1-888-317-7920 info@2ndwatch.com

Well-Architected Framework Reviews

“Whatever you do in life, surround yourself with smart people who argue with you.” – John Wooden

Many AWS customers and practitioners have leveraged the Well-Architected Framework methodology in building new applications or migrating existing applications. Once a build or migration is complete, how many companies implement Well-Architected Framework reviews and perform those reviews regularly? We have found that many companies today do not conduct regular Well Architected Framework reviews and as a result, potentially face a multitude of risks.

What is a Well-Architected Framework?

The Well-Architected Framework is a methodology designed to provide high-level guidance on best practices when using AWS products and services. Whether building new or migrating existing workloads, security, reliability, performance, cost optimization, and operational excellence are vital to the integrity of the workload and can even be critical to the success of the company. A review of your architecture is especially critical when the rate of innovation of new products and services are being created and implemented by Cloud Service Providers (CSP).

2nd Watch Well-Architected Framework Reviews

At 2nd Watch, we provide  Well-Architected Framework reviews for our existing and prospective clients. The review process allows customers to make informed decisions about architecture decisions, the potential impact those decisions have on their business, and tradeoffs they are making. 2nd Watch offers its clients free Well-Architected Framework reviews—conducted on a regular basis—for mission-critical workloads that could have a negative business impact upon failure.

Examples of issues we have uncovered and remediated through Well-Architected Reviews:

  • Security: Not protecting data in transit and at rest through encryption
  • Cost: Low utilization and inability to map cost to business units
  • Reliability: Single points of failure where recovery processes have not been tested
  • Performance: A lack of benchmarking or proactive selection of services and sizing
  • Operations: Not tracking changes to configuration management on your workload

Using a standard based methodology, 2nd Watch will work closely with your team to thoroughly review the workload and will produce a detailed report outlining actionable items, timeframes, as well as provide prescriptive guidance in each of the key architectural pillars.

In reviewing your workload and architecture, 2nd Watch will identify areas of improvement, along with a detailed report of our findings. A separate paid engagement will be available to clients and prospects who want our AWS Certified Solutions Architects and AWS Certified DevOps Engineer Professionals to remediate our findings.  Download the 2nd Watch Well-Architected Framework Review Datasheet to learn more.  To schedule your free Well-Architected Framework review, contact 2nd Watch today.

 

— Chris Resch, EVP Cloud Solutions, 2nd Watch

Facebooktwittergoogle_pluslinkedinmailrss

The Top 7 Things to Avoid at AWS re:Invent 2017

The sixth annual AWS re:Invent is less than a week away, taking place November 27-December 1 in Las Vegas, Nevada.  Designed for AWS customers, enthusiasts, and even cloud computing newcomers. The nearly week-long conference is a great source of information and education for attendees of all skill levels. AWS re:Invent is THE place to connect, engage, and discuss current AWS products and services via breakout sessions ranging from introductory and advanced to expert as well as to hear the news and announcements from key AWS executives, partners, and customers. This year’s agenda offers a full additional day of content, boot camps, hands-on labs, workshops, new Alexa Hack Your Office and Smart Cities hackathons, a Robocar Rally, and the first ever Deep Learning Summit.  Designed for developers to learn about the latest in deep learning research and emerging trends, attendees of the Deep Learning Summit will hear from members of the academic and venture capital communities who will share their perspectives in a series of thirty-minute lightening talks. To offer all of its great educational content, networking opportunities and recreational activities, AWS is practically taking over the Las Vegas strip, offering an expanded campus with a larger re:Invent footprint and more venues (not to mention a shuttle service!).

2nd Watch is proud to be a 2017 Platinum Sponsor and attending AWS re:Invent for the sixth consecutive year. With every re:Invent conference we attend, we continue to gain unique insight into what attendees can expect.  Similar to last year, our seasoned re:Invent alumni have compiled a list of The Top 7 Things to Avoid at re:Invent 2017 and we hope you find the following information useful as you prepare to attend AWS re:Invent next week.

1.  Avoid the long lines at Registration (and at the Swag Counter!)

The re:Invent Registration Desk will open early again this year starting Sunday afternoon from 1pm-10pm, giving attendees a few extra hours to check in and secure their conference badges.  Registration Desks are located in four locations this year—Aria, MGM Grand, Mirage, and The Venetian—so no matter where your hotel room is along the strip, you’re sure to find a Registration Desk close by.  This is particularly helpful so that you don’t have to schlepp around all that conference swag you will receive upon check in.  As always, you can’t attend any part of re:Invent until you have your conference badge so be sure you check into Registration as early as possible.  This will also ensure that you get the size shirt you want from the Swag Counter!

