Welcome to episode 251 of The Cloud Pod podcast – where the forecast is always cloudy! This week we’re looking at the potential end of low impact code thanks to generative AI, how and why Kubernetes is still hanging on, and Cloudflare’s new defensive AI project. Plus we take on the death of Project Titan in our aftershow.
Titles we almost went with this week:
- The Cloud Pod is Magic
- Why is the Cloud Pod Not on the Board of the Director for OpenAI
- The Cloud Pod wants Gen AI Money
- The Cloud Pod Thinks Magic Networks Are Less Fun Than Magic Mushrooms
- The Cloud Pod is Mission Critical so Give Us Your Money and Sponsor Us
A big thanks to this week’s sponsor:
We’re sponsorless this week! Interested in sponsoring us and having access to a specialized and targeted market? We’d love to talk to you. Send us an email or hit us up on our Slack Channel.
Follow-Up
00:50 Kubernetes Predictions Were Wrong — Redux
- Last week Ryan and Justin talked about why Kubernetes hasn’t disappeared into the background during our after show, and now with Matt and Jonathan here I wanted to see if they had any additional thoughts.
- If you missed this two weeks ago, it’s probably because you don’t know that there are regular after shows after the final bumper of the show… typically about non-cloud things or things that generally interest our hosts. There is one today about the death of the Apple Car.
- To summarize the conversation, ChatGPT has provided us with a sort of CliffsNotes version.
- Ryan and Justin speculated on the reasons why Kubernetes (K8) persisted despite predictions of its decline:
- Global Pandemic Impact: They acknowledged the global pandemic that unfolded since 2020 and considered its potential influence on Kubernetes. The pandemic might have shifted priorities and accelerated digital transformation efforts, leading to increased reliance on Kubernetes for managing cloud-native applications and infrastructure. Organizations might have intensified their focus on scalable and resilient technologies like Kubernetes to adapt to remote work environments and changing market dynamics.
- Unforeseen Complexity: Despite expectations for a simpler alternative to emerge, Kubernetes has grown more complex over time. The ecosystem around Kubernetes has expanded significantly, with various platforms, services, and tools built on top of it. This complexity may have made it challenging for organizations to migrate away from Kubernetes, as they have heavily invested in its ecosystem and expertise.
- Critical Role in Scalability: Kubernetes remains a fundamental technology for platform engineering teams seeking to achieve scalability and standardization in their operations. Creating a standardized, opinionated path for Kubernetes within organizations enables them to streamline deployment processes, manage resources efficiently, and support the growing demands of modern applications. This critical role in scaling infrastructure and applications might have contributed to Kubernetes’ enduring relevance.
- Absence of Clear Alternatives: Despite predictions, no single service or platform has emerged as a clear, universally adopted alternative to Kubernetes. While other solutions exist, such as Tanzu, OpenShift, and others mentioned, none have achieved the same level of adoption or provided a compelling reason for organizations to migrate away from Kubernetes. The absence of a superior alternative has likely contributed to Kubernetes’ continued dominance in the container orchestration landscape
- In 2020, people were predicting that K8 would disappear within a year. They believed someone would create a service that would reduce the adjacent choices and make K8 the easy default.
- But now 4 years later Kubernetes is still here, more complex than ever and proven to be a tough nut to crack.
- Tanzu
- OpenShift
- Mirantis
- Rancher
- Docker K8
- EKS
- GKE
- AKS
- Elastisys
- Platform9
- Linode K8 Engine
- Digital Ocean Kubernetes
- Alibaba Cloud Container Service for K8
- IBM Cloud K8 service
- And for sure there are many, many more.
- K8 is one of the largest drivers of platform engineering teams, as creating a single opinionated path for K8 in your organization is one of the only ways to massively scale.
- And so to our co hosts, since 2020… we did have a global pandemic. But is there more to this story? As a tool, Justin felt K8 would fade into the background… and yet here we are. WIth it very much *not* in the background.
