Amazon re:invent roundup
AWS re:invent 2013 was held November 12-15 in Las Vegas. The day 1 keynote was delivered by Amazon Web Services (AWS) SVP Andy Jassy, and the day 2 keynote came from AWS CTO Werner Vogels. This was the second re:invent, and comes 7 years after the initial launch of AWS.
Amazon WorkSpaces - Desktop Computing in the Cloud
The first big launch of the show was WorkSpaces, a service where Amazon hosts Windows 7 desktops in a virtual private cloud (VPC). A standard WorkSpace is charged at $35 per user per month and offers a machine with 1 virtual CPU, 3.75GiB RAM and 50GB of persistent storage that’s backed up to S3. For $60 per month users can get a performance WorkSpace with double the CPU/RAM/storage. The software bundle in each case includes Adobe’s Reader and Flash, Firefox, Internet Explorer 9, 7-Zip and the Java Runtime Environment (JRE). For an additional $15 per month Microsoft Office Professional and Trend Micro Worry can be added.
WorkSpaces can be accessed from desktops, laptops, iPads or Android tablets (including Kindles) using an application that connects via the PC-over-IP (PCoIP) protocol. The VPC that WorkSpaces reside within can be connected back to a corporate network to access Active Directory and other intranet resources using an IPsec VPN.
It’s interesting to compare the price point to an m1.medium instance, which also has 1 vCPU, 3.75GiB RAM, and a lot more instance storage at 410GB but no automatic backup to S3. These VMs are $86.40 per month when bought on demand, but can be bought for $48.60 per month when using one year heavy utilization reserved instances - though that’s for Linux instances, and ignores any premium for a Windows license. The $15 extra for MS Office is exactly the same as a monthly subscription for Office 365 Small Business Premium.
Amazon have come up with a cost comparison against on premises virtual desktop infrastructure (VDI) that claims a 59.26% cost saving based on 1000 notional users. Whether real life savings like that can be achieved will be very dependent on scale and ability to get software discounts. WorkSpaces pricing will be putting pressure on traditional VDI suppliers like Citrix and VMware (and the in house teams that deploy and support such solutions).
Identity and Access Management using SAML
Amazon have added support for security assertion markup language (SAML) v2 to their security token service (STS). This will allow users to sign in to the AWS management console using a federated identity sourced from an internal system such as Active Directory. Uses aren’t limited to administration, as the same tokens can be used to give access to other resources within AWS.
Amazon AppStream - Delivering Streaming Applications from the Cloud
AppStream is a service where applications are hosted in the Amazon cloud and stream their user interface to clients running on a desktop or mobile device. The server side in the cloud makes use of the new GPU enhanced g2 instance type to support 2D and 3D graphics rendering, and applications run inside Windows 2008 R2.
AppStream consists of a set of server APIs (XStxServer) and client APIs (XStxClient) that collectively deal with connections, content streaming and user input. There is also an entitlements service for authentication and authorisation that issues a session ID for entitled connections. The use of APIs in this way positions AppStream for use with new build graphics intensive applications rather than something like CloudHouse, which can be used to stream existing database centric client/server applications, or FrameHawk, which provides a VDI solution optimised for high throughput graphics on mobile devices.
Amazon Kinesis - Streaming Big Data
The other product launch related to streaming is Kinesis, a service for ingesting large real time data streams and performing analytics. Roopesh Shenoy looks into how this is different to simple queuing service (SQS) and other big data tools. Pricing for Kinesis is based on the number of ‘shards’ (which determine the data ingestion rate, each supporting 1MB/s) and the number of data PUT operations. Availability at launch is limited to a preview group.
CloudTrail - Capturing AWS API Activity
CloudTrail provides a ‘black box’ type audit trail for the most popular AWS services (Elastic Compute Cloud, Elastic Block Store, Virtual Private Cloud, Relational Database Service, Identity and Access management, Security Token Service and Redshift). It logs all API calls to the services, regardless of whether they originate from the web management console, the AWS CLI or via an SDK. Events are represented in JSON, and stored in an S3 bucket. Events can also optionally be sent to a simple notification service (SNS) topic, which would provide a means for integration with security information and event management (SIEM) tools. Amazon expects a number of partners to provide log analysis applications that will access CloudTrail via S3. CloudTrail itself doesn’t incur any charges, except for the S3 (and SNS) charges for stored log data (and notifications). Noticeably absent from the services covered is S3 itself, though monitoring of object level actions would generate significantly more data than administrative actions on the services covered. At launch CloudTrail is only implemented in US East (Virginia) and US West (Oregon) regions.
Postgres support in RDS
Amazon’s Relational Database Service (RDS) initially supported MySQL, and has since added Oracle and Windows SQL Server. PostgreSQL is now also offered as an option during the engine selection stage of launching a database instance. All regions are supported, along with failover across fault boundaries (multi-az deployments), performance guarantees (provisioned IOPS), operation inside VPC, automated backups to S3, point in time recovery and cross region snapshots.
New EC2 instance types
Three new families of instance types were announced. I2 instances use solid state disk (SSD) to deliver high input/output performance, C3 instances tie each virtual CPU to a hardware hyper-thread for compute intensive workloads, and G2 instances offer Nvidia graphics processing units (GPUs) for 3D applications.