Why TV Lost
Graham identifies four forces: 1. The Internet’s open platform fosters innovation at hacker speeds instead of big company speeds. 2. Moore’s Law worked its magic on Internet bandwidth. 3. Piracy taught a new generation of users it’s more convenient to watch shows on a computer screen. 4. Social applications made everybody from grandmas to 14-year-old girls want computers — in a three-word-nutshell, Facebook killed TV.
Nation’s New CIO Speaks of Clouds
NYTimes has a good blog post about the nation’s new CIO and his desire to embrace cloud computing:
Mr. Kundra also said that he would push the government to embrace cloud computing — having work done on large servers rather than on desktop PCs. He acknowledged that there are privacy and security issues with some cloud-computing efforts, particularly when the computers are not all operated by the government. But he said that should not stop the government from taking advantage of the speed and efficiency such systems offer.
Cloud security: Is it raining in the cloud?
SC has a good write up on cloud computing security:
Cloud computing, as least as a concept, is being driven largely by economics. It is generally less costly to run applications, add capacity and increase storage in the cloud, rather than investing in new hardware and software, and bringing on additional staff and beefing up networking.
“Cloud computing will happen because it has too much of an economic incentive and developer support – applications can be quickly added and developers can have a single place to maintain source code,” says Vatsal Sonecha, VP, business development & product management at TriCipher.
Overall, incentives include application-deployment speed, lower costs and fast prototyping. These are strong drivers. So much so that Gartner predicts that by 2012, 80 percent of Fortune 1000 companies will pay for some cloud computing service, and 30 percent of them will pay for a cloud computing infrastructure.
That is not to say that entire data centers will be moving to the cloud, at least in the largest companies. But for certain solutions, the cost benefits are hard to ignore.
Locking Down Access to Scalr Web Interface
I wanted to touch briefly on the security concerns for having Scalr accessible via the Internet. If you are running your own install of Scalr this is an important factor before even adding the first farm. For my own sake I will not getting into my exact setup, but instead talk about a few approaches to locking down access to Scalr.
Possibly the best approach is to limit access to Scalr interface to internal network requiring users to use OpenVPN or some other VPN solution to access internal resources which would include Scalr. If you are hosting Scalr on an AWS instance be sure to set the security group to only allow the port you are running for VPN. You can find a quick and dirty howto for OpenVPN on an EC2 instance at Google Books.
Another option is to use SSL and mod_access (Apache 1.3) or its renamed equivalent in Apache 2.2 mod_authz_host to limit those who have access to Scalr interface. You should for sure at least use SSL to access Scalr. You can also add a layer of authentication for good measure using Apache Basic Authentication.
Being that Scalr controls the rest of your AWS setup it is by far the one thing you want to lock down as much as possible.
Using Subversion to Update Content with Scalr Scripts
I wanted to touch again on the use of Subversion (SVN) to populate the /var/www of app servers on Scalr. Basically the issue is how to add your web content to a new instance once it has automagically launched a new instance due to high load. So Scalr will launch another app role once the server reaches a load threshold you have previously set. So the issue is I can have the instance started, but once it has launched the /var/www needs to be populated for that server to be able to serve content via load balancer.
Scalr Scaling Settings
This is where SVN and Scalr Scripting come into play. I keep all my site content in a SVN repo. So I link to whatever production tag I want to be live at that time. In order to get the directory populated I make a simple script to do an svn checkout of that tag to /var/www. A simple bash script is added to do the checkout and is added to the “OnHostUp” option. This way once the server sends its SNMP trap saying it is up the script will be executed. This is also a helpful means of updating your servers to a newer build. I DO NOT checkout the tag directly into /var/www instead I make a symlink to /var/svn where the tags are checked out. So when it is time to roll out a new production tag I simply checkout the new tag to /var/svn and redo the symlink to point at new tag. This way if there is an issue that was not forseen in the QA process I can roll back to known good tag by redoing symlink. This is an easy but very effective way of using Scalr scripts and SVN to manage content loading on servers.
