The kernel has, for many years, had the ability to control how memory
allocation is performed in systems with multiple NUMA nodes. More
recently, NUMA nodes have also been pressed into service to represent
different classes of memory; those nodes are now organized into tiers
according to their performance characteristics. While memory-allocation
policies can control the placement of pages at the NUMA-node level, the
kernel provides no way to connect those policies with memory tiers. This
patch series from Gregory Price aims to change this situation by
allowing allocations to be placed across tiers in a weighted manner.
The Python Steering Council has posted a
detailed plan for the addition of “free-threaded” (no global
interpreter lock) support into the Python mainline. It will not be a short
process and does not have a guaranteed successful outcome.
Phase I: Experimental phase, which can start immediately, in which
the free-threaded build is enabled through a build-time
option. This should not be the default install anywhere. At least
one major Python release should include this experimental
free-threaded build, to allow third-party packages to test and do
their own experimentation. In this stage we should make it clear
the build is experimental, not supported for “production use”, and
may be reverted.
Security updates have been issued by Debian (gst-plugins-bad1.0, openssl, roundcube, and xorg-server), Fedora (dotnet6.0, dotnet7.0, roundcubemail, and wordpress), Mageia (redis), Oracle (dnsmasq, python27:2.7, python3, tomcat, and varnish), Red Hat (python39:3.9, python39-devel:3.9), Slackware (mozilla and vim), SUSE (openssl-3, poppler, ruby2.5, and xen), and Ubuntu (.Net, linux-gcp-5.15, linux-gkeop-5.15, linux-intel-iotg-5.15, linux-starfive-6.2, mysql-5.7, ncurses, and openssl).
Дни преди местните избори в две от шестте държавни горски предприятия са изцяло отменени електронните търгове за продажба на дървесина, които бяха въведени месец март 2022 г. с цел спиране…
On May 20, 2023, the Federal Risk and Authorization Management Program (FedRAMP) released the FedRAMP Rev.5 baselines. The FedRAMP baselines were updated to correspond with the National Institute of Standards and Technology’s (NIST) Special Publication (SP) 800-53 Rev. 5 Catalog of Security and Privacy Controls for Information Systems and Organizations and SP 800-53B Control Baselines for Information Systems and Organizations. AWS is transitioning to the updated security requirements and assisting customers by making new resources available (additional information on these resources below). AWS security and compliance teams are analyzing both the FedRAMP baselines and templates, along with the NIST 800-53 Rev. 5 requirements, to help ensure a seamless transition. This post details the high-level milestones for the transition of AWS GovCloud (US) and AWS US East/West FedRAMP-authorized Regions and lists new resources available to customers.
Background
The NIST 800-53 framework is an information security standard that sets forth minimum requirements for federal information systems. In 2020, NIST released Rev. 5 of the framework with new control requirements related to privacy and supply chain risk management, among other enhancements, to improve security standards for industry partners and government agencies. The Federal Information Security Modernization Act (FISMA) of 2014 is a law requiring the implementation of information security policies for federal Executive Branch civilian agencies and contractors. FedRAMP is a government-wide program that promotes the adoption of secure cloud service offerings across the federal government by providing a standardized approach to security and risk assessment for cloud technologies and federal agencies. Both FISMA and FedRAMP adhere to the NIST SP 800-53 framework to define security control baselines that are applicable to AWS and its agency customers.
Key milestones and deliverables
The timeline for AWS to transition to FedRAMP Rev. 5 baselines will be predicated on transition guidance and requirements issued by the FedRAMP Program Management Office (PMO), our third-party assessment (3PAO) schedule, and the FedRAMP Provisional Authorization to Operate (P-ATO) authorization date. Below you will find a list of key documents to help customers get started with Rev. 5 on AWS, as well as timelines for the AWS preliminary authorization schedule.
Key Rev. 5 AWS documents for customers:
AWS FedRAMP Rev5 Customer Responsibility Matrix (CRM) – Made available on AWS Artifact September 1, 2023 (attachment within the AWS FedRAMP Customer Package).
AWS Customer Compliance Guides (CCG) V2 – AWS Customer Compliance Guides are now available on AWS Artifact. CCGs are mapped to NIST 800-53 Rev. 5 and nine additional compliance frameworks.
AWS GovCloud (US) authorization timeline:
3PAO Rev. 5 annual assessment: January 2024–April 2024
Estimated 2024 Rev. 5 P-ATO letter delivery: Q4 2024
AWS US East/West commercial authorization timeline:
3PAO Rev 5. annual assessment: March 2024–June 2024
Estimated 2024 Rev. 5 P-ATO letter delivery: Q4 2024
The AWS transition to FedRAMP Rev. 5 baselines will be completed in accordance with regulatory requirements as defined in our existing FedRAMP P-ATO letter, according to the FedRAMP Transition Guidance. Note that FedRAMP P-ATO letters and Defense Information Systems Agency (DISA) Provisional Authorization (PA) letters for AWS are considered active through the transition to NIST SP 800-53 Rev. 5. This includes through the 2024 annual assessments of AWS GovCloud (US) and AWS US East/West Regions. The P-ATO letters for each Region are expected to be delivered between Q3 and Q4 of 2024. Supporting documentation required for FedRAMP authorization will be made available to U.S. Government agencies and stakeholders in 2024 on a rolling basis and based on the timeline and conclusion of 3PAO assessments.
How to contact us
For questions about the AWS transition to the FedRAMP Rev. 5 baselines, AWS and its services, or for compliance questions, contact [email protected].
To learn more about AWS compliance programs, see the AWS Compliance Programs page. For more information about the FedRAMP project, see the FedRAMP website.
If you have feedback about this post, submit comments in the Comments section below. If you have questions about this post, contact AWS Support.
Want more AWS Security how-to content, news, and feature announcements? Follow us on Twitter.
Cloudflare operates in more than 300 cities in over 100 countries, where we interconnect with over 12,500 network providers in order to provide a broad range of services to millions of customers. The breadth of both our network and our customer base provides us with a unique perspective on Internet resilience, enabling us to observe the impact of Internet disruptions.
We have been publishing these summaries since the first quarter of 2022, and over that time, the charts on Cloudflare Radar have evolved. Many of the traffic graphs in early editions of this summary were screenshots from the relevant traffic pages on Radar. Late last year, we launched the ability to download graphs, and earlier this year, to embed dynamic graphs, and these summaries have taken advantage of those capabilities where possible. Sharp-eyed readers may notice an additional evolution in some of the graphs below: yellow highlighting indicating an observed “traffic anomaly”. Identification of such anomalies, along with the ability to be notified about them, as well as a timeline enhancement (embedded below) to the Cloudflare Radar Outage Center, were launched as part of Birthday Week at the end of September. More information on these new features can be found in our announcement blog post.
As we have seen in previous quarters, Iraq pursued an aggressive plan of government-directed Internet shutdowns intended to prevent cheating on exams, and several other African countries implemented politically motivated shutdowns. Damage to several submarine cables, as well as planned maintenance to others, caused Internet disruptions across a number of countries during the third quarter. Natural disasters, including wildfires and an earthquake, caused issues with connectivity, as did power outages in multiple countries. An acknowledged cyberattack resulted in a major US university intentionally disconnecting from the Internet, while a number of other major Internet providers acknowledged problems on their networks without ever disclosing the root cause of those problems.
(Note that the Internet disruptions related to the Israel/Palestine conflict are not covered in this post, as they began on October 7 in Q4 of 2023. Disruptions related to this conflict are being tracked, with additional insights found on the Cloudflare blog and @CloudflareRadar on X/Twitter.)
Government directed
Because the Internet has become a critical communications tool, Internet shutdowns are often used by governments as a means of controlling communication both within a country and with the outside world. These government-directed shutdowns are imposed for a variety of reasons, including during periods of civil unrest and protests around elections, and as a deterrent against cheating during exams.
Iraq
As we have discussed in past summaries, Internet shutdowns are used by some governments in an attempt to prevent cheating on national high school or baccalaureate exams. These shutdowns have a nationwide impact, and it isn’t clear whether they are ultimately successful at mitigating cheating. As we have also discussed in the past, such shutdowns frequently occur in Iraq, and that was certainly the case during the third quarter, with rounds of shutdowns occurring during all three months.
The first round of exam-related Internet shutdowns during the quarter in Iraq was a continuation of a set that started in June, and continued on into July, targeting cheating on 9th and 12th grade exams. On ten days between July 4 and July 17, Internet connectivity was shut down on AS203214 (HulumTele), AS59588 (ZAINAS-IQ), AS199739 (Earthlink), AS203735 (Capacities-LTD), AS51684 (ASIACELL), and AS58322 (Halasat) in Iraq (except for the Kurdistan Region) between 04:00 – 08:00 local time (01:00 – 05:00 UTC).
A second round of 9th grade exams in August drove a week of Internet shutdowns across Iraq (except the Kurdistan region) between August 21 and August 29. Connectivity was shut down between 04:00 – 08:00 local time (01:00 – 05:00 UTC) across the same networks impacted by the shutdowns implemented in July.
Following the second round of 9th grade exams in August, the second round of 12th grade exams in Iraq (except the Kurdistan region) occurred in September, and with these exams, came yet another round of Internet shutdowns. Impacting the same set of network providers as the previous two months, these shutdowns occurred between September 17-30. However, while they started at the same time (04:00 local time, 01:00 UTC), they were shorter than previous rounds, ending an hour earlier (07:00 local time, 04:00 UTC).
As shown in the graphs below, the shutdowns began mid-morning local time, generally between 08:00 and 10:00, from July 31 through August 5, and ended early the next morning, generally between midnight and 02:00. The final shutdown on August 5 was an exception, ending at 22:00 local time on both networks. (Senegal is UTC+0, so the local times are the same as UTC.)
Ethiopia
Following days of clashes between the federal military and local militia, mobile Internet connectivity was shut down in Amhara, Ethiopia. Cloudflare saw traffic to the region drop around 21:00 local time (18:00 UTC) on August 2. This is the second time that authorities have shut down mobile Internet connectivity in Amhara in 2023 — the first time was on April 6 after protests broke out following the federal government’s move to disband regional security forces. (Note that the country is no stranger to Internet shutdowns, as they have taken such action multiple times over the last several years.) Despite calls to restore connectivity, mobile Internet remained unavailable through the end of the third quarter, as seen in the figure below.
Gabon
On August 26, following contentious presidential elections in Gabon, Internet connectivity was shut down in order to “prevent the spread of calls for violence”. As shown in the figure below, traffic began to fall just before 17:00 local time (16:00 UTC), and remained at zero through approximately 07:30 local time (06:30 UTC) on August 30. Connectivity was restored hours after military officers seized power in the country, placing President Ali Bongo under house arrest and naming a new leader after the country’s election body announced Bongo had won a third term.
Cable cuts
Cameroon
On July 7, an X/Twitter post from Cameroon Telecommunications alerted subscribers to disruptions to voice and data services, with a subsequent post nearly six hours later noting that services had been re-established. Although these posts did not provide details on the cause of the disruption, a Facebook post from the operator included an attached communiqué explaining that “The optical fibre has been severed by road maintenance operations, causing major disruptions in the delivery of our services.” The figure below shows the impact of this fiber damage, with traffic from AS15964 (CAMNET-AS) dropping sharply around 11:30 local time (10:30 UTC), and returning to expected levels by 18:00 local time (17:00 UTC).
Liberia
Damage to the Africa Coast to Europe (ACE) submarine cable disrupted Internet connectivity in Liberia on July 28. A Facebook post from the Liberia Telecommunications Authority (LTA) noted “The Liberia Telecommunications Authority(LTA) announces the temporary interruption of all nationwide Internet services due to the breakdown of the Africa Coast to Europe Cable in Ivory Coast.” and also highlighted that the ACE cable serves as the “sole source of internet connectivity between Europe and Liberia”. The figure below shows a near complete loss of traffic starting at 13:00 local time (13:00 UTC) and gradually recovering over the next several hours, returning to expected levels by 17:00 local time (17:00 UTC).
Togo, Benin, Namibia, and the Republic of Congo (Brazzaville)
As such, the graphs below illustrate that there was not a complete loss of traffic for impacted countries. To that end, traffic in Togo appeared to recover several weeks before the cable repairs were completed. The full impact is harder to see in the graphs for Benin, Namibia, and the Republic of Congo (Brazzaville) because the selected timeframe is long enough to force data aggregation at a daily level, but it is clearly visible in graphs covering shorter periods of time (with data aggregation at an hourly level) during the weeks after the cable cut occurred.
South Sudan
Highlighting the interconnected nature of the Internet, fiber cuts in Uganda caused a brief Internet disruption for customers on MTN South Sudan (AS37594) on August 14, occurring between 13:00 – 15:00 local time (11:00 – 13:00 UTC), and impacting an estimated 438,000 users. An X/Twitter post from the provider that afternoon told subscribers “We sincerely apologize for the network issues experienced over the last couple of hours. It was due to multiple fiber cuts in Uganda.”
Cyberattack
University of Michigan
On August 27, a “significant security concern” led the University of Michigan to shut down the Internet on the Ann Arbor, Flint and Dearborn campuses. Although the shutdown occurred at the start of the new school year, classes continued as scheduled, but an announcement posted by the University detailed the impact of disconnecting from the Internet, including potential delays in financial aid refunds and the unavailability of certain campus systems. The impact of the disconnection can be seen in the figure below, appearing as a significant drop in traffic starting just before 14:00 local time (18:00 UTC) on August 27, and lasting until just after 08:00 local time (12:00 UTC) on August 30 on AS36375 (UMICH-AS-5), the primary autonomous system used by the University of Michigan.
Fire
Lahaina, Hawaii
In early August, a series of wildfires broke out in the state of Hawaii, predominantly on the island of Maui. The town of Lahaina was one of the hardest hit, with the fires killing nearly 100 people, as well as destroying homes, businesses, and infrastructure, causing power outages and disrupting Internet connectivity. The graph below shows traffic to Cloudflare from Lahaina dropping to near zero around 21:00 local time on August 7 (07:00 UTC on August 8), and remaining at minimal levels through August 30. Some recovery of Internet traffic can be seen through the end of September as cleanup and repairs progressed, and as wireless operators deployed temporary network assets in an effort to restore some service capacity.
Earthquake
Morocco
At 23:11 local time on September 8 (22:11 UTC), a magnitude 6.8 earthquake occurred in Morocco, centered 79 kilometers (49 miles) southwest of Marrakesh. Nearly 3,000 deaths were reported as a result of the quake, and significant damage was reported, including the collapse of schools, houses, and historic buildings. Power outages and infrastructure damage also impacted Internet connectivity in the region, leading to largely localized disruptions.
The country-level graph below shows a nominal loss of traffic in Morocco after the earthquake, remaining slightly lower than expected for approximately four days. However, the impacts are more evident at a regional level, with the earthquake causing an immediate 64% drop in traffic in Marrkesh-Safi, a 64% loss in Souss-Massa, and a 49% decline in Casablanca-Settat. Peak traffic levels in these regions remained slightly lower than those seen in previous weeks for several days after the earthquake occurred.
Power outages
Curaçao
On July 27, a malfunction at a major Aqualectra Utility power distribution center resulted in 70% of neighborhoods in Curaçao losing power. The power outage resulted in an island-wide Internet disruption. As seen in the graph below, Internet traffic fell sharply at around 12:30 local time (16:30 UTC), remaining largely flat for approximately five hours before starting to recover around 17:30 local time (21:30 UTC). The start of the recovery aligns with the timing of a Facebook post made at 18:00 local time by Aqualectra Utility noting that “55% of Curaçao’s power supply has been restored.” The ongoing traffic increase is in line with additional neighborhoods having power restored, with traffic returning to expected levels by around 22:00 local time (2:00 UTC on July 28).
Brazil
A widespread power outage in Brazil starting at 08:30 local time (11:30 UTC) on August 15 resulted in a nominal disruption to Internet traffic within the country. Although the power outage represented a loss of approximately 27% of the total electric load at the time it occurred, the impact to the country’s Internet traffic was much lower, as seen in the graph below. Traffic returned to expected levels by around 11:30 local time (14:30 UTC).
Kenya
A “system disturbance” at 21:45 local time (18:45 UTC) on August 25 led to “loss of bulk power supply to various parts of the country” in Kenya, according to an X/Twitter post from Kenya Power. The impact of the power outage is visible in the graph below, with traffic dropping as power is lost. Subsequent updates from Kenya Power on August 26 (1, 2, 3) highlighted the progress made in restoring electricity across the country. Internet traffic from the country returned to expected levels by 03:00 on August 27 (00:00 UTC).
French Guiana
An 11-hour Internet disruption in French Guiana on August 27 was the result of a power outage caused by “a problem that occurred at the energy evacuation station which connects Petit-Saut to the Kourou-Saint-Laurent line”. The power outage caused a nationwide drop in Internet traffic between 11:00 local time (14:00 UTC) and 22:00 local time (01:00 UTC on August 28), visible in the graph below.
Tunisia
A fire at the Tunisian Company of Electricity and Gas power station in Rades, Ben Arous Governorate caused a widespread power outage in Tunisia, resulting in an Internet disruption starting at 01:00 local time (00:00 UTC) on September 20. Traffic remained lower than expected for approximately five hours, as shown in the graph below, in line with a published report that noted “The unexpected outage lasted for over four hours in some areas of the country.”
Barbados
A September 21 Facebook post from The Barbados Light & Power Company Limited noted that the company was aware of an outage affecting customers, and that they were “working to promptly and safely restore power in the shortest time possible.” This outage resulted in a significant drop in Internet traffic from the country starting at 11:30 local time (15:30 UTC). A subsequent Facebook post from the utility company at 20:00 local time (00:00 UTC on September 22) noted that power had been restored to all customers. Ahead of full power restoration, Internet traffic had returned to expected levels around 17:00 local time (21:00 UTC).
