Posts by Nate Amsden

Re: Stupid "Optimized defaults" nonsense.

Count me in on the clueless I guess.

I bought a Ryzen 3700X on the day it was released along with an Gigabyte "X570 I AORUS PRO WIFI", which I think was the only Mini ITX board available at the time. Bought good Micron memory and enabled the XMP feature to run the memory at the right speed(which to me wasn't overclocking as that was specifically what the memory was sold to operate at). Looking at the manual again there is no indication XMP had any effect on the CPU, I always assumed it was a memory specific function. I'm not one to overclock, the only time I ever intentionally overclocked was a P200MMX to 233Mhz(or was it 225Mhz..).

I did fry that board after less than a year(December 2019), first time in 20+ years I had a motherboard fail on a personal system that I can recall anyway. After the system froze overnight(during encoding), I power cycled it, but it would not turn on again. I tried many times and eventually the magic smoke came out of a component on the lower right side of the board with tiny sparks. Gigabyte accepted the RMA without question(or explanation) and replaced the board(with same revision number, was hoping it would be a newer revision that fixed some known issue), been working fine since - no other components were damaged. The only thing that system does is encode video with handbrake(otherwise stays powered off). Though my backlog has been clear for some time it's probably encoded a few thousand hours worth of stuff.

Had a good quality power supply (PC Power & Cooling, reused from earlier Athlon build and still in use today, total of over 12 years of service and counting), and it was connected to a double conversion UPS, so power quality was as good as it could get.

The last company I was at was a greenfield cloud thing. They had no app stacks, everything was brand new. Their existing technology was outsourced and that company did everything from software dev to hosting and support etc. At one point before I started the company felt they had outgrown that outsourced provider and wanted their own tech team to build their own app stack. So they hired a CTO and he built a team, and they started building the new software stack.

He hired a former manager of mine whom hired me at the previous company, I worked with him only a couple of months but that was enough I guess. That previous company was hosted in Amazon cloud(also greenfield). This manager saw the pitfalls of that and wanted me at the new company mainly to move them OUT of the cloud (they had yet to actually launch for production).

They launched production in Sept 2011(I joined May 2011), after doing many weeks of their best efforts at performance/scale testing(I was not involved in any of that part). All of those results were thrown in the trash after a couple of weeks and the knobs got turned to 11 to keep up with the massive traffic. Costs skyrocketed as well, as did annoying problems with the cloud. We started ordering equipment for our small colo (2 racks, each roughly half populated initially) in early Nov 2011, and installed it in mid Dec 2011, and then moved out of Amazon to those two racks in early Feb 2012(I was a bit worried as there was a manufacturing flaw in our 10Gig Qlogic NICs that was yet to be solved, ended up not causing any impacting issues though). I repeated a similar process for their EU business which had to be hosted in the Netherlands, I moved them out in July 2012 to an even smaller infrastructure, probably about half a rack at the time. In both cases, equipment was at a proper co-location, not in a server room at an office.

The project was pitched by my manager as having a 7-8 month ROI, the CTO got on board. It wasn't easy convincing the board but they went with it. Project was a huge success. I dug up the email the CTO sent back in 2012, and sent it to the company chat on the 10th anniversary last year. He said in part "[..] In day 1, it reduced the slowest (3+ sec) Commerce requests by 30%. In addition, it reduces costs by 50% and will pay for itself within the year."

I believe we saved in excess of $12M in that decade of not being hosted in cloud(especially considering the growth during those years). Meanwhile had better performance, scalability, reliability, and security. Last/Only data center failure I've experienced was in 2006 or 2007, Fisher Plaza in Seattle. I moved the company I was at out of there quite quick after that (they were already there went I started). Remember that cloud data centers are built to fail(a term I started using in 2011), meaning they are lower tier facilities which is cheaper for them, and is a fine model at high scale, you have to have more resilient apps or be better prepared for failure vs typical enterprise on prem situation.

So count me as someone who disagrees, greenfield cloud is rarely the best option.

Getting good at storing files doesn't have to be basecamp's business.

People seem to jump to the end conclusion, either you build everything yourself, or you use a public cloud, and I just don't understand why. There is a massive chasm of space in between those two options in the form of packaged solutions from vendors like HPE, Dell, and others. Many different tiers of equipment hardware, software and support.

