Episode Transcript
[00:00:00] Speaker A: Foreign.
[00:00:06] Speaker B: Welcome to the Cloud Pod, where the forecast is always cloudy. We talk weekly about all things aws, GCP and Azure.
[00:00:13] Speaker C: We are your hosts, Justin, Jonathan, Ryan and Peter.
[00:00:17] Speaker A: Episode 74, recorded on June 3, 2020. The Cloud Pod gets their groove back. Good evening, Peter. How's it going?
[00:00:25] Speaker D: Hey, going great.
[00:00:27] Speaker A: How about you, Ryan?
[00:00:28] Speaker C: Doing well, Doing well.
[00:00:30] Speaker A: And Jonathan?
[00:00:31] Speaker B: I'm pretty good. I ordered a pool today.
[00:00:35] Speaker A: Oh, that's a bit of investment. Unless it's the inflatable kind you buy from Amazon.
[00:00:40] Speaker B: It is not the inflatable kind.
[00:00:42] Speaker D: You can order a pool.
[00:00:44] Speaker B: Well, you sign a contract for construction, I guess so.
[00:00:46] Speaker A: When I was lamenting in the office one day about how much per swim costs, because I calculated it between the chemicals and the pool service and the water bill and all the electricity to run the pool cleaners and all that, and I basically told you that I calculated out to $12 a swim. You didn't listen to me, did you?
[00:01:04] Speaker B: I did.
[00:01:06] Speaker A: And yet here we are. You're buying a pool. So there you go.
[00:01:10] Speaker C: He had extra money and it is really hot outside and we're all stuck at home.
[00:01:14] Speaker A: It is very hot today. It was very, very warm. Yeah.
[00:01:17] Speaker B: Yeah. I just got a feeling all the gyms are going to close down and the city pool probably have limits on the number of people they have in there at a time and stuff like that, but just. I like hanging out in the pool.
[00:01:26] Speaker A: Nice. Well, I do have a fantastic pool service when you're ready to go.
[00:01:30] Speaker B: I thought you would have automated it.
[00:01:31] Speaker A: You can automate some of it. Still got to be maintained. All right, well, we have a busy, busy week this week, so first up is our good friends at Mirantis. I don't know if you know who Mirantis is. I forgot until this article came out, but they apparently bought the Docker Enterprise assets from Docker back in November. We did talk about on the show, and we did tell you on the show that we would let you know when they did something with it. And they have apparently announced their first major release since they acquired it, which is The Docker Enterprise 3.1 release will bring you new features for Kubernetes as well as GPU support for AI and ML applications. They did intend to integrate Docker Enterprise into the Mirantis cloud platform, which allows enterprises deploy and run Kubernetes on premises.
[00:02:12] Speaker C: Feel like it's a bit Groundhog Day. Like you said, I have to relearn what Mirantis is every time they make an announcement. So last November, I was like what do they do? Again, reading through this, I had the same thing where I had to go look it up and go look at what their offering was. I get it, okay. It's managed Kubernetes. Right on.
[00:02:27] Speaker A: I mean, it's still sad to see Swarm die such a horrible death and just get consumed by Kubernetes in this way. So there you go.
[00:02:34] Speaker C: I did not like Docker Swarm.
[00:02:36] Speaker A: I was not a fan myself personally, but I see the value for small companies. And now those small companies now get invest in Kubernetes in a big massive way and spend a lot of money building Kubernetes skill sets. So, you know, the startup community loses. That's all I can see.
[00:02:51] Speaker C: That is true.
[00:02:53] Speaker A: Well, speaking of Docker, Docker comms this week and you know, one of the things going into it was that this is the smaller, simpler Docker looking to get its groove back. And this has been a couple, much less two years for Docker. I remember being at DockerCon with Ryan when they announced their first enterprise product and thinking, oh, okay, they figured out how to monetize and that turned out to be terribly wrong because they were too late for Kubernetes. Apparently Dockercon, being free and online attracted a lot of people. 60,000 people registered for the event versus the 4,200 people who traveled to San Francisco last year. And apparently the only two products they have left are Docker Hub and Docker Desktop. Docker Desktop, of course, being the strongest of their products. So we go to our friends over at 56K Cloud who did a lovely recap for this because I couldn't be bothered to read all their press releases. Apparently during the keynote they announced their new strategic partnership with Microsoft, which we'll talk about in a little bit. Windows Containers and Windows scripting language to reach general availability. And then from the Docker Desktop, you'll be able to push containers to the Azure container instances. Then Docker Hub has some new features for you for security and teams. And Docker Hub and Docker Desktop will get even tighter integration than they already have. Apparently. The Docker Hub security is being provided to you by Snyk. Snyk. For those staying at home, it's kind of like Snyk from when I was a kid on Saturday night. Nic, I don't know if you guys remember that. That's the only SNCC I was ever aware of, but that is where you to scan your Docker Hub. And that is all available to you now from dockercon, which was a little Bit of letdown when you don't have all the enterprise stuff. But Docker Hub and Docker Desktop can be very cool and so I'm glad to see that they got some good attendance at their conference.
[00:04:23] Speaker B: The only thing I remember about Docker Desktop is every time there's an update it's like a gigabyte download. Haven't they not caught up with the idea of Deltas anymore?
[00:04:32] Speaker A: I noticed that when I'm not even running Docker containers that sometimes it just sits there sitting with 800 megabytes of memory just sucked up for no reason. I don't understand.
Well, our Chinese cloud Alibaba has had revenue growth to 62% but that means it's about the 6% or sixth size, sixth the size of AWS. Their cloud revenues grew 62% in the year to an annual run rate of 5.6 billion, which is significantly smaller. There was a couple of good quotes here from the Alibaba CEO and Executive Chairman Daniel Zhang. I'd like to say that in the US and in other more developed markets the SaaS and whole ecosystem developers are more mature already. Whereas in China that developer ecosystem in SaaS is just getting started and Alibaba very much looks forward to partnering with developers to growingly create a very robust ecosystem in China. So there you go. Very, very interesting. They think it's just day one there in China for SaaS and cloud services and they still think they have potential to become a very big juggernaut.
[00:05:28] Speaker D: Yeah, Alibaba has obviously the regional advantage, so really if you think about it, all they have to do is just metoo features from the lowest hanging fruit up and follow Amazon's lead and they can destroy it in China.
