Hava Blog and Latest News

In Cloud Computing This Week [July 24th 2020]

Written by Team Hava | July 24, 2020

This week's roundup of all the cloud news.

Hi folks, this week, we've read all the cloud computing news from AWS, Azure and GCP again, so you don't have to.  

AWS feature releases have been coming thick and fast, however not too much news from both the Google and Microsoft cloud camps.

We hope you find something that peaks your interest. A quiet week here at Hava, we carried on with out development roadmap with more automation so your don't have to manually draw AWS diagrams.

Amazon CloudFront Announces Cache and origin Request Policies.

Amazon CloudFront’s new Cache and Origin Request Policies give you more control over the way CloudFront uses request data to influence both the cache key and the request that is forwarded to the origin on a cache miss. This gives you more flexibility while enabling better control and efficiency of the caching that CloudFront performs. These settings already partially exist, but the cache key configuration is now more independent from the origin forwarding settings.  

Previously, most of the forwarded data would automatically modify the cache key. Now, you can forward most request elements without affecting the cache key (unless you specifically want to). You can now configure any combination of headers, cookies, and query string parameters to be included or excluded from cache key consideration, or forwarded as needed.

In addition to the core configurability improvements, these options are now set using “Policies”. A Policy allows for the same specific combination of settings to be applied across any number of distribution behaviors. This saves setup time, reduces complexity, and allows teams to manage consistency across configurations.


Amazon ElasticSearch Services announces support for ElasticSearch7.7

Amazon Elasticsearch Service now supports open source Elasticsearch 7.7 and its corresponding version of Kibana. This minor release includes bug fixes and enhancements. 

This release improves cluster stability by significantly reducing the amount of heap memory that is needed to keep Lucene segments open. It also delivers faster results when querying time-based indices by filtering out shards that do not contain documents with relevant timestamps. AWS also added support for regular expressions in Painless scripts. 

You can now create new domains running Elasticsearch 7.7 and upgrade many existing domains with no downtime using in-place Elasticsearch version upgrades


Amazon EFS increases per-client throughput by 100%

Amazon Elastic File System (Amazon EFS) now supports up to 500 MB/s of per-client throughput, a 100% increase from the previous limit of 250 MB/s. Total throughput for an EFS file system remains at 10+ GB/s across all NFS clients. 

With this launch, customers can benefit from increased performance and lower cost for workloads that require a high amount of throughput from a single or small number of instances. For example, file-based analytics workloads can now process more data in a shorter amount of time, reducing cost, backup applications can now store and retrieve backups faster, allowing for larger backups and reduced recovery times, and media encoding applications can achieve faster encoding times. 


AWS Content Analysis Solution.

The AWS Content Analysis solution is a fully automated content-based video search engine. It quantifies video content using AI services from AWS for computer vision and speech analysis, then catalogs videos so users can browse video collections according to specified search criteria. This solution provides automation that can dramatically reduce the human involvement needed to catalog video archives for search.

This solution is also useful to see the insights AWS AI services generate for your own content at a glance and understand whether those services provide sufficient domain knowledge for your use cases.

With the AWS Content Analysis solution, users can explore questions like

 - Does Amazon Rekognition provide labels for the objects I’m looking for?
 - Does Amazon Transcribe recognize the speech in my videos?
 - Does Amazon Translate accurately interpret the transcribed speech in my videos?

This solution processes videos using the following AWS services:

 - Thumbnail and audio extraction using AWS Elemental MediaConvert
 - Object, celebrity, face detection, face search, and explicit content detection using  Amazon Rekognition
 - Transcript generation using Amazon Transcribe
 - Translation of the transcript using Amazon Translate
 - Key phrase detection and other textual analysis of the transcript using Amazon Comprehend

Prior to uploading videos in the AWS Content Analysis web application, users can select which AWS AI services to enable.


Amazon CIS EKS Benchmark. 

This week AWS announced a new Center for Internet Security (CIS) benchmark for Amazon Elastic Kubernetes Service (EKS). This new benchmark is optimized to help you accurately assess the security configuration of Amazon EKS clusters, including security assessments for nodes to help meet security and compliance requirements.

Security is a critical consideration when configuring and maintaining Kubernetes clusters and applications. Amazon EKS provides secure, managed Kubernetes clusters by default, but you still need to ensure that you configure the nodes and applications securely and meet your security and compliance requirements.

The CIS Kubernetes Benchmark provides good practice guidance on security configurations for unmanaged Kubernetes clusters where you typically manage the Kubernetes cluster control plane and nodes. The benchmark does not sufficiently cover the different configuration mechanisms used by Amazon EKS. This means that if you’re using the CIS Kubernetes benchmark with EKS clusters you’re faced with false positive errors.

