This week's roundup of all the cloud news.
Quite a bit of activity from the big 3 cloud vendors this week, all the details are below.
Here at Hava a number of roadmapped enhancements are well into beta testing now and due for general release soon, including an embeddable diagram viewer, comprehensive compliance reporting module and a true 3d view. Keep an eye on our blog or hit up chat support if you're interested in a sneak peek at the new features.
Here's all the latest from the big three.
AWS Fargate increases default resource count service quotas
AWS Fargate, the serverless compute engine for containers that works with both Amazon Elastic Container Service (ECS) and Amazon Elastic Kubernetes Service (EKS), increases the default service quotas (also commonly known as limits) for On-Demand and Spot resource counts. You can now launch up to 500 concurrent ECS tasks and EKS pods running on Fargate On-Demand and 500 concurrent ECS tasks running on Fargate Spot, up from 100 and 250 respectively. These are default quotas for an account in a given AWS Region, but you can always raise these values by requesting a service quota increase.
The new quotas apply in all Regions where AWS Fargate is available. The higher quotas are reflected in your account automatically and you do not have to take any action. If your account has an approved quota that is higher than the new default quota, you will continue to have that higher applied quota.
Amazon Workspaces releases End User Computing Dashboard workshop
Amazon WorkSpaces released a self-guided workshop that helps customers use AWS services to build and deploy the End User Computing dashboard. You can provide the dashboard to your help desk staff so that they can send the registration code email to a user, or stop, start, restart, and restore a user’s WorkSpace without having to access the WorkSpaces console. To get started, see Create End User Computing Dashboard in the Hands-On Tutorials for Amazon Web Services (AWS).
Usability Improvements for AWS Management Console now available
This week AWS launched usability improvements for the AWS Management Console’s navigation header and footer. The improvements include a refreshed and responsive navigation header and footer, an easier way to add or remove services to your favorites list in the navigation header, and an increase in the number of services you see in the “Recently visited” section, from 5 to 15. Depending on your browser support, you can also access the navigation menu items using a keyboard.
Previously, AWS customers could only favorite a small number of services in the navigation header or had to remember the icons for those services when they wanted to favorite a few more. Customers also faced challenges while using drag and drop while managing their favorites. The usability improvements in the navigation header addressees these issues.
AWS CloudFormation now supports StackSets in the CloudFormation Registry
AWS CloudFormation has expanded the CloudFormation Registry to include the StackSets resource type. StackSets is a CloudFormation feature that allows you to centrally manage deployment of cloud resources to multiple AWS accounts and regions in a single operation. You can now model, provision, and manage your stack sets resources alongside other AWS resources through CloudFormation in a predictable and reliable way.
With StackSets included as a resource type in the CloudFormation Registry, you can use CloudFormation features such as resource import to bring your existing stack sets into CloudFormation’s management and then leverage CloudFormation functionalities such as intrinsic functions and resource attributes to manage your stack sets resources. Using StackSets, you can extend the functionality of CloudFormation by centrally creating, updating, or deleting CloudFormation supported resources across multiple AWS accounts and regions. For example, you can deploy your centralized AWS Identity and Access Management (IAM) roles and provision Amazon Elastic Compute Cloud (EC2) instances across AWS accounts and regions in a single operation. The source code for the StackSets resource type is now publicly available on GitHub, enabling the community to provide feedback and contribute enhancements.
AWS AppFlow now supports AWS CloudFormation
Amazon AppFlow now supports AWS CloudFormation for creating and configuring Amazon AppFlow resources such as Connector profile and Amazon AppFlow Flow along with the rest of your AWS infrastructure—in a secure, efficient, and repeatable way. Amazon AppFlow is a fully managed integration service that enables AWS customers to securely transfer data between AWS services and software-as-a-service (SaaS) applications. The Amazon AppFlow APIs and SDK give developers programmatic access to Amazon AppFlow functionality, enabling developers to set up flows between source and destinations supported by Amazon AppFlow, create connector profiles and execute flows programmatically.
