Sure to gore some oxen: Not everyone's sold on Azure

[phaZed]

@phaZed All that on premise stuff has vulns just like the cloud services. The difference is YOU have to patch it..

To be clear - this is for only me and my one-man business - I deal with the cloud services ad infinitum for clients - and I recommend cloud services to them constantly. I see the benefit for them, but I rather not for myself.

Everything can be set to autoupdate - I haven't messed with it in prob about a year and that was only to diagnose a Plex database issue.

Not worried about "fat-fingering" and losing the platform - that's what the multi-redundant storage pools are for (for the data) - and Unraid boots from a USB stick - of which I have two - an A and a B - where as if the platform update fails, I can revert it back immediately - just like a dual BIOS.

It's been essentially a zero maintenance item for over 5 years.

 

[britechguy]

I'm DONE running to a client's office in a mad panic because that server went down because they refused to upgrade it while it was 5 years out of warranty.

And, to be perfectly honest, you shouldn't have been doing so in the first place.

The old saw, "A lack of planning on your part does not constitute an emergency on my part," holds, and should be put in contractual language, too. Clients have responsibilities to keep their IT infrastructure up-to-date if they want anything even vaguely approaching 24/7 coverage, and if they won't do that then they don't get that.

We encourage bad behavior, of all sorts, by being willing to be available 24/7 for whatever stupid mess not of our own makings that clients get into.

Learning how to say, "No, that will be handled during normal business hours," is a worthwhile skill. We do ourselves no favors by training clients to believe that 24/7, instant service is a reasonable expectation from one-person or even very few persons businesses. And if we want to have any semblance of work-life balance, we just don't do it.

 

[britechguy]

It's been essentially a zero maintenance item for over 5 years.

I comment on this only because it's a perfect illustration, right here, about how once a given infrastructure is in place and "doing what I/we need it to," in tiny businesses in particular it's not likely to be touched, period, end of sentence.

When you have limited resources (and any one-person or small business does) the adage, "If it ain't broke, don't fix it," applies. And "run to failure" is a very common strategy/default (as it's not really a strategy in any meaningful sense of that word).

I'm endlessly shocked how many here don't seem to recognize this, nor understand why it is, and know that this is what many of us have to work with on a constant basis. And we can't just sweep in and dictate that an ecosystem of our personal liking is going to be set up if we're not MSPs, and many of us aren't.

 

[Diggs]

I really see no reason to use a Cloud service

Really? I find universal access to my files from my desktop computer, laptop, phone and bench computers to be huge. It's nice that my files are backed up in multiple data centers on state of the art equipment but not my main reason for the cloud.

 

[phaZed]

Really? I find universal access to my files from my desktop computer, laptop, phone and bench computers to be huge. It's nice that my files are backed up in multiple data centers on state of the art equipment but not my main reason for the cloud.

I have all that, and I didn't need their service. Been doing this since before there was the buzzword "cloud".

 

[nlinecomputers]

Nobody taught him the importance of drawing a diagonal stripe along the top edge of the deck? It makes manual re-sorting trivial when the inevitable spill happens.

(I'm not that old, but I've used machines that are.)

TIL.

I had seen such stripes but didn't know the significance.

 

[britechguy]

Nobody taught him the importance of drawing a diagonal stripe along the top edge of the deck? It makes manual re-sorting trivial when the inevitable spill happens.

Definitely a useful trick. But actually using card numbers (which were possible for every language when I was coding on cards) is an even better idea. Let the machine do the sorting, although you have to remember to do it (and to leave adequate gaps between each card number).

 

[britechguy]

But for the sake of keeping this on topic

That ship has sailed. And as the OP, it's a big "meh" to me that it has.

 

[Diggs]

Nobody taught him the importance of drawing a diagonal stripe along the top edge of the deck? It makes manual re-sorting trivial when the inevitable spill happens.

(I'm not that old, but I've used machines that are.)

