The 'on premise' versus 'off premise' approach to environments

June 16, 2018

As a result of thinking about why some people run their own servers and other people don't, it struck me today that on the modern Internet, things have evolved to the point where we can draw a division between two approaches or patterns to operating systems and services. I will call these the on premise and off premise patterns.

In the on premise approach, you do most everything within a self contained and closed environment of your own systems (a 'premise'). One obvious version of this is when you have a physical premise and everything you work with is located in it. This describes my department, for example, and many similar sysadmin setups; since we operate physical networks, have printers, and so on, we have no real choice but to do things on premise with physical hardware, firewall servers, and so on. However, the on premise approach doesn't require you to be doing internally focused work or for you to have physical servers. You can take the on premise approach in a cloud environment where you're running a web business.

(You can have a rousing debate over whether you can truly have a single on premise environment if you're split across multiple physical locations, or a physical office plus a cloud.)

In the off premise approach, you don't try to have a closed and self contained environment of your own systems and services, a 'premise' that stands alone by itself. Instead you have a more permeable boundary that you reach across to use and even depend on outside things, up to and including things from entirely separate companies (where all you can really do if there's a problem is wait and hope). The stereotypical modern Silicon Valley startup follows an off premise and outsourced approach for as many things as it can, and as a result works with and relies on a whole host of Software as a Service companies, including for important functions such as holding its source code repositories and coordinating development (often on Github).

An off premise approach doesn't necessarily require outsourcing to other companies. Instead I see it as fundamentally an issue of how self contained (and complete) your service environments are. If you're trying to do most everything yourself within an environment, or within a closely connected cluster of them, you're on premise. If you have loosely connected services that you group into different security domains and talk across the Internet to, you're probably off premise. I would say that running your own DNS servers completely outside and independently of the rest of your infrastructure is an off premise kind of thing (having someone else run them for you is definitely off premise).

While there's clearly a spectrum in practice, my impression is that on premise and off premise are also mindsets and these mindsets are generally sticky. If you're in the on premise mindset, you're reflexively inclined to keep things on premise, under your control; 'letting go' to an outside service is a stretch and you can think of all sorts of reasons that it'd be a problem. I suspect that people in the off premise mindset experience similar things in the other direction.

(As you might guess, I'm mostly an on premise mindset person, although I've been irradiated by the off premise mindset to a certain extent. For example, even though I'm in no hurry to run my own infrastructure for email, I'm even less likely to outsource it to a provider, whether GMail or anyone else.)

Comments on this page:

Out of curiosity, what would you define someone with my perspective? I think it's fairly similar to what you've described:

I build out most of my own infrastructure, like email. I self-host as much as I can. However, I don't run everything on my own physical infrastructure - I rely on public cloud and VPS providers for much of the externally-facing elements. It's just not practical to run everything off my home's internet connection when it's flaky and filtered by my residential ISP. (Also, avoiding "all eggs in one basket" hardware-wise.)

I think that still ends up describing a person with an "on premise" mentality -- I'm loathe to rely wholly on SaaS providers.

Evaryont --

Do you purposefully set out to ensure that if any of your external vendors fail, you could either run the service yourself or on another vendor? If so, I think you are basically on-premise in CKS's terminology.

On the other hand, if you are sufficiently tied to (say) AWS that moving to GCE or Linode or whoever would be a major pain involving lots of work, it's basically off-premise work.

My basic rule is that no business should outsource their core competency. If the business develops software as a profit center, every programmer should work directly for the business. If you need general payroll functions and you aren't an accountancy, feel free to buy a service.

By cks at 2018-06-16 07:03:32:

I think this taxonomy isn't necessarily a good fit for how individuals set up personal services and servers. To the extent that I can make it fit, I'd say that if you have one server or a group of them at a single place (cloud, VPS, etc) that does all your stuff and you access it remotely from home, then you're probably 'on premise' in this sense where your premise is that set of servers. But if you maintain the server configurations via Puppet, run the Puppet master on your home machine, and push to your servers in the cloud, you're at least starting towards 'off premise', because what you need to run the servers is split across multiple locations.

Waving my hands some more, if you have completely independent servers and services at different providers (eg your web host at one VPS, your personal IMAP and mail server at another, DNS at a third), you clearly have multiple premises but you might not be 'off premise' in this sense. If they all need or use an additional server (for Puppet, for backups, etc), then you're tilting towards off premise again.

Or to try to boil it down: if everything you need to run and operate your stuff is in one 'place', it's on premise. If you need multiple 'places' (including someone else's services) to operate your stuff, it's off premise.

Written on 16 June 2018.
« Default X resources are host specific (which I forgot today)
A broad overview of how modern Linux systems boot »

Page tools: View Source, View Normal, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Sat Jun 16 01:06:32 2018
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.