* Posts by Mr.Nobody

91 publicly visible posts • joined 4 May 2015

Page:

VMware by Broadcom makes its stack easier to live with, as promised

Mr.Nobody

Who cares?

This just continues to show how little VMware cares about it's customers or their concerns.

I am sure there are companies that are using all these services, but I bet it isn't that high a number. I guess that's what Broadcom has wanted all along, fewer customers that are even more locked in to their technology.

Let me know when they announce that they aren't going to continue offering customers insane price increases for a product they have owned for a decade and a half. That's an announcement I'd be happy to read about. Until then, VMware/Broadcom can bugger off.

Broadcom ends easy elasticity for VMware Cloud on AWS

Mr.Nobody

Mafia voice or Burns Voice?

I never know what sort of Simpsons character accent to have in my brain when I see these sort of statements from Broadcom:

"73 percent of respondents expect VMware prices to rise by 100 percent or more. VMware by Broadcom insists its price changes are misunderstood and that the list price of its products have fallen."

No one ever paid list price for VMware products in the past. Just like they never paid list price for storage, compute or network gear from any of the major suppliers. We buy storage from one of the big vendors for somewhere in the 30-40% range of list price. Requiring customers to buy a bloated, bundled set of products that most customers don't want or need to just get the one or two features they do need, and then making them switch to a subscription product (which no one bought before, because it cost more than perpetual) that price 300-600% more than the old one is just plain evil.

I just don't know if it is Mafiaso evil or Standard Corporate Greed evil.

Broadcom throws VMware customers on perpetual licenses a lifeline

Mr.Nobody

Agreed on the integrations part, as well as some significant recovery aspect changes.

Our storage solution works incredibly well with VMware. There is a built in plug to backup and restore VMs from snapshots that are so simple to use that most people understand it after a reading a one page how-to with screenshots.

Proxmox is pretty good performance wise vs VMware. I have done a whole lot of testing on a cluster with the same hardware as VMware, and it's the same or better with some tweaking.

The big issue is around the backup integration and DR. We have over 1000 VMs in a few locations, and DR for them is replicating the storage to another site, mounting the datastores, and running a script that finds vmx files and imports them into vcenter. When I ask people in the Proxmox commnunity on how to do something similar, the answer is always something kludgefy, or do a standard backup and restore (for 1000 VMs).

Hopefully this announcement gives us more time to figure out a path forward for a few more years.

VMware by Broadcom plots pair of Cloud Foundation releases that will show off its strategy

Mr.Nobody

Huh?

Why yes, support was sold separately, for perpetual licenses. It's like these people just started working there yesterday or something.

Perpetual licenses were only sold as SnS. One could get the software upgrades for their perpetual licenses, but only if support was purchased along with it. Support was so bad for vSphere, we often told our merry-go-round of sales reps that we would gladly pay less for just the software upgrades and skip support altogether, since they often made matters worse than when we started a ticket. If they responded at all.

Was it really possible to purchase a subscription license without support? How does this guy have a job?

Every press release from Broadcom makes me feel a little bit better that we won't be a VMware customer in the long run.

Meet the Proxinator: A hyperbox that puts SATA at the heart of VMware migrations

Mr.Nobody

Re: I configured my own for under $200

Park Place Technologies has excellent third part hardware support, including on site techs. If you need bios updates than you need a support contract with HPE for something, but for the rest just use third party. Far, far less expensive than HPE as well.

Car dealers openly beg Biden to put brakes on electric vehicle drive

Mr.Nobody

I won't be buying one

until someone makes one that doesn't require a fondleslab in the dashboard to turn on the heated seats, or anything else for that matter.

Italy seizes from Airbnb $836M in alleged unpaid taxes

Mr.Nobody

Anything that tanks the airbnb business model is ok with me.

IBM to scrap 401(k) matching, offer something else instead

Mr.Nobody

This is distressing on so many levels.

