Rolling Your Own vs SaaS:
Tradeoffs & Considerations
DevOpsDays Minneapolis 2015
About Me
Colleen Velo
-
Systems Engineer/Cloud Admin: 18+ years
-
Currently work at Bloom Health
-
Contact Info:
cmvelo@gmail.com
@cmvelo
Agenda
-
Classes of software choices
-
Constraints/Considerations
-
Use Cases for different software choices
-
Summary
-
Q & A
About Bloom Health
-
Private health exchange
-
HIPAA-Compliance
-
PHI Data
-
Public cloud-based infrastructure
Q. What is the best approach?
A.
"It Depends..."
Considerations / Constraints
- Cost
- Support
- Internal Resources
- Company Policies
- Security
Types of Software Choices
-
SaaS
-
Commercial (self-hosted)
-
Roll Your Own
-
OpenSource
Bloom Health's Approach
Hybrid Approach
- Using all four classes of software
Bloom Health's Approach
OpenSource
SaaS
Commercial
Roll Your Own
Bloom Health's Approach
Considerations/ Constraints
-
Security
-
HIPAA Compliance:
- "Data must be encrypted in transit and at rest"
- "Principle of least privilege"
-
HIPAA Compliance:
- Costs
- Limited resources
SaaS: Software as a Service
Pros
- Commercial Support
- Minimal maintenance
- Upgrades
- Stability
SaaS: Software as a Service
Cons
- (Ongoing) Costs
- Lack of customization
- "One size fits all"
- Feature roadmap
Use Cases for SaaS
- Utility software
- Business Critical
- OpenSource not allowed
Bloom Health's Approach
SaaS Software
-
* AWS Cloud (IaaS)
- CloudTrail
- Trusted Advisor
- CloudFormation
- ElastiCache
- *RDS
Bloom Health's Approach
SaaS Software
Atlassian Suite
- Ticketing system
- Company Wiki
- Company IM
Bloom Health's Approach
SaaS Software
- DockerHub
- GitHub
- CloudCheckr
Bloom Health's Approach
Saas Software
Monitoring
- Stackdriver
- New Relic
- Pingdom
- PagerDuty
Commercial (self-hosted) Software
Pros
- Commercial Support
- *Minimal maintenance
- Stability
Commercial (self-hosted) Software
Cons
- Initial Cost
- Lack of customization
- "One size fits all"
- Upgrades & maintenance
- Feature roadmap
Bloom Health's Approach
Commercial (self-hosted) Software
Log Aggregation (Splunk)
- Splunk Enterprise Security
- Superior integration
- OSSEC IDS
Bloom Health's Approach
Commercial (self-hosted) Software
- Enforces (security) policies
- Audit Trail
Mac Provisioning (Casper Suite)
Bloom Health's Approach
Commercial (self-hosted) Software
(PHI) Ticketing System (Jira)
- Manual ticket creation
Roll Your Own
Pros
- Customization
- Features roadmap
- Support
- No upfront software costs
Roll Your Own
Cons
- No Commercial Support
- Maintenance
- Stability
- In-depth knowledge
Use Cases for Rolling Your Own
- Specialized needs
- Niche cases
- No OpenSource option
- Costs
Bloom Health's Approach
Roll Your Own Software
- SFTP File Exchange
Bloom Health's Approach
Roll Your Own Software
-
(current) BHStore
- Redis
- publisher/subscriber
-
(upcoming) Consul (Hashicorp)
- multidatacenter support
- key/value pairs
- Dynamic Service Discovery
OpenSource (Hybrid Approach)
Pros
- Community-based support (usually)
- Ability to fork & customize
- No upfront software costs
- *Stability (usually)
OpenSource (Hybrid Approach)
Cons
- Commercial Support (possibly)
- Upgrades/maintenance
Use Cases for OpenSource
- Cost Minimization
- Customization
- No "reinvent the wheel"
- Official vendor not required
Bloom Health's Approach
OpenSource Software
- Testing (Vagrant)
-
(current) Configuration Mgmt
- chef-solo
-
(upcoming) Configuration Mgmt
- SaltStack
- Monitoring (graphite)
Bloom Health's Approach
OpenSource Software
- Vulnerability Scanning (OpenVAS)
- AMI burning (Packer)
Summary - Bloom Health's Approach
OpenSource Software
- Most used choice
- Minimizes costs
- Allows customizations
Summary - Bloom Health's Approach
- Business Critical components
- Minimizes maintenance
SaaS Software
Summary - Bloom Health's Approach
- PHI data
- Need an off the shelf solution
Commercial (self-hosted) Software
Summary - Bloom Health's Approach
- Other solutions not available
- Moved to OpenSource solutions
Roll Your Own
Summary
-
No definitive rule for how to choose
-
Be aware of considerations and constraints
-
"One solution isn't all encompassing":
-
Best route may be hybrid approach
-
-
"What makes sense today may not fit for tomorrow"