The High Cost of On Premises Infrastructure

scottalanmiller

IT Infrastructure is a challenge for any company and especially companies that are not large enough to implement their own, full scale datacenters. Like many things in IT, major challenges come in the form of lacking specific, seldom used expertise as well as lacking the scale to utilize singular resources effectively.

This lack of scale can come in many forms. The obvious one is in man power. Managing a physical computing infrastructure uses unique skills that are separate from IT itself and are often desired to be available “around the clock.” This can vary from security to electrical to cooling and facilities to “datacenter technician” style staff. Of course, smaller businesses simply do without these roles available to them, but this raises the cost incurred on a “per server” basis to maintain the infrastructure. Large businesses and dedicated datacenters leverage an efficiency of scale to make the cost of physically housing an IT infrastructure lower – either by actually lowering the cost directly or by raising the quality and reliability of the equipment.

The cost effectiveness of delivering power, cooling and datacenter services is only one aspect of the cost of IT infrastructure in a business. Where many businesses attack this problem, by reducing infrastructure investment and staff, may counteract some amount of the up front costs of the infrastructure, but generally does so to the detriment of availability and longevity of equipment. Whether it is a lack of ISP redundancy, an absence of diesel electric generators or shaving a year or two of service off of a server’s service life, these costs generally add up, often in ways that are difficult to identify and track.

We see the effects of low qualify infrastructure often come out in the behaviour and expectations of smaller businesses. For example in the enterprise datacenter an average server lifespan may be ten years or more, but smaller businesses often assume that a server is worn out and unreliable in seven or eight years. This increase in failure rate also leads to more concern about system failure. Smaller businesses often see a higher, rather than a lower, need to have redundant systems even when lower revenue would normally suggest otherwise. Small businesses are prone to investing heavily in high availability mechanisms, often at great expense, to mitigate a perceived risk of high system fail rates that larger businesses may be less likely to see. These factors can combine to create a high cost through more rapid system replacement and a tendency towards overbuying hardware – sometimes even doubling the otherwise necessary investment to protect against risks created by lower quality facilities management.

This concept is not unique to information infrastructure. In the audiophile world, while huge investments in high quality audio equipment is common, it is a rule of thumb that fifty percent of audio quality comes from the equipment and fifty percent comes from the environment into which it is placed. This lesson applies to information infrastructure. Lower cost gear may run longer and more reliably in a high quality physical environment than more expensive, better engineered equipment will in a lower quality one.

Of course the most obvious components of lower reliability come from being unable to maintain redundant generators, independent power rails, adequate fuel supplies, uninterrupted power supply units, steady temperature and humidity, air filtration and, of course, highly redundant multi-path WAN access. These aspects we think of all the time and are almost completely out of reach of all but the largest companies. Even simple things like restricting access to only essential server room staff can be an insurmountable challenge in a small environment.

These challenges create an opportunity to find alternatives for the SME, SMB and SOHO business markets to look for ways to leverage combined scale. While many companies today turn to ideas such as hosted cloud computing, the associated costs to elastically expanding capacity often make this impractical as this same market struggles the most to have the ability to utilize that type of functionality. Cloud computing can be an answer in some cases, but normally only for the very smallest of companies for whom a single server is too much scale, or for those companies so large that they have a DevOps-style automation infrastructure capable of scaling elastically with load demands and workloads that make sense for this process. But these companies are the exception, not the norm. More often hosted cloud computing makes sense for only a specific subset of public-facing workloads and only in some cases.

For the majority of companies too small to create the scale necessary to build out their own full scale IT infrastructure, the answer is likely going to be found in colocation. It must be noted that there are obviously potentially overarching locational or environmental factors that can make off-premises infrastructures impossible or at least impractical. Most businesses, however, will not be subject to these limitations.

Colocation tackles the cost challenges of the smaller business market by generating the scale necessary to make high quality, dedicated information infrastructure facilities possible. This includes staff, WAN connectivity, environmental controls, power, and expertise. Cost savings can often come from surprising places including lower power cost per kilowatt hour, lower cost of cooling and power conditioning and higher real estate density.

It is often believed that colocation represents a cost premium service for businesses that have needs above and beyond the average, but in reality colocation is often and should often be chosen because it represents an opportunity to lower costs while also improving reliability. Colocation, in most cases, will actually bring a cost savings on a month by month basis providing for an impressive return on investment potential over time as the initial cost can be equal or similar to other investments, but the ongoing monthly cost can be lower and, perhaps more importantly, the costs can become far more predictable with fewer risks and unexpected expenditures.