[00:05:44] Speaker A: Yeah, I mean definitely you have China, Amazon Resources, you have Microsoft in China, you have Google probably in China in the future at some point as well. So I mean they are definitely still competing with the big players, but the Chinese market may have preferences towards state owned entities.
Well other than dockercon this week also chefconf happened. Chef has had a rough year as well, you know, with the all of the fallout of some of their open source blunders. Their conference was also held virtually thanks to Covid and of course Chef is the predominant configuration management software platform even though they still run on Ruby and I don't quite understand why Saltstack and Ansible and everyone else hasn't just totally destroyed them yet, but they're currently not. So they have three, they have several new features. This week they announced a lot of things for Chef Core and things that we won't talk about here, but three big ones I wanted to highlight for you guys. The first one being Chef Compliance. Chef Compliance, which of course is powered by Chef and Spec, has been one of their best products over the last few years. This ensures compliance on endpoints across heterogeneous, hybrid and multi cloud estates while improving speed and efficiency. They have two new offerings for this, including the Chef Compliance Audit, designed for information security and SecOps teams who wish to maintain complete visibility over the compliance status of their estate. It provides extensive audit content based on CIS and Diesel standards and as well as the new Compliance Remediation which allows you to close the loop between audit and remediation and enable continuous compliance.
[00:07:03] Speaker D: Yeah, I love how they really focused obviously on the security aspect, but INSPEC I also think is super cool just for implementing test driven infrastructure development.
So I hope they continue to invest it.
[00:07:19] Speaker A: I think they will. I mean I think that was why they built it was for that test driven development side of it. And then it happens to be really helpful for compliance. It was a nice extension. The next one I'm actually super happy about and I'll tell you why when I get through this, but the Chef Desktop. This enables IT managers to transform their own configuration and compliance requirements as human readable code in order to deploy, manage and secure entire fleets of laptops, desktops or workstations from central locations. There's a zero touch process for enrollment and provisioning of laptops and desktops for both Mac and Windows. There's automated software application deployment and management, automated policy setting on endpoints with flexibility to fine tune low lift roll outs of software and application updates, transparent device known states by artifacts and security policy enforces via configuration profile, data encryption system updates, etc. Again, supporting that continuous compliance story. But for IT resources, for me this one is super exciting because this is a way to get rid of Active Directory. And as you guys all know, I hate Active Directory, I hate group policies, I hate everything about them and I think they're a terrible bane on the existence of computing at this point. But so this is a way for you to actually enforce all those things you're doing in group policy, all those things that AD brings to the table for you. You can now enforce this infrastructure as code as part of your Chef desktop. I think this is really cool.
[00:08:30] Speaker B: Yeah, it seems like a really natural use for the tool. I'm surprised they hadn't thought of it sooner.
[00:08:34] Speaker A: There have been people for a long time who've been sort of doing it, but it was never really a first class use case of Chef. And so when you ran into weird edge cases of the desktop UI or Mac os, Chef didn't really prioritize fixing some of those issues. So now that it's a product, I'm hoping that they'll start actually really building out some of the features, maybe even give you capabilities to replace something like MDM solutions as well.
With Chef checking into the compliance engine every 15 minutes, it can handle Drift very, very quickly.
[00:09:01] Speaker C: And I was very impressed with the managed configurations that they're offering as part of this product too, because if you're like an IT shop, especially if you're managing desktop hardware, maybe you're not that familiar with infrastructure as code or Chef cookbooks and data bags and the whole can be kind of complex. And so having those managed is going to be great for those teams.
[00:09:21] Speaker D: I've seen so many tools do this badly, I can't wait to see one do it well.
[00:09:26] Speaker A: Yeah, we'll see if they actually make it well. But I have high hopes and I do hope this one becomes a pretty serious product because I'm super excited. And then the last one is something I've actually wanted to build several times around, which is that you can now integrate chef infrastructure into ServiceNow CMDB. So basically, when the Chef system, and this is a component called Knife, basically scans the infrastructure to determine the associated CI data, it can now pass that to ServiceNow as well as to Chef Automate, as well as ServiceNow CIs can be imported into Chef Automate. So this means that all of the data that Knife can now be available to you is now integrated directly into ServiceNow. So you can make that part of your change management process and track all of your assets and all of your different components, all with the simplicity of having Knife. So not only do you get the power of Knife, which is amazingly complicated with what it can provide you, but it also gets rid of another agent on your box, which is their discovery agent, or it's a need to connect to your box in some way from another remote host and scan your box. So both of those are fantastic wins in my book. You get that compliance, you get that ServiceNow capability, and you get that full data set that Knife provides of your known state every 15 minutes, which is.
[00:10:30] Speaker B: Pretty great, I guess in combination with the last one with the Chef desktop makes a lot of sense. Now we can easily alert on configuration Drift or people installing things they shouldn't or things that are as compliant using cmdb. So that's Cool.
[00:10:45] Speaker A: Yeah. So there's other things from Chef Conf this week that if you're into Chef in a big way, do go check out some of the articles and videos they have available to you on YouTube and on their Chef Conf website. There's a lot of really cool stuff. They always have really good announcements, but These are the three that I thought I'd share while moving on to AWS. SaaS contract upgrades and renewals are now available for Marketplace. Of course, the Marketplace has offered over 7500 listings from 1500 independent software vendors. And you can take advantage of things like free trials, hourly or usage based pricing, monthly annual AMI pricing, and upfront pricing for one, two or three year deals. And one of the challenges if you've ever started out with like, hey, we're going to try this particular subscription, you know, a one year deal or an hourly deal is that you commit to it. And once you commit to it, if you then realize, oh wow, we need a lot more users or a lot more systems and you can get volume discounts. There was no real way to get there. So what you didn't have had to do is go talk to the vendor, negotiate your special pricing and then they give you a private offer and you have to actually cancel your existing contract and establish a new contract to get the changes. So this now actually allows you to modify your existing contract and take advantage of the new advantages you've now done. So new pricing, payment schedules, revised contract end dates, and changes to the EULA can now automatically be a applied to your existing SaaS contract, which I think is really great. So just kind of eliminates a little bit of an annoyance. That was kind of a pain, especially if it was something like a SaaS coupled to a Salesforce opportunity or something else. There was some limitations with how you had to do that and a lot of times it was me on a phone call with the vendor and Amazon so we could cancel, change, renew, and not end up repaying for the same product twice. So I think at the end of the day that's going to be a really nice enhancement to the marketplace.
