Moin, to scratch of some more color-scraps of that little remaining pink in the world... if this is your threat model (and, don't get me wrong, I may or may not have recently noted to someone that a 2y-budget sized reserve may be reasonable for some essential association... in case of a full loss of fees for an extended time period... and replied to the "ah, that would never happen" with "well, imagine full scale invasion"... which just triggered a rather somber "oh..."): A big issue with the use of clouds is the loss of capability (read: Mostly _knowledge_ and people _who know how_) to built and maintain. Under your threat model, binding oneself to 'some big clouds with controlling entities all in one jurisdiction' bears similar risks. The example you bring out worked under specific political conditions. Consider instead---purely hypothetical example---a change in a country's foreign policy that motivates policies to restrict access to cloud infrastructure used by another country to 'motivate' said other country to take unfavorable steps in negotiations with an invading neighbor, after that country moved essential infrastructure into clouds controlled by the country experiencing a change in foreign policy. In that situation, it will be essential to have the capability to-- worst case--fill a couple of racks and pull up infrastructure in another location (on potentially extremely short notice). "Moving to the cloud" nibbles on said capabilities. In the 'best' case, cloudification leads to an economic dependence on the cloud provider(s). In the worst case, it opens oneself up for (in severity varying levels of) blackmail by either the jurisdiction the cloud provider is located in, or by the cloud provider itself (we had some arguments about lead in the environment a few decades ago... companies also didn't always play fair then). In the end, the question is which risk-appetite for these things can be found in the membership (that has to provide the funds necessary for the certainly more expensive path to resilience; With people usually being the most expensive part); If we want to have said resilience, we need to pay for it. Otherwise, the NCC will look for ways to cost- optimize (leaving the argument whether the cloud is _actually_ cheaper out of scope). If shit hits the fan, though, and we find us unable to keep infrastructure running... for one reason or another... well, that is then what we chose by loudly calling for the cuts we called for (as a more general we, not me personally). With best regards, Tobias On Sun, 2024-11-10 at 00:39 +0200, Serg Gal wrote:
Hi,
He brings up another one not less important issue.
And therefore I would move services to the clouds. Preferably intercontinental, or with data centers not only in the EU.
This is what saved Ukrainian banks during blackouts and destruction of data centers.
If someone thinks that I am exaggerating and this will never happen, then we also thought so until February 24, 2022.
Just saying.
P.S. Sorry, if too toxic for your pink world.
On 9 Nov 2024, at 00:28, Toni Mueller <ripe@oeko.net> wrote:
Hi,
On Tue, Nov 05, 2024 at 01:15:12PM +0300, sdy@a-n-t.ru wrote:
I would like to understand what RIPE NCC will do if, at the next round of sanctions, access to the cloud or mail servers becomes completely closed from a number of countries, for example Russia. We have already faced the fact that a huge number of Western services have limited access to their resources and as the war with the Russian Federation is lost, the number of blockages is only growing.
I fully agree with Timo, but Dimitry brings up another important issue: Sanctions. Russia is not the only country in the RIPE NCC service area that is being targeted with sanctions, and I can imagine much more problematic scenarios for sanctions, too. In analogy to other sanctions, where eg a German drugstore chain suddenly found themselves without Paypal due to them selling some Cuban cigars, I could imagine the RIPE NCC being pressured to not serve those "unfriendly countries" anymore, or that RIPE NCC members who do have dealings with any "unfriendly country", eg. possibly China in the near future, will be blackmailed, or, if that fails, that RIPE NCC will be blackmailed to cut off those members.
Just saying.
From my point of view, RIPE NCC should operate as autonomous and as much based on Open Source, as possible. I'm not sure about how "the cloud" saves money, and how much, but for all the things that a RIPE NCC guy mentioned below, I am aware of imho low-maintenance Free Software products that could be used, and for fluctuating workloads, one could investigate whether batching might be a solution. There's Open Source software for that as well.
Kind regards, Toni Müller
----- To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/members-discuss.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/
— Serg Galat
----- To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/members-discuss.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/
-- Dr.-Ing. Tobias Fiebig T +31 616 80 98 99 M tobias@fiebig.nl