Welcome to the newest episode of The Cloud Pod podcast! Justin, Ryan, Jonathan, and Matthew are all here this week to discuss the latest news and announcements in the world of cloud and AI – including New Relic Grok, Athena Provisioned Capacity from AWS, and updates to the Azure Virtual Desktop.
Titles we almost went with this week:
None! This week’s title was SO GOOD we didn’t bother with any alternates. Sometimes it’s just like that, you know?
A big thanks to this week’s sponsor:
Foghorn Consulting, provides top-notch cloud and DevOps engineers to the world’s most innovative companies. Initiatives stalled because you have trouble hiring? Foghorn can be burning down your DevOps and Cloud backlogs as soon as next week.
📰News this Week:📰
01:27 – Quick reminder – Finops X Foundation Conference is almost here!
- This is the annual FinOps Foundation Annual User Conference, and it is taking place June 29th through the 31st in Beautiful San Diego, California.
- Hundreds of your fellow practitioners will be sharing their FinOps knowledge, collaborating in chalk talks and networking together.
- Why should you attend? Great question. Let me tell you. 1) There’s a party on an aircraft carrier. Need more? You got it. 2) You can learn best practices when it comes to FinOps and save your company lots of money – you’ll be a hero! (Look at the economy and current interest rates. Heroic is an understatement.) Need another reason? Look no further! Justin will be there! We know you’ve always wanted to chat with him in person. No? How about free stickers? Free stuff is good. Everyone loves stickers.
02:47 New Relic is back on the pod – and they’ve got something new
- If you remember a few weeks ago, we had someone from New Relic on the pod, and they told us **something** was coming, but weren’t quite ready to tell us what it was – and now, it’s here!
- New Relic is throwing their hat into the AI ring – Grok.
- Grok will allow engineers to use large language models to help utilize natural language when performing many of the routine tasks in New Relic, like setting up instrumentation, building reports, or managing accounts.
- Engineers can sift through the data more easily and come through their unified telemetry data without having to write complex queries.
- From New Relic: “Observability tools exist to serve the DevOps and DevSecOps movements. Engineers use observability tools to get the data they need to operate and secure the software they build,” said New Relic Chief Product Officer Manav Khurana. “The reality, howeve r, is that it’s hard for every engineer to translate a question they have into a data model, sift through their tools to find the right data, and then translate data back to an insight in natural language. That’s why DevSecOps practices are lagging behind all the innovation in Observability tooling. Now with Generative AI, there will be an explosion of new software developed in a completely different way, creating even more complexity to operate and secure software.”
04:28 📢Jonathan – “It’s funny they called out specifically the DevSecOps, though, as a team that needed this kind of assistance.”
04:40 📢Justin – “Well, I mean, I think DevSecOps as a practice is really still pretty immature. I think the DevOps movement was a little bit more active because it was also the time we were doing web scale. We were doing a bunch of things. And so there was a lot more momentum behind DevOps.”
- AWS is not launching the ability to provision capacity when running your Athena Queries. As many of you know, Athena is a query service – based on presto – that allows you to analyze data in S3.
- Data sources include on-premise and other cloud systems, and use standard SQL queries; and Athena is serverless, so there is no infrastructure to manage.
- Until today, you only paid for the queries you ran, but the times, they are a changin’.
- Now you can get dedicated queries and use a new workload management feature to prioritize, control and scale your most important queries, paying only for the capacity you provision. AWS says customers have been asking for this feature for some time, as Athena costs can get out of hand right quick, and it was difficult to forecast those costs.
- To solve this, they are introducing the capability to provision dedicated query processing capacity at scale, and with provision capacity, you can provision a dedicated set of compute resources to run your queries, and this always-on capacity can serve your business critical queries with near-zero latency and no queuing. such as cost, concurrency, and query prioritization.
- Users now have control over workload performance characteristics such as cost, concurrency and query prioritization.
- Users only pay for the capacity provisioned – not for the actual usage. This will help bills stay predictable.
- You reserve the capacity in Data Processing Unit (DPU). A single DPU is equivalent to four vCPU and 16gb RAM. The minimum capacity you may provision is 24 DPU for 8 hours. This new provisioned capacity for Athena is ideal for those of you running any volume of queries, but the sweet spot to start using provisioned capacity is when you spend $100 or more per month on Athena, which is a pretty low break even point.
- It seems to be built with an 8 hour workday in mind; you can turn it on in the morning and turn it off at night, then just pay for on demand queries outside of those hours.
10:30 📢Jonathan – “$100 is pretty easy to reach with Athena…I think I’d kind of like to find a middle ground where you can just literally set a maximum maximum concurrency for Athena without paying for provision capacity upfront to say, okay, don’t let me spend more than this, but I still want to use it from the serverless pool.”
12:28 📢Justin – “I can see how this makes a lot of sense in a SaaS app, especially one that’s potentially querying different data sources that aren’t owned by a company, because what would prevent you from embedding a thing into your product? Customer goes and points it at their S3 bucket has 25 petabytes of data in it and runs this tool and gets data out of it, but now all of a sudden you have a bill that’s very large based on all that data consumption that could be probably problematic.”
