Google’s Project Zero team( researcher, Jann Horn, demonstrated that malicious actors could take advantage of speculative execution to read system memory that should have been inaccessible. For example, an unauthorized party may read sensitive information in the system’s memory such as passwords, encryption keys, or sensitive information open in applications.) discovered serious security flaws caused by “speculative execution,” a technique used by most modern processors (CPUs) to optimize performance.
These vulnerabilities affect many CPUs, including those from AMD, ARM, and Intel, as well as the devices and operating systems running on them.
Desktop, Laptop, and Cloud computers may be affected by Meltdown. Intel processor which implements out-of-order execution is potentially affected, which is effectively every processor since 1995 (except Intel Itanium and Intel Atom before 2013)
Because Meltdown and Spectre are flaws at the architecture level, it doesn’t matter whether a computer or device is running Windows, OS X, Android, or something else — all software platforms are equally vulnerable.
CVE-2017-5715 (branch target injection)
CVE-2017-5753 (bounds check bypass)
CVE-2017-5754 (rogue data cache load)
Windows Servers-based machines (physical or virtual) should get the Windows security updates that were released on January 3, 2018, and are available from Windows Update. The following updates are available:
Operating system version Update KB
Windows Server, version 1709 (Server Core Installation) 4056892
Windows Server 2016 4056890
Windows Server 2012 R2 4056898
Windows Server 2012 Not available
Windows Server 2008 R2 4056897
Windows Server 2008 Not available
More read from below links
Azure Load Balancer
It is a Layer 4 (TCP, UDP) load balancer that distributes incoming traffic among healthy instances of services defined in a load-balanced set.
Azure Load Balancer can be configured to:
Load balance incoming Internet traffic to virtual machines. This configuration is known as Internet-facing load balancing.
Load balance traffic between virtual machines in a virtual network, between virtual machines in cloud services, or between on-premises computers and virtual machines in a cross-premises virtual network. This configuration is known as internal load balancing.
Forward external traffic to a specific virtual machine.
All resources in the cloud need a public IP address to be reachable from the Internet. The cloud infrastructure in Azure uses non-routable IP addresses for its resources. Azure uses network address translation (NAT) with public IP addresses to communicate to the Internet.
Azure Load Balancer is configured differently Azure classic and Resource Manager deployment models.
Azure classic deployment model
Virtual machines deployed within a cloud service boundary can be grouped to use a load balancer. In this model a public IP address and a Fully Qualified Domain Name, (FQDN) are assigned to a cloud service. The load balancer does port translation and load balances the network traffic by using the public IP address for the cloud service.
Load-balanced traffic is defined by endpoints. Port translation endpoints have a one-to-one relationship between the public-assigned port of the public IP address and the local port assigned to the service on a specific virtual machine. Load balancing endpoints have a one-to-many relationship between the public IP address and the local ports assigned to the services on the virtual machines in the cloud service.
In the Resource Manager deployment model there is no need to create a Cloud service. The load balancer is created to explicitly route traffic among multiple virtual machines.
A public IP address is an individual resource that has a domain label (DNS name). The public IP address is associated with the load balancer resource. Load balancer rules and inbound NAT rules use the public IP address as the Internet endpoint for the resources that are receiving load-balanced network traffic.
A private or public IP address is assigned to the network interface resource attached to a virtual machine. Once a network interface is added to a load balancer’s back-end IP address pool, the load balancer is able to send load-balanced network traffic based on the load-balanced rules that are created.
Azure iLB Features
Elastic Load Balancing
Elastic Load Balancing automatically distributes incoming application traffic across multiple Amazon EC2 instances.
Elastic Load Balancing offers two types of load balancers that both feature high availability, automatic scaling, and robust security.
Classic Load Balancer
You can distribute incoming traffic across your Amazon EC2 instances in a single Availability Zone or multiple Availability Zones. The Classic Load Balancer automatically scales its request handling capacity in response to incoming application traffic.
Application Load Balancer
If your application is composed of individual services, an Application Load Balancer can route a request to a service based on the content of the request.
Containerized Application Support
You can now configure an Application Load Balancer to load balance containers across multiple ports on a single EC2 instance. Amazon EC2 Container Service (ECS) allows you to specify a dynamic port in the ECS task definition, giving the container an unused port when it is scheduled on the EC2 instance. The ECS scheduler automatically adds the task to the ELB using this port.
AWS ELB Features
Amazon S3 stores data as objects in a flat environment (without a hierarchy).It also allows to host static website content. You can get access to it either from your Amazon S3 bucket or through content delivery network AWS CloudFront.The process of requesting an object in Amazon S3 is slower, but Amazon S3 is a highly scalable storage service.
