All Posts in “Cloud”

Back to Blogging: AWS Terminology

Shhh listen … no no stop talking and just listen. 

That’s the sound of a blog too long silenced being reawakened with a new and invigorated passion.

My focus has shifted from that of the world of virtualization to that of the world of cloud first. It truly feels like such a natural part of the evolution of technology and my career. I thought what better time to break out of my silence than with VDM30in30. This year we are going to focus less on the career and ephemeral and try and get into some AWS goodness. Nothing private or NDA will be shared with reInvent so close you can wait. But I want to share what I have learned and what I am doing.

Because language is important, terminology is the first thing we need to tackle so the rest of these posts make sense, I am going to give you a quick and dirty guide to AWS terms and how they map to what you may already know from VMware systems administration.

Region – a region is a geographic boundary that contains multiple availability zones (see availability zone), multiple regions can be used for DR\CooP scenarios beyond a multiple availability zone deployment. Regions are subject to distance & latency from each other.

Availability Zone (AZ) – an availability zone is a single or group of physical facilities that house AWS resources. AZ’s are highly available and low latency within a region. Applications and services can be used within a regions AZs to provide high availability and continuity of operations.

Virtual Private Cloud (VPC) – a VPC is essentially an isolation boundary for a customer’s AWS environment. VPC’s can be peered 1:1 but the communications are not transitive connections must exist in a hub spoke or lollipop design using direct connect. You will have a default VPC when you create your AWS account, don’t use this for your environment create a new VPC we will get into why in another post.

Instances – Instances are the cloud term for VMs and other services being used within the AWS environment. (ie – you are running an EC2 T2 Micro instance, or you have an instance of RDS running in multi-AZ mode)

Security Groups (SGs) – Security Groups are stateful firewalls. That’s really the best way to think of them and will save you headaches later if you wrap your head around this.

Services – Everything in AWS is a service presented by a series of API endpoints anything you can consume in AWS is a service.

EC2 Elastic Cloud Compute – This is the compute\vm environment there are multiple families that we will touch on in a later post

EBS Elastic Block Storage – Block storage for EC2 instances, can be shared across instances, set into RAID groups, snapshotted

S3 Simple Storage Service – Object storage that is HA across all AZ’s in which it is created

Lollipop network – a lollipop network is the term used for the way a direct connect environment uses the on-premises router to act as the VPC peering point, using VLAN abstractions to route the various subnets.

Reserved Instances (RIs) – a reserved instance is a billing construct where instance resources are reserved, leading to substantial savings.  There are two types of RIs there are Standard or Convertible. (not like the car) A Standard RI is purchased and tied to an AZ, whereas a convertible RI is tied to a region. For you VMware folks RIs are like Resource Pools used in vRA you can set the allocated resources for a tenant to consume and they are guaranteed those resources. On Demand instances land in AZs somewhat dependent on resources available, RIs of both types can and do block off resources for your account.  We will delve into this deeper in another blog.

Amazon Machine Images (AMIs) – <noun pronounced A-Meez or AM-eez depending on what part of the country you are from> –   These are like your VMware templates, they are base OS images or partner provided machine images like OVAs that you can easily deploy in your VPC.

Elastic Load Balancers (ELBs) – ELBs are used for load balancing applications and instances both inter and intra AZ.

Tags – This one is interesting tags are used in various ways both as instance names and as a way to indicate an instance is part of a group of machines performing a set function. Use tags often you can have a max of 50 tags per resource. The best practice is to tag for simplicity

Roles – roles assume policies

Policies – provide granular permissions to resources

Identity Access Manager (IAM) – This is the crux of the operation creating user and service accounts, managing policy and role access and securing resources. Root account, Federation and Multi-Factor Authentication are all managed via IAM.

Multi-Factor Authentication (MFA) – It’s not but it should be mandatory for root accounts and really any account that’s accessing the AWS console.

This should be a good start I am sure I will loop back and update this periodically as new services or terms come up and need explaining.

