Category Archives: Misc.

Podcast 293: Diving into Data with Amazon Athena

This post was originally published on this site

Do you have lots of data to analyze? Is writing SQL a skill you have? Would you like to analyze massive amounts of data at low cost without capacity planning? In this episode, Simon shares how Amazon Athena can give you options you may not have considered before.

Additional Resources

About the AWS Podcast

The AWS Podcast is a cloud platform podcast for developers, dev ops, and cloud professionals seeking the latest news and trends in storage, security, infrastructure, serverless, and more. Join Simon Elisha and Jeff Barr for regular updates, deep dives and interviews. Whether you’re building machine learning and AI models, open source projects, or hybrid cloud solutions, the AWS Podcast has something for you. Subscribe with one of the following:

Like the Podcast?

Rate us on iTunes and send your suggestions, show ideas, and comments to awspodcast@amazon.com. We want to hear from you!

New – TLS Termination for Network Load Balancers

This post was originally published on this site

When you access a web site using the HTTPS protocol, a whole lot of interesting work (formally known as an SSL/TLS handshake) happens to create and maintain a secure communication channel. Your client (browser) and the web server work together to negotiate a mutually agreeable cipher, exchange keys, and set up a session key. Once established, both ends of the conversation use the session key to encrypt and decrypt all further traffic. Because the session key is unique to the conversation between the client and the server, a third party cannot decrypt the traffic or interfere with the conversation.

New TLS Termination
Today we are simplifying the process of building secure web applications by giving you the ability to make use of TLS (Transport Layer Security) connections that terminate at a Network Load Balancer (you can think of TLS as providing the “S” in HTTPS). This will free your backend servers from the compute-intensive work of encrypting and decrypting all of your traffic, while also giving you a host of other features and benefits:

Source IP Preservation – The source IP address and port is presented to your backend servers, even when TLS is terminated at the NLB. This is, as my colleague Colm says, “insane magic!”

Simplified Management – Using TLS at scale means that you need to take responsibility for distributing your server certificate to each backend server. This creates extra management work (sometimes involving a fleet of proxy servers), and also increases your attack surface due to the presence of multiple copies of the certificate. Today’s launch removes all of that complexity and gives you a central management point for your certificates. If you are using AWS Certificate Manager (ACM), your certificates will be stored securely, expired & rotated regularly, and updated automatically, all with no action on your part.

Zero-day Patching – The TLS protocol is complex and the implementations are updated from time to time in response to emerging threats. Terminating your connections at the NLB protects your backend servers and allows us to update your NLB in response to these threats. We make use of s2n, our security-focused , formally-verified implementation of the TLS/SSL protocols.

Improved Compliance – You can use built-in security policies to specify the cipher suites and protocol versions that are acceptable to your application. This will help you in your PCI and FedRAMP compliance effort, and will also allow you to achieve a perfect TLS score.

Classic Upgrade – If you are currently using a Classic Load Balancer for TLS termination, switching to a Network Load Balancer will allow you to scale more quickly in response to an increased load. You will also be able to make use of a static IP address for your NLB and to log the source IP address for requests.

Access Logs – You now have the ability to enable access logs for your Network Load Balancers and to direct them to the S3 bucket of your choice. The log entries include detailed information about the TLS protocol version, cipher suite, connection time, handshake time, and more.

Using TLS Termination
You can create a Network Load Balancer and make use of TLS termination in minutes! You can use the API (CreateLoadBalancer), CLI (create-load-balancer), the EC2 Console, or a AWS CloudFormation template. I’ll use the Console, and click Load Balancers to get started. Then I click Create in the Network Load Balancer area:

I enter a name (MyLB2) and choose TLS (Secure TCP) as the Load Balancer Protocol:

Then I choose one or more Availability Zones, and optionally choose an Elastic IP address for each one. I can also choose to tag my NLB. When I am all set, I click Next: Configure Security Settings to proceed:

On the next page, I can choose an existing certificate or upload a new one. I already have one for www.jeff-barr.com, so I’ll choose it. I also choose a security policy (more on that in a minute):

There are currently seven security policies to choose from. Each policy allows for the use of certain TLS versions and ciphers:

The describe-ssl-policies command can be used to learn more about the policies:

After choosing the certificate and the policy, I click Next:Configure Routing. I can choose the communication protocol (TCP or TLS) that will be used between my NLB and my targets. If I choose TLS, communication is encrypted; this allows you to make use of complete end-to-end encryption in transit:

The remainder of the setup process proceeds as usual, and I can start using my Network Load Balancer right away.

Available Now
TLS Termination is available now and you can start using it today in the US East (N. Virginia), US East (Ohio), US West (N. California), US West (Oregon), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Paris), and South America (São Paulo) Regions.

Jeff;

 

ALERT: vRealize Automation patch to prevent potential data loss when using bulk import

This post was originally published on this site

VMware Support Alert Using bulk import, customers can bring unmanaged machines under management of vRealize Automation. However, if transient issues occur while performing the import operation, this may result in destruction of the machine being imported and data loss.

