Comprehensive software reviews to make better IT decisions
Amazon Web Services Streamlines Container Networking
AWS has provided valuable new features for managing container networking. But this tasty secret sauce may prove addictive.
The largest cloud IaaS provider has enabled superior container networking through an expansion of its virtual private cloud (VPC) service. While container networking within the same instance on AWS is relatively straightforward, issues arise when containers need to communicate across instances.
The traditional way to achieve cross-instances communication between containers is through the use of an overlay network, such as that provided by Docker. An overlay network is a software-defined network that allows containers to communicate to one another by appropriately forwarding traffic based on a particular identifier (e.g. a container name – identifiers may vary), rather than by IP. This also allows for the use of load balancers.
While overlay networks work perfectly fine, they pose problems in a few use cases. Here we’ll focus on high performance computing (HPC) and on security.
- HPC: In an overlay network packets proceed through multiple hops and latency can affect performance.
- Security: Many organizations may want to ensure segregation of network traffic from apps belonging to different teams, including the network interfaces that can be used. This can be difficult to achieve with an overlay.
Amazon’s solution to these problems is their VPC task/pod networking feature. This service provides container networking through the use of elastic network interfaces (ENIs).
When you launch a task on an AWS instance, the task gets an ENI. Each ENI shows up in the default namespace and has a different IP address. An agent creates the task namespace for the networking (rather than relying on Docker), and each task namespace has an ENI. The ENIs automatically connect to each other over VPC. ENIs contain task metadata, so VPC directly connects the IP from one task to another (on the basis of the metadata) – so only a single hop is required from one task to another, enabling improved performance and security posture.
AWS’s use of ENIs for container networking solves significant problems, and is a valuable feature for many customers. On the other hand, by relying on Amazon’s built-in services to do the heavy lifting on the back end, organizations risk vendor lock-in, and forego some of the value of employing a container ecosystem.
One of the key benefits of containers is being able to deploy scaleable networks of microservices that span seamlessly across on-premises and various cloud infrastructures. By relying on the ENIs in Amazon’s VPC, organizations will forego this key benefit.
Amazon’s streamlining of container networking is another example of innovative and valuable features that can lead to vendor lock-in down the road. After having a taste of AWS’s secret sauce, organizations may never want to open another menu.
Want to Know More?
COVID-19 has forced software companies and their suppliers to refocus efforts around prioritizing systems and workflows that are nearly 100% digital in nature. As a result, Info-Tech has observed the quick emergence of six market themes that are highly relevant after COVID-19. This note series will profile key vendors and how they fit into the post-COVID-19 world.
Oracle has announced the general availability of Exadata Cloud@Customer, a managed service that enables enterprises to unlock the previously cloud-first features of Oracle's Autonomous Database for on-premises data centers. This offering is ideal for enterprises that must conform with regulatory and/or technical challenges that force on-premises database residency.
Microsoft Cloud Services Usage Surges 775% for Teams in Regions With Enforced Social Distancing – Part 2
Experiencing issues when using Microsoft online services? You are not alone. Capacity constraints were being hit, pre-COVID-19, and usage has surged in regions with enforced social distancing.
Google has announced a premium support plan for its cloud customers, promising a 15-minute response to the highest severity tickets. Google’s cloud has long struggled with enterprise customers – especially when compared to giants Microsoft and AWS – and this announcement is the latest incarnation of Google’s push to better serve a critical constituency.
CEO Guy Levit of TeleMessage outlines its mobile archiving solution, especially showcasing its unique set of overall Text/Voice capture solutions and WhatsApp archiving capabilities.
Microsoft Announces Expansion of Azure Canadian Infrastructure, Offers Data Residency and High Availability
In January, Microsoft announced what it’s calling “the largest expansion of its Canadian-based cloud computing infrastructure” since 2016. Additional availability zones and services will increase capacity for cloud-hungry Canadians, and the addition of an Azure ExpressRoute site in Vancouver will guarantee security and performance in a regulated jurisdiction.
Microsoft’s announcement that server-side encryption with customer managed keys for Azure Managed Disks is now available is welcome news for security-minded public cloud customers. Managing one’s own keys in a cloud environment can be an important step in complying with regulatory requirements, and this new feature should open Azure Managed Disks to a wider group of customers who may have held back for this reason.
Amazon Web Services (AWS) has provided its customers with better options for Virtual Private Cloud (VPC) ingress routing. Customers will have to consider which works best for their needs.
AWS VPC Traffic Mirroring gives customers more visibility for out-of-band traffic inspection. This feature is another useful tool for monitoring in the AWS cloud.