[nickpsecurity]

Maybe if you hire them from Silicon Valley. There's plenty of skilled people in areas with low cost of living that can handle the job without 10x the pay of whoever. There should be at least one such person on the team anyway if the business is a web application. Plus, aren't there alternatives to services like Heroku these days that come as appliances or VM's with simple deployment? I'm seriously asking because I don't work on that stuff but swore such products pop up all the time.

[axelfontaine]

For JVM apps Boxfuse (https://boxfuse.com) gives you dead-easy deployment to plain AWS by generating minimal VM images that run unchanged both locally on VirtualBox and in the cloud. It follows the principles of immutable infrastructure (machines are disposable and never modified) and all updates are performed as zero-downtime blue/green deployments.

[nickpsecurity]

Now that is a bit closer to what I'm talking about. I appreciate the tip about this service as I know some Java people that might like it. You might find it interesting that these Java VM services are actually similar to what safety-critical, embedded industry has been doing for a while:

http://www.aonix.com/pdf/PercDatasheet.pdf

They run POSIX and safety-critical apps side-by-side on a microkernel (eg QNX, INTEGRITY) w/ latter usually on a built-for-purpose runtime like PERC. They also would combine app, dependencies, and runtime into one image that could go into a ROM. Services like Boxfuse are doing it for cloud but the model goes back over a decade with proven benefit. Goes back further in security kernels (eg Aesec's GEMSOS or BAE's XTS-400) where they did same thing for preventing sensitive components from leaking to ported POSIX/Linux apps. So, it goes back almost three decades now. That's how long it takes industry to learn apparently. ;)

EDIT: Wait, you're the founder rather than just a user. You might have heard of some of this advanced, clever Java stuff already then. Haha.

[_bpo]

Their total costs between Heroku and Redis infrastructure are less than $3000. I don't think you'd be able to hire a devops engineer for less than $30k, anywhere.

It's surprising to me that people think they're spending a lot on infrastructure when they spend $800 on fonts, etc. When you drop the payment processor charges (which are per transaction) they're at $7k to run a site with a lot of functionality for a year. Seems pretty reasonable.

[nickpsecurity]

You don't get an engineer in my model: you usually share one with others. Someone who throws together this stuff all the time usually has premade images, scripts, checklists, etc that make it very efficient. You become one of their many customers. This might be a person or a firm. It's just one that focuses on great cost-benefit as differentiator.

So, one $30-50k engineer gets split 5-10 ways on infrastructure. Most maintenance is automated with setup and occasionally fixing something using up most time. You usually negotiate 1 day to a week of dedicated time out of the month w/ split being flexible.

Heroku and Redis might still come out a better deal. It's just not going to be nearly as different as people think because one doesn't have to load-up on IT people to deploy or maintain common configurations. All kinds of consultants and smaller fish that will do it way cheaper [than you mentioned] with cost spread across multiple, small businesses.

[mbesto]

This doesn't take into account the following transactions:

- The time and money it takes to find said $30-50k engineer

- The risk (and therefore potential cost) if the engineer doesn't do the job correctly

- The unknown cost of "occasionally fixing" could be $50 or $50,000. Given how nebolus the DevOps position is, you also can't be sure the stuff this individual is doing is considered best practice.

- There is overhead time spent on managing such a resource (teleconferencing, IM's, etc)

- There is potential that the resource is unavailable and therefore a potential downtime that could cause your business loss

There's a reason Heroku exists and has been successful, and these are just a few of them.

[nickpsecurity]

The alternative doesn't take into account:

- The time and money it takes to find and evaluate providers like Heroku

- The risk (and therefore potential cost) if the SaaS solution doesn't handle your needs as advertised

- Unknown costs that crop up both in paying the provider and handling stuff outside the provider.

- Overhead spent managing cloud applications

- Potential that local Internet or cloud startup experiences downtime.

There's a reason dedicated IT people exist and have been successful, and these are just a few of them.

[cinquemb]

I like when people lay out all the obstacles people would face because I think the probability of creating an solution to this is > 0 and higher when people question models.

But this one i would like to ask some questions about:

"The unknown cost of "occasionally fixing" could be $50 or $50,000. Given how nebolus the DevOps position is, you also can't be sure the stuff this individual is doing is considered best practice."

Who gets to decide what's best practice? How does such information about such best practice propagate? How much does it cost to acquire such best practice knowledge? Is trying to mitigate for this all the time a theoretical constraint on all possible solutions (i.e. without trying to mitigate for this, things will not work at all) or for any of the issues you bring up that are probably valid assumptions for some set of solutions?

[e12e]

I'm curious - do you have first hand experience with companies that does this (and does it well)? I might want to work (at first part time, remote) for such an outfit, if I they provide a good service (and good/skilful colleagues).

I've seen a lot of people that hire devops in-house (technically, it's a little hard to see how "devops" might work with the "ops"-person just doing drive-by installation and maintenance once every month -- but I suppose if the "dev" part isn't "special" (web application server + database + static resources + database) one could argue there's not much need for "devops", just "ops"?).

Although 30k for full-time ops works sounds really low, anywhere? (As a customer, I'd probably prefer one tenth of a 100k/year engineer than one tenth of a 30k/year engineer... even if the price might be 3-4 times as high).

[nickpsecurity]

I used to do it myself and know people who do. None of us are or were in DevOps. Plenty of independents out there that might make same arrangement. We did it just to save us time and make extra money. :)

[jsmeaton]

Out of curiosity, can you name some of these firms that contract out these kinds of engineers?

[nickpsecurity]

Reply here:

https://news.ycombinator.com/item?id=10878468