Maintenance
Guinea
La Guinéenne de la Large Bande, also known as GUILAB, is the company responsible for managing the capacity allocated to the country of Guinea on the Africa Coast to Europe (ACE) submarine cable. According to a (translation of the) communiqué posted by the company on Facebook, planned maintenance on the cable would be taking place between 22:00 on July 14 and 06:18 “sharp” on July 15 (22:00 on July 14 and 06:18 on July 15 UTC). This maintenance resulted in a complete Internet outage in Guinea, as seen in the graph below. It appears that the ACE submarine cable is Guinea’s sole international Internet connection, with no other backup submarine or terrestrial connectivity.
Palau
Just a few days later, planned maintenance to another submarine cable took Palau, an island country in the western Pacific, completely offline for several days. According to a press release from the Palau National Communications Corporation (PNCC) posted to their Facebook page, “BSCC (Belau Submarine Cable Corporation) has been notified that an emergency repair will be undertaken on the SEA – US cable network in Guam from Tuesday, July 18th 7:00 a.m. Palau time, and expected to be completed 5:00 p.m. Saturday, July 22nd. … For safety reasons, repairs can only be undertaken when the cable is not powered. Since BSCC’s Palau Cable Network No 1 connects to SEA – US for onward transport to Guam, BSCC will be unable to provide service for the duration of the repair. BSCC will be unable to provide any international connectivity for Palau. The only available international connection will be via PNCC satellite connection, which will provide limited capacity compared to normal cable service.”
The graph below shows that Cloudflare did not see any appreciable traffic from Palau’s backup satellite connection during the duration of the repairs, as traffic dropped to zero at 07:00 local time on July 18 (22:00 UTC on July 17), and remained there until around 18:00 local time on July 21 (09:00 UTC), as the repairs were completed earlier than expected. A PNCC press release confirmed this early completion, noting “PNCC is pleased to inform the public that Internet and Mobile Data services for our customers have been restored, due to the early completion today of the emergency repairs on the SEA-US Submarine Cable System, our main off-island internet connection.”
Unspecified issues
Spectrum (Charter Communications)
At 14:03 Eastern Time (18:03 UTC) on August 17, the X/Twitter support account for Spectrum, a brand of US-based Internet service provider Charter Communications, posted a statement that noted “We are aware of an outage affecting customers in Alabama, Georgia and Tennessee. We apologize for the inconvenience and are working to resolve as quickly as possible. Thank you.” The graphs below show the varied impacts to traffic seen from Spectrum (AS20115) across the listed states, as well as Texas, which wasn’t initially cited by Spectrum as having an issue, though customers quickly called it out.
A near complete outage was observed in Tennessee between 12:30 – 14:00 local time (17:30 – 19:00 UTC), while a brief drop in traffic at 12:00 local time (17:00 UTC) and quick recovery ahead of another drop at 13:30 local time (18:30 UTC) was seen in Alabama. Georgia also saw an initial drop in traffic at 13:00 local time (17:00 UTC) ahead of a larger fall at 14:30 local time (18:30 UTC), while traffic from Texas only experienced a decline at 13:30 local time (18:30 UTC). Traffic volumes from all four impacted states recovered within several hours — approximately three hours after the initial post, Spectrum’s support account stated “We have received confirmation repairs have been completed and services have been restored to affected customers in the Alabama, Georgia and Tennessee area.”
Starlink
On September 12, satellite Internet service provider SpaceX Starlink experienced a brief but complete outage. The graph below shows traffic from AS14593 (SPACEX-STARLINK) dropping at 23:15 UTC, but quickly recovering, returning to normal within 90 minutes. At 00:33 UTC on September 13, Starlink shared an X/Twitter post stating “Starlink is currently in a network outage, and we are actively implementing a solution. We appreciate your patience, we’ll share an update once this issue is resolved” and just over an hour later, posted “The network issue has been fully resolved”.
Sky UK
During the evening (UTC) of September 19, numerous complaints could be found on social media about a nationwide outage across the United Kingdom on Sky Broadband (AS5607). A sharp drop in traffic from Sky Broadband can be seen in the graph below starting at 21:00 UTC, but a full outage did not appear to have taken place. Traffic volumes below expected levels lasted until approximately 01:00 UTC on September 20. While the issue was acknowledged by Sky’s support account on X/Twitter, no root cause for the disruption was ever provided.
Conclusion
As we’ve noted in past quarterly summaries, this report is intended as a summary overview of observed disruptions, and not an exhaustive or complete list of issues that have occurred during the quarter. Some disruptions not covered here were visible in our data, but never acknowledged by the impacted provider, while others were reported by industry colleagues based on their measurement methodologies, but not clearly obvious in our traffic graphs.
As we indicated above, the Cloudflare Radar Outage Center now includes information on observed traffic anomalies as well as verified outages. Interested users can subscribe to notifications for both anomalies and outages — our blog post includes more information on how to do so.
Everyone is chasing the highest cache ratio possible. Serving more content from Cloudflare’s cache means it loads faster for visitors, saves website operators money on egress fees from origins, and provides multiple layers of resiliency and protection to make sure that content is available to be served and websites scale effortlessly. A year ago we introduced Cache Reserve to help customer’s serve as much content as possible from Cloudflare’s cache.
Today, we are thrilled to announce the graduation of Cache Reserve from beta to General Availability (GA), accompanied by the introduction of several exciting new features. These new features include adding Cache Reserve into the analytics shown on the Cache overview section of the Cloudflare dashboard, giving customers the ability to see how they are using Cache Reserve over time. We have also added the ability for customers to delete all data in Cache Reserve without losing content in the edge cache. This is useful for customers who are no longer using Cache Reserve storage.
We’re also introducing new tools that give organizations more granular control over which files are saved to Cache Reserve, based on valuable feedback we received during the beta. The default configuration of Cache Reserve is to cache all available cacheable files, but some beta customers reported that they didn’t want certain rapidly-changing files cached. Based on their feedback, we’ve added the ability to define Cache Reserve eligibility within Cache Rules. This new rule lets users be very specific about which traffic is admitted to Cache Reserve.
To experience Cache Reserve firsthand visit the Cache Reserve section on the Cloudflare dashboard, press a single button to enable Cache Reserve, and experience cost-efficient, high-performance content delivery.
Caching background
Content delivery begins when a client or browser makes a request, be it for a webpage, video, application, or even a cat picture. This request travels to an origin server, aka the host of the requested content. The origin assembles the necessary data, packages it, and dispatches it back to the client. It’s at this moment that website operators often incur a fee for transferring the content from their host to the requesting visitor. This per-GB of data “transferred” is a frequent line item on monthly hosting bills for website operators; we refer to them as egress fees or an “egress tax,” and have blogged previously on why we think it is bad practice.
During its return voyage to the client, Cloudflare has the ability to cache the origin’s response. Caching enables subsequent visitors, who are requesting the same content, to receive it from one of our cache servers rather than the origin server. Since the file is now served from Cloudflare’s servers it saves the website operator from egress fees. It also means better performance, due to Cloudflare’s cache servers typically being physically situated much closer to end users than the customer’s own origin servers.
Serving files from cache is a fundamental, and often essential strategy for delivering content over the Internet efficiently. We can evaluate the efficacy of a cache by looking at its “hit/miss” ratio: when website content is served from a cache server it’s known as a cache hit. But when content is not in cache, and we need to go back to the origin server to get a fresh copy of the content, we call it a cache miss.
Why cache misses happen
Sometimes eligible content may not be served from cache for a variety of reasons. One scenario occurs when Cloudflare must revalidate with the origin to see if a fresh copy is available. This situation arises when a customer has configured a resource’s time-to-live (TTL) to specify how long cached content should be served to visitors, and when to consider it outdated (stale). How long a user specifies something is safe to be served from cache is only a part of the story, though. Content delivery networks (CDNs) also need to consider how to best utilize storage for all of their customers and perform network optimizations to ensure the right assets are cached in the right locations.
CDNs must decide whether to evict content before their specified TTL to optimize storage for other assets when cache space nears full capacity. At Cloudflare, our eviction strategy prioritizes content based on its popularity, employing an algorithm known as “least recently used” or LRU. This means that even if the content’s TTL specifies that content should be cached for a long time, we may still need to evict it earlier if it’s less frequently requested than other resources, to make room for more frequently accessed content.
This approach can sometimes perplex users who wonder why a cache miss occurs unexpectedly. Without eviction, we’d be forced to store content in data centers farther from the requesting visitors, hindering asset performance and introducing inefficiencies into Cloudflare’s network operations.
