Hava Blog and Latest News

In Cloud Computing This Week [Aug 21st 2020]

Written by Team Hava | August 21, 2020

This week's roundup of all the cloud news.


Hi folks, it's been another reasonably quiet week in cloud computing , as usual we've read all the cloud computing news from the big three; AWS, Azure and GCP again, so you don't have to. 

AWS lead the way again this week with lots of new enhancements to existing services.

Very little news out of the Azure and GCP camps.

Here are Hava we're currently rolling out a refreshed UI, putting the finishing touches to a completely new AWS best practice compliance reporting module which is built right into your Hava dashboard and more updates to our AWS Architecture Diagram Tool.


Here's all the other news:

AWS Site-to-Site VPN now supports additional encryption, integrity and key exchange algorithms

You can now use additional encryption, integrity, and key exchange algorithms for your VPN connections. These advanced algorithms provide higher security to protect your data, higher performance for faster transfer rates, and help meet compliance requirements.

These algorithms are available as tunnel options for new and existing VPN connections and can be accessed through the AWS Management console, AWS Cloud Development Kit (CDK), or the AWS Command Line Interface (CLI).


API Gateway HTTP APIs adds integration with 5 AWS Services

AWS customers can now create Amazon API Gateway HTTP APIs that route requests to AWS AppConfig, Amazon EventBridge, Amazon Kinesis Data Streams, Amazon SQS, and AWS Step Functions. With these new integrations, AWS customers can easily create APIs and webhooks for their business logic hosted in these AWS services. 

Previously, AWS customers could use HTTP APIs to create APIs that route requests to AWS Lambda functions and any HTTP(s) backends. This release enables customers to build direct APIs that can be used to get configuration information from AppConfig, publish events to EventBridge, ingest data through Kinesis Data Streams, send a message to SQS, or start a workflow in Step Functions. 


Amplify Flutter now available as Developer Preview

The open source Amplify Framework, a suite of libraries and tools for mobile and front-end web developers, now offers support for Flutter developers. Flutter is an open-source UI software development kit created by Google for developing applications for Android and iOS from a single codebase. Today’s Amplify Flutter Developer Preview provides libraries and a CLI toolchain that enable Flutter developers to build scalable and secure cloud-powered applications. You can use libraries with backends created using the Amplify CLI or with existing AWS backends.


AWS Controllers for Kubernetes Preview

The AWS Controllers for Kubernetes (ACK) is a new tool that lets you define and use AWS service resources directly from Kubernetes. With ACK, you can take advantage of AWS managed services for your Kubernetes applications without needing to define resources outside of the cluster or run services that provide supporting capabilities like databases or message queues within the cluster. 

Kubernetes applications often require a number of supporting resources like databases, message queues, and object stores to operate. AWS provides a set of managed services that you can use to provide these resources for your applications, but provisioning and integrating them with Kubernetes was complex and time consuming.  


AWS DataSync simplifies automation with API filters

AWS DataSync now supports filtering for the ListTasks and ListLocations API calls, enabling you to easily retrieve configuration of data transfer tasks, using filters such as the source or destination for the data transfer. With this new capability, you can automate the set up and monitoring of workloads that involve hundreds of DataSync tasks. 

DataSync is an online data transfer service that simplifies, automates, and accelerates copying large amounts of data to and from AWS storage services. When listing your data transfer tasks and storage locations, you can filter results based on specific storage location types, folder paths, or time when you configured your DataSync resources. For example, you can easily retrieve the list of data transfer tasks that write to a specific S3 bucket, or that copy files from your NFS servers. Using this functionality, you can automate triggering and monitoring hundreds of DataSync tasks with simple API calls. 


AWS Cloud9 releases enhanced VPC support

AWS Cloud9 is a cloud-based integrated development environment (IDE) that lets you write, run, and debug your code with just a browser. Cloud9 is excited to offer enhanced VPC support for customers using the Cloud9 IDE. This release adds support for creating Cloud9 environments in a private subnet with no ingress and optionally no egress.

Prior to this release, Cloud9 environments had to have a public IP address and the SSH port configured to be accessible from AWS Cloud9. Today we have reinforced our security posture by no longer requiring inbound connections to Cloud9 environments. This new feature leverages AWS Systems Manager (SSM) to eliminate the need for SSH connections.


Amazon EKS on AWS Fargate now supports AWS EFS file systems

Amazon Elastic Kubernetes Service (EKS) pods running on AWS Fargate can now mount Amazon Elastic File System (EFS) file systems. AWS Fargate will use the EFS CSI driver to automatically mount an EFS file system requested by a pod running on Fargate, without the need for manual driver installation. This enables persistent, regional, shared storage to be used by pods running on AWS Fargate, the serverless compute engine which allows customers to deploy and manage containerized applications without having to manage any of the underlying infrastructure. 


Application and Classic Load Balancers are adding defense in depth with Desync Mitigation Mode

Application Load Balancer (ALB) and Classic Load Balancer (CLB) now support HTTP Desync Mitigation Mode, a new feature that protects your application from issues due to HTTP Desync. Modern day web applications are typically built with a chain of proxies that ensure fast and reliable communication between clients and servers. While these proxies follow a standard mechanism to parse RFC 7230 compliant HTTP/1.1 requests, they may have differences in interpretation while parsing non-compliant requests.

