Welcome to The Cloud Pod – where the forecast is always cloudy! This week your hosts Justin, Matthew, and Ryan are here to fill you in on all the latest and greatest happenings in the cloud, including news about your SSL & TLS certificates, MSK Replicator, and the Azure Incubations Team. Did you know about them? Neither did we!
Titles we almost went with this week:
- ☁️The Cloud Pod Replicator… Replicating Snark to all the Kafkas
- Mirror Mirror on the wall, Which Events? We Want Them All.
- The Radius of my Patience for my Developer Portals is Shrinking
- Oracle Java Plugin for VSCode… it’s a trap!
A big thanks to this week’s sponsor:
Foghorn Consulting provides top-notch cloud and DevOps engineers to the world’s most innovative companies. Initiatives stalled because you have trouble hiring? Foghorn can be burning down your DevOps and Cloud backlogs as soon as next week.
General News this Week:
AWS
01:20 Rotate Your SSL/TLS Certificates Now – Amazon RDS and Amazon Aurora Expire in 2024
- If you want to have some “fun” you need to update the RDS SSL certificate for your db instances before they expire in 2024.
- This impacts really any DB created before 2020.
- You can choose CA certificates that expire in 40 years or 100 years.
- This was more complicated than we realized when we did this on a database instance recently, and this step-by-step guide would have been great when we did it a month or so ago.
- Step 1: Identify your impacted DB’s
- Step 2: Update your database client and apps… this was the trickiest part for us.
- Step 3: Test CA rotation on a non-production RDS instance
- Step 4: Rinse and Repeat on Production.
01:45 Justin- “I definitely went for the 100 years to fake because I never want to do this again… This is not for the faint of heart, if you’re not familiar with how your database apps work, and do proceed with caution.”
05:48 Justin- “Well, so the 40 year one is a 2048 bit RSA certificate. The 100 year one is an RSA 4096 or an ECC 384 compiled. So it’s pretty high level encryption on both of those CAs. And the fun thing about that is if you do choose the 100 year certificate and you have like a T3 class system, all of a sudden now you’re processing a lot of stuff to calculate the cipher. So you may have some use cases where you don’t want to use the 100 year certificate because it does require some more CPU to process.”
07:07 Introducing Amazon MSK Replicator – Fully Managed Replication across MSK Clusters in Same or Different AWS Regions
- Cross Cluster Kafka replication is often used to implement business continuity and DR plans, and increase application resilience across AWS regions, or when building multi-region applications to have copies of streaming data in multiple geographies stored closer to end consumers for lower latency access.
- You may also need to aggregate data from multiple clusters into one centralized cluster for analytics.
- To address this, you would have written custom code or used an open source tool like Mirrormaker, however they can be complex and time consuming.
- Amazon is Introducing MSK replicator, a new capability for MSK that makes it easy to set up cross-region and same-region replication between MSK clusters, scaling automatically to handle your workload.
- You can use MSK replicator with both provisioned and serverless MSK clusters.
- MSK replicator supports both Active-active and active-passive setups.
- You pay per GB of replicated data an hourly rate for each replicator in addition to the base cost of MSK. Per hour $0.30, Per GB $0.08.
09:04 Ryan – “Most of the mirror maker stuff is actually trying to handle the translation between going to multiple clusters on the app side. So I wonder if the MSK version is a complete abstraction where you’re calling the same sort of global endpoint.”
GCP
09:42 Windows Server 2012 is Welcome on Google Cloud, Even After End of Support
- Oh nice! Google is doing the thing Microsoft did… NOT SO FAST… for those who have purchased Extended Security Updates from Microsoft you can keep running windows 2012 on Google…. That’s not the same thing Google!
- They also point out that you can upgrade to Windows 2016.
- Thanks for that google. Really. Thank you.
10:29 Justin – “And then Google then also pointed out that you can easily upgrade to Windows 2016 by either deploying a new instance or doing an upgrade in place, which don’t do an upgrade in place of Windows ever. So, appreciate this article for nothing. Thank you, Google.”
11:06 Ryan – “ I feel like this is a blog announcement for them just not removing this from the image library, right? Because someone complained when they did, and they’re like, but I purchased extended support.”
Azure
1:46 The Microsoft Azure Incubations Team launches Radius, a new open application platform for the cloud
-
- Cloud computing has evolved and developer and operations teams support many complex microservice based applications.
- While K8 is an enabler, many customers are building abstractions over K8, usually focused on compute, to work around its limitations. K8 has no formal definition of an application; it mingles infrastructure and application concepts and it is overwhelmingly complex.
- Over time developers need things like support for dependencies such as API front ends, key value stores, caches and observability systems. Amidst these challenges for developers their corporate IT counterparts also must enforce an ever-growing matrix of corporate standards, compliance and security.
