It starts to get a bit muddled based on the level of hardware ownership. For the sake of argument, I'll assume by cloud servers, you mean a public service and not for instance getting AppLogic installed on your cluster, turning it into a private cloud.
Redundant cluster (vs public cloud) + Data privacy - doable on public cloud too. Sometimes called virtual private clouds.
Full control on software/hardware - true. But see above for hybrid/private clouds.
True redundancy and virtually zero downtime - Its nice to own the router.
Better performance with premium hardware - More efficient yes since you're not paying a middle man. Hardware-wise, some cloud servers can get pretty beefy.
- Expensive - Its a horrible capital cost. Cost of ownership will likely be cheaper though at scale.
Major hardware crash on multiple servers would result in a lot of downtime - Depends on how you set it up, and which failure types you're covering. The underlying weakness is the same with the cloud setup because they're doing exactly the same thing.
Complex and long to deploy - Yes.
Cloud servers (VPS)
+ Relatively cheap - Amortizes engineering costs you would have spent over the life of the service.
Little to zero downtime with a proper failover installed - Yes.
Scalable - Yes.
Instant or fast deployment - Yes. My favorite part.
- Performance capped, generally slower than a premium cluster - Not necessarily so, but sometimes yes. Its multi hosting, so they have to keep it sane. See above for hybrid/private clouds if you need raw performance.
Data privacy - Can do with virtual private clouds.
No zero downtime possible - Depends on the underlying architecture. If its just a cloud VPS that moves around on failover, then obviously no. If they are able to give you HA loadbalancers, and you can scatter across DCs, then it is possible.
I think anyone who can break out of the container, break through the host's ACL and then also the SAN, and then remount your image, is more than likely capable of reprogramming a hardware router.
The weakest link in cloud security is actually your api key.
That is the key statement. Security from what we've seen in our platforms have been the policies of the provider. This is also the trend of technology in general. With more automation and simplification all things have moved towards this just like centralized management of entire office computers, phone systems, online banking, and so on.
As technology grows, it becomes all that more important to know who you are doing business with, and to ensure that they have strong, established policies in place to secure their businesses and that of their customers.
A cloud should be a redundant cluster of hardware, so atleast from my perspective of dealing with professional, 'do it right' hosting companies, you are talking about the same thing. I can't speak to the budget companies and their methods though.
Linux & Windows Hosting Expert @ BlackMesh.com
Cloud/High Availability/Enterprise Drupal/FedRAMP/PCI/HIPAA firstname.lastname@example.org -- 888-473-0854 x720
Skype @ "blackmeshron"