On Nov 6, 4:42 am, Greg <[EMAIL PROTECTED]> wrote:
> > You have to trust the Google admins with your data and code also. At
> > least with EC2 you have direct access and create an encrypted
> > filesystem / etc.  That even the admins wouldn't be able to 'poke
> > around' into.  So I don't buy the security argument...
>
> Having admined a commercial linux cluster, I DO buy the security
> argument. Even with my experience, I wouldn't flatter myself that I
> was anywhere near the expertise of Google's admins.
>
> Just taking one aspect, you should have iptables set up to firewall
> your traffic. Do you know how to drop any SSH connections from the
> same ip address that makes more than three attempts in a minute? If
> not, it'll take you a couple of hours to get your head around that,
> and build it into your EC2 image.
>


Greg -

Thanks for your feedback!

The way it is coming across to me - is GAE is like using a system
where the Google admins have pre-built the 'image' for you.  Under EC2
equally qualified admins can prebuild an image for you.  If another
image is there, you can choose it - or even have your cluster
automatically boot a newer image if one comes out.

> Multiply that by a couple of hundred times - database admin, database
> replication, mail server admin, web server admin, managing DOS attacks
> with routing tables... or you can have Google do the whole lot for you
> - for next to nothing. I'm buying it.

Again I disagree about the 'next to nothing'. In my experience there
are severe limitations to leverage the GAE platform.  In official
statements - Google is saying:
  - must use Python, and possibly another language in a few months
  - your serverside variables can get wiped at random
  - you can use memcache to help with the previous, but it also wipes
at random
  - requests need to process under 100 milliseconds, or the Google
cluster will abort them
  - no way to create your own encrypted filesystem, run your own cron
jobs, your unencrypted data is in some database somewhere
  - no evidence yet the above will change even under a for-pay program

The question is - is this effort worth it to have a Google admin make
a SSH configuration for you?  For very high end application needs,
that need serious clustering/application availability... normally
there are technical enough people to deal with that aspect, so GAE has
to offer more to cater to that crowd.

I would hate to compare credentials - not my style at all - but I am
speaking from a perspective of a fortune-500 application architect.
Most of my clients are running multi-million dollar server
environments, most have their own server rooms.  Purchasing
departments are waiting to jump onto the next greatest, cheapest
thing... and there is a multi-billion dollar market for this, its just
they are going to elect something like EC2 unless GAE gives good
offering in comparison.

(or maybe GAE is intended just for small gadget-type applications...
in that case my assumptions are my own fault)

I was hoping to derive some opinions from this thread... in the case
anyone else might see my perspective - so far its been very
informative!
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Google App Engine" group.
To post to this group, send email to google-appengine@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/google-appengine?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to