Wednesday 17 October 2012

Skyscape? Yes? No? Akamai? Maybe? Where is GOV.UK?

DMossEsq has just been contacted and told that he's wrong – a daily event that the reader would not normally be troubled with, but this is different.

GOV.UK is being hosted on Skyscape. We know that. The G-Cloud team have told us. GDS have told us. Skyscape have told us. The press in general have told us, e.g.
Hosting GOV.UK in the cloud to cost GDS record-breaking £600,000

Government Digital Service signed a deal with Skyscape last month

By Derek du Preez | Computerworld UK | Published 10:29, 10 October 12

The Government Digital Service’s (GDS) infrastructure-as-a-service (IaaS) deal with Skyscape to host single domain website GOV.UK, which was procured through the G-Cloud, is worth an estimated £600,000.

Denise McDonagh, G-Cloud programme director, revealed the figure in an article for the Financial Times, where she said that the deal is the biggest sale to date from CloudStore and is “an important milestone for G-Cloud, showing that the public sector is ready to embrace low-cost utility cloud services”.
There can't be any doubt.

Except that apparently DMossEsq is wrong and actually GOV.UK is being hosted by Akamai. Who says? Akamai. And they didn't sound very pleased.

Someone is not being straight with someone.

18th question for Francis Maude: where is GOV.UK?

Akamai, incidentally, turn out to be a Singapore-based cloud services supplier quoted on two German exchanges and on NASDAQ, thus ensuring that any data they store can be subpoenaed by the FBI. If that's where GOV.UK is being hosted, then GDS have lost control of our data and Whitehall will have failed in its Constitutional duty to keep our data under its control and confidential.

"Check up on GOV.UK", suggested the man at Akamai, "that'll prove it.". The following distressing user experience was suffered:


The man from Akamai also suggested doing an nslookup. This is one you can try at home from the command prompt. Enter nslookup www.gov.uk and back comes the answer:
Non-authoritative answer:
Name:          e6453.b.akamaiedge.net
Address:        2.23.20.23
Aliases:        www.gov.uk
                www.gov.uk.edgekey.net


Check up with RIPE on that 2.23.20.23 address and you get:
inetnum:        2.23.16.0 - 2.23.31.255
netname:        AKAMAI-PA
descr:          Akamai Technologies
country:        EU
admin-c:        NARA1-RIPE
tech-c:         NARA1-RIPE
status:         ASSIGNED PA
mnt-by:         AKAM1-RIPE-MNT
mnt-routes:     AKAM1-RIPE-MNT
mnt-routes:     CW-EUROPE-GSOC
source:         RIPE #Filtered


Things are looking good for the Akamai theory and not so good for Skyscape.


6 comments:

Anonymous said...

Akamai are a content delivery network (CDN) provider. They cache content for upstream web sites, which takes the burden off the actual web servers and make content quicker to load to it's users. It's quite standard practice to use them for large scale websites. Where it's actually hosted can't be determined from these NS records alone.

David Moss said...

Thank you for that point. The answer to the question where is a website is clearly ... very long, in some cases.

Clicking on the subject field of the certificate information displays the following:

CN = gov.uk
OU = Akamai SAN SSL OV
OU = Government Digital Service
O = Cabinet Office
L = London
S = London
C = GB

That again seems to point pretty conclusively at Akamai and not Skyscape.

Presumably the Skyscape contract has been signed and the intention is that GOV.UK will move there eventually even if it hasn't got there yet.

Presumably GDS told everyone about Skyscape apart from Akamai – they do sound cross.

Anonymous said...

The OU is generally a free form field and is likely just for the termination to the Akamai CDN which then hands to requests off to the real web servers where ever they are hosted. While Akamai may host web sites directly, they are mainly know for CDN technology. Certain, www.gov.uk is pointed at their CDN.

http://gcloud.civilservice.gov.uk/cloudstore/ lists Skyscape as a provider but no mention of Akamai.

I know you've covered this a lot, but Skyscape's partners are heavy weight vendors. There is no reason why the couldn't provide a tested, well proven solution in a short time frame, though I agree the companies short existence and seeming focus on G-Cloud seems a little odd, especially when there are other established players in the market.

It's worth pointing out that the site is put together well, at least on first inspection. The lack of an IPv6 address is a bit of a shame (US gov. now mandate IPv6 for all sites).

If the reported £600,000 for infrastructure is true, it does seem a lot for just the infrastructure on such a small site, especially when 'real' content such as the schools finder, DVLA licensing and others are sent to the old 'replaced' direct.gov.uk.

David Moss said...

"... Skyscape's partners are heavy weight vendors ..." – I agree. So why didn't GDS and HMRC contract with them? Because they have US businesses and are therefore subject to the USA PATRIOT Act?

Skyscape take time out to advertise on their website that all of their shareholders (all one of him) are UK-domiciled and that "therefore" the company is not subject to the Act. Being subject to the Act clearly worries someone. Quite rightly.

Will the US fall for it? Put a one-man company in front of Cisco, VMware, EMC and QinetiQ and suddenly the Act doesn't apply? Unlikely.

If GDS and HMRC feel anxious about contracting with US suppliers for cloud computing services, then they just shouldn't do it. The Skyscape figleaf compromise is no solution.

Incidentally, Anonymous, do you think that even data stored temporarily at a CDN is covered by the Act? If I were the FBI, I'd give it a try ...

Anonymous said...

The IP www.gov.uk is allocated by the US based ARIN although the actual machine(s) appear, by the round trip time to be in the UK, possibly at Telehouse in London. Looking at that, I'd say it's unlikely that the data ever leaves these shores. Quite how whichever spooks it is you're most afraid of would get the data I'm unclear. It's unlikely that the US companies themselves are actually running the hardware or have access to the data in any form.

The CloudStore beta site lists Skyscape as being able to hold up to Impact Level 3 data, which is Restricted. What do you think the government does for IL6? Just put it on hardware made in the UK running software written in the UK?

I agree that more information on Skyscape would be welcome given the size of the contract(s) being awarded and their nature but I suspect the truth about the organisation is more about money than power and control.

On the whole GDS's openness and use of technology is to be applauded and encouraged and the progress they are making are steps in the right direction if not always on the right path.

(P.S. your site's captcha is asking for human identification of house numbers from grainy looking photos provided by Google. I would guess is so they can identify exact house numbers for their Street View and Maps applications. Given the nature of your crusade, perhaps you should consider alternative sources of spam control?)

David Moss said...

It's been a long day, Anonymous. 23:51 last night, 07:52 this morning and now 21:06. Let's pick up again tomorrow.

Here's a relaxing competition to consider overnight, a Mars bar for the winning entry:-

Complete the following sentence in up to 10 words:

It's a good job GDS exist because _____ _____ _____ _____ _____ _____ _____ _____ _____ _____.

Post a Comment