- Did anyone else read this announcement from AWS and initially assume it meant Compute Optimizer is telling us we need to kill all of our SQL server workloads? No? Just us? Ok – moving on.
- AWS Compute Optimizer now supports inferred workload types by filtering on the Amazon EC2 instance recommendations.
- This inferred workload type features ML, and automatically detects the applications that might be running on your AWS resources.
14:52📢Justin – “When they say ML here, I assume they mean we had a regex that basically said, oh, hey, your EC2 instance is using a Microsoft with SQL Server license included, **or** that it’s an EC2 instance that potentially has an inbound port on port 1433, which would be Microsoft SQL Server. So I’m not really sure how much ML is actually there. But it’s a nice idea.”
16:09 📢Ryan – “I really did just read this as optimizers just no longer going to target Microsoft SQL workloads. It’s just going to exclude them from any optimization.”
17:06 It’s EXTREMELY important for all of you to know that Google’s #1 priority is optimizing your costs. Let’s just get that out of the way first thing.
- It’s so important to them they’re now offering discounts! Specifically, they’re offering committed use discounts for RHEL and RHEL for SAP on Compute Engine. These new CUDs can save you up to 24% when compared to on-demand PAYG prices.
- Once your commitment is created with your RHEL (Red Hat Enterprise Linux) based systems, you will now automatically receive the discount and when your commitment runs out you’ll just revert to on-demand pricing. Once you are in an active commit, you cannot cancel or edit it.
- Interestingly, Amazon had recently announced the same thing…
- GCP has said many of their customers are leveraging Kubernetes with stateful workloads and data on Kubernetes, but customers are looking for more integrated solutions across compute and storage.
- Enter Cloud Storage FUSE – objects in cloud storage buckets can be accessed as files mounted as local file systems, providing a frictionless experience for applications that need file system semantics (as long as you don’t actually try to do file things on them.)
- Cloud Storage FUSE is available today in Preview, with official Google Support.
- Fuse capability supports GCS, providing portability, massive scale, streaming data support, built-in support for GKE Standard and Autopilot, non-privileged access, and authenticating out of the box and extensive support for accelerators to make your life easier.
20:36 📢Ryan “This is another thing that’s going to blow up in my face when you make me run SQL servers on Kubernetes.”
22:45 📢Justin – “So if any of our listeners have done SQL Server on Kubernetes at any level of scale and either failed horribly or were successful, I’d love to hear from you.”
(Jonathan would like to request that everyone only send their horror stories.)
- Lots of new features for the Azure virtual desktop this week
- Updates include FSLogix profiles for Azure AD, which joined VMs in Azure Virtual Desktop.
- If you’re not familiar with FSLogix ( like we weren’t) it’s apparently a more fancy version of your desktop experience on an RDP thing. And yes, “thing” is the technical term.
- Additionally, there’s a fix for the FSLogix 2210 bug – and they’re REALLY excited about this.
- Azure Virtual Deskop Insights at Scale – Reporting of key information across resources in one view
- RDP Shortpath for public networks using the STUN protocol; which improves the transport reliability of Azure VD connections over public networks by establishing a direct UDP-based data flow between the remote desktop client and session hosts.
- Symmetric Nat support for Azure Shortpath
- Watermarking on Azure VD
- Private link for Azure Virtual Desktop
- Microsoft Teams Application Windows Sharing – Which begs the question, what OTHER bugs live in Azure VD that this was a bug that needing fixing?
26:10📢Justin – “Every screenshot you get has Microsoft Azure in the background, so everyone knows you’re using Azure.”
30:52 Next up, for those of you who like to burn money using firewalls on Azure, they now support the virtual WAN with their first SaaS offering
- The offering is coming from Palo Alto networks, where you can subscribe to the “next generation firewall” which is an Azure native ISV service.
- “At Microsoft, we are dedicated to ensuring that Microsoft Azure is the most trusted and secure cloud platform. With the preview release of the Palo Alto Networks Cloud NGFW for Azure, we are pleased to expand our ecosystem of native ISV solutions and provide customers and developers with more options to meet their security needs. This collaboration between Palo Alto Networks and Microsoft combines the scalability and reliability of Azure with Palo Alto Networks expertise to help safeguard our customers against the latest threats.”—Julia Liuson President, Microsoft Developer Division at Microsoft.
- “More and more of our customers are running their business critical applications in Azure and are looking to us to help keep those workloads secure. With Cloud NGFW for Azure we are excited to combine Palo Alto Networks best-in-class security with the scalability and reliability of Azure to provide our mutual customers the ability to run their applications with confidence. As a managed Azure Native ISV service, we are proud to deliver the ease of use customers expect from a cloud native experience.”—Lee Klarich, Chief Product Officer, Palo Alto Networks.
27:55📢Matt – “This is the opposite of cloud native.”
