The Riverbed Blog (testing)

A blog in search of a tagline

When Buying Cloud Resources, Caveat Emptor

Posted by riverbedtest on July 1, 2011

The Latin phrase, "Caveat Emptor" means "Let the buyer beware" and it reminds us that it's up to the buyer Red Flag - Caveat Emptor (1998) to make sure that he is getting what he has paid for.  In practice, of course, there is also an implicit promise from the vendor that he is delivering what he has promised.

When you buy data center gear, you know exactly what you are paying for.  You are buying a computer from Vendor H, with, say, 16 GB of RAM, a 3.2GHz processor, 4TB of disk space, 2 10Gb Ethernet ports, and the like.  And even if you run one or more virtual machines on that system, you still know what hardware you're running on, and how much network capacity you have.

More and more, though, we are hearing stories of cloud vendors who refuse to tell their customers what equipment their applications will be running on, and which vendors' disk drives their stuff will be stored on.  This strikes me as a poor practice.  Without that information, and the ability to verify its accuracy, the buyer has no way to ensure that he is getting what he is paying for. Or that performance will be maintained at the level that he expects and has paid for.

Cpu-2 All CPUs are not the same.  All disk performance is not the same.  And, as we at Riverbed know all too well, all network performance (and all WAN Optimization) is not the same.  You would never let your hardware vendor send you unidentified equipment without knowing the specs, so why would anyone ever accept unidentified hardware for their cloud resources?  If you ask me, if your cloud vendor won't let you know exactly what hardware your stuff will be on, it may be time to look for a different cloud vendor.

Dave Shackleford wrote a terrific introductory paper on Cloud Security (that link downloads a PDF) which is available for free online in The SANS Institute reading room.  (Learn more about The SANS Institute here.)  Dave discusses this very issue on page 11.

The paper actually predates some of the security measures in Riverbed's Whitewater product, but the concepts and ideas that he presents are clear, easy-to-read, and important.  It's a good read.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: