WingNews logo WingNews
top | item 18603633

(no title)

keeler | 7 years ago

But nobody's saying to run "other people's terraform or whatever," or that you should be running a sensitive service that you "don't know anything about until you have to." Common sense doesn't go out the window just because we're talking about hosting Vault within your infrastructure.

discuss

order

grogenaut|7 years ago

You would think, but that's exactly what tons of people do. Many people who do not include the cost of running a service in the cost. It's very easy when the install is nice and easy to just say "sweet it's running" and pat hands "it's done". Then you realize you have no idea what's going on when it's totes on fire. At least with hashi products they're open source so you have a chance. And there's enterprise support, but you're still bleeding till you can get them in to help you out and understand what insanity you did with their product.

This is why saas is preferable in a lot of situations. If you're not great at ops and make bad decisions, hopefully the SAAS folks are better at this than you. If you're really good at ops and think a ton about this stuff, then running it yourself makes sense a lot of time. And yes with SAAS now you have lockin and other problems which has their own set of solutions you should make sure you are doing, like layers of abstraction.

Then you get into the self-fulfilling-infrastructure scenario. We're a vault shop, everyone use vault even for stuff that makes no sense to use vault for. Then rinse and repeat.

Or you get into the sunk cost fallacy with your ops team... "what will they do if we replace this with a SAAS", so you keep services around just to not fire people, not because they're the best solution anymore.

Lots of places to make bad decisions.

keeler|7 years ago

Again, I am not recommending that people run a service that they don't know how to operate.