< ciso
brief />
Tag Banner

All news with #infrastructure security tag

179 articles

Introducing Meerkat: Cloudflare’s New Consensus Service

🟢 Cloudflare introduces Meerkat, an experimental distributed consensus service designed to provide strong consistency and global fault tolerance across 330+ data centers. Built atop the QuePaxa algorithm, Meerkat lets every replica accept writes and avoids leader-timeout availability failures common in Raft. Initially internal, Meerkat hosts applications like a transactional key-value store and leasing system by converting client operations into a replicated log, ensuring linearizability and majority-based safety.
read more →

SageMaker Unified Studio now supports Terraform

🔧 Amazon SageMaker Unified Studio now supports Terraform provisioning via the open-source terraform-aws-sagemaker-unified-studio module. Platform teams can deploy domains through version-controlled templates and integrate SageMaker Unified Studio into existing infrastructure-as-code pipelines. The module manages domain infrastructure and IAM roles, includes sub-modules for blueprints and projects, and uses the Terraform AWS Cloud Control Provider.
read more →

CloudFormation adds pre-deployment validation by default

🔍 AWS CloudFormation now performs pre-deployment validation on Create Stack and Update Stack operations, surfacing common deployment errors in seconds before any resources are provisioned. The release extends validation previously limited to change set creation and introduces three new checks as warnings for service quota limits, AWS Config Recorder conflicts, and ECR repository deletion readiness. Validation results are viewable via the DescribeEvents API, the CloudFormation console Deployment validations tab, and in CDK outputs for automation and AI agents. Pre-deployment validation is enabled by default across supported regions (excluding China) and can be skipped per-operation with the DisableValidation parameter or CLI flag.
read more →

EC2 Auto Scaling adds reservations‑then‑balanced AZ strategy

🔔 Amazon EC2 Auto Scaling introduces a new reservations-then-balanced Availability Zone distribution strategy that prioritizes launching instances into your capacity reservations before distributing remaining capacity across AZs. You can configure it in the AvailabilityZoneDistribution of your Auto Scaling group and target reservations by Capacity Reservation Group ARN or individual Capacity Reservation IDs. The feature is available today in all AWS commercial Regions at no extra charge beyond standard EC2 pricing for reservations, On-Demand, and Spot instances.
read more →

AWS unveils Interconnect — last mile with AT&T

🔌 AWS introduces AWS Interconnect - last mile, a fully managed connectivity service that eases connections from branch offices, data centers, and remote sites to AWS. Now in a gated preview with AT&T in the US, the offering lets customers select region, bandwidth, Direct Connect Gateway ID and partner subscriber ID to initiate provisioning. AWS issues an activation key to complete AT&T provisioning while automating BGP, VLAN, and ASN setup, providing pre-provisioned capacity, high availability, and SLA-backed zero-downtime maintenance.
read more →

Azure Files boosts Linux workloads with NFS enhancements

📣 Azure Files provides fully managed file storage tailored for modern Linux workloads, combining familiar file access with built-in performance, resilience, and security. The service supports AI inferencing, cloud-native Kubernetes deployments, and enterprise migrations by exposing standard NFS and SMB endpoints and integrating with Azure services. New features like zonal placement, provisioned v2, and faster provisioning improve scale, latency, and cost management for shared file scenarios.
read more →

Amazon RDS adds M9g Graviton5 instances

🚀 Amazon RDS now supports M9g DB instances powered by AWS Graviton5 for PostgreSQL, MySQL, and MariaDB. These Graviton5-based instances deliver up to a 30% performance boost and up to a 23% improvement in price/performance versus Graviton4 equivalents, varying by engine, version, and workload. New 24xlarge and 48xlarge sizes provide up to 192 vCPUs, 100 Gbps enhanced networking, and 72 Gbps EBS bandwidth. Availability begins in US East (N. Virginia, Ohio), US West (Oregon), and Europe (Frankfurt); consult RDS documentation and pricing for engine support and regional details.
read more →

Google Brazos: Rack Liquid Cooling for Legacy Racks

🔧 Google announces Brazos, a rack-mounted, closed-loop liquid-to-air cooling solution designed to enable high-density AI and HPC gear within traditional air-cooled data centers. Brazos separates the internal IT liquid loop from facility water, enabling one-rack-at-a-time deployment and avoiding costly chilled-water retrofits. The modular design features three cooling units, integrated rack manifolds, and hot-swappable FRUs for field serviceability, and it fits OCP ORv3 form-factor racks. Google plans to open-source Brazos specifications and encourage industry adoption through forums like the Open Compute Project.
read more →

EKS local clusters now support EC2 instance store on Outposts

🆕 AWS now supports Amazon EKS local clusters on first- and second-generation AWS Outposts racks that boot Amazon EC2 instances from EC2 instance store. This extends Outposts’ static stability benefits to EKS local clusters, keeping the entire Kubernetes control plane on the Outpost to meet data residency needs and reduce impact from temporary network disconnects. The updated architecture brings greater operational parity with cloud EKS, includes managed control plane responsibilities, and adds support for EKS add-ons and modern auth mechanisms.
read more →

MWAA Serverless emits Airflow state events to EventBridge

📣 Amazon Managed Workflows for Apache Airflow (MWAA) Serverless now publishes workflow and task state change events to Amazon EventBridge, enabling event-driven automation for Airflow pipelines. Previously, teams relied on custom polling or manual monitoring; this capability lets MWAA Serverless emit events for workflow states (started, running, succeeded, failed) and task states (scheduled, succeeded, failed, up for retry). Use cases include alerting on failures, triggering downstream pipelines when upstream workflows succeed, and logging state transitions for compliance.
read more →

