rafaelturk
4 days ago
Kudos! We’ve successfully migrated away from the cloud, and it was an epic decision. It’s cheaper, insanely faster, easier to maintain, and unexpectedly more secure. I strongly recommend any startup or corporation to explore how modern frameworks like K8S, Ansible, Proxmox, and OpenStack—whichever suits your needs—can be incredibly easier to manage on-premises.
christophilus
4 days ago
> unexpectedly more secure
How so?
rafaelturk
4 days ago
* Fewer things to manage.
* Less prone to human error. We have one well-secured, central firewall that only a few developers can access. So, even if a developer forgets to properly secure something downstream, it will still be protected by the firewall. One could argue that this is possible in the cloud, but managing VPCs, etc., introduces risks. There’s always the possibility of something critical being left outside the VPC. On-prem, there’s no way something can physically escape our ethernet cables.
* IAM and bucket management issues. Anything in the cloud is inherently exposed to the Internet and, in most cases, open by default. You need to manage countless IAM configurations.
* Physical inspection. We can actually look at our setup, and if necessary, visually inspect if a server is physically encrypted.
* Simplicity and transparency. Things are simpler and more straightforward: Storage is storage, a disk is a disk, and ethernet is ethernet. Canot stress how beatufill this is, even with 100 servers it easy to manage them than in the cloud.
* Modern open-source software. Modern open-source solutions have incorporated many smart features from the cloud, making on-premise setups more powerful and easier to manage.
31337Logic
4 days ago
Well your private data isn't hosted in a public cloud, for starters.
tronical
4 days ago
What’s the difference between having your data in an AWS data center versus having it in Hetzner’s data center from the point of view of “private data in cloud”?
(Good move IMO nevertheless)
Brian_K_White
4 days ago
Your own hardware in a data center is specced, procured, installed, managed, and operated by you, which is more secure and more provable than letting anyone else do all that.
But they said on prem. Hetzner or any other data center is not on prem.
Ah.. TFA is on a Hetzner vps. Well it's 2 different conversations anyway. TFA doesn't say they did it for security but for efficiency.
AndyKelley
3 days ago
it's a dedicated machine fwiw