Image courtesy of wireguard.com. WireGuard® is a new communication protocol that implements encrypted virtual private...
As our customers’ needs continue to evolve our controller and plugin systems have grown from a Swiss army knife of virtual devices to full-blown cloud edge networking functionality. We are hard at work finalizing the next major release of our VNS3 controller and as we look into the future we saw a need to reposition and re-package our offerings. In order to facilitate this transition we’re thrilled to announce that we’re starting off the new year with a brand new website, and we wanted to take the opportunity to explain our design choices and some of the decision making that is leading us forward.
New Messaging Goals
Our main goal in redesigning our website is to help new and existing customers better understand all of the many pain points that our offerings address while giving us a platform to talk about new packaging, pricing, and features as they relate directly to these use cases. We’ve also put a lot of work into our UI over recent years and are excited to be able to put product screenshots in the spotlight. We’re hoping new and existing customers will appreciate the increased transparency of a more direct messaging style as we move forward.
Another major focus of this transition is to get more users launching VNS3 to try it for themselves. We’ve spent a lot of time revamping our documentation site, and we’re adding more quickstarts with AWS Cloudformation, terraform, Azure, and more. As we move forward we’re planning to release more short-form, tutorial-focused content to help new and existing users get the most out of their VNS3 deployments. We’re also releasing new free tier packages like our People VPN offering that went live to address remote work needs that arose last year.
More and More AWS Local Zones
As announcements from the 2020 AWS re:Invent continue to roll out, one of the earlier announcements we were excited about was the promise of increased local zones in Boston, Houston, and Miami this year with the promise of twelve more zones coming online through 2021. These new local zones are intended to “provide access with single-digit millisecond latency to the vast majority of users in the Continental United States.” This is yet another step towards bringing the cloud down to the ground as more edge compute locations support different instance types, direct connect, and the most-used AWS services.
AWS Brings the Mac Mini to the Cloud
The opener to the 2020 re:Invent conference brought a surprising announcement for Mac and iOS app developers: new EC2 Mac instances powered by the Mac mini. This announcement comes on the heels of the recent M1 Mac mini launch and connects the Mac to the AWS Nitro System. This announcement also means that AWS is bringing Apple’s M1 Mac minis into the AWS data centers within the first half of 2021.
Intel and Google Hybrid and Multi Cloud Improvements
In an announcement via HPCwire this week, Intel and Google are officially collaborating to co-develop “reference architectures optimized for the now generally available ‘Anthos on bare metal’ solution.” This announcement is meant to target “data center and edge computing use cases,” and is another instance of new Intel processors being introduced to cloud computing infrastructure. This collaboration “allows enterprises to run Anthos on their existing on-prem physical servers, deployed on an operating system without a hypervisor layer.”
Salesforce Buys Slack for Over $27 Billion
In one of the largest deals in recent years, Salesforce acquired Slack with a combination of cash and stock that totalled over $27 billion. This latest acquisition comes on the heels of a slew of acquisitions by Salesforce in the past few years. CNBC suggests that “The acquisition will further intensify Salesforce’s rivalry with Microsoft, whose Teams chat and video service has emerged as Slack’s stiffest competitor.” This acquisition might also push companies away from using Slack given Salesforce enterprise-focused reputation.
IBM Cloud Quantum Safety Claims
An article this week from sdccentral reports that IBM is promising quantum-safe cryptography support for key management and application transactions in IBM Cloud. This is another step for IBM towards establishing themselves as a leader in quantum-safe networks. Any TLS encrypted data harvested today is at risk of being decrypted by quantum computers. This leaves any data in transit today vulnerable to these attacks in the future. IBM hopes to deliver quantum-safe cryptography for data in transit in the IBM Cloud, focusing their security strategy on open-source standards such as CRYSTALS and Open Quantum Safe.