Expert Tip:  Like last year, AWS has added an additional level of security and will be printing each attendee’s photograph onto their badge.  Avoid creating a backlog at the registration line because you have to have your photo taken on site.  Take a few minutes to upload your photo prior to re:Invent here.  BONUS: By uploading your own photo, you make sure to put your best face forward for the week.

2.  Avoid Arriving Without a Plan:

The worst thing you can do at re:Invent is show up without a plan for how you will spend your week in Vegas—that includes the breakout sessions you want to attend.  With expanded venues and a total of over 1,000 sessions (twice as many as 2016), more hands-on labs, boot camps and one-on-one engagement opportunities, AWS re:Invent 2017 offers more breadth and depth and more chances to learn from the experts than ever before.

If you haven’t already done so, be sure to check out the AWS Event Catalogue and start selecting the sessions that matter most to you.  While you’re building your session schedule, might I recommend adding 2nd Watch’s breakout session—Continuous Compliance on AWS at Scale—to your list of must attend sessions? This session will be led by cloud security experts Peter Meister and Lars Cromley and will focus on the need for continuous security and compliance in cloud migrations. Attendees will learn how a managed cloud provider can use automation and cloud expertise to successfully control these issues at scale in a constantly changing cloud environment.  Find it in the Event Catalog by searching for SID313 and then add it to your session agenda.  Or, click here to skip the search and go directly to the session page.

Expert Tip: Be sure to download the AWS re:Invent Mobile App. Leveraging the mobile app is like having your own, personal re:Invent assistant for the week and will hold your re:Invent schedule, maps from venue to venue, all other activities and reminders, providing a super helpful resource as you navigate the conference.  Android users click here to download. Apple users click here to download.

3.  Avoid Avoiding the Waitlist

AWS re:Invent 2017 is SOLD OUT and we anticipate nearly 50,000 people to be in attendance this year.  That means, if you haven’t already built your session agenda for the week, you’re likely to find that the *ONE SESSION* you needed to attend is already at capacity.  Avoid missing out on sessions by adding yourself to the waitlist for any sessions that you really want to attend.  You will be surprised by the number of people that “no-show” to sessions that they have registered for so don’t be afraid to stand in line for that all-too-important session.

4.  Avoid Not Knowing Where to Go

As mentioned previously, the re:Invent campus has expanded, yet again, this year and there are a few more venues to note when preparing your event schedule.  Spanning the length of the Las Vegas strip, events will occur at the MGM Grand, Aria, Mirage, Venetian, Palazzo, Sands Expo Hall, the Linq Parking Lot, and the Encore.  Each venue will host tracts devoted to specific topics so to help you get organized—and map out your week, literally—here’s what you can expect to find at each venue:

MGM Grand: Business Apps, Enterprise, Security, Compliance, Identity, and Windows.
Aria: Analytics & Big Data, Alexa, Container, IoT, AI & Machine Learning, and Serverless.
Mirage: Bootcamps, Certifications, and Certification Exams.
Venetian / Palazzo / Sands Expo Hall: Architecture, AWS Marketplace & Service Catalog, Compute, Content Delivery, Database, DevOps, Mobile, Networking, and Storage.
Linq Lot: Alexa Hackathons, Gameday, Jam Sessions, re:Play Party, and Speaker Meet & Greets.
Encore: Bookable meeting space.

Once you’ve nailed down where you need to be, be sure to allow enough time to get from session to session.  While there are breaks between sessions, some venues can be a bit of a hike from others so be sure to plan accordingly.  You’ll want to factor in the time it takes to walk between venues as well as the number of people that will be doing the same.  As re:Invent continues to grow in size, you can certainly expect that escalators, elevators, hallways, sidewalks and lengthy shuttle lines are going to be difficult to navigate. To help you get a sense of standard walking times between venues, AWS has put together a nifty chart that details all the travel information you might need (minus any stops on casino floors or crowds of folks clogging your path).

Walking Times

This year, AWS is offering a shuttle service between venues if you don’t want to walk or need to get to your next destination quickly.

Campus Shuttle Route

AWS recommends allowing yourself 30 minutes to travel between venues and is providing the following shuttle schedule to help you get from Point A to Point B:

Sunday, November 26: 12PM-1:30AM
Monday, November 27: 6AM-12:30AM
Tuesday, November 28: 6AM-10PM
Wednesday, November 29: 6AM-12:30AM
Thursday, November 30: 6AM-12:30AM
Friday, December 1: 6AM-3PM

NOTE: BELLAGIO SHUTTLES RUN ONLY DURING AM AND PM PEAK HOURS (SUNDAY 10PM — 1:30AM, MONDAY — THURSDAY 6AM — 10AM & 4PM — 7:30PM, FRIDAY 6AM — 10AM)

Expert Tip: If you need to get from The Palazzo to The Venetian and want to avoid navigating the casino floors, restaurant row and the crowds around the entrance to The Sands Convention Center, head to the Canyon Ranch Spa from either hotel. From the Palazzo, the spa is located on the 4th floor and from the Venetian it is located on the 3rd floor.  The spa connects both venues through a series of long, colorful and rarely traveled corridors making the trip quick and easy for those who don’t mind taking the road less traveled.  Not to mention, this route can also offer a moment of peaceful sanity!

5.  Avoid Sleeping In, Being Late, or Skipping Out Entirely

With so many learning and networking opportunities, it’s easy to get caught up in exciting—yet exhaustive—days full of breakout sessions, hands-on labs, training sessions, and of course, after-hours activities and parties.  Only you know how to make the most of your time at re:Invent, but if we can offer some advice…be sure to get plenty of sleep and avoid sleeping in, getting to sessions late or worse…skipping out on morning sessions entirely.  Especially when it comes to the keynote sessions on Wednesday and Thursday morning!

AWS CEO, Andy Jassy, will present the Wednesday morning keynote, while Amazon CTO, Werner Vogels, will present on Thursday morning.  Both Keynotes will be full of exciting product announcements, enhancements, and feature additions as well as cool technical content and enterprise customer success stories.  Don’t be the last to know because you inadvertently over slept and/or partied a little too hard the night before!

Customers don’t need to reserve a seat in either of the keynotes, however, there is a cap on the number of attendees who can watch the keynote in the keynote hall. Keynotes are offered on a first come, first served basis, so be sure to get there early.

Expert Tip: If you don’t want to wait in line to sit in the keynote hall, AWS will have many options for watching the keynote in overflow rooms. If you’re still groggy from the previous night’s events, the overflow rooms are an ideal place where you can watch the keynote with a bloody mary, mimosa, or coffee.

6.  Avoid Being Anti-Social

AWS re:Invent is one of the best locations to network and connect with like-minded peers and cloud experts, discover new partner offerings and, of course, let loose at the quirky after-hours experiences, attendee parties, and partner-sponsored events.

Avoid being anti-social by taking advantage of the many opportunities to network with others and meet new people. AWS has some great activities planned for conference goers.  To help you play hard while working harder, here is a list of all the fun activities that are planned for re:Invent 2017:

Harley Ride
When: Sunday, November 26, 12PM-6PM
Where: The Venetian

Robocar Rally Mixer
When: Sunday, November 26, 6PM-10PM
Where: Aria

Non-Profit Hackathon Mixer
When: Sunday, November 26, 7PM-9PM
Where: The Venetian

Midnight Madness
When: Sunday, November 26, 10:30PM-1AM
Where: The Venetian

AWS re:Invent 4K
When: Tuesday, November 28, 6AM-8AM
Where: The Mirage

Welcome Reception
When: Tuesday, November 28, 5PM-7PM
Where: The Venetian & The Linq Lot

Boomball
When: Tuesday, November 28, 5PM-7PM
Where: The Linq Lot

Cyclenation Spin Challenge
When: Wednesday, November 29, (three timeslots) 7AM, 8AM, 5PM
Where: The Mirage

Pub Crawl
When: Wednesday, November 29, 5:30PM-7:30PM
Where: MGM Grand & The Venetian

Tatonka Challenge
When: Wednesday, November 29, 5:30PM-7:30PM
Where: MGM Grand & The Venetian

2nd Watch After Party
When: Wednesday, November 29, 9PM-12AM
Where: Rockhouse at the Palazzo
Click here to be added to the 2nd Watch After Party Waitlist (see “What to Avoid #3 above if you’re hesitant to be waitlisted)!

Fitness Bootcamp
When: Thursday, November 30, (three timeslots) 7AM, 8AM, 5PM
Where: The Mirage

re:Play Party
When: Thursday, November 30, 8PM-12AM
Where: The Park at the Linq Lot

Expert Tip: Don’t forget to bring plenty of business cards.  With so many people to meet, opportunities to connect with peers and experts, and after-hours parties to attend, you’ll want to make sure to pack extra cards to avoid running out early in the week.  When you receive a business card from someone else, try to immediately take a photo of it with your smartphone and save it to a photo album dedicated solely to networking.  This will ensure that you have the details stored somewhere should you happen to misplace an important contact’s business card.

7.  Avoid Forgetting to Pack That All-Too-Important Item

Whether you’re staying at The Venetian, Mirage, Encore, or other property, your hotel room will be your home away from home for nearly an entire week.  Of course, every hotel will have in-room amenities and travel essentials, but inevitably, we all will forget that one important item that we won’t be able to live without, especially for an entire week.  Our experts have pulled together a check list to help you pack for your trip and ensure you have all the comforts of home and office during your week in Vegas.

Your Favorite Toiletries: 

Not everyone is in love with the in-room toiletries that hotels have to offer in each of their suites. If you have a favorite, be sure to bring it. Here is a quick list to ensure you don’t forget something:

  • Shampoo
  • Conditioner
  • Soap
  • Shave Cream
  • After Shave
  • Razor
  • Deodorant
  • Lotion
  • Toothbrush
  • Toothpaste
  • Mouthwash
  • Floss
  • Hair Styling Products (if that’s your thing)
  • Contact Case & Solution
  • Spare Pair of Contacts
  • Cologne/Perfume/Body Spray

First Aid: 

Whether your headache or hangover cure calls for Aspirin, Ibuprophen, or something stronger, it’s a good idea to pack your preferred treatment along with any other first aid remedies and prescription medications you might need. Band Aids, blister protectors, and anti-histamines are also recommended.

Chapstick & Lotion: 

It is the desert, after all, and with dry air circulating throughout the venues, your skin (including your lips) is bound to dry out.  We recommend bringing medicated Chapstick and fragrance-free lotion (fragrances in most lotions can often dry out your skin even more!) and keeping a spare with you at all times.

Breath Mints and/or Mint-flavored Gum:

No explanation necessary.

Business cards:

This is a repeat from one of our other tips but an important one to remember, so we don’t mind mentioning it again.

Chargers & Battery Packs: 

Nothing is worse than being in between sessions with a 10% cell phone or laptop battery and realizing you left your chargers back in your room. We recommend bringing at least two phone chargers and two laptop chargers: One for your room and one for the backpack or briefcase you’ll be carrying throughout the conference.  Additionally, while there will be several charging stations throughout re:Invent (and outlets on most every wall), it’s a good idea to bring a battery pack with several hours of charging time just in case you can’t find an open spot to plug in.

Water Bottle:

You will definitely want to stay hydrated throughout the week, and the tiny cups offered at the water stations just won’t quench your thirst quite the way you will need them to.  It’s a good idea to pack a water bottle (we recommend one that can hold 17 oz) so that you avoid having to refill often and have plenty of thirst-quenching liquid to keep you hydrated throughout the day.

Comfortable shoes: 

Your shoes will be your saving grace by the end of each day, so be sure to bring a pair or two that you feel comfortable walking several thousands of steps in.

Appropriate Attire: 

While business casual attire is often recommended at re:Invent, there can be many interpretations of what is appropriate.  Our advice is to pack clothing that you would feel confident wearing should you run into your boss or someone you wish to impress.  Jeans are perfectly acceptable in either case, but make sure to use good judgement overall when selecting your attire for sessions, dinners and parties you plan to attend.

Cash: 

In addition to needing cash for meals on the go, bar tabs or that faux diamond-encrusted figurine you’ve been eyeing in the gift shop, you’ll want to bring a little extra cash if you plan to try your luck at the casinos.  There are ATMs on the casino floors, but they typically charge a service fee in the amount of $3-$5 in addition to your bank’s own service fees.

Notebook & Pen/Pencil:

It’s always a good idea to bring a good ole’ fashioned notebook with you to your sessions.  Not only is it a fail-proof way to capture the handy tips and tricks you’ll be learning, it’s also the quietest way to track those notable items that you don’t want to forget.  Think about it – if 100 people in your breakout session were all taking notes on a laptop, it would be pretty distracting.  Be bold. Be respectful. Be the guy/gal that uses paper and a pen.