These errors incorrectly assert your clusters are not secure or properly configured. With the CIS Amazon EKS Benchmark, you now have guidance aligned to the Amazon EKS cluster configuration and you should use this benchmark to assess and configure security for your cluster nodes. You may use the recently published Amazon EKS Best Practices Guide for Security in conjunction with the CIS Amazon EKS Benchmark that AWS announced this week.


AWS Snowball Edge Compute Optimized now available in 11 more regions 

AWS Snowball Edge Compute Optimized is now available in US East (Ohio), Canada (Central), South America (Sao Paulo), Asia Pacific (Sydney), Asia Pacific (Tokyo), Asia Pacific (Osaka), Asia Pacific (Seoul), EU (Stockholm), EU (Paris), EU (Frankfurt), and EU (London).  

Snowball Edge Compute Optimized is a secure, rugged device that brings AWS computing and storage capabilities, such as Amazon EC2, Amazon EBS, Amazon S3, AWS IoT Greengrass, AWS Lambda functions, and AWS IAM to your edge environments for machine learning, data analytics, processing, and local storage. You can use Snowball Edge devices in environments with intermittent connectivity (like manufacturing, industrial, and transportation) or in extremely remote locations (like military or maritime operations). These devices may also be rack mounted and clustered together to build larger installations.  


AWS Serverless Application Model CLI now GA

The AWS Serverless Application Model (AWS SAM) is an open-source framework for building serverless applications. Built on AWS CloudFormation, AWS SAM provides shorthand syntax to declare serverless resources. During deployment, AWS SAM transforms the serverless resources into CloudFormation syntax, enabling you to build serverless applications faster.

As a companion to AWS SAM, the AWS SAM CLI is a command line tool that operates on AWS SAM templates. It provides developers local tooling to create, develop, debug, and deploy serverless applications. AWS SAM has been open-source and generally available since April 2018. This week, the AWS SAM CLI is now also generally available (GA).

The AWS SAM CLI offers a rich set of tools that enable developers to build serverless applications quickly. This blog post summarizes the different tools available.


AWS releases training on AWS cost management

AWS Training and Certification today launched AWS Cloud Financial Management for Builders. This three-day, intermediate course is for cloud and solution architects, developers, DevOps, system administrators, and technologists interested in learning to design cost-optimized architectures. To ensure financial success in the journey to the cloud, builders need to develop the skills to leverage the right tools, best practices, and services that can help them efficiently manage the cloud and optimize their cost.

Why do you need to build skills for cloud financial management?
Historically, computing costs were tied to a quarterly or yearly hardware procurement investment, with a single point of ownership for cost management. With cloud technology, you can now initialize resources and services at any time, and pay only for what you use.

Technology teams are no longer just builders, but operators and owners of their products, responsible for most of the activities historically associated with finance and operations teams, including procurement and deployment. As such, they need the knowledge about AWS services, architecture, deployment, operations, and cost optimization.

Cloud financial management expertise enables builders to have a direct impact on efficiency and productivity of their organizations and achieve expected business outcomes. This is a major transformation for organizations that are used to working in traditional models.


Fully managed HashiCorp Consul Service now GA on Azure

HCS on Azure enables Azure users to natively provision Consul servers in any supported Azure region directly through the Azure Marketplace. Consul is delivered “as-a-service" where the Consul servers themselves are managed and operated by HashiCorp SREs while Azure takes care of the underlying infrastructure, virtual machines (VMs), and networks. This ensures customers can focus on the application and business logic they’re building and can offload the operational overhead of running Consul to experts at HashiCorp, including managing upgrades, patching, and providing technical support.

One of the major challenges of adopting open source technology like Consul is learning how to operate it yourself. This new HCS service eliminates this barrier. You can experiment and prototype with an open source solution and go to production with the confidence of the managed service offering.


Traffic Director Support for Proxyless gRPC Services 

Traffic Director’s support for proxyless gRPC services is built on a simple idea: if Traffic Director can configure sidecar proxies to do load balancing on behalf of a gRPC client, why not have it just configure the gRPC client directly?

gRPC, as you may know, is a high performance and feature-rich open-source RPC framework that underpins many of the Google Cloud Platform (GCP) services that you use every day. GCP uses it in the Google Cloud client libraries, which you use to reach services like Cloud Storage, Cloud Pub/Sub and many others. gRPC handles connection management, bidirectional streaming, and other critical networking functions. In short, it's a great framework for building microservices-based applications.

But, out of the box, gRPC only provides DNS-based name resolution and simple load balancing. For service mesh functionality (for example, dynamically discovering the backends for a service or global proximity-based load balancing), customers have traditionally turned to sidecar proxies. These sidecar proxies deliver powerful service mesh capabilities... but they're also an additional piece of infrastructure to manage.

gRPC + xDS
To make proxyless gRPC possible, Google added xDS API support to the most recent version of gRPC. The xDS APIs are the same open source APIs used by the popular Envoy proxy. They enable xDS control planes (such as Traffic Director) to configure gRPC clients with service information such as endpoint address, health status, priority (based on proximity and capacity) and which policies to use when calling out to the service.



