The article I recently shared on this platform has gathered a few attention, to the extent a Vokacom developer reached out to me to share insights (which I’m so much grateful, of which this and the next two articles are gonna be based on).
Part two of the series is here: https://blog.khophi.co/ghanapostgps-exclusive-technical-details-vokacom-part-2/
Since such details given me has not been shared yet to the general public, I wish to touch on the information I received and relate a few comments I have about the technical steps taken.
Hopefully, someday in the near future, the GhanaPostGPS team would share more transparent breakdown of the cost it takes to run each part of their architecture.
I believe that this information when shared would be a useful learning experience for other enterprises interested in deploying similar architectures (unless how they run their architecture too is proprietary. Duh!)
This article will be the first of three articles to digest the technical details, as per the information I received via.
Let’s get to it.
“While your analysis may be spot on for a small company running a web application, same cannot be true for a national project.” – Vokacom Developer
I know what happens when the expression, “national project”, “national security” and similar jargons are thrown around.
Under the umbrella of “national security”, “national project”, unnecessary unreasonable steps are taken.
If a company with limited funds approach problems, they try to solve it using the most efficient, cost-effective means, in order to save funds and focus on doing only what matters at the moment and scaling out as and when needed.
However, if the funds are coming from the taxpayer’s pocket, they say, ‘Etua wo yɔnko a etua dua’, as in, when the money is from an almost limitless pocket, there’s no stopping of throwing in any unnecessary steps.
In the name of ‘National Something’, America spied, spy and continue to spy on millions of Americans and beyond. With the word ‘national’ in the picture, you could justify ANYTHING you do. Heck, why are you doing this or that?
‘Because of national safety, by a national project to ensure national security’.
Oh well. That out of the way, I think any of the steps taken by the GhanaPostGPS team, if they did not have the backing of the taxpayer’s money, the question is, would they have done it?
If the GPS app was their own company app, would they have paid 400k$ to Google (if that is true)?
‘You’re not a Journalist’
“You are not a journalist so I cannot naturally expect that you will do your independent checks before stating your opinion but from one Tech person to the other, I am sure a quick call to Vokacom would have immediately eased your concerns.” – Developer
I’m not a ‘journalist’. However, I am happy he went out his busy schedule to share more insights with us all. It is such a good thing to have more details now.
I don’t think I qualify as a professional journalist because I have no journalism schooling experience or a Masters Degree or Ph.D in journalism. However, when it comes to tech, I’m obsessed, and I do ‘blog’ about them every now and then as and when I can, about the content I enjoy. And the technology behind the GhanaPostGPS application tickles me.
Do I get to call myself a “Blogger” then?
But wait, Journalist means:
“a person who writes for newspapers, magazines, or news websites or prepares news to be broadcast.”
‘Purposes of National Security’
“For purposes of national security, I am unable to give very specific tech designs but please note that we have multiple hosts (and not all of them cloud) that run the platform. While it’s easy to run a 2 core 8GB virtual cloud computer, same cannot be done on a local data centre that require hardware. We have had to deploy 24 core hardware + some really high-end firewalls that suffice for national data protection. Please do a quick check with Ostec (or any big IT hardware seller) for how much high-end firewalls with embedded DDOS prevention costs. You will be amazed; it’s the reason cloud is so popular, it’s very cheap.” – Developer
Did you notice the “National Security” part again? Oh well
“…While it’s easy to run a 2 core 8GB virtual cloud computer, same cannot be done on a local data centre that require hardware. We have had to deploy 24 core hardware + some really high-end firewalls that suffice for national data protection.” – Developer
“24 core hardware + some really high-end firewalls that suffice for national data protection”?
What is that supposed to mean? Can we get more clarification?
Oh, wait, No, that’s impossible, for purposes of National Security.
My question is, why deploy your local data center? Any special reasons? Is that a simple, flexible way to ensure better wastage of money?
The reason for deploying a local data center is to ensure “national data protection”. That means all the companies running their entire business on the cloud have NO data protection and have their data leaking like a broken kitchen sink pipings.
However, why is the current IP addresses of the GhanaPostGPS application resolving to Data Centers in the US owned by Amazon? How’s that for a “national data protection”? Is there a form of double standards here?
Unless the funding is coming from an unfettered source, which any price goes, and no thought is given to cutting cost, there is no way a startup, enterprise, in their right mind, in 2017 would want to pay multiple times the cost of a service that is 100% available for a fraction of the cost.
I love Ghana made products, except in situations that it doesn’t make sense. If not, why?
I am poor. My mother trained me well. When I go to the market, I just don’t buy because I have money. I compare and get the right value for money.
If it is a Ghana product which has a great value for money, fine, I’m in! Otherwise, I won’t blindly join a ship just because it has the sign ‘Made in Ghana’ on it.
My point is, is there a way a company, looking for similar capacity as the above from the GhanaPostGPS, could achieve that in 2017 at a less than 10,000$ a year?
Only God knows what they’re doing with a 24-core server working on JSON request responses. Is it not likely Vokacom is mining Bitcoins with all this processing power? It is 2017. The computational power of a 24-core server would be a great resource for mining bitcoins.