I feel for the people still at IBM who have to suffer through these shenanigans for C-suite people to justify their existence. Which of course is only about making money, and if that requires squeezing 1% more out of payroll costs can be found in a questionable scheme, they are all over it.

I also feel for all the people that work at companies with equally suspect leadership that will see IBM doing this, and will fall over themselves saying. "Us too!" It creates a wonderful excuse when such a large tech employer sets an example for them. A vicious cycle.

What's next for VMware? Long-term Virtzilla-watchers predict Broadcom's moves

Mr.Nobody

We looked at using VMware at GCP for DR, and the costs to turn it on for a week of DR testing were beyond eye-watering. How it makes financial sense to run a full time vmware environment there is beyond me.

Mr.Nobody

They left out the one predicition that will absolutley happen

Regardless of all these possible out comes, the customers will get the short end of the stick.

Cloud slowdown hits Amazon as orgs look to rein in cost

Mr.Nobody

Re: F.U.D.

Here, here. Our colo has passed on double digit power increases in the last year, but it doesn't change the reality that we save oodles of money running our own environments vs public cloud.

I recently got a quote from our used hardware reseller, and the same server we bought last year is about 50% less costly this year. The gap just keeps getting wider.

Amazon CEO says AWS staff now spending ‘much of their time’ optimizing customers’ clouds

Mr.Nobody

Re: “The Cloud,” eh

Indeed. I just got a quote for used dl360 g10s and I can't believe how inexpensive they are. They are 50% less than I expected, I already have pretty low expectations for price.

Mr.Nobody

Re: Chicken, welcome to the roost...

But then a very large number of outfits do just that, and can't believe how much it costs.

Europe moves to derail Broadcom's VMware takeover

Mr.Nobody

please, please, please

derail this. All the little VMware customers on the planet need this sale to fail.

Unilever claims it's a 'cloud-only enterprise' – now with added OpenAI

Mr.Nobody

Public Companies should show their detailed costs

I'd love to see a push for public companies to show their technology budgets, if not only to show the wildly varying degrees between different industries and competitors within industries.

I am sure we'd see all sorts of places where the bean counters blew a ton of money so could make these idiotic statements like cloud-only enterprise, like that somehow makes them better than those that aren't? WTF? I'd be more inclined to not invest in companies that make these sort of nonsense statements.

The Shakespearian question of our age: To cloud or not to cloud

Mr.Nobody

Re: The whole premise of this article is bullshit

This is a well reasoned article to a very simple question.

If a company can use the ability to grow 10x overnight, then Public Cloud is a great option. Most companies in the world don't fit this description. To the point of the article, a mid-sized Saas provider (I work at one) that has a relatively stable workload (we do) would pay far more using Public Cloud than on prem gear. We are a fine example. Our total costs are about 1/5 per workload to run on prem. We have some offerings that are in the cloud, and after seeing our eye watering cloud bills, we are looking at moving the most obvious ones on prem.

We already have an on prem environment we have to maintain, so all of the firmware upgrades etc mentioned are already going to need to be managed. I can say the same about having to have a well paid devops/SRE that understands and has experience with k8s or docker or all the esoteric services offered by AWS/Azure/Google that are not simple to understand, and those employees are paid very well, and when they leave they are hard to replace.

One thing mid and large companies are noticing is that the ability to just spin up machines in public cloud without any sort of budget oversight is that they blow up budgets. There is no one minding the til like they do with on prem gear, and while yes, getting through a requisition and the budget process can be slow and painful at some companies, if we have a customer contract that requires more hardware to fulfill, rest assure, the bean counters will move heaven and earth to get the gear to get the beans. Good planning would also allow for slack in storage and compute clusters to pick up an unexpected load.

And yes, systems can be turned off in the public cloud and the bill for them stops, but it doesn't stop for storage, and that were all the money is in most companies' AWS bills.

Singapore software maker says own hardware in colo costs $400M less than cloud

Mr.Nobody

We have all the things in your list, with one exception, we use colo environments, which take care of the HVAC, Power, Physical security, and compliance for all of those things.

