IT teams need to ensure that only known and trusted users can access their organization's vital applications and data.

Cloud users rely on services, like AWS Identity and Access Management (IAM), to secure and manage access across the vast portfolio of AWS services and resources -- and even federate a level of access control between AWS and local data center resources.

Let's take a closer look at AWS IAM, learn how it works and review best practices to help use resources securely.

AWS IAM is an Amazon cloud offering that manages access to compute, storage and other application services in the cloud. IAM's primary capability is access and permissions. It provides two essential functions that work together to establish basic security for enterprise resources:

IAM deals with four principle entities: users, groups, roles and policies. These entities detail who a user is and what that user is allowed to do within the environment:

IAM is fully interoperable with most compute, container, storage, database and other AWS cloud offerings. However, IAM is not fully compatible with all offerings on the platform, so it is best to check compatibility before implementing the service. For example, Amazon Elastic Compute Cloud (EC2) does not fully support resource-level permissions or authorization based on tags.

IT teams can manage and share a single business account between many different users -- each using unique credentials. Administrators can create policies to establish granular permissions and grant users access to different resources depending on their identity. Changes to IAM, such as creating or updating users, groups, roles and policies, take time because changes must be replicated to multiple servers globally. This means changes to IAM should not be critical or time dependent.

The common IAM process breaks down into four distinct phases:

IT teams can access AWS IAM four ways: AWS Management Console, AWS Command Line Interface (CLI), SDKs and APIs. Each technique is used for different purposes, but the underlying IAM service is the same. IT pros use the AWS Management Console or AWS CLI to make requests that are processed through IAM, while applications use the SDK or API.

IAM is essential to cloud security, but it also poses some complexity for inexperienced cloud administrators. Here are some best practices to enhance IAM effectiveness and help avoid common security mistakes.

Never use root credentials. A business might create a single AWS account with root credentials and then establish many different users and roles with other credentials. The root account should always be the most protected and secure entity within an AWS environment. Never use or share root credentials under any circumstances -- even for administrative activities.

Use groups for IAM policies. While it is possible and sometimes necessary to apply policies to individual users, it's better to apply group policies instead. For example, rather than managing policies for 10 individual HR staff members, put them into an HR group and apply a single HR policy to the entire group. This is faster and causes fewer oversights that compromise security. Groups also make it easier to move users as their jobs change.

Apply conditions to IAM policies. AWS users can apply conditions to policies that place additional stipulations on resource access. Conditions could include date and time limitations, IP source address ranges and require Secure Sockets Layer encryption. For example, conditions may specify that users must authenticate with MFA before they are allowed to terminate an EC2 instance. Conditions are not always necessary, but they add another layer of security for sensitive requests.

Use least privilege in IAM. The principle of least privilege gives users only the minimum access rights to do their job, and no more. Users and groups should be given only the minimum rights to accomplish necessary tasks.

Use MFA for better security. IAM supports multifactor authentication, which requires an additional credential based on a physical item that the user possesses. While MFA may not be appropriate for all cloud users, it is a useful addition for high-security users such as cloud administrators and senior business staff.

Use strong passwords. IAM allows cloud administrators to implement a custom password policy that can force stronger password selection -- such as longer strings with mixes of case, numerals and symbols -- and require regular password changes. Stronger passwords are more difficult to crack through systematic attempts and enhanced cloud security.

Use unique access keys. Access keys are used as credentials for applications. Keys act as the password for applications. Encrypt all keys that are embedded in an application and never use the same key for more than one application. It may be safer and more effective to set up an application to receive temporary credentials using IAM roles rather than using access keys.

Remove outdated IAM credentials. Locate and remove IAM passwords and keys that are idle to increase security. Principals that no longer use IAM, such as users that left the company or deprecated applications, no longer need credentials. Remove those credentials to prevent the principals from accessing the environment in the future.