Jets vs. TurboProps the Hybridity Approach

If you have spent any time with military pilots you have inevitably heard them debate turbo prop vs. jet engines. Sometimes to the point where you have to throw a beer at their heads. If you haven’t heard of this it can be funny the first 5 times but you can imagine it gets old.

But it got me thinking jets and props have specific use cases, jets are fast, very maneuverable but not very efficient, where as props allow for greater mass movement and are reliable. Or so the two sides say I am not an aeronautical engineer. Similarly IT organizations looking at private and public clouds are faced with a decision. Do they use what they know and has worked for them their on-premises datacenter and IT team (TurboProps) or do they leverage the capability of a hosted cloud provider (Jet engines).

Invariably during the conversation with the military aviators, I bring up the C-130 Hercules. It’s one of my favorite airframes since it has been in service for next to forever. But my favorite part of it is, growing up as a Navy brat I went to a lot of airshows. The Blue Angels were my favorite act and I have tons of memorabilia including signed posters. The Blue Angels fly around with a C-130 nicknamed Fat Albert. Fat Albert is for logistical support and carries show gear etc, but it also is part of the show. The coolest part if you ask me. What it does is it demonstrates a C-130 tactical short runway take off. Here is a pic.FatAlbertTakeoff

Notice something? Yeah the flames coming out of the aft of the plane those are jets that help provide lift. This is where things get interesting because that C-130 is pretty widely respected as a beast and it uses both props and jets when the use case requires it.

I know I am a sonofbitch for what I just did but the light hopefully clicks this is where a hybrid cloud approach makes sense. If not my thinly veiled story of military aviation was at least entertaining.

The industry understands it, Amazon has made announcements around their hybrid cloud strategy, VMware has been talking hybrid cloud for years, and EMC has the Enterprise Hybrid Cloud (EHC) offering that I as an EMC vSpecialist talk about so much that I have to change the slide deck weekly to keep it interesting for the non-technical people in the room who have heard it a million times.

Garner has been talking about Bi-modal IT lately the point of their buzz word is less about the IT transformation which, if you are in Simon Wardley’s camp is more of a tri-modal approach, and more about the CIO\CTO level realization that traditional internal IT approaches are failing the business needs. It’s evolve or die time and if the industry doesn’t start rocking towards a bi or tri modal approach than they will be left for the carrion.

I don’t believe in scare tactics I swear I don’t, I think fear can be a motivator but it’s not for me to make someone scared of situation or impending event. Instead though I see this as an opportunity to embrace the change. I think the time to do so is running out. We are closer today to the end of silo’d traditional IT stacks than we are to it’s beginning. Scaling approaches and abstraction technologies are already evolving beyond where we were. This is a cyclical event like all things in IT, but this time the distributed to converged model is going to be done in the cloud. Hybridity is the first step to public hosted acceptance. Once we get there workloads won’t be coming back, once the cost models are fully fleshed out and applications are Platform 3 micro-services and not platform 2. This is going to happen, it’s happening now. The argument of we are not Netflix isn’t going to fly when you need Netflix like flexibility and agility to meet business needs. You may not need to run Chaos Monkey but you can not rest on your laurels and expect to be ahead in 6 months to a year.

The business you are in won’t matter either, the argument of we have workloads that will never go to the cloud is only true until they do move to the cloud. We used to say we weren’t moving apps to x86 or to virtual platforms until we did. Accept and embrace the change, change is life, stagnant water kills you with bacteria, flowing water is more potable.

Whether you are ready to rock a jet or are in a sports class Cessna and eyeing the gulfstream, look at Hybrid Cloud as a viable path to get that next airframe certification.

Just as a fun side note I did a little bit of digging and found that the Navy’s first jet was also a hybrid with a prop on the front. Here is the really cool history.

vCloud Air On-Demand Beta Review


The IT community is split into sub-tribes, the vendors who sell technology and the operations folks that use it. 2014 vExperts were given early access and beta use of vCloud Air on demand services with free credits to test the environment in exchange those with this access would then post a blog. This is that blog ….


Sorry I watched some Law & Order before starting this blog.