[00:12:30] Speaker D: I haven't bought any SaaS offerings through there at all.
[00:12:36] Speaker A: Well, when you have a very large EDP commitment that you'd like to fulfill, buying as much as you can through the SaaS Amazon Marketplace is super handy.
[00:12:45] Speaker D: Oh, I get it. Cool.
[00:12:47] Speaker C: Yeah, I didn't understand what this was until you explained it in the way that I am familiar with, which is the coordination between Amazon and the vendor and me sitting in the middle having to click the button at exactly the right time and give everyone the screenshots to prove that I did it. Now I understand what this does.
[00:13:03] Speaker A: Now you completely understand what it is. Yes, exactly. Well, the next one is single sign on for Amazon has got another partner. So we mentioned a couple weeks ago that they had partnered up with Azure Active Directory so you could basically connect your Azure ad to Amazon single sign on. They have now extended that to the Okta Universal Directory. This integration allows you to set up your Okta groups and users as members and then have those replicated to AWS Single sign on. And that also allows them to automatic provisioning of your users in Amazon Single sign on, which is one of the big features that Okta kind of brings to the table for SaaS apps. That's all available to you now natively with these integration between Single sign on and Okta. So that's really great too. One thing to say about Okta Universal Directory, again, my war path of Active Directory sucks. Active Universal Directory is another way to kill your Active Directory. So just one more advantage of getting away from that pesky old ad.
[00:13:53] Speaker D: Yeah, I think we're going to. I bet we implement this like three or four times by the end of this year.
Tons of people who are already on Okta but want that tight integration that AWS SSO has. I think it's going to be a big hit.
[00:14:06] Speaker C: Yeah, I agree.
[00:14:07] Speaker A: Yeah, I think so too.
[00:14:08] Speaker C: My day gig, the first thing I saw when I read this announcement was I started thinking about our sophisticated thing that we use to migrate or navigate multiple accounts. And this is slightly smoother. And even though this works pretty well, you know, our current solution works pretty well.
Tight integration with AWS SSO is hard to beat.
[00:14:29] Speaker A: So it's very tempting. And think about like right now and the way we have our setup. We use adfs and we connect into it. We get a long list of all of the Amazon accounts that we have access to. And so you know, if you use Okta, that all becomes part of the Okta Dashboard. And so it's all right there. Click into the account you want. You don't have to go through Amazon's terrible UI to do it.
There's also lots of advantages. Plus they have a really sweet Single sign on CLI tool to help you do the single sign on with your Amazon credentials, which is one of the big pain in the butts about using single sign on solutions when you want to use the CLI capability. So having that native tool is kind of built for you and you don't have to manage and maintain now Okta is going to do for you. That's really great too.
[00:15:07] Speaker C: Well, and you can go from SSO between accounts as well. You don't have to go back to Okta and go back to that dashboard. It's.
[00:15:13] Speaker A: It's pretty slick.
[00:15:16] Speaker B: Presumably with the universal directory you have to have your source of truth be managed by Okta. Do most people do that? Although most people still just use Okta as the SSO piece in front of their own ad.
[00:15:26] Speaker A: So you can do it both ways. So you can either have your source of truth be ad on your premises that Okta is connecting to and they basically syncs it to their universal directory in the backend, or you can get rid of your ad and just use their universal directory. And another thing, we were talking to Okta a little bit. They also have the ability to actually handle SSH log into boxes. So when you think about the Amazon ecosystem and being able to plug this all in with aws, IAM and some of the SSH capabilities we now have with transparent SSH to boxes tied all to your Okta identity, you can see why you could get rid of ad or this as well. For those of you who use Amplify and if it's one of you and you are really excited about Amplify, please reach out to us because we'd love to talk to you more of the show because we'd like to learn more about it. But Amplify has a set of tools and services for building secure and scalable mobile and web applications applications. And if you are building iOS and Android applications, they have a new Amplify for iOS and Amplify for Android libraries available to you now. This reduces the number of SDKs and CLIs you have to basically integrate into your native IDE. And this is a really simple way to now get access to all of the backend capabilities of Amplify, including authentication, data storage and access, machine learning predictions, et cetera, as well as we provide a declarative interface allows you to programmatically apply best practices with abstractions. And if you think in terms of use cases instead of Amazon services, this could result in higher level abstraction, faster development cycles and fewer lines of code. So overall this is a pretty nice feature for those of you doing iOS and Android development on top of the Amazon ecosystem. So check that out.
[00:16:55] Speaker C: One of these days I'm actually going to take on the challenge that I set for myself years ago and develop an iOS app just so that I can use something like this and know what I'm talking about, at least in a rudimentary kind of way, but so far I have not done it.
[00:17:07] Speaker A: Yeah, I tried it once when they didn't have Swift, and Objective C turned me off pretty quickly. But my understanding is Swift is a significantly better programming language for iOS devices. So I should probably. Maybe you and I can partner up. We'll just do it together. We'll make a CloudPod app.
[00:17:21] Speaker C: CloudPod app. I love it.
[00:17:23] Speaker A: Yeah, there you go.
[00:17:24] Speaker D: Topical.
[00:17:25] Speaker A: It would, it would. Then we can have Justin and Ryan do the thing and we curse a lot and drink a lot of booze.
Well, the next one up here is something that Ryan and Jonathan at least be a little bit happier about. Network Load Balancer now supports TLS ALPN policies or Application Layer Protocol Negotiation for those playing at home. These are policies for the Network Load Balancer. ALPN is a TLS extension supported by all major browsers that enables the negotiation of the protocol used after establishing the TLS connection, such as HTTP 2, which is actually a official name for HTTP 2. When you talk about it like I don't even know Using ALPM policies though, you can now offload your applications TLS HTTP 2 traffic to the network Load Balancer, improving your security service security posture and reducing your operational complexity. You can set this up by simply applying an ALPM policy to your Network Load Balancer TLS listener and going and figuring all this out. So this is nice if you are trying to offer HTTP 2 WebSockets that you can now allow that through the ALB then reroute it to the NLB for this use case.
[00:18:31] Speaker C: Yeah, I really like the ability to filter and create rules based on at this level I guess is what I like. And so all the application layer 7 stuff that you're seeing and then on top of things like these ALPN policies where you can route traffic to different groups or target groups or what have you to make choices. It's pretty sophisticated and kind of neat.
