Amazon EFS 的 IA Storage Class

Amazon EFS 一直找不太到好用的使用情境,因為 NFS 的關係所以大量 I/O 時的 latency issue 使得速度快不起來,而拿來堆 log 的成本又超級高...

最新推出的 storage class 則是透過提供低儲存成本的版本,解決了堆 log 這種使用情境:「New – Infrequent Access Storage Class for Amazon Elastic File System (EFS)」。

不過 EFS 不像 S3 可以直接選擇 storage class,是需要讓系統管理的:

開啟後 30 天沒有被碰過的檔案就會切過去:

Eligible Files – Files that are 128 KiB or larger and that have not been accessed or modified for at least 30 days can be transitioned to the new storage class. Modifications to a file’s metadata that do not change the file will not delay a transition.

而 latency 也會增加:

Files that have not been read or written for 30 days will be transitioned to the Infrequent Access storage class with no further action on your part. Files in the Standard Access class can be accessed with latency measured in single-digit milliseconds; files in the Infrequent Access class have latency in the double-digits.

us-east-1 為例子來說,Standard 是 USD$0.3/GB-month,而 IA 只要 USD$0.045/GB-month,但抓取時會有 USD$0.01/GB 的傳輸費用,可以看出價錢低不少。

不過文章裡沒提到什麼時候會把資料從 IA 跳回 Standard,可能得找機會問問看...

Amazon EFS 也要推出 IA 版本了 (Infrequent Access)

Amazon EFS 也要推出 IA (Infrequent Access) 版本了,Infrequent Access 指的是不常存取的資料:「Coming Soon – Amazon EFS Infrequent Access Storage Class」。

這剛好配合上很多人拿 Amazon EFS 來堆 log 的行為... AWS 是說有機會到省到 85%,不過應該是非常大的量才有機會有這個價錢?

EFS IA reduces storage costs for files not accessed every day, with savings up to 85% compared to the EFS Standard storage class.

其實用過 Amazon EFS 的人都對效能抱怨頗嚴重 (透過 NFS 有太多操作沒辦法 cache,於是 network latency issue 就出現了),堆 log 或是當作跨機器的空間大概是目前的主流用法...

Amazon EFS 開放東京區使用,提供 Provisioned Throughput

兩篇 Amazon EFS 的消息:「Amazon Elastic File System (Amazon EFS) Available in Asia Pacific (Tokyo) Region」、「Amazon EFS Now Supports Provisioned Throughput」。

ap-northeast-1 等很久的功能終於上線了,另外本來 EFS 對速度是有限制的,現在則是提供付費方案讓你可以確保效能... (採用 credit 架構,不過一般是夠用的... 空間在 1TB 以下可以 burst 到 100MB/sec,參考「Throughput Modes」這篇的說明)

這樣有蠻多架構可以花錢來解了...

Amazon EFS 在首爾先開了...

Amazon EFS 其實就是 AWS 提供的雲端版 NFS 或是 CIFS,這對於某些應用來說很好用,尤其效能不是主要考量時,像是從外面買來的商用軟體需要找個空間放資料...

不過沒想到在亞洲第一個開的點居然是首爾 (i.e. ap-northeast-2):「Amazon Elastic File System (Amazon EFS) Available in Asia Pacific (Seoul) Region」。

提到 AWS 的首爾區,台北過去的直線距離雖然比大阪與東京都近,但各家的路由都是從日本繞過去,不然其實首爾的點應該會是台灣的首選... 不曉得北京與上海到首爾的連線情況又是如何,找機會開台機器測試看看。

Amazon EFS 推出 File Sync 服務

先前 Amazon EFS 需要找台機器掛上去再同步 (無論是 EC2 的機器還是透過 VPN 將自己的機器接上去),現在推出可以直接把檔案同步進去的服務了:「Sync Files to Amazon Elastic File System Quickly, Easily and Securely with EFS File Sync」。

不過不是所有提供 Amazon EFS 的區域都有,目前只有 us-east-1us-east-2us-west-2 以及 eu-west-1

EFS File Sync is available in the US East (N. Virginia), US East (Ohio), US West (Oregon), and EU (Ireland) regions, with availability in the EU (Frankfurt) and Asia Pacific (Sydney) regions coming in December 2017.

另外這是有費用的,目前有提供的四區都是 USD$0.01/GB。

Amazon EFS 在德國區開放使用

Amazon EFS 可以看作 NFS 的 SaaS 服務,前陣子宣佈加開德國區:「Amazon Elastic File System (Amazon EFS) Available in EU (Frankfurt) Region」。

加上原來的這些區:

Amazon EFS is also available in US East (N. Virginia), US East (Ohio), US West (Oregon), EU (Ireland), and Asia Pacific (Sydney).

唔,東京區什麼時候上啊...

AWS Storage Gateway 的新功能:File Gateway

AWS Storage Gateway 推出新功能 File Gateway:「File Interface to AWS Storage Gateway」。

可以讓使用者在前面用 NFS,後面實際接的是 Amazon S3

After you set it up in your data center or in the cloud, your configured buckets will be available as NFS mount points. Your application simply reads and writes files and directories over NFS; behind the scenes, the gateway turns these operations into object-level requests on your S3 buckets, where they are accessible natively (one S3 object per file).

以前自己用 FUSE 惡搞的方式,現在變成官方支援的功能?XDDD

Amazon EFS 脫離測試期

Amazon EFS 其實就當作是 NFS/CIFS as a service,之前一直在測試期,現在正式宣佈進入 Production 了:「Amazon Elastic File System – Production-Ready in Three Regions」。

開放三個區域使用:

I am happy to announce that EFS is now available for production use in the US East (Northern Virginia), US West (Oregon), and Europe (Ireland) Regions.

不知道穩定性如何 XDDD (因為 Amazon EBS 之前的穩定性太有名...)

之前在測試的時候發現只支援 NFSv4,不支援 NFSv3,這樣有點可惜... 另外價錢也頗高的 :o

USD$75 解 RSA 512bits

Cryptology ePrint Archive 上面剛好是 2015 年編號 1000 號的論文:「Factoring as a Service」。透過 Amazon EC2 服務以及 CADO-NFS 的幫助,四小時內就可以解出 512bits RSA,而如同作者說的,雖然已經很不安全了,但在許多地方仍然被使用著:

The difficulty of integer factorization is fundamental to modern cryptographic security using RSA encryption and signatures. Although a 512-bit RSA modulus was first factored in 1999, 512-bit RSA remains surprisingly common in practice across many cryptographic protocols. Popular understanding of the difficulty of 512-bit factorization does not seem to have kept pace with developments in computing power. In this paper, we optimize the CADO-NFS and Msieve implementations of the number field sieve for use on the Amazon Elastic Compute Cloud platform, allowing a non-expert to factor 512-bit RSA public keys in under four hours for $75. We go on to survey the RSA key sizes used in popular protocols, finding hundreds or thousands of deployed 512-bit RSA keys in DNSSEC, HTTPS, IMAP, POP3, SMTP, DKIM, SSH, and PGP.

另外也有專案網站:「Factoring as a Service」,程式碼也有放上 GitHub:「Factoring as a Service」。