Heh! Yes, the stripe was used by most/all grad students (they were the ones with the "big" programs) back in the day and I don't know if he had used it or not but the cards cascaded down the stairs and even with the stripe getting that many cards back in order is probably at least an all day job. I bet there were at least several thousand cards in a couple of boxes (different colored stripes for different boxes as I remember). Heck, it took at least 50-100 cards just to declare your variables back in the Fortran days. Thank goodness the program I had to write for my MBA was done in Basic as I struggled with Fortran as an undergrad.

 

[Sky-Knight]

I comment on this only because it's a perfect illustration, right here, about how once a given infrastructure is in place and "doing what I/we need it to," in tiny businesses in particular it's not likely to be touched, period, end of sentence.

When you have limited resources (and any one-person or small business does) the adage, "If it ain't broke, don't fix it," applies. And "run to failure" is a very common strategy/default (as it's not really a strategy in any meaningful sense of that word).

I'm endlessly shocked how many here don't seem to recognize this, nor understand why it is, and know that this is what many of us have to work with on a constant basis. And we can't just sweep in and dictate that an ecosystem of our personal liking is going to be set up if we're not MSPs, and many of us aren't.

The thing is, it doesn't matter.

Unless the business doesn't use email, not maintaining your gear is a zero sum game, click the wrong thing and BOOOM small business over.

I rather want to see more small businesses succeed, but failure to invest properly kills them, all, without exception.

 

[Sky-Knight]

I have all that, and I didn't need their service. Been doing this since before there was the buzzword "cloud".

Yeah so have I, just not with the performance values I have now, and nowhere near the durability.

 

[phaZed]

Yeah so have I, just not with the performance values I have now, and nowhere near the durability.

I think it really depends on what you're doing, and what your needs are. A server like mine would cost a lot to "rent" on the internet.
Intel 10700F 8C/16T - 64GB DDR4-3200 - 4-port 10Gb NIC - 71TB of Storage (81% used) - RTX 3070

If I were to get that from Azure (D16as v5) (and really, not even comparable still; Azure Spot wouldn't work for me):


Then, couple that with my storage needs, I would need 3x S80 allocations(monthly):


... and there would be extra fees for IOPS

So, if I go with "the best savings" 3-year pricing:
$230/mo
3x S80 Storage @ $953/mo

Grand Total: $3089/mo or $37,068/yr
..and that's without the extra fees and provisioning's/setups.

Considering I've upgraded my server 3 times over already, and I get a lot of parts for free being in the computer repair business... I probably only have $2000 into the server over the past 5 years, mostly for storage upgrades. That's an average cost of $33/mo or $400/yr.

And yes, I actually do use my server. It hosts over a dozen services, storage is 81% full, and the video card gets used for not only transcoding but also for AI and Stable Diffusion workloads - for actual work. I have over a dozen VM's - Every version of Windows down to XP, Flavors of Linux, Mac and a few Webservers. I have a deployment server with said VMs' images. It's my virtual hacking lab. It's a media server. It's a Smart Hub for over 60 Smart devices and an MQTT and NodeRed state machine. It's a intermediary backup server - that then uploads selected encrypted backup blobs to cloud storage. I use it for storing and editing in real-time, video and audio with Ableton Live Pro and Davinci Resolve.

Show me where I can rent that, in the cloud, for under $40/mo with 10G networking (on my 1G ISP) - and I'll think about switching.

All that being said, I own half a dozen VPS's from Amazon, OVH, DigitalOcean and a2Hosting - all dedicated to certain things that need to be off my network or provide services to clients or otherwise. I'm starting a Website Hosting Service (Rented, Hosting reseller VPS) running WHMCS and WP-Ultimo. So, I'm not a stranger to this stuff... I just don't find that placing my personal information on someone else's computer, of which the courts in the US have decided - it becomes 'their' data to be searched - it's not very appealing to me. And to have to pay the equivalent price of a new luxury car every year for "the privilege", well.... no thanks.

