A key benefit of using an open source application instead of a SaaS is the choice of deploying it in any environment, on-premise or in the cloud. Before you break out your credit card to buy a server or open an AWS account, you should consider the advantages & drawbacks of each option for your use case.
For some customers, the choice is clear one way or the other. In most cases if you’re a small business with a dispersed team, using AWS, Azure or GCP is going to be your best choice. On the other hand, if you handle sensitive data that needs to remain on site, you will probably need to house your own servers at your office or an owned datacenter.
But as with most things in life, there are solutions in between as well. You could opt for a private cloud, where you have your own dedicated hardware instances in a co-located datacenter. This prevents your workloads from being affected by the “noisy neighbor” effect, and especially for CPU-intensive applications, can be more cost effective than virtualized instances on the public cloud.
For the purpose of this article we will draw comparisons between deploying an application on-premise (hardware you manage & maintain) or in the cloud (hardware your cloud provider owns & maintains).
The cloud clearly wins, with a much shorter time-to-benefit and no up-front hardware investment required. Once you (or an architect) identifies the compute, network, and storage resources needed for your application deployment, it’s as simple as provisioning those instances from a dashboard in the cloud.
With an on-premise deployment, you must involve a hardware reseller or OEM and review whether the specifications of the machines you choose meet the requirements for the project. On top of that, you need to wait for the machines to be built and shipped, and have a set of hands to plug them in at your location.
Deploying your application in the cloud can also be a low-stakes way to evaluate it as a pilot project or proof of concept, before rolling it out to all your users. If you ultimately decide not to proceed with the full deployment, you can return the instances to the cloud at any time and stop incurring any costs.
The total cost of ownership compared between on-premise and cloud depends on your scale. If you are a world-scale company with IT demands like Facebook or Dropbox, it makes perfect sense to own your own datacenters and hire full-time site reliability engineers to look after them. For small to mid-sized businesses, using the cloud is an excellent way to share the costs of highly qualified engineering staff, state-of-the-art datacenters, and 24/7 monitoring with other users – luxuries you otherwise would never be able to afford yourself.
Even if you have your own internal IT department, if technology is not your primary business, you are most likely much better off running your business-critical applications in the cloud. It is true that you pay a sizeable markup on the raw cost of the hardware, bandwidth, power and cooling, but that’s often well worth it to benefit from the cloud provider’s economies of scale.
Articles like this are often circulated about the exorbitant cost of bandwidth at the Big 3 public clouds, and running applications that push a lot of bytes can indeed get real expensive, real fast. For these cases, the best alternatives to Amazon, Microsoft and Google are from former web hosting & co-location companies that now have a “cloud” business. They often have plans and packages that include generous amounts of bandwidth and bill overage at closer to wholesale cost.
Whether cloud or on-premise will provide better network performance depends where your users will mainly access the application – on the local network or over the Internet. If most of the data would normally be transferred over the LAN, it could make sense to deploy the application on-site, or at a nearby datacenter with a direct site-to-site connection.
For an Internet-facing application designed to be used at remote sites or by end customers, the bandwidth & throughput of a cloud provider’s datacenter uplink will far exceed the typical business or corporate Internet connection from your ISP. Also, most telcos do not provide static IP addresses on residential/small business Internet plans to discourage users from hosting their own servers locally. For some clients, we have successfully got around this by using dynamic DNS services such as No-IP or DynDNS, but this requires special configuration that isn’t compatible with all applications.
Using the cloud provides the flexibility to upgrade to a more powerful server (vertical scaling) or add additional servers (horizontal scaling) without the lead time needed to order & provision new hardware in-house. You can respond to the changing usage patterns of your organization in much more “agile” manner by turning up, and turning down cloud resources as needed for each application.
Almost all cloud providers provide a self-service management interface and API for provisioning and terminating instances as required. You can use tools such as snapshotting and floating IPs to migrate data between instances with minimal or no downtime. Don’t get us wrong – moving to the cloud doesn’t mean your sysadmins and DBAs are no longer necessary. For more sophisticated use cases, the cloud empowers your in-house IT team to use configuration management tools to monitor and automate your infrastructure as code.
Unless you have your own datacenter on-site with 24/7 security, fire suppression and redundant power supplies, hosting your applications in the cloud provides higher reliability than the makeshift cluster in your office. By letting the professionals at Amazon (or Microsoft, or Google) manage the hardware for you, you won’t be called in the middle of the night to drive to the office and reboot a server or reset a tripped circuit breaker. The storage arrays at the major cloud providers are redundant with enterprise-grade HDDs or SSDs, making it highly unlikely you will lose your data due to a hardware failure.
Of course, an application is only reliable if it has sound architecture, regardless where you deploy it. Cloud computing services provide many facilities, including multiple regions, availability zones and availability sets, for ensuring high availability of your application even if one of your servers loses its network connection, or goes down for scheduled maintenance.
A perceived reduction of security is one of the major reasons why many organizations are just beginning to move select workloads to the cloud. If properly secured, cloud-based applications can be just as secure, if not more secure than their on-premise counterparts. In fact, most cloud providers provide tools, such as Security Groups, Virtual Private Clouds, and Cloud Firewalls, that encourage you to follow the principle of least privilege when architecting your applications.
Data security is usually looked at from the perspective of encryption in transit, and encryption at rest. You should always use the strongest TLS ciphers available when transmitting data over the open Internet. This makes it virtually impossible for outside attackers to view or tamper with the information as it is transmitted to your cloud server. For the most sensitive applications, you may even choose to tunnel your TLS connection through a VPN connection such as OpenVPN to provide an additional layer of security.
With respect to encryption at rest (such as full disk encryption), it can be implemented when the data is stored in the cloud, but typically requires storing the key within the cloud provider’s key management service (KMS) to automatically decrypt the disks when the server reboots. As long as you protect your cloud account’s root credentials with a strong password and 2 Factor Authentication, your data should be sufficiently protected.
Unless you have a unique threat model that requires you to protect secrets from state-level attackers, you can generally trust the strict internal controls that the major cloud companies have implemented to safeguard customer data, even from their own employees and contractors. As an example of this, Google shreds hard disks that have outlived their useful life from Google Cloud Platform racks.
The Bottom Line
As you can tell from the in-depth comparison above, deploying your application in the cloud has many advantages, and many of the drawbacks can be addressed by carefully accessing which cloud provider you should use to optimize costs, and architecting your applications appropriately to ensure security.
Contact one of our cloud consultants who can help you intelligently deploy popular open source applications including NextCloud, SeaFile, RocketChat, Mautic, Invoice Ninja and much more.