Upcoming Events:   


AWS Container Day at KubeCon

Start off your KubeCon 2020 with AWS at Container Day on August 17th. In this full-day virtual event, AWS will cover how Amazon EKS makes it easy to deploy, manage, and scale containerized applications using Kubernetes on AWS. Virtual sessions throughout the day will consist of technical deep dives, product demos, and product announcements. The AWS Kubernetes team will be streaming on Twitch all day, ready to answer your questions.

To attend the event and live chat with session presenters and AWS experts, register here.

AWS will be hosting Container Day on August 19th and 24th in APAC and EMEA-friendly timezones if you can’t make it on August 17th. To attend the APAC day on August 19th, register here. To attend the EMEA day on August 24th, register here. These additional events will be rebroadcasts, but our experts will be moderating live to chat and answer questions!

To get in touch with the event team, please reach out to awscontainerday@amazon.com.


8:00 AM – 8:20 AM Keynote
Bob Wise, GM of Kubernetes at AWS
8:20 AM – 8:40 AM EKS Roadmap & Vision
Nathan Taber, Sr Product Manager, EKS
8:40 AM – 9:00 AM AWS Controllers for Kubernetes: The AWS universe of services, now Kubeified!
Jay Pipes, Principal Open Source Engineer, Kubernetes
9:00 AM – 9:20 AM Kubernetes Networking on AWS
Mike Stefaniak, Sr Product Manager, EKS
9:20 AM – 9:40 AM Application Networking on Service Mesh
Shubha Rao, Principal Product Manager, App Mesh
9:40 AM – 10:00 AM AWS Inferentia on EKS
Mike Stefaniak, Sr Product Manager, EKS
10:00 AM – 10:20 AM Saying Goodbye to YAML Engineering with the CDK for Kubernetes
Nathan Taber, Sr Product Manager, EKS
Elad Ben-Israel, Principal Software Engineer, SDKs
10:20 AM – 11:30 AM Live Containers on the Couch – Q&A
11:30 AM – 11:50 AM Customizing Managed Nodes groups
Jesse Butler, Senior Developer Advocate
11:50 AM – 12:10 PM Bottlerocket: an Open Source Container Host OS
Justin Haynes, Software Development Manager
12:10 PM – 12:30 PM CloudWatch Container Insights now monitors Prometheus Metrics
Sudeeptha Jothiprakash, Principal Product Manager, Cloudwatch
12:30 PM – 12:50 PM Persistent File Storage for Amazon EKS with Amazon EFS
Will Ochandarena, Principal Product Manager, EFS
12:50 PM – 1:10 PM Running Arm nodes with AWS Graviton on Amazon EKS
Michael Hausenblas, Sr Developer Advocate
1:10 PM – 2:00 PM Live Containers on the Couch – Q&A
2:00 PM – 2:20 PM Security Best Practices
Jeremy Cowan, Principal Containers Specialist SA
2:20 PM – 2:40 PM CIS Benchmark
Paavan Mistry, Sr Developer Advocate
2:40 PM – 3:00 PM EKS and Fargate, better together
Massimo Re Ferre, Principal Developer Advocate
3:00 PM – 3:45 PM Final Q&A and Closing Remarks


Google Cloud Next OnAir

Google's 9 Week Digital Event kicks off on July 14th with diverse topics being covered each week.

Infrastructure July 28th
Security August 4th
Data Analytics August 11th
Data Management and Databases August 18th
Application Modernization August 25th
Cloud AI September 1st
Business Application Platform September 8th


Full Information and Session times here:  https://cloud.withgoogle.com/next/sf

Azure Virtual Events

Microsoft have a full schedule of Virtual Events

A  full list including session times and details are here : https://azure.microsoft.com/en-us/community/events/

AWS Events:

AWS events are pretty fluid at the moment, with most in-person events being cancelled or postponed. There are a number that have been taken online and full details can be found here: https://aws.amazon.com/events/

Thanks for reading again this week, we hope you found something useful. 

hava.io allows users to visualise their AWS, GCP and Azure cloud environments in interactive diagram form including unique infrastructure, security and container views. hava.io continuously polls your cloud configuration and logs changes in a version history for later inspection which helps with issue resolution and provides history of all configs for audit and compliance purposes.

If you haven't taken a hava.io free trial to see what the GCP, Azure and AWS diagram generator can do for your workflow, security and compliance needs - please get in touch. 


You can reach us on chat, email sales@hava.io to book a callback or demo.