1-888-317-7920 info@2ndwatch.com

Hat Trick for 2nd Watch

2nd Watch again has been named in the Magic Quadrant for Public Cloud Infrastructure Professional and Managed Services, Worldwide.

For the third year in a row, 2nd Watch was recognized in Gartner’s Magic Quadrant (MQ), this year positioned highest among companies in the Challengers quadrant for its ability to execute.

Our team is honored to be included in Gartner’s research, which is the gold standard for technology thought leadership. We attribute our success year-over-year to an amazing team of individuals who work at 2nd Watch to provide best-in-class cloud services to our customers day in and day out!

Each year, Gartner has continued to raise the bar for inclusion in the MQ because the market is evolving so rapidly.  For the past few years professional and managed services have been tightly coupled and could be combined into cloud services, as reflected in this year’s nw Magic Quadrant title.  With the rate of innovation in the cloud services, customer require providers that are proactive, knowledgeable, and highly-skilled in architecture, engineering and optimization, which is embodied by cloud services.  Lines may be blurred between professional and managed services, which is why 2nd Watch is able to react to customer needs quickly whereas some of the larger providers may have difficulties sharing knowledge across businesses or departments.

From our perspective, here are some key take-aways from the report. Read the full report here.

  • 2nd Watch’s investment and development in the science of optimization is paying dividends. Our customers tell us they save more money when working with 2nd Watch compared to other providers or by managing their cloud spend on their own.
  • 2nd Watch’s reputation of mastering core capabilities for the leading CSPs is being recognized by our customers.
  • 2nd Watch is easy to work with from our pre-sales to our final deliverables.
  • 2nd Watch customers are extremely satisfied with our results, as reflected in one of the highest Net Promoter Scores in the industry. Our customer retention rates remain high, which is a reflection of our teams’ expertise and sensitivity to customer needs.

As we drive forward in 2019, we will continue to focus on our customers by delivering extremely valuable solutions for them every day. Being recognized by Gartner is very valuable and none of this would be possible without the highly-talented individuals that are part of the 2nd Watch team – thank you!

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

-Jeff Aden, Co-Founder & EVP of Marketing & Business Development

Facebooktwitterlinkedinmailrss

2nd Watch Earns AWS Certification Distinction for Achieving 200 Certifications

Today we are excited to announce we have earned an AWS Certification Distinction for achieving more than 200 active AWS Certifications! We have invested significant time and resources in education to validate the technical expertise of our staff with AWS certifications, enabling our cloud experts to better serve our clients across the US. This distinction assures our customers that they are working with a well-qualified AWS partner, since AWS Certifications recognize IT professionals with the technical skills and expertise to design, deploy, and operate applications and infrastructure on AWS.

2nd Watch’s value of achieving AWS Certifications is passed on to our customers, beyond passing an exam, as our technical teams have nearly a decade of hands-on, practical experience surpassing many providers. This designation is more than just an AWS Certification in that it highlights our company’s culture and commitment to providing highly-qualified individuals for every project to provide customers a high-quality and consistent customer experience in every engagement.

“Being an APN Partner provides us with the right resources, accreditation and training we need to serve our customers, and these certifications validate our AWS expertise and customer obsession,” says 2nd Watch co-founder and EVP of Marketing and Business Development, Jeff Aden. “AWS Certifications benefit our team and extend to our customers in a high-quality experience. We’ll continue to invest in our team’s education and training, to ensure we’re at the forefront of AWS’ innovation.”

AWS Certifications are recognized industry-wide as a credential that shows expertise in AWS cloud infrastructure, and has been recognized as one of the top 10 Cloud Certifications for partners. Historically, AWS Certifications have been an individual achievement, but APN Certification Distinctions now showcase APN Partners that have achieved 50 or more AWS Certifications.

