210: The Cloud Pod Deep Inspects Itself

Welcome to the newest episode of The Cloud Pod podcast! Justin, Ryan and Matthew are your hosts this week as we discuss all the latest news and announcements in the world of the cloud and AI - including what’s new with Google Deepmind, as well as goings on over at the Finops X Conference. Join us! 

Titles we almost went with this week:

• The Cloud Pod DeepMinds bring you the Cloud News
• The Cloud Sounds Better When Tuned Properly
• ☁️The Cloud Pod Delegates Itself to Multiple Organizations 
• ️The Cloud is Flush with Cash but Still Raining on Employees.

A big thanks to this week’s sponsor: 

Foghorn Consulting, provides top-notch cloud and DevOps engineers to the world’s most innovative companies. Initiatives stalled because you have trouble hiring?  Foghorn can be burning down your DevOps and Cloud backlogs as soon as next week.

News this Week:

00:43 - Finops X Foundation Conference is just around the corner 

• This is a great opportunity to meet with other Finops users and share knowledge, collaborate on Chalk Talk, and network in beautiful San Diego, CA. There will even be an awards ceremony on an aircraft carrier, and you KNOW you want to be there for that. 
• Do you like stickers? Of course you do. Everyone likes stickers! Be on the lookout for Justin - he’ll be there! And if you ask nicely (or even just sort of nicely) he’ll give you a TCP sticker, so that right there is a great reason to attend. 
• The conference is June 29th - 31st, and registration can be found on the Finops Foundation website. See you there!  

02:51 It’s earning season. Listener discretion is advised. 

• Let’s start with Microsoft

• • At their earnings report on Tuesday, Microsoft is reporting $52.9 billion revenue, up 7% from the previous year. Expectations were set at $51 billion.  Much of this is driven by AI (because what isn’t driven by AI these days.) 
  • Overall profits were up 9% from last year, coming in at $18.3 billion. 
  • Microsoft Azure helped with these numbers by recording a 22% increase, vs. a 34% increase seen last year.  

03:51 Ryan- I’m surprised with some of the numbers, just because I wasn’t expecting - after so many years of growth - that it would continue to rise despite the economic dip.”

• Moving on to Google Earnings… 

• • Google earnings were recorded at $69.79 billion, which was higher than analysts expected, thanks partly due to Google cloud revenue and an increase in Youtube advertising (all of it aimed at my kid, apparently.) 
  • Google cloud (GCI) revenue came in at $7.45 billion, which was slightly lower than expectations, but the good news is that Google finally recorded a profit in their cloud computing sector! This means everyone using GCI won’t be left in the dust, since we all know Google loves to kill off anything that isn’t profitable. 

05:30 Ryan- “I imagine there’s a lot of people who have worked really hard to turn this profitable; it’s been up and down the last couple of years.” 05:45 Matt- “I’m wondering if now they’ve kind of stabilized some of the capital expenditures, that they've kind of done with all the data center build outs and stuff like that. So now it's a little bit more maintenance and more incremental improvements, but I guess it also depends on how many new regions they open every year.” 06:15 **Side Note in regards to those data center maintenance issues *** - Have you heard about the shutdown of Europe West 9 in Paris? Starting on April 25th at 7pm PST, water damage from the fire suppression system caused a multi cluster failure, leading to the shutdown of multiple zones. Thankfully the shutdown is now limited to West 9a, which is good news for everyone - except those using West 9a. As of this morning, May 2nd, the outage is still being reported, and there’s no ETA for recovery. Our final thoughts on this… maybe just avoid France?  09:20 - Ok - back into earnings with *Amazon*

• Amazon recorded revenue of $127.4 billion, vs. expectations that were set at $124.5 billion. So that’s good, right Wall Street? Right? Bueller? 

• Amazon Web Services also did a little better than expected, $21.3 billion vs. $21.22 billion. That’s a 16% growth in the first quarter, which seems good on the surface, but the good ole’ analysts over on the street still aren’t happy, since the previous quarter’s growth was a nice, round 20%. 
• Amazon’s CEO, Andy Jassy, was quoted as saying “There’s a lot to like about how our teams are delivering for customers, particularly amidst an uncertain economy. Our Stores business is continuing to improve the cost to serve in our fulfillment network while increasing the speed with which we get products into the hands of customers (we expect to have our fastest Prime delivery speeds ever in 2023). Our Advertising business continues to deliver robust growth, largely due to our ongoing machine learning investments that help customers see relevant information when they engage with us, which in turn delivers unusually strong results for brands. And, while our AWS business navigates companies spending more cautiously in this macro environment, we continue to prioritize building long-term customer relationships both by helping customers save money and enabling them to more easily leverage technologies like Large Language Models and Generative AI with our uniquely cost-effective machine learning chips (“Trainium” and “Inferentia”), managed Large Language Models (“Bedrock”), and AI code companion CodeWhisperer. We like the fundamentals we’re seeing in AWS, and believe there’s much growth ahead.” 