A Few Final Thoughts

Whether this is your first trip to AWS re:Invent or you’re a seasoned re:Invent pro, you’re sure to walk away with an increased knowledge of how cloud computing can better help your business, tips and tricks for navigating new AWS products and features, and a week’s worth of memories that will last a lifetime.  We hope you make the most of your re:Invent 2017 experience and take advantage of the incredible education and networking opportunities that AWS has in store this year.

Last but certainly not least, we hope you take a moment during your busy week to visit 2nd Watch in booth #1104 of the Expo Hall where we will be showcasing our customers’ successes.  You can explore 2nd Watch’s Managed Cloud Solutions, pick up a coveted 2nd Watch t-shirt and find out how you can win one of our daily contest giveaways—a totally custom, totally rad 2nd Watch skateboard!

Expert Tip: Make sure you get time with one of 2nd Watch’s Cloud Journey Masters while at re:Invent.  Plan ahead and schedule a meeting with one of 2nd Watch’s AWS Professional Certified Architects, DevOps, or Engineers.  Last but not least, 2nd Watch will be hosting its annual re:Invent after party on Wednesday, November 29. If you haven’t RSVP’d for THE AWS re:Invent Partner Party, click here to request to be added to our waitlist.  We look forward to seeing you at AWS re:Invent 2017!

 

-Katie Ellis, Marketing Manager

 

Facebooktwittergoogle_pluslinkedinmailrss

2nd Watch Enterprise Cloud Expertise On Display at AWS re:Invent 2017

AWS re:Invent is less than twenty days away and 2nd Watch is proud to be a 2017 Platinum Sponsor for the sixth consecutive year.  As an Amazon Web Services (AWS) Partner Network Premier Consulting Partner, we look forward to attending and demonstrating the strength of our cloud design, migration, and managed services offerings for enterprise organizations at AWS re:Invent 2017 in Las Vegas, Nevada.

About AWS re:Invent

Designed for AWS customers, enthusiasts and even cloud computing newcomers, the nearly week-long conference is a great source of information and education for attendees of all skill levels. AWS re:Invent is THE place to connect, engage, and discuss current AWS products and services via breakout sessions ranging from introductory and advanced to expert as well as to hear the latest news and announcements from key AWS executives, partners, and customers. This year’s agenda offers a full additional day of content for even more learning opportunities, more than 1,000 breakout sessions, an expanded campus, hackathons, boot camps, hands-on labs, workshops, expanded Expo hours, and the always popular Amazonian events featuring broomball, Tatonka Challenge, fitness activities, and the attendee welcome party known as re:Play.

2nd Watch at re:Invent 2017

 2nd Watch has been a Premier Consulting Partner in the AWS Partner Network (APN) since 2012 and was recently named a leader in Gartner’s Magic Quadrant for Public Cloud Infrastructure Managed Service Providers, Worldwide (March 2017). We hold AWS Competencies in Financial Services, Migration, DevOps, Marketing, and Commerce, Life Sciences and Microsoft Workloads, and have recently completed the AWS Managed Service Provider (MSP) Partner Program Audit for the third year in a row. Over the past decade, 2nd Watch has migrated and managed AWS deployments for companies such as Crate & Barrel, Condé Nast, Lenovo, Motorola, and Yamaha.

The 2nd Watch breakout session—Continuous Compliance on AWS at Scale—will be led by cloud security experts Peter Meister and Lars Cromley. The session will focus on the need for continuous security and compliance in cloud migrations, and attendees will learn how a managed cloud provider can use automation and cloud expertise to successfully control these issues at scale in a constantly changing cloud environment. Registered re:Invent Full Conference Pass holders can add the session to their agendas here.

In addition to our breakout session, 2nd Watch will be showcasing our customers’ successes in the Expo Hall located in the Sands Convention Center (between The Venetian and The Palazzo hotels).  We invite you to stop by booth #1104 where you can explore 2nd Watch’s Managed Cloud Solutions, pick up a coveted 2nd Watch t-shirt and find out how you can win one of our daily contest giveaways—a totally custom 2nd Watch skateboard!

Want to make sure you get time with one of 2nd Watch’s Cloud Journey Masters while at re:Invent?  Plan ahead and schedule a meeting with one of 2nd Watch’s AWS Professional Certified Architects, DevOps, or Engineers.  Last but not least, 2nd Watch will be hosting its annual re:Invent after party on Wednesday, November 29. If you haven’t RSVP’d for THE AWS re:Invent Partner Party, click here to request your invitation.

AWS re:Invent is sure to be a week full of great technical learning, networking, and social opportunities.  We know you will have a packed schedule but look forward to seeing you there!  Be on the lookout for my list of “What to Avoid at re:Invent 2017” in the coming days…it’s sure to help you plan for your trip and get the most out of your AWS re:Invent experience.