-Nicole Maus, Marketing Manager

Facebooktwitterlinkedinmailrss

Seattle, We Have a Problem

Sometimes stories that explode in the media fade just as quickly – tempests in a teapot.  But this week’s revelation about two critical flaws in nearly every processor made in the last 20 years is most assuredly not a tempest in a teapot. The tech community will be assessing the implications of these vulnerabilities, dubbed Meltdown and Spectre, for the foreseeable future. And this is especially true for the cloud community.

Most modern CPU, including those from Intel, AMD, and ARM, increase performance through a technique called “speculative execution.” Flaws in processor hardware allow Meltdown and Spectre to take advantage of this technique to access privileged memory — including kernel memory — from a less-privileged user process. There are any number of excellent technical write-ups, including https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-heres-what-intel-apple-microsoft-others-are-doing-about-it/, with more detail. In short, Meltdown breaks the isolation between the application and the operating system, while Spectre breaks the isolation between applications. Both hardware flaws allow malicious programs to steal data that is being processed in computer memory, including sensitive or secret information such as credentials, cryptographic keys, data being processed by any running program, or opened files.

Of the two vulnerabilities, Meltdown is the more immediate threat with proof-of-concept exploits already available. However, Spectre is much deeper and harder to mitigate, potentially leading to ongoing, subtle exploits for years to come. Worse yet, these hardware flaws can be exploited on any modern operating system including Windows, Linux, macOS, containerization solutions such as Docker, and even some classes of hypervisors.

Much of the press has concentrated on the impact to personal and mobile devices – PCs, tablets, smartphones – but cloud environments, whose very foundation is based on resource isolation, are especially impacted. Since the cloud industry is centered in the Puget Sound, we might say “Seattle, we have a problem.”

Because of the critical nature of these vulnerabilities, cloud providers such as Amazon, Microsoft, and Google have already updated their systems. While most mitigation efforts revolve around operating system patches, both AWS and Azure have addressed the problem at the hypervisor level. Both CSPs contend that performance has not been meaningfully impacted, which, if true, is in welcome contrast to initial estimates of performance hits of up to 30%. More information can be found at https://azure.microsoft.com/en-us/blog/securing-azure-customers-from-cpu-vulnerability/ and https://aws.amazon.com/security/security-bulletins/AWS-2018-013/.

Even with hypervisor-centric fixes, it is still critical to update the operating systems running on instances, and thereby improve these operating systems’ abilities to isolate software running within the same instance. All the major CSPs have already installed patches so that all new instances will have the latest version, but existing instances must still be updated. Please note that all AWS instances running Lambda functions have already been patched and no action is required.

If you are a 2nd Watch Managed Cloud customer whose service plan includes patch management, please contact your Technical Account Manager to discuss patch availability and scheduling.  These patches are considered high priority. If you are not currently in a service tier in which 2nd Watch manages patching on your behalf, it is urgent that you patch all your operating systems as soon as possible. If you need assistance in doing so, or if you would like to learn more about how we can proactively manage these issues for you, please contact us.

-John Lawler, Senior Product Manager

Facebooktwitterlinkedinmailrss

AWS re:Invent 2017 Session: Continuous Compliance on AWS at Scale (VIDEO)

In cloud migrations, the elastic nature of the cloud is often touted as a critical capability in delivering on a business’ key initiatives.  However, if not accounted for in your Security and Compliance plans, you could be facing some real challenges. Always counting on a virtual host to be running, for example, will cause issues when that host is rebooted or retired. This is why managing Security and Compliance in the cloud is a continuous action requiring both forethought and automation.

At AWS re:Invent 2017, 2nd Watch hosted a breakout session titled “Continuous Compliance on AWS at Scale” where attendees learned how a leading, next generation, Managed Cloud Provider uses automation and cloud expertise to successfully manage Security and Compliance at scale in an ever-changing environment. This journey starts with account creation, goes through deployment of infrastructure and code and never ends.

Through code examples and live demos, presenters Peter Meister and Lars Cromley demonstrated the tools and automation you can use to provide continuous compliance of your cloud infrastructure from inception to ongoing management.  In case you missed the session or simply wish to get a refresher on the content that was presented, you can now view the breakout session recording below.

