Week 40, 2018 - Cloudflare Encrypted SNI; AWS Aurora Updates; Azure VM Image Builder

By (4 minutes read)

Cloudflare introduces Encrypted SNI, AWS has a number of new Aurora features, and Azure comes out with a service to let you build your VM Images.

Cloudflare Encrypted SNI

It was Cloudflare’s birthday week, and like every year that means they have a number of new releases that give me an excuse to say something positive about the company. You can read a full list on their wrap-up post, but the one with potentially the biggest impact is Encrypted SNI.

What it basically comes down to is that currently SNIs, the thing that enables you to have multiple SSL certificates on a single IP, still show your ISP which sites you visit. The traffic there might be encrypted, so they don’t know what you’re doing, but the ISP can still see the destination.

With Encrypted SNI there will be a secure communication between the browser and the DNS server that should prevent this information from going anywhere except your browser. At the moment this is still limited to Cloudflare hosted domains and browser support is still forthcoming as well. That said, I believe it’s a good privacy focused effort and it’s actively being worked by multiple major players to become a standard.

AWS Aurora Updates

It seems that right now Aurora is receiving some love from the AWS teams. There have been several new releases that might seem small, but can have a very big impact.

First among these is that you can now temporarily stop your Aurora clusters1. This was already available for RDS since June last year, but not having it for Aurora was annoying. The advantage of being able to stop your database instance is of course mostly in the non-production environments. That said, with the availability of serverless Aurora I suspect that it might make more sense for these environments to use that instead. Turning off clusters also has the same limitations as it has for regular RDS, in that you can’t do it for more than a week.

Secondly, and this one is for RDS as well, you can now have protect your database from being deleted. Because it’s so easy to create and delete something in AWS, there is always a chance that you accidentally delete something you shouldn’t. At least this means you don’t need to fear accidentally deleting your data2. That said, this is one of those features that would have been nice to have there a long time ago.

And the last thing to mention is the release of Parallel Query. The idea with Parallel Query is that because Aurora uses multiple redundant storage nodes, you can now make use of that by letting big queries run across those multiple nodes simultaneously, thereby speeding up large queries.

Azure VM Image Builder

Microsoft had their Ignite conference, and that included a number of new releases for Azure. One of these is the private preview of Azure VM Image Builder. This sounds a lot like “Packer as a Service” to me. From the descriptions3 it sounds like you can indeed port your existing templates from Packer into this Image Builder, although it’s currently very limited in what you can use as the base images4.

In some ways I find this a curious addition to their toolset, as Azure is also heavily focused on offering container solutions. That said, many companies aren’t at a stage yet where they feel comfortable with containers or have other reasons for sticking with VMs. And for that it’s likely a good thing that they now have an easy way to automate their image builds. Especially as it’s easy to integrate into the recently released Azure DevOps5.

Upcoming appearances

The title of this section sounds a bit pretentious, but I couldn’t think of a better way to say it. Anyway, next week on the 10th and 11th I’ll be at the AWS User Group Conference which is part of/a side conference of the AISA Cyber Conference. I’ll be giving a talk there about Serverless Containers (aka Fargate).

The week after that I’ll be at the AWS Community Day6 in Sydney, giving a version of that same talk. And lastly, I’ll be at re:Invent this year, although not presenting7. So, if you’re coming to any of these that should give you a perfect chance to tell me I’m wrong about something, or even just to watch my talks and hang.

  1. And turn them on again obviously. ↩︎

  2. And all of the automated snapshots with it. ↩︎

  3. I unfortunately do not have preview access to new Azure services. ↩︎

  4. For one, no Windows support. I really like how the current Microsoft doesn’t prioritise their own OS anymore. ↩︎

  5. Which really deserves its own article, that I’ll write once I have time. ↩︎

  6. The program should be up soon and accessible from that page. ↩︎

  7. Except possibly a lightning talk in the Ambassador specific parts of it. ↩︎

comments powered by Disqus