Because the cost of services are potentially very granular it is actually far easier for colocation lower the overall expenditure than is generally believed. For example, a small business with just one or two servers would still need certain basics such as air conditioning and UPS support plus footprint space and security; all dedicated for only a very small amount of equipment. In a colocation facility these servers may represent less than one percent of the cooling of a large, high efficiency cooling system, may use just a small fraction of a large UPS and so forth.

Colocation also frees IT staff from performing datacenter functions, at which they are generally untrained and poorly qualified, to focus on the tasks at which they are more valuable and intentioned. Then the datacenter tasks can be performed by experienced, dedicated datacenter staff.

Calculating exactly ROI can be challenging because individual cases are very unique and depend heavily on the workloads, use cases, independent needs and environmental factors of an individual business and the colocation options considered. But it should be approached with a mindset that colocation does not present only an opportunity for improvements in the quality or reliability of IT infrastructure services, not that it can represent a return on investment but that it may, in fact, do both of these things on top of fundamentally lowering costs overall.

scottalanmiller

Looking at real world examples we can look at many different price and scale points. From the smallest 1U single server environments to two or three 2U server environments to quarter, half, full rack hosting to cage areas or multi-rack environments. Different scale points offer different opportunities and challenges.

The easiest examples to tackle are the one and two servers scales which are also most applicable to the SMB market where it is relatively rare that more servers are needed (and when they are scaling the example is relatively straightforward.)

Moving to colocation does require some changes in thought processes, which is worth noting. SMBs running on premises systems may option for large pedestal or tower devices simply because there are no space concerns and planning for density does not enter the picture. But commonly 1U and 2U rack mount servers easily fit the bill.

Colocation also encourages a move toward hyperconvergence. Simplifying the physical installation and design of an infrastructure making it more self contained can be beneficial to making the move to a colocation facility even easier and make supporting an environment much easier. Being able to swap nodes, rather than to describe and support many different infrastructure components, can be significant. Also, moving physical support from IT to vendor can be beneficial here as well.

scottalanmiller

Placeholder for example

JaredBusch

The two biggest arguments that always have to be addressed are

1. speed of access to file shares
2. access to the client/server LoB app used now.

You normally flippant answer of don't use them is not the acceptable answer to the business principles that make the decisions. Yes, times are changing and WAN speeds and new technologies are moving things, but these two points have to be properly addressed to make any kind of realistic move to colocation for the SMB space.

stacksofplates

@JaredBusch said in The High Cost of On Premises Infrastructure:

The two biggest arguments that always have to be addressed are

1. speed of access to file shares
2. access to the client/server LoB app used now.

You normally flippant answer of don't use them is not the acceptable answer to the business principles that make the decisions. Yes, times are changing and WAN speeds and new technologies are moving things, but these two points have to be properly addressed to make any kind of realistic move to colocation for the SMB space.

The last place I worked had a very small number of employees (~15) but the size of the files they dealt with made it impractical to move data off site. With an 18Mb connection, doing CAD work with files that are multiple hundreds of MB in size isn't feasable. They use DropBox for some things, but the large majority had to be hosted on site.

bigbear

@stacksofplates said in The High Cost of On Premises Infrastructure:

@JaredBusch said in The High Cost of On Premises Infrastructure:

The two biggest arguments that always have to be addressed are

1. speed of access to file shares
2. access to the client/server LoB app used now.

You normally flippant answer of don't use them is not the acceptable answer to the business principles that make the decisions. Yes, times are changing and WAN speeds and new technologies are moving things, but these two points have to be properly addressed to make any kind of realistic move to colocation for the SMB space.

The last place I worked had a very small number of employees (~15) but the size of the files they dealt with made it impractical to move data off site. With an 18Mb connection, doing CAD work with files that are multiple hundreds of MB in size isn't feasable. They use DropBox for some things, but the large majority had to be hosted on site.

We have a huge number of CAD files and maps in house as well. Around 10TB and at any moment we may have to browse and find something.

Have looked at Panzura and Nasuni a few times but the cost of a storage gateway is still somewhat high.

scottalanmiller

@JaredBusch said in The High Cost of On Premises Infrastructure:

The two biggest arguments that always have to be addressed are

1. speed of access to file shares
2. access to the client/server LoB app used now.

Point one is the really hard one. Files take time to move, there's no "ignore it" answer. There is WAN caching, file caching, compression, "bigger links", WAN tuning, changes in file sharing infrastructure... but all come with cost or change.

LoB apps are generally easier. Modern apps rarely have big bandwidth problems are there are lots of good acceleration methods for older ones. Doesn't fix every single app, but it does address the majority.

