
NPW Insights (Free): Week 3/4 for Software Engineer
Future of Wasm, Google-IDC data trends report, AWS Glue Crawler integration with Lake Formation, WAF for App Runner. Document AI Workbench updates. CloudNativeSecurityCon 2023 highlights
App Building
SQL Server on Azure VMs better price-performance than on EC2: GigaOm report
• Runs 57% faster and costs 54% less than on EC2 with 3-year commitment and Azure Hybrid Benefit (study commissioned by Microsoft)
• Azure Ebdsv5 VMS optimized for database workloads, and PRemium SSD v2 Disk Storage
The future of WebAssembly (Wasm)
• WASI, system interface for WebAssembly, extending the reach of Wasm beyond browsers
• Wasm yet to achieve the requisite maturity for backend apps
• Kubernetes and Wasm to grow solve in tandem, with latter solving problems related to application runtime
Data Management
Key AI and data trends in 2023: Google and IDC report
About report: Surveys 800 global organizations on data and AI trends.
Adoption themes: Open source technologies to prevent vendor lock-in; unified data clouds to improve data usage and governance, and formation of open data ecosystems.
Key recommendations: Eliminate siloed DBs and warehousing strategies as they lead to conflicting insights; teams must get to know unknown data to understand security risk exposure. Integrate insights into the workflows of users instead of delivering them within BI.
AWS Glue Crawlers now integrate with AWS Lake Formation
• With the integration, Glue Crawler can access S3 targets when Lake Formation is used to manage them, with Lake Formation permissions.
• Also supports integration with Lake Formation for a different account.
Also: Now implement RBAC in Amazon QuickSight for data sources that connect to Amazon S3 and Amazon Athena.
AI/ML
Document AI Workbench updated and in GA
• Now automatically detects and creates existing schema labels from pre-annotated documents.
• Processor Gallery recommends best models for the use-case; Labeling UI improved.
• Upcoming features: Custom Document Classifier, support for larger documents and non-Latin languages
MLOps best practices with Amazon SageMaker for real-time inference models
Scope: How to combine SageMaker model variants - production and shadow - and deployment guardrails with MLOps tools to generate end-to-end patterns for model development. Also included is example execution for canary and linear shifting deployment guardrails.
What’s covered: Model development starting with SageMaker pipelines (data preparation, model artifacts and metadata storage), moving on to production testing with A/B or shadow deployment. Then, rollout with a SageMaker endpoint using a deployment guardrail, and finally monitoring for drift in model and data quality.
Career
Github repo: Step-by-step guide to becoming DevOps Engineer in 2023
About the guide: Milan Milanovich has created this excellent repository with a comprehensive gameplan to becoming a DevOps pro. Lists resources like ebooks, articles, video courses and key technologies in use in the industry.
The learning roadmap: Broken into segments with learning Git, a coding language, Linux as basics. Followed by networking, security, and server management, and then moving into container orchestration, Infrastructure as Code, CI/CD, observability, software engineering practices, and finally, building familiarity with one cloud environment.
Red Hat expert-speak: how the role of Solution Architect is evolving
• Modern tooling has trivialized traditional roles of the architect such as ensuring scalability;
• Continuous delivery means architecture is constantly evolving
• Software teams, with telemetry data, now better aware of how customers interact with services, which enables them to respond to their needs.
• These shifts have made architecture a team sport rather than an individual’s responsibility; architects must become enablers and mentors.
Also: AWS Gallup APAC Digital Skills Report released. Read here.
Security
Highlights of CloudNativeSecurityCon 2023
Software supply chain security: A new project that aggregates software supply chain data; approaches to build trust between software supply chain artifacts; emerging Supply Chain Levels for Software Artifacts (SLSA) standard that maps relationships between artifacts.
Spotlight: Yahoo demonstrated its approach to software supply chain security across 700+ K8s clusters – image signature and freshness check policy was a highlight, as they publish 5K+ container images daily.
Other themes: Using IaC for automating policy-based compliance; current state of software supply chain verification capabilities and projects like Kyverno, GUAC, and Sigstore policy controller.
WAF support for AWS App Runner
• Lets you implement web access control lists (ACLs) in front of App Runner endpoints.
• ACLs can be created with custom rules, or use Managed Groups for AWS WAF.
Configuring Google Cloud Run for least privilege access
• Disallow unauthenticated access for internal users, create custom service account and grant it the right Cloud Run permissions.
• When Cloud Run accesses other services, don’t use default Compute Engine service account. Create Cloud Run service identities and grant minimal permissions
• Use IAM Recommender service to remove excess permissions
Also: Seven new controls in AWS Security Hub automate security checks against best practices for Amazon ElastiCache.
Provisioning + Runtime
Azure Managed Lustre enters public preview
• Lustre is an open-source parallel file system for large-scale cluster computing, ideal for HPC and AI workloads.
• Built on Azure Managed Disks, two SSD-based SKUs will be offered with 125MBps and 250MBps per TB of capacity, scalable up to 768TBs.
Azure portal updates from Jan 2023
• New VM Scale Sets use Flexible orchestration mode by default instead of Uniform orchestration.
• Force delete for VMs and VM Scale Sets, which bypasses graceful shutdown and some cleanup operations.
Also: Azure HPC Cache Premium Read-Write, which provides up to 84TB capacity for a single cache and 20GBps read throughput at low latency is now in preview; Azure HPC Cache – Standard price dropped.
NPW Weekly Trends
What CSP products got the highest attention. Topics that generated keen interest. Based on what was read by 12,000+ DevOps engineers, software engineers and solution architects the previous week.
Products that trended last week
- Caching becoming possible in Azure Container Registry instance
- Confidential GKE Nodes' availability in confidential VMs
- Azure SQL updates including automatic key rotation for CMKs
- Azure Cache for Redis allowing enhanced passive geo-replication
- Stateful firewall rules to tag-based resources in AWS Firewall Network

CSP trends last week
- Databases saw the most important announcements, both from Azure.
- In fact, Azure updates accounted for 52% of total attention on stories
- Google Cloud and Azure had important updates in VMs, the second most active topic

Trending topics last week
- Provisioning related news accounted for 45% of total attention on stories
- App building related updates accounted for another 27%