 

–Katie Laas-Ellis, Marketing Manager, 2nd Watch

 

Gartner Disclaimer

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

About 2nd Watch

2nd Watch is an AWS Premier tier Partner in the AWS Partner Network (APN) providing managed cloud to enterprises. The company’s subject matter experts, software-enabled services and cutting-edge solutions provide companies with tested, proven, and trusted solutions, allowing them to fully leverage the power of the cloud. 2nd Watch solutions are high performing, robust, increase operational excellence, decrease time to market, accelerate growth and lower risk. Its patent-pending, proprietary tools automate everyday workload management processes for big data analytics, digital marketing, line-of-business and cloud native workloads. 2nd Watch is a new breed of business which helps enterprises design, deploy and manage cloud solutions and monitors business critical workloads 24×7. 2nd Watch has more than 400 enterprise workloads under its management and more than 200,000 instances in its managed public cloud. The venture-backed company is headquartered in Seattle, Washington. To learn more about 2nd Watch, visit www.2ndwatch.com or call 888-317-7920.

Facebooktwittergoogle_pluslinkedinmailrss

What to Expect at AWS re:Invent 2017

The annual Amazon Web Services (AWS) re:Invent conference is just around the corner (the show kicks off November 27 in Las Vegas). Rest assured, there will be lots of AWS-related products, partners, and customer news. Not to mention, more than a few parties. Here’s what to expect at AWS re:Invent 2017—and a few more topics we hope to hear about.

1.)  Focus on IOT, Machine Learning, and Big Data

IOT, Machine Learning, and Big Data are top of mind with much of the industry—insert your own Mugatu “so hot right now” meme here – and we expect all three to be front and center at this year’s re:Invent conference. These Amazon Web Services are ripe for adoption, as most IT shops lack the capabilities to deploy these types of services on their own.  We expect to see advancements in AWS IOT usability and features. We’ve already seen some early enhancements to AWS Greengrass, most notably support for additional programming languages, and would expect additional progress to be displayed at re:Invent. Other products that we expect to see advancement made are with AWS Athena and AWS Glue.

In the Machine Learning space, we were certainly excited about the recent partnership between Amazon Web Services and Microsoft around Gluon, and expect a number of follow-up announcements geared toward making it easier to adopt ML into one’s applications. As for Big Data, we imagine Amazon Web Service to continue sniping at open source tools that can be used to develop compelling services. We also would be eager to see more use of AWS Lambda for in-flight ETL work, and perhaps a long-running Lambda option for batch jobs.

2.)  Enterprise Security

To say that data security has been a hot topic these past several months, would be a gross understatement. From ransomware to the Experian breach to the unsecured storage of private keys, data security has certainly been in the news. In our September Enterprise Security Survey, 73% of respondents who are IT professionals don’t fully understand the public cloud shared responsibility model.

Last month, we announced our collaboration with Palo Alto Networks to help enterprises realize the business and technical benefits of securely moving to the public cloud. The 2nd Watch Enterprise Cloud Security Service blends 2nd Watch’s Amazon Web Services expertise and architectural guidance with Palo Alto Networks’ industry-leading VM series of security products. To learn more about security and compliance, join our re:Invent breakout session—Continuous Compliance on AWS at Scale— by registering for ID number SID313 from the AWS re:Invent Session Catalogue. The combination delivers a proven enterprise cloud security offering that is designed to protect customer organizations from cyberattacks, in hybrid or cloud architectures. 2nd Watch is recognized as the first public cloud-native managed security provider to join the Palo Alto Networks, NextWave Channel Partner Program. We are truly excited about this new service and collaboration, and hope you will visit our booth (#1104) or Palo Alto Networks (#2409) to learn more.

As for Amazon Web Services, we fully expect to see a raft of announcements. Consistent with our expectations around ML and Big Data, we expect to hear about enhanced ML-based anomaly detection, logging and log analytics, and the like. We also expect to see advancements to AWS Shield and AWS Organizations, which were both announced at last year’s show. Similarly, we wouldn’t be surprised by announced functionality to their web app firewall, AWS WAF. A few things we know customers would like are easier, less labor-intensive management and even greater integration into SecDevOps workflows. Additionally, customers are looking for better integration with third-party and in-house security technologies – especially   application scanning and SIEM solutions – for a more cohesive security monitoring, analysis, and compliance workflow.