11:08Matt - “I was about to say BINGO! At the end of that because I feel like I just heard 17 buzzwords all in a row.” 11:08Justin - “It's a tough market, and it's tough for everybody - it's not just the cloud providers. But does that mean the gravy train of AWS is over? I don't think so… I did see some posts recently on sysadmin forums, such about moving workloads from cloud back to on-prem; and there are workloads that should never have been moved to cloud that are very static and they don't have economical advantages of using the cloud. So those decisions will be made - and those decisions should be made all the time - when you look at your workloads. But is it a big trend? I don't think it's a trend yet.” 

AWS

15:27 There’s already a new feature for CodeCatalyst!

• AWS announced a new Dev Environment dashboard for CodeCatalyst.  
• The dashboard enables users with the space administrator role to centrally view and manage dev environments across projects; and when using the new dashboard you can view, stop and delete dev environments belonging to your space
• We are 100% taking credit for this, even though our idea for it in last week’s show was published after they made the announcement. We all have Alexa devices. We know what happened. You’re welcome. 
• This new feature helps justify the $20/month price tag, and we definitely expect to see more over the next few months. 

17:17 - Amazon announced that S3 Compatible Storage on AWS Snowball Edge Compute Optimized Device is now generally available. 

• Joining a whole collection of purpose-built services to AWS Snow, customers now have access to S3 compatible storage. This will eliminate any need to re-architect applications for each deployment. 
• This also makes it easy for you to store data and run applications requiring Amazon S3 compatible storage across the cloud, on-premises, and at the edge in connected and disconnected environments with a consistent experience.
• In addition, users can now utilize AWS OpsHub to manage Snow Family Services, as well as Amazon S3 compatible storage on the devices at the edge or remotely from a central location. This provides a unified view of the AWS services that are running on Snow devices, and automates tasks operational tasks through AWS Systems Manager
• AWS OpsHub is available at no additional cost to users. 
• You can also use this as an intermediate storage location and allow the snow device to handle the replication; 
• We anticipate that this may ease your migration from traditional file systems to object storage. 

20:13 Justin - “I do hope someday in my career I get to do a very massive storage migration, not to the point that I need the truck, but … where the point is that you have to order like a hundred of these things. Then I can build like mazes in my data center of snowball edge devices. I think it would be fun.” 20:25 Matt - “I kinda want the truck - and get the two armored police cars to drive with it.” 21:05 Amazon Inspector now supports deep inspection of EC2 instances

• Amazon Inspector now supports deep inspection of EC2 instances when the continual EC2 scanning feature is activated. With this expanded capability, Inspector now identifies software vulnerabilities in application programming packages including Python, Java and node.js packages and OS packages.   
• Go go gadget vulnerability management tool! Amazon Inspector continually scans your AWS workloads for vulnerabilities and unintended network exposures. 
• The AWS Regional Services list will let you know where Inspector is currently available.
• Like AWS OpsHub, Inspector is available at no additional cost to users. 
• **Note** Legacy accounts can turn this on; for new customers it’s on by default. 

22:43 AWS Firewall Manager adds support for multiple administrators

• Customers with multiple organizational units (OU’s) can now create up to 10 administrator accounts for your AWS Firewall managers. 

22:32 Matt “Yeah, and the reason why I kind of thought this was interesting was lot of the stuff you could always only delegate to a single account. So things like config admin, the firewall manager, which also includes WAF, and a lot of the other ones, you can only go to one location. So this is kind of nice that you can start to subdivide stuff out, especially if you're an organization that has potentially multiple acquisitions that you're merging in; you still have your own security teams. You can kind of let them kind of manage their own aspects of it. So it's kind of just interesting to see that they are doing this. I'm curious to see if they expand it to all the other services that have delegated administrators.”

Google

25:17 - Google DeepMind: Bringing Together Two World Class AI Teams 

• Sundar Pichai himself released a letter to Google employees in regards to some changes happening with their AI organization.   
• He says they have created two completely state of the art and world-class research times “Leading the industry forward” but AI is moving faster than either of the teams can handle, so they’re combining the DeepMind and Google Research teams. 
• The new team, Google DeepMind, is poised to really accelerate Google’s AI progress. 

27:30 - Bard can now help you learn to code!  

