NPW Insights (Free): Week 2/4 for Software Engineer

NPW Insights (Free): Week 2/4 for Software Engineer

Confidential GKE Nodes on C2D VMs, new metrics in App Runner, Serverless for Hyperscale in Azure SQL

NPW Research

Top News

New Google Cloud pricing models to boost flexibility

What’s new: Flex Agreements, which will give access to monthly spend discounts, CUD, cloud credits, and professional services without upfront commitments. Standard, Enterprise, and Enterprise Plus pricing tiers, will offer flexibility to choose features and functionality across the portfolio.
What’s changed: Cloud Spanner free trial extended to 90 days and BigQuery auto scaling works more granularly.
Bottomline: Flex agreements will bring pricing incentives based on monthly spend and new pricing tiers will offer feature sets tailored to business needs and your stage of cloud adoption

Confidential GKE Nodes now available on C2D VMs

Like Confidential VMs, they leverage Secure Encrypted Virtualization capability of AMD EPYC processors.
Compute-optimized C2D series offers up to 112 vCPUs 896GB memory for performance-intensive workloads.
See pricing, and how a company used it for 5G monetization.

Azure SQL GA updates for mid-February

Optimized locking for lower lock memory and improved DB concurrency.
Automatic key rotation for CMKs in SQL Database and SQL Managed Instance.
Max size configuration of TempDB, it persists on server restart.

Azure Cache for Redis Premium tier now offers enhanced passive geo-replication

New metrics to track health of geo-replication link.
Single-click failover between geo-primary and geo-replica caches.
Global cache URL automatic updation of DNS records after geo-failovers.

Must-read Analysis & Advice

How loose coupling affects your cloud bills

Gregor Hohpe, former Technical Director, Google, and AWS Sr. Principal Evangelist digs deep into the design and cost implications of decoupling in the cloud.
Starting point: Design time and runtime decoupling comes at a cost in the cloud, and incurs latency.
Observations: Decoupling makes cloud costs visible, and that’s a good thing because then the costs can be optimized. In his example scenario, 50ms latency reduction comes at a fixed cost, which makes the tradeoff clear.
Instead of defining service boundaries by their natural duties, consider the intent of the service – use pattern diagrams to define the topology.
In some cases, decoupling may not require an event broker – in the example scenario, replacing event broker with SNS significantly reduces the cost of the solution.
Conclusion: Decoupling can actually reduce your cloud costs.

Ways to use recently released Local SSDs with GKE for high-performance storage for AI/ML

Local SSDs directly attached to the host offer lower latency than PDs and Filestore in exchange for lower durability.
Ephemeral Storage Local SSD API should be used when no data is shared across pods – it is fully integrated with GKE.
Local NVMe SSD Block API ideal when multiple pods need to access the same data, but isn’t fully integrated with Kubernetes scheduler.

How to right-size microservices: Lee Atchison

Making services too small simplifies the code but increases complexity for system architects.
Finding the right size entails trial and error, because it depends on the application and the organization.
Small services are better for less mature development teams, but require a mature service infrastructure and application architecture team.

Mitigating DDoS attacks with Azure Front Door

The CDN service can redistribute both encrypted and unencrypted DDoS traffic away from source systems during an attack, and layer 3, 4, and 7 DDoS protection is included with AFD.
Key takeaways: Integrate Azure Web Application Firewall with AFD, and use rate limiting, bot protection rulesets, custom rules, and geo-filtering to block suspicious traffic. If internet-facing Azure resources don’t use AFD, use the Azure DDoS Protection product. Connect source systems to AFD via Private Link.

Other Updates

Caching for Azure Container Registry, which lets users cache container images from Microsoft Artifact Registry and Docker Hub enters public preview.

AWS App Runner adds support for service-level metrics like CPU and memory utilization, and total concurrent requests, and request/response counts in the App Runner console.

Public preview of bulk import support in Jobs API of Azure Digital Twins – lets you ingest large twin graphs with enriched logging and higher throughput.

Virtualization-based security enclaves, which offers data protection features of Always Encrypted in Azure SQL Database independent of the underlying hardware, is now in public preview.

Serverless for Hyperscale in Azure SQL Database, which scales both compute and storage automatically based on workload demand for databases requiring up to 80 vCores and 100TB, is now in public preview.

Now apply stateful firewall rules to tag-based resource groups of EC2 instances and Elastic Network Interfaces in AWS Network Firewall.

EKS Anywhere on Snow, which lets you create and operate Kubernetes clusters on AWS Snow Family devices, is now generally available.

AWS Incident Detection and Response now lets you ingest events from New Relic via Amazon EventBridge with new integration.

Connected Sheets for Looker, which lets users explore modeled, trusted data from Looker in Google Sheets is now generally available.

Where was most of the action last week with AWS, Azure and Google Cloud. What products from these CSPs got the highest attention. Cloud topics that generated the most interest. Based on usage analysis of our 12,000+subscribers among software engineers, DevOps engineers and solution architects.