Real Life Cloud: Moving a Service to a Cloud Provider

Room D - Thu 12:00


Glenn Wearen - HEAnet
Anna Wilson - HEAnet

How do you move a service to the cloud? What problems do you face?

HEAnet recently started moving some of its long standing services from our own infrastructure to cloud providers. It’s a bigger deal than it sounds - we’re really familiar with running our own servers, so we’re really used to having that sort of control. When you embrace elastic and ephemeral infrastructure, a lot of things change.

Elastic is building your infrastructure so that it can stretch and shrink to fit your needs in the moment. Instead of buying the biggest server you could ever possibly need, you split your service across many instances, adding more (and, more importantly, paying for them) only when they’re needed.

Ephemeral is the flip side of that; in order to take advantage of elastic computing, your service needs to be ready for any single part of it to disappear at a moment’s notice.

That’s not usually how we work in NREN's, where reliability is foremost of our concerns.

Those are the direct changes. But there are lots of indirect changes that arise from using cloud infrastructure that aren’t immediately obvious. For example, we usually control our spending on infrastructure by making sure that every purchase order for a server has to be signed off. When buying a server is done by an operator clicking a button — or even worse, an automated script triggering an event — how do we keep track of that? Can we even tell which project is spending what amount?

In 2017, HEAnet is working on moving an Identity Provider service to a cloud provider. We chose it because it requires some compute, some custom networking, good communication between the cloud and the site (with graceful failover when that breaks) and the careful protection of some sensitive data. So it’s a pretty good exemplar for other services that might move.

This is a very practical real life experience in moving a real, production service to the cloud. We’re learning a lot as this project proceeds, and by November we’ll be able to report on our successes, failures, and lessons learned.