We are not a mom and pop shop, but we are also not a large business by any means. Redundant networking, VMware software, storage, compute, etc, etc, etc is about 1/5 of doing it at AWS. It's not even close.

We have some stuff running in AWS, and their instances to employee ratio is far smaller than the team that handles the traditional stuff, and the devops/SRE employees are paid very very well.

Mr.Nobody

yes, some of the hardware vendors we use on prem keep telling us about their lease options because all the bean counters want opex, but we don't get far into the costing exercise before it's clear that leasing the hardware would cost far more than owning.

We are pulling stuff back out of the cloud and putting on prem after finally doing real apples to apples cost analysis of our systems. It's not even close.

And yes, we have slack in our compute and storage environments, but it's enough that if we have very fast growth we can buy more servers and storage and get them up in running in less than a month.

Mr.Nobody

Re: "Swings and roundabouts" or "Horses for courses"

128GB of RAM? Try 1.5TB.

Wow, turns out cloud sales can slow down – eh, Amazon, Google?

Mr.Nobody

Yes, but the profit on selling diapers vs the profit on selling software is pretty significant. The revenue number just means they sell a lot of volume in a low margin business.

AWS though, has an enormous profit margin, because all these PHBs and PHBs that used to be devs are convinced it's the only option going forward, I mean, all their friends are doing it, so it must be right.

ChatGPT talks its way through Wharton MBA, medical exams

Mr.Nobody

ChatCPT is a very good version of autocomplete. It will not change the world for the better.

https://podcasts.google.com/feed/aHR0cHM6Ly9mZWVkcy5zaW1wbGVjYXN0LmNvbS84MkZJMzVQeA/episode/OWUzYWVhMTUtYWQzMi00OGQ2LThmYWMtYThiNWZiNGI1YzFh?sa=X&ved=0CAUQkfYCahcKEwio77_ajeP8AhUAAAAAHQAAAAAQAQ

Bill shock? The red ink of web services doesn’t come out of the blue

Mr.Nobody

The secon part of that last sentence is awfully critical

"Security is also something I think is better in the cloud, not inherently but because you have to follow good design practices and plan what you're doing and because your platforms will be kept current."

I have seen loads of setups where this is not even remotely the case, especially ones that started in the cloud.

Google dumps 12,000 employees after project probe

Mr.Nobody

It will absolutely raise the stock price.

Oh dear, AWS. Cloud growth slowing as customers get a dose of cost reality

Mr.Nobody

Re: Quelle Surprise

Ten years ago the CEO/owner kept telling our VP of operations that we had to be in the cloud, even though we have nothing but saas applications we offer to customers (we were cloud before it was cloud).

We were marched to create a non-functional DR solution in the cloud that has cost (which everyone in the know said wouldn't work and would cost more) 5x what the on prem functional solution costs in other continents.

CEO/owner and VP are all gone. We are still paying for a non-functioning solution because?

Basecamp details 'obscene' $3.2 million bill that caused it to quit the cloud

Mr.Nobody

Still peanuts compared to public cloud costs.

I work at a holding company with several saas applications that have been acquired over the last decade or so. Some are traditional design hosted in a colo (three tier web/app/db), some are shiny k8s/RDS implementations in the public cloud.

The costs for the systems in Public Cloud are at a minimum 5x what the same systems cost in the colo. The colo costs are one of the smallest spends in the colo equation.

Yes, we still need experts in storage, networking, computing, OS, etc. But these same individuals are put to work on the cloud stuff as well. No big surprise that the devs that put things in AWS don't think much about backups, DR, what's really required for HA, etc. Even if everything moved to the cloud, the same people would have jobs doing work in the cloud instead. Maybe a few would leave because it's not their skillset and they would do better elsewhere, and then you need to find new people that are cloud familiar to work on things, and they are not cheap.

