BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
CAMBRIDGE, Mass. -- While Amazon Web Services users thrive on the cloud giant's infrastructure, they still encounter challenges they'd like Amazon to resolve.
Networking and security cloud challenges topped the list for most of the five panelists at an Amazon Web Services (AWS) meet up group this week, all of whom have at least 1,000 instances running on AWS.
They have these things called security groups and it turns out they're really quite crappy.
senior architect, Acquia Inc.
"They have these things called security groups and it turns out they're really quite crappy," said Barry Jaspan, senior architect for Acquia Inc., an open source software company providing support for Drupal based in Woburn, Mass.
If a user changes anything about a security group, including moving a new instance into it, there's a transition period where all the security group rules will come and go, Jaspan said, including machines that aren't the ones being deployed.
"So two machines that are up and running, for example, lose connectivity to each other, on a scale of about a minute or so," Jaspan said.
Another customer said his frustrations revolve around the complexities of ensuring security group rules are correct among separate data centers.
"If you failover to a different link, that changes your security group rules, and if you haven't done it correctly, it's just another thing to manage," said Craig Tracey, DevOps lead for marketing software startup HubSpot Inc. in Cambridge, Mass.
Amazon's VPC, EBS far from perfect
Other panelists said Amazon's Virtual Private Clouds (VPC) and Elastic Block Store (EBS) can prove challenging, as well.
"They're forcing everyone to move over to virtual private cloud, and that's where you manage your own network, you manage your own internal/external IP address space, all of that … when the whole reason I'm in AWS is I don't want to touch the network," said Joey Imbasciano, cloud platform engineer for Stackdriver Inc., based in Boston.
Needham, Mass.-based Extreme Reach Inc., which has a petabyte of data stored on Amazon's Simple Storage Service (S3) and EBS, has bumped up against a 20-TB EBS volume limitation, according to Mark Annati, vice president of IT for the marketing firm, and who wants that limitation lifted.
Annati said he also had his own bone to pick with AWS on the network front: For customers with strict firewall rules, Extreme Reach has to supply originating IP net blocks from an S3 storage location so traffic from those locations is allowed through firewalls.
"It's quite a challenge to get that information out of Amazon," Annati said.
Amazon users yearn for openness
Another cloud challenge is that virtually any information about how systems work is difficult to get from AWS, panelists said.
Amazon could be loath to give out details about its systems because then customers might build their infrastructure based on assumptions they shouldn't make. Then, when AWS changes its back end, the customer could be harmed.
For more on AWS
To learn about the "do-it-yourself" nature of AWS customers, click here.
"Except that by not telling us how the system works, we can't work around the problems," said Acquia's Jaspan.
Jaspan's team spent a long time trying to get AWS to explain security group rules and why machines were losing connectivity to each other.
"And it's not just that. How EBS works, what happens when you launch a machine and how the status goes from pending, to running, to terminated, to running again. What does that mean? They don't want to tell us," Jaspan said.
"The biggest thing we asked them for is not technical; it's cultural," he added. "Amazon has a culture of secrecy."
Amazon declined to comment.