On Nov 6, 4:42 am, Greg <[EMAIL PROTECTED]> wrote: > > You have to trust the Google admins with your data and code also. At > > least with EC2 you have direct access and create an encrypted > > filesystem / etc. That even the admins wouldn't be able to 'poke > > around' into. So I don't buy the security argument... > > Having admined a commercial linux cluster, I DO buy the security > argument. Even with my experience, I wouldn't flatter myself that I > was anywhere near the expertise of Google's admins. > > Just taking one aspect, you should have iptables set up to firewall > your traffic. Do you know how to drop any SSH connections from the > same ip address that makes more than three attempts in a minute? If > not, it'll take you a couple of hours to get your head around that, > and build it into your EC2 image. >
Greg - Thanks for your feedback! The way it is coming across to me - is GAE is like using a system where the Google admins have pre-built the 'image' for you. Under EC2 equally qualified admins can prebuild an image for you. If another image is there, you can choose it - or even have your cluster automatically boot a newer image if one comes out. > Multiply that by a couple of hundred times - database admin, database > replication, mail server admin, web server admin, managing DOS attacks > with routing tables... or you can have Google do the whole lot for you > - for next to nothing. I'm buying it. Again I disagree about the 'next to nothing'. In my experience there are severe limitations to leverage the GAE platform. In official statements - Google is saying: - must use Python, and possibly another language in a few months - your serverside variables can get wiped at random - you can use memcache to help with the previous, but it also wipes at random - requests need to process under 100 milliseconds, or the Google cluster will abort them - no way to create your own encrypted filesystem, run your own cron jobs, your unencrypted data is in some database somewhere - no evidence yet the above will change even under a for-pay program The question is - is this effort worth it to have a Google admin make a SSH configuration for you? For very high end application needs, that need serious clustering/application availability... normally there are technical enough people to deal with that aspect, so GAE has to offer more to cater to that crowd. I would hate to compare credentials - not my style at all - but I am speaking from a perspective of a fortune-500 application architect. Most of my clients are running multi-million dollar server environments, most have their own server rooms. Purchasing departments are waiting to jump onto the next greatest, cheapest thing... and there is a multi-billion dollar market for this, its just they are going to elect something like EC2 unless GAE gives good offering in comparison. (or maybe GAE is intended just for small gadget-type applications... in that case my assumptions are my own fault) I was hoping to derive some opinions from this thread... in the case anyone else might see my perspective - so far its been very informative! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---