By: Jared Naude
Amazon Web Service’s annual re:Invent conference took place last week in Las Vegas, Nevada and attracted over 65 000 attendees from around the world. Over 2 800 sessions including 4 keynotes were held across 7 venues where a total of 77 new announcements were made – ranging from computation, networking, security, storage and machine learning, this excludes the dozens of announcements that were made in the prior week by AWS.
I was one of the 3 fortunate Synthesis team members that had the opportunity to travel to Las Vegas to attend the event and will be sharing my insight and commentary about the news and conference highlights at re:Invent.
High Performance Computing
The first keynote of the event took place on Monday night where Peter DeSantis, VP of AWS Global Infrastructure and Customer Support, took to the stage to talk about High Performance Computing (HPC) and how the investments that AWS has made over the past years have enabled customers to run their own supercomputers and HPC workloads if they wanted to. HPC workloads have very demanding networking, computational and storage requirements, in the past AWS was not able to run these workloads but with the collective investments in high speed low latency networks running on custom hardware and software, AWS has been able to improve networking performance and throughput by 20x since 2013 and has allowed customers to run running HPC workloads on AWS.
The new C5n instances along with the Nitro Hypervisor have 100 Gbps networking and can take full advantage of placement groups for even higher throughput and lower latency. Despite having high throughput network connectivity, a custom kernel bypass networking stack is required to deal with the overhead of TCP which reacts poorly to packet loss which results in inconsistent performance across the network and performance degradation. To solve this challenge, AWS released the Elastic Fabric Adapter (EFA) which enables HPC workloads to use the Message Passing Interface (MPI) and NVIDIA Collective Communications Library (NCCL) to scale to thousands of CPUs or GPUs.
With HPC capabilities, companies like Big Ass Fans can run computational fluid dynamics (CFD) for their customers premises to determine the best placement and size of fans required, in the past they could only run one CFD project per week whereas today they can run between 250 and 300 projects per week using AWS’s HPC capabilities. Rob Smedley from Formula 1 demonstrated how they can use computational fluid dynamics to improve aerodynamics by reducing drag and improving downforce on vehicles, CFD enables them to run tests quicker with simulations before moving testing to a wind tunnel.
Machine Learning has been a key focus of AWS over the past years with services like SageMaker and with initiatives like the DeepRacer which saw many participants from around the world competing in the DeepRacer World Cup. At re:Invent, SageMaker saw several new capabilities been announced including SageMaker Studio, SageMaker Notebooks, SageMaker Experiments, SageMaker Debugger, SageMaker Model Monitor and SageMaker Autopilot; all of these new offerings are designed to enable developers to maximize the potential of machine learning even if they have zero machine learning experience today.
One of the biggest issues that customers run into with Machine Learning is the cost of inferences, training a machine learning model can consume a vast amount of computing resources but once the model has been created, additional computation is required each time the model is used. To help customers through this problem, a new class of instances called Inf1 has been announced which has up to 100Gbps networking, higher throughput and a 40% cost reduction. The Inf1 instances enable customers to AWS Neuron for inferences using AWS Inferentia chips and have native integrations for ML frameworks such as TensorFlow, Apache MXNet and Pytorch.
AWS announced Fraud Detector which is a fully managed service that makes it easy to identify potentially fraudulent online activities such as online payment fraud and the creation of fake accounts. Fraud Detector uses machine learning (ML) and is trained on Amazon’s 20 years of fraud detection expertise.
Security and Secure Computing
One of the more interesting announcements at re:Invent were Nitro Enclaves which enable AWS users to create isolated compute environments to further protect and securely process highly sensitive data such as personally identifiable information (PII), healthcare and financial data. Enclaves reduce the attack surface area for data processing applications and offers an isolated, hardened, and highly constrained environment to host security-critical applications. Code running in Enclaves are continuously checked cryptographically to ensure that they met the attestations required.
As developers of secure software including software that processes PCI data, Synthesis is excited to explore the potential use cases of this technology for regulated workloads.
Identity and Access Management & Attribute Based Access Control (ABAC)
A new feature called IAM Access Analyzer was released which provides makes it simple for security teams and administrators to check that their policies provide only the intended access to resources. It continuously analyzes resource-based policies for changes and enables security teams to proactively address any policy that violate their security and governance best practices. It uses automated reasoning, which applies logic and mathematical inference to determine all possible access paths allowed by a resource policy.