S3 supports something called expiration policy, which will enable you to move your old data(after a specified date) to Glacier(an even cheaper data storage) from which you can “expire” it after a certain date(specified by you).
Amazon EBS stores data as blocks of the same size and organizes them through the hierarchy similar to a traditional file system. EBS is not a standalone storage service like Amazon S3 so you can use it only in combination with Amazon EC2,similar to a local disk drive on your physical server.
Amazon EBS,can’t be easily scaled.Which means , If you need more storage space, you have to buy and configure a new volume of a bigger size.
There are three types of volumes in Amazon EBS.
General Purpose (SSD) Volumes- General Purpose Volumes are backed with Solid State Drive (SSD) and max 10,000 IOPS .
Provisioned IOPS (SSD) Volumes-This type of EBS volumes is backed with the same SSD but designed for heavy workloads from 30 IOPS/GB up to 20,000 IOPS.
Magnetic Volumes-It is a low cost volume that can be used with testing and development environments on Amazon EC2. It can also be used with applications that don’t require a lot of read/write operations.
DynamoDB on the other hand is a NoSQL database that can be used as a key value or a document(schema less record) store. DynamoDB record size is limited to 64KB.
Relation Data Store This is amazon’s managed database system. You can launch MySQL, SQL, PSQL(new), and many more types of SQL based databases. This Can be connected to using your preferred JDBC or ODBC connector.
This is amazon’s big data warehouse. It does bulck loads very well from S3, entire files at a time. RDS is cheaper for smaller data sets, Redshift is cheaper for larger data sets.
Amazon Glacier is marketed by AWS as “extremely low cost storage”. Amazon Glacier is pretty much designed as a write once and retrieve never (or rather rarely) service.
While Amazon Glacier is much cheaper than S3 on storage, charges are approximatey ten times higher for archive and restore requests and the restore of objects require lead times of up to 5 hours.
Google Storage (GS) stores objects (originally limited to 100 GiB, currently up to 5 TiB) that are organized into buckets (as S3 does) identified within each bucket by a unique, user-assigned key. All requests are authorized using an access control list associated with each bucket and object.
Azure Blob storage
It is like Amazon S3, offers a handy (and cheap) way to persist content and make it available across the web.
An availability set helps keep your virtual machines available during downtime, such as during maintenance. Placing two or more similarly configured virtual machines in an availability set creates the redundancy needed to maintain availability of the applications or services that your virtual machine runs.
•Planned maintenance events are periodic updates made by Microsoft to the underlying Azure platform to improve overall reliability, performance, and security of the platform infrastructure that your virtual machines run on. Most of these updates are performed without any impact upon your virtual machines or cloud services. However, there are instances where these updates require a reboot of your virtual machine to apply the required updates to the platform infrastructure.
•Unplanned maintenance events occur when the hardware or physical infrastructure underlying your virtual machine has faulted in some way. This may include local network failures, local disk failures, or other rack level failures. When such a failure is detected, the Azure platform automatically migrates your virtual machine from the unhealthy physical machine hosting your virtual machine to a healthy physical machine. Such events are rare, but may also cause your virtual machine to reboot.
When adding VMs to an Availability Set, Azure automatically assigns each VM an Update Domain and a Fault Domain. By default Availability Sets have two Fault Domains, each sharing a common power source and network switch, and VMs are automatically separated across the Fault Domains.
1- Download the script and save it to local location
2- Run it and provide the requested parameters
2- ./Set-ArmVmAvailabilitySet.ps1 –VmName ‘The VM Name’ –ResourceGroup ‘Resource Group’ –AvailabilitySetName ‘As Name’ –SubscriptionName ‘The Subscription name’
•can’t change the VM’s Availability Set once the VM is created
•can’t add an Azure VM to an Availability Set once the VM is created
•can’t remove a VM from an Availability Set
To remove a VM from an AvailabilitySet:
./Set-ArmVmAvailabilitySet.ps1 –VmName ‘The VM Name’ –ResourceGroup ‘Resource Group’ –AvailabilitySetName 0 –SubscriptionName ‘The Subscription name’
Download Link: https://gallery.technet.microsoft.com/Set-Azure-Resource-Manager-f7509ec4
6.Choose the VM size and then click Select to continue.
7.Choose Optional Configuration > Availability set, and select the availability set you wish to add the virtual machine to.
Below is a document for resizing ,modifying EC2 instances EBS volume.
Below is a document for moving Amazon EC2 instance to another Availability Zone, VPC or AWS Region without interrupting service.
Application Request Routing (ARR) is an extension to Internet Information Server (IIS), which enables an IIS server to function as a load balancer.
Document shows how to protect from instance termination or how to change the protection setting.