Slashdot Mirror

← Back to Stories (view on slashdot.org)

Certificate Expiry Leads to Total Outage For Microsoft Azure Secured Storage

Posted by timothy on from the keeping-the-lights-on dept.

rtfa-troll writes "There has been a worldwide (all locations) total outage of storage in Microsoft's Azure cloud. Apparently, 'Microsoft unwittingly let an online security certificate expire Friday, triggering a worldwide outage in an online service that stores data for a wide range of business customers,' according to the San Francisco Chronicle (also Yahoo and the Register). Perhaps too much time has been spent sucking up to storage vendors and not enough looking after the customers? This comes directly after a week-long outage of one of Microsoft's SQL server components in Azure. This is not the first time that we have discussed major outages on Azure and probably won't be the last. It's certainly also not the first time we have discussed Microsoft cloud systems making users' data unavailable."

8 of 176 comments (clear)

  1. Re:Lolwut? by Nidi62 · · Score: 5, Funny

    I think you get them from storage vendros

    --
    The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
  2. Typical. by berchca · · Score: 5, Funny

    Not the first time they've made such blunders:
    http://slashdot.org/story/03/11/06/1540257/microsoft-forgets-to-renew-hotmailcouk

    If only Redmond had some sort of calendar system to help them remember this stuff.

  3. Tip of the iceberg by gmuslera · · Score: 5, Insightful

    If you can't trust Microsoft for such kind of small but essential things, should you trust them with bigger ones?

  4. 12 hours to update the certs? by crt · · Score: 5, Informative

    The really amazing thing is that if you look at their service dashboard, it took them 12 hours to update the certificates on their site:
    http://www.windowsazure.com/en-us/support/service-dashboard/

    They spent several hours doing "test deployments" ... while it's great to make sure you aren't going to make something worse, updating an SSL cert isn't exactly rocket science. I'd had to see how long it took to recover from a more serious service issue triggered by a software bug.

  5. Re:Somebody by Glendale2x · · Score: 5, Insightful

    Eh, don't put anything too important that you can't live without on systems outside of your control.

    --
    this is my sig
  6. Re:Blew their support contracts.. by binarylarry · · Score: 5, Funny

    Finally the Microsoft Blue Screen of Death has made into the new mobile cloud age.

    I mean the Azure Screen of Death, excuse me Mr. Ballmer.

    --
    Mod me down, my New Earth Global Warmingist friends!
  7. Re:Somebody by Nerdfest · · Score: 5, Interesting

    On the other hand, I've worked at places where the worst thing you could do is leave things that the company can't live without *in* the control of the company. Sometimes certain areas of expertise require specializations that the company just doesn't have and isn't interested in acquiring. Of course handing the responsibility of those things off to *Microsoft* is not necessarily any better.

  8. Re:Monitoring Fail by rabbitfood · · Score: 5, Insightful

    Simple operation? You've clearly never worked for a large company.

    Even if a warning wasn't trickled down a month ago, and we've no reason to assume it wasn't, the person whose job it is to act on it, provided they weren't on vacation, won't have simply thrown five dollars at a registrar. They'll have had to put in a request to the finance department, probably via a cost-management chain of command, with a full description of what needed to be paid to whom and why, with payee reference, cost-center code, expense code and departmental authorization, and hoped it would arrive in time to be allocated to the next monthly rubber-stamp meeting. Assuming the application contained no errors, was suitably endorsed and was made against an allocated budget that hadn't been over-spent and wasn't under review, then, perhaps, in the fullness of time, it might have received approval and have been sent back down the chain for subsequent escalation to the bought-ledger department, who'd have looked at the due date, added ninety days and put it on the bottom of the pile. After those ninety days, when the finance folk began to take a view to assessing its urgency, unless they found a proper purchase order from the supplier, and a full set of signed terms and conditions of purchase, non-disclosure agreements, sustainability declarations and ethical supply-chain statements, as now required by any self-respecting outfit, it'll have been put aside and, eventually, sent back round to be done properly. Or, if it all checked out first time, it'll have been put on the system for calendering into the next round of payment processing.

    I'm sure it might be possible to streamline aspects of such mechanisms, but to suggest there's anything trivial about them is a touch hasty. But you never know. Perhaps they're already thinking of planning a meeting to discuss it, and are working on a framework for identifying the stakeholders as I write.