Why you don’t want to run a roll-your-own cloud

DIY cloud computing

Thanks to my job, I have accounts on many public clouds. I also have production private clouds — open-source OpenStack and NextCloud spring to mind. But, but, as someone who cut his teeth on Unix system administration back in the 80s, I also run my own smaller private clouds using a homebrew of programs.

Self-hosting a private cloud can work, but it’s not, for everyone.

For example, Sovereign, a set of Ansible playbooks based on open-source software that you can use to build and run a small business cloud, is getting a lot of traction as a good self-hosting stack. Yes, using Ansible, a popular DevOps program, makes it easy to build a combination Infrastructure-as-a-Service and Software-as-a-Service cloud on a hosting service or your own hardware.

And, yes Sovereign includes some great software. For example, it uses Dovecot for e-mail, ownCloud for IaaS file storage, Apache for web-hosting, OpenVPN for a Virtual Private Network (VPN), Prosody for instant messaging (IM), and much more besides. While I’d switch out some selected programs, it’s an excellent selection of tried-and-true server programs.

Here’s the point. While a Linux-savvy sysadmin expert can keep all these components up to date and secure, that’s a lot of work. Does your company have someone with those skills? Who’s busy not doing other work?

Sure, this is the system administration model we were all used to. But the cloud is supposed to make it easier to run production level servers and services. This blast from the past, even with DevOps’s ease of deployment, isn’t the future.

As Dan Guido, CEO of security consultancy Trail of Bits, remarked on Ycombinator, “Fun todo: Install this somewhere, nmap it for open ports, then ask ‘How many of these services had a remotely exploitable CVE in the last year? If one of these services had one tomorrow, would I know to patch it and take action faster than someone would take over my box?’ I don’t see any containment mechanisms on any of these services beyond what’s included by default so a compromise of one service likely leads to total compromise of the entire box.”

How would you answer Guido’s hypothetical? Ask yourself: Do you have continuous monitoring, system alerts and regular reviews of audit trails? Do you have someone staying on top of security updates not just for your servers’ operating systems, but all the server applications running on top of it? If you don’t, you’re asking for trouble.

While the self-hosting, do-it-yourself approach is seen as “new,” it’s actually just the same old IT approach. That was fine in the ‘90s and ‘00s, but these days it’s showing its age.

Often self-hosting comes with the new coat of paint of Virtual Private Servers (VPS). The idea is that, by combining open-source software with VPSs, you can run your computing for far less than by using a cloud.

I doubt it.

If you add in the real costs of expert system administration and staying on top of your software stack, I think you’ll quickly find that a cloud is the cheaper option.

Sure, as an old-school system administrator, I like the idea of having my hands on my IT stack. But, from a business perspective, I know most companies will be better off using a modern cloud.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: