Grant Shipley gshipley at
Thu Dec 12 12:03:24 MST 2013


On Thu, Dec 12, 2013 at 11:49 AM, Jason Klebs <jasonk at> wrote:

> Grant;
> Thanks for the explanation.  I think if we're to make good decisions
> regarding these ideas and technologies, they have to be well understood
> first.
> As a cloud evangelist, what is your take on being able to trust 'the
> cloud?'  Personally, I don't put much trust in
> computers/infrastructure/software that I don't run or can't inspect -
> or, more likely, can't be inspected by people I trust.  Of course, there
> is a security/usability trade-off here: I don't care so much about
> streaming music from the cloud, but I don't want government spys (or
> perhaps worse, advertising spys) reading my e-mail - hence I am not
> using GMail.  Entire governments are leaving SaaS services and building
> their own infrastructure.  "Not hosted in the USA" is now a requested
> feature.

Very good point.  I often don't trust SaaS myself and am more in line with
your way of thinking.  However, the problem with trusting cloud is more of
a concern with trusting our government (USA for you google searchers who
found this thread in archives).  If the corporations didn't allow
government snooping there wouldn't be an issue.  Which is why I find it
comical that the federal government, the ones spying on us, is moving away
to private clouds because they fear spying. :)  There is also speculation
that Windows and OSX have backdoors in the operating system to snoop even
if running locally.  Ubuntu is good example of snooping with a more
indirect manner with their amazon search by default.  This is why I moved
away from Ubuntu.

A recent case I can think of is dropbox and how they have access to all of
your files even though they say they don't.
A few cases where people claim Amazon Cloud Player and Itunes Match
actually send all of your files to the RIAA for copyright violation.

At the end of the day, it comes down making the best decision for your
needs.  For me, that comes down to believing that companies hosting a PaaS,
like Red Hat or VMWare, know how to secure the operating system much better
than myself.  I used to run my own linux servers and without fail, if I was
a few days late applying a security update, I would be hacked.

That being said, I typically don't trust anything google related either.  I
still use gmail but thats about it.

> Personally, I don't see the cloud as the next big thing.  I see it as on
> a hype curve.  Right now it's very high on the curve, but the recent
> revelations - coupled with the fact that you have to completely trust
> your providers - is bringing it slowly down.

You are correct on this to some extent.  SaaS is no longer on the hype
curve and is clearly in the adoption phase.  IaaS is coming down the hype
curve and moving to adoption.  PaaS is still early and is climbing the hype
curve.  If PaaS makes the leap to adoption is yet to be seen but some very
good traction is already being made.  I know most about OpenShift, but with
that project alone, is already running it in production.  DISA
(federal government is using it).  FICO is using it.  Dreamworks is using
it.  The list goes on.  So it is in use by large corporations today.

