Should you entrust your systems management to the cloud?

Balancing the risks

Remote control for virtualized desktops

Cloud-based security and systems management (CSSM) applications have been going through my lab for testing lately and I find myself seriously weighing their use in production.

Anyone who regularly reads my column knows that I am not exactly the biggest fan of the cloud, but the quality of the CSSM applications I have encountered so far is triggering reconsideration.

The basic reasoning behind using a CSSM is that the on-premises offerings are pretty universally miserable to work with. They are old, creaky beasts with layers upon layers of features and nerd knobs. They are a pig to set up, a pig to maintain and they take crazy amounts of resources.

Worse, the on-premises offerings either flat-out cost too much or the licensing was created by consulting the ghosts of Microsoft licensing specialists past.

Golden oldies

The cloudy stuff is new; as such, it doesn’t have the cruft of the old. Yay for that, but the cloudy offerings also don't have the flexibility of the battered on-premises warhorses. I find myself able to argue on either side of this one.

I have yet to see a CSSM that can match a proper on-premises counterpart, full stop. That said, what good is a CSSM setup, on premises or cloud, if the thing is so convoluted that you never use it?

I will openly admit that while I have set up Microsoft's System Center Configuration Manager several times, I do not use it in production anywhere.

Every time I light it up for a review or prepare a demo for a customer I remember why Past Trevor was so convinced that its developers sup each night on the salty tears of 1,000 broken sysadmins.

I don't have fond things to say about a lot of the other on-premises offerings either. Put a gun to my head and I will admit that I can make the thing go and do what it needs to do, but I'd much rather sign up with a local road construction crew than tangle with that particular piece of software. Around here, they pay about the same.

Count the hours

So if I – someone who at least has the faintest glimmerings of understanding of what this software is trying to achieve – am so frustrated by this stuff, in what rational universe could I expect others to put up with it?

At scale, CSSM applications are amazing tools. You put a few hours of work into a change and hey presto, you can control tens of thousands of systems.

At the SMB end, those several hours spent on configuring, testing and deploying a change could see someone manually make the change on every one of a small company's 100 PCs.

The border between where exactly a full-bore on-premises CSSM setup pays for itself is hazy and company specific. CSSM applications make the financial maths even more difficult to judge.

If a CSSM is easy enough that it actually gets used, even for mundane tasks, then it is probably worth the money spent. If it solves most of your configuration and management needs – but not all – leaving you to do some things manually, is it still worth the money?

What percentage of your configuration needs should it cover before that hulking on-premises behemoth makes sense?

Better than nothing

If you combine it with stuff you already own, such as Active Directory, or alternative deployment technologies, such as Puppet, do you get something that meets all your needs in a simpler and cheaper fashion?

In situations where the competition is nothing at all, I find the CSSM options absolute no-brainers. I can get a client signed up with Intune or GFI Cloud and show them how to use the thing in minutes.

Lots of these people maintain their own systems and just having something – anything – is better than the nothing they have now.

On the other hand, I consult with a lot of mid-sized deployments where tools such as System Center exist – and licences are bought each upgrade cycle – but they simply aren't used. In too many cases it is quicker for the local sysadmins to do it by hand. Here too, I wonder if CSSM apps are the right fit.

Still, I find myself seriously considering a cloudy service. What is more, I find myself considering a cloudy service for which I can probably list quite a few really good tinfoil hat security reasons why I should never consider it.

The value of the service trumps the risks – real and imagined – of it being in the cloud. It begins, dear reader. It begins ®.

Secure remote control for conventional and virtual desktops

More from The Register

next story
NSA SOURCE CODE LEAK: Information slurp tools to appear online
Now you can run your own intelligence agency
Fat fingered geo-block kept Aussies in the dark
NASA launches new climate model at SC14
75 days of supercomputing later ...
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
Cloud unicorns are extinct so DiData cloud mess was YOUR fault
Applications need to be built to handle TITSUP incidents
BOFH: WHERE did this 'fax-enabled' printer UPGRADE come from?
Don't worry about that cable, it's part of the config
Stop the IoT revolution! We need to figure out packet sizes first
Researchers test 802.15.4 and find we know nuh-think! about large scale sensor network ops
SanDisk vows: We'll have a 16TB SSD WHOPPER by 2016
Flash WORM has a serious use for archived photos and videos
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story


Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Business security measures using SSL
Examines the major types of threats to information security that businesses face today and the techniques for mitigating those threats.