Cloud Hosting

So whats a monolithic application anyway? Its essentially an application where almost every single piece of functionality has been written in the code by its developers and is typically built to run as a single unit on a single server. A typical example is WordPress, by far the main model in the past, and many applications are still developed this way today.

Monolithic applications can come with a number of issues. For instance, they typically run onsnowflake servers,fragile servers that keep system administrators awake at night in the fear that they might experience some sort of problem.

What is most likely considered the main issue with monolithic apps is that additional features and bug fixes take a long time due to the tight coupling and side effects between its various components.

Developers and managers are used to dealing with such applications, which are usually good enough to fulfill all of their requirements. But there are steps you can take to make a monolithic application enter the world of the cloud, rendering it more robust and increasing its availability. It is also a great relief to no longer have to rely on a snowflake server.

Amazon EventBridge is a very useful tool in this endeavor.

In most cases, businesses will want to keep their code base, which usually works reasonably well after having been refined over many years. Performing a profound refactoring of an existing monolithic application to follow a cloud-first strategy can be very costly and time-consumingand would probably fail any cost-benefit analysis.

The good news is that you can still benefit from the cloud without too much refactoring by changing the operational context. As we will see, a monolithic application can transparently benefit from certain cloud services to increase its reliability and availability as well as enable it to scale per demand, all with little or no refactoring of the application code itself.

A typical case in point is WordPress. WordPress is a publishing and content management software that was written long before the notion of the cloud even existed. Now, you have solutions that let you integrate many cloud services with WordPress, allowing multiple instances to run in parallel and making WordPress much more reliable and available. AWS offers various reference architectures to achieve this, such as this one.

Amazon EventBridgeis a glue service offered by AWS that triggers a given action either periodically or based on events originating from other services. EventBridge offers different options for periodic triggers:

Here are some examples of event-based triggers:

The list is very, very long.

Should you decide to move your monolithic application to the AWS Cloud, Amazon EventBridge can definitely help you. The easy and obvious win is the refactoring of the context of your application, where Amazon EventBridge will typically be used for administrative or background tasks. Essentially, with little effort, you will get a lot of bang for your buck.

You can also use Amazon EventBridge as part of the applications architecture itself although this is rarely possible without some significant refactoring. One exception would be if your app uses an event-driven architecture. It would then be possible (at least in theory) to move the management of events to Amazon EventBridge, and you would benefit from a reliable, highly available service backed via the might of AWS. However, businesses will rightly question the benefit of such a move, and you should conduct a pertinent cost-benefit analysis before pursuing such a course of action.

A typical use case for Amazon EventBridge is to run background jobs periodically. This is similar to cron which is familiar to Linux users. Heres a short list of what such jobs could look like:

Amazon EventBridge can trigger jobs based on either cron expressions or the rate of repetition. In the case of a snowflake server, administrators usually create several cron jobs to perform administrative tasks. When migrating to the cloud, it might be beneficial to move such jobs to Amazon EventBridge. This would decouple the application itself from the administrative tasks of the server its running on by moving those tasks to Amazon EventBridge, which is a serverless service.

The other main use case for Amazon EventBridge is to perform a given action when a certain event takes place inside your AWS account. Examples of such events are:

You can then perform pre-programmed actions, such as executing a Lambda functionor posting a message to an SNS topic.

For a traditional monolithic application, there are often a number of scripts and mini-services that perform administrative tasks or background jobs. When migrating to AWS to modernize such a setup, refactoring those admin scripts to use AWS serverless services, such as Amazon EventBridge, usually makes sense from a cost-benefit perspective. Generally speaking, moving to a serverless service means a lot less work and worry for you and your system administrators, as this is all done by AWS.

Amazon EventBridge can also capture events generated by third-party vendors, such as Thundra.

The final main use case for Amazon EventBridge is to generate your own events using event buses. EventBridge actually allows you to create your own event buses and post your own custom events. Then, you can respond to those events in exactly the same way.

This can be useful to manage admin or background tasks, but this feature is typically used as part of an application architecture. If your monolithic application is event-based, you might consider using Amazon EventBridge as the event bus. Then, the required refactoring should be pretty minimal, provided you encapsulated all interactions with this event bus in a separate library.