02:39 Jonathan – “I actually think the pandemic had a lot to do with it. And I don’t know what it was about the pandemic that you talked about exactly, but I think we kind of went into this mode where the businesses that were scaling up as a response, the pandemic were like balls to the wall to increase capacity, add new services, do new things. And I think they probably lacked the time to actually go back and redesign or re-implement new patents. And so I think it probably saw more adoption and more expansion during COVID than ever before, simply because people were focused on delivering that kind of output and not redesigning things.”
05:48 Matthew – “There’s just nothing else really there out there. Like I still kind of like, you know, just using ECS because it’s simple. And to me, that was the point of containers, but you know, it didn’t grow. And, you know, I almost feel like Amazon could have maybe grown that ecosystem out if they would have taken it to the next level and maybe open sourced it. But that’s obviously a big step.”
General News
08:41 IT Infrastructure, Operations Management & Cloud Strategies: Chicago (Rosemont/O’Hare), Illinois
- Want to listen to the great Matthew Kohn in person? Now’s your chance!
- Camp IT Conference
- 11:30am – 12:30pm: Using Data and AI to Shine a Light on Your Dark IT Estate
- He **should** have Cloud Pod stickers, if you’re into that sort of thing. (And who isn’t?)
11:01 Cloudflare announces new defensive AI products for protecting LLMs and companies from attack
- Cloudflare has announced the development of Firewall for AI, to provide companies a layer of protection for artificial intelligence large language models, with an aim to identify potential attacks before they can tamper with critical functionality or access sensitive data.
- In addition, Cloudflare has launched a new suite of defensive cybersecurity tools that use AI to fight emerging AI threats.
- Those include detecting anomalies in user behavior, scanning email to flag suspicious messages and mitigating threats to the organization.
- The firewall AI will provide security teams the capability to rapidly detect new threats, and it could potentially be deployed in front of any LLM running on Cloudflare existing Workers AI offering.
- Workers AI allows developers to deploy AI models at the edge at scale on Cloudflare’s global network.
- By putting the firewall in front of the AI, they can scan prompts submitted by users to identify attempts to exploit the model and extract data.
12:01 Jonathan – “It’s a good product. I don’t think it’s going to have much of a life, unfortunately, because I think this functionality will be easily built into commercial offerings. I think we even talked about this a couple of months ago, about having a second layer that checks the answers to make sure that it’s within the constraints of the intent of the person using the model in the first place. It’s nice that they’ve got this, because nobody else has it yet…I guess there’s value in having a third party be the firewall and not necessarily trust OpenAI or Anthropiq or whoever else to be the gatekeeper as well as the service provider.”
13:31 Cloudflare acquires Nefeli Networks and launches multicloud networking service
-
- Cloudflare launched a new service called Magic Cloud Networking that organizations can use to link together workloads running on different cloud platforms.
- The offering is based on technology the company obtained through the recent startup acquisition of Nefeli Networks Inc, which had previously raised 9M in funding from New Enterprise Associates.
- Cloudflare announced the deal, and did not disclose financial terms with the launch of Magic Cloud Networking.
- Enterprises often require the ability to establish network connections between different public clouds. A revenue forecasting application running on Azure, for example, may need to access a Google cloud database that contains last quarter’s earnings data.
- Connecting the two clouds can be difficult as the providers use different networking technologies that don’t always interoperate out of the box.
- Cloudflare says Magic Cloud Networking addressed the challenge.
- According to the company, the service provides a single pane of glass for managing networks that span multiple public clouds. Using a centralized interface is simpler than the traditional approach of managing each cloud with separate tools.
- Magic Cloud Networking takes care of configuring your constructs, such as VPN Gateways, Routes, and Security Groups, to securely connect your Cloud VPC Network to Cloudflare One. Once you are in Cloudflare One, Cloudflare will take care of route management, injecting and withdrawing routes globally across Cloudflare and all Connected cloud provider networks.
- “The majority of organizations are now using multiple public clouds in a meaningful way today, which is driving the need for solutions that drive greater operational efficiencies and agility,” said theCUBE Research principal analyst Bob Laliberte. “Cloudflare recognized this need and with the acquisition, it can leverage Nefeli to provide multi-cloud networking capabilities. This is clearly a win for Nefeli and Cloudflare customers and could mark the start of consolidation in the Multi Cloud Networking space as established vendors look to add this capability to their portfolio.”