> -Jason
> On 12/12/2013 11:08 AM, Grant Shipley wrote:
> > Let's clear up what cloud actually means then.  There are three types of
> > cloud computing:
> >
> > IaaS - Infrastructure as a service
> >
> > Think Amazon EC2, Google Compute Engine here.  The only thing provided to
> > the user is the hardware / vm.  The user is responsible for providing the
> > operating system, updating it, apply security errata, installing and
> > managing all applications, tuning the OS - databases - application
> servers
> > etc.  It addresses a real concern in the industry by reducing the time to
> > market for getting servers quickly.  With IaaS, you can spin up 1000
> > machines in a matter of minutes and grow as demand quires it.  The only
> > problem, no one knows what their final bill will be every month.
> >
> > You have to bring your sys admins, application code, and users along with
> > you.
> >
> > PaaS - Platform as a service
> >
> > The OpenShift, Heroku, CloudFoundry here.  PaaS sits on top of IaaS to
> > automate even more of the environment.  Typically the PaaS will manage
> all
> > aspects of the environment for you.  This includes database tuning,
> > automatic scaling, application server management, security updates to OS
> > and runtimes, etc.  Users of PaaS need to deploy and be responsible for
> the
> > application code that is deployed on the environment to ensure it is
> > robust, scalable, and cloud friendly.
> >
> > You have to bring your application code and users along with you.
> >
> > SaaS - Software as a Service
> >
> > Think, facebook, gmail, dropbox here.  Software as a
> service
> > is a WYSIWG environment.  The platform manages everything for you and
> often
> > times you can't customize the application code.  This is the cloud
> > technology that has been around the longest and widely adopted.
> >
> > You have to bring your users and your data to the table here.
> >
> >
> > The adoption rate among these three cloud technologies are as follows:
> > SaaS - Huge adoption.  This was a buzz word 8 years ago and we really
> don't
> > hear much about it anymore because its widely accepted and in use by 99%
> of
> > all corporations today.
> >
> > IaaS - medium adoption. People still have concerns about moving their
> > workloads to a public cloud provider (ec2) but a lot of people are making
> > this move.  When I talk about cloud computing to companies, one of the
> > first things I hear is -- we can't put our users email address and data
> in
> > a public cloud.  Our data is so important we need a 5 million dollar
> oracle
> > RAC server behind 15 firewalls. I think ask them what they use for sales
> > automation tools.  They proudly respond with  Face ->
> Palm.
> >  People don't realize that they are storing much more than users data in
> > the public cloud today.  With they are storing all of their
> > financials and forecasts.  Having access to someone environment
> is
> > more damning that having access to their internal oracle db.
> >
> > PaaS - low adoption.  This is the new kid on the block.  I fully expect
> > this to be mainstream and every developer will be using a PaaS in 3-5
> years
> > as they see the benefits for development.  The tidal wave is coming.
>  It's
> > best for us developers to go ahead and get familiar with it because it is
> > coming!
> >
> > Now, just to be clear.  You will hear a lot of other crap about cloud
> > computing.  IMO ignore it.  People and companies will tout things such as
> > mBaaS (Mobile backend as a service) MWaaS (Middle Ware as a Service) etc.
> >  All of these new buzz word terms can be recognized in one of three main
> > categories (IaaS, PaaS, SaaS).  I don't know why people are clinging to
> and
> > making up new as a services acronyms.  It just further confuses everyone
> > knew to cloud computing and is hindering the adoption of this fantastic
> > technology.
> >
> > --
> > gs
> >
> >
> >
> >
> > On Thu, Dec 12, 2013 at 10:29 AM, Jason Klebs <jasonk at> wrote:
> >
> >> In my opinion, 'the cloud' is a buzz-word, and regarding it, people act
> >> accordingly.  Buzz-words are meant to diminish understanding of
> >> something, not enhance it.  Therefore, a lot of places don't weigh the
> >> benefits and drawbacks of what is essentially a move to another hosting
> >> provider.
> >>
> >> While we're opening up cans of worms...
> >> I have assumed (even pre-Snowden) that every EC2 instance comes with
> >> root access for the NSA built-in.  Thoughts on this?
> >>
> >> -Jason
> >>
> >> On 12/12/2013 10:21 AM, Jonathan Duncan wrote:
> >>> On Thu, Dec 12, 2013 at 8:03 AM, S. Dale Morrey <sdalemorrey at
> >>> wrote:
> >>>
> >>>> For the most part, you can't just migrate existing systems to "the
> >>>> cloud(tm)".  You really do need to think of it as a re-implementation
> >> task
> >>>> and expect your costs to follow accordingly.
> >>>>
> >>>> Agreed. The Cloud is just another tool. Like any tool, if used
> properly
> >>> can be helpful, if used improperly can be deadly. The company I am
> >>> currently with is in the process of migrating all services to the
> cloud.
> >>> This includes an entire rewrite of the code base and entirely new
> system
> >>> architecture. It is a mistake to think of the Cloud in the same way as
> >> one
> >>> would think of traditional physical servers. For me, learning to use
> the
> >>> Cloud effectively has required me to adopt a new paradigm.
> >>>
> >>> /*
> >>> PLUG:, #utah on
> >>> Unsubscribe:
> >>> Don't fear the penguin.
> >>> */
> >>
> >>
> >>
> >> /*
> >> PLUG:, #utah on
> >> Unsubscribe:
> >> Don't fear the penguin.
> >> */
> >>
> > /*
> > PLUG:, #utah on
> > Unsubscribe:
> > Don't fear the penguin.
> > */
> /*
> PLUG:, #utah on
> Unsubscribe:
> Don't fear the penguin.
> */

More information about the PLUG mailing list