Deadline Cloud adds persistent storage for SMF workers

🔧 AWS Deadline Cloud now supports persistent storage for Service-Managed Fleets (SMF), enabling data retention across worker lifecycle events. Previously, SMF workers used ephemeral storage and required reinstalling software and assets after recycling. Now Deadline Cloud attaches persistent Amazon EBS volumes to SMF workers to preserve Conda environments, Perforce workspaces, shader caches, and asset collections, reducing startup time. You can configure volume counts per worker and set TTLs to balance retention and cost; availability and pricing match existing SMF EBS offerings.
read more →

Amazon RDS for SQL Server adds BYOM support

🔔 Amazon RDS for SQL Server now supports Bring Your Own Media (BYOM), enabling customers to migrate SQL Server workloads to a managed AWS service while reusing existing Microsoft SQL Server licenses and Software Assurance via Microsoft's License Mobility program. The capability integrates with AWS License Manager to help track license usage and maintain compliance. BYOM reduces the need to purchase additional SQL Server licenses or wait for existing agreements to expire when moving to RDS. It aims to simplify migrations from on‑premises, other clouds, or self‑managed EC2 deployments.
read more →

Reducing Core Server Boot Time After Firmware Update

🚀 After a firmware update, Cloudflare's Gen12 core servers experienced boots stretching from minutes to hours due to repeated network boot timeouts. The team traced the issue to UEFI probing every available network boot interface sequentially and fixed it by declaring the correct boot interface early in the PXE pre-boot stage. They implemented validation, vendor collaboration, and tooling enhancements (including regex matching and a uefi-same-hex flag) to enforce persistent settings. The result cut firmware upgrade automation from nearly four hours to about three minutes and subsequent boots from ~20 minutes to under a minute.
read more →

GKE standby buffers lower autoscaling latency and cost

🚀 Google announces GKE standby buffers to complement active buffers, providing low-cost suspended node capacity that resumes faster than cold node provisioning. Standby buffers store node state to disk, releasing compute and memory costs while keeping persistent disk and IP charges, enabling near-instant scheduling with only a small single-digit percent overhead. Together, active and standby buffers reduce pod scheduling latency, replace manual balloon-pod workarounds, and help balance performance and cost for spiky workloads.
read more →

Check Point and NVIDIA Secure AI Factory Infrastructure

🔒 At GTC Taipei during COMPUTEX 2026, NVIDIA highlighted its Vera BlueField-4 STX and DOCA innovations designed to secure enterprise AI infrastructure. Modern AI factories combine high-performance compute, distributed storage, Kubernetes, APIs, GPU farms, and sensitive data, creating new security needs. Check Point integrates its AI Factory Firewall with NVIDIA BlueField and DOCA to provide visibility, segmentation, runtime protections, and infrastructure-level policy enforcement across distributed AI environments.
read more →

Migrating to Transit Gateway‑Attached AWS Network Firewall

🔐 This post explains AWS Network Firewall's new native attachment to Transit Gateway and how it replaces the traditional inspection VPC model. It outlines benefits such as simplified architecture, centralized control, and flexible cost allocation via Transit Gateway metering policies. The article summarizes preparation steps, two common centralized architectures, a phased migration approach, and best practices for testing, rollback, and preserving NAT Elastic IPs.
read more →

App-centric Maintenance Visibility in Unified Maintenance

🛠️ App-centric maintenance visibility in Unified Maintenance shifts focus from infrastructure to business services. By integrating with App Hub, Unified Maintenance aggregates maintenance schedules for registered resources—GKE clusters, GCE VMs, AlloyDB instances—into a single application-aware dashboard. This reduces manual mapping, speeds triage of performance issues against planned updates, and helps platform teams predict operational impacts across many projects.
read more →

Google’s Network Strategy for the AI Era

📡 Google details how its global network and new data center fabrics are being redesigned for AI workloads, describing a vertically integrated stack anchored by an AI Hypercomputer. The post highlights Virgo Network, campus-scale and WAN innovations, and AI-native Cloud Interconnect to meet extreme bandwidth, low latency, and burst tolerance requirements. It emphasizes co-design with accelerators, autonomous reliability features, and global footprint benefits for inference and cross-site training.
read more →

Dutch raid seizes servers, arrests hosting co-owners

🛡️ Dutch authorities arrested two co-owners of related hosting companies and seized over 800 servers on May 18, alleging they operated infrastructure used by Russia for cyberattacks and influence operations targeting the EU. The arrests follow investigative reporting that linked MIRhosting and WorkTitans to Stark Industries, an ISP sanctioned by the EU for facilitating DDoS, proxy, and anonymity services tied to Russia-backed actors. Officials searched businesses and data centers and charged the suspects with violating sanctions law by making economic resources available to sanctioned entities. Both suspects deny wrongdoing and one company says it has paused services to the implicated client pending internal review.
read more →

Azure IaaS: System-Level Approach for High Performance

🔧 This third post in the Azure IaaS series argues that cloud performance must be managed as a coordinated system across compute, storage, and networking rather than as isolated resource choices. It highlights platform features like Azure Boost, Ultra Disk, and Premium SSD v2 that offload processing, tune I/O, and decouple capacity from throughput. The article examines requirements for AI, cloud-native, and business-critical workloads and explains how Azure services such as AKS, Azure Container Storage, ExpressRoute, and advanced networking (eBPF/Cilium, Accelerated Networking) combine to deliver consistent, scalable, and recoverable performance.
read more →