3CX Cloud Hosting on Google Cloud Platform - What You Need to Know
Cloud, cloud, and more cloud. It's being talking about so often you almost can't avoid it but be careful as sometimes the marketing says one thing and then the reality does not live up to the hype!
Back in October, we started explaining the reasons of why you really should NOT consider this a viable path (at least not today). Today, I will expand a few more thoughts and build upon some things that you don't know until you are "in it".
Costing
It all sounds great when you can fire up a virtual machine or "cloud instance" for what seems like lunch money. However, what you don't get is everything is billable as part of the "nickel and dime" show. That means if you had a busy day or you needed more resources unexpectedly the bill can really catch you by surprise. The other thing you don't consider is bandwidth is not "included". Everything takes "juice" and it isn't just when a call comes through. Phone registrations occur every couple of minutes on every device, presence changes, logging into the the system to make changes, basically any move you make on top of and including the core functions of the system "making and receiving calls" will rack up your bill. I don't know about you but I want to know what my costing is going to be especially when I quote my customer a price and don't want to be under water unexpectedly.
Redundancy
Just because you put something in the cloud does NOT mean it's automatically backed up. That is a common mistake when someone moves to the "cloud." It costs extra to backup your environments and it cost even more to have a "warm spare" or require high availability in other regions within the cloud provider's network. When you actually find out what the costing is for some of these options some people tend to "roll the dice" and hope there isn't going to be a problem but let's not be fooled putting a system in with no backup is like driving without insurance you as ASKING FOR IT!
Security
We just went through the largest DDoS attack in internet history back in October when Linux based devices on the public internet were hijacked and then used to take down some of the largest recognizable names online. Just because you put something in the cloud does NOT mean it's secure. But wait what about all the compliance the cloud provider advertises? Just because the cloud provider says it can be secure does NOT mean the way you are doing it is secure. Would you put devices or systems that are on-prem online without a firewall or would you just put it on the public internet with NO protection? Some would say for Windows systems no but for Linux systems they are "more secure". That is a fallacy and October's DDoS attack proves that Linux systems are just as problematic when it comes to security.
Uptime
Nobody will be up 100% of the time. Google is no different...
https://www.crn.com/news/cloud/300106651/google-cloud-outage-triggered-by-networking-issue.htm
https://www.theregister.co.uk/2017/08/31/google_cloud_load_balancer_brownout/
http://www.businessinsider.com/google-apologizes-for-cloud-outage-2016-4
Terms of Service Don't Allow For It...
You can find the publicly available Google Cloud Terms of Service here: https://cloud.google.com/terms/
In the following paragraph you will notice that Google does NOT permit any service on their platform that would allow an end user to connect to the PSTN (in short make or receive outside phone calls).
"3.3 Restrictions. Customer will not, and will not allow third parties under its control to: (a) copy, modify, create a derivative work of, reverse engineer, decompile, translate, disassemble, or otherwise attempt to extract any or all of the source code of the Services (subject to Section 3.4 below and except to the extent such restriction is expressly prohibited by applicable law); (b) use the Services for High Risk Activities; (c) sublicense, resell, or distribute any or all of the Services separate from any integrated Application; (d) create multiple Applications, Accounts, or Projects to simulate or act as a single Application, Account, or Project (respectively) or otherwise access the Services in a manner intended to avoid incurring Fees; (e) unless otherwise set forth in the Service Specific Terms, use the Services to operate or enable any telecommunications service or in connection with any Application that allows Customer End Users to place calls or to receive calls from any public switched telephone network; or (f) process or store any Customer Data that is subject to the International Traffic in Arms Regulations maintained by the Department of State. Unless otherwise specified in writing by Google, Google does not intend uses of the Services to create obligations under HIPAA, and makes no representations that the Services satisfy HIPAA requirements. If Customer is (or becomes) a Covered Entity or Business Associate, as defined in HIPAA, Customer will not use the Services for any purpose or in any manner involving Protected Health Information (as defined in HIPAA) unless Customer has received prior written consent to such use from Google."
So, let's say you decide to just "DO IT", in this case the Cloud Provider, Google, once discovering that you are using their service for something they do not allow will simply terminate your account.
Account Cancellation Without Forewarning!?
Nobody would consider this a good thing... check out this article.
Summary
- Don't let the marketing fool you!!!
- It's important to understand what the costing will actually be or else the bank account may get hit hard unexpectedly.
- Redundancy is extra and is not automatic!
- Security is not built into the pricing and you MUST take measures to make sure that you have it.