Amazon Elasticsearch Service now offers T3 Instances
Amazon Elasticsearch Service now offers the latest T3 (general-purpose) instances which offer superior performance and larger storage capacity compared to the previous generations. The T3 instances also support our recently launched features like encryption at rest and in-flight, role based access control, HTTP compression, custom dictionary, SQL, alerting, anomaly detection, and cross-cluster search.
T3 instances offer a balance of compute, memory, and network resources. T3 instances are powered by the AWS Nitro System which includes a lightweight hardware-accelerated hypervisor, delivering practically all of the compute and memory resources of the host hardware to the instances. T3 instances also feature the latest high frequency Intel Xeon Scalable processors which, combined with the AWS Nitro System, result in better price to performance improvement over T2 instances. T3 instances also support enhanced networking with up to 5 Gbps in network bandwidth using the Elastic Network Adapter (ENA).
You can now provision up to 5.7x more EBS storage per instance (e.g. T3.medium supports up to 200 GB of EBS storage per instance), which lets you index more data with fewer instances and gain additional cost savings. Further savings are available via reserved instance (RI) pricing for the T3.medium.
Amazon Aurora Increases Max Storage to 128TB
You can now create Amazon Aurora database clusters with up to 128TB of storage. The new storage limit is available for both the MySQL- and PostgreSQL-compatible editions of Amazon Aurora. Previously, Aurora database instances supported 64TB of storage.
With an increased storage limit of 128TB, you’re less likely to reach the limit when you scale up your application on a single Amazon Aurora database cluster. This means you won’t need to delete data or to split the database across multiple instances. Learn more by visiting the Amazon Aurora Storage and Reliability documentation.
128TB support is available with Aurora MySQL engine version 1.23, compatible with MySQL 5.6, with engine version 2.09, compatible with MySQL 5.7, and with Aurora PostgreSQL 9.6.17, 10.12 and 11.7.
AWS Glue Studio launched
AWS Glue Studio is a new visual interface for AWS Glue that makes it easy for extract-transform-and-load (ETL) developers to author, run, and monitor AWS Glue ETL jobs. You can now use a simple visual interface to compose jobs that move and transform data and run them on AWS Glue. You can then use AWS Glue Studio’s job run dashboard to monitor ETL execution and ensure that your jobs are operating as intended.
AWS Glue Studio makes ETL accessible to the many users who are new to Apache Spark programming and to users who are accustomed to ETL tools with boxes-and-arrows interfaces. Without writing code, users of all experience levels can now take advantage of big data processing on AWS Glue’s serverless Apache Spark-based ETL platform. They can also use the AWS Glue Studio job monitoring dashboard to get a global view of their ETL execution and resource usage.
AWS Security Hub adds 14 new controls to AWS Foundational Security Best Practices standard
AWS Security Hub has released 14 new automated security controls for the AWS Foundational Security Best Practices standard related to AWS EC2 (EC2.7 and EC2.8), Amazon EMR (EMR.1), AWS KMS (KMS.1 and KMS.2), Amazon RDS (RDS.4, RDS.5, RDS.6, RDS.7, and RDS.8), Amazon S3 (S3.6), and AWS Secrets Manager (SecretsManager.1 and SecretsManager.2). Security Hub now supports 90 security controls to automatically check your security posture in AWS.
CloudRun for Anthos brings eventing to your Kubernetes microservices
Building microservices on Google Kubernetes Engine (GKE) provides you with maximum flexibility to build your applications, while still benefiting from the scale and toolset that Google Cloud has to offer. But with great flexibility comes great responsibility. Orchestrating microservices can be difficult, requiring non-trivial implementation, customization, and maintenance of messaging systems.
Cloud Run for Anthos now includes an events feature that allows you to easily build event-driven systems on Google Cloud. Now in beta, Cloud Run for Anthos’ event feature assumes responsibility for the implementation and management of eventing infrastructure, so you don’t have to.
gVisor: Protecting GKE and serverless users in the real world
Security is a top priority for Google Cloud, and they protect customers through how they design their infrastructure, services, and how they work. Googlers created some of the fundamental components of containers, like cgroups, and GCP were an early adopter of containers for internal systems. They realized they needed a way to increase the security of this technology. This led to the development of gVisor, a container security sandbox that GCP have since open sourced and integrated into multiple Google Cloud products. When a recent Linux kernel vulnerability was disclosed, users of these products were not affected because they were protected by gVisor.