The dynamic nature of the cloud creates specific challenges for security. Better security and visibility for ephemeral resources such as containers, and especially for AWS Lambda, are a particular challenge, and we would be extremely surprised not to see some announcements in this area.

Lastly, General Data Protection Regulations (GDPR) will be kicking in soon, and it is critical that companies get on top of this. We expect Amazon Web Service to make several announcements about improved, secure storage and access, especially with respect to data sovereignty. More broadly, we expect that Amazon Web Service will announce improved tools and services around compliance and governance, particularly with respect to mapping deployed or planned infrastructure against the control matrices of various regulatory schemes.

3.)  Parties!

We don’t need to tell you that AWS’ re:Play Party is always an amazing, veritable visual, and auditory playground.  Last year, we played classic Street Fighter II while listening to Martin Garrix bring the house down (Coin might have gotten ROFLSTOMPED playing Ken, but it was worth it!).  Amazon Web Services always pulls out all the stops, and we expect this year to be the best yet.

2nd Watch will be hosting its annual party for customers at the Rockhouse at the Palazzo.  There will be great food, an open bar, an awesome DJ, and of course, a mechanical bull. If you’re not yet on the guest list, request your invitation TODAY! We’d love to connect with you, and it’s a party you will not want to miss.

Bonus: A wish list of things 2nd Watch would like to see released at AWS re:Invent 2017

Blockchain – Considering the growing popularity of blockchain technologies, we wouldn’t be surprised if Amazon Web Service launched a Blockchain as a Service (BaaS) offering, or at least signaled their intent to do so, especially since Azure already has a BaaS offering.

Multi-region Database Option – This is something that would be wildly popular but is incredibly hard to accomplish. Having an active-active database strategy across regions is critical for production workloads that operate nationwide and require high uptime.  Azure already offers it with their Cosmos DB (think of it as a synchronized, multi-region DynamoDB), and we doubt Amazon Web Service will let that challenge stand much longer. It is highly likely that Amazon Web Service has this pattern operating internally, and customer demand is how Amazon Web Service services are born.

Nifi – The industry interest in Nifi data-flow orchestration, often analogized to the way parcel services move and track packages, has been accelerating for many reasons, including its applicability to IoT and for its powerful capabilities around provenance. We would love to see AWS DataPipeline re-released as Nifi, but with all the usual Amazon Web Services provider integrations built in.

If even half our expectations for this year’s re:Invent are met, you can easily see why the 2nd Watch team is truly excited about what Amazon Web Services has in store for everyone. We are just as excited about what we have to offer to our customers, and so we hope to see you there!

Schedule a meeting with one of our AWS Professional Certified Architects, DevOps or Engineers and don’t forget to come visit us in booth #1104 in the Expo Hall!  See you at re:Invent 2017!

 

— Coin Graham, Senior Cloud Consultant and John Lawler, Senior Product Manager, 2nd Watch

Facebooktwittergoogle_pluslinkedinmailrss

Migrating to Terraform v0.10.x

When it comes to managing cloud-based resources, it’s hard to find a better tool than Hashicorp’s Terraform. Terraform is an ‘infrastructure as code’ application, marrying configuration files with backing APIs to provide a nearly seamless layer over your various cloud environments. It allows you to declaratively define your environments and their resources through a process that is structured, controlled, and collaborative.

One key advantage Terraform provides over other tools (like AWS CloudFormation) is having a rapid development and release cycle fueled by the open source community. This has some major benefits: features and bug fixes are readily available, new products from resource providers are quickly incorporated, and you’re able to submit your own changes to fulfill your own requirements.

Hashicorp recently released v0.10.0 of Terraform, introducing some fundamental changes in the application’s architecture and functionality. We’ll review the three most notable of these changes and how to incorporate them into your existing Terraform projects when migrating to Terraform v.0.10.x.

  1. Terraform Providers are no longer distributed as part of the main Terraform distribution
  2. New auto-approve flag for terraform apply
  3. Existing terraform env commands replaced by terraform workspace

A brief note on Terraform versions:

Even though Terraform uses a style of semantic versioning, their ‘minor’ versions should be treated as ‘major’ versions.

1. Terraform Providers are no longer distributed as part of the main Terraform distribution

The biggest change in this version is the removal of provider code from the core Terraform application.

Terraform Providers are responsible for understanding API interactions and exposing resources for a particular platform (AWS, Azure, etc). They know how to initialize and call their applications or CLIs, handle authentication and errors, and convert HCL into the appropriate underlying API calls.