 

[Sky-Knight]

So many logical faults...

I'll start with the legal one, you're just straight up wrong. The data is only theirs if the EULA defines it as such, and Azure very much doesn't. There is a difference between SaaS (data and infrastructure is theirs), PaaS (data is yours, infrastructure is theirs), and IaaS (Everything is yours except the actual hardware).

Each has different responsibilities, liabilities, and legal realities surrounding it. Azure is mostly an IaaS platform, so much so that if you're worried about Microsoft snooping you can deploy your own encryption keys to prevent anything from outside your scoped environment from reading the files. There are cryptographic means to verify this too, so you don't have to trust anything. Zero Trust applies here, deeply.

Now, cost is a big factor... Azure is not cheap, and while I think their execution pricing is fair, their storage and access fees very much are not! If you've got a huge media library you're mucking with it's VERY expensive in the cloud, and the only cloud vendor I know of that anyone in my circle uses for that purpose is Hetzner. I don't know exactly how it's configured because I've never used it, but I know a few people that run their Plex servers in Hetzner directly.

Now, as for the pricing... you're being nuts too. Straight up apples to oranges. When you rent a machine in the Azure cloud you aren't putting that VM into a single block of hardware, you're putting it into THREE. There are three server racks with replicates of your VM on it inside 1 datacenter. That's the bare minimum Microsoft will sell you. So now you're renting 3x the server execution space, 3x the storage, 3x the power, 3x the cooling, 3x everything.

Now if you don't require that level of resilience you find another solution, and yes in the case of a personal media vault on premise is my preference as well. But don't delude yourself into thinking that box you have at home costs you $40 / month. It's $40 / month in hardware investment, probably about $10-15 / month in power by the time you get done factoring in cooling costs of the home too, and however much more per month it costs to maintain the network connectivity, security, patching, and everything else that goes into maintaining that platform. It's still a vastly smaller number than this sort of thing would cost in Azure, AWS, or GWS.

I can get Azure VMs priced such that they are basically a wash for clients buying new servers compared to the Dell financing on just the hardware platform. EXCEPT for media vaults, Azure makes zero sense here. So your choice to bring that home makes perfect sense, but you're also saying that's a noncritical workload. And you're willing to accept the connectivity issues associated with the average ISP.

 

[britechguy]

And you're willing to accept the connectivity issues associated with the average ISP.

Who isn't? What other choice do we have? (Ignoring the possibility of a couple of ISPs in some areas).

For many of us, the ISP (singular) we have is it. For a decent number, you may have a choice of two or three. Having more than that is a rarity outside major metropolitan areas.

And, in the end, we're all connected to the internet via an ISP. That's not a DIY proposition for the vast majority of people, period. So if all that's available is a crappy one, you're up the creek. (And this is coming from someone who, up until very recently, had a number of clients whose one and only option was satellite internet that was flaky as all get out.)

 

[phaZed]

So many logical faults...

I'll start with the legal one, you're just straight up wrong. The data is only theirs if the EULA defines it as such, and Azure very much doesn't. There is a difference between SaaS (data and infrastructure is theirs), PaaS (data is yours, infrastructure is theirs), and IaaS (Everything is yours except the actual hardware).

EULA's don't and can't surpass US law. Between the Patriot act, the CIA, the CLOUD act, FISA and FISC and CJIS- and the various precedents set (Megaupload, Apple CSAM, etc) - the data effectively isn't yours if they're able to comb through it and use it as they see fit (Legal action or otherwise) against the Constitution (Unreasonable search and seizure). I would implore you to look up that subject. The EFF has gobs of examples and the actual case law.

so much so that if you're worried about Microsoft snooping you can deploy your own encryption keys to prevent anything from outside your scoped environment from reading the files. There are cryptographic means to verify this too, so you don't have to trust anything. Zero Trust applies here, deeply.