 

 

 

 

 

 

 

 

— Katie Laas, Marketing Manager, 2nd Watch

 

Facebooktwitterlinkedinmailrss

AWS re:Invent 2017 Recap and Initial Impressions

While AWS re:Invent 2017 is still fresh in our minds, here are some of the highlights of the most significant announcements.

Aurora Multi-Master/Multi-Region: This is a big deal! The concept of geographically distributed databases with multiple masters has been a long-desired solution. Why is this important?
Having additional masters allows for database writes, not just reads like the traditional read replicas that have been available. This feature enables a true multi-region, highly available solution that eliminates a single point of failure and achieves optimum performance. Previously, third party tools like Golden Gate and various log shipping approaches were required to accomplish proper disaster recovery and high availability. This will greatly simplify architectures for some that want to go active-active across regions and not just availability zones. Additionally, it will enable pilot light (and more advanced) DR scenarios for customers that are not going to be using active-active configurations.

Aurora Serverless: Aurora Serverless is an on-demand, auto-scaling configuration for the Aurora MySQL and PostgresSQL compatible database service, where the database will automatically start-up and scale up or down based on your application’s capacity needs. It will shut down when required, basically scaling down to zero when not being used. Traditionally, Aurora RDS required changing the underlying instance type to scale for database demand. This is a large benefit and cost saver for development, testing, and QA environments. Even more importantly, if your workload has large spikes in demand, then auto-scaling is a game changer in the same way that EC2 auto scaling enabled automated compute flexibility.

T2 Unlimited: T2 is one of the most popular instance types used by 2nd Watch and AWS customers, accounting for around 50% of all instances under 2nd Watch Managed Cloud Services. In the case of frequent, small and inconsistent workloads, T2 is the best price and performance option. However, one of the most common reasons that customers do not heavily leverage T2 is due to concerns related to a sustained spike in load that will deplete burstable credits and result in unrecoverable performance degradation. T2 unlimited solves this problem by essentially allowing unlimited surges over the former limits. We expect to see more customers will adopt T2 for those inconsistent workloads as a cost-effective solution. We will watch to see if this this shift is reflected in the instance type data for accounts being managed by 2nd Watch.

Spot Capacity: Spot instances are normally used as pools of compute that run standard AMIs and work on datasets located outside of EC2. This is because the instances are terminated when the spot price increases beyond your bid, and all data is lost. Now, when AWS reclaims the capacity, the instance can essentially hibernate, preserving the operating system and data, and startup again when the spot pricing is favorable. This removes another impediment in the use of spot capacity, and will be a large cost saver for environments that only need to be temporarily available.

M5 Instance Type: Given the large increase in performance of the newer processor generations, one can see large cost savings and performance improvements by migrating to a smaller sized offering of the latest instance type that meets your application’s needs. Newer instance types can also offer higher network bandwidth as well, so don’t put off the adoption of the latest products if possible.

Inter-region Peering: It’s always been possible to establish peering relationships between VPCs in the same region. Inter-region Peering uses AWS private links between VPCs in different availability zones and does not transit the open internet, eliminating VPNs, etc. This same feature is available inter-region. This makes multi-region designs cleaner and easier to implement, without having to build and configure VPN networking infrastructure to support it, which of course also needs monitoring, patching, and other maintenance. It was also announced that users of Direct Connect can now route traffic to almost every AWS region from a single Direct Connect circuit.

There were also some announcements that we found interesting but need to digest a little longer. Look for a follow up from us on these.

EKS: Elastic Container Services for Kubernetes – Amazon Elastic Container Service for Kubernetes (Amazon EKS) is a managed service that makes it easy for you to run Kubernetes on AWS without needing to install, operate, and maintain your own Kubernetes clusters. Even at last years’ AWS re:Invent we heard people wondering where the support for Kubernetes was, particularly since it has become the de facto industry standard over the past several years.

