Forgot your password?
typodupeerror
Cloud Businesses Data Storage Microsoft IT

Certificate Expiry Leads to Total Outage For Microsoft Azure Secured Storage 176

Posted by timothy
from the keeping-the-lights-on dept.
rtfa-troll writes "There has been a worldwide (all locations) total outage of storage in Microsoft's Azure cloud. Apparently, 'Microsoft unwittingly let an online security certificate expire Friday, triggering a worldwide outage in an online service that stores data for a wide range of business customers,' according to the San Francisco Chronicle (also Yahoo and the Register). Perhaps too much time has been spent sucking up to storage vendors and not enough looking after the customers? This comes directly after a week-long outage of one of Microsoft's SQL server components in Azure. This is not the first time that we have discussed major outages on Azure and probably won't be the last. It's certainly also not the first time we have discussed Microsoft cloud systems making users' data unavailable."
This discussion has been archived. No new comments can be posted.

Certificate Expiry Leads to Total Outage For Microsoft Azure Secured Storage

Comments Filter:
  • Re:Typical. (Score:5, Interesting)

    by hsmith (818216) on Saturday February 23, 2013 @10:39AM (#42988999)
    It is almost a year ago to the day Azure was down for a day because no one accounted for leap year for validating certificates, lol. AWS seems to have issues too, but they don't seem to revolve around blatant stupidity and result in an entire day of downtime.
  • Re:Somebody (Score:1, Interesting)

    by jhoegl (638955) on Saturday February 23, 2013 @11:06AM (#42989123)
    uh, this was user error.
    Caused by either corporate inadequacies in procedure, documentation, or checks of their systems. Or a corporate system designed to say "this isnt my problem".
    Somehow I feel those worker visas are the issue here. Inexperience causes user errors, users administrate these large cloud systems, cloud configurations are complex and take years to master, yet cloud systems are a service provided by the lowest common denominator.
    Corporate brilliance at its best.
  • by dargaud (518470) <slashdot2@gOOOda ... inus threevowels> on Saturday February 23, 2013 @11:07AM (#42989129) Homepage
    I wonder how long it will be before there's a major failure loop in the cloud, something like the certificate for cloud X is stored in service Y, which actually uses cloud X as its backend. So when certificate for X stops, the whole thing grinds to a halt with no way to restart it (unless backdoors)...
  • Re:Typical. (Score:5, Interesting)

    by Charliemopps (1157495) on Saturday February 23, 2013 @11:38AM (#42989277)

    You'd think that, but there's contract stuff. The thing is, you basically need a department in charge of renewing shit like this when you have enterprise level services. We've got a site with millions of hits daily and still manage to let it expire every couple of years. You try the credit card thing, but credit cards expire. You try recurring billing and then you get into a contractual nightmare with the registrar. The registrar isn't going to do you any favors, you might get millions of hits daily, but they still only get $5/year even from google.com so fuck you, figure out the billing yourself.

    The only real way to do it effectively is build yourself a database of all the crap you need to renew regularly, then hire someone to renew that stuff. But who are you going to hire? It usually ends up being some assistant that doesn't know a damned thing about tech... and it's still going to cost you $60k a year in pay and bennifits to retain them. That's an expensive way of keeping track of such things... ah, the website admins can remember right?

  • by Alioth (221270) <no@spam> on Saturday February 23, 2013 @11:54AM (#42989385) Journal

    Actually, there's a bit more to being "cloudy" than just virtual servers over the internet (indeed, they not even need be over the internet - you can have your own local cloud and many companies have internal clouds). Virtual servers over the internet is merely client/server. For a service to be "cloudy", generally it'll have attributes like HTTP (in other words, RESTful interfaces and each request being treated no different to the first request, in other words, the service doesn't hold state from request to request, just like with HTTP) and distributable. The main benefit of "cloudiness" is because of this you can easy scale up services when demand is high, and scale them back when demand is low. It makes it easier to make a resilient service than the traditional client/server type service where the server side has to keep state. Infrastructures like Amazon's EC2 allow you to scale things up and down easily and economically because you can turn on the "virtual server over the internet" part of it on and off very rapidly, and you only pay for the instances you've instatiated. But just using Amazon's EC2 doesn't automatically make your service "cloudy" if it does not have all the other necessary attributes.