Some customers, however, possess large content libraries that may not all be requested very frequently but which they’d still like to shield from being served by their origin. In a traditional caching setup, these assets might be evicted as they become less popular and, when requested again, fetched from the origin, resulting in egress fees. Cache Reserve is the solution for scenarios like this one, allowing customers to deliver assets from Cloudflare’s network, rather than their origin server — avoiding any associated egress tax, and providing better performance.
Cache Reserve basics
Cache Reserve combines several Cloudflare technologies, including tiered cache and R2 storage, to seamlessly provide organizations with a way to ensure their assets are never evicted from Cloudflare’s network, even if they are infrequently accessed by users. Once admitted to Cache Reserve, content can be stored for a much longer period of time — 30 days by default — without being subjected to LRU eviction. If another request for the content arrives during that period, it can be extended for another 30-day period (and so on) or until the TTL signifies that we should no longer serve that content from cache. Cache Reserve serves as a safety net to backstop all cacheable content, so customers can sleep well at night without having to worry about unwanted cache eviction and origin egress fees.
Configuration of Cache Reserve is simple and efficient, on average taking seconds to configure and start seeing hit ratios increase dramatically. By simply pressing a single button in the Cache Reserve section of Cloudflare’s dashboard, all eligible content will be written to Cache Reserve on a miss and retrieved before Cloudflare would otherwise ask the origin for the resource. For more information about what’s required to use Cache Reserve, please review the documentation.
Customers are also seeing significant savings when using Cache Reserve, often seeing it cost only a fraction of what they would otherwise pay for the egress from their hosting provider. As Docker put it,
“The 2% cache hit ratio improvement enabled by Cache Reserve has eliminated roughly two-thirds of our S3 egress. The reduction in egress charges is almost an order of magnitude larger than the price we paid for Cache Reserve.” Brett Inman, Docker | Senior Manager of Engineering
What’s new with Cache Reserve?
Since we’ve last blogged about Cache Reserve we have made three important updates to the product that improve the quality of life for users.
New analytics
Previously, Cache Reserve analytics provided views of how much storage had been used by a particular website and estimates of the number of operations used in a particular time period. We’ve improved analytics to be more similar to traditional cache analytics, allowing customers to view storage and operations in a customized time series from the cache analytics dashboard.
Additionally, the updated Cache Reserve analytics will provide you an estimate of how much egress you’re saving by using the product.
In the coming months we will also provide greater visibility into the largest and most requested items being served from Cache Reserve.
Cache Reserve delete storage
Cache Reserve users who want to change, remove or stop using their Reserve altogether have asked for a simple way to wipe their storage without impacting their use of Cloudflare’s traditional edge cache. Previously clearing Cache Reserve would be achieved by purging content. This could be problematic because purging also wipes content cached in the traditional edge cache which could lead to additional origin fetches and egress fees.
We’ve built in a new way for customers to completely remove their Cache Reserve storage with the push of a button, which can be found in the Cache Reserve dashboard. When performing this action you will need to wait until Cache Reserve is cleared before re-enabling. This period can differ depending on how much is stored in your Cache Reserve, but in general can take around 24 hours.
The Cache Reserve delete button differs from purging. Purge will still allow for you to invalidate resources across all of Cloudflare’s Caches — including both Cache Reserve and the edge cache with a single request. The Cache Reserve delete button will actively remove the entire storage in the Reserve only. Currently, this action can be performed for the entire Cache Reserve storage associated with a zone.
Integration into Cache Rules
One of the most requested Cache Reserve features we heard from early adopters is the ability to specify what parts of their website should be eligible for storage in Cache Reserve. Previously, when a user enabled Cache Reserve, all of a website’s assets that were eligible for Cache Reserve could be stored in the Reserve. For egress sensitive customers, this is the path we still recommend. However, for customers that really want to customize what is eligible for Cache Reserve, you can now use Cache Rules to specify assets that should be stored in Cache Reserve based on the usual Cache Rules fields (hostnames, paths, URLs, etc.) and also by using specific new rules configurations like the minimum size of a resource. For example, you can specify that all assets that should be written to Cache Reserve have a minimum size of 100kb. By using the new rules functionality, Cache Reserve customers can customize how their Reserve is built while still maintaining utilization of the edge cache, and saving even more money.
Try out Cache Reserve today!
You can easily sign up for Cache Reserve in the Cloudflare Dashboard by navigating to the Cache section, clicking on Cache Reserve, and pushing enable storage sync. Try it out and let us know what you think!
Backblaze and HYCU, the fastest-growing leader in multi-cloud data protection as a service (DPaaS) are teaming up to provide businesses a complete backup solution for modern workloads with low-cost scalable infrastructure—a must-have for modern cyber resilience needs.
Read on to learn more about the partnership, how you can benefit from affordable, agile data protection, and a little bit about a relevant ancient poetic art form.
HYCU + Backblaze: The Power of Collaboration
Within HYCU’s DPaaS platform, shared customers can now select Backblaze B2 Cloud Storage—an S3 compatible object storage platform that provides highly durable, instantly available hot storage—as a destination for their HYCU backups.
With more applications in use across the modern data center, visibility and the ability to protect that mission-critical data has never been at more of a premium. Our collaboration with Backblaze now offers joint customers a cost-effective and scalable data protection solution combining the best in backup and recovery with Backblaze’s streamlined and secure cloud storage.
—Subbiah Sundaram, SVP Product, HYCU, Inc.
The Data Sprawl Problem
On average, businesses and organizations have upwards of 200 different sets of data or “data silos” spread across a growing number of applications, databases, and physical locations. This data sprawl isn’t just hard to manage, it opens up more opportunities for cybercriminals to inject ransomware and gain access to systems.
HYCU gives customers the power to protect every byte while also managing all their business critical data in one place. Powered by the world’s first development platform for data protection, HYCU is the only DPaaS platform that can scale to protect all of your data—wherever it resides. Most importantly, it gives customers the ability to recover from disaster almost instantly, keeping them online and in business, with an average recovery time of 10 minutes.
Backblaze and HYCU:
Keeping data safe for all
at one-fifth the cost.
By combining HYCU data protection with Backblaze B2 Storage Cloud, customers can see up to 80% lower costs in comparison to using providers like AWS for their storage, which means that combining the two can be a force multiplier for a businesses’ ability to fully protect their data and scale efficiently and reliably.
Data protection:
Once challenging, now easy—
HYCU and B2.
The partnership offers the following benefits:
Performance: With a 99.9% uptime service level agreement (SLA) and no cold delays or speed premiums, storing data in Backblaze B2 Cloud Storage means joint customers have instant access to their data whenever and wherever they need it.
Affordability: Existing customers can reduce their total cost of ownership by switching backup tiers with interoperable S3 compatible storage, and institutions and businesses who may not have been able to afford hyperscaler-based solutions can now protect their data.
Compliance and Security: With Backblaze B2’s Object Lock feature, the partnership also offers an additional layer of security through data immutability, which protects backups from ransomware and satisfies evolving cyber insurance requirements.
These benefits can prove particularly useful for higher education institutions, schools, state and local governments, nonprofits, and others where maximizing tight budgets is always a priority.
What’s in a Name?
For the poetically minded among our readership (there must be a few of you, right?), you may have noticed a haiku or two above. And that’s not a coincidence.
The humble haiku inspired the name for HYCU. In true poetic fashion, the name serves more than one purpose—it’s also an acronym for “hyperconverged uptime,” making the least amount of letters do the most, as they should.
Making Data Protection Easier
This partnership adds a powerful new data protection option for joint customers looking to affordably back up their data and establish a disaster recovery strategy. And, this is just the beginning. Stay tuned for more from this partnership, including integrations with HYCU’s other data protection offerings in the future.
Interested in getting started? Learn more in our docs.
Теренно наблюдение, събрало снимки от Близкия изток и Северна Африка.
И там вече човек се отърква отблизо в „тънката кожа на града“ (по Георги Тенев). Не в големите, впечатляващи комерсиални изображения, не в привличащите туристи графити пана, а в непосредствените прости улични драсканици, загатващи за лични истории. За съжаление, непроницаеми.
Има нещо много характерно за писането по стените в арабския свят и то се таи в особената роля на калиграфията и значимостта на писмеността там.
В арабския свят калиграфията никога не изчезва, дори след навлизането на печатната преса.
Без значение дали става въпрос за табела на дюкян, кораничен надпис в джамия, политически лозунг, етикет на стока, плакат или драскулка по стената, ръчно изписаните букви имат дълга и непрекъсната традиция.
Само вижте надписа на етикета на „Кока-Кола“ в арабския свят. „О“ в книжовния арабски официално няма, затова се пише Кука-Кула. Е, същият шрифт сулюс е един от най-използваните по джамиите за коранични надписи. И защо да не се появи в улични надписи?
Затова и границите между хъшлашките „графити“ и надписите с друга цел може да бъдат доста размити. И междинният жанр, съчетал особености от „калиграфията“ и „графитите“, намира особено благодатна почва. Сплавта между двата типа визуални изкуства се вижда много добре при Ел-Сид – артист от Франция с тунизийски произход и доста лъскав за моя вкус имидж. Наум съм го кръстил „Банкси на арабските калиграфити“. Дългите, усукани буквени вертикали, изписани с плоска четка, отстоят далече от чара на същинската калиграфия, но проектите му са страхотен пример за кохезия с местната общност в Египет.
