Bi-monthly cloud highlights and release notes from AWS, Azure, GCE & More
The Cloud Report is a bi-monthly blog post aimed to keep IT administrators and developers up to date on the world of cloud computing. We focus on the latest news and releases from cloud platforms like AWS, Azure, GCE, and OpenStack. We’ll also be talking about other popular technologies and tools, such as containers, load balancers and more.
Highlights on current release notes from each cloud platform.
Simple Query Service
You can now create FIFO (First-In-First-Out) queues for SQS. You will find FIFO queues useful if the order of operations and delivery of events is crucial in your applications. In the FIFO queue, messages have exactly-once processing, meaning that they remain in the system until the consumer processes it and deletes it. The difference between FIFO and Standard Queues is that Standards can fire off far more messages per second, but occasionally it’ll send duplicates and there’s no exact sense of order to the queue. Having gone through the experience of building an amalgamation of Redis and butchered Ruby code to create FIFO messaging, I (and many other developers out there) can appreciate this.
AWS SDK for Java
Updated support for the AWS Cost and Usage Report (analytics for your products and resources, like tracking spend across instance groups). Updates to AWS Config and AWS Marketplace Commerce Analytics. New support for OpsWorks for Chef Automate. Lastly, a few bug fixes for S3.
CloudTrail now includes support for CodeCommit and filtering by Event source in the CloudTrail console.
Docker platforms have been updated to version 4.2.0. There’s also new versions of the Elastic Beanstalk Windows Servers platforms.
Support for MariaDB version 10.1.19.
Azure & The Blockchain
Azure’s takes their blockchain strategy another step further as part of Project Bletchley. The finance and tech fields are getting excited about blockchain technology because ‘distributed ledgers are the future’. Even if the distributed ledger is between a few massive organizations instead of everyone.
From the Azure blog, here’s Microsoft’s strategy:
1. Build and learn from key partner-driven POCs built on top of various blockchain technologies
2. Grow the blockchain marketplace ecosystem & artifacts together with our partners & customers
3. Develop key Azure blockchain middleware services to ensure the infrastructure is enterprise ready
So the Project Bletchley vision is to help build abstraction layers on top of blockchain technology, then get developers and companies to build those abstraction layers on top of Azure. There’s this vague feeling in the air that blockchain technology could be massive like the Internet and TCP/IP protocols, so no one (especially Microsoft) wants to miss out on this opportunity.
Here’s an example of why financial behemoths are interested in blockchain technology: transparent stock ownership in private companies. Using an open-source platform like Multichain or Ethereum, you can create an ‘smart contract’ to represent shares in a company, create a set number of them, distribute them over time and have all transactions recorded by the blockchain. The goal here is to not use Excel spreadsheets to handle shares in a company. Also, lawsuits and complications behind ownership and control over companies can easily be reduced to looking at a distributed database that no one can quietly fiddle with.
Azure SQL Database is increasing its read/write performance.
Azure Automation is now available in Azure UK and US West 2. Users are able to create, monitor, deploy, and update Azure resources using ‘runbooks’, which perform a set of automated tasks. Sound familiar? It’s an orchestration platform similar to Chef, Puppet, or Ansible. They even have the Runbook Gallery, a collection of prewritten configurations for typical automated tasks. Examples of runbook tasks are updating security configurations across nodes. If your infrastructure is entwined with Azure it does make sense to use - though there’s a low number of runbooks available - but otherwise you’re locking yourself into just Azure instances. There are also DSC configurations to specify the desired state of a node.
Azure Security Center offers full support for Windows Server 2008, R2, and 2016. Prior to this, Azure Monitoring Agent wasn’t offered in Windows Server 2016. The Azure Monitoring Agent collects metadata from instances, and uses that information to inform users of security issues like missing system updates and vulnerable OS configurations. To set it up, visit Security Center and turn on data collection. There’s a three month free trial to get you hooked, then variable pricing follows that.
Cloud Resource Manager
Google has come out swinging with their competitor to AWS Organizations - Cloud Resource Manager. Cloud Resource Manager is hierarchical control for your organization, which organizes the assets in your account by Resources, Projects and Organization. At the base level is the Organization, which is the parent of all your Projects. Resources are the children of those Projects. Establish policies at the Organization root and it carries down to every Project and Resource. Establish it at the Project level, and it just propagates to the Resources inside that Project. GCP already uses Projects to separate resources so this is a natural evolution of that concept. Resource Manager establishes IAM policies across projects, giving administrators centralized control. You can also attach labels (by environment or owner) to resources, letting you filter resources inside Projects.
Google Cloud Platform for Data Center Professionals - Google has created a guide to help data center professionals convert over to the cloud. It compares different GCP products and services to the data center versions. It touches on security protocols, network infrastructure, bandwidth, capacity, and how Google’s facilities for GCP compare to individual data centers that enterprises typically have.
Cloud Key Management Service - Cloud based security key management for your organization. There’s a few cool things. First is automated key rotation schedules - set a time period and after it establishes new keys and generated and the old ones destroyed. There’s a 24 hour delay set on the key destruction policy, so in the rare event that your keys are deliberately deleted, there’s a period for you to notice any mishaps. It also hooks into IAM policies, so you can set keys for individual users and view key use logs.
And that’s it for this 2017 edition of Cloud Report - hope you enjoyed it. Don’t bother sifting through release notes, product updates and bug logs - that’s our job. Questions, comments, or concerns? Shoot us an email and let us know what you’d like to hear more about.
If you have any questions or feedback, please feel free to contact me directly at firstname.lastname@example.org.