- PagerDuty /
- Blog /
- Automation /
- Five Considerations for Choosing Self-Managed Automation vs. SaaS Automation
Blog
Five Considerations for Choosing Self-Managed Automation vs. SaaS Automation
Sometimes heritage is better than new. Some people favor Coca-Cola Classic over New Coke, and heirloom tomatoes over regular tomatoes.
Some Luddites might say the same thing about cloud computing. “I won’t put my (app/data) in the cloud! It will be more (secure | reliable | cheaper) if I run it myself in my own data center.”
All kidding aside, there are legitimate reasons why you might choose the self-managed version of PagerDuty® Process Automation On Prem—previously known as Rundeck Enterprise—over our new SaaS offering, PagerDuty® Runbook Automation. No, it’s not that classic is better in this case; it’s actually the same code developed through the Rundeck open source project. It’s that your requirements or use case might be better met when you have more flexibility than what our SaaS automation solution can provide.
Not sure which way to lean? Here are five considerations to help you decide which offer might be better suited for your use case.
1. Are Your Applications and Infrastructure Self-Managed Rather Than in the Cloud?
Maybe your application and its stack run in your own data center, or a hosting provider other than one of the cloud hyperscalers. This could be because of legacy reasons—where your application was first deployed and it’s too strategic (or not strategic enough) to invest in migrating to the cloud. You could have specific requirements (some of which are covered below) that would be more difficult to meet in the public cloud. Put simply, it’s a reflection of where your company chooses to invest its capital and develop its expertise in IT. In fact, it might be a source of cost control and profitability to run your own infrastructure. After all, AWS is estimated to have a gross margin of over 60%. Finally, maybe your company provides digital services at scale, so running your own infrastructure is part of ensuring quality and speeding up innovation.
PagerDuty® Runbook Automation is built to securely connect to any cloud or self-hosted environment, and can meet many typical use cases. However, running the PagerDuty® Process Automation software yourself could make more sense if your team’s skill set is more geared toward your self-managed environment. In such a case, running PagerDuty® Process Automation On Prem can help you scale your in-house operations by allowing your experienced engineers to apply their expertise to build self-service automation that can then be delegated to other users. The same secure connectivity that lets PagerDuty® Runbook Automation connect to remote environments also allows your team to securely connect your disparate data centers into centralized automation. In fact, it may well allow you to further increase security by reducing or eliminating the need to allow remote SSH access to these environments.
2. Do You Have To Meet More Stringent Compliance Standards?
Do you need to meet HIPAA, PCI, and/or FedRAMP requirements? Do you require your IT providers to be SOC2 compliant? If so, at least in the short term, you may be better off running PagerDuty® Process Automation On Prem versus utilizing the SaaS offering.
While PagerDuty® Runbook Automation is built to comply with standards such as these, achieving these standards takes some operating history—and we just launched the service this March. PagerDuty® has significant experience building high-quality services, which were leveraged in the development of PagerDuty® Runbook Automation. We look forward to announcing a SOC2 certification as soon as we can. As we get closer to achieving more certifications, we will communicate the expected availability.
3. Are You Subject to Data Sovereignty Requirements?
Many countries require that certain kinds of data about their citizens, including personally identifiable information (PII) and financial data, be stored within the borders of their country. PagerDuty® Runbook Automation, as a SaaS offering, can be utilized to automate any IT infrastructure that can be accessed via the internet. However, it is currently hosted in North America, with future plans to host in Europe.
If your company and application are subject to such data sovereignty requirements, it might make sense to utilize PagerDuty® Process Automation On Prem instead. Our SaaS offering doesn’t directly store personal data outside of what’s required for user accounts. However, if the automation you might create could potentially lead to a violation of such regulations, hosting your own automation environment within your own infrastructure may make it easier to show compliance.
4. What Kinds of Infrastructure Do You Want To Incorporate Into Automation?
PagerDuty® Process Automation On Prem provides a wide range of plugins—both developed and supported by PagerDuty—as well as those developed by the Rundeck open source community. This provides options and flexibility for automation developers to incorporate several types of infrastructure into their automation.
One reason there are so many plugins available in the community is that PagerDuty® Process Automation On Prem has a flexible plug-in API. This makes it seamless for users to develop their own plugins for home-grown or less common infrastructure they wish to utilize in job definitions such as nodes, job steps, UI integrations, and credential storage.
PagerDuty operates our SaaS offering, PagerDuty® Runbook Automation, to meet stringent security and reliability requirements. This means the only plugins we can offer are those that have been tested and certified to meet these requirements. For the same reasons, custom plugins are not supported at this time. Here is a list of plugins that are secure enough to use behind a firewall with PagerDuty® Process Automation On Prem, but are not supported by PagerDuty® Runbook Automation.
If you have a lot of different types of infrastructure you’d like to automate with, you will find PagerDuty® Process Automation On Prem offers the flexibility to meet an abundance of requirements.
5. What Kinds of Security Requirements Do You Need To Meet?
PagerDuty® Runbook Automation is built with hardened security to meet stringent requirements, and it can help optimize your own compliance with security and compliance requirements. For example, PagerDuty® Runbook Automation connects to infrastructure using a Runner that calls back to its endpoint using HTTPS. This eliminates the need to open additional ports in your firewalls. Runbook Automation is integrated with cloud SSO such as Okta, Ping, and Azure AD, and secrets management SaaS services such as Hashicorp Vault, CyberArk, and Thycotic. It facilitates access control to privileged actions and reduces the need to distribute super-user credentials. Job-level logging means compliance audits are no sweat. However, in the case of secrets management, PagerDuty® Runbook Automation does not connect to on-premise key stores.
But will this meet your own specific security requirements?
If you need to integrate with on-premise authentication or secrets management, or have other unique needs in this area, you may need the flexibility offered by PagerDuty® Process Automation On Prem instead.
Summary
PagerDuty® Runbook Automation | PagerDuty® Process Automation On Prem | |
Best fit | To manage cloud and SaaS operations | To manage on-prem ops and infrastructure |
Plugins | Preset and no custom | All and any + custom |
Keystores | Cloud only | On-prem or cloud |
Data | Managed by PD | Managed by customer |
Upgrades | Managed by PD | Managed by customer |
Scale | Managed by PD | Managed by customer |
Secure infrastructure | Managed by PD | Managed by customer |
If you’d like to explore these differences and compare them to your requirements, start a conversation with our team.