Netflix's streaming-video entertainment via the Internet has become so popular it now represents almost a third of peak downstream traffic in North America. It also represents an IT support challenge for Netflix, which is trying to balance use of cloud services with traditional internal IT and data centers.
"There's a new world order and if you don't want to be a dinosaur, you support the cloud" and software-as-a-service (SaaS) applications, says Mike Kail, who is Netflix's top techie as vice president of IT operations (there's no CIO).
To meet its internal business needs, Netflix uses several cloud services, including Google Enterprise Docs, Workday for human resources and payroll, and even offers every employee an individual account at cloud-storage provider Box.
In fact, Netflix uses so many cloud-based services, including for its developers in the engineering-rich Netflix work environment, that the company's director of cloud systems architecture, Adrian Cockcroft, stirred up debate last week when he blogged about it, calling it "NoOps."
Cockcroft wrote, "There is no ops organization involved in running our cloud, no need for the developers to interact with ops people to get things done, and less time spent actually doing ops tasks than developers would spend explaining what needed to be done to someone else."
Taking this swipe at the ops division in stride, Kail responds, "Adrian and I have a good relationship, and he's said, 'If we ever have a CIO, I hope it's you.'" But Kail adds he thinks the phrase "NoOps" is a little misleading for several reasons.
The term "NoOps" has been kicking around as a tech buzzword for a while, with Forrester analyst Mike Gualtieri last year claiming DevOps "is a step backward" while "NoOps means that application developers will never have to speak with an operations professional again. NoOps will achieve this nirvana by using cloud infrastructure as a service to get the resources they need when they need them."
But the "NoOps" idea seems to imply there's no need whatsoever for internally maintained computing or that cloud services are so automated, there's no need for an operations staff all at, says Kail. "There will always be an operations layer," he says.
There is some data that Kail says Netflix wouldn't consign to the cloud -- namely, customer-sensitive data that has to be secured under the Payment Card Industry (PCI) guidelines. Despite its energetic adoption of cloud services, Netflix still maintains two large data centers. "Anything else is fair game," he says.
In this environment where both cloud services and internal data center resources need to be managed, a main piece of the security puzzle is finding a way to unify authentication. Netflix last January started using the cloud-based single sign-on (SSO) service from OneLogIn for this so that there can be centralized provisioning and de-provisioning of cloud- and on-premises computing and network resources.
Netflix migrated away from an arrangement with vendor Symplified which at the time had required on-premises hardware, says Kail, adding, "I wanted a pure cloud solution where I didn't have to maintain hardware." In looking at the final choices in the running -- OneLogIn, Okta and Ping Identity -- Netflix went with OneLogIn not only because it had a good price point and support for Security Assertion Markup Language (SAML), but it offered ease of integration with Microsoft's Active Directory, which Netflix uses.
Employee access to specific SaaS apps and internal Netflix resources is now managed through OneLogIn.
"This is centralized provisioning and de-provisioning," says Kail, pointing out that as employees come and go in the workplace, there's a simple way to grant and terminate access to all available resources at Netflix.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security.