8PB is a lot, but it's not really for object storage. HPE Apollo 4510 is a 4U server that can have up to 960TB of raw storage(so ~10PB per rack, assuming your facility supports that much power/rack). Depending on performance needs - 60 x 16TB drives may not be enough speed for 960TB by itself. Probably want some flash in front of that(handled by the object storage system). Of course you would not be running any RAID on this, data protection would be handled at the object layer. Large object storage probably starts in the 100s of PB, or Exabytes.

There's no real need to use CEPH which is super complex(unless you like that). Probably better to be using something like Cohestity or Scality (no experience in either), both available for HPE Apollo(and other hardware platforms I'm sure). There are other options as well.

I think I was told that Dropbox leveraged HPE Apollo or similar HPE gear +Object storage software when they moved out of Amazon years ago. As of 2015 Dropbox had 600PB of data according to one article I see here.

I'm quite certain it would be easy to price a solution far less than S3 at 8PB scale, even less scale. You also don't need as much "protection" if you choose proper facilities to host at. Big public cloud providers cut corners on data center quality for cost savings. It makes sense at their scale. But users of that infrastructure need to take extra care in protecting their stuff. Vs hosting it yourself you can use the same model if you want, but if you are talking about 8PB of data that can fit in a single rack(doing that would likely dramatically limit the number of providers you can use to support ~20kW/rack? otherwise split into more racks), I would opt for a quality facility with N+1 power/cooling. Sure you can mirror that data to another site as well, but no need for going beyond that (unless geo latency is a concern for getting bulk data to customers).

Re: Open source

You got a bunch of down votes but you are right for the most part. A lot of the early open source models was release the source for free and then have a business around supporting it. Not everyone would sign up as customers but the good will from releasing the source would attract users. It worked well for several companies, and of course public cloud is taking that away from a lot of these orgs, which is unfortunate. And as El Reg has reported several such companies have been very vocal about this situation.

Obviously in many(maybe all?) cases the license permits this usage(at the time anyway, some have introduced licensing tweaks since to prevent it), but I'm quite sure if you went back in time ~15ish years and asked the people making the products did they anticipate this happening they would probably say no in almost all cases(perhaps they would of adjusted their licenses if they viewed that possibility as a credible threat). At the end of the day the big difference with these cloud companies and earlier generations of "mom & pop" ISPs that were using Apache or whatever to host their sites, is just massive scale.

Those licensing their code in BSD licensing or similarly completely open licensing probably wouldn't/shouldn't care anyway.

Similarly for the GPL, a trigger of sorts to making the GPLv3 was the TiVo "exploiting" a loophole in the GPLv2. So GPLv3 was made to close that hole(and perhaps others). There's even a Tivioization term they made

https://en.wikipedia.org/wiki/Tivoization

"In 2006, the Free Software Foundation (FSF) decided to combat TiVo's technical system of blocking users from running modified software. The FSF subsequently developed a new version of the GNU General Public License (Version 3) which was designed to include language which prohibited this activity."

Re: Hiring impact

I think you are incorrectly confusing SaaS and IaaS in your statement.

Mom and Pop shops that have minimal IT needs likely will have almost zero IaaS, because they can't manage it. IaaS (done right) IMO requires more expertise then on prem, unless you have a fully managed IaaS provider. But the major players don't really help you with recovery in the event of failure, it's on the customer to figure that out. vs on prem with vmware for example if a server fails the VMs move to another server, if the storage has a controller failure or a disk failure there is automatic redundancy. Doesn't protect against all situations of course but far more than public cloud does out of the box. If Mom & Pop shop just have a single server with no redundant storage etc, if that server has a failure, they can get it repaired/replaced generally with minimal to no data loss. Vs server failure in the major clouds is generally viewed as normal operations and the recovery process is more complex.

I've been calling this model "built to fail" since 2011, meaning you have to build your apps to handle failure better than they otherwise would need to be. Or at least be better prepared to recover from failure even if the apps can't do it automatically.

SaaS is a totally different story, where the expertise of course is only required in the software being used, not any of the infrastructure that runs it. Hosted email, Office, Salesforce, etc etc..

