The Cloud/Meeting Notes for 2016-07-11

From SOBAC Wiki
Jump to navigation Jump to search

The Cloud

Date
Monday, 11 July 2016 from 7:00pm to 9:00pm
Meetup Event
http://www.meetup.com/NetSquared-Kitchener-Waterloo/events/228739922/
Meeting notes
http://www.meetup.com/NetSquared-Kitchener-Waterloo/messages/boards/thread/49977700
Location
The Working Centre, 58 Queen Street South, Kitchener, Ontario

Every single meeting we mention "The Cloud" but it has never been a formal topic of discussion. What do you trust on the cloud? What do you not trust? Why? How how the cloud made your life easier? How has it made it harder? What criteria do you use when deciding to use cloud services? Are there feasible alternatives to the cloud? What are their plusses and minuses? Are IT admins who don't like the cloud dinosaurs who will be unemployed dinosaurs within a few months or years?


Meeting Notes

Hosting
VPS hosting: servers in the cloud
  • Linode: $20/month (TWC uses this)
  • Digital Ocean
  • Cloud at cost (don't use this for production)

You get a virtual machine in the sky which you have to administrate.


Shared hosting

Somebody else sets a server up and gives people accounts. They typically take care of disaster recovery.

Typically you don't get root. Sometimes you don't get a shell.

Colocation

Put a server in somebody's rack. You pay for the hardware and the hosting.

Computer in your basement (self-hosting)

You take of everything.

Your ISP has to be happy with you.

Server power is expensive.

Pros/cons
  • Be careful what you make public
  • Be careful of hopscotch attacks


Hosted Services
Types of Services
  • Microsoft services (Office 365)
  • Storage (SkyDrive, DropBox, Google Drive)
  • Hosted Exchange, Sharepoint, OneDrive
  • Hosting antivirus
Considerations
  • There have to be ways for people to work offline on planes
    • But even Google Docs can be used offline (via an installer?)
  • When the Internet is down Brendan goes home. Why?
    • Email
    • VoIP phones
    • File shares that are not local
  • Can you do video editing in the cloud?
    • There is an upper limit to the resolution
  • Multiple location and home access is easier
  • Who does the backups?
    • There is versioning for documents in Office 365
  • Sometimes services you depend upon go down. Then what?
    • Can you transfer your services to other providers easily?
    • LibreOffice is going into the cloud as well
    • Mount as a filesystem and use rsync
    • Google provides a way to do sync as well
  • Can sysadmins see the documents of their users when they are on the cloud?
    • What happens when people leave?
    • People use their corporate accounts and access data via their browser
  • Logging into multiple companies can be difficult
  • Do these services all use cookies for sessions?
    • Cookies
    • Session tokens
    • User data storage
    • Persistent TCP sessions?
    • Endlessly refreshing HTTP sessions? WebSockets
Pros/cons
  • Self-hosting is complicated so companies are taking it away (also not as lucrative for the companies)
  • What happens if you are offline?
    • Adobe was offline in 2014 and people were locked out (how does this work?)
    • What happens when your apps are just web frontends?
  • Will all the IT people be unemployed? Not Brendan!
Antivirus?
  • Web browsers check every page to make sure it is not malicious?
  • You could put the management consoles in the cloud
  • You could have clients send everything up to the cloud to be scanned


User Training/Adoptions
  • Do corporations just do this to minimize training costs?
    • You have to train people
    • But what happens when there is a breach?
  • How to we improve training and workplace culture?
    • Go to management?
    • Sheet of instructions that staff don't read
    • Monthly staff meetings
  • What about intentionally baiting users?
    • Report to your users
    • Go to your users individually and educate them?
    • Reduce user rights?
    • Publicize the people who have done bad things
    • Use peer pressure?
  • Passwords
    • Shamir's Secret Sharing System : Multiple people each need to put a password in to unlock things. http://point-at-infinity.org/ssss/
    • Brendan does not allow people to set their own passwords. He gives passwords to people.
    • Is it worth running hashcat or john the ripper on passwords?
  • Why do users keep sending attachments by email?
    • People have inertia for new things
    • It is harder to put files in shared storage than to email attachments
    • Sharepoint puts links to files instead of attaching them (for internal emails) (and so does GroupWise document management)
  • "Permissions" for cloud resources are hard for users to understand
    • Things that are "public" can be public to the world, not just the organization

Future Topic

(Go to NPSA Past Events)

Retrieved from "https://sobac.com/mediawiki/index.php?title=The_Cloud/Meeting_Notes_for_2016-07-11&oldid=2002"