Post

Private Cloud vs Self Hosted

Private Cloud vs Self Hosted

When you can’t self host

For those of us who value our privacy and security of our data, self hosting our apps and services is really the only way to go. In almost no other manner can you guarantee that your data isn’t being spied on, metadata isn’t being collected, or network traffic being watched to name some examples. Sure there are ways to combat that like encrypting your data before sending it, but its easier and safer in our little controlled piece of the internet.

“With great power comes great responsibility” - Ben Parker

With complete control of our network, data, and security it also means that we who self host are also 100% responsible for managing the infrastructure, securing it, and making it available to all users. Some of this can be easy with the right tools. At home I use Terraform to maintain my Kubernetes cluster which then all my services run on Kubernetes. My hosts are all easily managed and updated using Ansible. I can spin up and spin down my whole stack in minutes since I have built them with good tools. However even with these good tools that doesn’t mean that my stuff is secure. For example, I have to set a lot of rules on my router and switches to make sure that other devices can’t snoop or see the traffic and vice versa. Even with these amazing tools, it’s not going to matter if my internet goes out. Like most problems, if you throw enough money at it you can probably solve it. I could use multiple ISPs, or have a 5G failover connection. What about if I lose power? I have to buy a generator? Man, things add up quick and suddenly you have to ask yourself, are all these things worth it?

Honestly, unless you’re self hosting something you probably shouldn’t be, the answer most likely is no. Self-hosting usually means your hosting your stuff. Stuff that you and maybe your family and friends use. They’ll understand if things go down for a bit. They can live without Plex or Nextcloud for a day. But for the things that matter, the things like your APIs or your website where you sell your handmade organic tree based writing surfaces, those might cost your money while they’re down. For these, its time to use a cloud service. Someone else needs to deal with failover connections, backup generators, data replication and backups, all the overhead that comes with hosting important apps and services.

WAIT HOLD ON DON’T CLICK AWAY YET

I know, I know, I want to self-host everything too. However, being a good engineer is knowing when to use the right tool. Unless you have a really good reason, you shouldn’t be reinventing the wheel and adding backup generators to your house… I mean…unless you live in an area with hurricanes or something and already have one…

Option A - Private Cloud

SO. If you shouldn’t self host, what are you going to do? Well it depends, if you’re looking at doing things long-term, then I believe it’s best to use a private cloud whether its a Virtual Private Cloud or Virtual Private Server. I wouldn’t go full buy-and-install-your-own-hardware-in-a-datacenter Private Cloud unless you are a larger business and have special needs like regulatory compliance. If you’re already self hosting then the added burdens of managing a virtual private cloud/server should be no problem to you. Doing so gives you the most control you can possibly get without installing hardware in a co-op or something similar. It also allows you to offload some of the management or configuration to the hosting company for when your company takes off and you haven’t hired some additional help yet. Remember that a major reason we’re running a private cloud is because we want as much control over our infrastructure as possible, and we’re most likely going to be paying a price for that compared to a public cloud. According to a study done by VMware running a private cloud usually is less expensive** in the long run** compared to a public cloud. Win-Win.

Option B - Public Cloud

If you are looking at doing something short-term then things can get complicated. It might be worth it to use the public cloud and be defensive about it by using tools to protect your privacy. For networking, technologies like Wireguard or Nebula make it easy to quickly add a public cloud instance to appear on your network so it can be treated as part of your private cloud. For storage, encryption is the name of the game. Almost all public cloud providers offer the ability to encrypt your data at rest. The trick is here to not give the provider the encryption key as well. Why would you give a burglar a key to get into your data? Usually it’s called something like “Customer-managed encryption”. If you HAVE to let the provider manage the keys then there are still options you can do like encrypting your data with a tool like Cryptomator before it lands on their hard drives. This is a lot of work to protect your data and privacy but man, public clouds are literallygivingawayfreeresources just to get you hooked – make it work for you.

Option C - Hybrid Cloud

¿Por que no los dos?

For those of you who don’t speak Spanish, that means “Why not both?”. I know that “Hybrid Cloud” is a huge buzzword but I’m going to spell it out so it’s very clear what I am saying here: Self host + Private Cloud. That’s what I mean. It can get complicated between configuring load balancers and duplicating data across local nodes and cloud nodes but it’s a valid option for making sure that something is always available for your users. If you’re going this route I recommend using an orchestrator of some sort. Like if you are using VMware at home, then setting up HCX and VMware Cloud so that way its very easy to vMotion your stuff over if something happens on either location. Kubernetes can also do this natively. If a node disappears because the power goes out at home, it will try to auto heal and move workloads to new nodes within the rules you have set in your cluster.

Final Thoughts

Like most things in Software Engineering, there are a lot of ways to go about things. A difference between a good engineer and a great engineer is knowing when to use which tools and how to best configure those tools. Just because I haven’t mentioned it here doesn’t mean its not a viable solution. If you find something that works for you, please comment or message me and let me know!

This post is licensed under CC BY 4.0 by the author.