On prem certainly needs skilled staff to run things, but doing IaaS public cloud(as offered by the major player's standard offerings) right requires even more expertise(and more $$), as you can't leverage native fail over abilities of modern(as in past 20 years) IT infrastructure, nor can you rely on being able to get a broken physical server repaired(in a public cloud).

Re: Cloud Vs On-Prem

Should do the math for how bursty is bursty. At my last company I'd say they'd "burst" 10-30X sales on high events, but at the end of the day the difference between base load and max load was just a few physical servers(maybe 4).

IMO a lot of pro cloud folks like to cite burst numbers but probably are remembering the times of dual socket single core servers as a point of reference. One company I was at back in 2004 we literally doubled our physical server capacity after a couple of different major software deployments. Same level of traffic, just app got slower with the new code. I remember ordering direct from HP and having stuff shipped overnight (DL360G2 and G3 era). Not many systems, at most maybe we ordered 10 new servers or something.

Obviously modern servers can push a whole lot in a small (and still reasonably priced) package.

A lot also like to cite "burst to cloud", but again have to be careful, I expect most transactional applications to have problems with bursting to remote facilities simply due to latency (whether the remote facility is a traditional data center or a cloud provider). You could build your app to be more suited to that but that would probably be quite a bit of extra cost (and ongoing testing), not likely to be worth while for most orgs. Or you could position your data center assets very near to your cloud provider to work around the latency issue.

Now if your apps are completely self contained, or at least fairly isolated subsystems, then it can probably work fine.

One company I was at their front end systems were entirely self contained, no external databases of any kind). So scalability was linear. When I left in 2010 (company is long since dead now) costs for cloud were not worth using vs co-location. Though their front end systems at the time consisted of probably at most 3 dozen physical servers(Dell R610 back then, at their peak each server could process 3,000 requests a second in tomcat) spread across 3-4 different geo regions(for reduced latency to customer as well as fail over). Standard front end site deployment was just a single rack at a colo. There was only one backend for data processing that was about 20 half populated racks of older gear.

Re: Time to dump Cisco

Curious can you name any such products especially in the networking space? I've been doing networking for about 20 years and haven't heard of any vendor/product remotely approaching 15 years of support after end of sale, at most maybe 5 years?

Re: Not us then

Microsoft would say the same if you use Office 365, backups are the responsibility of the customer.

https://learn.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility

Welcome to cloud.

(myself I have self hosted email for 24 years, and haven't been responsible for corporate email since 2002 at that point ran email with postfix/cyrus imap which is what I use for home still)

Re: Right.

I have read people claim ransomware can sit waiting for upwards of 90+ days before striking. I used that justification to finally get a decent tape drive approved a few years ago for my last company's IT dept, then they used Veeam to backup to tape.

I suppose in theory if you restored old data onto a server WITH A CLOCK SET TO THE RIGHT TIME (not current time), then perhaps it could be fine, but of course systems don't often behave well when their clocks are out of sync.

So for example if you restored data from 45 days ago, onto a server with it's clock set to 45 days ago then you may be ok, if you restore it to a server with current time then perhaps the existing ransomware will see the strike time has passed and activate again. I've never been involved in ransomware myself so don't know how fast it is acting.

I'd assume this was a highly targeted attack against rackspace not a drive by thing.

Also read years ago on multiple occasions claims from security professionals that on average intruders had access to a network for roughly 6 months before being detected, first saw this claim reported by the then CTO of Trend Micro, saw a presentation from him at a conference, normally I hate those kinds of things but that guy seemed quite amazing. I was shocked to see him admit on stage that "if an intruder wants to get in, they will get in, you can't stop that". And not try to claim his company's products can protect you absolutely. I posted the presentation in PDF form(probably from 2014) here previously, though it loses a lot of it's value without having the dialog that went along with it

http://elreg.nateamsden.com/TH-03-1000-Genes-Keynote_Detect_and_Respond.pdf

Re: So where are the backups?

at my first system admin job back in 2000 one of the managers there(not someone I reported to) would on occasion ask me to restore some random thing. I thought it was a legitimate request so I did (or tried, sometimes could not depending on the situation). Later he told me he didn't actually need that stuff restored he was just testing me. Which I thought was interesting. I wasn't mad or anything. Never have had a manager do that again or at least never admit to it.