- Other competitors of this type of product include Aviatrix Systems, Prosimo and Alkira.
16:42 Justin – “I don’t think it has quite the same use cases as something like Aviatrix does, but maybe that’s where it’ll go over time as they build out the product. But the way this press release works and the limited amount of content on the website so far, I’m not fully sure exactly where it considers its boundaries to be. But I’m definitely, you know, I’m happy to see another competitor in the space.”
18:14 Broadcom to offload VMware’s remote access computing business to KKR in $3.8B deal
- For those of you who use VMware’s End User Compute products, they have been sold to a PE firm, KKR & Co.
- The End User Compute division mainly focuses on the VMware Desktop products and KKR happens to own Alludo, which sells Parallels.
- Rumors allege that Carbon Black is also on the market to be sold.
- Selling the mighty VMware for parts, Racking up prices on existing customers.
- We can’t wait till the next Broadcom acquisition happens.
20:34 Jonathan – “Yeah, I think VMware went in some strange directions and their product portfolio was all over the place and Broadcamer very specifically narrowing it down to what they care about in data center workloads. And so maybe these products will actually get a better life elsewhere.”
AI Is Going Great (Or, How ML Makes All Its Money)
21:02 OpenAI Board Reappoints Altman and Adds Three Other Directors
- Sam Altman is now back on the board at OpenAI after an investigation into the circumstances of his short lived firing concluded.
- The investigation was undertaken by the WilmerHale law firm, which found that “Sam’s conduct did not mandate removal”. Instead, it found that his firing resulted from a breakdown in the relationship and loss of trust between the prior board and Mr. Altman.
- It also found that the old board acted too quickly without advanced notice to key stakeholders and without a full inquiry or an opportunity for Mr. Altman to address” its concerns.
- Most of the board members who were responsible left the board when he was reinstated.
- They have added three new directors to the board, including Sue Desmond-Hellmann, a former CEO of Bill and Melinda Gates Foundation, Nicole Seligman, former president of Sony Entertainment and Fidji Simo, CEO of instacart. This also increases the number of directors to 7.
22:05 Justin – “I do think it was interesting that they picked up Sue Desmond-Hellman, considering last week we talked about why you guys weren’t here. We talked about Elon and his big lawsuit against OpenAI and what they were doing. So yeah, it’s like, oh yeah, here we picked up a really well-known philanthropic board member to help make sure we keep that going.”
23:32 How generative AI will change low-code development
-
- The Cloud Pod is a trendsetter, and now Infoworld is writing up how AI will change low-code development.
- “Low code is dying in the enterprise, and AI will kill it,” says Anand Kulkarni, CEO and founder of Crowdbotics. “The big question is, why would you want to use low-code when you can use AI to create full code with the same effort?”
AWS
24:54 Amazon RDS now supports io2 Block Express volumes for mission-critical database workloads
- AWS is announcing the availability of Provisioned IOPS io2 block express storage volumes for all database engines in RDS.
- Io2 block express volumes are designed for critical database workloads that require high performance and high throughput at a low latency.
- With Io2 Block Express volumes, your databases will benefit from consistent sub-millisecond latency, enhanced durability to 99.999 percent over io1 volumes and drive 20x more IOPS/GiB from provisioned storage (up to 1,000 IOPS per GiB) at the same price as io1.
- You can upgrade from io01 to io2 block express volumes without any downtime significantly improving the performance and reliability of your applications without increasing storage costs.
- “We migrated all of our primary Amazon RDS instances to io2 Block Express within 2 weeks,” said Samir Goel, Director of Engineering at Figma, a leading platform for teams that design and build digital products. “Io2 Block Express has had a profound impact on the availability of the database layer at Figma. We have deeply appreciated the consistency of performance with io2 Block Express — in our observations, the latency variability has been under 0.1ms.”
- Database engines can support up to 256k IOPS at 4,000 MiB/s of throughput.
- Available for all RDS databases using the AWS Nitro System instances.
26:17 Matthew – “But it also is the same price as IO1, which is already costing you said arm and leg. So it’s nice that you can get these benefits of moving up to the newer tier with the newer technology without a price increase. Though normally Amazon does a price decrease to try to get people to move.”
