they aren't all saying is important to know, and you are about to read it.

One of the unadvertised problems with on-line backup solutions: If you have a lot of data, it might never fully back up - or you might be changing the backup faster than the data pipe can handle. A 768Kb/s upload speed on a DSL line run full speed takes around 8 hours to send 850 MB of data.

Lets say you run a photography business and use the cloud for backup. If you just shot a wedding and have 32 GB of raw files, that will take 12 days to transfer. If during those days, you are editing, saving, creating different crops, ... every one of those edits lengthens the time to make your backup complete.

If you shoot 1 wedding per week and generate 32 GB of data at each wedding, your backup will never catch up to you!

Lets flip it around now. A disaster happened that took out all your computers. Maybe someone broke in and stole your equipment. It is easy enough to go online and buy new systems, but now you need to get all that data back into your studio. If you only need one file, no problem. BUT if you need ALL of them, or even just the 32 GB of stuff from that last wedding shoot - if you have a lot of data it can take many days, weeks, or even months to get it all transferred back. The fact is you can drive many terabytes of data across town using TireNet and SneakerNet way faster than you can transfer it over the internet. External > 1 TB drives are cheaper than most on-line services charge for a single year (7/2011, Carbonite unlimited online backup, $59/year per computer, which is the same price as a 1 TB external Seagate hard drive).

But you do have to have discipline to bring your off-site data store back on-site and startup the backup every day, week, month, or whatever. But no photographer I've ever known had smaller data storage requirements. My $0.02.

So, before you decide to put all that backup data in the cloud, look at what you want to store there and how big it is. Then do the math and decide if the pain / problems you might face when needing to restore are acceptable risks and pain.

And while you are at it, you do know you shouldn't have only one backup, right? You should have a local backup copy as well as an off-site backup. But that is another topic not related to the cloud.

The Cloud and privacy

So you've got all this data and you want to store it up on GoogleDocs, your Live account, or any of the numerous internet based file storage schemes going on right now. Or maybe your database for ACT! is going to be hosted up in the cloud.

Before you store anything out there, ask yourself who else can or will have access to that data and in what form.

Lets say I decide to host my company's quickbooks data on some cloud storage system somewhere.

If everything is encrypted in such a way that the cloud service cannot read and understand your data UNDER ANY CIRCUMSTANCES, you are OK. Ask your cloud storage vendor: "If the FBI, CIA, NSA, and a guy with a couple billion dollar offer in their briefcase comes to their door and says 'Give us this user's data in a form we can understand' - can this company comply? Or will they have to say 'Well, here is their encrypted data. We don't have the keys, but perhaps you can crack it?'"

And does your setup for sending your data encrypt that data in a form that is strong enough that current or near future technology can't crack the encryption?

If the answers to both of those questions are the right answers, then you can sleep easy storing any data you want on that cloud service is yours and yours alone.

However ... if the company encrypts the data but maintains possession of the keys, or they store it unencrypted, or their backups aren't encrypted, or .... there are whole lot of ways your data is potentially exposed. Now I'm not worried about most people at any of these companies. But it only takes one - that one guy with a gambling problem who is going to be hurt by the bad guys and is looking for a quick score, here is all this juicy payroll data on employees, their social security numbers, other identifiable information to potentially sell to someone involved in ID theft and get out from under his problems.

The fact is there are dishonest people in the world, and if you don't protect yourself and your company from them you are making yourself into a target. It is a risk with a huge downside, so why not take measures to protect your data before it leaves your direct control?

Speaking of backups Cloud Costs - $$$

Here is where the cloud looks extremely attractive when you price it per unit time VS. buying equipment and software.

Lets pick one of the easiest applications to push to the cloud - email. Why? Because we pretty much all already have some kind of cloud based email. Who reading this doesn't have either an ego or alter-ego with Yahoo mail, gmail, MSN mail, AOL mail, or any of a hundred other free email providers? And what do we pay for that free email? NOTHING!

Or do you? Somebody has to pay for it - servers aren't free. So the first thing you need to do is realize that nothing is free - you DO pay for it.

How?

You pay by knowing any of those services are throwing ads at you. Some are worse than others - I just signed into my Yahoo mail account and have one box hocking shutterfly, another saying I should open a Bank of America credit card, and a third subtle one offering Netflix for free. Refresh, and Holiday Inn is giving me best price guarantees in two of those boxes! Some are downright annoying with all the blinky blinky banners and scrolling boxes and flashing crap sometimes lined up the left side, down the right, and up top ... it is amazing I can find my email at all.

And when I surf from my phone, I pay the data charges to have all those ads send over the 3G/4G network to my phone! Some of those ads even start playing video / audio at me as soon as they can. It is downright annoying.

Some of the pages are so annoying, I've documented how to neuter them. For example, many sites now push their web content through a service that makes mouse-over pop-up ads. So when you move your mouse, if you don't dodge the land-mine of these links, you'll be constantly thrown lots of these irritating mouse-over ads you have to individually close. It pissed me off so much that I wrote an article about how to neuter those ads you can read about here!

So those services are automatically reading all those inbound emails and using them to help target ads to me. Do I care about that? Probably not. But it is something to think about and decide if this is important to you or not. But that is how you pay for those services.

Lets change the scenario - you've got a 300 person company looking to potentially implement your own Exchange server on premise and look at all the costs involved. Compare this with a hosted service. In late 2011 I did a quick search and found a couple of companies that hosted Exchange for you for a cost of $8 per user per month that allowed the kind of service I'd expect.

$8 per user per month sounds cheap. My client was looking to switch to the cloud rather than update their Exchange server.