Azure release a host of infrastructure capabilities
This week Microsoft highlighted some of the new features they’re making to enhance remote work and business continuity:
- Preview of the Cisco SD-WAN native support within the Azure Virtual WAN hubs. This will enable customers to take advantage of SD-WAN (Software-Defined Wide Area Network) to improve performance while retaining existing investments and skills.
- Preview of the global load balancer feature for Azure Load Balancer. Customers can now use this feature for latency-based traffic distribution across regional deployments or use it to improve application uptime with regional redundancy.
- Coming soon in preview, new capabilities for Windows Virtual Desktop. Support of Microsoft Endpoint Manager for Windows 10 multi-session will enable a familiar method for securing and managing virtual desktops, the same ways as physical devices. Azure Monitor integration will provide customers with a workbook that captures all the relevant monitoring telemetry and rich visualizations to identify and troubleshooting issues quickly. The MSIX app attach portal integration with Windows Virtual Desktop will enable the ability to add application layers from the Azure portal—with just a few clicks.
- Preview of Backup Center to enable customers with the capability to monitor, operate, govern, and optimize data protection at scale, with a consistent management in the Azure portal. Backup Center is also an action center from where you can trigger backup related activities, such as configuring backup, restore, creation of policies or vaults—all from a single place.
- Preview of backup support for Azure PostgreSQL through Azure Backup to enable long-term retention for Azure PostgreSQL.
- Preview of cross-region-restore capabilities for SQL and SAP HANA backups through Azure Backup to enable customers to restore backup data from a secondary region at any given time.
- Preview of Azure Automanage for Windows Server to help customers significantly reduce day-to-day management tasks with automated operations across the entire lifecycle of Windows Server virtual machines (VMs) on Azure. IT admins can now manage their VMs with point-and-click simplicity, individually or at scale.
- Preview of the Windows Admin Center in Azure to enable customers to perform deep Windows Server OS management on their Azure Virtual Machines right from Azure.
- Preview of Azure Hybrid Benefit with improved flexibility and enhanced user experience for Red Hat Enterprise Linux and SUSE Linux Enterprise Server customers migrating to Azure. Customers can convert their pay-as-you-go instances to bring their own subscription without any downtime and maintain business continuity.
- General availability of Flatcar Container Linux, compatible with CoreOS (which reached its end-of-life on May 26, 2020). Flatcar is an immutable Linux distribution making Flatcar Container Linux a viable and straightforward migration choice for container workloads running on Azure.
- Preview of the Azure Image Builder to streamline cloud native image building and customization process without the need of external IP addresses, providing customers better protection against vulnerabilities. This will be generally available by the end of this year.
- General availability of Azure VMware Solution. Seamlessly extend or completely migrate existing on-premises VMware applications to Azure without the cost, effort, or risk of re-architecting the application. With Azure VMware Solution, customers experience the speed and agility of the cloud, while using existing VMware skills and tools, making Azure your one-stop shop to achieve cost savings and accelerate cloud adoption.
- Preview of the ability to schedule Dedicated Host and isolated VM maintenance operations, giving customers more control over platform updates. Customers can also automate guest OS image updates on Virtual Machine Scale Sets, reducing manual upkeep.
- Preview of two new Azure Dedicated Hosts features to simplify VM deployment at scale. When deploying Azure Virtual Machines in Dedicated Hosts, customers can enable the platform to select the host group to which the VM will be deployed. Customers can also use Virtual Machine Scale Sets in conjunction with Dedicated Hosts to enable use of scale sets across multiple dedicated hosts within a dedicated hosts group.
- Preview of automatic VM guest patching to automate rollout of security patches and simplify application management, including enhanced monitoring capabilities.