30:37 AWS Cost Categories launches a revamped user interface
- Amazon is refreshing consoles all over the place, after giving us a new dashboard for WAF last week.
- This week they give us a new experience for AWS Cost Categories to simplify the Cost Categories creation workflows.
- The new user interface uses a split-view panel to improve the process of setting up Cost Categories rules; as well as to provide an interactive preview of the allocation of month-to-date estimated charges based on these rules.
- The split view panel allows you to add or edit Cost Category rules or visualize their effectiveness on cost allocation without leaving the consolidated view of all your rules in the rule table.
31:54 Matthew – “I was trying to play with this before the show and we are at like an hour and a half to two hours probably. And I’m still trying to get this to generate me the first cost category for a very small environment that’s like maybe a couple thousand a month…Oh, sorry, I have it backwards. If I spend more money, it runs faster because it has to process more data. Love that AWS bill.”
32:29 Introducing the AWS Generative AI Competency Partners
- AWS Generative AI Competency is designed to tell you which partners have the shown the technical proficiency and track record of continuing success with customers while implementing generative AI tech powered by AWS
- A ton of partners are now falling all over themselves to get this as fast as they can to get those sweet Gen AI leads – so don’t get upset with your vendor if they don’t have it yet.
33:53 Justin – “It’s really about the paperwork. It’s not about the actual ability capability. It’s about, can I, can I produce the documentation and evidence that I know what I’m doing to satisfy this Amazon person who, you know, his job, he doesn’t understand it fully and his job is make sure you don’t get the competency because they’re supposed to be hard about it. Um, and so yeah, I’m not, I’m not a huge fan of the competencies in general, but, um, you know, it’s nice that if you were looking for this.”
35:58 Experience up to 40% faster stack creation with AWS CloudFormation
- AWS Cloudformation has improved its stack creation speed by 40% and introduced a new stack creation event, CONFIGURATION_COMPLETE. This event is available at both the stack and resource levels.
- When customers create stacks AWS makes API calls to AWS services to create resources. Cloudformation emits CREATE_IN_PROGRESS, signaling the start of the resource provisioning and CREATE_COMPLETE, indicating the end of provisioning.
- The CONFIGURATION_COMPLETE is now used when the resource is created, applied the configuration specified but has started its eventual consistency check to complete. Cloudformation now leverages this to start parallel creation of dependent resources within the stack, this results in a faster stack creation experience without any changes required.
37:01 Justin – “So that means if you only provision one thing with your CloudFormation, it is not 40% faster. It’s only if you’re doing lots of things with your CloudFormation stack with lots of dependencies, that’s where you get that speed boost. So don’t get too excited if you have a very simple infrastructure.”
GCP
41:04 GKE provides fully managed Kubernetes support for Elastic Cloud
- Google is announcing a partnership with Elastic to support Elastic CLoud on K8 (ECK) product on GKE in Autopilot mode of operation.
- GKE autopilot is the default and recommended mode of operation to run your applications on GKE.
- Autopilot fully manages your cluster for you, but still gives you access to the full K8 API, and all the control you need to fine-tune your workload’s performance.
- Elastic Cloud on K8 or Eck, is their official Elastic Operator for K8. Eck is a great way to run the elastic stack on your cloud native k8 environment.
- Now you get automated K8, with Automated ECK…and may God have mercy on you when all of this implodes in your face.
42:28 Jonathan – “I’d love to know how it works under the covers because I know the elastic nodes have some very specific ways of working. The unique identifiers per host and things. I’d like to see how I’ve kind of hacked that to kind of make it work in a containerized way safely.”
43:13 Introducing Security Command Center Enterprise: The first multicloud risk management solution fusing AI-powered SecOps with cloud security
- Security in the cloud can be difficult with lots of tools, multiply that by multiple cloud providers and now things get even more tricky.
- Typically in multi-cloud you will resort to more third party tools that are cloud agnostic leaving behind the tools that you would have leveraged from the cloud providers.
