Weekly Roundup: November 25th

Welcome to This Week in DevOps where I bring you the top news in the DevOps world every week. Don’t forget to Subscribe if you’re reading this on the Blog to get this info straight to your inbox each week. If you’re receiving this via email, thanks for being a subscriber!

AWS

AWS::SystemsManager – Explorer is a multi-account and multi-region operations dashboard

Systems Manager Explorer allows you to easily collect monitoring information and alerts from EC2, CloudWatch, Config and Systems Manager itself. In addition you can aggregate information from multiple accounts and regions if you’re using AWS Organizations.

AWS seems to be focused on making multi-account and multi-region operations easier lately, which is fantastic because they recommend multi-everything more or less as part of standard cloud best practices. While this particular update is only useful for those using Systems Manager the overall focus is clear and that’s the most important take-away from this announcement.

AWS::ALB – Introducing Weighted Target Groups

ALB listener rules used to allow only one target group in the “forward” action setting, but you can now include multiple target groups and assign a weight to each. Previously weighted routing for things like Blue/Green deployments was handled via DNS, which was slow and offered limited visibility.

This is a huge step forward for anyone using ALBs for applications with high uptime requirements and complex deployments. Incorporating weighting and metric thresholds into CI/CD pipelines to automatically roll deployments forward and back will be much easier and more responsive now.

AWS::EBS – Fast Snapshot Restore

This does more or less exactly what it says. When enabled this makes snapshot restorations on EBS much faster. Fast Snapshot Restore must be enabled on a per availability zone basis and costs $0.75 per hour per availability zone where it is enabled.

In addition there is a credits system which is based on the size of the underlying EBS volume and refills automatically over time. If this all sounds familiar it’s because it seems to work similarly to EBS volume burst credits and EFS volume IO credits. For specific example scenarios and numbers see the link above.

AWS::ECR – EventBridge Support

ECR now supports EventBridge which allows you to trigger events based on repository actions such as deleting or pushing an image version. This seems like it’s basically CI for your container repo. Eventbridge actions could be as simple as posting a message to a slack channel or they can trigger complex actions. Any action supported by EventBridge seems to be fair game so the possibilities are plentiful.

AWS::CloudTrail Insights

AWS CloudTrail Insights is a new CloudTrail feature which – when enabled – generates alerts based on deviations from normal baselines. You could call this AI or Machine Learning or even good old fashioned Data Science but if it works as advertised it should be a great and relatively painless addition to your alerting arsenal.

An example of how this might help is if you suddenly lose an abnormal number of ECS hosts in your cluster due to a configuration update error. This would ostensibly generate an alert based on that event and let you take appropriate corrective action sooner.

Events can be sent to an S3 bucket in addition to CloudWatch and a CloudWatch Log Group. AWS notes that “CloudTrail Insights costs $0.35 for every 100,000 write management events analyzed for each Insight type” which is more or less exactly as opaque as I would expect pricing on an AWS product to be.

AWS::DynamoDB – Convert single region tables to global tables

You can now convert single region DynamoDB tables to global tables. This should save a lot of time if you have old single region tables that you want to use globally. Note that converting a table to global doesn’t make it available everywhere, it just allows you to add new regions for that table. You still have to add each region to the table manually.

GoogleCloud

GoogleCloud::Istio – Version 1.4 Released

The service mesh wars continue with the release of Istio 1.4. Istio is one of the top mainstream service mesh contenders and has backing from IBM and Lyft in addition to Google. It’s unclear how much Google uses Istio internally but they do seem committed to making it an open and extensible platform for container orchestrators such as Kubernetes.

GoogleCloud::AIExplanations – Increased visibility into Cloud AI results

The lack of ability to explain AI results has long been a pain point for users of black box AI services. AI Explanations attempts to address this by reporting on the weighted influence factors of data which went into the model. This is unlikely to solve all issues around the opaqueness of AI outputs but it’s a nice first step that should lead to better transparency and overall outcomes.

GoogleCloud::BareMetal – Certified hardware for legacy applications

The announcement for this one was so filled with Enterprise Buzzwords that I had to read very closely to understand what it actually does. It appears to be specialized data centers run by Google with hardware certified for legacy applications such as Oracle Databases.

These data centers are connected to Google Cloud via a dedicated redundant interconnect which should allow for easier transfer of data in and out. This seems to be a play to get enterprises with large legacy COLO infrastures into the Google ecosystem. Since getting data into and out of the cloud is one of the biggest problems for Cloud <> COLO hybrid installations this will likely be a major step up for those operating within these types of constraints.

Azure

Azure::Region – Norway Now Open

Microsoft has announced the availability of a new Azure region in Norway. This appears to be a complete roll out of all Azure services to this region though that has not been confirmed.

Azure::Kubernetes – Confidential Computing

This allows you run Kubernetes workloads on secure hardware enclaves reducing the potential attack footprint risk from malicious cloud workloads. This appears to be enabled by Intel Software Guard Extensions.

To use this you must create a Kubernetes cluster on machines that are Software Guard compatible such as the DC-series and then enable the plugin. This should be useful as an added layer of protection for high risk workloads, but is unlikely to be adopted by normal users any time soon given the relatively high friction setup requirements.

Azure::VM – Native backup support for SQL Server 2019 running in Azure Virtual Machines

This is a zero-infrastructure solution for SQL Server backups if you are running on Azure VMs. In addition to SQL Server 2019 support they’ve added the ability to restore as files. You can now move your data formatted as .bak files across regions and restore anywhere you’d like.

This should be factored into any Azure Disaster Recovery plans for the future. Backups should always be tested regularly and this should easier to do which is always a good thing.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s