Deploying applications in the cloud is an exercise in outsourcing responsibilities to service providers in exchange for greater efficiencies and capabilities. But it also means greater risk. The October 2016 DDoS attack on Dyn demonstrated this clearly. Ensuring that your end users have a great application experience means that you need to be more aware and knowledgeable about the service providers that make up key links in your digital supply chain.
We’ll cover concrete examples of how you can monitor and better manage risk for five types of critical service providers:
- Cloud or hosting
- Internet service
- Content delivery network
- Managed DNS
- DDoS mitigation
Cloud and Hosting
First and foremost, when you’re operating in the cloud, you’re operating in an environment run and maintained by a third party. But responsibilities and risks vary based on the type of cloud provider you have.
In the case of IaaS providers, they handle all of the infrastructure management while you provide the code. Examples include cloud providers such as AWS, Google Cloud, Microsoft Azure, Rackspace Cloud, and DigitalOcean. When you’re operating in an IaaS environment, your focus is on ensuring that the infrastructure services (servers, containers, load balancers, etc.) provided are performing to expectations. This involves monitoring using the cloud provider’s own data, augmented by additional data you collect where you can; for example, using Nagios to monitor servers where you can deploy agent code. In general, you have to trust the monitoring systems of the cloud provider because it is the only source of data for many infrastructure services.
Contrast this with hosting or co-location providers (Equinix, CoreSite, Digital Realty, NTT, Telehouse) that provide network connections, power, and physical space, but are not responsible for servers, storage, or networking infrastructure in your immediate environment. When you’re operating in a co-location environment, you instrument the environment just like you would your own data center. You can poll devices, run monitoring appliances, and run agents across a broader set of infrastructure. You’ll also need to monitor your network environment more comprehensively, including Internet connectivity via ISPs.
Connectivity to your cloud-hosted application takes place through Internet Service Providers, typically chosen for you (in the case of IaaS) or offered as a menu (in the case of co-location). These ISPs are typically international transit providers (Cogent, Level 3, Tata, Telia, Hurricane Electric, NTT America) or regional networks (Comcast Business, Verizon, AT&T, Qwest).
In the case of IaaS, you don’t have a direct relationship with the ISPs, so you are at the mercy of your cloud provider to properly manage and maintain connectivity. Many IaaS providers, however, offer direct peering to your corporate network, with the potential for latency and reliability improvements. These direct peering links (AWS Direct Connect, Azure Express Route) have the potential to lessen your reliance on your cloud provider’s ISPs; they won’t, however, affect customer-bound traffic.
In the case of co-location environments, you choose your ISP and have a direct (meaning $$$) relationship with them. You are responsible for knowing whether they are meeting their SLAs, providing satisfactory availability and latency, and dealing with any outages. You should ensure that you have network monitoring set up for co-lo environments should your ISP have an outage. This type of monitoring can vary from simple command line tooling, such as ping and traceroute, to more complete packages of active network monitoring.
Read the rest of this article and a lot more in:
- Industry Research Data
- Articles Written by Industry Experts
- Cloud Architecture Infographic
- Directory of the Best Tools & Solutions