Аз обаче искам да ви придърпам не толкова към мащабни, добре планирани и финансирани изяви със силен пиар, а по-скоро към уличните кьошета, където бълбукат странни, ефимерни анонимни драсканици. И в тях много често се тематизират чужди за нас сантименти. Например свързани с исляма. Случвало ли ви се е да попаднете на религиозни графити в София? Може би често появяващото се „Адонай“ е добър пример. Или тези от вас, които помнят 90-те години на миналия век, може да са виждали софийския надпис „Четете Библията“.
Извън това темата тук не е популярна, за разлика от арабския свят. Там разговорът за религия е ежедневен, често пъти като част от общите приказки и социалната конвенция. Влизаш в магазин за килими и те питат: „Ти християнин ли си?“ Потвърдиш ли, не ти мърдат богословските въпроси: „А какво мислиш за Корана, който казва: „Не казвайте Троица!“ или „Иса е просто пророк, а не Син на Аллах, нали?“.
И анонимните графитъри се вълнуват от Аллах и Корана.
Вижте само това. „Аллах“ със сърчице. Там, където в арабската ортография трябва да стои знакът, който удвоява дадена съгласна (в случая двойното „л“), в случая имаме сърчице. Не може само обрисуваните в Корана „болезнени мъчения“, „гнойна вода“, „вряща вода, която разкъсва червата“ и „всякога, щом кожата им се опече, я сменяваме с друга кожа, за да вкусят мъчението“!
Религиозните графити стават една степен по-сериозни, но и позволителни с цитата от Сунната по стените на стария Фес. „Ако не те е срам, направи го!“, ни казва драсканица с грубоват шрифт, до която виждаме сърце с крила. Звучи почти като подкана към невъздържаност и разкрепостеност, ако не знаех, че е цитат от преданията (хадиси, Сунна) на Пророка Мохамед, в които се обсъждат етически положения в исляма. Направѝ го, но само ако е в рамките на позволеното (халал) от свещения закон (Шари’а), разбира се.
Скоро да сте виждали цитат от апостол Павел по стена например? Хайде да запазим етическия компонент – например цитатът от Първото послание към Коринтяните ми се вижда подходящ:
Всичко ми е позволено, ала не всичко е полезно.
Някой семинарист може да го надраска на гръцки.
В стария Йерусалим („Меката на християнството!“, както възкликна един участник в онлайн форум) имаме сходна ситуация. Освен редовното „Машаллах!“ – реално означаващо „Това, което Аллах иска“, се срещат и по-сложни текстури. Ето една от любимите ми, снимана през 2016 г.:
Изглежда почти като близкоизточен гаражен магазин, нали? Палмички, декоративни кантове, цветни буквички. Почти очаквате арабски чичо Койт’-разбира-тук-се-спира да отвори врати, а вътре да ви чакат лимонада, газирана в склада отзад, хамбургски телешки салам и тамошни тунквани вафли. Само че плакатът горе вдясно дава малко повече контекст. На снимката пише:
Добре дошли на всички поклонници на Свещения дом на Аллах!
Виждаме комплекса с джамията в Мека и Каабата, черната кубична сграда, при която всяка година мюсюлманите се стичат, за да извършат свещеното поклонение хадж. Над вратата има и стегнат шаблон на букви в шрифта рук’а с надпис „Мохамед, Пратеникът на Аллах“. А бялата ламаринена врата уподобява самата Кааба – с декоративен черно-бял кант, който имитира черното покривало (кисуа) на тази най-свята за мюсюлманите сграда.
Изображения на Каабата също така украсяват стената и вратата. Редом до тях – силует на Купола на скалата, святото място за мюсюлманите в Йерусалим, част от комплекса „Ал-Акса“, вечния препъникамък в отношенията между Израел и арабите, изграден върху Храмовия хълм. Оттам, казва мюсюлманското предание, свързано с Коран 17:1, Пророкът започва възкачването си към трона на самия Аллах по време на нощното си пътуване (исра’). И пак там ще се извърши възкресението от мъртвите в Съдния ден.
Дребните надписчета са също цитат от устата на Пророка. Запитали го кое от делата е най-добродетелно, върви разказът. И той казал:
Пречист хадж (поклонение, изпълнено с праведност), ходене напред с благодарност и опростен грях.
Това „ходене напред“ (са’й) ще да е изминаването на разстоянието между хълмовете Сафа и Маруа в Мека, неотменна част от ритуала по поклонение. Казват, че мюсюлманите правят така, възпоменавайки Хаджар (библ. Агар) – прокудената жена на Ибрахим (библ. Авраам), която тичала седем пъти между двата хълма в търсене на вода за сина си Исмаил.
Сходен графити сюжет имаме и по-долу, пак в стария Йерусалим. Отново Каабата, отново Куполът на скалата, отново същият цитат от Пророка, подправен с мюсюлманската изповед (шахада) на вярата – няма друг Бог освен Аллах, Мохамед е Неговият Пратеник. И този път имаме истинско гаражче с хляб отсреща.
Наистина би било проява на пристрастност да подминем и другите сюжети, обичайни за графити сцената.
За мое огромно съжаление, не откривам подобие на един от любимите ми софийски енигматични лозунги – „Божидар е чеверме“. Но съм възнаграден щедро с други находки. Отпечатъци от длани върху стена около подстъпите на стария град (медина) във Фес. Докато ги снимам, ме заговаря сух, мургав човек на възраст в похабен черен костюм. Отговарям на книжовен арабски, след което минавам по дежурната линия на разговор.
– Наистина ли говориш книжовен арабски? – Да. – Я ми прочети табелата ей там! –
и ми я сочи. „Училище еди-кое си“. Печеля си едно „машаллах“.
Откривам рисунки на котки, които необезпокоявано владеят улиците, за разлика от презрените кучета, заклеймени от Пророка. На едната стена – като голям панел, на другата – в компанията на силует на момиченце. Дебел спрей с формата на човек, ориенталска роба и фес. Процесия от музиканти в традиционно облекло. Смъртта, изписана в червено и зачеркната. „Забранено и благодаря“, въпреки че носи тривиалността на обикновена улична табела, напомня малко и за „Сбогом и благодаря за рибата“.
Но две изображения заемат особено място в колекцията ми. И двете са от изоставена бетонна сграда на израелските Голанските възвишения в един кален, мрачен, мъглив февруари преди години. На едната стена има изрисувано пано, което веднага кръщавам „Мадоната на графитите от Голаните“. А на друга стена, в близка стая, някой е надраскал популярно стихотворение, анонимно обяснение в любов, украсено с контурите на котешка глава наложен силует на котка:
Заради великата ми страст по теб прегърнах любовта ти като религия в нишата на очите ти отслужих своята молитва превърнах устните ти в свещената ми книга и между ръцете ти вярата ми стана съвършена
Идеята за графитите като пътешествие във времето и в пространството вече придобива плътност, нали? Не е всеобхватна като конспиративна теория, нито задълбочена като дебат между Фуко и Чомски. Но може да ни завърне към началото на този текст чрез неочаквана находка в София около една от метростанциите. Арабоезичен графит, на който пише просто
Банкси наистина не се е появил в арабския свят.
Изпълнението е кичозно и комай липсва точка от арабската буква „н“ в името на Банкси. В него обаче се прехвърлят мостове едновременно към дебата за природата на графитите, Запада, България и Близкия изток. Оставям на вас да решите дали авторът е прав, или не.
В рубриката „Ориент кафе“ Атанас Шиников поднася любопитни теми, свързани не толкова с горещата политика, колкото с историята и културата на Близкия изток. А той, древен и днешен, е по-близко до нас и съвремието ни, отколкото си представяме.
Някъде на фронта в Украйна, лятото на 2023 година:
Това, което ми давате, е много опасно. Може да избухне всеки момент. Кой е направил тези бомби?… Внукът ви?…
Юлия е на седемдесет години, председател на Фондация „Молфар“, която снабдява полевите болници на фронта с медикаменти и превързочни материали. Синът ѝ и племенникът ѝ се сражават във войната на Русия с Украйна. Внукът ѝ е на пет години. Когато Юлия тръгнала за пореден път към Бахмут, момченцето ѝ връчило стари гилзи и ѝ казало, че това са бомби, които ще помогнат на баща му да се върне у дома. Юлия не повярвала, че наистина вози в пикапа си бомби. Дала ги на един от офицерите на бойното поле като символичен подарък. Оказало се, че бомбите са истински. Юлия е ужасена:
Как е възможно дете да прави бомба? Никой не го е учил. Вкъщи не говорим за войната пред него, защото той се разстройва. Чака татко си. Братовчедка му крои планове да убие Путин. С какво се занимават тези недонацелувани от бащите си деца?
