<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class="">Hi Gert, Giuliano, all,</span><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class="">Many thanks for your input. This is an important topic and we appreciate the community's feedback.</span><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class="">I would like to clarify a couple of points:</span><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class="">1. The RIPE NCC will remain in full control of both our data and services. For RPKI, the HSMs, publication server, certificates and keys will remain on-premise.</span><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class="">What we are planning to deploy to AWS are the repositories, which will subscribe to the publication server and fetch any updates. In the event of a catastrophic failure, the RIPE NCC will failover to another infrastructure (secondary cloud provider or on-premises).</span><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class="">2. Under no circumstances will the membership or anyone in the community be expected to contact AWS or any other cloud provider in the event of unavailability. The RIPE NCC will remain solely responsible for our services and the central point of contact (including our existing 24/7 support). We will troubleshoot and fix any problems ourselves.</span><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class="">Finally, I have to acknowledge that the remaining issues with the ticketing system have been in our roadmap for longer than I would like. I am working with our engineering team to see how we can prioritise these improvements and hope have them delivered soon. My sincere apologies for the delay here.</span><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class="">Kind regards,</span><br style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class="">Felipe</span><br class=""><div><br class=""><blockquote type="cite" class=""><div class="">On 12 May 2021, at 09:35, Giuliano C. Peritore - Panservice <<a href="mailto:registry@panservice.it" class="">registry@panservice.it</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class=""><div id="zimbraEditorContainer" style="font-family: "Times New Roman"; font-size: 12pt;" class="2"><div data-marker="__QUOTED_TEXT__" class="">Hi,<br class=""><br class="">as a LIR I do *totally* agree with Gert's position to not "give away<br class="">control on critical services". RIPE is in the position to guarantee a<br class="">service with a relevant uptime, like it did for tens of years, and should<br class="">think to "outsourced resources" just as backup in case of unavailability<br class="">of internal resources.<br class=""><br class="">Regards,<br class="">Giuliano Peritore<br class=""><br class="">-- <br class=""> Giuliano Peritore - <a href="mailto:g.peritore@panservice.it" class="">g.peritore@panservice.it</a><br class=""> Direzione Generale - Panservice (AS20912)<br class=""> Servizi professionali per Internet ed il Networking<br class=""> Telefono: +39 0773 410020 - Fax +39 0773 470219<br class=""> Numero verde: 800 901492 - <a href="http://www.panservice.it" class="">http://www.panservice.it</a><br class=""><br class="">----- Messaggio originale -----<br class="">Da: "Gert Doering" <<a href="mailto:gert@space.net" class="">gert@space.net</a>><br class="">A: "Alun Davies" <<a href="mailto:adavies@ripe.net" class="">adavies@ripe.net</a>><br class="">Cc: <a href="mailto:ncc-services-wg@ripe.net" class="">ncc-services-wg@ripe.net</a><br class="">Inviato: Mercoledì, 12 maggio 2021 9:19:11<br class="">Oggetto: Re: [ncc-services-wg] New on RIPE Labs: RPKI Repositories and the RIPE Database in the Cloud<br class=""><br class="">Hi,<br class=""><br class="">On Mon, May 10, 2021 at 01:40:07PM +0200, Alun Davies wrote:<br class="">> The mission critical services the RIPE NCC provides to the Internet<br class="">> community require a solid technical foundation. In this new article<br class="">> on RIPE Labs, Felipe Silveira looks at plans to use cloud infrastructure<br class="">> as a means to that end. The full article is available here:<br class=""><br class="">As a member, I do not want the RIPE NCC to spend our money on "give away<br class="">control on critical services".<br class=""><br class="">Use of cloud services (or any other "outsourced infrastructure") is something<br class="">I consider acceptable as a *backup* in case of something catastrophic <br class="">happening to the RIPE NCC operated machines, to restore services to members<br class="">and community quicker.<br class=""><br class="">Using cloud services generally implies<br class=""><br class=""> - loss of control <br class=""> --> so the NCC *must* be primary authority on all data, and the cloud<br class=""> can only be a cache<br class=""><br class=""> - loss of contact and responsibility<br class=""> --> if a NCC provided service does not work, I do not want to talk to<br class=""> a cloud provider hotline, or hear from the NCC "well, there is nothing <br class=""> we can do, something in the cloud is broken"<br class=""><br class=""><br class="">All this cloudstuff is really great if you need "elastic services" (like,<br class="">when the big run on the last IPv4 space starts, scale up the LIR portal<br class="">to 200 instances - oh, wait, this opportunity got missed), or "low latency<br class="">for high bandwidth content delivery" (so, yeah, ... no?).<br class=""><br class="">But for the services the NCC provides, "cloud" sounds like "yeah, someone<br class="">else to blaim if it explodes", and this is not why we give the NCC money.<br class=""><br class=""><br class="">(And no, there is not much trust from my side, since the ticket system is<br class="">*still* a major annoyance in our day to day dealing with the NCC - despite<br class="">promises, two years ago, to make this more usable)<br class=""><br class="">Gert Doering<br class=""> -- voting LIR contact<br class="">-- <br class="">have you enabled IPv6 on something today...?<br class=""><br class="">SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer<br class="">Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann<br class="">D-80807 Muenchen HRB: 136055 (AG Muenchen)<br class="">Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279</div><div class=""><br class=""></div></div></div></div></blockquote></div><br class=""></body></html>