IBM Cloud Automation and Data Paks
A recent article from Fierce Telecom highlights new automation and data capabilities coming to IBM’s cloud software portfolio. These IBM Cloud Pak updates “offer integrated data and AI capabilities that run on Red Hat OpenShift” starting on November 20. These updates “include industry accelerators for banking, warranty management, supply chain forecasting, and retail,” as well as Watson Machine Leraning Accellerator (WML-A) and other improvements.
Enterprise Decentralization of the World Wide Web
A recent ComputerWeekly.com article highlights the new startup Inrupt launched by World Wide Web inventor Tim Berners-Lee that promises decentralized web technology with more control for customers and users over their personal data. This enterprise version of the company’s push to give customers more control over their data boasts “a handful of early-adopter clients – including NatWest Bank, the BBC, the Flanders government in Belgium and the NHS.” The company chose these four organizations to develop “explicit use cases with large organisations” in order to quickly scale and adjust their offering to market needs.
Adapting to Cyberattacks in a COVID World
A recent Forbes article suggests that as we all continue to adapt to the immediate and consequential challenges presented by COVID, cyberattacks “are going through a digital transformation of their own this year.” The article cites a McAfee Labs COVID-19 Threats Report from July that claimed “a 630% increase in cloud services cyberattacks between January and April of this year alone.” The article outlines 5 key adaptations for cloud platforms into 2021:
- Prioritize Privileged Access Management (PAM) and Identity & Access Management (IAM) using cloud-native controls to maintain least privilege access to sensitive data starting at the PaaS level.
- Start using customer-controlled keys to encrypt all data, migrating off legacy operating systems and controls that rely on trusted and untrusted domains across all IaaS instances.
- Before implementing any cloud infrastructure project, design in Zero Trust Security (ZTS) and micro-segmentation first and have IaaS and PaaS structure follow.
- Before implementing any PaaS or IaaS infrastructure, define the best possible approach to identifying, isolating and correcting configuration mistakes or errors in infrastructure.
- Standardize on a unified log monitoring system that ideally has AI and machine learning built to identify cloud infrastructure configuration and performance anomalies in real-time.
Continued AWS Investment in Indian Infrastructure
Reports filtering in from TechCrunch and Fierce Telecom discuss a $2.8 billion investment from AWS to build a new AWS Cloud region in Hyderabad, “which is the capital and largest city” in the Indian state of Telanga. AWS Chief evangelist Jeff Barr highlights that “this is the latest in a long series of investments” for AWS in India. Barr also posits in his blog post that the continuing investment in Indian cloud regions will support innovation and cloud transformation into the “next generation of IT leaders in India.” This new region is scheduled to join the Asia Pacific cloud in 2022.
Continued Cloud Growth Despite COVID
A recent article from SiliconANGLE discussing cloud trends at this point in 2020 and suggesting that, while cloud growth may have been better without a global pandemic, “COVID has been a benefactor to cloud.” To support their claims they cite cloud revenue estimates from AWS, Azure, and GCP, which include lower but continued increases in revenue for all three platforms. The article goes on to discuss customer spending patterns, serverless computing, and cloud platform market share as indicators of increased cloud market growth.
DOD Doubles Down on Microsoft for JEDI Contract
According to an article from Yahoo! Finance, despite continued protest from Amazon Web Services, the US Defense Department “has completed a comprehensive review” of JEDI proposals and “determined that Microsoft’s offering continues to represent the best value to the government. It has been determined that Microsoft will be unable to begin fulfilling this contract immediately due to Amazon’s lawsuit filed “to challenge the contract process.”
Beware of Voice Phishers
In light of the COVID-19 epidemic, KrebsonSecurity reports hybrid phishing attacks targeting work-at-home employees. In an effort to trick them into “giving away credentials needed to remotely access their employers’ networks,” these attacks come in the form of “a combination of one-on-one phone calls and custom phishing sites.” KrebsonSecurity warns that these attacks are targeted at new hires and that domains used for these phishing sites often invoke the company’s name.