Except that Microsoft developed the COFFEE program (and subsequent tools) to provide that encrypted data from a live machine, effectively bypassing encryption in most cases (Their servers are live, and accessible to them and law enforcement). If you have your files available for use online (eg. Onedrive) and it has a cloud portal you log into... they can too. So, if I wanted to be entirely secure, I would lose that functionality - effectively negating the entire argument for "having files accessible on all my devices, in the cloud, etc". Any recovery and decryption would need to occur entirely on my/your local machine prior and after storage and recovery. So, no way to effectively download "a file" - I would need to download the entire backup set to recover on a local-to-me machine. Just not feasible or useful except for something like an encrypted Acronis backup blob.

The BYOK on Azure isn't secure from Law Enforcement or the US Government. The HSM is theirs - it only protects your keys in transit and at rest - but their policy is comply with legal demands.

We will not attempt to defeat customer-controlled encryption features like Azure Key Vault or Azure Key Vault Managed HSM. If faced with a legal demand to do so, we would challenge such a demand on any lawful basis, consistent with our customer commitments as outlined in this blog

Control your cloud data by using Managed HSM

Get an overview of the safeguards and technical measures that help customers meet compliance requirements in Azure Key Vault Managed HSM.

learn.microsoft.com

They can challenge.. and lose.

• We are transparent: We have, for many years, published information about government demands for customer data. We sued the U.S. government over the ability to disclose more data about the national security orders we receive seeking customer data and reached a settlement enabling us to do so. As a result, twice a year, we disclose more detailed information about these national security orders across all our businesses (consumer, enterprise, and public sector), in addition to our regular Law Enforcement Request Report.

And there you can see how many times they lost and provided customer data.

Now, as for the pricing... you're being nuts too. Straight up apples to oranges. When you rent a machine in the Azure cloud you aren't putting that VM into a single block of hardware, you're putting it into THREE. There are three server racks with replicates of your VM on it inside 1 datacenter. That's the bare minimum Microsoft will sell you. So now you're renting 3x the server execution space, 3x the storage, 3x the power, 3x the cooling, 3x everything.

Well, I disagree. If their only offering is to Virtually put me on 3 servers - that's their equivalent offering. Where is the "I want one server" option? Well, ok then. My only option is to compare the service I would need to replace my on premise server, that is available. I'm not asking for 3 servers from them... and functionally I don't get 3 servers. I only get one server's worth of compute/resources... not 3.

But don't delude yourself into thinking that box you have at home costs you $40 / month. It's $40 / month in hardware investment, probably about $10-15 / month in power by the time you get done factoring in cooling costs of the home too, and however much more per month it costs to maintain the network connectivity, security, patching, and everything else that goes into maintaining that platform. It's still a vastly smaller number than this sort of thing would cost in Azure, AWS, or GWS.

I'm not, but on the other side of the coin, don't delude yourself, either. You're still paying for Internet to connect, you're still paying for power to use your endpoint(s) and they produce heat, too. That's why I didn't feel those things necessary to include as it's more or less a wash... and miniscule in the scope of things.

My server runs a little over 100w with all it's drives, according to my APC UPS, at idle (Where it stays for the overall majority of time)

• $0.14 x 0.1 kWh x 24 hours = $.336, or 33.6 cents per day
• or $2.352 a week
• or $9.408/mo
• or $122.30/yr

Even if I theoretically ran the thing at full tilt at approx 600w it would only be $733.82/yr. We're a far cry from new car territory.
Air conditioning? For my PC desktop hardware server? C'mon... peanuts. I spend more money keeping my main door open for customers (storm door only).

Or, if I decided I needed Azure "quality" of having 3 servers - still not even close to Cloud pricing.

The thing runs at 38degrees (CPU temp) and there is no appreciable "heating" in my room. Max temps under 100% load - about 65.
Also, in Virginia, it's cold in the Winter - so effectively I lose no money for half the year due to it's heat - and it's more efficient as it's providing a beneficial service to the AC, no?