Last and most importantly from a cloud vs. colo cost perspective, the cloud costs generally rise in a linear fashion. Add a new customer that needs more compute and storage, it's going to rise in a linear fashion. There is a greater economy of scale to be had in the colo. There is generally more slack in the compute and storage systems there, so it could cost nothing. Even adding a few servers and another shelf isn't going to break the bank when cloud is 5x more overall.

We are looking at more ways to move things out of cloud and back into colo. It just costs far less, and we already have the people.

As to the whole notion that AWS/Azure have AZs that recreating would cost a fortune do in a colo, but he colo model vs. the public cloud model are not the same. The colo is designed so that nothing is on hardware that isn't redundant or a cluster that cannot survive multiple host failures. There should not be site downtime at a colo. They all generally have blended internet connections as well.

AWS will tell you straight up that an app should be designed for multi-az fail over. #1 This sounds easier than it is, #2 - if a whole AZ goes down and all these apps try to start up in another AZ, it will be a small disaster. Storage in the other AZs will be under tremendous strain, and compute may be unavailable. This has already happened several times in the past decade with AWS, and everyone seems to forget about it. Heaven forefend one of these AZs is lost for several weeks, or forever.

In a colo environment, we have a DR site hundreds of miles away from production sites. Yes, it would take a bit to get it up and running, but it's there if we need it. The compute and storage is all dedicated to our company. We take our old production hardware and set it up as DR. It costs nothing, and since it isn't on, we don't have a bill from the colo company for electricity or power.

The world was promised 'cloud magic'. So much for that fairy tale

Mr.Nobody

Re: Cloud costs

We have clusters of systems with headroom in both cpu and memory. If memory hits 80% across the cluster, we start the server acquisition process. It does not take long to get a server to the colo, racked and added to the cluster. The longest part of the process is the approval from the bean counters.

The hypervisor we use also has compression and deduplication for memory built in. Our storage array also has deduplication and compression built in. Some app servers deduplicate at rates of 90% when it comes to storage. If we turn them off, we pay nothing. Our storage environment also provides SSD level performance to every VM. Go look at the cost to provide a single AWS EBS with 20k iops. Now multiple that by 10s or 100s

And yes, we have some systems that are busier at different times of the year than others, but we are always constricted by memory, not cpu or storage resources. We have 20% free at all times, so even if we need to clone a bunch of VMs to keep up with demand, it's already built in and no additional cost is incurred.

All of this is available at 1/5 the cost of doing same in public cloud. The only hidden costs not included in that figure are the staff to support it. We also have cloud only apps in our company, and while they don't have infrastructure staff, they have SREs which is just the new term for systems engineering, and they don't work for less money.

As to security, your statement is just plain wrong. The security at public cloud vendors is only as good as their staff, and they are also a much bigger target. I also don't believe that if one of the major cloud vendors had a serious breech that the public would find out about. Of course they spend more money than we do on security, but that does not translate into our environment being less so.

I get that cloud is a good choice for some apps and some environments, but the nut of this article is that the magic bean notion that cloud would be cheaper in any way is just absurd. The absurdity is that it isn't even close. Devs make like it better, but for some reason that never translated into asking the question of why devs can't have an environment in house that would be as easy to deploy with. The bean counters where I work are asking that question now as we spend 5x more for cloud instances than we do for on prem.

Mr.Nobody

Re: Try Convincing IT Owners you need to test Resiliency

My other favourite answer to the DR question for cloud apps is "If AWS is down,our customers won't care because so much else will be down."

Or if you ask the smoking hole question, the answer is, "If northern Virginia is a smoking hole, our customers will have much bigger concerns than their data being completely gone."

Mr.Nobody

Re: Are you saying ....

yes, same here. 10 years. Still have lots of people, mostly devs, that think that cloud is the only option going forward.

