FTP as a Service

How can FTP as a Service be so hard to find and so damn expensive when I find it?   All I need is a cloud-based storage solution that support FTP with SSL encryption.   This should be so simple for Microsoft to offer in Azure, but, alas, they don’t.

BrickFTP is a solution that appears, on the surface, to do everything I need it to do.   It’s also inexpensive, which is awesome.   The problem is, unless you go with the highest price offering, all the usernames have to be globally unique within their entire system.   So two clients can’t have a “CSMITH”.

C’mon guys….make it so the usernames only need to be unique within the customer’s individual account.   This shouldn’t be that tough to manage from your end.   In your own database, just use a composite key with the customer account number and name as your “username” within your stuff.   Don’t make your customers do some first-come-first-served thing with them.   Otherwise, the service is awesome.   It’s easy to setup and works.     I don’t want this one limitation to be a show-stopper, but at the moment, I’m afraid is.

Other FTP services are out there, but they are all pretty pricey.   Most of them are billed based upon the number of user accounts, too.   This makes sense, as I think they are seeing themselves as a kind of Dropbox replacement.    This isn’t the model I’m working in, though, as I have just a few accounts that all need managed access to the same set of files.

Argh.  More research or keep doing it myself.


I’ve Drunk the Kool-Aid

OK.   I admit it.   I doubted that enterprises would really move to “the cloud” as much, if not more, than the next systems guy.   No matter how the numbers were run, on-premise server systems were cheaper.   I could buy a SAN, the server blades, and all of the software licenses I needed for less money, in the long term, than running the same number of virtual servers in the cloud.

Last year, I moved over to a position in a team that has always been “cloud first.”   Upon getting there, I was handed a slew of virtual machines to take care of, some cloud-based databases and services, and a very small on-premises production system at a colocation facility.

What has made me actually drink the Kool-Aid?   It’s very simple, actually.  About a month ago, I went to a VMware User Group meeting, and I was sitting in a room of about 200 engineers from around Cincinnati.   The keynote started, and the VMware guy talked for about 45 minutes on backups.    That’s right, backups.    I left that room afterward and went to a quick meeting regarding flash storage systems.    Then I went to the vendor floor and found it full of people pushing SSD, thin clients, and “software defined” stuff.

You know what I realized?   Most of the vendors in there will still be in business in 10 years selling stuff to someone.   However, most of those 200 engineers won’t be working with the stuff those people are selling.  The people worrying about flash storage arrays and all those things are going to all work for the cloud vendors behind the scenes, and only a few of the guys in this particular VMUG will move on to work for them.

For a year, I haven’t had to worry one bit about anything the vendors in the room were selling, and yet I know I use most of that stuff indirectly every day.   I haven’t once had to figure out a way to squeeze more power out of a SAN or expand my infrastructure to handle extra VMs.   I haven’t had to concern myself with zoning a SAN to get storage to a server.   I haven’t had to worry about how to get a VM to a particular VLAN on the network.

What have I been doing?   I’ve been doing all the other stuff a Windows Server guy is supposed to be doing.    Setting up and making sure Active Directory works.   Making sure my backups and security-type things are taken care of.   Maintaining the actual software that rides on the server VMs that I have in place.   Working hard to keep up with other services, like Azure AD domain services and Security Center, as they are released to preview, so I can jump onboard and get some value out of them the day they are made GA.

THAT’S WHAT A SERVER GUY IS SUPPOSED TO BE DOING!   Bringing value to the business by spending time taking care of the software the business runs, and making sure that the data is safe, secure, and available all the time.

If you’re a server guy and haven’t jumped into the cloud, do it.   You need to do so now, because if you wait much longer, you’re going to be looking for work.   The cloud just makes things work.    Back to my first point, is it cheaper to do things in the cloud?   If you’re looking at direct costs, I don’t think it beats on-prem yet.   If you’re looking at all the indirect costs that are hidden in the on-prem systems, though, I think the cloud becomes more favorable.

Azure Security Center

Microsoft now has released to Public Preview the Azure Security Center service, and, man, am I impressed.    I love the potential in the product and am just dreamy-eyed at the products people use every day that this thing can replace.

Consider your most basic server scenario:  what a new company must have to operate.   First thing is probably a place to store files.   You probably need a print server, too (YUCK).   You probably need some way to secure the files and get some permissions on them, so if you’re like most places, you’ll need Active Directory.    You will certainly have Internet access and need antivirus and some software to manage that on your computers.   You probably need some updating software to keep all of the systems up-to-date.

In my most basic scenario, I envision about 5 servers:

  1. 2 for Active Directory for redundancy
  2. 1 for AV management
  3. 1 for Update management (WSUS or the like)
  4. 1 File/Print Server.

This isn’t even including any servers that you may need for software that your company uses.   This is just the basics.  If you’re small enough or don’t have specific requirements for local servers, you can certainly do all of this through services like Google Docs or OneDrive, plus use Windows Update to take care of the rest.   In my world, though, those don’t really cut it.   I have servers that I have to take care of, and those servers have “support server” requirements, even without a single user touching anything.

Here’s where Security Center comes in.   It can now, and has the potential to, basically eliminate the AV and Updating systems.   It also will provide means to get at suggestions for solving security events, provide configuration recommendations for your servers all the time, and even can give you audit trails for things that aren’t so easy to find in Windows alone.

Why is this such a big deal to me?   If you’re on the fence about moving to IaaS, this added service should totally move you to the cloud side.  It’s easy to operate, gives you a load of information, and can eliminate a lot of the worry you have day-to-day.

Now, I know nothing about AWS, but if you’re considering what cloud vendor to go to, you need to look at this solution in Azure.   If Amazon doesn’t have something similar, you might really want to consider going with Azure, particularly if you are going to have a lot of stable, rarely-changing VMs in our cloud.    If you are doing DevOps-type stuff only, you may not even care about this, but most of the IT departments I know still are building servers that need to stick around for a few years without worry.   For them, this is a killer app.

One thing I think is missing is backup monitoring.    Backup isn’t always looked at as part of the security team’s focus, but it sure seems to me like having secure, regular backups of your data is critical to the security of your company.   I would love for some backup monitoring and alerting to be integrated into this solution.    If that was to happen, I don’t know that I’d have to look at any other portal on a daily basis to check on things.   “One Stop Shopping”, as an old boss of mine used to say.