KnowYourCloud Community

Cloud-powered Continuous Integration and Deployment architectures

Important step with cloud adoption is to manage quick cycles of learning and improvement of the cloud environment. The following presentation brought you by Amazon AWS guys contains great amount of slides including best practices and examples for Continuous Deployment, Optimization and Integration.

Our CEO interviewed by

“Newvem is the leader in enhancing cloud usage effectiveness through data analytics. Newvem’s suite of tools utilize both cloud data analysis and crowd sourcing to enable DevOps, IT Managers and other Cloud Stakeholders to get to the bottom of their cloud faster by operating more efficient, secure, and cost effective clouds” Interview with Zev Laderman, co-founder and CEO



Zev Laderman, CEO & Co-Founder at Newvem

Earlier in his career Zev managed several business units at Oracle and later led several successful startups, including Aduva which was acquired by Sun MicroSystems and Tradeum which was acquired by VerticalNet.

The Art of Infrastructure Elasticity

NIST Guidelines on Security and Privacy in Public Cloud

Although more and more cloud newcomers are grasping the essence of the cloud, the challenges are still great. EU or US “cloud regulations” with regard to security and privacy is still a popular topic of discussion in the cloud social sphere. NIST, a US government research organization, with its cloud program is one of leaders in pushing to define the cloud with its “right rules” supported by relevant standards.

“Cloud computing can and does mean different things to different people. The common characteristics most interpretations share are on-demand scalability of highly available and reliable pooled computing resources, secure access to metered services from nearly anywhere, and displacement of data and services from inside to outside the organization. While aspects of these characteristics have been realized to a certain extent, cloud computing remains a work in progress. This publication provides an overview of the security and privacy challenges pertinent to public cloud computing and points out considerations organizations should take when outsourcing data, applications, and infrastructure to a public cloud environment” 

Read More

What’s an Indicator ?

Newvem analytic Indicator refers to a meaningful raw cloud usage metric or a simple calculation of these metrics. Newvem analytic service detects and records these indicators in order to generate full visibility and forecast of your cloud usage. For example number of instances or the projected costs.

What’s a Cloud Insight ?

Newvem Analytic service locates regions of interest and meaningful usage patterns and generates insights out of them. Newvem Insights are are qualitative indicators or meaningful conclusions resulted of a comprehensive calculation of several indicators.

Newvem insight is a compound of the three following parts:

  1. The Data – the related indicators and raw metrics.

  2. The Conclusion – the insight’s qualitative results.

  3. The Recommendation – Newvem analytic provides an information and tools on how to act in order to achieve an improvement.

Suggest Your Insight

Reserved Instance usage opportunity

Instances behind ELBs accepting direct connections from the internet


We have noticed that you have at least one EC2 instance behind an Elastic Load Balancer that is accepting connection from IP addresses on the port to which the ELB is directing traffic.

AWS defines a special Security Group associated with the ELB.  Users can configure EC2 instances behind ELBs to receive connections to an IP port only from this special SG, thus assuring that only traffic coming from the respective ELB will reach that port. We recommend you change the security group configuration for those EC2 instances in a way that assure that those EC2 instances only accept traffic to the port targeted by the ELB, coming from this special ELB Security Group


Our identification of the issue is based on detecting EC2 instances behind an ELB, accepting connections from IP addresses on the Internet, on the same port to which the ELB is sending traffic.


View security groups

 AWS Management Console

    1. Log in to the AWS Management Console and click the Amazon EC2 tab.
    2. Click Security Groups in the Navigation pane. The console displays a list of security groups that belong to the account.
    3. To view more information about a security group, including its rules, select it. The group’s information is displayed in the lower pane.

Command Line Tools - 

 Enter the following command:
PROMPT>  ec2-describe-group [group ...]
Amazon EC2 returns output similar to the following example.
GROUP   sg-455b6c31     999988887777    WebServers   web
PERMISSION      999988887777    WebServers ALLOWS  tcp     80      80      FROM    CIDR       ingress

Tip: To filter the list to return only the security group with the open ports, use the ip-permission.from-port and the filters.

How to add a rule to a security groups

AWS Management Console

To add a rule to a security group -

    1. Log in to the AWS Management Console and click the Amazon EC2 tab.
    2. Click Security Groups in the Navigation pane. The console displays a list of security groups that belong to the account.
    3. Select an EC2 security group. Its rules appear on the Inbound tab in the lower pane.
    4. To add a rule:
      1. From the Create a new rule: drop-down list, select the option you want
      2. Specify a port or port range. In this case we suggest that you reduce the number of open ports to a minimum, limiting access from the outside world only to web-facing services (e.g. ports 80 for HTTP and 443 for HTTPS).
      3. In the Source field, specify one of the following:
      • Name or ID of a security group (to allow access from that group). If the group isn’t in your AWS account, prefix the group name with the AWS account ID and a forward slash (e.g., 111122223333/OtherSecurityGroup).
      • IP address range in CIDR notation (to allow access from that IP address range). For example, enter to allow all IP addresses to access the specified port range. Enter an IP address or range of addresses to limit access to one computer or a network, for example

5. Click Add Rule.

An asterisk appears on the Inbound tab.

6. Click Apply Rule Changes.

The new rule is created and applied to all instances that belong to the security group.

Additional Relevant Resources

Using Security Groups on Amazon AWS

Understanding Amazon EC2 Security Groups and Firewalls

Check Dome9 to control and manage your ports on-demand

Recipe: Programmatically Creating and Updating AWS security groups

Mistake # 1: Picking Over-Sized Instances

AWS offers a diverse variety of instance types and sizes for their operation.  Although flexible, we found that many users pick instances that are far more powerful than they actually needed, which can lead to unnecessary costs.

Read More

Mistake #2: Provisioning Too Many Instances

Besides picking instance types that provide (and cost) more than what you need, another common over-provisioning mistake is running too many instances in clusters or behind load balancers. Forgetting the on-demand aspect of the cloud becomes common – you don’t need to kick-off all the nodes of your cluster you may need on peak loads. You can add nodes as needed, and you can automate that too – AWS even has an auto-scaling functionality built in its platform.

Read More