VMware teases replacement for so-insecure-it-was-retired P2V migration tool

Mr.Nobody

I agree with all of your points. We are a long time VMware customer, but only pay for support to get the ability to upgrade seeing as support is almost worthless. I say almost because I had issues moving to VDS this year and opened a ticket (hadn't opened one in three years as it was always a waste of time) and I got someone with a clue. He didn't fix my issue, but he pointed me in the right direction.

I am waiting for the day the PHBs say they won't pay for support anymore, and frankly I don't blame them. We never use the new features. I looked at the vSphere 8 features list, and quickly concluded we would gain nothing by upgrading.

What platform did you migrate to?

Google: We had to shut down a datacenter to save it during London’s heatwave

Mr.Nobody

Re: Heat island

Also it's considered green since the electricity already comes from a renewable resource. I have heard you can also still get steam piped into a location in the estate if you would rather power equipment off of it instead of electricity.

Mr.Nobody

Re: Heat island

Slough is supposedly green as well since the power all comes from a wood pellet or pulp energy source in the middle of the estate.

Lots of big data centres out there get to consider themselves environmentally friendly because of this fact.

FedEx signals 'zero mainframe, zero datacenter' operations by 2024

Mr.Nobody

This from the company...

...that still uses an honest to God answering machine for one of their depots in the Greater Toronto Area.

I had a package stuck in customs for ages, and then it was stuck at the depot for ages, because the driver couldn't figure out which unit in an industrial building to deliver it to.

The depot would call me to tell me this every time they tried to deliver it, and I swear on the FSM that it was an answering machine every time I called them back. I wouldn't have been surprised if it recorded to a micro-cassette.

I had already had a very low opinion of fedex prior to that incident, and today I have an even lower one. I didn't think that was possible.

Oracle plans US database for electronic health records

Mr.Nobody

Re: time to choose

There is plenty of serial mismanagement by both for the for-profit and not-for-profit health care entities in the US.

Mr.Nobody

I can't wait to find out how much he charges the health insurance companies for access so they can deny care for whatever reason they can muster. Again, we are the product.

VMware customers have watched Broadcom's acquisitions and don't like what they see

Mr.Nobody

Re: out

I think you missed the math here. We pay 10x the ANNUAL support cost EVERY MONTH to AWS for less than 1/3 of the instances.

Support for servers, FC, storage etc is still far, far less than that per year. I could show you all the spreadsheets. There is a reason why Bezos is one of the richest people on the planet, and that reason is AWS.

Every time we put up another VM in our environment, our cost is still the same. Granted, this only holds true until we need to purchase another VMware host or bit of storage, but with deduplication and size of hosts just getting larger and large, we keep doing more with a smaller physical footprint. Our on prem costs just keep going down.

Every time we put up a new instance in AWS, the bill goes up.

I like that you mention DR. There is this thinking that since one has deployed AWS in multiple AZs that they have DR in that region. People don't get that if one of those AZs goes TITSUP, there is not enough compute or storage IO in the other regional AZs to run that same load. It will probably make the other AZs keel over and die. This has actually already happened. Unless you are running instances in another region or zone waiting to take over for DR, AWS is not going to provide DR for free.

So no, once you reach a certain scale doing on prem in colo with real equipment, AWS is never close to the same cost. It's at best five times higher.

Mr.Nobody

Re: out

To some degree their idea that they can just maintain bigger customers and reap the rewards makes sense. We have over 3000 VMs that make money for our business. We just barely pay six USD figures in support each year, which in the grand scheme of things is a bargain considering what we recieve. We pay 10 the annual support EVERY MONTH for AWS, for about 1/4 the number of systems (granted, there is more that comes with that $1M a month, but it's still absurdly more expensive than on prem).

While there are alternatives, trying to move 3000 VMs of legacy applications to Proxmox or Nutanix or some other hypervisor sounds great until you look into the reality of how much work that would take to save a small portion of what we pay each year.

That said, I was not happy to see that Broadcom is buying VMware. I think it's all downhill from here. They are right though, some of us are locked in regardless.