It should be noted that Amazon EventBridge is not meant to be real-time, although its latency is quite smallabout half a second between posting an event and responding to it on average. Still, other options might be better suited to your needs, such as Amazon SQSor Amazon MQ. It really depends on your applications architecture, and such a discussion would be outside the scope of this article.

In conclusion, Amazon EventBridge is a very versatile event bus that can handle periodic events, events from other AWS services, and events from third-parties (such as Thundra). When migrating a monolithic application to AWS, it can definitely be useful as part of a serverless strategy to implement all the administrative tasks required for your application.

Amazon EventBridge even allows you to implement your own custom events on dedicated event buses, which can help you with refactoring both admin tasks and the application itself. As a serverless service, it also has the tremendous advantage of freeing you from all menial tasks related to server maintenance. Finally, although not real-time, Amazon EventBridge is reasonably fast with an average latency of half a second; plus, it offers an SLA of 99.99%.

There are some concerns around observability with events coming in and out of EventBridge. Tracing the events over Eventbridge is still required to achieve the required visibility when you need to debug the issues. Thundra is the only vendor out therethat provides tracing EventBridge calls that trigger Lambda functions, ECS and Fargate tasks.

At the end of the day, this is definitely a tool you want to consider when migrating a monolithic application to AWS.

Read the rest here:
Migrating applications to cloud with Amazon EventBridge - Security Boulevard

Add to favorites

We are still waiting for an interpretation and ruling by the local DPAs in France and Germany as well as the ICO in the UK. However the logic is fairly clear

Twice the USA has signed data sharing treaties with the EU, called Safe Harbor and Privacy Shield, in which each side promised to respect the privacy of personal data shared by the other. Unfortunately, while Europeans see privacy as a human right, America sees national security as a greater priority, writes Bill Mew, Founder and CEO, The Crisis Team. Consequently, while the EU has abided by its privacy obligations under the treaties and introduced GDPR to enhance protection, the US has taken a series of actions to increase mass surveillance at the expense of privacy, thus undermining its treaty obligations.

Examples of these actions would be:

Politicians were keen not to rock the boat and therefore during annual reviews of Privacy Shield, the Europeans expressed their concerns, but avoided taking action against the USA. This shadow dance came to an end recently when Privacy Shield was struck down by the EU courts, and restrictions were imposed on the use of Standard Contractual Clauses (SCCs) the only other legal mechanism for data sharing across the Atlantic.

We are still waiting for an interpretation and ruling by the local DPAs in France and Germany as well as the ICO in the UK. However the logic is fairly clear:

We have already seen guidance issued by the Cloud Services for Criminal Justice Organisations (Police, Courts, CPS, Prisons/MoJ, etc.) and these guys know their law.

It states that MS Teams cannot be used LAWFULLY for discussion/sharing of any personal data and that this also applies to any other Cloud Service hosted in or on Azure, AWS or GCP) for any OTHER type of discussion /sharing (ie. processing) of any personal data.This guidance, if extended across the rest of the public and private sector (as it should be), will impact all use of everything from Gmail and Office 365 to Salesforce, LinkedIn and Facebook.

How do we get around this:

You have different data types:

Possible solutions:

You can continue to use the big US cloud providers for (A) and (B), while using a local cloud provider for (C) within country. This would entail a data management overhead ensuring ongoing compliance across any such multi-cloud environment.

Alternatively you could migrate (A), (B) and (C) to a local player that offers a sufficient variety of services at scale. Unfortunately few regional players have adequate scale or an international presence to support you across multiple nations and regions, and if they have operations in the USA then theyd potentially fall under FISA 702 themselves.

A few players, such as OVHcloud, saw this situation coming and structured themselves in such a manner as to have operations in the EU and US that are separate from one another. As Forrester recently noted, this enables OVHcloud to offer unified services at scale within a CLOUD Act-free European environment. The ruling also provides a shot in the arm for the recent GAIA-X European cloud initiative.