NetworkNerd

@JaredBusch said in The High Cost of On Premises Infrastructure:

The two biggest arguments that always have to be addressed are

1. speed of access to file shares
2. access to the client/server LoB app used now.

You normally flippant answer of don't use them is not the acceptable answer to the business principles that make the decisions. Yes, times are changing and WAN speeds and new technologies are moving things, but these two points have to be properly addressed to make any kind of realistic move to colocation for the SMB space.

Couldn't we throw regulatory compliance in there too as a consideration?
https://www.truevault.com/blog/hipaa-physical-safeguards-explained-part-1.html

JaredBusch

@NetworkNerd said in The High Cost of On Premises Infrastructure:

@JaredBusch said in The High Cost of On Premises Infrastructure:

The two biggest arguments that always have to be addressed are

1. speed of access to file shares
2. access to the client/server LoB app used now.

You normally flippant answer of don't use them is not the acceptable answer to the business principles that make the decisions. Yes, times are changing and WAN speeds and new technologies are moving things, but these two points have to be properly addressed to make any kind of realistic move to colocation for the SMB space.

Couldn't we throw regulatory compliance in there too as a consideration?
https://www.truevault.com/blog/hipaa-physical-safeguards-explained-part-1.html

Not IMO. Because colo means the data is never in anyone else's hands.

scottalanmiller

@NetworkNerd said in The High Cost of On Premises Infrastructure:

Couldn't we throw regulatory compliance in there too as a consideration?
https://www.truevault.com/blog/hipaa-physical-safeguards-explained-part-1.html

Yes, compliance is one of the biggest factors keeping on premises from being a good option. Very few non-enterprises can maintain a secure local environment. So going to colocation is very important for those companies to maintain adequate physical security, that's a good point.

scottalanmiller

@JaredBusch said in The High Cost of On Premises Infrastructure:

@NetworkNerd said in The High Cost of On Premises Infrastructure:

@JaredBusch said in The High Cost of On Premises Infrastructure:

The two biggest arguments that always have to be addressed are

1. speed of access to file shares
2. access to the client/server LoB app used now.

You normally flippant answer of don't use them is not the acceptable answer to the business principles that make the decisions. Yes, times are changing and WAN speeds and new technologies are moving things, but these two points have to be properly addressed to make any kind of realistic move to colocation for the SMB space.

Couldn't we throw regulatory compliance in there too as a consideration?
https://www.truevault.com/blog/hipaa-physical-safeguards-explained-part-1.html

Not IMO. Because colo means the data is never in anyone else's hands.

And you can encrypt the entire colocation platform, so that physical extraction is not a direct concern as well. Someone stealing hard drives or even full arrays would be useless to them.

Dashrender

@scottalanmiller said in The High Cost of On Premises Infrastructure:

@JaredBusch said in The High Cost of On Premises Infrastructure:

@NetworkNerd said in The High Cost of On Premises Infrastructure:

@JaredBusch said in The High Cost of On Premises Infrastructure:

The two biggest arguments that always have to be addressed are

1. speed of access to file shares
2. access to the client/server LoB app used now.

You normally flippant answer of don't use them is not the acceptable answer to the business principles that make the decisions. Yes, times are changing and WAN speeds and new technologies are moving things, but these two points have to be properly addressed to make any kind of realistic move to colocation for the SMB space.

Couldn't we throw regulatory compliance in there too as a consideration?
https://www.truevault.com/blog/hipaa-physical-safeguards-explained-part-1.html

Not IMO. Because colo means the data is never in anyone else's hands.

And you can encrypt the entire colocation platform, so that physical extraction is not a direct concern as well. Someone stealing hard drives or even full arrays would be useless to them.

I'm less worried about physical theft than I am about someone plugging a USB stick in and infecting the host, etc.

scottalanmiller

@Dashrender said in The High Cost of On Premises Infrastructure:

I'm less worried about physical theft than I am about someone plugging a USB stick in and infecting the host, etc.

Infect it how? Can you describe this attack vector? When you plug a USB stick into a server, assuming that you have been breached in a datacenter to this level which is essentially unthinkable, and assuming that you've not disabled the USB ports, what would cause the files on the USB stick to be executed, or even mounted?

scottalanmiller

@Dashrender I've never tried this, but just thinking about it, no matter what is on a USB stick, I don't know that any ESXi, Xen, KVM or Hyper-V environment would react to the USB stick at all, or maybe just acknowledge that it exists. I'm not aware of any situation where they would "see" the files on the device. Obviously you can protect against this by blocking USB access on the hardware, you can stop the disk drives from being used, too.

But assuming that those things have been missed, I'm interested in where you've seen this threat and what has caused you to be concerned about it.

