Amazon EC2 as web server?

Question

Hi everybody,

I have thought a lot recently about the different hosting types that are available out there. We can get pretty decent latency (average) from an EC2 instance in Europe (we're situated in Sweden) and the cost is pretty good. Obviously, the possibility of scaling up and down instances is amazing for us that's in a really expansive phase right now.

From a logical perspective, I also believe that Amazon probably can provide better availability and stability than most hosting companies on the market. Probably it will also outweigh the need of having a phone number to dial when we wonder anything and force us to google the things by ourselves :)

So, what should we be concerned about if we were about to run our web server on EC2? What are the pro's and cons?

To clarify, we will run a pretty standard LAMP configuration with memcached added probably.

Thanks

Answer 1

The main negative is that you are fully responsible for ALL server administration. Such as : Security patches, Firewall, Backup, server configuration and optimization.

Amazon will not provide you with any OS or higher level support.

If you would be FULLY comfortable running your own hardware then it can be a great cost savings.

Answer 2

So, what should we be concerned about if we were about to run our web server on EC2? What are the pro's and cons?

The pros and cons of EC2 are somewhat dependent on your business. Below is a list of issues that I believe affect large organizations:

• Seperation of duties Your existing company probably has separate networking and server operations teams. With EC2 it may be difficult to separate these concerns. ie. The guy defining your Security Groups (firewall) is probably the same person who can spin up servers.
• Home access to your servers Corporate environments are usually administered on-premise or through a VPN with two-factor authentication. Administrators with access to your EC2 control panel can likely make changes to your environment from home. Note further that your EC2 access keys/accounts may remain available to people who leave or get fired from your company, making home access an even bigger problem...
• Difficulty in validating security Some security controls may inadvertently become weak. Within your premises you can be 99% certain that all servers are behind a firewall that restricts any admin access from outside your premises. When you're in the cloud it's a lot more difficult to ensure such controls are in place for all your systems.
• Appliances and specialized tools do not go in the cloud Specialized tools cannot go into the cloud. This may impact your security posture. For example, you may have some sort of network intrusion detection appliances sitting in front of on-premise servers, and you will not be able to move these into the cloud.
• Legislation and Regulations I am not sure about regulations in your country, but you should be aware of cross-border issues. For example, running European systems on American EC2 soil may open your up to Patriot Act regulations. If you're dealing with credit card numbers or personally identifiable information then you may also have various issues to deal with if infrastructure is outside of your organization.
• Organizational processes Who has access to EC2 and what can they do? Can someone spin up an Extra Large machine and install their own software? (Side note: Our company http://LabSlice.com actually adds policies to stop this from happening). How do you backup and restore data? Will you start replicating processes within your company simply because you've got a separate cloud infrastructure?
• Auditing challenges Any auditing activities that you normally undertake may be complicated if data is in the cloud. A good example is PCI -- Can you actually always prove data is within your control if it's hosted outside of your environment somewhere in the ether?
• Public/private connectivity is a challenge Do you ever need to mix data between your public and private environments? It can become a challenge to send data between these two environments, and to do so securely.
• Monitoring and logging You will likely have central systems monitoring your internal environment and collecting logs from your servers. Will you be able to achieve the monitoring and log collection activities if you run servers off-premise?
• Penetration testing Some companies run periodic penetration testing activities directly on public infrastructure. I may be mistaken, but I think that running pen testing against Amazon infrastructure is against their contract (which make sense, as they would only see public hacking activity against infrastructure they own).

I believe that EC2 is definitely a good idea for small/medium businesses. They are rarely encumbered by the above issues, and usually Amazon can offer better services than an SMB could achieve themselves. For large organizations EC2 can obviously raise some concerns and issues that are not easily dealt with.