SASE and Zero Trust can Secure and Future-Proof your Remote Workforce Solution
Many journalists and experts in the cloud security industry agree that a Zero-Trust and SASE approach to network security for your remote workforce is more important than ever. An article from Threatpost suggests that a Zero Trust policy will reduce the attack surface of your remote working solution. In the face of the ever-evolving COVID-19 epidemic and its ramifications on future working environments, committing to a SASE approach (outlined both in this article and in a Networkworld article) will help provide IT staff with “full control and visibility over every user’s access throughout the organization’s networks and applications.” A SASE approach to network security is a decision that can help you secure your network now and for the future.
Verizon’s 5G Development Continues with Virtualized Cloud Security Hardware
ComputerWeekly.com reported recently that “Communications giant Verizon has revealed that a series of trials carried out by its network security engineers have proven successful in protecting its 5G infrastructure against security threats and in advancing security measures to protect the confidentiality, integrity and availability of Verizon’s 5G network.” Verizon appears to be solving the latency and vulnerability issues presented by introducing security hardware for “virtualizing many of these functions and moving them to the cloud.” This virtualized approach will be coupled with AI-powered network accelerators in order to reduce operational costs and increase efficiency.
Navy Looking for Cloud Solution to Ship-Mounted Network-Centric Naval Warfare
According to MeriTalk, “The Naval Sea Systems Command (NAVSEA) is seeking industry input as it looks to invest in ship-mounted cloud computing infrastructure as part of the Navy’s broader future strategy for network-centric naval warfare.” The Navy has stated that the plan is to leverage “edge cloud architecture using IaaS” to create a continuous development and computing infrastructure refresh cycle.
Register Security Roundup
The recent Register security roundup has highlighted issues with the recent Citrix vulnerability, TikTok security bugs and holes, and the Honey shopping addon being flagged as a security risk by Amazon, among other things. The Citrix security hole has created a situation where “up to 80,000 systems were thought to be at risk, with some 25,000 instances found online over the weekend.” We highly recommend double-checking to make sure you’ve addressed the situation effectively, as “A full patch for the hole is not due to be released by Citrix until January 20.”
Google Cloud Introduces Premium Support Plan
In a recent blog post, Google announced the introduction of a Premium Support Plan for enterprise customers in order to bring themselves up-to-par with support tiers from the likes of AWS and Azure. The promised 15 minute response time for P1 issues is now the industry standard across the board. The introduction of third-party technology support and promise of “Content aware expertise” should help to increase the overall quality and efficacy of Google’s support.
U.S. Financial Regulators Scrutinizing Cloud Data
A recent articlefrom the Wall Street Journal calls attention to increased auditing scrutiny from U.S. financial regulators concerning how firms manage data stored in the cloud. The article cites the Capital One breach as well as recent Facebook breach as obvious contributing factors. The SEC is hoping that their increased pressure on firms to properly and securely handle data in the cloud, especially as elected officials move to “label big cloud providers as systemically important because of their increasingly critical role in the industry.”
AWS Moves to Block JEDI Progress
According to a recent Federal Times article, “Amazon Web Services will ask a federal court to block the Pentagon and Microsoft from beginning work on the Department of Defense’s controversial enterprise cloud, according to a Jan. 13 court filing.” The grounds for this motion are allegations from AWS “in a December complaint that the contract award to Microsoft was influenced by President Donald Trump.” AWS has presented evidence in the form of “videos of Trump bashing Amazon in a 2016 campaign rally and saying ‘we’re going to take a look at it [the contract]’ in the Oval Office last summer.”
Microsoft’s 2020 Patch for Windows
KrebsOnSecurity published an articlerecently analyzing Microsoft’s first significant 2020 patch for Windows operating systems. The patch included “updates to plug 50 security holes in various flavors of Windows and related software.” KrebsOnSecurity highlights a severe bug ( CVE-2020-0601 ) in Windows 10 and Windows Server 2016/19 that the “NSA says the flaw may have far more wide-ranging security implications.” We highly recommend backing up and updating your systems as necessary to address this vulnerability.