• Bard is still just for personal use, but it can personally help you with quite a few tasks! 
• As of now, Google says Bard can help you code, as well as with software development tasks, like code generation, debugging, and code explanation, something Justin specifically is excited about, because *reasons. (*Ryan is the reason.)
• The new capability is available in 20 different programming languages, including C++, Java, Python, and Typescript - among others. You can even export your Python code without copy and pasting, making collaborative projects even easier than that diorama in 6th grade. 
• For users new to coding (or working with Ryan) Bard can explain pieces of code.
• One of the more interesting aspects of this announcement is that this new feature of Bard is still early in its development, so they warn it may provide inaccurate, misleading, or false information. So essentially Bard has turned into Cable News. Awesome. Additionally, it may provide users with incomplete code, or code that isn’t optimal for your use. Interestingly enough, you can then ask Bard to fix that code or make it faster. The moral of the story: make sure you check Bard’s work. 

28:45Ryan - “It is at this point that I want to remind our listeners that I am also capable of providing inaccurate misleading or false information and definitely provide code that's not optimal or non-functional.”  30:52 Next Gen Confidential VM is now available in private preview 

• Confidential Compute technology called AMD Secure Encrypted Virtualization-Secured Nesting Paging (AMD SEV-SNP) on general purpose N2D machines.
• These new instances build upon memory encryption and adds new hardware-based security protections such as strong memory integrity, encrypted register state (Thanks to encrypted SEV-ES) and hardware-rooted remote attestation. 
• Brand new to you! 
• We offer our sincere apologies that Jonathan isn’t here to better explain this stuff to you all (and us, if we’re being honest.)

33:29Justin - “I think the other big lift is that most dev teams are already buried trying to get features out and then say, oh, you had to go modify your code to use this confidential computing thing. I think that's also becomes a problem for a lot of companies. And again, it goes back to the business driver. If you have the driver to do it, then you're gonna make the investment. But if you don't, it's sort of like, I'll get to it eventually. And you never, just never do.”

Azure

34:20 Preview: Introducing DCesv5 and ECesv5-series Confidential VMs with Intel TDX 

• If the AMD Confidential VMs on Google were nice, but you really wanted Intel, then Azure has you covered with the new DCesv5-series and ECesv5-series in preview.
• They feature the 4th Gen Intel Xeon Scalable processors; these VMs are backed by an all-new hardware-based trusted execution environment called Intel Trust Domain Extensions (TDX). 
• The selling feature is that organizations can use these VMs to seamlessly bring confidential workloads to the cloud without any code changes to their applications. 
• DC variant up to 96vcpu and 385GB of memory; EC variant up to 64vcpu and 512GB of memory
• Since you may want to attest to the environment, Azure can retrieve hardware evidence for cryptographic verification (just like Google could) of the TEE state and third-party root of trust. 
• Organizations will have native support for attestation with Microsoft Azure Attestation. They have worked closely with intel on support for project Amber, Intel's upcoming trust services, to help enterprises that want to enforce operator independence and separation of duties in deploying confidential computing. 

35:26Ryan - “I like that the add test station service that I mean, I want to see that pattern grow across cloud as well. Like that's, I love the idea of being able to attest your state and verify compliance by API request. Fantastic.” 35:43Justin - “As a person who has had to collect evidence for many audits, anything to automate that stuff and and to get confidence is always a big deal.” 35:57 A little more on Project Amber 

• Amber is new to us so Justin researched it a bit. It’s an Intel project, and from their website “Project Amber is the code name for Intel’s groundbreaking service/SaaS-based implementation of an independent trust authority that provides attestation of workloads in a public/private multi-cloud environment.”
• Don’t trust Amazon, Azure, or Google? Trust Intel! It’s an option. That’s all we’re saying. 
• We’ll be interested in watching where this one goes!

37:34  Cloud Cost optimization strategies with Microsoft Azure 

• There are many benefits to optimization of your cloud costs, including understanding your bill (I mean, who needs to understand what you’re paying, right?) Reducing carbon emissions, and improving the performance of applications. 
  • #1 - RIght Sizing (where everyone should start)
  • #2 - Clean up unused resources 
  • #3 - Buying reservations and savings plans (commit MORE money to Microsoft!)
  • #4 - Database and application tuning (especially if you are trying to get bigger boxes.)

39:33Matt - “I always feel like #2 I really feel like number two here, clean up, is always ridiculously hard because everyone's like, oh, it's in the cloud. It's only like two cents a gigabyte or three cents a gigabyte. Who cares? But people forget that if you're doing two, 200, 2000, gigabytes approaching terabytes per day, and all you're doing is aggregating and you're never cleaning up, that starts to add up to real money real fast.”

Oracle

40:02 Build your skills with the OCI Multicloud Architect Certification and Course  

•  “Multicloud is the new normal” (especially if you're using Oracle databases and want to save a ton of money on licensing!) OCI is here with a new Multicloud Architect Course and Certification, so you can build up some necessary skills, have a neat little badge, and probably not make any more money. Awesome! 
• This certification is ideal for cloud architects interested in designing and building multi-cloud solutions utilizing Oracle services.
• The Oracle learning platform is your one stop shop to get ready for your multi-cloud certification test with video courses, skill checks, exam preps, practice exams, online certification exams, credentials and more. 
• Public Service Announcement: this is mostly just an OCI to Azure exam. You’re welcome. 

