When Written: Feb 2011
Hosting your web site in the Cloud has the benefits of being easily scalable to deal with even peaky traffic, so if you have a marketing promotion one month or you ‘suffer’ from the ‘Digg’ effect and your site url benefits from a viral campaign, instead of the site failing to deal with the extra traffic you just need to go into the Cloud control panel and assign more resources to your web site. Obviously the charges will escalate accordingly so should your site become the subject of a denial of service attack such as was launched at the credit card company web sites in response to them removing facilities from Wikileaks and then you might be line for a big bill.
I raised this point in my last article and have since approached some of the Cloud hosting providers for their comments. Some charge on the basis of the number of requests made to the server, which is perhaps the most difficult to estimate for a developer and the one that is most problematical when it comes to a Denial of Service attack ( DOS). Others charge based on the length of time the service is in use for, whilst others charged a simple monthly rate. With the latter ways of charging an increase in the number of requests to your server will not involve you in any significant increase in charges but your site may stop working when the maximum requests for that particular configuration is reached, much the same as the traditional server in a rack type hosting.
Where Cloud Computing really scores is its ability to scale with your application and Microsoft’s Azure does just this, but it is also here that there is a danger of an escalation in costs during a DOS attack After a considerable wait I did get a reply from Dr Michael Newberry, Windows Azure Lead, Microsoft UK he said “At Microsoft we take pride in our security legacy – from the Trustworthy Computing Initiative, and the Security Development LifeCycle, through to features like Azure Connect (formerly Project Sydney), it remains our focus to provide our customers with an environment which is secure and trustworthy”. Yes you are quite correct, that doesn’t even come close to answering my question. When I pointed this out to them they volunteered the statement ““If we are able to verify that the charges are a result of a DoS attack, Microsoft will make a decision to not charge the customer for resource utilization” so I quite reasonably asked where in their Terms & Conditions or other legally binding document does this statement appear and so far I have had no answer, but promises on one. Watch this space, but please, please, don’t hold your breath!
With Google things are a little different: when you first set up a Google App Engine account you have to specify a maximum daily budget, you can then specify a daily limit up to and including this maximum limit. This will ensure that you are not changed any more that your set limit, but obviously the App Engine will stop serving requests once this limit is met and your web application will stop working. Another one of the big players in Cloud Computing is Amazon and they charge by the hour of use so there is a maximum limit that you will be charged. In the event of a DOS attack the number of requests served will be the maximum that the ‘instance’ level that you have paid for. This is similar to Memset’s (http://www.memset.com ) and some other larger ISPs Cloud charging structure whilst others like 1&1 ( http://www.1and1.co.uk ) simply charge on a monthly basis with unlimited traffic.
Article by: Mark Newton
Published in: Mark Newton