Cloud: Beware of micro services, Docker and Kubernetes

Discovered Windows 2003 or similar servers in your on-premise datacenter?

Read along as the cloud is going to throw more curve balls over the next 10 years.

The cloud was initially about getting servers provisioned really fast. Over time its capabilities improved and we got the ability to wrap each server with fine grain network access control system, courtesy of SDN (Software defined networks, aka: Security groups in AWS terms). Next came "serverless", where you basically abdicated your responsibility to keep stuff up to date, the cloud provider would magically update the OS, language runtime and SDK's that your app uses.

You just reached year 3 of your cloud journey, the spend has grown to over $1Million/month and you sit back and relax. Life is good, you have deployed Kubernetes, folks are building apps as containers and/or micro services.

What can go wrong?

Did you ever stop to ask why you discovered Window 2003 servers or other legacy OS/platforms in your on-premise datacenters? No? Well that will help answer how your cloud program will run into issues over the next decade.

Business process evolve very slowly. Applications that support those processes in turn don't need constant feature update (or "re-hydration" for that matter)

So if your ETL job has been running for over 10 years just fine, why would you want to touch it? Especially the underlying operating system. Stuff is running just fine and you don't have sleepless nights.

Now the cloud is a different beast especially with all the new found tech like micro services and Kubernetes. On those platforms the underlying operating system is changing every few months. The cloud vendors expect you to be "responsible" to ensure that your application continues to work with the new versions of the underlying platform/SDK/run-times.

Did the cloud provider pay you for this? No, hell No!

So if you want to run your workload for a decade or longer, use boring stuff, provision your application on a virtual machine (EC2), surround it with a locked down security group and sleep well at night. You don't need to prove your smartness to someone by trying to use a micro-service or a docker image.

Oh and if you say you need to keep installing security patches on the VM, guess what, you really don't. If you have locked down the machine relatively tightly, the vulnerabilities can't be exploited and patching does not really help besides checking some box in an excel spreadsheet!

PSA: This level of logical thinking will not apply to regulated industries as their auditors are behind the times still auditing using excel checklists.