Доброволците и неправителствените организации в Украйна, които помагат във войната с Русия, са безчет. Всеки е поел някаква част: хуманитарна и психологическа помощ, лекарства, военно оборудване, дрехи, оръжия, автомобили.
Аз ходя до местата с най-активни бойни действия – Бахмут, Лисичанск, Запорожие. Помагам на лекари, фелдшери и шофьори на линейки да изнасят телата на ранените от самото бойно поле. Има случаи, в които лекари припадат от гледката на разкъсани тела. Всеки път колата, с която ходя там, е изцапана с кръв. Последния път намерих обувка, която явно не трябва вече никому. Докато евакуираме наши ранени, руснаците стрелят и по нас, за да ги доубият. Там сега е месомелачка.
Помощта на доброволците не е само за фронта. В началото на войната при руската окупация в Киевска област училището в Гостомел е напълно разрушено от снаряди. Казват му „малкото училище“, защото в него учат само деца до четвърти клас. То е построено в началото на миналия век. Било е разрушавано през всички войни, които са се водили на територията на Украйна през миналия век, и е оцеляло. Оцелява и в тази, защото група доброволци от Фондация „Гуртум“ го ремонтират.
В Украйна е гласуван закон, според който учебната година не може да започне присъствено, без в училището да има бомбоубежище. Това лято „Гуртум“ слага началото на проект. Строят бомбоубежища за деца. Петко Петков е българин, компютърен инженер, който от началото на войната живее в Киев. Срещаме се насред украинската столица. Той е от създателите на „Гуртум“.
На украински „Гуртум“ означава „заедно“, като изписването е с „о“, но ние го изписваме с „у“, за да е уникално и думичката „ум“, която на украински е като нашата, да присъства в името на фондацията.
До момента „Гуртум“ работи по дванайсет проекта като този в Гостомел.
В двора на училището направихме от железобетон конструкция, която отговаря на всички изисквания за бомбоубежище. Саша (един от основателите на фондацията) и приятелката му са архитекти. Изработиха план бомбоубежището да прилича на хобитска къщичка с типичните кръгли прозорчета, покрив, покрит с трева, цветенца и храстчета. Това е опит децата да влязат вътре без страх, защото са гледали филма. В бомбоубежището има всички удобства за учене. За мен образованието и училищата са най-важни за едно общество. Затова инвестирам в този тип дейност – да помогна децата да ходят на училище, а родителите им на работа дори и по време на война. Разбира се, стресираща е самата идея да се правят бомбоубежища за деца, но това е реалността в Украйна днес.
Мисля си как бих се чувствала аз, ако всеки ден изпращам детето си на училище с тревогата и ужаса, че някой нарочно би насочил ракета, за да разруши хобитската къщичка, в която моето дете учи. Спомням си как Алла ми разказваше, че най-големият ѝ страх е дъщеря ѝ да е на училище и върху него да падне ракета. Сега Алена е на училище. Въздушни тревоги има всеки ден и тя тича в своето бомбоубежище, което не прилича на хобитска къщичка, а е бункер под земята, в който има осветление, чинове и въздух – неясно за колко часа напред.
Убиването на деца и мирно цивилно население е военно престъпление,
Екипът разследва военните престъпления на руската армия от началото на войната в Украйна. Хората на Сергий работят на терен в цяла Киевска област, както и във всички освободени от окупация украински територии.
Мисля, че е ужасно да се говори за това, но няма престъпление, което руснаците да не извършиха в Украйна в тази война. Искам да кажа категорично, че техните престъпления по никакъв начин не са предизвикани. Опитваме се да разберем каква е целта им, за да извършват всички зверства тук, в Украйна. Колкото и жестоко да звучи, разбираме защо взривиха Каховската електроцентрала и предизвикаха катастрофа, равна на ядрен взрив. Но тук поне можем да намерим някакво обяснение, защото се опитваха да спрат настъплението ни към Херсонска област.
Сергий въздъхва. Замълчава. За пореден път през тези петнайсет дни в Украйна някой внимателно ме изучава – дали вярвам и разбирам дълбочината на изреченото. Сергий приковава поглед върху мен и продължава:
Не мога да намеря обяснение за нещата, които с колегите ми видяхме в освободените от нашата армия територии. В тези зверства няма абсолютно никаква логика освен физическото унищожаване на украинци. Явно в руското общество е протекъл процес на абсолютно обезчовечаване на украинците като нация.
Това, което видяхме в Киевска област, в Буча, Ирпин, Харков, Херсон, беше страшно, но руснаците бързо се научиха да прикриват своите военни престъпления. Правят масови гробове, давят или изгарят хората, за да не оставят следи. С тях има мобилни крематориуми, в които изгарят и свои, и чужди. Така замитат следите си. Все още не сме разкрили по-голямата част от техните престъпления.
Най потресаващ за нас беше контактът ни с жените, майките, сестрите на руските войници, които бяха в Буча, Ирпин и градовете с нечовешки зверства и издевателства над украински деца, жени, бебета, бременни жени, животни… Ужасяващи неща им бяха сторили. Изпратихме съобщения на майките, жените и сестрите на тези руски войници, които бяха в Украйна. Показвахме им какво са правили мъжете им, братята и синовете им тук. И те знаете ли какво ни отговориха? Няма да цитирам ругатните, но отговорът им беше: „Да, нека убиват украинци, нека убиват деца, това са украински потомци, които не трябва да израстват и живеят. Да, нека изнасилват, да се гаврят и убиват украинските жени, за да не могат да раждат украинци.“ Представяте ли си, майките на тези руски войници, възрастни жени да говорят така. Съпругите им да говорят така. Явно руското общество е болно и процесът на дехуманизация там е напълно завършен.
Питам Сергий за тезата с „двете гледни точки“.
Ако търсим истината, разбира се, че ще се ръководим от основните журналистически стандарти за плурализъм. В условията на война обаче ние нямаме съмнение кой е жертва и кой е агресор. Трябва ясно и честно да кажем, че има позиция на страна, която се бори за своята свобода, територия и независимост, и има позиция на страната, която атакува. Ако искаме да чуем позицията на агресора, това трябва да бъде наричано от медиите така: „Сега ще чуете позицията на агресора“, а не „Ето я и другата гледна точка“. Това е характерен прийом за манипулация, потребителят получава истината, но и лъжата, маскирана като някаква гледна точка. Тогава хората започват да си мислят, че истината вероятно е някъде по средата. За съжаление, се оказва, че истината в разбирането на средностатистическия гражданин се обърна на страната на Русия заради манипулациите ѝ.
Говорим със Сергий как би могло да бъде спряно отвличането на украински деца. За първи път от началото на срещата ни ми изглежда отчаян.
Не можем да ги спрем да отвличат децата ни. Трябва първо да разберем, че Путин е военнопрестъпник. Той не може да отиде на срещата на БРИКС в Южна Африка, защото го издирват именно за военни престъпления, като отвличането на деца. Хората в окупираните територии са заложници и нямат голям избор. Ако руснаците искат да вземат детето, ще го вземат. Арестуват родителите, хвърлят ги в затвора и всички следи са заметени. За съжаление, ние нищо не можем да направим в окупираните територии.
Когато Русия нахлува в Украйна и започва пълномащабна война, в украинската армия има недостиг на всичко. Насред двора на голяма фабрика срещам Андрей Ковалев, председател на Благотворителна фондация „Виница, безопасен и комфортен град“. Докато минаваме през охраната, чуваме сирената. Андрей ни пита искаме ли да ни заведе в бомбоужежище. Клатим отрицателно глава. Той се усмихва и казва:
Ние също спряхме да се крием. За мен и момчетата е по-важно да продължим дейността си без прекъсване, защото на фронта имат нужда от нас. Започнахме активна работа още в началото на войната. Първото, с което се заехме, беше направата на противотанкови съоръжения, т.нар. таралежи. Събрахме на доброволчески принцип много заварчици, а предприятия ни подаряваха желязото, с което изработихме много таралежи.
По-късно правят „коктейли Молотов“ и търсят войсково оборудване: муниции, каски, бронежилетки и обувки, очила, необходими за фронта. Техни доброволци постоянно пътуват до предните фронтови линии и доставят каквото могат.
Последното, което предадохме на фронта преди две седмици, беше голям автомобил, на който поставихме военна установка ГРАД. Имаме доброволец, който до този момент е изработил трийсет и осем такива. Прави ги абсолютно професионално – с мерници, с автоматика и точност на уцелването до три метра. Стрелят на трийсет километра с обикновени снаряди. За съжаление, много момчета загинаха на фронта. Познаваме ги поименно. Наши сътрудници също загинаха. Последният ГРАД, който предадохме, имаше табелка с името на момчето, което работеше по него, но то също беше убито по време на бой.
Фондацията на Андрей купува и разпределя в болниците в Украйна лекарства, санитарни пакети, инвалидни колички, специализирани легла и дюшеци за болниците.