It was a logical move to split the providers out into their own distributions. The core Terraform application can now add features and release bug fixes at a faster pace, new providers can be added without affecting the existing core application, and new features can be incorporated and released to existing providers without as much effort. Having split providers also allows you to update your provider distribution and access new resources without necessarily needing to update Terraform itself. One downside of this change is that you have to keep up to date with features, issues, and releases of more projects.

The provider repos can be accessed via the Terraform Providers organization in GitHub. For example, the AWS provider can be found here.

Custom Providers

An extremely valuable side-effect of having separate Terraform Providers is the ability to create your own, custom providers. A custom provider allows you to specify new or modified attributes for existing resources in existing providers, add new or unsupported resources in existing providers, or generate your own resources for your own platform or application.

You can find more information on creating a custom provider from the Terraform Provider Plugin documentation.

1.1 Configuration

The nicest part of this change is that it doesn’t really require any additional modifications to your existing Terraform code if you were already using a Provider block.

If you don’t already have a provider block defined, you can find their configurations from the Terraform Providers documentation.

You simply need to call the terraform init command before you can perform any other action. If you fail to do so, you’ll receive an error informing you of the required actions (img 1a).

After successfully reinitializing your project, you will be provided with the list of providers that were installed as well as the versions requested (img 1b).

You’ll notice that Terraform suggests versions for the providers we are using – this is because we did not specify any specific versions of our providers in code. Since providers are now independently released entities, we have to tell Terraform what code it should download and use to run our project.

(Image 1a: Notice of required reinitialization)

Picture1a

 

 

 

 

 

 

 

 

(Image 1b: Response from successful reinitialization)

Picture1b

 

 

 

 

 

 

 

 

Providers are released separately from Terraform itself, and maintain their own version numbers.

You can specify the version(s) you want to target in your existing provider blocks by adding the version property (code block 1). These versions should follow the semantic versioning specification (similar to node’s package.json or python’s requirements.txt).

For production use, it is recommended to limit the acceptable provider versions to ensure that new versions with breaking changes are not automatically installed.

(Code Block 1: Provider Config)

provider "aws" {
  version = "0.1.4"
  allowed_account_ids = ["1234567890"]
  region = "us-west-2"
}

 (Image 1c: Currently defined provider configuration)

Picture1c

 

 

 

 

 

 

 

 

2. New auto-approve flag for terraform apply

In previous versions, running terraform apply would immediately apply any changes between your project and saved state.

Your normal workflow would likely be:
run terraform plan followed by terraform apply and hope nothing changed in between.

This version introduced a new auto-approve flag which will control the behavior of terraform apply.

Deprecation Notice

This flag is set to true to maintain backwards compatibility, but will quickly change to false in the near future.

2.1 auto-approve=true (current default)

When set to true, terraform apply will work like it has in previous versions.

If you want to maintain this functionality, you should upgrade your scripts, build systems, etc now as this default value will change in a future Terraform release.

(Code Block 2: Apply with default behavior)

# Apply changes immediately without plan file
terraform apply --auto-approve=true

2.2 auto-approve=false

When set to false, Terraform will present the user with the execution plan and pause for interactive confirmation (img 2a).

If the user provides any response other than yes, terraform will exit without applying any changes.

If the user confirms the execution plan with a yes response, Terraform will then apply the planned changes (and only those changes).

If you are trying to automate your Terraform scripts, you might want to consider producing a plan file for review, then providing explicit approval to apply the changes from the plan file.

(Code Block 3: Apply plan with explicit approval)

# Create Plan
terraform plan -out=tfplan

# Apply approved plan
terraform apply tfplan --auto-approve=true

(Image 2a: Terraform apply with execution plan)

Picture2a

 

 

 

 

 

 

3. Existing terraform env commands replaced by terraform workspace

The terraform env family of commands were replaced with terraform workspace to help alleviate some confusion in functionality. Workspaces are very useful, and can do much more than just split up environment state (which they aren’t necessarily used for). I recommend checking them out and seeing if they can improve your projects.

There is not much to do here other than switch the command invocation, but the previous commands still currently work for now (but are deprecated).

 

License Warning

You are using an UNLICENSED copy of Scroll Office.

Do you find Scroll Office useful?
Consider purchasing it today: https://www.k15t.com/software/scroll-office

 

— Steve Byerly, Principal SDE (IV), Cloud, 2nd Watch

Facebooktwittergoogle_pluslinkedinmailrss