An oven at 400 degrees cooking a Turkey once per year is more detrimental than the entire server is for a year, in this regard.

and however much more per month it costs to maintain the network connectivity, security, patching, and everything else that goes into maintaining that platform. It's still a vastly smaller number than this sort of thing would cost in Azure, AWS, or GWS.

Mine is essentially zero cost over 5 years and absolutely minimal hands-on time in doing any of those things (3 hours a year, maybe?).

I can get Azure VMs priced such that they are basically a wash for clients buying new servers compared to the Dell financing on just the hardware platform.

Maybe. Again, it all depends. Most clients don't need much, they don't do much. I mean, we could go out and get a $669 PowerEdge T150 Tower as a server for most people's needs and it would be "more powerful" than a $20/mo cloud service. If we assumed a $20/mo service for them, we pay the cost of a T150 in less than 3 years. That PowerEdge is going to run for at least 5 years, if not 10. So, the cloud is, by cost alone, 3-6x more expensive. Not to mention, businesses (most US jurisdictions) get to write off most of their hardware purchase at tax time.. not so with a service of where you didn't purchase any hardware. Caveats not withstanding.

but you're also saying that's a noncritical workload. And you're willing to accept the connectivity issues associated with the average ISP.

My LAN is up 100% of the time.. even though my ISP is (virtually never) down. My last ISP outage was 3 years ago, for 23 minutes. I retain connectivity to my entire workflow even without internet. Cloud users lose all connectivity and are reliant on not only their ISP, but the Cloud service's ISP, too. Not to mention I have a free redundant failover ISP connection (legally) via Comcast neighbors (I have Verizon).


Cloud works for some, but not all. Your data is questionably secure in the cloud. Those are my only points.

One more thing I gotta ask is.. why do you need all of your personal data stored on the cloud? Do you really need to access your Tax return from 2018 at the gas station on your phone? What personal files is everyone accessing, that they needed immediately, on their phone? I can't think of too many situations where that was a problem for me not having it accessible, wherein I couldn't just go home and get it or share it on a service on a as-needed basis. Seems silly to pay for such a pricy thing for the off chance I might need something one day.

 

[britechguy]

One more thing I gotta ask is.. why do you need all of your personal data stored on the cloud? Do you really need to access your Tax return from 2018 at the gas station on your phone? What personal files is everyone accessing, that they needed immediately, on their phone?

Smartphone access is beside the point, really. Your question stands regardless of the platform.

And the answer, in reality, is that there are a very select few files that any one of us may need or want "at any time, anywhere." And it's easy to put those carefully curated files on the cloud while leaving the rest safely tucked at home.

 

[YeOldeStonecat]

One more thing I gotta ask is.. why do you need all of your personal data stored on the cloud? Do you really need to access your Tax return from 2018 at the gas station on your phone? What personal files is everyone accessing, that they needed immediately, on their phone? I can't think of too many situations where that was a problem for me not having it accessible, wherein I couldn't just go home and get it or share it on a service on a as-needed basis. Seems silly to pay for such a pricy thing for the off chance I might need something one day.

Nobody "NEEDs" a TV or stereo in their house, nor a microwave, nor a dishwasher...but once you get used to things like that, it's hard going back to the stone ages.

Similar to smart phones, I have every picture I've managed to have...store in photos.google.com. I even scanned in 3x5 pics and 35mm slide pics. It's pretty cool to be able to instantly access them from any computer I'm on, or my cell phone. During some conversation I can quickly snag a pic and show it. Instead of having to drive home...print it out...return to the person..and hand it to them.

Similar with "work stuff"..I can get to ANY file I need, in our company file storage, via Teams app, or sharepoint, even one drive app...on my phone, and bring it up.

I've set up lots of contractors with 365 and their phones...so they can use the OneDrive app to take pictures of some project/onsite they're on (we even do this too)...save it right to a Teams library, and people in the office can get right to them in a minute or three.

In todays modern world of instant access..yeah, hard to go back to sneaker net and floppy disks.