These differences in interpretation can cause Desync where different proxies in the chain may disagree on request boundaries and therefore may not process the same request. This could leave behind arbitrary messages that may be prepended to the next request in the queue and smuggled to the backend. Ultimately, request smuggling can make applications vulnerable to request queue or cache poisoning, which could lead to credential hijacking or execution of unauthorized commands. 

With AWS Desync Mitigation Mode, customers can choose among three modes - “Defensive”, “Strictest”, and “Monitor”. In the “Defensive” mode, the load balancer will perform three specific tasks. First, it will allow your application to receive known safe requests irrespective of their RFC 7230 compliance.

Second, it will block requests that are not RFC compliant and are known security threats. Third, it will close both the client and upstream connections irrespective of HTTP keep-alive limits for ambiguous requests. Ambiguous requests are requests that are not RFC 7230 compliant, and can cause Desync because they are subject to varying interpretations by different proxies or web-servers. The “Defensive” mode is chosen as your default as it provides a durable hands-free mitigation against HTTP Desync, while maintaining the availability of your application.

You can opt into the “Strictest” mode if you need to ensure that your application only sees requests that are RFC 7230 compliant. Finally, you also have the flexibility to configure “Monitor” mode, if you want your load balancer to forward all requests it receives, regardless of classification, to the application behind it. 


AWS Site-to-Site VPN now supports IPv6 traffic

AWS Site-to-Site VPN now supports IPv6 traffic for VPN connections to AWS Transit Gateway. With this launch, you can now use IPv6 addressing for traffic between your customer gateway device and your resources in AWS. If you use IPv6 addresses for your resources in Amazon Virtual Private Clouds and on-premises data center or office sites, you can now communicate securely between them using AWS Site-to-Site VPN connections.


AWS ElastiCache for Redis now supports 500 Nodes per cluster.

Amazon ElastiCache for Redis now allows you to scale your Redis Clusters up to 500 nodes. Redis (cluster mode enabled) configuration allows you to partition your data across multiple shards and offers better scalability, performance, and availability. With this announcement, you can double your cluster size from 250 nodes to 500 nodes, thereby supporting larger memory storage capacity of up to 340 TB of memory and improved throughput per cluster.

You can choose to configure a 500-node cluster that ranges between 83 shards (one master and five replicas per shard) and 500 shards (single master and no replicas).

Support for 500-node cluster is available with Amazon ElastiCache for Redis starting with Redis version 5.0.6, in all AWS regions. You can create a new cluster or scale your existing cluster to add shards using online cluster resizing.



Google announces CPU overcommit for Compute Engine

As part of our commitment to provide the most enterprise-friendly, intelligent, and cost effective options for running workloads in the cloud, google were a excited to announce CPU overcommit for sole-tenant nodes is now generally available. 

With CPU overcommit for sole-tenant nodes, you can over-provision your dedicated host virtual CPU resources by up to 2X. CPU overcommit automatically reallocates virtual CPUs across your sole-tenant nodes from idle VM instances to VM instances that need additional resources. This allows you to intelligently pool CPU cycles to reduce compute requirements when running enterprise workloads on dedicated hardware.


Azure Java Message Service 2.0 over AMQP on Azure Service Bus

Azure Service Bus simplifies enterprise messaging scenarios by leveraging familiar queue and topic subscription semantics over the industry-driven Advanced Message Queuing Protocol (AMQP). It offers Azure customers a fully managed platform as a service (PaaS) offering with deep integrations with Azure services to provide a messaging broker with high throughput, reliable latency while ensuring high availability, secure design, and scalability as a first-class experience. Microsoft aim to offer Azure Service Bus for customer workloads on most application stacks and ecosystems.

In keeping with that vision, they're excited to announce preview support for Java Message Service (JMS) 2.0 over AMQP in Azure Service Bus premium tier. With this, they empower customers to seamlessly lift and shift their Java and Spring workloads to Azure while also helping them modernize their application stack with best in class enterprise messaging in the cloud.



UPComing Events:   


Google Cloud Next OnAir

Google's 9 Week Digital Event kicks off on July 14th with diverse topics being covered each week. The remaining include:  

Application Modernization August 25th
Cloud AI September 1st
Business Application Platform September 8th


Full Information and Session times here:  https://cloud.withgoogle.com/next/sf

Azure Virtual Events

Microsoft have a full schedule of Virtual Events

A  full list including session times and details are here : https://azure.microsoft.com/en-us/community/events/

AWS Events:

AWS events are pretty fluid at the moment, with most in-person events being cancelled or postponed. There are a number that have been taken online and full details can be found here: https://aws.amazon.com/events/

Thanks for reading again this week, we hope you found something useful. 

hava.io allows users to visualise their AWS, GCP and Azure cloud environments in interactive diagram form including unique infrastructure, security and container views. hava.io continuously polls your cloud configuration and logs changes in a version history for later inspection which helps with issue resolution and provides history of all configs for audit and compliance purposes.

If you haven't taken a hava.io free trial to see what the GCP, Azure and AWS architecture diagram tool can do for your workflow, security and compliance needs - please get in touch. 

You can reach us on chat, email sales@hava.io to book a callback or demo.