- Google is here this week to help solve this, by announcing Security Command Center Enterprise, the industry’s first cloud risk management solution that fuses proactive cloud security and enterprise security operations — supercharged by Mandiant Expertise.
- Built on the google security fabric, security command center enterprise can help break down the silos of tools, teams and data that separate cloud security and enterprise security operations.
- The solution provides SIEM powered visibility and SOAR driven actionability is now brought into the world of cloud security.
- Security Command Center Enterprise capabilities include:
- Agentless and agent-based vulnerability management for finding security weaknesses in virtual machines, containers, and more;
- Security posture management to uncover cloud misconfigurations that could create to gaps in defenses;
- Threat detection using specialized technology built into the cloud infrastructure, and threat rules and indicators of compromise (IOCs) curated by Mandiant incident response teams and threat researchers;
- Integrated response workflows to efficiently remediate threats, misconfigurations, and vulnerabilities;
- Attack path visualization for understanding resource relationships and methods that attackers could use to infiltrate your environment;
- Google-recommended preventative and detective security controls designed for AI workloads
- Posture and governance controls giving DevOps and DevSecOps teams the ability to design and monitor security guardrails for their cloud infrastructure
- Cloud Identity and Entitlement Management (CIEM) for managing identities and privileges to help organizations move to a least-privileged access security model;
- Data security posture management (DSPM) for finding, categorizing, and managing sensitive data in cloud environments;
- And shift-left security capabilities for discovering issues before runtime. These include our Assured Open Source Software, that can provide developers with access to thousands of software packages tested and validated by Google, and infrastructure as code (IaC) scans of files and CI/CD pipelines to help identify resource violations.
45:28 Justin – “I wonder how it’s gonna actually connect some of the things together. It was a little vague on, you know, like, do you give it API keys for their clouds, you know, agentless and agents, I mean, you get to support, you know, install a network, it wasn’t fully clear some of the details. But they do have some sessions happening at Google Cloud Next. So potential opportunities to learn more while I’m there. So I will definitely be checking out one of those sessions.”
Azure
46:17 What’s new in Azure Data, AI, and Digital Applications: Data operates as the currency of AI
- Not much that we haven’t already covered or ignored for the dumbness that it is.
- But a few jump out at us as notes that some of our listeners may be interested in:
- Azure OpenAI service: Assistants API, new models for fine-tuning, text-to-speech, and more.
- Microsoft Fabric is now HIPAA compliant (look forward to Wiz or Orca getting access to our PHI data)
- Native Document support for PII redaction and summarization
- Two new Finops tools for your sustainability including Azure Carbon Optimization and Microsoft Azure Emissions Insights
- SQL Server enabled by Azure Arc now offers Azure SQL Migration Assessment
- New Migration Service in Azure Database for PostgreSQL
- Azure SQL database hyperscale outpaces Amazon Aurora PostgreSQL by up to 68% in performance and value.
44:26 Matthew – “I mean, I guess they do appreciate Azure not just putting out an article for every single tiny announcement that they could possibly think of. So it’s kind of, they do the opposite of AWS in a little bit of a way.”
Aftershow
49:18 Apple to Wind Down Electric Car Effort After Decade long Odyssey
- Project Titan, or the “self driving electric car” project that Apple has been working on for 10 years and 10 billion dollars of investment is being shuttered
- This was considered one of their most ambitious projects with nearly 2000 employees working on the project.
- The project has had its issues with several reorganizations and leadership changes that have reset the program
- Many employees on the team will be shifted to the Artificial Intelligence Division, focusing on generative AI projects which are an increasingly key priority for the company
- There will be some portion of layoffs
- Stock was unimpacted.
- Apple is interesting, but I think the idea of self-driving cars has been a road too far to cross with our current technology. I believe I may owe a friend of the show a bet as 10 years ago I was pretty convinced by 2025 we would be at full self-driving… but I think we’re going to come up short. The tech just isn’t there yet.
Closing
And that is the week in the cloud! Just a reminder – if you’re interested in joining us as a sponsor, let us know! Check out our website, the home of the Cloud Pod where you can join our newsletter, slack team, send feedback or ask questions at theCloud Pod.net or tweet at us with hashtag #theCloud Pod