As to the person interviewed that thinks VMware support is "OK" and that VMware thrived under Dell apparently was not a customer prior to being owned by Dell. Prior to Dell, VMware had one of the best support groups in the business, and is now the worst. I haven't opened a ticket with support in more than three years because it's a waste of time.

Amazon investors nuke proposed ethics overhaul and say yes to $212m CEO pay

Mr.Nobody

Re: Don't rock the boat

Anytime you try to discuss a concept and use "this one time" as an example for why something is a bad idea is generally a poor argument.

That is of course one of those times is a nuclear explosion, or a massacre that could have easily been prevented (oh wait, those are happening every day now).

People that do repetitive, easily quantifiable, laborius jobs like warehousing, postal delivery, and manufacturing greatly benefit from having unions for all the reasons discussed here.

There will always be the time I saw someone at a gas station using their food stamp card to buy beer example, doesn't mean people shouldn't get food assistance because of an asshole (who probably didn't really the beer with his food stamp card).

Google Cloud started running its servers for an extra year, still loses billions

Mr.Nobody

Re: Where's the money?

AWS is a ruthless corporation, and they are not cheap. Even their "cheap as chips" storage people tell me about isn't that cheap vs rolling your own. They also pretty much invented this cloudy world because they had all this spare hardware they owned for the holiday season ordering, and it was freed up the rest of the year. They still have free resources outside of Nov - Dec each year, I am sure.

MS makes tons of money on azure by forcing people into agreements to use the stuff. They have lots of agreements where people pay for azure, but never launch an instance there. Talk about free money. Oracle does the same thing with their cloud. I am sure IBM also forces some mainframe users to purchase IBM cloud credits that are never used.

Google has none of these built in advantages, and as people often say around here, cloud computing is just your stuff on someone else's computer. Computers still pretty much cost the same to obtain and maintain, and AWS needs to make money on top of that (those rockets aren't cheap!), so it's no surprise that Google is going to lose money on this for a while until they get more people hooked on it.

Mr.Nobody

Re: Old kit

We are running 12 core procs in 10 year old servers, thank you very much,

Microsoft slips out Windows Server 2022 with extended support for 10 years

Mr.Nobody

Re: Control Panel

Agreed on Control Panel. There must be some secret UI school that tells designers to gather research on how users navigate products during their daily use, and then break all the functionality for change's sake.

If one wants to see another fine example, look no further than NetApp's botched release of 9.8 - so many things just don't even work, it downright fraudulent. Then notice how they have worked hard to take an incredible amount of information away from the display altogether.

Selling hardware on a pay-per-use or subscription model is a 'lie' created by marketing bods

Mr.Nobody

Re: Spot on!

You want people to come up with a business case for why they are building an application?

Mr.Nobody

Re: Spot on!

Not sure the paper analogy fits here. Paper doesn't need troubleshooting when it is slow or broken. It certainly doesn't need upgrading or replacing.

VMware reveals critical vCenter hole it says ‘needs to be considered at once’

Mr.Nobody

Re: Hey now

Our lives have been forever ruined by the HTML 5 client. We held on to esxi 6 as long as we could stand it.

Writing "a justifiably unloved C# client" makes me wonder who the author spoke to that didn't like the C# client. I haven't met a person yet that doesn't long to go back to it.

AWS going AWOL last week is exactly why less is more in cloud server land

Mr.Nobody

Re: Tradeoffs the punters can't control (and don't have the relevant decision making info anyway)

While what you say is true, it eliminates many of the cost savings cloud does have to offer, namely using services instead of a server with an app on it (or many servers with many apps on them).

Being cloud vendor agnostic is extremely expensive. If you have complicated products, you now need to have experts in both or three cloud providers, and you have to have all the infrastructure pieces for them to work together.

Mr.Nobody

Re: AWS us-east-1 and reliability

There has been an unwritten rule for a long time to never run anything in AWS us-east-1 if one wants it to work without issues. I have heard this for well over five years now.