Ранените ни са твърде много. Сега се опитваме да купим пикапи, за да ги преоборудваме със системи ГРАД или в реанимационни автомобили, с които да извеждат ранените ни войници от боя. Автомобили са ни необходими не само за фронта, но и за патронаж. Обикаляме социално слаби хора или многодетни майки със загинали на фронта съпрузи, или пък ранени войници, които са изписани от болниците, но имат нужда от всекидневни грижи в дома си.
Питам Андрей как се осъществява контролът на помощите, които получават или купуват с дарени средства. Той не е изненадан от въпроса ми. Показва ми как пратките, които получават и разпределят, се заснемат с видео.
Контролът при нас, а и при повечето доброволци е много затегнат. Но да, знаем, че има кражби и злоупотреби. Според мен това става на ниво чиновници в държавния апарат. Ние сме доброволци. Ходим до местата на боя. Виждаме ужаса с очите си. Не мога да си представя, че някой би откраднал от хората, които умират, за да ни пазят. Да, възможно е чиновниците да крадат и сигурно го правят. Това е проблем на ниво държава и съм убеден, че ще бъде решен.
Юлия е седнала напрегнато на стола си. Получава съобщения, в офиса влизат хора, които носят пакети и кашони.
Питате какво е там и как се справят нашите. Ще ви разкажа история от последните дни, на която присъствах. Една медицинска сестра беше ранена в крака. Извеждаме я от бойното поле. Тя въпреки шока повтаряше: „Моята рана е лека, отидете да помогнете на другите с по-сериозни рани. Потърсете Макс.“ Качваме я в колата, за да я отведем на по-сигурно място, а тя не иска да тръгне, докато не намерят Макс, когото е оставила на бойното поле ранен. На Макс му били откъснати краката. Тя му сложила турникети и успяла да го скрие зад някакво малко укрепление. Тогава я ранили, а той останал някъде там. Извади си телефона и показа на картата точните координати, където го оставила. Когато екип тръгна да прибира Макс, тя се отпусна в линейката и потеглихме с нея. Тогава изпадна в шок. Не можеше да си поеме въздух, цялата побеля. Онемя. Раздрусвам я, а тя се обърна към мен и пита: „Защо не мога да говоря?“ После внезапно промълви: „Видях ада, бях в ада. Стреляха от всички страни, не знаеш накъде да бягаш, избухват мини, разкъсват се тела и животът свършва. Много ме беше страх. Но аз се договарях със своя страх. Мисля, че всички момчета на фронта също се договарят със своя страх.“
Питам всички доброволци какво може да помогне на Украйна сега.
Сергий:
Ако България и Европа останат силни и имат стабилни правителства, това ще е най-добрата помощ за Украйна. Пазете складовете си с оръжие, нашите преди войната започнаха да гърмят – точно както вашите напоследък. Това е руска диверсия без съмнение. Колкото по-силна е България сега, колкото по-добре действат вашите специални служби, толкова по-бързо ще се справим и ние, а и вие с Москва.
Юлия:
Понякога правя торти за момчетата на фронта. Не защото са гладни, а за да знаят, че някой мисли за тях. На тези мъже на фронта им трябва сигнал, че не са захвърлени и нас ни е грижа. Те трябва да са убедени, че хората чуват историите им, тревожат се за тях, а който вярва в Бог, се моли за тях. Много от тези, които познавах, вече ги загубихме. Тази ужасна война трябва да свърши по-бързо. Затова и цяла Украйна, всички хора помагат, както могат. Нашата победа ще има много висока цена, но ние ще победим.
Андрей:
Имам седемгодишна дъщеря и тринайсетгодишен син. Те опаковат, разпределят хуманитарната помощ и помагат, както могат да помагат едни деца. Един ден виждам сина ми пред молитвеника в неговата стая. Казва ми, че се моли негов болен приятел да оздравее. Това се възпитава от най-ранна възраст – винаги да искаш да помогнеш на този, който има нужда. Сега изпитанието е огромно, но то ни сплотява и който и да се опитва да ни попречи, е безсмислено. Когато нещо страшно е пред нас и трябва да се защитаваме от него, всички заставаме заедно. Може много хора да загинат, но не и да ни победят.
Големите куриерски фирми в Украйна са две. Между тях има шега: „Толкова сме добри, че доставките за фронта понякога пристигат, преди украинските войници да са заели новите си позиции.“ Шофьорът на една от фирмите кара червено камионче с бял надпис „Нова поща“. Возил е продукти за фронта, когато до камиона му пада ракета. Камионът се обръща и се възпламенява. Той оглушава от взрива, целият е обгорен, но оцелява. Когато идват спасителните екипи и го намират, човекът плаче. Единственото, което повтаря, е:
Не можах да доставя на войниците необходимите им неща, а те ги чакат.
The AWS European Sovereign Cloud will allow government agencies, regulated industries, and the independent software vendors (ISVs) that support them to store sensitive data and run critical workloads on AWS infrastructure that is operated and supported by AWS employees located in and residents of the European Union (EU). The first Region will be located in Germany.
Background Late last year we announced the AWS Digital Sovereignty Pledge and made a commitment to offer you (and all AWS customers) the most advanced set of sovereignty controls and features available in the cloud. Since that announcement we have taken several important steps forward in fulfillment of that pledge:
May 2023 – We announced that AWS Nitro System had been validated by an independent third-party to confirm that it contains no mechanism that allows anyone at AWS to access your data on AWS hosts. At the same time we announced that the AWS Key Management Service (KMS) External Key Store allows you to store keys outside of AWS and use them to encrypt data stored in AWS.
August 2023 – We announcedAWS Dedicated Local Zones, infrastructure that is fully managed by AWS and built for exclusive use by a customer or community, and placed in a customer-specified location or data center.
AWS European Sovereign Cloud The upcoming AWS European Sovereign Cloud will be separate from, and independent of, the eight existing AWS Regions already open in Frankfurt, Ireland, London, Milan, Paris, Stockholm, Spain, and Zurich. It will give you additional options for deployment, while providing AWS services, APIs, and tools that you are already familiar with. The design will help you meet your data residency, operational autonomy, and resiliency needs.
In order to maintain separation between this cloud and the existing AWS Global Cloud you will need to create a fresh AWS account. The metadata you create such as data labels, categories, permissions, and configurations will be stored within the EU. This does not apply to AWS account information such as spend and billing data, which will be aggregated and used to ensure that you get favorable pricing within any applicable volume usage tiers.
As I mentioned earlier, this cloud will be operated and supported by AWS employees located in and residents of the EU, with support available 24/7/365.
The AWS European Sovereign Cloud will be operationally independent of the other regions, with separate in-Region billing and usage metering systems.
Initial Region The initial region will be located in Germany. It will launch with multiple Availability Zones, each in separate and distinct geographic locations, with enough distance between them to significantly reduce the risk of a single event impacting your business continuity. We will have additional details on the list of available services, instance types, and so forth as we get closer to the launch.
Over time, this and other regions in this cloud will also function as parent regions for AWS Outposts and Dedicated Local Zones. These options give you even more flexibility with regard to isolation and in-country data residency. If you would like to express your interest in Dedicated Local Zones in your country, please contact your AWS account manager.
Get Ready You can start to build applications today in any of the existing regions and move them to the AWS European Sovereign Cloud when the region launches. You can also initiate conversations with your local regulatory authorities in order to better understand any issues that are specific to your particular location.
From day one, Amazon Web Services (AWS) has always believed it is essential that customers have control over their data, and choices for how they secure and manage that data in the cloud. Last year, we introduced the AWS Digital Sovereignty Pledge, our commitment to offering AWS customers the most advanced set of sovereignty controls and features available in the cloud. We pledged to work to understand the evolving needs and requirements of both customers and regulators, and to rapidly adapt and innovate to meet them. We committed to expanding our capabilities to allow customers to meet their digital sovereignty needs, without compromising on the performance, innovation, security, or scale of the AWS Cloud.
AWS offers the largest and most comprehensive cloud infrastructure globally. Our approach from the beginning has been to make AWS sovereign-by-design. We built data protection features and controls in the AWS Cloud with input from financial services, healthcare, and government customers—who are among the most security- and data privacy-conscious organizations in the world. This has led to innovations like the AWS Nitro System, which powers all our modern Amazon Elastic Compute Cloud (Amazon EC2) instances and provides a strong physical and logical security boundary to enforce access restrictions so that nobody, including AWS employees, can access customer data running in Amazon EC2. The security design of the Nitro System has also been independently validated by the NCC Group in a public report.
With AWS, customers have always had control over the location of their data. In Europe, customers that need to comply with European data residency requirements have the choice to deploy their data to any of our eight existing AWS Regions (Ireland, Frankfurt, London, Paris, Stockholm, Milan, Zurich, and Spain) to keep their data securely in Europe. To run their sensitive workloads, European customers can leverage the broadest and deepest portfolio of services, including AI, analytics, compute, database, Internet of Things (IoT), machine learning, mobile services, and storage. To further support customers, we’ve innovated to offer more control and choice over their data. For example, we announced further transparency and assurances, and new dedicated infrastructure options with AWS Dedicated Local Zones.
