Hi Gert, Giuliano, all,

Many thanks for your input. This is an important topic and we appreciate the community's feedback.

I would like to clarify a couple of points:

1. The RIPE NCC will remain in full control of both our data and services. For RPKI, the HSMs, publication server, certificates and keys will remain on-premise.

What we are planning to deploy to AWS are the repositories, which will subscribe to the publication server and fetch any updates. In the event of a catastrophic failure, the RIPE NCC will failover to another infrastructure (secondary cloud provider or on-premises).

2. Under no circumstances will the membership or anyone in the community be expected to contact AWS or any other cloud provider in the event of unavailability. The RIPE NCC will remain solely responsible for our services and the central point of contact (including our existing 24/7 support). We will troubleshoot and fix any problems ourselves.

Finally, I have to acknowledge that the remaining issues with the ticketing system have been in our roadmap for longer than I would like. I am working with our engineering team to see how we can prioritise these improvements and hope have them delivered soon. My sincere apologies for the delay here.

Kind regards,
Felipe

On 12 May 2021, at 09:35, Giuliano C. Peritore - Panservice <registry@panservice.it> wrote:

Hi,

as a LIR I do *totally* agree with Gert's position to not "give away
control on critical services".  RIPE is in the position to guarantee a
service with a relevant uptime, like it did for tens of years, and should
think to "outsourced resources" just as backup in case of unavailability
of internal resources.

Regards,
Giuliano Peritore

--
  Giuliano Peritore - g.peritore@panservice.it
  Direzione Generale - Panservice (AS20912)
  Servizi professionali per Internet ed il Networking
  Telefono: +39 0773 410020 - Fax +39 0773 470219
  Numero verde: 800 901492 - http://www.panservice.it

----- Messaggio originale -----
Da: "Gert Doering" <gert@space.net>
A: "Alun Davies" <adavies@ripe.net>
Cc: ncc-services-wg@ripe.net
Inviato: Mercoledì, 12 maggio 2021 9:19:11
Oggetto: Re: [ncc-services-wg] New on RIPE Labs: RPKI Repositories and the RIPE Database in the Cloud

Hi,

On Mon, May 10, 2021 at 01:40:07PM +0200, Alun Davies wrote:
> The mission critical services the RIPE NCC provides to the Internet
> community require a solid technical foundation. In this new article
> on RIPE Labs, Felipe Silveira looks at plans to use cloud infrastructure
> as a means to that end. The full article is available here:

As a member, I do not want the RIPE NCC to spend our money on "give away
control on critical services".

Use of cloud services (or any other "outsourced infrastructure") is something
I consider acceptable as a *backup* in case of something catastrophic
happening to the RIPE NCC operated machines, to restore services to members
and community quicker.

Using cloud services generally implies

 - loss of control
    --> so the NCC *must* be primary authority on all data, and the cloud
    can only be a cache

 - loss of contact and responsibility
    --> if a NCC provided service does not work, I do not want to talk to
    a cloud provider hotline, or hear from the NCC "well, there is nothing
    we can do, something in the cloud is broken"


All this cloudstuff is really great if you need "elastic services" (like,
when the big run on the last IPv4 space starts, scale up the LIR portal
to 200 instances - oh, wait, this opportunity got missed), or "low latency
for high bandwidth content delivery" (so, yeah, ... no?).

But for the services the NCC provides, "cloud" sounds like "yeah, someone
else to blaim if it explodes", and this is not why we give the NCC money.


(And no, there is not much trust from my side, since the ticket system is
*still* a major annoyance in our day to day dealing with the NCC - despite
promises, two years ago, to make this more usable)

Gert Doering
        -- voting LIR contact
--
have you enabled IPv6 on something today...?

SpaceNet AG                      Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14        Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen                 HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444         USt-IdNr.: DE813185279