Rolling Your Own vs SaaS:

Tradeoffs & Considerations

DevOpsDays Minneapolis 2015

About Me

Colleen Velo

Systems Engineer/Cloud Admin: 18+ years
Currently work at Bloom Health

Contact Info:

cmvelo@gmail.com

@cmvelo

Agenda

Classes of software choices
Constraints/Considerations
Use Cases for different software choices
Summary
Q & A

About Bloom Health

Private health exchange
HIPAA-Compliance
PHI Data
Public cloud-based infrastructure

Q. What is the best approach?

A.

"It Depends..."

Considerations / Constraints

Cost
Support
Internal Resources
Company Policies
Security

Types of Software Choices

SaaS
Commercial (self-hosted)
Roll Your Own
OpenSource

Bloom Health's Approach

Hybrid Approach

Using all four classes of software

Bloom Health's Approach

OpenSource

SaaS

Commercial

Roll Your Own

Bloom Health's Approach

Considerations/ Constraints

Security
- HIPAA Compliance:
  - "Data must be encrypted in transit and at rest"
  - "Principle of least privilege"
Costs
Limited resources

SaaS: Software as a Service

Pros

Commercial Support
Minimal maintenance
Upgrades
Stability

SaaS: Software as a Service

Cons

(Ongoing) Costs
Lack of customization
"One size fits all"
Feature roadmap

Use Cases for SaaS

Utility software
Business Critical
OpenSource not allowed

Bloom Health's Approach

SaaS Software

* AWS Cloud (IaaS)
- CloudTrail
- Trusted Advisor
- CloudFormation
- ElastiCache
- *RDS

Bloom Health's Approach

SaaS Software

Atlassian Suite

Ticketing system

Company Wiki

Company IM

Bloom Health's Approach

SaaS Software

DockerHub
GitHub
CloudCheckr

Bloom Health's Approach

Saas Software

Monitoring

Stackdriver
New Relic
Pingdom
PagerDuty

Commercial (self-hosted) Software

Pros

Commercial Support
*Minimal maintenance
Stability

Commercial (self-hosted) Software

Cons

Initial Cost
Lack of customization
"One size fits all"
Upgrades & maintenance
Feature roadmap

Bloom Health's Approach

Commercial (self-hosted) Software

Log Aggregation (Splunk)

Splunk Enterprise Security
Superior integration
OSSEC IDS

Bloom Health's Approach

Commercial (self-hosted) Software

Enforces (security) policies
Audit Trail

Mac Provisioning (Casper Suite)

Bloom Health's Approach

Commercial (self-hosted) Software

(PHI) Ticketing System (Jira)

Manual ticket creation

Roll Your Own

Pros

Customization
Features roadmap
Support
No upfront software costs

Roll Your Own

Cons

No Commercial Support
Maintenance
Stability
In-depth knowledge

Use Cases for Rolling Your Own

Specialized needs
Niche cases
No OpenSource option
Costs

Bloom Health's Approach

Roll Your Own Software

SFTP File Exchange

Bloom Health's Approach

Roll Your Own Software

(current) BHStore
- Redis
- publisher/subscriber
(upcoming) Consul (Hashicorp)
- multidatacenter support
- key/value pairs

Dynamic Service Discovery

OpenSource (Hybrid Approach)

Pros

Community-based support (usually)
Ability to fork & customize
No upfront software costs
*Stability (usually)

OpenSource (Hybrid Approach)

Cons

Commercial Support (possibly)
Upgrades/maintenance

Use Cases for OpenSource

Cost Minimization
Customization
No "reinvent the wheel"
Official vendor not required

Bloom Health's Approach

OpenSource Software

Testing (Vagrant)
(current) Configuration Mgmt
- chef-solo
(upcoming) Configuration Mgmt
- SaltStack
Monitoring (graphite)

Bloom Health's Approach

OpenSource Software

Vulnerability Scanning (OpenVAS)
AMI burning (Packer)

Summary - Bloom Health's Approach

OpenSource Software

Most used choice
Minimizes costs
Allows customizations

Summary - Bloom Health's Approach

Business Critical components
Minimizes maintenance

SaaS Software

Summary - Bloom Health's Approach

PHI data
Need an off the shelf solution

Commercial (self-hosted) Software

Summary - Bloom Health's Approach

Other solutions not available
Moved to OpenSource solutions

Roll Your Own

Summary

No definitive rule for how to choose
Be aware of considerations and constraints
"One solution isn't all encompassing":
- Best route may be hybrid approach
"What makes sense today may not fit for tomorrow"

Rolling Your Own vs SaaS:

Tradeoffs & Considerations

DevOpsDays Minneapolis 2015

About Me

Colleen Velo

Systems Engineer/Cloud Admin: 18+ years

Currently work at Bloom Health

Contact Info:

cmvelo@gmail.com

@cmvelo

Agenda

About Bloom Health

Q. What is the best approach?

A.

Considerations / Constraints

Types of Software Choices

Bloom Health's Approach

Bloom Health's Approach

Bloom Health's Approach

SaaS: Software as a Service

SaaS: Software as a Service

Use Cases for SaaS

Bloom Health's Approach

Bloom Health's Approach

Bloom Health's Approach

Bloom Health's Approach

Commercial (self-hosted) Software

Commercial (self-hosted) Software

Bloom Health's Approach

Bloom Health's Approach

Bloom Health's Approach

Roll Your Own

Roll Your Own

Use Cases for Rolling Your Own

Bloom Health's Approach

Bloom Health's Approach

OpenSource (Hybrid Approach)

OpenSource (Hybrid Approach)

Use Cases for OpenSource

Bloom Health's Approach

Bloom Health's Approach

Summary - Bloom Health's Approach

Summary - Bloom Health's Approach

Summary - Bloom Health's Approach

Summary - Bloom Health's Approach

Summary

Q & A

cmvelo@gmail.com

https://twitter.com/cmvelo