Unexpected Security Issues In The Cloud

Lots of new and interesting things happen when you move to the cloud that you didn’t expect to have to deal with before (e.g. how to automatically bootstrap auto-scaled instances, etc.) One area that has a lot of complexity and uncertainty around it is certainly cloud security. As someone found out on OpenStack, there are things you rarely ever needed to think about, like the RNG not being random enough and doing things like generating the same SSH key multiple times. Not that this couldn’t have happened outside of the cloud, but as you scale systems and spin up instances dozens or hundreds of times a day, problems with small chances of occurring can suddenly start to appear at an alarming rate.


Dreamhost’s Dreamobjects

Dreamhost offers a decent looking object storage implementation called DreamObjects, powered by Ceph, which reminds me a little bit of EMC Atmos. What I didn’t immediately find while looking through their documentation was whether or not the data is ever synched to another datacenter, but I rather suspect it’s not. If that’s the case, even with their durability SLA of 99.99999% it sits somewhere between S3’s standard durability SLA of 99.999999999% and their Reduced Redundancy Storage durability SLA of 99.99%. Reduced Redundancy Storage costs $0.076 in US East, at the time of this post, and $0.095 for Standard Storage. With DreamObjects offering $0.07, it’s actually a pretty good deal, particularly for home users that want to play with an object store that offers an S3 API. Great as another place store critical data.

AWS Route53 and ELB Health Checking

In case it wasn’t obvious by now, AWS is going after Akamai with their latest release of: Amazon Route 53 Adds Elastic Load Balancer Integration for DNS Failover

This fills a long-standing gap in the ability for companies to take advantage of true GSLB/GTM capabilities for high availability. Previously, they closest you could get would be to instrument Route53 to use latency based DNS, but it wasn’t well suited for building highly redundant active/active applications, generally forcing teams to either choose between that level of redundancy, going to Akamai and signing up for their GTM services, or implementing their own with something like F5’s GTM solution (though the latter generally only available to enterprises with multiple datacenters already.)

AWS’s CloudFront is already a compelling offering in the CDN space, so as AWS chips away at Akamai, I wonder what will be next? My hope is something along the lines of Kona, but more likely will be something like application acceleration.