Because there’s NO way on earth one would need a 24-core server for serving and receiving JSON data. Or would they?
Just like in my previous article, I’m not going to talk and go. I’m going to show a viable, much more cheaper option available, of which GhanaPostGPS probably and very likely decided to go the hard way, all so that, funds could be squeezed out even more and better.
Again, I come from a background where saving funds is crucial. Therefore I try to make the most use of funds. Unless you’re the GhanaPostGPS where taxpayer’s money is your backing, you might find these facts useful to your enterprise’s solutions.
Don’t just spend money. Think!
The specs the GPS people wanted are these:
- 24-core Server (no mention of RAM, but I have something sweeter for you)
- High-end Firewalls with embedded DDoS prevention
With that in mind, here’s what you get on the open market in 2017 (going with DigitalOcean)
Everything below costs less than 10,000$ a year. No joke!
- 48 Gig RAM
- 32 Cores
- 10,006GB (That’s 10 Terabytes) of storage
- Free DDoS prevention (at the Datacenter Level). Application Level can be secured with Cloudflare
- Free Firewalls
- 99.99% SLA
- Free monitoring tools
I think that covers all their Server needs. Right? Remember, the above specs, specifically the Cores are 8 cores more than what GhanaPostGPS people wanted. Again, in reality, you need these specs, when it comes to cores for processing a gargantuan amount of data, not for “data protection” or security. More cores have nothing to do with more secured infrastructure or taking control of your data.
Build a bigger mansion, which can hold 10x more than normal house DOES NOT make your mansion “secured”. Data security has NOTHING to do with cores.
“…that suffice for national data protection.”
Please no. More high-end firewalls, poorly configured is as useless as nothing. A bulletproof door with no lock is as ‘useful’ as an open door!
Heck, our above solution gives the Firewalls option for FREE. FREE!
Are the firewalls high-end? What do you think? Amazon’s Firewalls, are they secured or high-end?
To readers, please, Firewalls are nothing cumbersome, scary and confusing as they make it sound.
Think of a Firewall as your house’s fence wall. A fence wall blocks all entry to the house, except one or two entry points. Imagine you can control what types of cars (which colors or brand) comes through the fence gates.
Thus, if the car is a BMW, come through. You could go ahead to say, if it is a BMW with any color except Blue, don’t allow.
Firewalls are usually the first point of contact for servers, which few to many rules can be applied.
I’m told the best Firewalls are hardwares that are specialized to handle the rules, although there are many software Firewalls available, doing the same, fence gate, you-go-through-you-don’t thing.
Every web application in today’s world, MUST have a firewall. On my servers, I do too, and they are applied as simple as this:
sudo ufw allow 'Nginx Full'
ufw, called Uncomplicated Firewall, is a software program with allows certain traffic matching some criteria to enter a server.
In the case of the above, I’m saying, “If anyone accesses my site, using the ports
443(HTTPS), allow the person/traffic/request. Anything/Everything/ALL THINGS that don’t come through these ports, don’t allow them.
So an example.
When you visit the site, khophi.co:80, you get to see a page load. Fine. That’s possible because I have configured the server to allow traffic coming through that port.
Try this instead, and your page will NEVER, EVER LOAD: khophi.co:3093, because that entry is NOT allowed.
Sorry for the lecture, but I felt you had to know. Firewalls can be much complex than the above, however, with the principle of less is more, Firewalls are NO gigantic complex ‘high-end’ whatever thing they want us to believe.
Now the cost: All combined above costs gets us
Here’s the breakdown:
- DigitalOcean VPServer cost = 640$/month x 12 = 7680 $
- DDoS prevention CloudFlare = 200$/month x 12 = 2400 $
The total is USD 10,080.
In order to factor for any little-unexpected expenses that might come up, let’s say total cost is 13,000$
Total Cost = USD 13,000$
Of course, that’s a lot to run a JSON-spewing server.
Remember to follow the links above to actually see the values for yourself on the respective websites. Purely transparent!
As I end this part one of the three-piece articles, I stop to wonder, why does anyone need a local data center?
If as the backup, fine. However, even that, there are a ton of storage options out there at exponentially cheaper prices.
And if local servers are for storages, and as a backup, what is the need for a 24-core system?
Why do you setup colocation, yet run the entire service from the USA?
If you’re running the service from Ghana (which they’re NOT, they’re running the ghanaposts gps application from Amazon Data Centers), the question is, Why? What is wrong with the brutally tested global providers?
We live in a global village. Your data at a DigitalOcean or Amazon Datacenter is just a click away. If you want absolute control over your data, yet run your entire application from Amazon, then which is which?
In all, if you’re looking to deploy huge applications that will scale, and Vokacom told you, you needed 2.5m$ or more to get going, please gently leave and hit the internet ways. There’re a ton of viable, cheap options out there, that I promise you are much more advanced, yet cheaper than whatever Vokacom is doing.
Even if you can afford to waste money, you don’t have to. See, you could book a family trip to Dubai with that saved funds.
Or start a new company, or re-invest in the existing company. Or even still better, raise the salary of your hardworking employees! They deserve it!
Working on Part 2 which will be about Analytics & SQL Server use at Vokacom for the GhanaPostGPS