Brigid Johnson from the AWS Identity Team gave a great presentation about Access Control Confidence: Granting the right access to the right things (her talk last year was also a killer talk). During Brigid’s talk she spoke about Attribute Based Access Control (ABAC) and the growing importance of this mechanism in the future. With the rise of many different resources and resource types, granting access to the right things can be an incredible challenge especially in large organizations. With Attribute Based Access Control (ABAC), organizations can map attributes to users which will enable them to access certain resources either as part of their job or even as a temporary measure from a just-in-time access model.
Amazon Detective is a new service in preview that makes it easy to analyze, investigate, and quickly identify the root cause of potential security issues or suspicious activities. It combines log data from AWS resources and uses machine learning, statistical analysis, and graph theory to build a linked set of data that enables faster and more efficient security investigations.
One of the key features of Amazon Detective is having a single unified, interactive view of resources, users, and the interactions between them over time. As a security professional myself, I really hope that this lives up to the hype!
The battle for Quantum Supremacy is on between Google and IBM, with recent reports claiming that Google’s quantum computer solved a complex problem in minutes that would have taken even the most powerful computer on Earth 10 000 years to crack. It is expected that the commoditisation of quantum computers will enable advancements in artificial intelligence, materials science and chemistry to name a few. One of the primary concerns of security professionals around quantum computing is the ability for the technology to break RSA encryption keys which are currently securing our digital environment today. It expected that quantum computers will be able to break these keys in the next 15 years at the current rate of development.
The National Institute of Scientific Standards (NIST) is in process of creating new Quantum Resistant Cryptography algorithms to replace the current RSA scheme.
At re:Invent, AWS announced a new service for quantum computing called Braket, a fully managed service that allows developers to get started with quantum computing by providing a development environment to explore and design quantum algorithms, test them on simulated quantum computers, and run them on your choice of different quantum hardware technologies. The goal of Braket is to enable developers to be able design quantum algorithms and get hands-on experience with qubits and quantum circuits. In addition, AWS is also launching a new Center for Quantum Computing where it will research quantum computing and potentially design new quantum computer hardware.
During Jassy’s keynote on Tuesday, several key enterprise features were announced including Amazon Kendra, an easy to use enterprise search service that is powered by machine learning. Jassy also threw his usual shade at IBM, Oracle and Microsoft’s business practices which is becoming increasingly standard in his keynotes.
A key announcement during Jassy’s keynote was that AWS Outposts, a fully managed service that extends AWS infrastructure, AWS services, APIs, and tools to virtually any datacenter, is generally available with upfront pricing starting at $225K and can go well above $1 Million. Outposts are particularly useful for workloads that are latency sensitive or have special data storage requirements.
At Werner Vogel’s keynote on Thursday, he touched on their journey with trusted computing and how the Nitro system that AWS built has enabled them to deliver “trusted communication in an untrusted world”. The Nitro technology has enabled AWS to enable to live updates, hypervisor replacement with VMWare, EC2 bare metal instances and outposts.
Compute, containers and serverless
New compute instances including the M6g, R6g, C6g instances were announced which deliver improved performance over the current generation at a lower cost. EKS for Fargate was also announced which enables AWS users to Kubernetes Pods on Fargate and means that users don’t need to be expert Kubernetes administrators to run a highly available and cost-optimized cluster.
Lambda has seen several improvements over the past year including improved start-up times as well as the ability to invoke hundreds of lambda invocations from a single IP address, something which was problematic for private networks with limited IP space. Lambda also gets Provisioned Concurrency and Destinations to make it easier to run Lambda and serverless applications at scale.
Networking and Storage
Several new features for Transit Gateways were announced including multicast, inter-region peering and network manager which can provide a single global view of the network and can highlight potential issues. S3 access points were announced which makes it easy to manage large scale S3 access across hundreds of applications. ElasticSearch got a new storage tier called Ultrawarm which is launching in preview and aims to solve the issue of storing hot-warm logs in a cost effective way that enables customers to gain the most of out of the ElasticSearch service will reduces costs.
