> The possibility that someone flood the server even for static resources causing bandwidth spiked Bill is scary.
Genuinely curious, is this just a side-effect of the cloud craze or did DDoS attacks become so powerful that old-school approaches of appropriately-sized bare-metal infrastructure with finite but unmetered bandwidth are no longer viable?
The way I see it, you can provision enough unmetered bandwidth to cover your typical load + a safety margin at a flat rate per month, and worst case scenario if the attack is big enough you merely get downtime (allowing you to re-evaluate the situation and decide whether to throw more bandwidth at the problem or purchase attack mitigation services) instead of an infinite bill?
My current ISP gives me 1Gbps unmetered. Worst case scenario the connection is saturated but at no point the ISP will come to me and ask for extra money.
You could still run many systems just fine on private infrastructure with at most a business-class Internet connection to your office or a colo bill for putting your servers somewhere more central. This didn't magically stop working just because someone got paid a lot of money to do PR for cloud services. By the time you take into account the financial costs and inherent risks of cloud hosting, maybe more things should still run that way than actually do.
The practical problem today is that cloud now has so much mindshare, justified or otherwise, that the ecosystem around private hosting is diminished. Finding good people with the required admin skills, good sources of equipment, even good software to run local versions of automation we take for granted in the cloud, can be harder than it used to be.
I won't be surprised if in a few years some huge tech firm we all thought had faded into obscurity enjoys a new lease of life by offering a set of locally hosted equivalents to popular cloud services that are also easy to administer and scale but come with a lot more predictability because they run on the customer's own infrastructure.
We still use bare-metal at Automattic. All our global-scale admin stuff is open source... it shouldn't be surprising that bash scripts aren't all that interesting. People want it written in Go, with Raft-consensus to think for us humans, running on blockchain.
One big problem with that is the dichotomy between "cloud" and "open source" - people will pay for SaaS but they absolutely balk at paying for licenses.
In this hypothetical scenario the real money might be in consultancy. "Sure, we can get your organisation set up with OpenNotAWSBecauseTrademarks. Our rates are $20K/consultant/week and we expect to bring a team of 5 for a fortnight." It just has to be a comparable cost and financial structure to how a large organisation trying to escape from cloud lock-in would have otherwise expected to engage their cloud architecture consultants or cloud security red team or other cloud specialists and then you're in the game.
Technology is a good business because a small labor input can scale to a very large impact. I'm sure there is a place for consultancy but I don't see it winning against "scale" in the long term.
Licenses are a major PITA when you want to be spinning machines up and down all the time. Some enterprise vendors have pay as you go solutions, but many don’t.
I get the impression that some enterprise vendors don’t offer pay as you go solutions because it would put their sales staff out of work, and because they wouldn’t be able to use a “how much can you afford?” pricing model.
Genuinely curious, is this just a side-effect of the cloud craze or did DDoS attacks become so powerful that old-school approaches of appropriately-sized bare-metal infrastructure with finite but unmetered bandwidth are no longer viable?
The way I see it, you can provision enough unmetered bandwidth to cover your typical load + a safety margin at a flat rate per month, and worst case scenario if the attack is big enough you merely get downtime (allowing you to re-evaluate the situation and decide whether to throw more bandwidth at the problem or purchase attack mitigation services) instead of an infinite bill?
My current ISP gives me 1Gbps unmetered. Worst case scenario the connection is saturated but at no point the ISP will come to me and ask for extra money.