300 people @ $8/month = $2,400/month. That works out to $28,800 per year. The service handles backups, patches, other updates, anti-malware, ....

At the time, pricing for:
Microsoft Exchange Server 2010 + 5 CALs = $1,187
Microsoft Exchange Standard CALs were $50/ea, * 295 =  $14,750.
Operating System License:  $750

Total so far: $16,687.

Add in some hardware - lets go big and expensive, and say $8,000. Though I can run that on 2-3 year old hardware with some new drives and you'd be out the door for under $3,000 in hardware costs. But we will use the higher number just because.

You are at $24,687. Add in some anti-malware for Exchange, some external backup drives you can swap out ... and you are good to go.

So, to those just counting the beans, it is a wash that first year or a very slight savings. Add in configuration time for a professional to come in and set things up and you are a bit behind the cost curve in year #1.

But on year #2, you save $28,000. By year #3, you saved $56,000. Yes, you have a system administrator - maybe he is on site and doing other things, maybe it is a part time service you can throw tasks to every now and then. But I'll bet if you do the math you are way ahead on the cost curve.

"Ummm... David, my costs to maintain are not zero. My system administrators cost money and this lets me eliminate that and possibly reduce headcount."

Seriously - if your system administrators are spending 1/3 of their time administering your Exchange server then you need to get a different admin. Most of the setups I've been involved in have been largely trouble free for most of their lives.

More benefits from running your own

I've gotten involved in some strange interoperability diagnostic session. In one case, Client1 couldn't send mail to Customer1, but Customer1 could send mail to Client1. The root problem was a known issue with Novell Groupwise talking to Exchange, and updating their Groupwise solved the issue.

In another case, the Cisco SMTP protocol helper built into their Cisco router was molesting data causing similar problems.

I've seen instances where emailed attachments are getting dropped, mail is rejected for mysterious reasons, or the two email servers do their initial "Hello!" and right away say "Goodbye!" - just hang up on each other.

Debugging this took effort on both sides of the email path, and both sides needed access to the systems that are normally
"behind the scenes" from everyone else (log files, network sniffs, etc.)

When was the last time you called a technical support person with a reasonably complicated technical problem and they were able to solve it for you quickly and easily? Now try doing this with two different technical support departments at two different email cloud companies and getting them to talk to each other to figure out why both of them aren't talking to each other properly.

My bet: You will be helplessly lost between two vendors both blaming each other for the problem without really knowing the root cause. Been there, done that, got the t-shirt to prove it! And the sad part is, you are powerless to get it fixed.

Someday, all systems will seamlessly interoperate. But today things are still changing so fast it is impossible to test all combinations before some new feature is released to validate that it didn't break any of the millions of paths the data can traverse. Unless you are in technical support, you don't realize how often users get sucked down into the whirlpool of interoperability problems.

And here is a new one: the iPhone was losing power very quickly. If my Exchange server were "in the cloud" somewhere and I couldn't really touch its insides, how would I have ever diagnosed this to the root cause?

What if you have a need to add services to your provider? For example, may of the Exchange hosted services provide some form of anti-spam and anti-malware in addition to the hosted email. When the spammers SpamBot 4.0 is released and the existing spam detection proves inadequate, how will you upgrade your spam detection? If you see lots of bad stuff is coming into your server from Brazil and China, can you block by country? You can if you host your own - change your firewall, or add the blocks at the firewall level, or if your own filter lets you block by country ... it is all very doable and trivial to turn on. But if you have another company providing that hosted Exchange experience, you are at the mercy of what they offer as a service.

Coming back to earth, get your head out of the clouds!

So you've got all this data and service up in the cloud - how easy is it for you to get that data out of the cloud should you decide to migrate it back to your own local world?

How easy will it be if your vendor goes out of business or changes their terms of service? And read all that fine print instead of just clicking the "Agree" button - I'll bet you they can change their terms of service at anytime and you should consider yourself lucky if you get even 60 days notice.

Now I'm not worried that Amazon or Microsoft are about to go out of business. But their terms of service will change - that I'll bet my paycheck on.

As a photographer, I also use Smugmug, which uses the Amazon storage services for the photos. A few months prior to our renewal  due early in 2013 I got a notice saying they were doubling the price they charged for the professional services.

It happens. Then what do you do?

My point is: If you use cloud anything, at least give some thought to how to get your data back into your own hands should you want to take your ball and go play elsewhere.

Conclusion

There are times I feel like the boy telling his mom "But the emperor has no cloths on!" and this is one of those times. If you've thought about everything above, done the math, and it makes sense, then by all means lets move your business into the cloud. But if you haven't thought of those items, I hope your eyes are a bit more open to both the good and bad of cloud services. 95% of what I do is educating my clients so they can make a better decision.

I know right now my Internet is no where nearly as reliable as the electrical grid. And we lose power a few times every spring / summer as the power lines behind the homes are in the air and we've got dense trees throughout the city. In 2011 I went through two months of intermittent Comcast internet, and that started repeating in October 2012. We have squirrels - lots of them due to all the trees - and last year they chewed some gaps into some of the cable lines that Comcast uses.

Stuff like that happens.

If I were going to lose thousands of dollars every minute the internet is down, I would have services hosted at multiple facilities with redundant feeds and automatic failover. Or maybe I'd pay an extra $100/month and have a DSL from AT&T as a second internet source to Comcast.

When you put your business needs into a cloud service, you are at best as reliable as the product of the internet connection, their own reliability, and your local company infrastructure's reliability... with limited ability to impact two of those three items.

Think about that.

 

References:

(1): http://www.eia.gov/cneaf/electricity/page/electric_kid/append_a.html

 
Footer