Review IAM policies and permissions regularly. Business and security needs change over time. Establishing and applying policies is just a start. Review and update policies on a regular basis to ensure that the organization's security posture meets business and compliance demands. If a group no longer needs a specific resource, remove that resource from the group policy to prevent unwarranted access.

Monitor the AWS account. Log files are a primary source of security information that yield details about user access, actions, outcomes and resource status. AWS provides logging features in multiple AWS services, including Amazon CloudFront, AWS CloudTrail, Amazon CloudWatch, AWS Config and Amazon Simple Storage Service. Cloud administrators should take advantage of every relevant log service to validate and maintain security in the AWS cloud.

Read more here:
An introduction to AWS IAM best practices - TechTarget

Oracle has become the second company to embrace server chips based on Arm designs, unveiling cloud computing service OCI Ampere A1 Compute.

The enterprise tech company said Ampere A1 is the price-performance leader in the cloud and that it is the first to offer instances on a $0.01 per core hour.

It is fully integrated with GitHub, GitLab and Jenkins. Oracle also said it is working with the open source community to help expand the Arm ecosystem or solve the next scientific problem faster.

When we leverage the breadth of the Arm ecosystem, we are able to bring the benefits of collaboration to the developer community, said Chris Bergey, SVP and GM, infrastructure line of business at Arm. This new cloud solution from OCI is the result ofOracle, Arm, and Amperebringing together what makes each company unique so that customers can run Arm-based applications easily in the cloud.

Cambridge-headquartered Arm creates designs underpinning the chips powering many of the worlds smartphones, computers and edge devices. According to Arm figures, its partners sold more than 900 Arm-based chips per second in its latest quarter.

But for more than a decade, Intels x86 processor architecture and those created by AMD have been the dominant technology used in data centre chips.

Arms move into servers puts additional pressure on Intel. Last year Arm dealt a blow to Intel after Apple said it would switch Intel processors for its own custom M1 chips based on Arm technology.

Arms ascendancy within the data centre space has amplified the troubles facing Intel, noted GlobalData analysts last month, citing Intels slumping sales.

Oracle follows cloud giant Amazon Web Services (AWS) in using Arm-based chips in its data centre infrastructure. The Amazon subsidiarys custom-built Graviton chip uses 64-bit Arm Neoverse cores and was first offered in 2018.

Unlike AWS, Oracle has worked with CPU design startup Ampere to create an ARM-based server chip sharing the same name as the platform, OCI Ampere A1 Compute. Microsoft Azure is also reportedly working on its own Arm processor designs for its data centres.

The deal with Oracle underscores the value of Arm in the chip supply chain amid its acquisition by graphics processing unit maker Nvidia.

The $40bn acquisition, announced in September 2020, faces regulatory hurdles in multiple countries including the US, China and UK.

This week Arm introduced its latest CPU and GPU designs, including its flagship Cortex-X2 and Cortex-A710 CPUs and Mali-G710 GPU, which also challenge Intel.

See the original post here:
Oracle's Arm-based cloud server chip strikes blow to Intel - Verdict

Newegg is offering the TerraMaster 2-Bay Quad-Core 1GB RAM NAS (F2-210) for $119.99 shipped. Down $30 from its normal going rate, todays deal beats our last mention by $7, which was in 2019. It also marks a new all-time low that weve tracked. This NAS is perfect for those who are just getting started with network attached storage systems, as it allows you to combine up to two drives for up to a 32TB capacity. It can utilize both 3.5- and 2.5-inch drives, and is compatible with either SSD or HDDs. Its fully compatible with Docker, cloud drive syncing, backing up, and remote access. That means you can use it for things like Plex, running your own cloud storage server, or just handling smart home tasks. Rated 3.9/5 stars.

Todays deal is honestly among the best pricing that weve seen for a 2-bay NAS. For comparison, Synology has a2-bay NAS for $170 with 512MB of RAM, and even WDs single drive3TB My Cloud is $160. Sure, the My Cloud comes with 3TB of storage already, but thats the maximum it can support, since you cant easily replace the drive in it.

