Moving Kerberos to the Cloud?
Bill Doster
billdo at umich.edu
Wed Dec 7 18:28:38 EST 2011
On Dec 7, 2011, at 18:00 , Nico Williams wrote:
> On Wed, Dec 7, 2011 at 4:28 PM, Bill Doster <billdo at umich.edu> wrote:
>> The higher ups presumably asked because they believe that there are potentially some gains to be made by doing so.
>>
>> Rather than leaving those gains unstated, it would probably be worthwhile to find out what … savings … they are looking/hoping for.
>>
>> Any (computing) service requires several legs to "stand up": hardware (purchase, operation, maintenance), software (purchase, updates, "tailoring"), __SUPPORT__ (call-in and mail-in support centers, education, documentation, …)
>>
>> Which of these legs are being envisioned as moving to <the Cloud>?
>>
>> Unless you can move the support leg, I suspect the savings realized will actually be a pretty small percentage of total costs.
>
> Even if the savings overwhelm the costs, you still need to look at
> risk, and thus the security attributes of the cloud in question. With
> risk in the picture I suspect no one would move a KDC to a cloud.
I would hope that all of the technical readers of this list would agree with you there, Nico.
I was trying to put myself in higher-up shoes for a moment and ask myself what would then motivate me to ask such a (unknowingly risky) question.
Cost savings came to mind. So, showing minimal cost savings would likely put the question to bed.
That's much easier for everyone than actually attempting to concisely convey why such a move is _INHERENTLY_ risky.
(Sure, I wish they already knew this. But just like I don't need to know how to make my own antibiotics when I ask a doctor to cure my woes, I also shouldn't expect that people outside my area-of-expertise understand what I do; if I can offer an answer that easily makes sense to them _without_ relying on technical jargon, then so much the better).
More information about the Kerberos
mailing list