A bit more context there since you might wonder why customers can cause Sev1’s.
Well, I work for a Database Technology company and we provide a managed service offering. This managed service offering has SLA’s that essentially enforce a 5 minute response time for any “urgent” issue.
Well, a common urgent issue is that the customer suddenly wants to load in a bunch of new data without informing us which causes the cluster to stop accepting write loads.
It’s to the point where most if not all urgent pages result in some form of scaling of the cluster.
Since this is a customer driven behavior, there is no real ability to plan for it - and since these particular customers have special requirements (and thus, less ability to automate scaling operations), I’m unsure if there is any recourse here.
It’s to the point that it doesn’t even feel like an SRE team anymore - we should just instead be called “On-demand scaling agents”. Since we’re constantly trying to scale ahead of our customers.
All in all, I’m starting to feel like this is a management/sales level issue that I cannot possibly address. If we’re selling this managed service offering as essentially “magic” that can be scaled whenever they need then it seems like we’re being setup for failure at the organizational level. Not to mention, not being smart about costs behind scaling and factoring that into these contracts.
So, fellow SRE’s have you had to have this conversation with a larger org? What works for something like this? What doesn’t? Should I just seek greener pastures at this point?
P.S. - Posted c/Programming due to lack of a c/SRE
If it’s possible to do, and it causes a user experience issue, especially one as jarring as “stop accepting writes” you should start adding rate limits and validate inputs with rate limits expressed to the user before they hit the error rate.
To me you should already be sanitising input anyway, and this would just be part of that logic. If a user is trying to upload more than x it warns (with link to documentation of the limit). If user has gone past the rate limits, then error.
I’m not a sre or dev, just a sysadmin though. Users expect guard rails. If it’s possible, it’s permitted.
Probably not feasible in our case. We sell our DB tech based on the sheer IOPS it’s capable of. It already alerts the user if the write-cache is full or the replication cache is backing up too.
The problem is, at full tilt, a 9 node cluster can take on over 1GB/s in new data. This is fine if the customer is writing over old records and doesn’t require any new space. It’s just that it’s more common that Mr. customer added a new microservice and didn’t think through how much data it requires. Thus causing rapid increase in DB disk space or IOPs that the cluster wasn’t sized for.
We do have another product line in the works (we call it DBaaS) and that can autoscale because it’s based on clearly defined service levels and cluster specifications. I don’t think that product will have this problem.
It’s just these super mega special (read: big, important, fortune 100) companies have requirements that mean they need something more hand-crafted. Otherwise we’d have automated the toil by now.
As soon as you go down the path of customization for “special clients” you’ve already lost the battle. Business needs to agree to not sell something like that. I’m not being helpful here, but as soon as you’ve started customizing like that to get massive clients it will never end and it will just slowly suffocate your company.