NPW Insights (Free): Week 2/4 for Software Engineer
Confidential GKE Nodes on C2D VMs, new metrics in App Runner, Serverless for Hyperscale in Azure SQL
New Google Cloud pricing models to boost flexibility
What’s new: Flex Agreements, which will give access to monthly spend discounts, CUD, cloud credits, and professional services without upfront commitments. Standard, Enterprise, and Enterprise Plus pricing tiers, will offer flexibility to choose features and functionality across the portfolio.
What’s changed: Cloud Spanner free trial extended to 90 days and BigQuery auto scaling works more granularly.
Bottomline: Flex agreements will bring pricing incentives based on monthly spend and new pricing tiers will offer feature sets tailored to business needs and your stage of cloud adoption
Confidential GKE Nodes now available on C2D VMs
➝ Like Confidential VMs, they leverage Secure Encrypted Virtualization capability of AMD EPYC processors.
➝ Compute-optimized C2D series offers up to 112 vCPUs 896GB memory for performance-intensive workloads.
➝ See pricing, and how a company used it for 5G monetization.
Azure SQL GA updates for mid-February
➝ Optimized locking for lower lock memory and improved DB concurrency.
➝ Automatic key rotation for CMKs in SQL Database and SQL Managed Instance.
➝ Max size configuration of TempDB, it persists on server restart.
Azure Cache for Redis Premium tier now offers enhanced passive geo-replication
➝ New metrics to track health of geo-replication link.
➝ Single-click failover between geo-primary and geo-replica caches.
➝ Global cache URL automatic updation of DNS records after geo-failovers.
Must-read Analysis & Advice
How loose coupling affects your cloud bills
Gregor Hohpe, former Technical Director, Google, and AWS Sr. Principal Evangelist digs deep into the design and cost implications of decoupling in the cloud.
Starting point: Design time and runtime decoupling comes at a cost in the cloud, and incurs latency.
Observations: Decoupling makes cloud costs visible, and that’s a good thing because then the costs can be optimized. In his example scenario, 50ms latency reduction comes at a fixed cost, which makes the tradeoff clear.
Instead of defining service boundaries by their natural duties, consider the intent of the service – use pattern diagrams to define the topology.
In some cases, decoupling may not require an event broker – in the example scenario, replacing event broker with SNS significantly reduces the cost of the solution.
Conclusion: Decoupling can actually reduce your cloud costs.
Ways to use recently released Local SSDs with GKE for high-performance storage for AI/ML
➝ Local SSDs directly attached to the host offer lower latency than PDs and Filestore in exchange for lower durability.
➝ Ephemeral Storage Local SSD API should be used when no data is shared across pods – it is fully integrated with GKE.
➝ Local NVMe SSD Block API ideal when multiple pods need to access the same data, but isn’t fully integrated with Kubernetes scheduler.
How to right-size microservices: Lee Atchison
➝ Making services too small simplifies the code but increases complexity for system architects.
➝ Finding the right size entails trial and error, because it depends on the application and the organization.
➝ Small services are better for less mature development teams, but require a mature service infrastructure and application architecture team.
Mitigating DDoS attacks with Azure Front Door
The CDN service can redistribute both encrypted and unencrypted DDoS traffic away from source systems during an attack, and layer 3, 4, and 7 DDoS protection is included with AFD.
Key takeaways: Integrate Azure Web Application Firewall with AFD, and use rate limiting, bot protection rulesets, custom rules, and geo-filtering to block suspicious traffic. If internet-facing Azure resources don’t use AFD, use the Azure DDoS Protection product. Connect source systems to AFD via Private Link.
Caching for Azure Container Registry, which lets users cache container images from Microsoft Artifact Registry and Docker Hub enters public preview.
AWS App Runner adds support for service-level metrics like CPU and memory utilization, and total concurrent requests, and request/response counts in the App Runner console.
Public preview of bulk import support in Jobs API of Azure Digital Twins – lets you ingest large twin graphs with enriched logging and higher throughput.
Virtualization-based security enclaves, which offers data protection features of Always Encrypted in Azure SQL Database independent of the underlying hardware, is now in public preview.
Serverless for Hyperscale in Azure SQL Database, which scales both compute and storage automatically based on workload demand for databases requiring up to 80 vCores and 100TB, is now in public preview.
Now apply stateful firewall rules to tag-based resource groups of EC2 instances and Elastic Network Interfaces in AWS Network Firewall.
EKS Anywhere on Snow, which lets you create and operate Kubernetes clusters on AWS Snow Family devices, is now generally available.
AWS Incident Detection and Response now lets you ingest events from New Relic via Amazon EventBridge with new integration.
Connected Sheets for Looker, which lets users explore modeled, trusted data from Looker in Google Sheets is now generally available.