[00:18:56] Speaker B: The thing that did have a catchy name was Speedy SPDY. The Googles first go at reimplementing HTTP but it lost to HTTP 2. I think SPDY is a much better name though.
[00:19:08] Speaker A: Yes, I like SPDY as well. Amazon ECS is launching support for container health checks and a new user interface for load balancers in Spinnaker version 1.20.
This allows you to use container health checks through a Spinnaker deployment pipeline which is integrated with ECS services. ECS Container Pipeline Queries Determine whether containers are ready to accept requests and then moves on through your Spinnaker pipeline through the deployment window. So this is a great way to do Spinnaker with ecs. I'm not a huge Spinnaker fan personally, but we'll turn it over to our container expert.
[00:19:40] Speaker C: Yeah, I was really hoping for something that was going to make me like Spinnaker a little bit more and this doesn't in the slightest. It's one of those things where it's still just against everything in my nature for how to manage containers. So you can set up a single ECS cluster somehow and you can then point Spinnaker deployments at it. There's no concept of multiple clusters inside of an AWS account which, you know, like. It just. Some of these concepts just don't make any sense to me. Like they've, they've adopted some very native cloud, you know, multi cloud policies in Spinnaker recently, but they still are really behind in what I consider, you know, a sophisticated container deployment orchestration. So it's, you know, health checks are great if you're using Spinnaker and you have a team that's managing your single ECS cluster for you and you can just do your deployments. I'm sure this helps out a lot of teams, but I just believe that application developers should have a little bit more insight into the cluster cluster workings and when you don't, you lose so much.
[00:20:44] Speaker D: Do you think it has to do with just the heavy Netflix influence and their real specialized use case for what they need to do?
[00:20:52] Speaker C: I mean, possibly. I mean, the heavy Netflix influence I thought might have died in the way of EC2, but you know, when Spinnaker sort of, you know, became open source and started adding Lambda support and other serverless support, it sort of diverged from what I thought was that heavy Netflix influence, but I don't really know, but it could be.
[00:21:10] Speaker D: It's just every one of those products, when they come out, it seems like something that I could use in a general sense across lots of customers. And then you dig into it and it's got very specific use cases and I know Spinnaker is different, but I was just curious. I haven't. I know that we, we just did a Bake off with that for Kubernetes deployment and it lost due to some of the heavy uncomfortable configuration that had to be done to get it to do what we wanted it to do.
[00:21:45] Speaker A: What did it lose to?
[00:21:49] Speaker D: One of them was Flux cd, which, yeah, lightweight, simple, easy to get going with a few disadvantages. But yeah, that was the one for that use case that we picked.
[00:22:05] Speaker A: Did you evaluate any others or just those two?
[00:22:07] Speaker D: Yeah, there was one more and I can't remember what it was. That's what happens when you don't do the work yourself.
[00:22:14] Speaker A: I understand it was a Sprint demo. Justin, why are you harassing me?
[00:22:17] Speaker C: So I'm still waiting for that unicorn of a service where I can manage my underlying infrastructure and I can manage the deployment of my application in terms of like blue, green or canary or rollback, roll forward all in one place. And so far I have not found that special little box that contains everything and that's what I really need.
[00:22:41] Speaker A: Yeah, I think it's the issue that the, you know, the Kubernetes model is centralized Kubernetes cluster distributed application deployment and so no one has a need to build the same tool for both use cases, unfortunately.
[00:22:57] Speaker D: You experimented all with Drone by chance?
[00:23:01] Speaker C: No, it's on my list, but I haven't yet.
[00:23:03] Speaker D: We had good experiences there. It's not pure open source like most. You can't really get away with the pure open source version, so that's a little bit of a blocker for some people, but good experiences all around on it from a usability standpoint.
[00:23:20] Speaker B: Hey everyone, Jonathan here. I just wanted to take a minute to thank the cloud consulting gurus at Foghorn for helping make the cloud pod possible. These folks truly get it. Cloud consulting experts since 2008. They are premier tier partners with AWS, Google Cloud Platform Silver and Microsoft Azure partners from multi cloud to containers to moving full production workloads to the cloud under the tightest compliance. Foghorn's team of full stack cloud engineers have been there, done that, gotten the T shirt and are ready to share their experience with you if you're in the market. For some talent to supplement your team, visit www.fogops.IO thecloudpod www.fogops.IO TheCloudPod Foghorn the Promise of Cloud Delivered.
[00:24:05] Speaker A: Well Amazon Shield Threat Landscape Report is now available for you, of course. SHIELD is the managed threat protection service that safeguards applications running on Amazon against exploitation of application vulnerabilities, bad bots, and distributed denial of service attacks. The Threat Landscape Report, or tlr, provides you a summary of threats detected by Amazon Shield and is created by the Amazon Threat Research Team, who continually monitor and assess the threat landscape to build protections on behalf of all AWS customers, including rules and mitigations for services like AWS Manage Rules for Amazon WAF and AWS SHIELD Advanced. There's some interesting data in the Q1 report that I thought I'd share. So they break this into volumetric threat analytics and malware threat analysis. And so under the volumetric threat, the total number of events for Q1 of 2020 versus Q1 of 2019 was 310 or 311,000. Racing rounded up, or about 23% up. The largest bit rate attack was 2.3 terabits per second, which is up 188% from prior year. That's a lot of data.
Interesting enough, the. The largest request rate of 694,201 was down 31%. And they did say that in the period they had three days of elevated attack, period, which was up 200% from the quarter a year ago. And we say elevated threat means there's three or four, three or two or three major attacks happening simultaneously on their infrastructure at the same time. So they had three days where that actually occurred. Which, you know, I wasn't impacted at all by any of that. So, you know, good job AWS for keeping that away from me, as you did. Interesting enough, the malware threat analysis is a little bit different. So they compare in this one Q1 2020 with Q4 2019. And so this is interesting because the first one, the total number of events or threat events that they attacked was 1.1 billion in Q1, which is up 57% from Q4.
So, you know, everyone's out there telling you how crazy things are going on with COVID and the security space and all that. A 57% impact of threat events in one quarter is massive.
[00:26:07] Speaker C: Yeah.
[00:26:08] Speaker A: And then unique suspects was up. It was 1.6 million, or up 33% from Q4 to Q1. So maybe a lot of unemployed hackers out there trying to get their money situations.
[00:26:20] Speaker B: A lot of bored people.