Dashrender

@scottalanmiller said in The High Cost of On Premises Infrastructure:

@Dashrender said in The High Cost of On Premises Infrastructure:

I'm less worried about physical theft than I am about someone plugging a USB stick in and infecting the host, etc.

Infect it how? Can you describe this attack vector? When you plug a USB stick into a server, assuming that you have been breached in a datacenter to this level which is essentially unthinkable, and assuming that you've not disabled the USB ports, what would cause the files on the USB stick to be executed, or even mounted?

Yeah I forgot about disabling the USB ports - so this should be a non issue. Never mind nothing to see here.

Dashrender

@scottalanmiller said in The High Cost of On Premises Infrastructure:

@Dashrender I've never tried this, but just thinking about it, no matter what is on a USB stick, I don't know that any ESXi, Xen, KVM or Hyper-V environment would react to the USB stick at all, or maybe just acknowledge that it exists. I'm not aware of any situation where they would "see" the files on the device. Obviously you can protect against this by blocking USB access on the hardware, you can stop the disk drives from being used, too.

But assuming that those things have been missed, I'm interested in where you've seen this threat and what has caused you to be concerned about it.

As you said, it's not real concern, you're much more likely to be breached like this in a SMB shop. As I said "move along, Move along"

coliver

@Dashrender said in The High Cost of On Premises Infrastructure:

@scottalanmiller said in The High Cost of On Premises Infrastructure:

@JaredBusch said in The High Cost of On Premises Infrastructure:

@NetworkNerd said in The High Cost of On Premises Infrastructure:

@JaredBusch said in The High Cost of On Premises Infrastructure:

The two biggest arguments that always have to be addressed are

1. speed of access to file shares
2. access to the client/server LoB app used now.

You normally flippant answer of don't use them is not the acceptable answer to the business principles that make the decisions. Yes, times are changing and WAN speeds and new technologies are moving things, but these two points have to be properly addressed to make any kind of realistic move to colocation for the SMB space.

Couldn't we throw regulatory compliance in there too as a consideration?
https://www.truevault.com/blog/hipaa-physical-safeguards-explained-part-1.html

Not IMO. Because colo means the data is never in anyone else's hands.

And you can encrypt the entire colocation platform, so that physical extraction is not a direct concern as well. Someone stealing hard drives or even full arrays would be useless to them.

I'm less worried about physical theft than I am about someone plugging a USB stick in and infecting the host, etc.

How is that any less safe then your office building? You have patients coming in and out all day, contractors, maintenance, etc etc etc. You don't know who is in your building and who could, just as easily, plug a USB stick in to a host.

A colo knows exactly who is in their building, many have biometric security and pressure sensitive pads to prevent piggy backing.

bigbear

@scottalanmiller said in The High Cost of On Premises Infrastructure:

@Dashrender said in The High Cost of On Premises Infrastructure:

I'm less worried about physical theft than I am about someone plugging a USB stick in and infecting the host, etc.

Infect it how? Can you describe this attack vector? When you plug a USB stick into a server, assuming that you have been breached in a datacenter to this level which is essentially unthinkable, and assuming that you've not disabled the USB ports, what would cause the files on the USB stick to be executed, or even mounted?

Dont you watch House of Cards?

scottalanmiller

@Dashrender said in The High Cost of On Premises Infrastructure:

@scottalanmiller said in The High Cost of On Premises Infrastructure:

@Dashrender said in The High Cost of On Premises Infrastructure:

I'm less worried about physical theft than I am about someone plugging a USB stick in and infecting the host, etc.

Infect it how? Can you describe this attack vector? When you plug a USB stick into a server, assuming that you have been breached in a datacenter to this level which is essentially unthinkable, and assuming that you've not disabled the USB ports, what would cause the files on the USB stick to be executed, or even mounted?

Yeah I forgot about disabling the USB ports - so this should be a non issue. Never mind nothing to see here.

But even if you didn't, is there an attack vector? How could you get something to execute if the USB was accidentally exposed?

scottalanmiller

@bigbear said in The High Cost of On Premises Infrastructure:

@scottalanmiller said in The High Cost of On Premises Infrastructure:

@Dashrender said in The High Cost of On Premises Infrastructure:

I'm less worried about physical theft than I am about someone plugging a USB stick in and infecting the host, etc.

Infect it how? Can you describe this attack vector? When you plug a USB stick into a server, assuming that you have been breached in a datacenter to this level which is essentially unthinkable, and assuming that you've not disabled the USB ports, what would cause the files on the USB stick to be executed, or even mounted?

Dont you watch House of Cards?

No and I'm guessing that this would make me want to avoid it?