This week on the podcast, Justin, Jonathan and Ryan are joined by Matt Kohn and can be found chatting about all things microservices and containers - including new Security Copilot features. In our cloud journeys, we discuss just what defines a microservice (spoiler: the guys actually agree for once) and whether or not those microservices require containers. Also on the agenda, IS Kubernetes the new Monolith?
News this Week:
@4:00 - HashiCorp has announced quite a few updates for Terraform, including a number of innovations for the cloud version. This includes:
-A *new version of the UI (*not actually new if you use the cloud version) and a new cross organizational provider, which will allow users to share via a private registry across an organization.
-They introduced Projects, which will give the ability to organize workspaces and ownership boundaries within Terraform.
-An Auth update will give enhanced integration between Terraform and GitHub.com
-But wait, there’s more from HashiCorp! Among the updates is a new and improved pipeline model called the TFE Taskworker. This will let Terraform offer features like OPA support, dynamic provider credentials, and drift detection.
From Justin: “And OPA is exactly what you thought - they’re getting rid of Sentinel. No. They’re not. They’re giving you OPA AND Sentinel so you can use either/or or both of them.”
Terraform Enterprise adds projects, drift detection, and more
AWS
@7:57 In AWS News - We discussed a few weeks ago the new app migration service from AWS; well, they’ve added three new features!
-Import/Export: You can use the App Migration Service to import source environment inventory list from a CSV file (snazzy!) as well as exporting that same data for reporting purposes, offline reviews, and update integration.
- New dashboard for server migration metrics and added 8 additional predefined actions, such as converting licenses to Amazon licensing.
- ALB’s now support TLS 1.3 (Did anyone else realize they hadn’t already offered that update?)
Matt: “I think what scares me more is the Windows update version; they have a runbook that will just do the upgrade for you. I feel like that **definitely** will never end well.”
GCP
@14:04 - Nothing of interest from GCP this week. Still trying to get Bard to work, go figure. Google recently discussed their “shared agenda for sensible AI progress” which is essentially an “if you can’t beat ‘em - regulate ‘em” ideology.
SIDENOTE: Weird Amazon returns policies
SIDENOTE: AI Startup Replika - it goes where you think it does. (Hint: Where the internet ALWAYS goes.)
Azure
@ 20:19 - Moving on to Azure - Microsoft’s inaugural Security event says they are “bringing the power of AI to security” but *are* they? The announcement doesn’t tell us much, but it essentially marries GPT to Security Copilot. But is this really a product they need to be selling? The guys discuss what GOOD AI integration would look like for InfoSec.
Ryan: “I can’t get the image out of my head of Clippy wearing a badge saying ‘Would you like to open a Sev1 incident’?”
Justin: “Just because you have the big partnership with Open AI for billions of dollars doesn’t mean every one of your products has to get AI in a bad way.”
Jonathan: “I wish it well, I really hope that it gets developed and we no longer have to work with real InfoSec people.” (No offense to InfoSec people, even though none of them are listening to this.)
Cheating is All You Need by Steve Yegge
Introducing Microsoft Security Copilot: Empowering defenders at the speed of AI
Bonus - More Azure
@29:10 Azure AI is now available for ISV’s! Did Microsoft announce Azure AI last week? Yes. Are they announcing it again? Yes. Just to make sure you don’t forget they exist. But they also announced their Azure Virtual Network Manager; a solution for producing, configuring, deploying & grouping network resources. So that’s nice, right?
Oracle
@34:56 Oracle is in the news and they’re slinging more mud - this time in the direction of AWS. They have compared serverless and determined that Oracle can save money over serverless on AWS. A lot of the focus was on AWS’s Lambda which is proprietary, whereas OCI’s FN Project (which, spoiler alert, Oracle owns) is open source. The end result, can you save money with OCI? Sure. Or you could just sign up for AWS Savings Plan.
Jonathan (re: AWS Lambda) “I don’t personally care that it’s not open source; it’s a service that I consume through an API, it does a thing, that I pay for. If it breaks they fix it.”
OCI Functions versus AWS Lambda: Comparing cost and value
Continuing our Cloud Journey Series Talks:
@40:37 - Last week we talked about Cloud Native, and this week we’re taking a deep dive on microservices and containers - what are they? Is there a true definition of a microservice that we can all agree on?
What we agree on: an architectural style that are small applications, have a very specific purpose and can be scaled independently of each other.
Justin: “I think, as an industry, we’ve sort of forgotten that containers were really made to make it easier to package and deliver software; they’re not really necessary for anything else.”
Is it a microservice if it’s just an extension of a monolith? We can agree that in order to be cloud native the microservice doesn’t necessarily need to be in containers; as long as it continues to be independent of everything else. The guys discuss all things microservice, monoliths, and containers, and the benefits of using them in cloud native architecture. Also: Kubernetes. Since it’s the new monolith. Also, how do you think about CI/CD in cloud native architecture? A lot of it probably comes down to just what you’re trying to achieve for the business.
*Make sure to tune into next week’s podcast where the guys hold an intervention for Justin so he’ll stop suggesting running SQL Server on top of Kubernetes.*
Coming Up Next Week:
More on the “new hotness” that is Kubernetes