 

[phaZed]

Similar to smart phones, I have every picture I've managed to have...store in photos.google.com. I even scanned in 3x5 pics and 35mm slide pics. It's pretty cool to be able to instantly access them from any computer I'm on, or my cell phone. During some conversation I can quickly snag a pic and show it. Instead of having to drive home...print it out...return to the person..and hand it to them.

But again, that's not a cloud service you generally pay for as an extra thing as it's included with your phone's account. During a conversation, couldn't you simply show them the picture you just took? Email? Share from phone to phone? Your not going out to buy "Azure" to store your google photos or iCloud photos, so it's kind of a red herring there.
Who's driving home to print when you could print to virtually any printer you can find around when you can simply show them a picture you just took, in person? It seems like a redundant costs, to me, to purchase a dedicated service for that. Also, your phone pictures are not your "Documents" - and can be effectively secured from scrutiny by not taking porn pics or pics of important paperwork, passwords, etc... of which I don't do - so "that cloud" service is fine with me.

Similar with "work stuff"..I can get to ANY file I need, in our company file storage, via Teams app, or sharepoint, even one drive app...on my phone, and bring it up.

So can I, without a service. Or with a service... or both... but it's my choice as to how that works.

I've set up lots of contractors with 365 and their phones...so they can use the OneDrive app to take pictures of some project/onsite they're on (we even do this too)...save it right to a Teams library, and people in the office can get right to them in a minute or three.

And they can't login to your self-hosted cloud server? DDNS? I fail to see what is unique here.

In todays modern world of instant access..yeah, hard to go back to sneaker net and floppy disks.

In today's modern world, instant access can be had by all - and it doesn't take a monthly service to do so.

To each their own. I'm not saying it's a bad solution to go fully cloud for many people/businesses... but if the goal was to save money or have "extra functionality" - I just don't see it. Looks like a downgrade, to me.

 

[britechguy]

Nobody "NEEDs" a TV or stereo in their house, nor a microwave, nor a dishwasher...but once you get used to things like that, it's hard going back to the stone ages.

Yes. Key words, "once you get used to."

I have never allowed myself to "become used to" things I don't need (yes, need) or really want based on daily life. I don't now, and never will, want or need instant access to each and every piece of electronic information I have amassed over the course of decades. Most of it is of an archival nature.

I can't help it if anyone else insists they must have instant access to everything always. If ever there was a "want" versus "need" that's it. They want it, the probability that they need it, or even use it for the vast majority of their stash, is very small.

 

[YeOldeStonecat]

One more thing I gotta ask is.. why do you need all of your personal data stored on the cloud? Do you really need to access your Tax return from 2018 at the gas station on your phone? What personal files is everyone accessing, that they needed immediately, on their phone? I can't think of too many situations where that was a problem for me not having it accessible, wherein I couldn't just go home and get it or share it on a service on a as-needed basis. Seems silly to pay for such a pricy thing for the off chance I might need something one day.

"Why do you need all of your personal data stored in the cloud"...those were your own words back a few replies. You generalized the convenience in broad strokes..."cloud service". Thus...I'm not just talking about Azure. I'm referring to almost anything, an example being how Google ties in AndroidOS with their online service photos.google.com. Could also be ICloud.....could also be OneDrive on 365, could also be OwnCloud, could also be <insert any of many various cloud services, pay for, or free>. Because, you simply replied "<anti> stored in the cloud".

A picture, or a document, doesn't matter...it's a file. It's the concept I'm talking about. Doesn't matter if it's a tax return from 2018, or a pornographic picture of a hot red head, or a spreadsheet of money owed from customers on my paper route, or a schematic diagram to help me disassemble a transmission. It's a file....conveniently accessed by a device in my hand via a cloud service linking that device to storage "in the cloud".

So can I, without a service. Or with a service... or both... but it's my choice as to how that works.

I'm curious how you would approach things that I described..without some "cloud service". Two cups and a string in between?