Not sure how you could employ a NAS in your workflow? Blair has done just that, except with 80TB of storage and multiple computers. Its a fairly full-fledged setup, and well worth the read if youre wanting to get started with setting up a homelab.

FTC: We use income earning auto affiliate links. More.

Subscribe to the 9to5Toys YouTube Channel for all of the latest videos, reviews, and more!

Read the rest here:
Build a networked Time Machine backup or Plex server with TerraMasters 2-bay NAS at $120 - 9to5Toys

Any tech startup that wants to live beyond is seed and venture funding rounds and make it to either an initial public offering or an acquisition by a company threatened by their very existence has to do two things. One, have a laser focus on precise markets and products that meet them. And two, have a maniacal focus on execution.

Last week, we had a long chat with Renee James, founder and chief executive officer of Arm server chip upstart Ampere Computing last week, about the prospects of selling millions of server CPUs to the hyperscalers and cloud builders, many of whom cant easily or cost-effectively create their own Arm compute engines despite the fact that Amazon Web Services is clearly showing it can be done with its Graviton line and its Nitro DPU offshoot. This week, we want to go over the Ampere Computing roadmap, which is a kind of barebones form for public consumption but which no doubt has a lot more meat on it when it is given to the hyperscaler and cloud builder customers that the company is clearly, vocally, and solely targeting.

And then we want to do a thought experiment about how Ampere Computing might be pulled into the enterprise server CPU space anyway. A bit like a fox and a wolf being tricked by a rabbit into throwing the bunny into the briar patch, perhaps.

With that, onto the barebones Ampere Computing processor roadmap, which you can take a gander at here:

And here is how we augmented it to show what happened from the beginning and what we think is happening in the future:

We added in the code names of the first three chips that Ampere has brought to market, and we find it funny that to date the codenames for the four chips under construction by the company have been based on Marvel (one L) superheroes and that Marvell (two Ls) was the main rival of Ampere Computing in delivering Arm server chips to the hyperscalers and cloud builders. Marvell has since left the field after not finding buyers for its Triton ThunderX3 chip and its custom, hyperthreaded core. The 80-core Quicksilver Altra chips have been shipping since last year, and the 128-core Mystique Altra Max chips are sampling now and will ship in the third quarter. The Siryn chip will be the first 5 nanometer Ampere Computing part, and we are assigning the future 2023 chip the codename Polaris, after the Marvel superhero of that name who is the sister of Quicksilver both the children of Magneto, as it turns out. (If we are wrong, we will update this story.)

What was also not shown on this new 2021 roadmap is the original Ampere Computing eMAG 1 chip, which was roughly based on the intellectual property that it acquired from Applied Micro, the original enterprise grade, server class Arm CPU startup. So we added that back in. The X-Gene 3 design was tweaked, of course, when Ampere Computing decided to enter the server racket. eMAG could possibly refer to Magneto, the archvillain turned good guy from the X-Men franchise, of course, but we long thought it was also short for Microsoft, Amazon, Google, who were the three most likely hyperscaler and cloud builder customers interested in Arm server chips when Ampere Computing was founded in October 2017. Why not both?

In any event, if hyperscalers and cloud builders buy roadmaps, not point products, as James told us, they didnt buy this one we are seeing above and that we augmented a little to add in the complete history. The roadmaps that these customers are seeing must have a lot more feeds and speeds on it. Feel free to send it to us, Google or Microsoft. Or Amazon, which may find itself buying future Altra processors from Ampere Computing at some point, too. The Graviton chips are differentiating now because there was no other decent Arm server CPU in the field, and Amazon has to build its Nitro DPU processors anyway. But, if the Altra volumes ramp up and Ampere Computing makes better chips at a cheaper price than Amazon can do itself, you can bet your Prime delivery service contract that AWS will change the tune in a heartbeat. Particularly if there are SKUs of the Altra line that can work like a Nitro DPU as well.