27:57📢Ryan – “Well, it’s at least not a virtual device, plugged into your network and just sort of duct taped to the outside saying ‘look, security!’ You know, so if you’re going to use Palo Alto for these services, and maybe you’ve already got a whole bunch of investment for an on-prem work site; like at least this is a path forward that I can do. It’s got some scalability. I’m hoping it’s got a deep integration that’s beyond the virtualization presentation layer.”
Continuing our Cloud Journey Series Talks
31:52 Taking a little side step today – instead of talking about cloud native, we’re taking a look at an article recently put out by HashiCorp.
- Why you should run your platform team like a product team (hashicorp.com)
- Ryan, Jonathan and Justin discuss this very issue often times when they talk about building services. The article is a great recap of some of their most recent content regarding CCOE.
33:50 📢Ryan – “ These infrastructure focused teams are were becoming platform teams, whether they knew it or not, right? Cause that’s how complex the business has become, and how fast things need to move. That’s really the only answer. You’re gonna have too many customers to sort of just run infrastructure in a traditional way.”
34:27📢Jonathan – “I think those SLAs are the important thing for me because there’s always the assumption if you’re an infrastructure team or operations team that you’ll provide 100% uptime, you’ll always be on call, you’ll always jump on the current need of the day. And I think the move to the mindset that actually we’re building platforms and development teams are our customers sort of helps formalize the idea that actually this is a service and we do have an SLA and you are a customer and we have to take your needs into consideration, but also the needs of the rest of the business.”
38:09 📢 Jonathan – “I think even having a product manager for the platform itself would be interesting because typically that’s a very customer-facing role in the business’s customers, rather than internal customer-facing role. I think the person who takes on that role would probably have to be somebody who’s very familiar with the platform itself.”
46:34 📢 Justin – “Definitely check it out. If you’re looking to build a platform team or you’re running a cloud platform team that is trying to move to DevOps and DevSecOps, and make your team better, this is a great article for food for thought and to kind of get you thinking in the right direction about IT as a service.”
Spotted on the Horizon
Next week on the Cloud Pod Podcast…
News From the Clouds That Didn’t Make the Main Show
- Amazon GuardDuty Malware Protection adds on-demand scanning
- AWS SimSpace Weaver Snapshots are now generally available
- AWS Config now supports 23 new resource types
- Amazon EC2 now supports AMD SEV-SNP
- Amazon RDS now supports M7g and R7g database instances
- Amazon EC2 C6id, M6id, R6id instances are now available in additional regions
- Amazon MSK now offers multi-VPC private connectivity and cross-account access
- AWS Fault Injection Simulator now supports Amazon EC2 Instance disk fill
- Amazon Managed Grafana now supports workspace configuration with version 9.4 option
- AWS Verified Access is now generally available
- Amazon S3 now applies two security best practices to all new buckets by default
- Amazon Route 53 Resolver endpoints for hybrid cloud are now available in three new AWS Regions
- Amazon CloudWatch adds new console capabilities and data visualizations
- Amazon Location Service adds support for long distance matrix routing
- Amazon QuickSight launches two suites of data ingestion APIs
- AWS Lambda adds support for Java 17
- Contact Lens for Amazon Connect evaluation capabilities are now generally available
- AWS IoT Core Device Advisor announces support for MQTT over WebSocket
- Amazon SageMaker accelerates local ML code conversion to remote jobs
- https://aws.amazon.com/about-aws/whats-new/2023/05/aws-health-publishes-events-eventbridge-primary-backup-regions/ https://aws.amazon.com/about-aws/whats-new/2023/05/amazon-sns-message-data-protection-additional-regions/
- Azure Event Hubs Dedicated self-serve scalable clusters for mission critical Kafka, AMQP and HTTPs workloads
- Azure Cosmos DB for PostgreSQL Data Encryption with Customer Managed Keys
- General Availability: Centrally Managed Azure Hybrid Benefit for SQL Server
- Public Preview: Azure API Management and Microsoft Defender for APIs integration
- Public Preview: Azure Monitor Metrics Dataplane API released
- Generally available: Azure Monitor alerts now suggests signals to alert on
- Generally Available: Operation Abort in AKS
- Generally Available: Inbound IP restrictions for Azure Container Apps
- Public preview: Session affinity for Azure Container Apps
- Generally Available: TCP support for Azure Container Apps
- Generally available: Synthetic GraphQL
- Generally available: API Management Authorizations
- Public Preview: Support for Azure VMs using Premium SSD v2 in Azure Backup
- Experience the power of stable diffusion and NVIDIA Live Portrait at Open Data Science Conference 2023
- Using OCI Network Firewall for SSL decryption
- Creating a disaster recovery solution and migrating SQL Server databases with reduced downtime using log shipping on OCI
And that is the week in the cloud, we would like to thank our sponsors Foghorn Consulting. Check out our website, the home of The Cloud Pod where you can join our newsletter, slack team, send feedback or ask questions at thecloudpod.net or tweet at us with hashtag #thecloudpod