Azure, Fair and Balanced
With our Cloud Storage and Cloud Migration reports we provided some data that presents Microsoft Azure’s storage service in a pretty positive light. So people are often surprised when they ask us what vendor we use behind Nasuni’s enterprise storage services -- the answer is that it’s mostly Amazon S3 today. Like any vendor using a third party component we’d love to have a true second source for that component, but so far we have no vendors that are close enough to be considered a true second source. While Azure may be the closest, there are two specific areas that we need to get past before we’d use them more extensively for our enterprise customers, and neither of them are really covered by the reports we did previously. Those are Billing and Account management.
On the Billing front, Azure’s billing has been ludicrously bad. Not only can you not get your invoices online most of the time (pages/bills are unavailable, random error messages, no estimates for when things will get resolved, etc.), but even if you can get them, the charges on the invoices don’t match the charges they made to your credit card. If you raise the issue to their support team you get a very friendly Azure team member that tries and fails to get the correct information and you and end up in a conversation on how they know its bad and it will be fixed in a couple months. A few months will go by and there are a different set of problems and more billing issues. Nasuni has been working with Microsoft on the Azure billing issues since January of this year and we’ve raised it to the highest levels possible. Their response? They know its an issue and they’re working on it. Amazon, as the world's largest online retailer, has no issues getting its invoices correct. Are their invoices cryptic? Sure, but the numbers are correct and available. It’s really hard to resell something (and i’d say purchase something for use in a business) if you can’t get correct invoices/statements for your accounting department. Until they fix this Azure is a non-starter for us (and perhaps any business) to use despite their technical capabilities.
In the early days of public cloud storage, every end user was meant to have their own account and pay for it with their credit card. As companies like Nasuni came along and started re-selling cloud storage as a component it became increasingly important to have the concept of a master account and subaccounts. Amazon delivered this capability (not perfectly, but workably) in two forms with their “Consolidated Billing” concept and their AWS Identity and Access Management (IAM). “Consolidated Billing” essentially lets you have many Amazon accounts but have one master account pay for them all. That scales pretty well, but you do have to deal with many Amazon accounts (last I checked we had over 900 Amazon accounts we were responsible for). IAM lets you create true sub accounts under one master account if used correctly although its use is a bit cryptic and Amazon’s own product managers suggested for Nasuni’s purposes that we not use it.
With Azure they have the concepts of Subscriptions and Storage Accounts. You get an invoice (if you’re lucky) for each subscription every month. And you can only have so many storage accounts per subscription (the default is 5) so you don’t get to roll up all your sub-accounts under one master account. If you start thinking about 900 accounts and the number of monthly invoices you’d get you’d see how this isn’t workable. If you look at their answer to Amazon’s IAM, they have something called “Shared Access Signature” (SAS) which is really a signed URL meant mostly for the kind of use case of sharing a few documents with outside parties (like Dropbox’s public URLs) and not really designed well for the case of creating sub accounts. While you can hack it into a sub account scheme it’s really the wrong way to do this.
The thing about subaccounts and authentication is that they really should behave like a normal account. The APIs you use to read/write objects in the CSP should not have to be different based on whether you’re a “real” account versus one of these fake accounts. Between the odd required expiration period on the containers when you use this approach and the differences in the API when you use this versus the standard authentication methods it's clear that this approach is not fully thought through yet. While some of their partners are evidently using this it’s not something that makes us comfortable at Nasuni.
There is a lot more to these CSPs than just the feeds and speeds you find in performance reports like the ones we’ve published. There are the relationships, what the CSPs are focused on, how much they want to enable/support reselling of their cloud, if they support your use case or if they’re just focused on large files/media/backup/etc. At Nasuni we’re focused on finding the best CSPs for the enterprise to use for primary storage. Some others are coming along, but for the most part they’re not quite ready to be enterprise primary storage.