Tracy Reed wrote: > I have a consulting client who has engaged me to look at their > infrastructure and do some analysis and then make a recommendation on > either: > > 1. Hiring their own full-time sysadmin to re-architect everything and > move it to an in-house virtualized environment. > > or > > 2. Outsourcing the whole works to Rackspace and get out of the > business of owning hardware, paying a colo for a rack, and bringing on > a full-time sysadmin. > > They would consider looking at someone other than Rackspace also but a > friend of the owner talked up Rackspace as a way to solve a lot of > their problems so that is who we are looking at first. > > The company has around 20 servers (a few web servers, a few db > servers, misc. other things, a pretty typical mix) and provides a > web-based service. They also take credit cards to the tune of around > 65,000 transactions per year. PCI compliance is an issue and they want > to aim towards being PCI compliant. Right now they are far from > it. They will need firewalls, separate network segments, a NIDS, > logfile monitoring, the whole works. They also want some shared > storage behind the virtual environment so they can do vm migrations > etc. They currently have two developers who have been doing the > sysadmin work but a lot of necessary work has been deferred and they > do not have much experience in building a scalable/secure system. > > Pros for moving to Rackspace: > > 1. Fully managed so sysadmin is someone else's headache/no need to > hire a full-time sysadmin. > > 2. Potentially lower cost. > > 3. Economies of scale might make things cheaper. > > 4. They claim to have domain experts in all of the applicable fields. > > 5. They claim to have some PCI services which we could leverage. > > 6. No more owning hardware, paying colo, trips to colo, etc. > > Cons against moving to Rackspace: > > 1. Maybe they can't really provide the level of service that is > required or if they can it might be quite extensive. > > 2. Don't have the attention of your own full-time sysadmin. > > 3. If it is really a full-time sysadmin worth of work it will probably > be more expensive to pay for all of that sysadmin time from Rackspace > plus their overhead. > > 4. Once we are migrated over they've got us by the short and curlies > as migrating out is far from trivial. > > 5. No one person with full knowledge of the whole operation who can be > called 24/7. > > 6. If they can't really implement full PCI we are stuck. > > I'm sure there are many others, these are just the things I can think > of off the top of my head. I am about to place a call to > Rackspace and discuss these issues with them and get their take on > it. > > I must approach this with a completely open mind and put aside my own > biases and personal opinions. Whichever way I go I have to be prepared > to make a good case for it. > > I wanted to see if anyone out there has experience in this area and > might be able to help my research by suggesting based on their > experiences whether this is a realistic strategy which might actually > save money/improve reliability or whether it is unreasonable to think > that someone like Rackspace could really provide such an extensive > level of service cheaper/better than a very good in-house sysadmin > might. > > Thoughts? > As John mentioned in an indirect way, you will want your contract to be able to protect your organization. What this means, is if they promise you PCI compliance, get it in writing. Not only that, but have contractual penalties for failing to deliver. If you get audited for non-PCI compliance, how are they responsible for fixing it? Will there be monetary penalties? How much will they be? Will Rackspace even sign such a contract?
You also need to have a firm grip on all of the extras you think they will perform for you in the architecture space, if that's how you go (though I think Brent's advice on this topic is on-point). You need to start estimating how time much time will be spent on each of these tasks. How much on storage architecture, directory (e.g. LDAP) maintenance, capacity planning, network architecture, etc. List out all the things, estimate how much time it will take, and then double or triple it and ask Rackspace how much they will charge for such services. Also get them to list their hourly ratable for contract work and how much time they can donate per week or per month to these things and how much lead time they need in order to devote an engineer. It's a lot of work, but necessary if you want to protect your organization. _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