One company I was at we finally got a decent tape drive and backup system in place. I went around asking everyone what do they need backed up, as we don't have the ability to backup EVERYTHING (most of the data was transient anyway). Fast forward maybe ~6-9 months we have a near disaster on our only SAN. I was able to restore everything that was backed up, some requests did come in to restore stuff that was never backed up and I happily told them, sorry I can't get that because you never requested it be part of what was backed up. In the end minimal data loss from the storage issue but there was several days of downtime to recover.

My first near disaster with storage failure(wasn't on the backend team that was responsible) was in 2004 I believe, double controller failure in the SAN took out the Oracle DB. They did have backups, but they knowingly invalidated the backups every night by opening them read/write for reporting purposes. Obviously the team knew this and made the business accept that fact. So when disaster struck, it was much harder to restore data as you couldn't simply copy data files over, or restore the whole DB as the reporting process was rather destructive. Again multiple days of downtime to get things going again, and I recall still encountering random bits of corruption in Oracle a year later(would result in a ORA-600 or something error and the DBA would then go in and zero out the bad data or something).

My most recent near storage disaster was a few years ago at my previous company. Their accounting system hadn't been backed up in years apparently, IT didn't raise this as a critical issue, if they had raised it with me I could have helped them resolve it, it wasn't a difficult problem to fix just one they didn't know how to do themselves. Anyway, the storage array failed, again double controller failure. End of life storage array in this case. They were super lucky that I was friends with the global head of HPE storage at the time and after ~9 hours of our 3rd party support vendor trying to help us I reached out to him in a panic and he got HPE working around the clock, took about 3 days to find and repair the metadata corruption, minimal data loss(no data loss for the accounting folks). Was quite surprised when I asked for a mere $30k to upgrade another storage system so we could move the data and retire the end of life one, and the same accounting people who almost lost 10 years of data with no backups told me no.

Re: IaaS loves to blame the customer

dug up the power issue from Amsterdam, which was previously a Telecity data center that Equinix acquired by this point(2018):

"DESCRIPTION: Please be advised that Equinix and our approved contractor will be performing remedial works to migrate several sub-busbar sections back from there temporary source to the replaced main busbar which became defective as reported in incident AM5 - [5-123673165908].

During the migration, one (1) of your cabinet(s) power supplies will be temporary unavailable for approximately six (6) hours. The redundant power supply(s) remains available and UPS backed. "

But this power incident wasn't critical for me since everything was redundant on my end, I'm not a power expert so certainly can't say for sure if a better power design could of allowed this kind of maintenance to be done without taking power circuits down to customers. But I can say I've never had another facility provider need to take power offline for maintenance for any reason in almost 20 years. Perhaps this particular activity it would be impossible to avoid I don't know.

After Equinix acquired Telecity I noticed the number of customer notifications went way up, Telecity had a history with me at least of not informing customers of stuff. I hated that facility and staff AND policies so much. Only visited it twice, before Equinix took over, according to my emails looks like we moved out less than 3 months after the above power issue (move was unrelated to that).

Re: IaaS loves to blame the customer

I don't agree there at all. Good infrastructure management is good management. Having a properly designed facility is a good start. Well trained, knowledgeable staff is also important. Having and following standards is also important.

That Fisher plaza in Seattle at the time as far as I recall had issues such as:

* Staff not replacing UPS batteries before they expired

* Not properly protecting the "Emergency Power off" switch (which was one power incident a customer pressed it to find out what would happen, after that all customers required "EPO Training")

* Poor design led to a fire in the power room years after I moved out which caused ~40 hours of downtime and months of running on generator trucks parked outside. A couple years later I saw a news report of a similar fire at a Terremark facility, in that case they had independent power rooms, and there was zero impact to customers.

* Don't recall the causes of other power outages there if there were any other unique causes.