- The Azure incubations team is introducing Radius to address these challenges.
- This will help application teams where they are supporting proven technologies like K8, existing infrastructure tools like terraform and Bicep, and by integration CI and CD systems.
- Radius enables developers to understand their apps beyond just K8. As well as it meets the cost, ops and security requirements.
- “Radius is strongly aligned with our platform engineering vision to enable Comcast engineers to innovate at the speed of thought. We are prototyping on Radius to understand how Comcast might both consume and contribute to this promising open-source project.” Paul Roach, VP of Developer Experience, Comcast
13:10 Ryan – “ This is a funny reaction to shift left, right? Like it’s, it’s one of those things that we’ve put a lot of systems in place to empower development and people around their own systems, and then it’s sort of like, oh, and now what, you know, I have to be an expert in everything? And it doesn’t scale. And so now this is sort of the, I think the platform engineering and all the developer sort of dashboards we’re seeing is sort of a response to that, which is like, how do we all play nice in the same pool?”
14:09 Justin – “It’s just sort of funny because when it was an ops problem, no one cared. But when it became a dev issue, all of a sudden they all started coding solutions.”
Oracle
18:22 Oracle unveils Java development extension for Visual Studio Code
- Oracle has released a java development extension for VS Code.
- What a great way to get you into high cost Java licenses!
- The extension covers the development cycle from editing, compiling, debugging and testing.
- The initial release offers features such as project view, auto-completion, error highlighting, and jump-to-definition capabilities, along with unit testing support for Junit.
- Cool beans!
13:10 Justin – “So first you get that license on there, and then this plugin notifies the lawyers at Oracle that you installed Java. And then they call your company, and they say, hey, Ryan and your team just installed Java, and now you owe us a million dollars. That’s perfect. So if you don’t already have your licensing, don’t use this.”
Much like my sanity, my observability cost are spiraling into depression
23:21 Survey Sees Observability Costs Spiraling Out of Control
- A survey of 200 DevOps professionals in mid-sized organizations (revenue of $50 to $500 million) revealed challenges in controlling observability costs.
- The survey, conducted by Wakefield Research for Edge Delta, found that 98% of respondents experienced cost overages or unexpected spikes a few times a year, with 51% encountering such issues monthly.
- The primary causes of cost spikes were product launches and updates (46%) and mistakenly including log data for ingestion (42%).
- 93% of respondents stated that their leadership teams were aware of rising observability costs, and 91% expected increased scrutiny to reduce costs in the next year.
- 84% believed they were paying more than they should for observability, even with limited log data ingestion.
- The CEO of Edge Delta, Ozan Unlu, suggested that organizations were investing in observability for resiliency but faced higher-than-anticipated costs due to platform limitations.
- DevOps teams attempted to reduce costs by limiting log ingestion (82%) and data collection (98%).
- These actions led to disputes within companies (83%) and brought challenges such as increased risk or compliance issues (47%), more staff time spent on data preparation (47%), internal tension (42%), process disruptions (42%), loss of insights (38%), and failure to detect production issues (31%).
- Log data has grown on average by 5x over the past three years, with 22% experiencing a growth rate of 10x or more.
- Observability platforms aim to unify logs, metrics, and traces for easier issue identification compared to legacy monitoring tools.
- Observability adoption is growing as application environments become more complex, but understanding which queries can help identify issues is a challenge.
- Machine learning is expected to use observability data to predict issues before disruptions occur, but complex IT environments outpace budget allocations for management.
- Log data has grown on average by 5x over the past three years, with 22% experiencing a growth rate of 10x or more.
- Observability platforms aim to unify logs, metrics, and traces for easier issue identification compared to legacy monitoring tools.
- Observability adoption is growing as application environments become more complex, but understanding which queries can help identify issues is a challenge.
- Machine learning is expected to use observability data to predict issues before disruptions occur, but complex IT environments outpace budget allocations for management.
24:02 Justin – “And I agree. Observability tools are expensive, but they should add value to your business by making it easier to detect issues, easier to troubleshoot, reduce your MTTR and MTTF. And so those are the metrics you should be tracking to justify why you’re spending all this money.”
29:58 Matthew – “I mean, I remember I was talking with one company, they were like, yeah, we figured that our observability platform should be anywhere from 10 to 20% of our cloud costs per month. And I was like, that feels high. But you know, it probably realistically isn’t, you know, it’s a cost. You need to make sure you’re using it. And I feel like most people don’t use that cost.”
Closing
And that is the week in the cloud! We would like to thank our sponsors Foghorn Consulting. Check out our website, the home of the Cloud Pod where you can join our newsletter, slack team, send feedback or ask questions at theCloud Pod.net or tweet at us with hashtag #theCloud Pod
