Re: GAE vs Self-Hosted Opinions

[Nathan <lagern@lafayette.edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is a tough one, because business folks see all the magical
"savings" that they could get from Google, and don't have a clue
what's going on under the covers.  It also sounds attractive because
of the supposed ease of management and cost savings in man hours.

I had a guy at Puppet Camp tell me that he saved his institution
something like $14K a year by moving from zimbra to gmail.  That
sounds really attractive to the guy keeping track of the books.

He also told me that they were no longer able to offer email restores
for people who accidentally deleted their inbox, or whatever.  Which
in my environment is a relatively common problem.

I'm a do it yourself sort of guy, so I have obvious bias towards
hosting our own services, I do not like handing my control over to a
faceless entity.  So i find myself constantly looking for reason to
keep our services local.  The topic of gmail vs. Zimbra has come up in
the past, there are a few people here that really think its where we
should be going, and (thankfully) many more that think out mail
belongs right in our datacenter like it is today.  My point is, i need
to be on-guard, as the topic comes up from time to time.


The question you have to answer is, how important is it to your
institution, that your private data remain private, and your ultimate
control remain with someone on your payroll.

Today, if we get blacklisted, I work to identify the cause, and work
with the various entities to get us de-listed.  Does google put the
same effort in?  Are you ready for some VIP to come breathing down
your neck and the only answer you have is "I'm waiting on google to do
it"?  Enough of those, and you'll have them wondering why they pay you.

The same goes for email restores, or file services, or whatever
service you're thinking of moving to google (or any other cloud
provider).

And then there's privacy.  We have a data stewardship policy that
forbids the use of cloud storage for sensitive data.  We do this
because when it comes to things like, personal information, payroll
data, sensitive data, we cannot guarantee the safety of said data when
it's in the cloud.  You don't know where it is, even what country it's
stored in.  You cannot vouch for the physical security of the
datacenter is lives in.  If it's in our datacenter, we have only
ourselves to blame if it's exfiltrated.  Which adds to our burden,
yes, but at least I can do things like, sit down with our network
engineers to discuss security, or implement my own measures on our
systems.  Not so with Google.

I hope I havent gotten too long winded.  I'm a little passionate about
keeping your data in-house.  I may be mis-guided, but it's worked out
pretty well for me in the past.  I'm actually interested to see what
others respond with.


On 10/03/2014 10:15 AM, Matt Mencel wrote:
> I figure this is a good place to ask since I assume that most here
> are still self-hosting their Zimbra platforms.  There is an
> initiative coming down here at my school, and I'm sure at other
> schools too, to consider moving email to Google Apps for Education
> (GAE).
> 
> Now GAE is more than just email of course.  People see all the
> other Google goodies (especially unlimited Drive storage) that come
> with it and think it's awesome and will solve all that they think
> is wrong with our current email and storage offerings we provide
> locally.  I don't necessarily disagree in theory.  Google has some
> great tools and integrations, and from a sysadmins perspective
> there is something to be said for having somebody else worry about
> system uptime, storage, backups, and all that.
> 
> But....you're losing some stuff too...unless I'm understanding it 
> incorrectly.  The biggest issue for me is loss of local control of
> the data and the ability to do stuff with that data.  There will be
> loss of some features like the ability to go in and pull messages
> from accounts when someone accidentally sends FERPA data to the
> wrong account....or pull spam messages from accounts.  The ability
> to "View Mail" from the admin UI when troubleshooting account
> problems.  I'm sure there are more features I would miss.
> 
> There are occasional stories of sites (a school in Chicago if I 
> remember) that got blacklisted by some antispam site and then could
> no longer email any address out in the Google cloud for several
> days.  And they couldn't get a support person at Google to help
> them out.
> 
> Anyway....I will eventually be asked to provide a list of pros and
> cons from a sysadmin perspective.  If anyone has any direct
> experience with GAE, or has gone through this process, or has
> outright rejected going "to the cloud", I'd be interested in your
> thoughts and opinions.
> 
> Thanks, Matt Mencel Western Illinois University

- -- 
- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Nathan Lager, RHCSA, RHCE, RHCVA (#110-011-426)
System Administrator
11 Pardee Hall
Lafayette College, Easton, PA 18042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlQut/oACgkQsZqG4IN3sunN5ACfRaRvMRcvklsgwXF0pRv4yqNC
SzoAn31TTiw/gr/d7G9dT4HyQL3MZuTX
=zbJb
-----END PGP SIGNATURE-----