Several of the keynotes touched on the importance of the cloud journey, Vogel’s touched on the importance of the 5 pillars of the well-architected framework while Jassy’s commented on 4 key objectives that companies should strive for during their cloud journey, these are:
- Senior leadership team conviction and alignment
- Top-down aggressive goals
- Train your builders
- Don’t let paralysis stop you before you start
At Vogel’s keynote, Vanguard shared their journey and how they have seen a 30% cost reduction in compute, 30% cost reduction in app development and a 20x deployment efficiency.
Automated Code Review
AWS also launched CodeGuru, a new machine learning service that does automated code reviews, to find security vulnerabilities, performance issues and lines of code that may have a significant cost impact. Doing these reviews can be difficult and extremely time consuming and meaning code reviews require a huge amount of expertise to do correctly. CodeGuru can catch code issues faster and earlier, and improve application performance. Issues that can be detected include thread safety issues, use of un-sanitized inputs, inappropriate handling of sensitive data, and resource leaks. It also detects deviation from best practices for using AWS APIs and SDKs, flagging common issues that can lead to production issues, such as detection of missing pagination or error handling with batch operations.
Given the growing market in DevSecOps and importance of bringing security into the pipeline as early as possible, this service can mature into something which is extremely useful for AWS Users, however the costs associated with this service may stop people from using it.
Automation, IOT and Industry 4.0
Werner Vogel’s spent of a good amount of time in his keynote talking about manufacturing and the impacts that new technologies are having. The rise of AI, Automation and IOT has led to an incredible amount of development and progress in the manufacturing space with factories becoming smarter and more productive. This trend is often referred to as the Fourth Industrial Revolution or Industry 4.0 as Amazon calls it.
At the end of the 1800’s the industrial revolution started with the invention of steam engines (Industry 1.0), in the early 1900’s major shifts in manufacturing was underway and in 1913 the first assembly line was introduced and electricity starts to be introduced (Industry 2.0). Starting in the late 1970’s electronics start to arrive and factories start being controlled by PLCs and the production process becomes highly automated (Industry 3.0).
With Industry 4.0, we see an increase of automation, use of information and communications technologies, internet technologies and production automation. But are we really in Industry 4.0? In 2015, equipment was had an average age of 22 years, equipment has never been so old since 1935. Equipment is too old to be able to produce the granular data needed for meaningful insight. Factories and manufacturers have a long way to go before the true advantages of automation, IOT and machine learning can be realized.
The correct data collection combined with machine learning and automation can help companies perform predictive maintenance, improve equipment effectiveness, condition monitoring of assets, mass customization and use collaborative robots. Amazon uses automation to power its own retail segments from forecasting of items to purchase, buying stock, placement of stock and ensuring that customer delivery promises are met.
DeSantis touched on the climate pledge which was co-founded by Amazon and Global Optimism and calls on signatories to become net zero carbon by 2040, a decade ahead of the Paris Agreement of 2050. This includes commitments to report greenhouse gas emissions, implement decarbonization strategies and neutralize any remaining emissions with real, permanent and socially beneficial offsets.
To achieve this, Amazon has committed to innovations to reduce carbon emissions across construction, transportation and operations. Part of these initiatives include commitments to renewable energy; Amazon will reach 80% renewable energy in their global footprint by 2024 and 100% by 2030 as well as net zero carbon by 2040. This can only be achieved by being deeply engaged with governments around the world to implement regulations and infrastructure that are friendly towards renewable energy.
Before 2019, Amazon’s renewable energy projects consisted of 10 projects (4 wind & 6 solar) which generate 946 MW. In 2019, 8 new projects (5 wind & 3 solar) were announced which will generate an additional 562 MW. During DeSantis’s keynote, he announced 6 new projects (1 wind & 5 solar) which will add an additional 711 MW of energy capacity bringing the total planned renewable energy capacity to 1273 MW.
Additional examples of sustainability could be seen throughout the conference, where reusable water bottles were handed out to prevent plastic waste, lunch was served in a 100% compostable lunch box, an extensive food donation program was created for uneaten food and donation bins were made available for swag that didn’t fit in luggage.
re:Play and social events
On Wednesday evening, several social events were held across the re:Invent campus and included a board game night, 80’s movie night as well as several vendor sponsored happy hours and meetups. On Thursday, re:Play took place and the lineup featured Jen Lasher, Miya Folick, A-Trak, Jamestown Revival, Anderson Paak and STS-9. It also featured dodge ball, broomball, arcade machines, art installations and a drone show by Intel. Overall it was a fantastic event with great vibes.