All eyes are now on the ICO though: to see what their guidance is and what kind of fudge they seek to sell us, but the ruling is fairly clear and provides them with little room for maneuver.

Are you a CDO/counsel/data protection specialist? Do you agree/disagree with Bills view? Let us know by emailing our editor

Excerpt from:
The Great Cloud-Quake: US Told to Stop Spying, or Forfeit Right of Access to Personal Data - Computer Business Review

One of the goals of cloud computing is to minimize the number of resources you need. This isnt just a matter of eliminating any on-premises servers and drives; cloud-based serverless computing is when you create software that runs only as needed on servers dynamically allocated by the cloud provider (also as needed).

On AWS, you can accomplish serverless programming usingAWS Lambda, a service whereby you upload code in the form of functions that are triggered based on different events that you can configure. One such event is a call coming in through AWS API Gateway, which is the AWS service you use for setting up REST API services. As REST calls come in, the API Gateway can trigger your Lambda code to run. The Lambda code will receive information on the REST call that was made, and your code can respond accordingly.

Youll need to create a new Lambda function; in this example, well use Node.js. Head over to the Lambda console (from the management console, click the Services dropdown and click Lambda), and click the Create Function button; on the next screen, click Author From Scratch and fill in the details, including a name for your function (such as TestAPIServerless) and a version of node.js you want to use (probably the highest version listed).

For this sample, you dont need to set permissions. By default, the permissions will allow Lambda to upload logs to CloudWatch. Then, click Create Function.

The next screen allows you to enter code into a browser-based IDE and test the code. Well just have the code echo back information about the API call itself. In the IDE, replace the starter sample code with this code:

Now scroll up and click the orange Save button. Thats all there is to the Lambda function.

Head over to the API Gateway by clicking the Services dropdown and then API Gateway. In the API Gateway console, scroll down and find REST API, and click Build.

On the next screen, under Choose the Protocol, select REST. Under Create New API, select New API. Under Settings, provide a name such as MyTestAPI. You can fill in Description if you like; for Endpoint Type, choose Regional. Then click Create API.

This creates an empty API. Now youll need to add a couple of endpoint methods. Well start with the root endpoint, which is the default. Click the Actions dropdown, then click Create Method. In the dropdown below that, click GET so we can respond to incoming HTTP GET requests. Click the grey checkmark.

In the next screen, for Integration type, select Lambda Function. Check the Use Lambda Proxy Integration box; this configures the calls with additional data that simplifies the data coming into your Lambda function. In the Lambda Function box, type TestAPIServerless. Then click Save. A message will popup requesting permission for API Gateway to invoke your Lambda function; click OK.

For the next one, well create an API endpoint called /data. Each endpoint is a resource, so in the Actions dropdown, click Create Resource. In the screen that follows, next to Resource Name, type Data. Notice the Resource Path fills in automatically with /data. Now click Create Resource.

Now you have two endpoints; the root with just a slash, and /data. Click /data on the left and follow the same steps as above for adding a Get method. Were calling the same Lambda function, so all the steps will be the same, starting with clicking Create Method through clicking Save.

Deploy and Test the API

From the Actions dropdown, click Deploy API. In the pop-up window, for Deployment Stage, click New Stage. Under that, call the Stage Name APITestStage. You can leave the other fields blank. Click Deploy.

The API gateway provides various ways of testing, which you can explore in the documentation. But for now you can just call your API method using any tool you like, including curl or the browser itself. The URL youll use is displayed right at the top of the screen in a blue box; it will look something like this:

Right-click the URL and open in a new browser tab. Youll see a simple JSON response:

Now add /data?abc=10&def=20 to the end of the URL to invoke the /data endpoint with a couple of query parameters. Press Enter and youll see information about the path and parameters:

Thats it! You now have a serverless API that responds to two different endpoints.

In developing your API, youll likely want to use your own domain rather than long, default URLs.You can read about it in the official docs.

