Risk and Reward in the Cloud

December 13, 2010

TL:DR – private or public cloud? It is all a question of balance.

Another day, another public cloud failure.

Sometime on Friday December 10, 2010, claims content delivery network (CDN) provider SimpleCDN, two of its major upstream infrastructure providers, SoftLayer and Hosting Services, summarily terminated service for much of SimpleCDN’s infrastructure in Dallas, Seattle and Washington D.C. (I found out Saturday on Twitter through @Beaker).

According to SimpleCDN’s status page (reproduced below), this infrastructure constitutes the majority of SimpleCDN’s delivery network for its value services, including on-demand and live streaming services.

At the time of writing, SimpleCDN’s status page told their story:

From http://admin.simplecdn.com/ , visited 2010-12-11 13:30

From http://admin.simplecdn.com/ , visited 2010-12-11 13:30

So is this a big deal, or not a big deal?

I think it is a little of both.

It is clear that SimpleCDN customers – including Web hosting sites, application developers, streaming media providers, media production, game providers, and news distribution organizations – are suffering major service outages because of this failure. For them, there is no doubt that this is a very big deal.

It is a big deal for SimpleCDN too, of course. At the time of writing, it is unclear whether SimpleCDN will continue to provide services to remaining customers. Some competitors are making hay of these problems, offering switchover discounts while declaring (with what I believe is a disingenuously snide question mark) “SimpleCDN going out of business

For its part, SimpleCDN seems to be doing the right thing, working tirelessly through its Twitter stream (@SimpleCDN) to address customer concerns, and even working with erstwhile competitors like MaxCDN and Amazon CloudFront to provide alternative services. It should also be noted that SimpleCDN also says it has started to take legal action against SoftLayer and Hosting Services Inc. for what it calls:

“a deliberate attempt to cripple SimpleCDN’s current service offering [that] constitute[s] a conspiracy to remove us, and many other corporations affected by their reckless actions, from the marketplace”

However, in the bigger scheme of things – for consumers of public cloud services in general – this is really not a big deal at all.

It is just another risk to evaluate and manage.

As I have already published – and it clearly remains exceedingly relevant – downtime is endemic in the public cloud – but it is not unique to public cloud. Private cloud, and even plain old legacy infrastructure, suffers downtime and other outages to more or less the same degree as public cloud. Some public cloud providers even offer better uptime guarantees than the average privately owned and operated infrastructure.

Of course, it is possible to reduce your risk by opting out of some public services. For example, you can run your own Web site, lease private lines, buy your own fibre, or host your own DNS servers – just as many businesses still own their own real estate, trucking fleet, payroll, or generators. It is simple logic that the less a business relies on public/outsourced services – whether that is real estate, trucking, staffing, electricity, or information technology – the less risk it carries that those services will cease to be available, for whatever reason.

If you own your own trucks, no other private business can take them off the roads

After all, if you own your own fleet of trucks, you have more control over those vehicles, and no other private business can summarily take them off the roads. Similarly, if you own your own Web servers – or CDN – then no other private business can summarily take them off the Internet.

However, this does not mean owned infrastructure is an inherently better choice than shared infrastructure.

It is all simply a balance of risk and reward.

Leasing your fleet is no more or less valid than buying it outright. Even running your own power generation is no more or less valid than taking power off the public grid. Similarly, private cloud is not inherently a more or less valid choice than private cloud.

For each business, there are risks and rewards, costs and benefits. Each business must make a choice according to its own appetite for risk and reward. Moreover, within each business, individual business units (BUs) may have different levels of risk aversion, leading to different decisions on how much to outsource any given service.

The diversity of this risk-reward decision is the fundamental driver for hybrid cloud. Some businesses – and some BUs – will inevitably find the right balance in public cloud. Others will find it in private cloud. However, especially in large enterprises with multiple (often independent) BUs, it is most likely that each service group will choose independently, and not at all homogeneously.

Every enterprise will at some stage need to use some 3rd-party infrastructure

Indeed, it is inevitable that every enterprise will at some stage need to use some 3rd-party infrastructure. Company-owned trucks will eventually use public roads. Privately owned IT will eventually use some 3rd-party service, such as Web hosts, Internet service providers, domain name services, or packet routing.

So it is really just a question of how much 3rd-party infrastructure each business, business unit, or individual service or activity will use.

Which certainly bolsters my opinion that hybrid cloud will be the dominant choice, at least in the near future, for most businesses. It is simply a question of what is the best balance of risk and reward.

Tags: , , , ,

4 Responses to Risk and Reward in the Cloud

  1. David Holland
    December 13, 2010 at 17:36

    Good points. I read here that it is a bad idea to rely on another infrastructure that:

    – Has no (reasonable) alternate

    – Is not regulated or at least has aligned interests (roads and ISPs as you point out).

    This makes me think of Skype, Vonage and other infrastructure free services (or last mile free). These offer a service competing with the transport provider in many cases. The technology to monitor and disrupt those services was developed and sold to some of those transport providers (I only have direct knowledge of one vendor). It was not used (in some part) because the providers were regulated.

    I have no knowledge of the business processes that led to this situation and I have little doubt it will be difficult to sort out in court (should have gone to law school instead of engineering).

    Again, as you point out, “Pay attention kids, deke left go right or the cheetah gets you”

    • December 20, 2010 at 12:05

      David, thanks for the comment. Yes, you have nailed it pretty much, especially around lack of regulation and legal clarity. This is a brave new world, and a lot of the legal issues especially have yet to be raised, let alone tested. Meantime all we can do is proactively manage these potential risks, plan for worst-case scenarios, and yes – be fast and nimble to avoid becoming prey!