Functional parity isn't all that matters. Reliability, security, performance, ops overhead and cost make a big difference. It's a tradeoff which makes sense for probably 99% of the users.
And yes, Google's SLA is fine with us, considering they will ultimately be far more reliable than we could be with our own team.
> Worth it for what exactly? I'm not sure what tradeoff you're talking about.
Now it's:
> It's a tradeoff which makes sense for probably 99% of the users
Anyway. So lets look at your other points.
> Reliability, security, performance, ops overhead and cost make a big difference.
Right, so your suggested solution is to put a HTTPS terminating CDN in front of Google Load Balancers (which presumably means you then need a different LB config+Cert for each domain you're handling in the SNI CDN?)..
> Reliability
Adding a layer to your stack like this doesn't improve your reliability - it adds a moving part, and moving parts can break.
Right, because a 'all things to all men, using shared resources' is always going to perform better than something you control, and thus configure to your specific needs.
> ops overhead
Yes, you need people to work on infrastructure you control.
Guess what. You still need people to work on infrastructure you don't fucking control. You find a "cloud" provider who will claim that Ops staff are not required, and I'll show you a fucking liar.
> cost
Right, because who cares if it doesn't do what you actually need and isn't really secure at what it does do, it's cheap.
That other comment was talking about sacrificing uptime for something unknown, while I was talking about total cost/effort in building vs buying.
You can put Cloudfront with SNI in front of GCP and all have it point to the same LB.
That's not how reliability works. Every non-trivial app has hundreds of "moving parts". So what if cloudflare had an issue? There are thousands of security issues every day, it's a fact of life. Better to have a well-funded and talented team who takes care of it.
And no, you don't need ops people to manage a cloud load balancer. What is there to do? And yes, cost is (one of many factors) that matter to business and it's still cheaper and better to put both services together (for the few who need SNI). Why do you keep saying it doesn't work?
It seems you have some irrational hatred for cloud and managed services but I'd much rather invest in and trust them than have you run my infrastructure and waste time building some fragile load balancing system instead.
> Functional parity isn't all that matters. Reliability, security, performance, ops overhead and cost make a big difference.
You're arguing that a "cloud" solution must be more secure, and that this is very important, but when I point out that the exact multi-tenant zero-customer-control setup you are championing, led to a massive leak of data that people everywhere assumed was private, your response is:
> So what if cloudflare had an issue? There are thousands of security issues every day, it's a fact of life.
> It seems you have some irrational hatred for cloud and managed services
No. I have a strong dislike of people cargo-culting the fucking shit out of whatever cool kid buzzword they last heard, without a clue what the alternatives are, if they even need it, or what the consequences of their choices are.
> I'd much rather invest in and trust them than have you run my infrastructure and waste time building some fragile load balancing system
I won't lose any sleep over not getting your business. As you have all the answers already, what you're looking for, is called a "yes-man".
That's not how security works either. A single event does not mean something is insecure. As said before, mistakes and security holes happen every day. The totality of the situation is that Cloudflare is still more secure than you because they are better resourced with more people, time, money, connections, hardware and processes. Same with load balancing, which is not a buzzword, and something Google does better than you ever will.
I look for people who understand business trade-offs, how to effectively spend time and money, have a proper understanding of risk, and know when a specialized vendor is a better for non-mainline business functions.
What exactly are you going to do when you find a hole in the load balancing software you use? Or do you write that software yourself too? What about the OS? What about the hardware? What about the datacenter? What about the transit fiber? Do you just build your own internet then? No matter what you do, you're trusting other vendors at some point.
The only possibility is to look at the entire situation and assess the risks and costs - which from this conversation seems to be your biggest problem.
And yes, Google's SLA is fine with us, considering they will ultimately be far more reliable than we could be with our own team.