- Preview of the price history and associated eviction rates of Azure Spot Virtual Machines in the Azure portal to provide increased Azure costs transparency and predictability.
- General availability of new Azure Virtual Machines. The Intel 2nd generation Intel Xeon Platinum processors offer up to 20 percent greater CPU performance and better overall price-per-core performance compared to the prior generation. The new AMD EPYC™-based Dav4 and Eav4 Azure Virtual Machine series provides increased scalability (up to 96vCPUs) in 18 regions.
- Preview of the NC T4 series VM and the ND A100 Series to enable AI computing. These VMs offer powerful and massively scalable AI VMs. With these new VM sizes and capabilities, customer can benefit from a greater range in underlying processor technologies.
- General availability of Azure Private Link integration with disks to enhance the security of disk storage. This provides secure imports and exports of data over a private virtual network.
- General availability of support for 512E format on Ultra Disks to enable migration of on-premises legacy applications to Azure with Ultra Disks, giving customers the ability to benefit from best-in-class performance of Ultra Disks.
- Preview of disk performance tiers to offer the flexibility to increase disk performance independent of size, reducing costs.
Protect multi-cloud workloads with new Azure security innovations
This week Azure announced a broad set of innovations to help you protect multicloud and Azure workloads including:
- New branding experience, additional protections, and CyberX integration for Azure Defender.
- User and entity behavior analytics and threat intelligence for Azure Sentinel.
- Multi-cloud security posture management for Azure Security Center.
- Managed hardware security module for Azure Key Vault.
- Expanded security control assessments with the Azure Security Benchmark v2.
- Additional service support for Customer Lockbox for Azure.
- Double Encryption for data at rest and transit.
Whether you’re protecting Azure or protecting your entire enterprise with Azure security tools, these improvements are built to help simplify and empower you to focus on what’s important.
Google Cloud Virtual Events
To support the unique needs of GCP customers in Europe, Middle East, and Africa, on 29 September GCP are kicking off a brand-new Next OnAir event exclusively for EMEA.
Google Cloud Next OnAir EMEA offers a full roster of curated content, including more than 30 new sessions specially tailored to the region. Join Google experts and local customers to learn how organizations are already transforming in the cloud, and connect and collaborate with industry experts to solve your toughest challenges.
Each week Google will be highlighting a different focus:
29 Sept: Industry insights—Hear about how businesses are successfully transforming with Google Cloud across industries and between customers and ecosystem partners.
6 Oct: Productivity and collaboration—Discover solutions designed for humans that are changing how teams work.
13 Oct: Infrastructure and security—Explore discussions on workload migration, management, and modernisation, and learn how to protect your business from online threats.
20 Oct: Data analytics, data management, databases, and Cloud AI—Learn about how to migrate and do more with your data on a serverless, fully-managed platform and with artificial intelligence.
27 Oct: Application modernization and business application platform—Explore how to develop and modernise applications with open source and other software, and how APIs give you better visibility and control.
Register today, for free, on the Next OnAir EMEA website. You’ll get full access to all 30+ sessions being presented throughout the five-week event alongside the more than 250 sessions created for the global Google Cloud Next ’20: OnAir program.
Azure Virtual Events
Microsoft have a full schedule of Virtual Events
A full list including session times and details are here : https://azure.microsoft.com/en-us/community/events/
AWS events are pretty fluid at the moment, with most in-person events being cancelled or postponed. There are a number that have been taken online and full details can be found here: https://aws.amazon.com/events/
Thanks for reading again this week, we hope you found something useful.
hava.io allows users to visualise their AWS, GCP and Azure cloud environments in interactive diagram form including unique infrastructure, security and container views. hava.io continuously polls your cloud configuration and logs changes in a version history for later inspection which helps with issue resolution and provides history of all configs for audit and compliance purposes.
If you haven't taken a hava.io free trial to see what the GCP, Azure and AWS automated diagram generator can do for your workflow, security and compliance needs - please get in touch.
You can reach us on chat, email firstname.lastname@example.org to book a callback or demo.