To guard against such data loss, customers are urged to read KB article: VMware vRealize Automation 7.0 patch to prevent potential data loss when using bulk import (2144526)

Any updates to this information will be made in the KB article itself.

The post ALERT: vRealize Automation patch to prevent potential data loss when using bulk import appeared first on Support Insider.

ALERT: Linked Clone pool creation and recompose failure

This post was originally published on this site

VMware Support AlertBefore upgrading to vSphere 6 update 1, VMware would like everyone to read the following KB article for important information.

Creating and recomposing linked clone desktops will fail on Horizon view 6.1.x and all older releases after upgrading to vSphere 6.0 Update 1.

The Linked Clone desktop appears to be created on vCenter, but it will be deleted  soon after vCenter complains about either “disposable” or “internal” vmdk files  this desktop.

All older versions of Horizon View Composer prior to Horizon 6.2 require SSL v3 to communicate with ESXi hosts, however the SSL v3 has been disabled in ESX6i Update 1 hosts.

Please read this KB article for further information: Upgrading to vSphere 6 update 1 will cause Linked Clone pool creation and recompose failure with Horizon View 6.1.x and older releases (2133018)

Any updates to this information will be made in the KB article itself.

The post ALERT: Linked Clone pool creation and recompose failure appeared first on Support Insider.

ALERT: Important information before upgrading to vSphere 6.0 Update 1

This post was originally published on this site

VMware Support AlertBefore upgrading your environment to vSphere 6.0 Update 1, VMware would like everyone to read the following KB article for important information.

After installing or upgrading to ESXi 6.0 and 6.0 Update 1, customers network connectivity is lost randomly with the error: NETDEV WATCHDOG: vmnic0: transmit timed out. This issue has been resolved.

Please proceed to KB article: ESXi 6.0 network connectivity is lost with NETDEV WATCHDOG timeouts in the vmkernel.log (2124669)

This issue is resolved in ESXi 6.0 Update 1a, available at VMware Downloads. For more information, see the VMware ESXi 6.0 Update 1a Release Notes.

Any updates to this information will be made in the KB article itself.

The post ALERT: Important information before upgrading to vSphere 6.0 Update 1 appeared first on Support Insider.

ALERT: When removing CPU from VM configuration hard disks and nic are removed

This post was originally published on this site

VMware Support AlertVMware has become aware of situation whereby hard disks and/or nics may be removed from a virtual machine when reconfiguring VM workflows in vRealize Automation.

We have identified two distinct scenarios where this might happen and so have create two separate KB articles. Please familiarize yourself with both articles so that you can avoid these situations.

  1. When performing reconfigure operations in multiple browser tabs In VMware vRealize Automation, the hard disks and NICs are removed unexpectedly (2124198)
  2. In VMware vRealize Automation, the hard disks are removed unexpectedly when reconfiguring a virtual machine that has RDM disks (2124657)

Any updates to this information will be made in the KB articles themselves. The Additional Information section details how to receive these updates.

The post ALERT: When removing CPU from VM configuration hard disks and nic are removed appeared first on Support Insider.

ALERT: Support for Leap Seconds in VMware Products

This post was originally published on this site

VMware Support AlertThe world’s next leap second adjustment is scheduled for 30th of June 2015 at 23:59:60 UTC.

System administrators need to be aware that this may cause issues on NTP synchronized devices and operating systems. For information on Leap Second and its impact on VMware products, please review the KB article-

Support for Leap Seconds in VMware Products (2115818)

Implications of not upgrading your kernel or enabling Time Skew:

Not all customers will be affected, but those who forgo updating VMware Appliance’s operating system kernel or enable time skew may observe the following issues:

  1. First issue that may be observed is the kernel (simplistically, the Linux operating system) can become hung and require a reboot.
  2. The second issue that may be observed is higher than normal CPU consumption on their Linux appliances where JVM’s are utilized. In the vCenter Server Appliance (VCVA), this problem can manifest itself as high CPU consumption of the ESX Agent Manager (EAM) and other Java-based processes.

The post ALERT: Support for Leap Seconds in VMware Products appeared first on Support Insider.

ALERT: vSphere Web Client 5.0 fails to load

This post was originally published on this site

VMware Support AlertVMware has become aware of an issue with the vSphere Web Client 5.0 failing to load with the error:

RSL Error # of 29
 Error 2046

Note: The RSL Error (# out of 29) number may fail at different values.
Note: This issue only impacts only the usability of the vSphere Web Client 5.0

  • This error occurs regardless of the browser or version used.
  • This is independent of the Adobe Flash version installed.
  • Setting the system clock on an effected system back may allow the vSphere Web Client to work outside of the vCenter Server for a short amount of time.

For further diagnostic and mitigation information refer to KB article: The vSphere Web Client 5.0 fails to load and displays the error: Error # of 29 2046 with RSL (2116567). Any updates to this information will be made in the KB article itself.

The post ALERT: vSphere Web Client 5.0 fails to load appeared first on Support Insider.