The Doppler Quarterly Fall 2018 | Page 16

9. You submit a ticket to your InfoSec team to check your
server for vulnerabilities after you spin it up
This just smells of manual effort, ITIL processes and delays—not that checking
for vulnerabilities is bad. On the contrary, it is absolutely essential, but that
checking should be done automatically via your deployment pipeline. Your
InfoSec team should be responsible for defining processes and the gates
needed to ensure that servers are secure, but they should absolutely get out of
the way when those servers get launched. The InfoSec team should be the
enablers of security, instead of gatekeepers preventing things from being
deployed quickly.
10. Your Operations group is learning how to run Check-
Points, NetScaler, F5s, SolarWinds, Cisco routers and
other data center tools in the cloud
Just do not do it. I am not against any of those tools per se, but do not blindly
run to implement them in the cloud just because you have them in the data
center and are comfortable with them. The
whole point of tools is to help you achieve cer-
tain objectives, but there might be different
ways to achieve those objectives in the cloud.
Some of the old tools were never built for the
cloud and its dynamic nature, and trying to
force them into your cloud architecture could
prove to be more detrimental than beneficial.
Figure out what you are trying to do first, and
work toward that. Case in point: if you use a
monitoring tool in the data center to tell you
when the server goes down so you can launch a
new one, you might want to consider designing
the architecture in the cloud to re-launch a
server automatically without paging your Oper-
ations staff to do the same.
The whole point of
tools is to achieve
certain objectives,
but there might be
different ways to
achieve those objec-
tives in the cloud.
11. You compare the cost of an on-premises server to a cloud
instance to identify the savings
It is very tempting to do that, since most public cloud providers list the price of
various instances online. After all, multiply X cents per hour times 720 hours
per month and you have your cost. Match that against what it costs you for
on-premises, and you can identify your savings or additional costs depending
on the result. However, thinking that way is extremely short-sighted for several
reasons. First, server costs alone do not represent the true costs of running IT.
Second, even if the server in the cloud is more expensive, that might be OK if
you get more out of it. Simply take a look at our mobile devices. We pay a lot
more for them now than a few years ago, but buy them anyway since they offer
features and convenience we never had before. Last but not least, the mentality
14 | THE DOPPLER | FALL 2018