If you are working in the VMware arena and don’t live under a rock, odds are you have heard about vCloud Air (formerly VMware Cloud Hybrid Services vCHS). If not a brief aside:

VMware vCloud Air is a hybrid cloud solution, with pre-set virtual templates and the access and capability for bursting from a customer datacenter into this hosted solution. With vCloud Air your company or organization can leverage internal templates by placing a copy in your cloud catalog, as well as extend layer 2 networking. Another benefit is the ability to leverage existing management tools and consoles to manage the cloud environment. This includes extensible controls into vCenter and vRealize Automation Center (formerly vCAC).

Now that we are all on the same page, the comparisons of VMware’s cloud to Amazon AWS EC2 have basically been that VMware is running from behind when it comes to development environment usage and on-demand. Up to this point vCloud Air has only been available as a contracted block of resources that are shared with in a tenant organization. VMware will be announcing the general availability of vCloud Air On-Demand service. This is going to be VMware’s Coup de eta for cloud solutions.

Where does it start you might be saying, or why do I care. Well for the later if you are reading this blog you are probably doing it for the comedy more than the technical content. But for the former, it all starts at where you establish a subscription service and enter your billing information. All of your billing is run through my.vmware and allows for centralized cloud costs. This helps to eliminate shadow IT spend by centralizing management but more on that in a bit. Here is the my.vmware dashboard to track pricing.

Screen Shot 2015-01-21 at 1.04.07 PM


But wait there’s more, considering that this is just the billing management. There is a difference between vCloud Air and the On-Demand version. Here is what vCloud Air looks like this:

Screen Shot 2015-01-21 at 12.53.21 PM

While vCloud Air on Demand looks like this:

Screen Shot 2015-01-21 at 12.07.59 PM

(vCloud Air on demand dashboard)

You can still create a virtual private cloud (VPC) as with standard vCloud Air, however within the VPC you get a Resource Usage Dashboard

Screen Shot 2015-01-21 at 12.31.25 PM

From here you can see the utilization and monthly cost assessment. This is very similar to EC2’s which again unless you live under a rock you know looks like this:

Screen Shot 2015-01-21 at 12.39.15 PM You can also drill into individual VPC’s to see their specific cost modeling and usage.

Screen Shot 2015-01-21 at 12.34.06 PM

Now is the point of the post where you may be asking yourself managing is cool but what about the VM’s and Services.

Screen Shot 2015-01-21 at 12.57.35 PM

Let’s start with VM’s there are some pre-configured VM’s ready for easy deployment. Here you will find your usual suspects and can leverage your own MS licenses or pay to play similar to how AWS works. Then there is an assortment of linux images CentOS and RHEL.

In addition you can connect your vCloud Air On-Demand instance to your vCenter instance and copy template images and add them to your catalog. This is the part that should be making admins and CIOs smile. Why, because what this means is we can centrally manage and secure the images that are deployed in the cloud. Say what? That’s right fully managed and secured image right from the comfort of your own vCenter image. Remember how I mentioned Shadow IT?

Shadow IT is the concept that developers and app owners are going out and leveraging AWS to obtain the IT they need to accomplish their jobs. Mostly this happens because internal IT is burdensome and slow. vRealize is attempting to resolve this by allowing for IT automation of these applications and environments. Take this a step further and allowing these VMs to be provisioned in the cloud just as easily and on demand, and with an approved image would increase security and meet the app owner\dev requirements. In addition that are starting to drive organizations away from AWS are the costs associated with additional features that are additional costs like RDS, Elasticache and DirectConnect.

With all this said, vCloud Air On-demand seems like a decent solution for the VMware Admins who are looking for a way to avoid the long term contracts or aren’t sure how to size their public cloud deployment. I don’t think it is quite where EC2 is with regard to capabilities and features but VMware is investing a lot in vCloud Air. I think the future will show that this investment will begin to close the gap. In the mean time watch the VMware announcements that will be coming out during PEX.

Feel free to ask question I am happy to give some more testing feed back etc.