Using Zabbix to Monitor Scalr Farms
Since I have been using Scalr to manage my Amazon Web Services farms I have been wanting more monitoring in terms of statistical information on services, traffic, disk usage, and uptime to name a few. Scalr has built in means of basic event notifications such as host up, host down, etc. Along with providing very basic load statistic via RRDtool. In the past I have always used Zabbix for most projects I have worked on so I wanted to be able to use it with Scalr. I am still testing the setup I am going to speak of so please keep that in mind. This is NOT a howto, but more of a brainstorming of how I plan on getting Zabbix integrated into my Scalr setup. In the Zabbix documentation (PDF) there are a few ways to use the auto-discovery that they cover (page 173). You can have Zabbix monitor a block of IPs to find new Zabbix Agents running for example. So here is what I will have my Zabbix Server do:
- Look for new Zabbix Agents on my AWS internal IP range.
- If the system.uname contains “Scalr” it will add to Scalr server group
- Server must be up for 30+ minutes
There will be other stipulations in order to get the server added to Zabbix. I will have system templates for each of my Scalr AMI roles. Once the server is added to Zabbix it will add them to to their respective groups and monitor for items and triggers listed in the system template. There will also be a rule to remove old instances after 24 hours from Zabbix after receiving the host down trigger. This way I will not have a bunch of old instances that were once monitored still cluttering Zabbix database. If you happen to also have Windows AWS instances you can add a rule to monitor these as well. The AMI just needs to have the Zabbix Windows Agent installed.
Architecture of a Scalr DNS Infrastructure
When I decided to take the route of running Scalr on our own servers to manage our Amazon Web Services farms one important consideration was Scalr’s use of DNS servers to change records. I made the choice of hosting our own DNS infrastructure in order to keep initial cost down. But also to allow us the flexibility to change and control our DNS internally. So now onto my approach to doing this most effectively. Firstly two separate DNS servers were chosen of the self-managed dedicated server form. One server was chosen in a west coast location while the second was on the east coast. Being that more of our traffic come from the western states the NS1 was selected accordingly. Now I used two non-Scalr managed AMIs to run our NS3 and NS4 servers. Each in a separate AWS datacenter. The idea being that the internal custom bundled AMIs for Scalr I built would use the NS3 and NS4 for their internal DNS. I find this to be an excellent mix of using AWS and old fashioned dedicated servers to manage our DNS.
Cloud Computing and BSD’s Place In It
I am a Linux guy. But I am also a big lover and user of OpenBSD and FreeBSD. This got me to thinking of BSD and it’s place in Cloud Computing. In terms of Amazon Web Services EC2 I have yet to see it. When checking the FreeBSD and OpenBSD projects I have yet to see it at all in a Xen form. There are a few posting regarding getting it to sort of work. There is a wiki page for FreeBSD project dedicated to a Xen port. I believe this lack of Xen support will not help BSDs to compete with Linux flavors. I would love to be able to use BSD for certain roles.
Using Scalr to Manage Amazon Web Services
I have been using Amazon Web Services for some time now and decided to use the Open Source Scalr Project to manage my farms on AWS. After overcoming many hurtles to getting Scalr running successfully I have been using it to manage my farms for about a month. Compared to the initial outlay required my RightScale the time it took to get Scalr running was nominal. Plus I like the ability to have a developer tweak the functionality of Scalr to fit our business requirements. There is an active Google Group for Scalr that I have used to solve most of my issues. People also have the option of using Scalr.net as a pay per month solution to manage their AWS farms. I chose to host my own instance of Scalr since we are doing large scale hosting and the previously mentioned need to customize it. I do enjoy the ease Scalr provides in bundling new custom roles I build for our various application servers. It allows you to simply press a button to save a new role for future use. Along with its ability to auto-scale as traffic dictates those are the two biggest pluses for me in using Scalr.
I will be adding more on my experiences with Scalr in coming days. If you are installing on CentOS5 I have some install notes I posted here.
AWS Console Beta
I have been playing around with the AWS Console recently released. It is a good start to a nice AWS provided interface for controlling EC2. It seems to only make sense that they provide a console instead of forcing people to look elsewhere such as RightScale or Scalr. For that matter I am not sure why Amazon does not just buy RightScale and provide their services as part of AWS.
