The Public Cloud Reality around support responsibility is not something often considered, instead we are looking at SLAs, legal documents, compliance documents, and many other items. Do we consider who is ultimately responsible when something goes wrong within the cloud? Is your Cloud provider a full partner or do they limit themselves to a small subset of the implementation? Do they have 24/7 support will be covered by the SLA, but what type of support? How qualified are the clouds support teams to help you with your application’s problems? Who is responsible?In a nutshell our experience shows that for IaaS, “You are Responsible” for everything installed within the virtual machine from operating system to application. The Cloud Service Provider is responsible from the virtual hardware on down. For SaaS our experience shows that the Cloud Service Provider is responsible for everything except your own data. PaaS is still a bit up in the air, but it looks to be everything above the platform such as your data and application. But what does this mean?
One of the questions I wanted to know before choosing a cloud is how does support work? At what level will the cloud help with support. I got varying degrees of answers. The cloud we chose provides in virtual machine support, but the security measures around that support were non-existent. They logged in as the ‘root’ user to look at the system. If you disabled this by simply changing the root password, they would no longer support you. This to me is a security nightmare waiting to happen. Not only do I have to TRUST their cloud admins, I have to TRUST their management of my most critical accounts with no way for me to control their capability to login.
What does this mean however?
Public Cloud Reality: Security
It means that I would have to add in more security to control their seemingly innocent access to not allow them to touch my critical data. BeyondTrust and other tools will help with this, yet it should not be necessary. Support capabilities should not require a poor security stance.
Public Cloud Reality: Knowledge
This type of poor security stance is, to me, an indicator of poorly trained personnel. The support people are there to help, but once you go off script and outside their comfort zone, they may not be able to help you much and often may hinder you. In our case, we had a workload that would suddenly spike to massive amounts of memory in use, when that happened, the system would seemingly fail and cease to work. Yet, it was not a failure per-say but the operating system doing what it was told to do by the configuration. The cloud support personnel pointed us to palliatives instead of helping with a true solution to the problem which involved finding out WHAT was taking up all the memory. Since this was a simple LAMP stack you would think the support folks would be able to assist. What they did provide, however, was slightly more information so that the root cause could be discovered, but they did not discover the root cause themselves. I must say however they did attempt to help and most likely their information did spark the place to look for the root cause, so I would call this a partnership of support.
The opposite is true when we talked to support about a problem with our SaaS application. The support folks understood their application, its limits, etc. and were able to come back to us with an answer fairly quickly. The misunderstanding ended up being on our end as we just did not know the application and how it lays out its data. They were also able to assist with this.
Concluding Thoughts
Ultimately, you want your cloud provider to be a full partner in supporting your cloud services whether IaaS, PaaS, or SaaS. You want them to not only practice good security measures but also be able to get to the root of the problem quickly, however at this time do not count on them to solve every problem. For IaaS, the support folks are generalists, for SaaS they are specialists, and PaaS is a mixture of both. However, they keep the hardware running and in many cases that is more than enough work, leaving the application or data to you.
What does this mean in the long run? If you move to the public cloud, you still need specialists who understand your application, its data, and the operating system upon which it runs. Some one who can work with the cloud service providers to find the root cause and provide solutions. Support Responsibility? It is ultimate the tenants, not the cloud service provider, after all it is your data.