Simon @ http://blog.LabSlice.com

Answer 3

I haven't tried Amazon EC2 in production, but I understand the appeal of it. My main issue with EC2 is that while it does provide a great and affordable way to move all the blinking lights in your server room to the cloud, they don't provide you with a higher level architecture to scale your application as demand increases. That is all left to you to figure out on your own.

This is not an issue for more experienced shops that can maintain all the needed infrastructure by themselves, but I think smaller shops are better served by something more along the lines of Microsoft's Azure or Google's AppEngine: Platforms that enforce constraints on your architecture in return for one-click scalability when you need it.

And I think the importance of quality support cannot be underestimated. Look at the BitBucket blog. It seems that for a while there every other post was about the downtime they had and the long hours it took for Amazon to get back to them with a resolution to their issues.

Compare that to Github, which uses the Rackspace cloud hosting service. I don't use Github, but I understand that they also have their share of downtime. Yet it doesn't seem that any of that downtime is attributed to Rackspace's slow customer support.

Answer 4

Two big pluses come to mind:

1) Cost - With Amazon EC2 you only pay for what you use and the prices are hard to beat. Being able to scale up quickly to meet demands and then later scale down and "return" the unneeded capacity is a huge win depending on your needs / use case.

2) Integration with other Amazon web services - this advantage is often overlooked. Having integration with Amazon SimpleDB or Amazon Relational Data Store means that your data can live separate from the computing power that EC2 provides. This is a huge win that sets EC2 apart from others.

Answer 5

The other con no one has mentioned.

Is that with a stock EC2 server, if instance goes down, it "goes away". Any information on the local disk is gone, and gone forever. You have the added responsibility of ensuring that any information you want to survive a server restart is persisted off of the EC2 instance (into S3, RDS, EBS, or some other off server service).

Answer 6

Amazon cloud monitoring service and support is charged extra - the first one is quite useful and you should consider that and the second one too if your app is mission critical.

Answer 7

hello!

i work in a company and we are hosting with amazon ec2, we are running one high cpu instance and two small instances. i won't say amazon ec2 is good or bad but just will give you a list of experiences of time

• reliability: bad. they have a lot of outages. only segments mostly but yeah...

• cost: expensive. its cloud computing and not server hosting! a friend works in a company and they do complex calculations that every day have to be finished at a certain time sharp and the calculation time depends on the amount of data they get... they run some servers themselves and if it gets scarce, they kick in a bunch of ec2's. thats the perfect use case but if you run a server 24/7 anways, you are better of with a dedicated rootserver

• a dedicated root server will give you as well better performance. e.g. disk reads will be faster as it has a local disk!

• traffic is expensive too

• support: good and fast and flexible, thats definately very ok. we had a big launch of a product and had a lot of press stuff going on and there were problems with the reverse dns for email sending. the amazon guys got them set up all ripe conform and nice in not time.

• amazon s3 hosting service is nice too, if you need it

in europe i would suggest going for a german hosting provider, they have very good connectivity as well.

for example here: http://www.hetzner.de/de/hosting/produkte_rootserver/eq4/ http://www.ovh.de/produkte/superplan_mini.xml http://www.server4you.de/root-server/server-details.php?products=0 http://www.hosteurope.de/produkt/Dedicated-Server-Linux-L http://www.klein-edv.de/rootserver.php

i have hosted with all of them and made good experiences. the best was definately hosteurope, but they are a bit more expensive.

i ran a CDN and had like 40 servers for two years there and never experienced ANY outage on ANY of them.

amazon had 3 outages in the last two months on our segments.

Answer 8

One minus that force me to move away from Amazon EC2:

• spamhause.org list whole Amazon EC2 block on the Policy Block List (PBL)

This means that all mail servers using spamhause.org will report "blocked using zen.dnsbl" in your /var/log/mail.info when sending email.
The server I run uses email to register and reset password for users, this does not work any more.

Read more about it at Spamhause: http://www.spamhaus.org/pbl/query/PBL361340

Summary: need to send email? Do not use Amazon EC2.