[00:26:22] Speaker A: Yeah, a lot of bored people, unfortunately. But that's, you know, so when you talk about the threat and you know how much more efficient attacks there are, how much more things are going through the systems, you know, one cloud provider saw 60% increase. That's. That's a lot.
[00:26:35] Speaker D: I think at some point they just get tired of not succeeding.
[00:26:39] Speaker A: Well, I mean, this is what they caught. What, what did succeed? That's the question. How many. How many S.3 buckets were compromised with bad permissions? I mean, there's all kinds of. And we talked a lot about this, actually, in our fugue interview with Josh Stella. Right. So we talked a lot about this on his, on his interview on TCP talks Where we talked about their cloud security report survey. They just did. And we had a lot of talk about this kind of thing. So definitely check out products like Fugue and others to help you keep your environment secure.
[00:27:05] Speaker B: How many dollars a minute is 2.3 terabits a second?
[00:27:09] Speaker A: Yeah, really for the show I was reading about, you know, and right now there's a national tragedies happened. You know, George Floyd dying and at the hands of police officers and the black lives matter and all of the different things that are happening there. And you know, that's bad. One of the interesting things was that apparently there's some software that a lot of the police stations use to track protesters and apparently it has some vulnerabilities and it ended up resulting in a large amount of Korean K pop being uploaded to their S3 buckets and traumatic amounts of money, you know, which you know, is its own thing. But you know, we don't typically talk about politics here. But yeah, it was a little bit of a side interesting note that I was like, huh, that's really interesting story.
[00:27:50] Speaker B: That's interesting. That correlates with a post I had on Twitter a While ago about S3 vulnerabilities and how to spend people's money for them by doing S3 copies. And you know, all those public buckets, we've got massive data sets in from the weather service and stuff. My suggestion was to just use like an S3 copy to copy from one of these public buckets to somebody's open bucket. You could copy terabytes and terabytes of data, they wouldn't even know.
But I've had so many more likes on that in the past few days. And that's interesting.
[00:28:18] Speaker C: Now we know whose fault it is. So.
[00:28:20] Speaker A: Yep, good job.
[00:28:21] Speaker C: The authorities come.
[00:28:25] Speaker B: Now. I can cut that bit out.
[00:28:29] Speaker A: Your tweet's still out there. Your tweet's still out there, sir.
[00:28:32] Speaker B: It is.
[00:28:32] Speaker A: Well, Amazon Redshift is now processing queries two times faster when they need to be compiled. This improved query performance when you create a new redshift cluster onboard a new workload on an existing cluster or alter software or alter the software on the cluster. With this update, query compilations are now scaled to a serverless compute engine beyond the compute resources of the leader node of your cluster. And Amazon is also releasing unlimited cache to store compiled objects to increase cache hits from 99.6% to 99.95% when your mission critical queries are submitted to Redshift.
[00:29:02] Speaker B: It's coming serverless Redshift is Coming all these little steps. All these little steps then building out little parts of the service.
[00:29:09] Speaker A: Baby steps.
[00:29:10] Speaker C: Yeah. The fact that they're scaling computer I.
[00:29:13] Speaker D: Think it's an important direction to go with. I think that's one of the advantages that people talk about Snowflake having over redshift. So I think they got to go this direction.
[00:29:24] Speaker A: Moving on to Azure at Microsoft Build Azure announced the Azure peering service is now generally available as well as introducing new routing preference a new option for Azure customers to further architect and optimize their traffic to and from Azure over the public Internet. The peering service allows you to optimize the path to your doorstep. So this is not like AWS peering. This is actually Internet peering in the case or industry terms to the last mile delivery. Azure partners with ISPs, Internet exchange providers and software defined cloud interconnects providers to provide reliable and performance public activity. And you can now with the new routing preferences you can say if you like all of your traffic to route over a specific carrier like AT&T or Verizon or default to the best performance for Azure. And they actually have some interesting graphs here that I put into the show notes that I will do my best to describe. There's a long purple line that goes very long and there's a short green line that's on the Azure network and it's much shorter than the purple line. But we'll keep this in the show notes so you guys take a look at it. But basically the performance on the Azure backbone is actually significant. Pretty impressively fast compared to the public Internet. It looks like the round trip milliseconds between the US east and US north region on the public Internet set was 27 seconds. On the Azure backbone it was 23 seconds. And from Ireland to US west was 146 milliseconds on the public Internet down to 120 on the Microsoft network. So there you go. Pretty big improvements.
[00:30:49] Speaker C: I will say those graphs are a little misleading because they are not to scale when you look at the differences between they are not.
[00:30:56] Speaker A: I agree.
[00:30:57] Speaker C: Yeah, the numbers are pretty, it's still impressive. But the lines are misrepresented.
[00:31:02] Speaker B: Ping times on the whole story though, right? I mean if you have a very non busy network then ping times are going to be great. When do they test this?
[00:31:08] Speaker A: Like before they release the product of course.
[00:31:11] Speaker B: Middle of the night, 3 o'clock in the morning. The quality of this kind of material that comes out of Microsoft is very questionable.
[00:31:17] Speaker C: It's not just Microsoft.
[00:31:19] Speaker A: It is not just Microsoft. And you know, anytime we talk about these type of numbers on the show or any other time, definitely do your own testing because your results will vary tremendously from what they're saying. Azure workload is different and that's fine and that's okay. We're all right with that. Everyone is different.
[00:31:35] Speaker D: I'm just waiting for the comment about the name of the Microsoft Network for Premium Network Premium.
[00:31:43] Speaker A: Yeah, it was a little bit interesting that this article was missing costs. I didn't see anywhere. I mentioned how much it was going to cost you to run the Azure Premium Network versus your own, but I didn't go much further down the rabbit hole.
Actually. Someone even commented on this. What's with the misleading bar graphs? It makes Microsoft look desperate, so you go. Somebody even commented on their own blog post that they were looking a little desperate and hilarious. All right, well, as we mentioned the top of the show at dockercon, Microsoft and Docker are collaborating in new ways to deploy containers on Azure. This includes the integration of Docker Desktop into Visual Studio line of products. The Docker Desktop Built in Tools features and Command line utilities will provide a way to natively set Azure as a context, run containers in the cloud with Contact and run in Azure containers with a few simple commands. And this allow you to set Azure context for your containers and run them in Azure Container Platform right from your Docker Desktop. This will all be coming to Docker Desktop very, very soon. I hope it also doesn't include a 300 terabyte download to get the base Windows container as well.