GuardDuty: AWS has now added a cloud-native tool to the security toolbox. This tool utilizes “machine learning” for anomaly detection. AWS GuardDuty monitors traffic flow and API logs for your accounts, letting you establish a baseline for “normal” behavior on your infrastructure, and then watches for security anomalies. These are reported with a severity rating, and remediation for certain types of events can be automated using existing AWS tools. We will be considering the best methods of implementation of this new tool.

Fargate: Run Amazon EKS and ECS without having to manage servers or clusters.

Finally, a shameless plug: If compliance is on your mind, watch this AWS re:Invent breakout session from our product and engineering experts.

AWS re:invent 2017: Continuous Compliance on AWS at Scale (SID313)

Speakers:
Peter Meister, Director of Product Management, 2nd Watch
Lars Cromley, Director of Engineering, 2nd Watch

In cloud migrations, the cloud’s elastic nature is often touted as a critical capability in delivering on key business initiatives. However, you must account for it in your security and compliance plans or face some real challenges. Always counting on a virtual host to be running, for example, causes issues when that host is rebooted or retired. Managing security and compliance in the cloud is continuous, requiring forethought and automation. Learn how a leading, next generation managed cloud provider uses automation and cloud expertise to manage security and compliance at scale in an ever-changing environment. Through code examples and live demos, we show tools and automation to provide continuous compliance of your cloud infrastructure.
Obviously, there was a lot more going on and it will take some time to go through it. We will keep you up to date with our thoughts.

–David Nettles, Solutions Architect, 2nd Watch
–Kevin Dillon, Director, Solutions Architecture, 2nd Watch

Facebooktwitterlinkedinmailrss

Well-Architected Framework Reviews

“Whatever you do in life, surround yourself with smart people who argue with you.” – John Wooden

Many AWS customers and practitioners have leveraged the Well-Architected Framework methodology in building new applications or migrating existing applications. Once a build or migration is complete, how many companies implement Well-Architected Framework reviews and perform those reviews regularly? We have found that many companies today do not conduct regular Well Architected Framework reviews and as a result, potentially face a multitude of risks.

What is a Well-Architected Framework?

The Well-Architected Framework is a methodology designed to provide high-level guidance on best practices when using AWS products and services. Whether building new or migrating existing workloads, security, reliability, performance, cost optimization, and operational excellence are vital to the integrity of the workload and can even be critical to the success of the company. A review of your architecture is especially critical when the rate of innovation of new products and services are being created and implemented by Cloud Service Providers (CSP).

2nd Watch Well-Architected Framework Reviews

At 2nd Watch, we provide  Well-Architected Framework reviews for our existing and prospective clients. The review process allows customers to make informed decisions about architecture decisions, the potential impact those decisions have on their business, and tradeoffs they are making. 2nd Watch offers its clients free Well-Architected Framework reviews—conducted on a regular basis—for mission-critical workloads that could have a negative business impact upon failure.

Examples of issues we have uncovered and remediated through Well-Architected Reviews:

  • Security: Not protecting data in transit and at rest through encryption
  • Cost: Low utilization and inability to map cost to business units
  • Reliability: Single points of failure where recovery processes have not been tested
  • Performance: A lack of benchmarking or proactive selection of services and sizing
  • Operations: Not tracking changes to configuration management on your workload

Using a standard based methodology, 2nd Watch will work closely with your team to thoroughly review the workload and will produce a detailed report outlining actionable items, timeframes, as well as provide prescriptive guidance in each of the key architectural pillars.

In reviewing your workload and architecture, 2nd Watch will identify areas of improvement, along with a detailed report of our findings. A separate paid engagement will be available to clients and prospects who want our AWS Certified Solutions Architects and AWS Certified DevOps Engineer Professionals to remediate our findings. To schedule your free Well-Architected Framework review, contact 2nd Watch today.

 

— Chris Resch, EVP Cloud Solutions, 2nd Watch

Facebooktwitterlinkedinmailrss