1-888-317-7920 info@2ndwatch.com

Reevaluate your Virtual Private Cloud (VPC)

VPCWith the New Year comes the resolutions. When the clock struck midnight on January 1st, 2015 many people turned the page on 2014 and made a promise to do an act of self-improvement. Often times it’s eating healthier or going to the gym more regularly. With the New Year, I thought I could put a spin on a typical New Year’s Resolution and make it about AWS.

How could you improve on your AWS environment? Without getting too overzealous, let’s focus on the fundamental AWS network infrastructure, specifically an AWS Virtual Private Cloud (VPC). An AWS VPC is a logically isolated, user controlled, piece of the AWS Cloud where you can launch and use other AWS resources. You can think of it as your own slice of AWS network infrastructure that you can fully customize and tailor to your needs. So let’s talk about VPCs and how you can improve on yours.

  • Make sure you’re using VPCs! The simple act of implementing a VPC can put you way ahead of the game. VPCs provide a ton of customization options from defining your own VPC size via IP addressing; to controlling subnets, route tables, and gateways for controlling network flow between your resources; to even defining fine-grained security using security groups and network ACLs. With VPCs you can control things that simply can’t be done when using EC2-Classic.
  • Are you using multiple Availability Zones (AZs)? An AZ is a distinct isolated location engineered to be inaccessible from failures of other AZs. Make sure you take advantage of using multiple AZs with your VPC. Often time instances are just launched into a VPC with no rhyme or reason. It is great practice to use the low-latency nature and engineered isolation of AZs to facilitate high availability or disaster recovery scenarios.
  • Are you using VPC security groups? “Of course I am.” Are you using network ACLs? “I know they are available, but I don’t use them.” Are you using AWS Identity and Access Management (IAM) to secure access to your VPCs? “Huh, what’s an IAM?!” Don’t fret, most environments don’t take advantage of all the tools available for securing a VPC, however now is the time reevaluate your VPC and see if you can or even should use these security options. Security groups are ingress and egress firewall rules you place on individual AWS resources in your VPC and one of the fundamental building blocks of an environment. Now may be a good time to audit the security groups to make sure you’re using the principle of least privilege, or not allowing any access or rules that are not absolutely needed. Network ACLs work at the subnet level and may be useful in some cases. In larger environments IAM may be a good idea if you want more control of how resources interact with your VPC. In any case there is never a bad time to reevaluate security of your environment, particularly your VPC.
  • Clean up your VPC! One of the most common issues in AWS environments are resources that are not being used. Now may be a good time to audit your VPC and take note of what instances you have out there and make sure you don’t have resources racking up unnecessary charges. It’s a good idea to account for all instances, leftover EBS volumes, and even clean up old AMIs that may be sitting in your account.  There are also things like extra EIPs, security groups, and subnets that can be cleaned up. One great tool to use would be AWS Trusted Advisor. Per the AWS service page, “Trusted Advisor inspects your AWS environment and finds opportunities to save money, improve system performance and reliability, or help close security gaps.”
  • Bring your VPC home. AWS, being a public cloud provider, allows you to create VPCs that are isolated from everything, including your on-premise LAN or datacenter. Because of this isolation all network activity between the user and their VPC happens over the internet. One of the great things about VPCs are the many types of connectivity options they provide. Now is the time to reevelautate how you use VPCs in conjunction with your local LAN environment. Maybe it is time to setup a VPN and turn your environment into a hybrid cloud and physical environment allowing all communication to pass over a private network. You can even take it one step further by incorporating AWS Direct Connect, a service that allows you to establish private connectivity between AWS and your datacenter, office, or colocation environment. This can help reduce your network costs, increase bandwidth throughput, and provide a more consistent overall network experience.


These are just a few things you can do when reevaluating your AWS VPC for the New Year. By following these guidelines you can gain efficiencies in your environment you didn’t have before and can rest assured your environment is in the best shape possible for all your new AWS goals of 2015.

-Derek Baltazar, Senior Cloud Engineer


Cloud Forecast 2015: Skills, Security and Public Cloud Infrastructure

Public cloud is growing. Private cloud is not. Big Data and Internet of Things is hot. Virtualization is not. These are just a few of the findings of the 2nd Watch enterprise cloud trends survey, just released. More than 400 IT managers and executives from large companies participated, and 64% of them said that they will spend at least 15% more in 2015 on public cloud infrastructure. All signs point to the fact that the public cloud is continuing to grow. Q3 earnings statements from both Amazon and Microsoft for their respective cloud services, AWS and Azure, were robust.

Companies are going to need some help though. As always, IT skills are at a premium. In our own conversations with customers, supported by the survey, CIOs and CTOs are looking for bright engineers who know how to manage and optimize workloads in the cloud. As well, the ability to natively design applications for the public cloud will be a critical competitive advantage in the coming year. The opportunity is there for any company – regardless of your size or industry. Large consumer goods are innovating with mobile apps that require not just savvy developers, but an IT organization that can leverage public cloud services to mash-up data and deliver cool new services that drive brand loyalty.


The trick is that each provider, such as AWS, operates differently. CIOs need specialists, and when they’re hard to find, using third-party experts can reduce risks and deliver faster ROI. 2nd Watch has years of diversified experience across many different project types, regimented training and continued learning programs for their employees that can supplement your IT staff.

A parallel challenge is that few large companies are ready to migrate their entire data center to the cloud just yet. With legacy applications and customer requirements, large companies typically still require or desire some systems to be hosted on their own data centers. Thus, cloud providers and technologies that are able to integrate data centers will see ample demand next year. Hybrid cloud terminology will still be popular with enterprise IT in 2015, according to our survey. However, this is not an end state but a state of transition in maintaining physical data centers while they migrate to public cloud.

The recent news that the AWS OpsWorks application management service (based on Chef) is now available for managing public cloud and on-premise servers is one sign of the growing flexibility that CIOs will have in managing workloads across their environments. Companies want to see more industrial-strength management tools that can bridge internal data centers and public cloud data centers and deliver a unified picture of the entire infrastructure.

IT executives are also looking for more help on the security front. The major public cloud providers are already investing heavily in this area, particularly AWS, but startups will play a significant role in bringing new endpoint security solutions to market in 2015. Survey participants said that security tools and services is the most underinvested category by cloud technology firms. I believe they will say differently in a year’s time. Software companies also have opportunities in modern IT management, with many companies demanding more automated options for performance monitoring, system management and change management in the cloud.


If you are interested in learning more about the best-in-class cloud management tools that are available today, schedule your free 2nd Watch Workshop now*.

*Applies to Enterprise Customers new to 2nd Watch with a specific use case to build the workshop around.

Download the full Infographic for more trends to watch for in 2015.


Read more on Enterprise Cloud Trends for 2015 in 2nd Watch CTO, Kris Bliesner’s, article in Data Center Knowledge – Planning for the Future: Enterprise Cloud Trends in 2015.

-Jeff Aden, EVP of Marketing & Strategic Business Development


Hey, You, Get Off My Cloud

2nd Watch Director of Engineering, Chris Nolan, discusses the public vs. private cloud architecture debate in the Industry Perspectives content channel of Data Center Knowledge, published today. Read the full article for Chris’ guidance on cloud strategy and points to consider when making your decision.