[00:32:44] Speaker B: Not if it goes through the Microsoft Premium Network. It won't take that long.
[00:32:47] Speaker C: Yeah, I was all set to make a joke about the size of Windows containers, but now I'm just lusting over integrating Docker Desktop with Visual Studio and my life will be complete.
[00:33:00] Speaker A: There's a lot of plugins of Visual Studio code for Docker already.
[00:33:03] Speaker C: Yeah, no, I use several.
[00:33:05] Speaker A: Well, the Azure Maps creator has really bad timing as it gets announced in preview. Enterprises are continuing to evolve their digital transformation journey and there is a need for augmenting Azure Maps content with project specific and private business knowledge of places. And so you can now use the Azure Maps creator in Preview to extend location intelligence to indoor spaces. Yeah, indoor spaces. Not a place that you're going to need a lot of mapping these days, unfortunately. But enterprises can take advantage of Azure Maps capabilities to optimize business operations and transform their business strategies and location and map services. They also go on to talk about the tight integration with IoT based location beacons and how that helps you navigate patterns. And so they have a really cool demo in here where they talk about finding someone's cube in a very non socially distanced office floor plan that basically helps you find your way through a building or through a shopping mall or whatever. When I was at a three letter named company that sold help desk software, we had a product that worked on mobile and one of the things was wayfinding in the mobile application and being able to give you turn by turn directions in the office building. And the biggest blocker to adoption of that was the cost to map your office space to even use it. And so this is a great feature for companies who are really interested in that kind of capability and have large enterprise campuses that no one is at right now if they want to help people get around.
Maybe Azure could use this in the warehouse technology though. Maybe that'll help them out, I don't know.
[00:34:25] Speaker D: I was at a three letter acronym technology company at a huge office that literally every single it was the perfect grid. Every single aisle was identical. This would have come in so handy. I got lost so many times going to the bathroom.
[00:34:40] Speaker A: Yeah, when I was a, when I was a wee lad in high school, I think I did an office visit to Weyerhaeuser's corporate headquarters in Seattle. And it was just a massive cube farm. They partner you with this person and it was an IT person because of course I was a nerd and I wanted to be in computers. And so you know, I'm in this basement at Weyerhaeuser in this Q farm and she's like, we're gonna talk to Bob. And you know, I just trying to follow her through the curves and the turns of this, you know, eight foot high cubicle wall. I was like, this is awful. And I was like, I almost swore off ever going into it because I was like, I don't want to do this job. This is awful. Like you're in a terrible building with, you know, with these terrible cube walls and it like it reminded me of Dilbert cartoons right there. It was pretty awful. Memories of times when you could go outside. Well, Azure has a new virtual machine type for you. Actually two of them. The new really released DD V4 and EDV4. That's a rectile dysfunction instance type if you weren't playing along at home. These offer up to 64 virtual CPUs and are based on the Intel Xeon Platinum 8272 CL processor. These processors run a base speed of 2.5 GHz and can achieve up to 3.4 GHz all core turbo frequency when using Viagra. The DD and DDS virtual machines feature fast large local SSD storage up to 2,400 gigabits per second and are well suited for applications benefit from low latency high speed local storage. The ED V4 series and EDS V4 series virtual machines offer up to 504 gigabytes of RAM.
[00:36:04] Speaker B: Good to see Microsoft finally got their ED instances off.
[00:36:09] Speaker C: My sense of humor hasn't really matured since I was about 12 so this works out.
[00:36:14] Speaker A: Yeah and you know I'm a Kudov in the house so anytime I get these dad jokes out I will use them to my advantage.
All right, well talking about Google Google Cloud is adding Smart Analytics Framework for AI Platform Notebooks. The Smart Analytics Frameworks brings close the model training and deployment offered by AI platforms with ingestion, pre processing and exploration capabilities of our Smart analytics platform. With Smart analytics frameworks you can run petabyte scale SQL queries with BigQuery, generate personalized Spark environments, Dataproc Hub and develop interactive Apache Beam pipelines to launch on dataflow. These new frameworks help bridge the gap between cloud tools and bring a secure way to explore all kinds of data and I don't know anything I just said to you guys was so hopefully one of you does.
[00:36:55] Speaker D: I can't say One of our One of our first legitimate multi cloud customers is added Google specifically for their advantages in AI. So you know they're marching forward. I'm sure this is going to be great.
[00:37:13] Speaker A: Google Cloud is also announcing three new initiatives. First they're introducing Google Cloud Skill Badges which will recognize and help employers identify those of you who demonstrated Google Cloud tech skills on your LinkedIn profiles. And for experienced professionals, they have created a new six week learning path to guide you through the certification preparation journey to get Google certified. And lastly, in response to overwhelming market demand during COVID they have made remote certification exams available so you can take your exam from home now. It was interesting that they had a Google YouTube video here on what to expect when you get to do your online certification class. And it's great because it actually tells you all the things that everyone on the Amazon side learned the hard way that you know, you can't talk to yourself, you can't read out loud, you had to basically make your desk look like no one lives at your house and all the fun things when you're doing virtual proctoring. The video is very helpful if you are looking to do this definitely Check that out. To help you get prepared for Google Cloud certification.
[00:38:05] Speaker D: Is Amazon doing virtual proctoring now?
[00:38:07] Speaker A: Yes, for all classes. They announced it. One of the episodes you missed.
[00:38:11] Speaker D: Oh, that's a good. For me. I need to take like two. I think I need to renew.
[00:38:15] Speaker A: Yes. So you can now do them virtually proctored at home. As long as you have a room that you can lock yourself into with four walls, you have a camera or webcam that you can reflect your vision on. So you actually do this thing where you, you take a video of your room while they can see it because you're, you know, versus your laptop. They don't want you to move your laptop around. It's kind of fun. So cool.
[00:38:33] Speaker C: Oh, wow.
[00:38:34] Speaker A: You should also watch the Google video because it is helpful for even the Amazon exams.
[00:38:37] Speaker D: Nice.
[00:38:38] Speaker A: Yeah.
[00:38:38] Speaker C: I somehow suspect this is going to eliminate me from getting any more certifications because a cleaning my desk is not going to happen. And then not talking to yourself like, come on.
[00:38:50] Speaker A: I do, I do have a tendency, I think, to kind of like at least move my lips as I'm reading it out. Something that's really complicated like as I'm trying to like think it through. So yeah, that's a little bit of a challenge for me as well. But, you know, might be the only way I can renew my DevOps Pro cert this year since reinvent is probably not happening.
[00:39:05] Speaker D: When I got my DevOps Pro, the person in the booth next to me who was taking like a plumbing exam was reading every question out loud.
[00:39:15] Speaker A: Nice.
The socket fits into the male end of the pipe. Then we solder it. Yeah. Oh, so I didn't mine it. I did mine at Re Invent. I think I told the story on the show before. So for those of you who have been long term listener. Sorry, repeat for everyone else, it's new them, but, you know, so I did it. I did it at re invent and the guy to my left, the guy to my right were both taking the same test I was. And the one on the left fails and storms out. And then the person on the right fails and storms out. And I'm like, well, you know, what are the odds one of the three could pass this test? Right? It could be me, I don't know. And so it's, you know, you hit submit and then it makes you do a survey, which is the most annoying thing ever because all I want to know is if I passed or not. Yeah, but they don't want me. They don't want to taint the survey results. Because if they tell you you failed, you'll, you'll then taint the survey. So you get through all the thing and then you hit submit and it comes up and I pass. And it took everything in my being not to just stand up and go yes as loud as possible because there's still like 1200 people still testing in the testing room at the same time. But yeah, it was it's more fun to do at Re Invent, I think, just because everyone else is doing the same test you are. And you can, you can kind of have that camaraderie versus the plumber who I'm sure you didn't share a beer with afterwards for passing the test. Plus you get T shirts and stickers right when you pass, which is awesome. So it's like instant gratification to me.
[00:40:28] Speaker B: And question one of the plumbing test who do you blame for this mess? The last guy who came out.
[00:40:35] Speaker A: All right, and our last Google story for the night. Google is working with Cloud SQL customers facing business continuing challenges and to help solve they're launching Cloud SQL Cross Region Replication which is available for both MySQL and Postgres. Of course, the cross region replicas has several great features to make it easy to use, including being fully managed so you can easily set it up, maintain, manage and administer replicas in any region of the cloud. There's no networking setup because it uses the Global VPC which uses private IP addresses for replication traffic between regions, eliminating the need for complex VPN and VPC configurations which would be otherwise needed to set up Cross region networking. Cross region replication traffic uses reliable, high performing and scalable Google Cloud Networking. The Network Monitoring Verification optimization is simplified using proactive network operations with Network intelligence Center data at rest is encrypted with the CMEKS or Customer Managed Encryption keys and part of Access Transparency will show any actions taken by Google on your SQL database as well as a connection Org policy control limit public IP settings for Cloud SQL as well as enforce the Residency policy which allows you to enforce which regions are permitted for your read replicas. All available to you out of the box with the cross region replica for Cloud SQL Dr. Made. Easy. Yeah, this one I'm a little jealous of this one. I would like to see this one in aws.
[00:41:47] Speaker B: Don't AWS already have read replicas for SQL databases?
[00:41:52] Speaker A: They have read ones, but they don't. I still do networking magic.
[00:41:56] Speaker B: Yeah. Not for RDs.
[00:41:59] Speaker A: True. Not for RDs. That's very, very fair.
Well, that is it for new news this week. Other Than lightning round. Peter. Take us away.
[00:42:08] Speaker D: All right, take us away.
[00:42:10] Speaker B: Or take it away. I'd be happy to be taken away right now.
[00:42:13] Speaker A: Either one is fine.
[00:42:15] Speaker D: Let's hit it. Azure Site Recovery now supports proximity placement groups.
[00:42:20] Speaker A: I mean, if I'm recovering from a doctor event, I don't give a crap about placement groups, Just get it up.
[00:42:26] Speaker B: Talking about the product again.
[00:42:29] Speaker D: Azure databases extension for Visual Studio code now exists.
[00:42:34] Speaker A: Because what you want is your engineers making database changes in Visual Studio directly in the ide.
[00:42:40] Speaker C: Yeah, what could possibly go wrong?
[00:42:43] Speaker D: Sure, we could integrate that into our change management process.
AWS Fargate now encrypts data stored on ephemeral storage by default in Platform version 1.4.
[00:42:54] Speaker A: Finally, the Amazon engineers listened to their CTO, who wore an Encrypt Everything T shirt in 2018.
[00:43:00] Speaker C: Kind of get the feeling this is one of those features that they told everyone was done and then it wasn't done, and so they had to do it later.
[00:43:07] Speaker B: They have processes to go back and wipe all the ephemeral storage before a new tenant moves in. It wasn't a security risk in itself.
[00:43:14] Speaker C: Well, Fargate's on. What is it? Nitro and Firecracker, right?
[00:43:18] Speaker B: Yes.
[00:43:19] Speaker C: It's a whole different ball game. There are a lot more isolation than even like EC. Well, I don't know about more than EC2, but yeah.
[00:43:26] Speaker B: I actually cloned the Firecracker repos over the weekend with the intention of setting something up at home.
It looks awesome.
[00:43:37] Speaker D: Keeping with the Lightning theme, AWS toolkit for Jetbrains announces support for Clion, phpstorm, Golan, Ruby, Mine, ides, and now we.
[00:43:49] Speaker C: All know how to pronounce Clion.
[00:43:50] Speaker A: Yeah, Clion client, Sea Lion. But you know, JetBrains, I don't. I'm not sure how I feel about all these dedicated IDEs for specific languages. Like, why can't you just be a generic IDE like the rest of us and just support things with plugins and extensions like normal people?
[00:44:05] Speaker C: All individually licensed normal people do?
[00:44:07] Speaker D: Amazon MSK now supports Apache Kafka version upgrade.
[00:44:11] Speaker A: Woo.
You mean redeploying my Apache Kafka cluster for every new version I want? Wasn't going to be the way they wanted us to upgrade forever. Oh, okay. All that automation code I wrote. Out the window.
[00:44:24] Speaker D: Out the window.
[00:44:26] Speaker B: I don't know. Upgrades in place. That's not very cloudy. Deploy a new one, move the data over.
[00:44:32] Speaker A: But the complexity of that with Kafka. Oh my God, no.
[00:44:36] Speaker D: You can now deploy AWS config rules and conformance packs across an organization from a delegated member account.
[00:44:45] Speaker C: Coming soon towards you, your security team will screw up your account.
[00:44:51] Speaker D: I like coming soon towards you, by the way.
[00:44:54] Speaker A: Yes. All right.
[00:44:55] Speaker D: That wording might win you something tonight.
AWS Sam adds support for AWS step function.
[00:45:02] Speaker B: It shouldn't be the lightning round. Actually, that's a really awesome one.
[00:45:06] Speaker C: Yeah. This is going to be rad.
[00:45:08] Speaker B: Yeah.
[00:45:08] Speaker A: Well, if you had been here for the show run through, you would have been able to move it.
[00:45:14] Speaker D: Go ahead, give us two sentences.
[00:45:17] Speaker A: Rat hole.
[00:45:18] Speaker B: Two sentences.
[00:45:19] Speaker D: 18 words. 18 words.
[00:45:21] Speaker B: This feature enables local development and testing of step functions. Of step functions.
[00:45:29] Speaker A: He's counting as he goes on his fingers. I get it.
[00:45:32] Speaker B: Which are otherwise a real pain in the ass.
[00:45:36] Speaker D: Nice.
[00:45:37] Speaker A: I mean, I mean, I'm kind of calling bull hikey on this because I think. I think it was you, Jonathan, who told me how much you hate serverless framework and how much Sam sucks and all that. And now they give you a state machine and you're like, woo.
[00:45:51] Speaker C: No, no. Those two statements do not mutually exclude each other. It still sucks. It still doesn't do everything I want it to. It will still bite me in the middle of a project, but it does.
[00:46:00] Speaker B: A little bit more.
[00:46:00] Speaker C: It makes my life a little bit easier. So this is still cool.
[00:46:04] Speaker B: It does.
[00:46:04] Speaker D: Amazon SageMaker Components for Kubeflow Pipeline I.
[00:46:08] Speaker C: Think you should get the point for.
[00:46:09] Speaker A: Kubeflow pronouncing that Kube Cubes. I was going with Kubeflow. I think Kubeflow is how I would say that Kubeflow not Kubeflow who doesn't love taking a complicated thing like SageMaker and machine learning AI and then shoving it into Kubernetes in a flow, it seems ripe for opportunities.
[00:46:28] Speaker D: Amazon FSX for Windows file Server now enables you to grow storage and to scale performance on your file systems.
[00:46:35] Speaker A: Isn't that what you want all of your file systems to do is to perform and support the growth that I have in the cloud?
[00:46:40] Speaker C: You know, growing the existing storage isn't very cloudy. You should just deploy a new one.
[00:46:44] Speaker D: Yeah, there you go.
Deploy a new one. Deploy new data. Just deploy new data. Use Apache Hive Metastore as a metadata catalog with Amazon Athena.
[00:46:56] Speaker A: Are you sure that's not the name of the next J.J. abrams movie? Apache Hives Athena Gods Metastore Meta exploit I mean, there's so much opportunity there.
[00:47:07] Speaker B: I can't compete against this level of wit.
[00:47:12] Speaker D: AWS Systems Manager Explorer now provides a multi account, multi region summary of AWS Compute optimizer recommendations.
[00:47:20] Speaker C: So you don't have to be in my account to realize that I should probably deploy a different type of instance.
[00:47:25] Speaker A: I think this is a great thing to give to your CFO here. It's an account just for you. And then here's the speed dial to all the people who own these accounts.
[00:47:34] Speaker D: The winner today is just bad grammar.
[00:47:39] Speaker C: I like this. I like this trend. This is going to benefit me.
[00:47:44] Speaker A: I don't see bad grammar on the. On the score sheet.
[00:47:46] Speaker D: So, Ryan.
[00:47:47] Speaker C: Yeah.
[00:47:47] Speaker D: With his bad grammar.
[00:47:49] Speaker C: Yeah, Just that.
[00:47:50] Speaker D: That was brilliant.
[00:47:52] Speaker A: The problem I have now is I have Ryan with his bad grammar technique. I have Jonathan with his. Make the first one or the last one the best one possible. So either shut down the game at the beginning or shut it down at the very end. And then I'm just here trying to. I'm just here trying to swim through. I'm just here trying to make it make it. You know, I'm just a squirrel trying to find a nut, guys. And you, you're like.
[00:48:10] Speaker D: You're like the fullback on the team, making all the key blocks, and no one don't get any credit for it.
[00:48:15] Speaker A: That's fine. That's fine. I'm okay with it.
[00:48:16] Speaker C: The guy in the lead is the one complaining. By the way.
[00:48:21] Speaker A: I'm only in the lead because Jonathan wasn't here last week. Darn it. And if he was here last week, I'm sure that I would not be in the lead at this moment.
I. It's multiple avenues of strategy involved.
[00:48:33] Speaker B: I see the strategy of moving the crappy ones to the front and end of the list now.
[00:48:36] Speaker A: Well, I mean, we just. They kind of go where they come. I typically don't move them into a specific order unless you guys tell me to do it during the show. Run through. Well, that's. That's it. Unless, you know, is there anything interesting coming up the next few weeks you guys are excited about? I know we're still here in quarantine day 6543.
I know we're also under curfew because of the social unrest that's out there. And hopefully that comes to some resolution or civil war. I don't know. I don't know where it's going. I can't. I can't say, but it's definitely got to get fixed.
[00:49:07] Speaker D: Yeah. I'm pretty sure Jonathan's gonna have to edit out the helicopters flying over me because I'm like, ground zero in Kansas City on the country club Plaza right now.
[00:49:16] Speaker A: You're like, yeah, I'm getting away from COVID by going to Midwest, it'll be safer. How do you feel about that now?
[00:49:21] Speaker D: Not good.
[00:49:22] Speaker A: Yeah, things are reopening here, you know, we can now eat outside at a restaurant in 95 degree heat. So yeah, we have that going for us. Super. Awesome. Good start. Well, I think we're getting pretty close to Google's 12,000 weeks of Google Next that's coming out very soon. So do check that out if you're interested and there'll be much, much more coming up here at the Cloud Pod in future weeks. So have a great week. I will see you guys all next week here at the Cloud Pod.
[00:49:48] Speaker D: Good night.
[00:49:50] Speaker B: See you soon.
[00:49:51] Speaker D: Bye.
[00:49:51] Speaker C: Bye.
[00:49:53] Speaker A: And that is the week in Cloud. We'd like to thank our sponsor, Foghorn Consulting. Subscribe on itunes or wherever you get your podcasts and tweet us your feedback at TheCloudPod or join our Slack channel. Go to our website TheCloudPod.net for sign up instructions.