Also, if youre determined to remain serverless, you can make use of managed database services to provide the database backend to your software;heres sample code for accessing AWS RDS. As you bring the pieces together, youll see that you have a complete REST API fully hosted on AWS, but without the trouble of allocating any servers. (And as you develop your AWS-related knowledge, if youre interested in machine learning via Amazons cloud,check out how to get started with SageMaker and more.)

Membership has its benefits. Sign up for a free Dice profile, add your resume, discover great career insights and set your tech career in motion. Register now

Originally posted here:
Going Serverless with AWS Lambda and API Gateway - Dice Insights

Hybrid clouds are becoming ever more ubiquitous today. Over 90 percent of companies in Asia Pacific (excluding Japan) will rely on a mix of on-premise, public clouds and private clouds by 2021 to meet their infrastructure needs, according to a recent study by IDC.

At the same time, the opportunity for cybercrime has increased in tandem with the increased use of data that of infrastructure needs; it has also been compounded by disruptions to the technology industry - the COVID-19 pandemic being a case in point. The 2019 Singapore Cyber Landscape Report emphasised the importance of a resilient critical information infrastructure as one of its objectives to prevent significant disruptions to its economy and society.

For managing cloud infrastructures, the options are to use tools from the cloud provider, develop home-grown solutions, or to take advantage of a cloud management platform. Unfortunately, as a result, IT teams are likely to face challenges such as siloed management, limited visibility of resources, or having to manage multiple separate repositories.

Visibility is key for management

The fact remains that using multiple hosting providers for application workloads does not ease administration, operations or troubleshooting. It is a real challenge to maintain coherence between all infrastructure components located in multiple datacenters, cloud providers and IAAS solutions. When everything was hosted in a single big datacenter using a single VMware cluster it was more simple to manage, despite being distant from most infrastructure and operations teams.Therefore, having visibility from a single viewpoint is key for infrastructure management, so these teams require a central trusted repository which is accurate and up-to-date, wherever the workloads are running. This can be best provided by an IPAM (IP Address Management) solution. The repository helps not only simple management activities, but also automated network tasks and for handling more advanced requirements from business teams, such as auditing or security orchestration.

Why ongoing synchronization matters

Ensuring the central repository remains accurate requires Cloud IPAM Sync i.e. information to be synchronized in near real time between the Clouds and the IPAM. This ensures that the repository of information is kept up-to-date - a feature of growing importance in our fast-developing world of technology. Synchronization is an ongoing process that browses the Azure and AWS resources to find new ones that will be created in the IPAM, old ones that will be suppressed and existing ones that will eventually be updated. During the synchronization process, network automation linked to creation or destruction of a subnet object or an IP address will be automatically triggered. This enables pushing of the information to other systems such as billing, accounting, security or auditing. It also avoids tier systems performing their own discovery of resources inside multiple cloud environments and makes them use the IPAM as the central repository of information, the single source of network truth. Getting access to cloud inventory requires credentials, so centralizing the usage of these credentials does not compromise security in any way.

A cost control system requiring accurate knowledge of the amount of resources in a cloud is an example. Cloud solutions are proposing pay-as-you-go billing features and therefore are difficult to control. Generally 40% of IaaS servers in IaaS environments are not used for production and mostly utilized during working hours. As a result, default pay-as-you-go solutions for controlling resources are inefficient. Since the IPAM provides comprehensive visibility of all the resources currently running in various tenants, a comprehensive business analytics dashboard can track the evolution of running resources. This can then be correlated to the overall billing system resulting in significant cost savings over time.

Extend discovery to multi-cloud, include apps and devices

A robust solution is especially beneficial for the agility, reliability and security of cloud infrastructure for internal cloud resource inventory and network automation. If the Cloud IPAM Sync enhances the discovery process beyond internal datacenter boundaries, the IPAM can be considered as the central and unique source of truth for any IP-related information, particularly if applications and devices are included.

It is not an over-statement to say that advanced Cloud IPAM Sync functionality will benefit businesses in overcoming their hybrid cloud challenges. The single viewpoint visibility, unified management and control afforded through a central repository is key to helping businesses tide the wave of uncertainty and manage future challenges.

Read more here:
Keeping Control Over Cloud With IPAM Sync Featured - The Fast Mode