One of the decisions faced by anyone that wishes to have a cloud presence is what will be moved to the cloud, why, and whether or not there is a service that can be used instead of using virtual machines. Give The Virtualization Practice’s case, we plan on moving our customer facing VMs to the cloud, but what are those machines? The most important are a Web Server with a split LAMP stack, a Mail Server, and DNS.
When you move services to the cloud there is a loss of control over what lays below the service, in other words the security, users, and features of the underlying operating system and possibly the service itself. However, if you move virtual machines, the day to day administration of the the underlying operating system and service are within your control. So moving to the cloud as a service you lose control, but you can gain other capabilities, such as the ability to concentrate on your service with respect to business goals.
So let us look at The Virtualization Practice’s requirements a bit more. Ideally we want to move the following services:
- Load Balanced Production Web Servers based on a split LAMP stack. A split LAMP stack is where one or more components run on different servers. The LAMP stack is based on WordPress with its own set of privately developed themes and plugins.
- Development Web Server that mimics the production web server
- A DNS Server
- A Mail Server
There exists cloud services that can perform all these functions. We could use Google for Email, the domain registrar for DNS, and Rackspace Cloud Services for our LAMP stack. Just to name a few. However, we loose control.
BUt what does that control buy us? The ability to use caching technologies like Memcache, performance management tools such as New Relic RPM (which has a service that needs to run as the same user as the web server or root), the ability to harden the operating system against attack, as well as limit what users have accounts within the LAMP stack but more importantly within the operating system. For such things as email, this may be very important. And lastly, we gain the ability to keep the data within our various services confidential.
So we are torn, go with a cloud service or host our own VMs. In either case we need to be able to have the following when moving to the cloud:
- Encryption of Data at Rest
- The ability to replicate data into and out of the cloud encrypted at will
- The ability to know who touched our data, what they touched, how they did it, where they touched it, and when they did it.
- Exceedingly fast network access as we serve up PDFs amongst other content, not just text based web pages.
- Service based Load Balancing for at least HTTP, HTTPS, DNS, and SMTP
- The ability to add in performance based metrics gathering
- The ability to use additional services (ala Memcache) for our existing services’ presentation.
- Encrypted Automated backup and recovery testing of our services’ data
- Console access in order to update our services
We still have yet to decide, do we put our data into the cloud as a cloud service application, or we attempt to move virtual machines into the cloud. Given similar situation what would you do?