The hottest topic of the week in cloud computing-land probably has been the introduction of Oracle VM Server as underlying hypervisor in Amazon EC2, side by side the Xen implementation of Red Hat Enterprise Linux (RHEL). But Amazon did much more than that to earn the attention of customers.
In less than one month in fact, the company announced an impressive number of changes for EC2, including a price reduction, a new micro instance, support for Linux as guest operating system, and four new features that have a huge potential.
Starting September 1st, EC2 On-Demand and Reserved Instance prices on the m2.2xlarge (High-Memory Double Extra Large) and the m2.4xlarge (High-Memory Quadruple Extra Large) have been reduced by 19%.
Amazon is now targeting the lower end of its potential customer base with a new on-demand instance called Micro (t1.micro), that has the following configuration:
- Up to 2 EC2 Compute Units (for short periodic bursts)
- 613MB vRAM
- no local, ephemeral storage (boot from Elastic Block Store required)
- support for 32 and 64bit guest operating systems (both Windows and Linux)
- Price starts at $0.02 per hour for Linux and $0.03 per hour for Windows AMIs
The best part is that the Micro instance can be configured through the CloudWatch service to auto scale when the vCPU approaches 100% utilization, by adding more Micro instances or upgrading to a Small instance.
Amazon suggests to use this new instance for low traffic web servers (tens of requests per minute, DNS servers, load balancers, proxies, monitoring services, hands-on training sessions, etc.
Optimized Linux AMI
Amazon has developed a lightweight Linux distribution, currently based on kernel 2.6.34, optimized for EC2.
The AMI, available in 32 and 64bit flavors, ships a restricted selection of packages and services. Customers can add more from a repository in S3.
It ships with AWS command-line tools and libraries, plus Ubuntu’s CloudInit package, which simplifies the configuration of things like hostname, SSH private keys, ephemeral mount points, etc.
At least one of the new features introduced in the last three weeks is pretty significant: resource tagging.
This capability basically allows to define new labels, assigning them any value of choice, to a number of resources inside EC2, including: EC2 instances, Amazon Machine Images (AMIs), EBS volumes, EBS snapshots, and Amazon VPC resources such as VPCs, subnets, connections, and gateways.
This is huge as it represents the building block of the new security model that is much needed in cloud computing. Thanks to resource tagging, in future customers may be able to define the security attributes of their virtual machines, virtual storage and virtual networks. At that point a proper security policy enforced by the EC2 orchestrator layer will ensure, for instance, that an AMI labeled as Confidential won’t be hosted together with AMIs labeled as Top Secret, or that an AMI labeled as Secret won’t sent unencrypted traffic on a virtual network labeled as Confidential.
The best part of resource tagging is that the primitives to manage tags (Create, Describe and Delete) are exposed by the EC2 API, allowing virtualization security vendors like HyTrust to do out-of-band zones enforcement without waiting for Amazon to actually leverage the tags for security.
The other features are:
- Capability to import the public half of RSA key pair (1024-4096bits long, OpenSSH public key format, Base64 encoded DER format, and RFC 4716 SSH public key file format supported)
- Support for Amazon Virtual Private Cloud (VPC) in the AWS Management Console
- Support for filtered results in Describe APIs
- Idempotency for some API functions (performing an operation more than once yields the same result as applying it just once)