Last week was AWS’s annual reinvent conference in the putatively beautiful and blissful Las Vegas. Andy Jassy, Amazon’s CEO, announced plenty of new products and features to excite and alarm the computing and soft-warring world. The conference also highlighted AWS’s leadership in highly resilient software architecture and design with their launch of the AWS Builders’ Library. Let’s run over some of the highlights.
Cloud Descending Back to Earth via New Edge Environments: AWS Local Zones, Outposts, and Wavelength
AWS launched two new environment types this year with AWS Local Zones and Wavelength. Local Zones was spurred by AWS customers requiring ultra-low latency for their compute, notably gaming companies based in L.A., where the first Local ZOne is now generally available. New zones will come online as customer demand in a city necessitates. Wavelength is an AWS environment colocated with telecom infrastructure, providing access to 5G endpoints. The general availability of AWS Outposts, a rack of AWS servers providing AWS on-premise, was also announced, enabling the rollout of Local Zones and Wavelength in fairly short order. AWS Outposts enable companies to test deployments in cloud-like environments without fully committing to the cloud, and give customers like Morningstar and Philips Healthcare ultra-low latency, hyper-local availability zones.
These environments showcase a new battle for the edge. AWS basically won the general compute cloud race, but we now find different telecommunication and networking competitors offering edge environments, with startups the likes of Packet and Vaper IO joining the race. As developers gain access to these new endpoints, along with increased networking capabilities and incredibly low hyper-local latencies, we are sure to see a revolutionary new age of applications and services.
We Have a Size for That: New Compute Instance Types
Amazon launched multiple new instance types including Graviton2 instances and EC2 Inf1 instances. The new Graviton2 boast a whopping 40% price performance improvement. They are based on the ARM architecture, effectively challenging Intel and AMD’s dominance in the chip space, and combined with the Nitro System security chip to support encrypted EBS storage volumes by default. The EC2 Inf1 instances are dedicated Machine Learning training instance types, effectively challenging Nvidia’s domination of the market with their GPUs. AWS promises that these chips provide a significant increase in throughput and price performance relative to Nvidia-powered instance types.
AWS Continues to March into SaaS Markets With New Machine Learning Services
Also announced were multiple ML based services including Code Guru for automated code reviews, Fraud Detector for automated fraud detection, Kendra for search indexing, Transcribe Medical for call transcription in the medical industry and Augmented AI for AI workflows requiring human intervention. You would be hard pressed to find a SaaS market Amazon isn’t capable of stepping into with their army of engineers and data scientists.
The release of the SageMaker IDE and SageMaker Debugger seems to be an attempt by AWS to capture the hearts and minds of data scientists with the promise of streamlining the building, training, debugging, deployment, and monitoring of Machine Learning models. This new IDE bypasses the need for users to understand and deploy a Python or R environment, enables progress reporting for long jobs, promises a simplified and automated debugging process, automates alerts about input data drift, and auto-trains your ML model from CSV data files. In early use, the IDE has proven to come with a steep learning curve and a high deal of complexity of use. The SSO feature, notably, only seems to work with newer AWS accounts. According to VentureBeat , the IDE provides “some features that appear to be just rebrandings of older products and some that solve new, legitimate customer pain points. Even the best new features are incremental improvements on existing products.”
Reducing Cloud Anxiety With New Security-Focused Services
It seems Amazon has heard the cries of its customers as they struggle to manage the complexity of their cloud environment’s security. They announced Amazon detective, Macie , and IAM Access Analyzer to review organizational security lattices and catch any potential privilege or access issues. IAM Access Analyzer helps to solve misconfiguration problems, one of the most common problems with AWS deployments, and can purportedly monitor and evaluate thousands of security policies across a deployment environment in seconds.
Thought Leadership in Designing Resilient Software Systems
Amazon showed some responsibility for their dominance of the cloud with their release of the AWS Builders’ Library. A number of sessions at re:Invent included references to their cell-based architecture approach and explained how AWS achieves high uptime numbers for their most important services.