Continuing our Cloud Journey Series Talks

42:44 Episode 4: All About State

• Look, I know you’ve all been preached to in regards to building stateless…and we know state isn’t webscale. But hang with us a minute. 
  • In many cases, stateless is still the best way to go, but it’s not ALWAYS the best option in regards to cloud native architecture. 

43:30 Ryan - “I would argue that we've always built state. We've been building towards stateless to understand how to manage our state and not rely and make assumptions about our state. But very little that I've worked on doesn't have a state somewhere.” 44:00 Matt - There's always state somewhere. Whether it's in your SQL or your caching layer or somewhere, like if you're using session caches or anything like that, there's still always state.”

• Now in cloud native, a stateful approach has some advantages; the most obvious benefit is the reduction in the overhead of retrieving remote state on every request.  But maintaining state may also have increased complexity.
  • This is tied to the fact that our perception is that we are doing things in the current way.  
• But now in an event-based state persistence, the stateful alternative shares an events-first way of processing and persisting state changes. Using classic shopping cart scenarios, each change to the state of the shopping cart is persisted as a sequence of events. 

28:35 Justin - “And so this is again, thinking differently about your apps as you think about cloud native, is that where does eventing make sense? And then how do you think about state with that regard to that eventing?”

• Justin and Ryan then argue about consensus protocols. (Not to be confused with the much more interesting protocol droids.)
  • Zookeeper vs EtcD - Ryan tries to defend it, but EtcD is behind Kubernetes, and as we’ve pointed out before Kubernetes is the new hotness, so… winning. 

50:01 Ryan - “the argument we always have is just, is it the tool or is it how the tool is used, right? And so my argument is that if you cram too much into EtcD, you're gonna have the same problems as you do in ZooKeeper.” 51:41 Justin - “At the end of the day, anytime you're dealing with a distributed state management system that has to get to quorum, you know, you can't overload it. And that's probably the biggest mistake people make with using EtcD and Zookeeper is they try to shove everything into it.”

Spotted on the Horizon

Next week on the Cloud Pod Podcast…

News From the Clouds That Didn’t Make the Main Show

AWS

• Choose Korean in AWS Support as Your Preferred Language
• AWS Amplify supports Push Notifications for mobile and cross platform apps
• AWS Lake Formation and Glue Data Catalog now manage Apache Hive Metastore resources
• AWS Systems Manager now supports AWS Cloud Development Kit (CDK) applications
• AWS License Manager now supports upgrading of EC2 Instances from Ubuntu to Ubuntu Pro operating system
• AWS Glue Crawlers now support creating partition indexes
• Apache Kafka support now available in AWS Distro for OpenTelemetry
• Amazon Personalize now supports Kafka Sink connector to ingest real-time data with ease
• AWS WAF Captcha launches JavaScript API support
• Redesigned opportunity management experience in AWS Partner Central
• AWS SAM CLI announces local testing support for API Gateway Lambda authorizers
• Announcing Amazon GuardDuty support for AWS Lambda
• Amazon Redshift announces general availability of Dynamic Data Masking
• Introducing AWS WAF Ready Partner Offerings
• Amazon Redshift announces general availability of MERGE SQL command
• AWS Snowball Edge Compute Optimized now supports Amazon S3 compatible storage
•  AWS Amplify Flutter announces general availability for web and desktop support
• Amazon Redshift announces centralized access control for data sharing with AWS Lake Formation  
• Amazon Comprehend improves accuracy of document classification using layout data    
• AWS Resource Access Manager supports fine-grained customer managed permissions
• AWS Elemental Link UHD now supports Dolby Digital and Digital Plus
• Amazon Keyspaces (for Apache Cassandra) supports IN operator for SELECT queries        
• Announcing AWS DataSync Discovery general availability (GA)  

GCP

Azure

• Azure Service Fabric 9.1 Third Refresh Release  
• Generally available: Cross-region service endpoints for Azure Storage    
• General Availability: Support for Linux clients to use identity-based access to Azure file shares over SMB
• Azure CycleCloud 8.4.0 release
• The era of AI: How the Microsoft Cloud is accelerating AI transformation across industries 

Oracle 

• Simplify IT with Oracle Cloud VMware Solution and Dell Data Protection Suite 

Closing

And that is the week in the cloud, we would like to thank our sponsors Foghorn Consulting. Check out our website, the home of The Cloud Pod where you can join our newsletter, slack team, send feedback or ask questions at thecloudpod.net or tweet at us with hashtag #thecloudpod