back to article Hybrid multi-cloud is a mess to clean up, not an innovation to excite

Enterprise IT infrastructure has consistently given us worthy investments to make and jobs to do in the last 20 years. In the early to mid 2000’s, server virtualization made hardware fleets more efficient, improved utilisation rates, made it easier to manage applications, and saved money. It was a no-brainer, everyone adopted …

  1. spireite Silver badge

    Multi hybrid cloud

    The thing that gets overlooked with this concept is....

    Egress costs

    I was in a situation where AWS was the primary platform but there was a dependency on SQLServer.

    As to the latter being MS, that was implemented on Azure SQL because it was cheaper.

    Any savings over AWS RDS SQLServer were swallowed up by extra person hours overheads, egress, and other stuff.

    Integration between the two costs...

    Who'd have thought it!!!

    1. Mike 137 Silver badge

      Re: Multi hybrid cloud

      "The thing that gets overlooked with this concept"

      Another (and rather important) thing that gets overlooked is that the user has serious problems managing their own security. If a web site draws on half a dozen (sometimes much more) different servers on different domains, the user's attack surface is significantly increased and setting adequate restrictions browser-side gets really hard.

      But who's thinking about the user these days (except as a source of revenue)?

  2. Mike 137 Silver badge

    Long before the comms

    "one of them misses out on an important piece of security or governance and suddenly you’re asking the PR team to implement its crisis comms plan"

    Long before that you should have been implementing a crisis prevention plan to avoid the need for "crisis comms". I'm wondering where the incredibly dumb idea that a third party service provider will ensure your security without your intervention came from. However I suppose the source was the same as the prevalent view that the fundamental axioms of probability have no bearing on infosec risk assessment -- a lack of enthusiasm for taking personal responsibility for anything that might backfire.

    Adequate infosec is at least as much a matter of attitude as it is of technologies.

  3. mdubash

    I seem to recall writing this same article 15 years ago....

  4. momus_98

    We Did This Already

    "The cloud" is nothing more than a server farm. We did this already back in the '90's. The only difference is it's someone else's server farm.

    Meanwhile, the mainframe humming along quietly in corner of the room is still running the world.

  5. Ranty

    One of the fundamental duties of a solutions architect is to control the technical complexity. If you don't instead of getting pools of expertise and pockets of ignorance you mostly get pools of ignorance.

    Hybrid cloud means there is more than one thing but different enough to require more knowledge as to how to secure, maintain and develop in it.

    Forget egress charges. Even if horrendous it pales into insignificance next to the duplication of effort required for the extra staff and staff time to look after it.

    CFO Long pockets is going to hate waiting for their staff to produce a cost for cloud report.

    The quarterly visit from the auditors, what fun. If you automate the collation of information for the auditors in one cloud then you'll have to do it all over again but differently in another because the mechanisms for doing so are different.

    Let's suppose you've gone multicloud for the shiny-shiny. All the gear and no idea! How does that translate into better customer experience, retention and sales?

    Multicloud means multi feudal kingdoms.

    Basically multicloud is a massive CTO egowank

  6. This post has been deleted by its author

  7. RichardBarrell

    Good article, broadly agree with the premise.

    There are a couple of legit use cases for deliberately not going entirely all in on a single cloud vendor. One is uptime monitoring: if I'm hosting websites on AWS, it would be a good idea to use a non-AWS vendor to monitor their uptime. That way I'm less at risk of common cause failures (like big problems across all of AWS) that take out both my websites and the services that monitor them, at the same time.

    One small nitpick about this specific paragraph:

    > Public cloud wasn’t for everyone, or every workload, but it was undoubtedly a welcome innovation and alternative. Few adopted it begrudgingly.

    Quite a lot of people begrudge it intensely. It seems that they all hang out here, on The Register's comments section. ;)

    1. Lil Endian Silver badge

      One is uptime monitoring

      Like a third party dedicated uptime monitoring service, rather than a non-dedicated alternative remote server vendor (that's "cloud" in modern parlance!)?

      Assuming there's actually at least one working machine physically available to you (so that you can see your uptime monitor monitoring), let's go crazy-mad-crazy and bring it in-house! How about:

      $ ping > uptime.log &

      $ tail -f uptime.log

      I can watch that scroll up all day long!

      Happy to play the commentard of begrudgement!! :)

      [KISSing ain't just for the beautiful people!]

      1. RichardBarrell

        Re: One is uptime monitoring

        That is terrible. It doesn't send requests from multiple locations so it has no idea which end broke (its own connection or the box at the other end). It does just one DNS lookup at the point you first start the command going; it will not tell you if the DNS zone subsequently gets broken. It doesn't message (email or SMS) anyone when it breaks. It doesn't check that the actual application is up at all; there are many failure modes that will leave a box responding to icmp echo but not doing anything useful. That isn't KISS, that's just completely declining to attempt to solve the problem.

        1. Lil Endian Silver badge

          Re: One is uptime monitoring

          You spotted the terrible bit. Did you miss anything else? I was clearly not being serious, at least I thought I was being obvious - plenty of clues in there. I'm so very, very sorry I wasted your time by encouraging you to post.

  8. Lil Endian Silver badge

    IT is not responsive (The Unicorn Project)

    Axiomatically, IT is a solution to a "real world" problem. That's why application software is named as such.

    Why is IT's endeavour to provide a solution seen as non-responsive? Why are projects "always" doomed to overextend on time and budget? Why can't there be a real Unicorn?

    Unicorn Inhibitor #1. Manglement. Techies understand that an IT project's time is largely scoping, analysis and design, followed by the development of the solution (excluding implementation). Something like 70% of the first and 30% of the second in a project is, arguably, reasonable. Manglement, especially in $Corp, denies that premise - like politicians deny maths regarding backdooring encryption. They think a 5/95 split is way over-doing it on the 5!

    Unicorn Inhibitor #2. Change Control! Yep, Change Control is there for a good reason. It's also a killer if the PHBs don't allow IT to "do it right" (as in #1). Every design change, because techies weren't allowed the time to design correctly, feeds an ever increasing CC snowball that even their own hell cannot melt. The larger the $Corp, the larger impact per design change. CC is the project PITA that auditing is to operations!

    Only when techies are permitted to act appropriately is there a chance of seeing a Unicorn. A very, very, very slim chance!

    (Aaaah! Forgive me for preaching to the converted!)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like