But the underlying issue here with the Kenisis service is like many of the other outages that occur at AWS. No one else in the world has systems like this, because they are proprietary to AWS.

Even if someone did have a similar system, where there are no issues with scalability, possible failures and how to fix them. no other company is operating them at the scale AWS does. Things will break, and they will continue to cause outages like this one for years to come. There is just so much they don't know about their products and services, because they haven't had a failure wit them yet.

It brings me right back to the EBS failures they had a few years ago.

1) EBS volumes for a whole region went TITSUP.

2) Smart AWS customers had their EC2 systems set to reboot in another region when they went down just like AWS taught them to.

3) EBS storage systems in the other regions struggled mightily to boot up all these newly starting systems, and those regions suffered tremendous performance problems that essentially blew up everyone's day.

How these people had not planned on the possibility of a whole region failing and starting to boot up in all of the other regions was enough to understand that these sort of outages will just continue to happen at AWS and the other cloud vendors.

Leaky AWS S3 buckets are so common, they're being found by the thousands now – with lots of buried secrets

Mr.Nobody

This is the real issue. Devs who come up with some grand idea and get PHB approval and run off and build something with no involvement with security or IT teams.

They then stick credentials and PII in unsecured S3 buckets because they had to open up all the perms to get their app to work.

Security/Compliance/IT teams have no opportunity to help, because the aren't involved.

Wakey-wakey! A quarter of IT pros only get 3-4 hours' kip – and you won't believe what's being touted as the 'solution'

Mr.Nobody

Re: What is 'the cloud'?

Several years ago, we had a bunch of devs that wanted to update their resumes and get into cloud.

One strategy they came up with to justify the move was to send our Director all the sev1 tickets from the last two years, and implied they were issues with colo/systems/networking issues.

Said Director asked us about the ticket, and after showing him the details, every single outage was due to their shitty code. Not a single hardware failure or systems/networking/colo engineering cock-up.

All of them work elsewhere now, and we are still happily on our own kit at least 1/10th the cost of public cloud.

Bezos DDoS'd: Amazon Web Services' DNS systems knackered by hours-long cyber-attack

Mr.Nobody

Re: no dns security this is what happens

There need to be third and fourth options for upvoting based on terrible humor.

Why do cloud leaks keep happening? Because no one has a clue how their instances are configured

Mr.Nobody

While your argument is sound, the ability to quickly and easily provision environments at aws/azure/google is often so developers and project leaders can get around those pesky business processes that slow down "innovation".

We have lots of business processes in place, but it didn't stop developers from going out on their own and setting up business critical systems at AWS without going through any of the business processes that exist. Then they throw it all over the fence to the ops team when their are operational problems they didn't think through and the business tells them to hand it over (and its a steaming pile of poo, and comes with documentation. That's if most of the team even sticks around (the smart ones left because they did all this resume driven architecture to advance their careers).

I have not worked at an org that didn't have good visibility into its own on prem environments. You know what subnets the network and security engineers have provisioned, and from there its easy to scan the network and find any rogue systems. Any of these systems that go unclaimed can either be shut off or their ports can be disabled. Not so easy to do in the cloud.

Scotiabank slammed for 'muppet-grade security' after internal source code and credentials spill onto open internet

Mr.Nobody

Re: Mean Mr. Mustard

Sadly, this is the same story everyone is dealing with in the cloudy world and developers.

Anyone who has let devs run free with a credit card or an account in the cloud winds up with stories like this. I am not suggesting that security and systems engineers don't make similar mistakes, but developers just don't think about, or have a lot of experience with locking down these environments, but the bean counters and CIOs that want to be "cloud enabled" and "flexible" and want to "innovate" just keep allowing this to happen.

We had a bunch of open S3 containers with data on it we didn't want in the wild. We got the email from AWS telling us about it, and it took days not only find out who was responsible for it, but who had the creds to do anything about it. It was a sole developer.

Page: