1-888-317-7920 info@2ndwatch.com

New AWS NAT Gateway – Things to Consider

Merry Christmas AWS fans!  The new AWS Managed NAT (Network Address Translation) Gateway is here.  While the new NAT Gateway offers lots of obvious advantages, there a couple of things that you’ll want to consider before you terminating those old NAT EC2s.

    1. Redundancy

The new NAT Gateway has redundancy built in for itself, but that won’t deliver the cross-AZ  high availability (HA) that you may have had previously.  In order to achieve full HA in region, you’ll need at least two NAT Gateways with routes for each AZ’s subnets configured appropriately.

    1. Cost

The new NAT Gateway has the normal per hour cost but additionally has a per Gb cost.  This should be nominal in some cases, but if your app has a lot of outbound traffic, you’ll need to factor that in.

    1. Functionality

The new NAT Gateway trades managed ease-of-use for the unlimited functionality of the NAT EC2 Instance.  The NAT server sometimes doubles as a Bastion/Jump box.  Sometimes it’s where innocuous scripts live or could be a good home for Squid (for extra outbound security).  Needless to say, you’ll need to consider whether existing functionality that lives on the NAT can live somewhere else.

    1. Security

The new NAT Gateway will not have a security group attached.  This is important because the inbound NAT security group was a quick way to lock the private subnets from making requests to the Internet on non-standard ports.  With the move to NAT Gateway, you’ll need to revisit all private subnet security groups and introduce the outbound rules that used to live on the single inbound legacy NAT security group.

All in all, the NAT Gateway continues the drive to make AWS simpler and a more managed service.  With the appropriate consideration, this will make your environments more robust and easier to manage. Contact 2nd Watch to learn more.

Coin Graham, Senior Cloud Engineer


2016 Enterprise Cloud Predictions

Public cloud computing is still hot for the enterprise, even though we’ve been talking about it for years now. In 2016, however, the industry will see a decided maturing of offerings, with a focus on enterprise computing needs that go beyond development and . For instance, in the area of data management, especially big data analytics, the cloud is the only way to cost-effectively handle the scalability and elasticity needs of ingesting terabytes of real-time data on a daily basis. Moving on, here are some other areas to watch in 2016.

Public cloud security: A significant development at the Amazon re:Invent show was AWS’ announcement of its web application firewall. Today, there are limited options for a watertight public cloud native security solution, so Amazon stepped in to fulfill that need. Vendors that are trying to take their on-premise security solutions to the cloud aren’t yet succeeding in that endeavor. Just as traditional hardware vendors are becoming obsolete because of the cloud, infrastructure software is heading down the same path. Security-as-a-service providers are maturing their offerings, especially through security management services that help companies better understand the loopholes they have in the cloud. Alert Logic’s recent launch of Cloud Insight is a good example of the kind of innovation happening in pockets in the public cloud for security-as-a-service.  A majority of breaches in cloud are due to misconfigurations, so providers that can help monitor this risk and provide recommendations, are a great asset. Enterprise security is a complex problem to solve; enterprises want a single vendor that can deliver the full solution covering security auditing and logging, user access and control, API endpoint monitoring and overall governance. This will be the year when CIOs will work harder toward developing standards for configuration, reference architecture, tools and more, for working in the cloud.

Internet of Things: Most large enterprise vendors are staking a claim in the IoT marketplace, and cloud providers are no exception. AWS announced its IoT platform in October and the strategy is smart, taking a page from the Microsoft playbook of 20 or 30 years ago. Build a platform which makes it easy for developers to create applications and services on top, which thereby grows adoption of the base product. AWS and other providers will develop solutions helping CIOs securely connect sensors to the cloud and manage the data. This will solve one of the burdensome complexity issues around IoT. Developers love this model, because they can help deliver a business need but they don’t have to worry about the underlying technology enabling hyper-connectivity. Through a management infrastructure and standard frameworks for communications, cloud providers will make it dead simple for companies to start from scratch on IoT. The cloud is today the only way to launch and maintain an IoT project, given the extreme scale and real-time processing demands in these applications.

Big legacy applications in the cloud: Next year will be the end of IT executives complaining that the public cloud can’t handle their scalability needs in regard to large legacy applications. Massive instance sizes, such as AWS X1, will be available to deliver all the terabytes and processing needs required even by the largest of companies. A CIO can migrate the SAP or Oracle environment, unchanged, to the cloud. That’s a game changer. Let’s face it: big companies are not getting rid of their legacy ERP and financial systems anytime soon, and few IT executives want to spend the time, money and risk redesigning these monolithic applications for the cloud. We expect to also see increasing investment by public cloud providers in the full suite of enterprise IT requirements such as multi-layered security, auditing logging, and change management. CIOs must be able to track changes to their environment, no matter where the systems are being hosted. That is critical for compliance, security and governance. We are bullish that large companies will increasingly trust in the capabilities of major cloud providers to meet legacy application needs without increasing risk, or compromising productivity and customer relationships.

-Kris Bliesner, CTO

This article was first published on VMblog.com on 11/9/15.


dreamBIG continues!

On Friday our day was packed with unpacking the supplies we brought from 2W, setting up the laptops we donated, greeting women, and holding babies!  We brought 4 suitcases packed with supplies for the school and children’s home and 4 new computers.  We spent time setting up the computers with parental controls and showing them how to use the computers.  We also took new books to the library in the school and spent time speaking English to the kids in the school.

supplies 3  supplies 2  supplies 1


The women’s conference kicked off and we welcomed 90 women.  They worshiped and learned about the Lord and had amazing fellowship.  Six of us were responsible for all 50 kids while the Mamas went to the women’s conference.  Man was that an adventure!  These kids have so much energy!  We took them to the open-air covered sports arena on the grounds and played soccer (futbol) and tag.  We ended the night with a traditional Guatemalan meal together with the women and let off lanterns over the mountain and lit sparklers!! It was the perfect ending to a perfect day!

AL w ladies  women singing

boys n kb  soccer  annica w kid 1   

lanterns 4  sparklers

Saturday, was the final day of the women’s conference.  We continued with more messages, workshops, imonies, & worship.  Again, we helped with the children and allowed the Mamas to have a much needed/well deserved break.  We played futbol & basketball with the big kids, and painted the little girls nails.

IMG_7197 IMG_7196  nails 2

Today is our final day at Eagle’s Nest.  We will attend their church and then start our journey down to Pana, 15 minutes and 2,000 feet below Eagle’s Nest, for some zip lining and a boat tour on Lake Atitlan.

We are very sad to leave our new friends and the Eagles Nest family.


Eagle’s Nest – Guatemala

Hola amigos!  Wow we have had a couple of packed days here at Eagles Nest.  We will try to fill you in on our adventures so far…

Our first full day, Thursday, at Eagles Nest was a whirlwind!  We started our day by going to the Nido de Aguila (New Day School) and participating in their morning program.  It was amazing to see 185 students who come from several small villages to attend the school here.  They were full of energy and ready for a great day!  It was International Children’s Day and it is a big deal here in Guatemala.  The children had parades, games, treats, and more!  It was so fun to watch them get excited for the day ahead!


As school started we went on our way and Felis (our leader) gave us a tour of the facilities and shared more stories about how they ended up buying this bankrupt property for $150,000 which was negotiated down from $600,000.  This “hilltop” view is breathtaking (see below)!  Felis also shared with us their plans to continue to build out their ministry by building transition homes for the boys and girls to allow them to still have support while attending college.  It is amazing to see the work that they have done and the structures they have built to accommodate as many children as they are given.

view A_K         view

We ended our tour in the children’s home.  There are about 50 little rascals in the home right now most of which are school age (k-6).  We got to spend time holding, reading, drawing, and playing with the babies & toddlers and helping out the “Mamas” as they prepared lunch for the kids.  We quickly grew bonds with all of these kids!

kb and kiddo

Our day didn’t stop there…(that was only 10AM)…we continued our day by helping prepare for the women’s retreat.  Preparing for a 24 hour retreat for 90 women is a lot of work!  We baked, made signs, bedazzled bags, glued, sewed, etc!

Next on our journey was probably the best part of the day for both of us!  We were able to travel into the local (and we mean local) Guatemalan market with a couple who works for the home (Anayansi & Omar).  Neither of them speaks English so they brought the 5 teenage boys who live in the children’s home with them along for the ride.  We soon found that these boys are very sweet and also very good at speaking English (after they told us “no Ingles”).  They helped tell us what the different fruits & vegetables were that Anayansi was buying.  We made a deal that we would speak in Spanish and they would speak in English…that was a fun challenge!  The market was packed full of produce, meats, cheese, and clothing.  Our favorite part was to see all of the women dressed in their traditional Mayan clothing and trying all of the fruits before we purchased them.

photo 2       market

By the end of the day we were exhausted.  The next two days were going to be busy with the women’s retreat and helping in the home.


AWS Launches Visual App for CloudFormation

New visualization tool is the first native visualization for AWS infrastructure, and a groundbreaking development in the adoption of infrastructure as a code.

Cloud developers and architects use AWS CloudFormation to design, launch and update an AWS application or service architecture stack for repeatable workloads. CloudFormation provides templates for creating an entire environment, such as a website, using the JSON scripting language. Developers don’t need to figure out the order for provisioning AWS services or worry about the dependencies, as the free tool handles all the behind the scene configurations.

This is a huge help when you have workloads that must launch over and over again, saving time on provisioning and configuration. You can actually launch “with the click of a button.” On the other hand, CloudFormation files typically consist of thousands of lines of code, which doesn’t make them easy to modify or share.

Now, with the new AWS CloudFormation Designer, customers can view the details behind an AWS environment through a simpler, graphical view. You don’t need JSON expertise to collaborate on design and planning. The visual drag-and-drop interface is remarkably easy to use, compared with how cloud developers have been working thus far. Instead of writing several lines of code, you can draw a line on the screen connecting one resource to another.

The big picture

AWS CloudFormation Designer will expand the universe of IT people who can write AWS scripts and manage workloads, since they won’t need to know JSON. That means more hands on deck for new projects. After you create the visualization in the tool, you can launch the environment right then and there. We’ve seen that CloudFormation Designer reduces the time to create and launch a new workload from hours to minutes.

What’s also intriguing about this new feature is that it further affirms the infrastructure-as-code mindset. Consider the impact that tools like Visual Studio, Borland and IDEs have had on Microsoft .NET and Java developers. Developers can write code faster and reduce errors. Similarly, AWS has in effect created an interactive development environment (IDE) type tool for the cloud. This is a radical departure for the public cloud leader; AWS is known for its boxes and pipes, not sophisticated visual tools.

AWS CloudFormation Designer is a refreshing development for those who believe public cloud infrastructure will take over the world. One of the challenges with cloud computing adoption is that infrastructure as a service remains a new language to many corporate IT departments. AWS has made a smart move here by introducing more transparency to its platform, and opening the door for IT generalists to get involved. We’re excited that our customers and other companies will benefit from this new view of AWS.

-Kris Bliesner, Founder and CTO


dreamBIG Solola, Guatemala

Today we embarked on our dreamBIG adventure!  Thanks to 2nd Watch we are fortunate to be able to travel to Guatemala to volunteer in a children’s home and bring them much needed supplies and new computers.

Today was a day of travel…we started early this morning in Houston where we met up with a group of 10 women from Austin, TX who are also spending the week at Eagle’s Nest putting on a women’s retreat for 100+ Guatemalan women from around the area.  When we arrived in Guatemala City we loaded our massive amounts of luggage (donations we brought) and 13 women onto an old school bus to start our 4 hour journey up the mountain to Solola.  It was a beautiful (crazy!) drive and we were able to see a lot of the lush, green countryside.  It was also very humbling to see how these families live as we drove through the little “towns” and realize how fortunate we are to live in America.

When we arrived at our destination, Eagle’s Nest, we were able to meet with the owners and learn about the history of the orphanage and the plan for the week.  Tomorrow we will be able to meet the kids and give them all of the sports balls and other goodies that we brought for them.

Until next time…Adios!


Our new travel buddies from TX.


Guatemalan country side on our way to the children’s home.