Another facility I was hosted in Amsterdam had an insufficient power design as well, and poor network policies

* The network team felt it was perfectly OK to do maintenance on the network, including at one point taking half of their network offline WITHOUT TELLING CUSTOMERS. They fixed that policy after I bitched enough. My normal carrier of choice is Internap, which has a 100% Uptime SLA, and has been excellent over the past 13 years as a network customer. Internap was not an option in Amsterdam at the time so we went with the facility's internet connection which was wired into the local internet exchange.

* At one point they told customers they had to literally shut off the "A" power feeds to do something, then the following week they had to shut off the "B" power feeds to do that thing to the other side, don't recall what it was, but obviously they didn't have the ability to do maintenance without taking power down (so am guessing no N+1). No real impact to either event on my end, though we did have a few devices that had only 1 PSU(with no option on those models for a 2nd), so we lost those, however they had redundant peers so things just failed over. In nearly 20 years of co-location only that facility ever had to take power down for maintenance.

One company I was at moved into a building (this was 18 years ago) that was previously occupied by Microsoft. We were all super impressed to see the "UPS Room", it wasn't a traditional UPS design from what I recall, just tons of batteries wired up in a safe way I imagine. They had a couple dozen racks on site. Wasn't till later the company realized most/all of the batteries were dead so when they had a power outage it all failed. None of that stuff was my responsibility, all of my gear was at the co-location.

My first data center was in 2003, an AT&T facility. I do remember one power outage there, my first one, I recall I was walking out of the facility and was in the lobby at the time when the lights went out. I remember the on site staff rushing from their offices to the data center floor and they stopped to assure me the data center floor was not affected(and it wasn't). Power came back on a few minutes later, don't recall if it was a local issue to the building or if it was a wider outage.

My first server room was in 2000. I built it out with tons of UPS capacity and tons of cooling. I was quite proud of the setup, about a dozen racks. Everything worked great, until one Sunday morning I got a bunch of alerts from my UPSs saying power was out. Everything still worked fine but about 30 seconds later I realized that while I have ~45min of UPS capacity I have no cooling right now so I rushed to the office to do graceful shutdowns of things. Fortunately things never got too hot I was able to be on site about 10 mins after the power went out. There was nothing really mission critical there, it was a software development company and the majority of the gear was dev systems, the local email server(we had 1 email server per office) and a few other things were there as well.

There are certainly other ways to have outages, I have been on the front lines of 3 primary storage array failures in the last 19 years, arrays which had no immediate backup so all of the systems connected to the arrays were down for hours to days for recovery. And I have been in countless application related outages as well the worst of which date back 18 years ago an unstable app stack being down for 24+ hours and the developers not knowing what to do to fix it. At one point there we had Oracle fly on site to debug database performance issues too. I've caused my own share of outages over the years though I probably have a 500:1 ratio of outages I've fixed or help fix vs outages I caused.

My original post, in case it wasn't clear, was specific to facility availability and to a lesser extent network uplink availability.

Re: We make a rod for our own backs...

oh yeah, that's right, sorry was a long time ago!

Re: This is not how data centers work

Be sure to deploy your own environmental sensors.. Most good PDUs have connections for them. I have at least 4 sensors (2 front/2 back) on each rack(2 PDUs * 2 sensors each)). They monitor temperature and humidity.

I remember the first time my alarms for them tripped, I opened a ticket with the DC asking if anything had changed. It wasn't a big problem (the humidity had either dropped or exceeded a threshold I forget which), I was just curious the dramatic change in readings. They responded that they had just activated their "outside air" cooling system or something which was the cause of the change in humidity.

Had major thermal issues with a Telecity facility in Amsterdam, no equipment failures just running way too hot in the cold isle. Didn't have alerting setup for a long time, then when I happened to notice the readings it started a several months long process to try to resolve the situation. Never got resolved to my satisfaction though before we moved out.

I remember another facility in the UK at another company that was suffering equipment failures(well at least one device, their IDS failed more than once). The facility insisted the temperature was good, then we showed them the readings from our sensors and they changed their tune. They manually measured, and confirmed the temps were bad and fixed them. Never was on site at that facility so not sure what they did perhaps just opened more floor panels or something.

But just two facilities with temperature issues over the past 19 years of using co-location.

Power and cooling, two things most people take for granted when it comes to data centers(myself included). Until you've had a bad experience or two with either then you stop taking them for granted.