  • Re:Somebody (Score:5, Interesting)

    by Nerdfest (867930) on Saturday February 23, 2013 @12:35PM (#42989635)

    On the other hand, I've worked at places where the worst thing you could do is leave things that the company can't live without *in* the control of the company. Sometimes certain areas of expertise require specializations that the company just doesn't have and isn't interested in acquiring. Of course handing the responsibility of those things off to *Microsoft* is not necessarily any better.

  • by Anonymous Coward on Saturday February 23, 2013 @01:11PM (#42989863)

    Once you deploy to a vendor, you are stuck. From what I've seen, you can't easily move data and code from one vendor to another.

    RHEL is CentOS is RHEL is Amazon Linux wherever you are. A basic of the cloud is that, as you migrate to it you migrate almost everything to Linux.

    One of our clients is in the UK Azure cloud and we have to BCP about 6M rows from their server to our system every week. Takes over 90 minutes, and constantly fails because of losing the connection. We've looked at deploying systems to various clouds, and the costs were not worth it.

    There have been outages in Amazon; almost nothing has ever crossed from one Availability zone to another. Multiple countries have never happened. At the same time there have been many total outages in Azure. Whilst Microsoft regularly loses data; every time a Google system fails totally, it turns out they have a tape backup. These are not "minor issues between very simlar services"; these are the fundamental differences which matter. If you attempt to use a Yugo as a form of armoured transport and then get shot, you shouldn't start saying "all armoured vehicles are terrible". Instead you should go and look for a system which fits your needs.

    I will NEVER put any critical business system in someone else's cloud. At worst, I might put it in someone's data center on *MY* servers. The cloud seems to be fine for small business startups and non-important data for personal use. Businesses who no one would even notice if their site was down for a day.

    You are asking the wrong question I think. It's not "Jakes cloud vs. mine". Instead the question is; what is the distribution; what is the split. Systems all in my own data centre are unlikely to survive if the data centre is flooded. Systems all in the cloud are going to be impossible to reach if the internet fails. A proper engineering decision probably uses some of your own servers backed up with multiple independent Linux based clouds each with a different technology base. E.g. Amazon +Rack space (OpenStack) +a private eucalyptus + a few dedicated servers.

    BTW .. 'Cloud' computing is just remote virtual servers over the Internet. It's really not something new and original. People act like it's some amazing new 'thing'. Well .. it's not. It's just another way of letting companies with limited or no tech skills put up a web site or store data. It's expensive, proprietary, and I doubt very cost effective in the long run.

    This is a total misunderstanding. It is "remote virtual servers over the Internet" which can be created, destroyed or modified in a small number of minutes or seconds using a clearly defined API. That makes it possible to do a whole bunch of interesting things (duplicate your entire Amazon system to Rack Space in five minutes if the whole of Amazon collapses for some reason) which are not possible with older fixed servers. It also makes a whole load of different potential problems (someone who has your master key can delete all your servers in one command).

    In the end cloud computing is just another a tool. Just like a huge circular saw [wkfinetools.com], nothing it does is impossible with a hand saw. You could end up getting cut in half. However, if you need to regularly saw up huge number of trees, you may find you need one.

  • by ejoe_mac (560743) on Saturday February 23, 2013 @01:30PM (#42989999)
    So wrong in so many ways. Any reason you wouldn't purchase a 100 year certificate and just roll with it? Too bad about 1/3 of all Azure disk space is used for endpoint backup. This reminds me of the leap-year calculating bug - Feb 29 2012, you couldn't generate a site because the default is to generate a certificate for 1 year, and well, Feb 29 2013 just doesn't exist. http://blogs.msdn.com/b/windowsazure/archive/2012/03/09/summary-of-windows-azure-service-disruption-on-feb-29th-2012.aspx [msdn.com]

Brain fried -- Core dumped

Working...