This vertically integrated stack argument for the hyperscalers and cloud builders can be taken too far. Why spend a few hundred million bucks on chip design and manufacturing tuning to save a few hundred million bucks off the price of commercial CPUs if, in the end, there might not be any real differentiation? We shall see how the costs and strategies line up, and we think that the hyperscalers and cloud builders might hedge for a while and build as well as buy Arm server chips as well as pit Intel and AMD against each other in the X86 server CPU space.

It is going to get real interesting, folks.

There are a couple of things to notice in that Ampere Computing roadmap above. First, there is an annual cadence to product releases, which is why hyperscalers and cloud builders want. And the reason is simple: A new product implies a price/performance improvement at list price. This is how it used to be in the server CPU racket for so long, and product roadmaps got all stretched out by the death of Dennard scaling a decade ago and by Moores Law being sick now.

Lets go back a little further in history with Applied Micro. Take a look:

The Applied Micro cadence was about two years between generations, with the Storm X-Gene 1 that debuted in 2014 having eight cores running at 2.4 GHz and four DDR3 channels, etched in 40 nanometer processes from Taiwan Semiconductor Manufacturing Corp. The Shadowcat X-Gene 2 that started sampling in 2014 and that came out in 2016, stayed at eight cores and shrank to 28 nanometers with a slight boost in clock speed to 2.8 GHz and integrated RoCE RDMA for the Ethernet controllers on the chip. The Skylark X-Gene 3 chip was slated for a shrink to 16 nanometers with 16 cores, and somewhere along the way that core count was bumped up. And that is what Ampere Computing delivered in the eMAG 1 chip, but the company didnt just slap a new name on the Skylark chip from Applied Micro.

Ampere Computing is picking up the pace as well as also committing to not missing a step something that Applied Micro and Intel have done, and in the latter case, that AMD has been able to exploit with its Epyc line of X86 server processors as Intel has had delay after delay with its Xeon SP lineup.

From the looks of things, we would guess that Ampere Computing will try to get two generations out of each manufacturing process node, the same as AMD has been doing with the Rome Epyc 7002s and Milan Epyc 7003s. AMD has put out a new core with each generation but sometimes kept the core count constant (as it did with the Milan chips, for instance).

Ampere Computing could do that, or it could just keep trying to cram more cores into each new generation. It is far more likely, however, that Ampere Computing will fall into a pattern like AMDs Epycs have started to have, where the new process allows a bump in core count and the refined process allows for a new core and some faster clocks and a chance to increase the amount of work done per core. The memory and I/O will be updated along with the process shrink, so in this case moving to PCI-Express 5.0 peripherals and DDR5 memory with the Siryn generation of Altra chips in 2022, and then doing refinements with the cores and I/O on the Polaris kickers in 2023, which we expect to also be etched in a refined 5 nanometer process rather than a 4 nanometer or 3 nanometer shrink.

As the eye doctor once said to us when she showed us what real 40/20 vision might look like using her computer-enhanced eye testing gear: You cant have that now. You gotta save some for later.

The question we have, and that Ampere Computing did not answer, is whether the Siryn and Polaris chips will be compliant with the new Armv9 specification and instruction set, but we strongly suspect they will be. What they will not be is based on Arms own Neoverse V1 or N2 cores, but a core designed by Ampere Computing, and one that does not have simultaneous hyperthreading because that doesnt boost performance enough to sacrifice the predictable, deterministic performance that comes from having the core as the fined grain of compute in the chip. The Quicksilver chips were based on Neoverse N1 cores, and the Mystique chips have a modified N1 core without hyperthreading since Arm Holdings doesnt believe in it any more than Ampere Computing does. It is not clear what Ampere Computing is doing in its cores, but Jeff Wittich, chief product officer at the company, hints that the design is as much about taking out stuff that hyperscalers and cloud builders dont need as it is about adding in things that they do.

We are an Arm licensee and we have been working on these Ampere cores for the past three and a half years, since Day One, Wittich tells The Next Platform. We are calling the initial one the A1 core and the follow-up the A2 core because Ampere Computing has not given them names, and we added this to the official Ampere Computing roadmap that we edited above. They will be Arm ISA compliant, and we want to remind everyone that it takes years to build a core from scratch. These cores were not derived the N1 cores used in Altra and Altra Max, or from Arm N1 or V1. We built these from the ground up and it is our own microarchitecture.

While not being specific when we asked what makes the Ampere cores different, when pressed for some insight, Wittich says that the noisy neighbor problem is tough, and isolating workloads for performance and security reasons or rather, doing it well requires for it to be built in from the beginning. Wittich also says the Ampere core design will inherently support horizontal scaling across sockets and nodes better and have less sharing of resources within the socket (presumably caches and other features) and better isolation of resources. More than this, Wittich is not at liberty to say right now.

We also know that the Siryn chips will have more cores than the Altra Max chip, which could mean 192 cores or even possibly 256 cores. Ampere Computing could do 192 of what we are calling the A1 cores in 2022 and then ramp that up with a refined 5 nanometer process to 256 cores in 2023, using a refined A2 core. Or it could save a radically improved A2 core for the 2024 annual upgrade bump. A lot depends on the needs of the market.

We will close with an important question: If a hyperscaler or cloud builder doesnt need it, why do you? If these chips are good for the Super 8 and their Slightly Less Super friends who are near hyperscale sorry Oracle, but you aint a hyperscaler and neither is ByteDance and a few of the other early Altra adopters then why not for any enterprise customer who is looking to build a modern platform to run microservices on a Kubernetes container platform?

Technology has to trickle down from on high as well as seep upwards from below. That is what The Next Platform is all about. And Arm server chips bring both of these forces to bear. Thats why we think eventually Ampere Computing will go mainstream, whether or not it wants to talk about it today. Some server maker somewhere will want to sell these. For sure.

Go here to see the original:
The Ampere Arm Server Chip Roadmap May Lead Beyond Hyperscalers - The Next Platform

Teresa Carlson, Splunk's new president and chief growth officer, was the vice president of worldwide public sector at AWS. Splunk

Teresa Carlson was the vice president of worldwide public sector and industries at AWS, and first founded the Amazon cloud giant's public sector division in 2010.

Prior to joining Amazon, Carlson was in charge of Microsoft's federal government business. Her over two decades of experience in the public sector have made her a well-known leader in federal IT circles, and she is credited with building up the bulk of Amazon cloud's now significant federal business, as well as leading the charge for Amazon's bid for the Joint Enterprise Defense Infrastructure (JEDI) cloud contract.

After Carlson was announced as the new president and chief growth officer of $22 billion data company Splunk in April, CEO Doug Merritt told Insider that she would operate as a "mini-CEO within the business," running her own playbook across its sales, marketing, and services organizations, and utilizing her relationships within the public sector.

Now, Carlson seems to have set a trend: Less than two months after Splunk announced her appointment, Splunk revealed another prominent AWS leader is joining the company.

Shawn Bice first joined AWS in 2016, where he was responsible for database products including Aurora, DynamoDB, DocumentDB, and many others. Like Carlson, Bice also worked at Microsoft prior to Amazon, and spent 17 years overseeing Microsoft products including SQL Server and Azure data services.

When he joins Splunk as President of Products and Technology on June 1, Bice will be responsible for the company's technical units, including the CIO, CTO, and CISO functions, and have a focus on cloud technologies. Splunk recently lost its CTO Tim Tully to venture capital firm Menlo Ventures.

"When it comes to data, we have only scratched the surface, and there is a tremendous opportunity for customers to reimagine and accelerate their business, both in the cloud and on-premises edge," Bice said in the company's press release.

According to the company, Splunk has attracted over a dozen new execs over the past year from companies including Salesforce, Google, Okta, Dropbox, and Autodesk to help navigate its next phase of growth.

Read more from the original source:
Meet the Influential Ex-Amazon Cloud Employees Making Waves in Tech - Business Insider