Announcing the AWS European Sovereign Cloud
When we speak to public sector and regulated industry customers in Europe, they share how they are facing incredible complexity and changing dynamics with an evolving sovereignty landscape. Customers tell us they want to adopt the cloud, but are facing increasing regulatory scrutiny over data location, European operational autonomy, and resilience. We’ve learned that these customers are concerned that they will have to choose between the full power of AWS or feature-limited sovereign cloud solutions. We’ve had deep engagements with European regulators, national cybersecurity authorities, and customers to understand how the sovereignty needs of customers can vary based on multiple factors, like location, sensitivity of workloads, and industry. These factors can impact their workload requirements, such as where their data can reside, who can access it, and the controls needed. AWS has a proven track record of innovation to address specialized workloads around the world.
Today, we’re excited to announce our plans to launch the AWS European Sovereign Cloud, a new, independent cloud for Europe, designed to help public sector organizations and customers in highly regulated industries meet their evolving sovereignty needs. We’re designing the AWS European Sovereign Cloud to be separate and independent from our existing Regions, with infrastructure located wholly within the European Union (EU), with the same security, availability, and performance our customers get from existing Regions today. To deliver enhanced operational resilience within the EU, only EU residents who are located in the EU will have control of the operations and support for the AWS European Sovereign Cloud. As with all current Regions, customers using the AWS European Sovereign Cloud will benefit from the full power of AWS with the same familiar architecture, expansive service portfolio, and APIs that millions of customers use today. The AWS European Sovereign Cloud will launch its first AWS Region in Germany available to all European customers.
The AWS European Sovereign Cloud will be sovereign-by-design, and will be built on more than a decade of experience operating multiple independent clouds for the most critical and restricted workloads. Like existing Regions, the AWS European Sovereign Cloud will be built for high availability and resiliency, and powered by the AWS Nitro System, to help ensure the confidentiality and integrity of customer data. Customers will have the control and assurance that AWS will not access or use customer data for any purpose without their agreement. AWS gives customers the strongest sovereignty controls among leading cloud providers. For customers with enhanced data residency needs, the AWS European Sovereign cloud is designed to go further and will allow customers to keep all metadata they create (such as the roles, permissions, resource labels, and configurations they use to run AWS) in the EU. The AWS European Sovereign Cloud will also be built with separate, in-Region billing and usage metering systems.
Delivering operational autonomy
The AWS European Sovereign Cloud will provide customers the capability to meet stringent operational autonomy and data residency requirements. To deliver enhanced data residency and operational resilience within the EU, the AWS European Sovereign Cloud infrastructure will be operated independently from existing AWS Regions. To assure independent operation of the AWS European Sovereign Cloud, only personnel who are EU residents, located in the EU, will have control of day-to-day operations, including access to data centers, technical support, and customer service.
We’re taking learnings from our deep engagements with European regulators and national cybersecurity authorities and applying them as we build the AWS European Sovereign Cloud, so that customers using the AWS European Sovereign Cloud can meet their data residency, operational autonomy, and resilience requirements. For example, we are looking forward to continuing to partner with Germany’s Federal Office for Information Security (BSI).
“The development of a European AWS Cloud will make it much easier for many public sector organizations and companies with high data security and data protection requirements to use AWS services. We are aware of the innovative power of modern cloud services and we want to help make them securely available for Germany and Europe. The C5 (Cloud Computing Compliance Criteria Catalogue), which was developed by the BSI, has significantly shaped cybersecurity cloud standards and AWS was in fact the first cloud service provider to receive the BSI’s C5 testate. In this respect, we are very pleased to constructively accompany the local development of an AWS Cloud, which will also contribute to European sovereignty, in terms of security.” — Claudia Plattner, President of the German Federal Office for Information Security (BSI)
Control without compromise
Though separate, the AWS European Sovereign Cloud will offer the same industry-leading architecture built for security and availability as other AWS Regions. This will include multiple Availability Zones (AZs), infrastructure that is placed in separate and distinct geographic locations, with enough distance to significantly reduce the risk of a single event impacting customers’ business continuity. Each AZ will have multiple layers of redundant power and networking to provide the highest level of resiliency. All AZs in the AWS European Sovereign Cloud will be interconnected with fully redundant, dedicated metro fiber, providing high-throughput, low-latency networking between AZs. All traffic between AZs will be encrypted. Customers who need more options to address stringent isolation and in-country data residency needs will be able to use Dedicated Local Zones or AWS Outposts to deploy AWS European Sovereign Cloud infrastructure in locations they select.
Continued AWS investment in Europe
The AWS European Sovereign Cloud represents continued AWS investment in Europe. AWS is committed to innovating to support European values and Europe’s digital future. We drive economic development through investing in infrastructure, jobs, and skills in communities and countries across Europe. We are creating thousands of high-quality jobs and investing billions of euros in European economies. Amazon has created more than 100,000 permanent jobs across the EU. Some of our largest AWS development teams are located in Europe, with key centers in Dublin, Dresden, and Berlin. As part of our continued commitment to contribute to the development of digital skills, we will hire and develop additional local personnel to operate and support the AWS European Sovereign Cloud.
Customers, partners, and regulators welcome the AWS European Sovereign Cloud
In the EU, hundreds of thousands of organizations of all sizes and across all industries are using AWS – from start-ups, to small and medium-sized businesses, to the largest enterprises, including telecommunication companies, public sector organizations, educational institutions, and government agencies. Organizations across Europe support the introduction of the AWS European Sovereign Cloud.
“As the market leader in enterprise application software with strong roots in Europe, SAP and AWS have long collaborated on behalf of customers to accelerate digital transformation around the world. The AWS European Sovereign Cloud provides further opportunities to strengthen our relationship in Europe by enabling us to expand the choices we offer to customers as they move to the cloud. We appreciate the ongoing partnership with AWS, and the new possibilities this investment can bring for our mutual customers across the region.” — Peter Pluim, President, SAP Enterprise Cloud Services and SAP Sovereign Cloud Services.
“The new AWS European Sovereign Cloud can be a game-changer for highly regulated business segments in the European Union. As a leading telecommunications provider in Germany, our digital transformation focuses on innovation, scalability, agility, and resilience to provide our customers with the best services and quality. This will now be paired with the highest levels of data protection and regulatory compliance that AWS delivers, and with a particular focus on digital sovereignty requirements. I am convinced that this new infrastructure offering has the potential to boost cloud adaptation of European companies and accelerate the digital transformation of regulated industries across the EU.” — Mallik Rao, Chief Technology and Information Officer, O2 Telefónica in Germany
“Deutsche Telekom welcomes the announcement of the AWS European Sovereign Cloud, which highlights AWS’s dedication to continuous innovation for European businesses. The AWS solution will provide greater choice for organizations when moving regulated workloads to the cloud and additional options to meet evolving digital governance requirements in the EU.” — Greg Hyttenrauch, senior vice president, Global Cloud Services at T-Systems
“Today, we stand at the cusp of a transformative era. The introduction of the AWS European Sovereign Cloud does not merely represent an infrastructural enhancement, it is a paradigm shift. This sophisticated framework will empower Dedalus to offer unparalleled services for storing patient data securely and efficiently in the AWS cloud. We remain committed, without compromise, to serving our European clientele with best-in-class solutions underpinned by trust and technological excellence.” — Andrea Fiumicelli, Chairman, Dedalus
“At de Volksbank, we believe in investing in a better Netherlands. To do this effectively, we need to have access to the latest technologies in order for us to continually be innovating and improving services for our customers. For this reason, we welcome the announcement of the European Sovereign Cloud which will allow European customers to easily demonstrate compliance with evolving regulations while still benefitting from the scale, security, and full suite of AWS services.” — Sebastiaan Kalshoven, Director IT/CTO, de Volksbank
“Eviden welcomes the launch of the AWS European Sovereign Cloud. This will help regulated industries and the public sector address the requirements of their sensitive workloads with a fully featured AWS cloud wholly operated in Europe. As an AWS Premier Tier Services Partner and leader in cybersecurity services in Europe, Eviden has an extensive track record in helping AWS customers formalize and mitigate their sovereignty risks. The AWS European Sovereign Cloud will allow Eviden to address a wider range of customers’ sovereignty needs.” — Yannick Tricaud, Head of Southern and Central Europe, Middle East, and Africa, Eviden, Atos Group
“We welcome the commitment of AWS to expand its infrastructure with an independent European cloud. This will give businesses and public sector organizations more choice in meeting digital sovereignty requirements. Cloud services are essential for the digitization of the public administration. With the “German Administration Cloud Strategy” and the “EVB-IT Cloud” contract standard, the foundations for cloud use in the public administration have been established. I am very pleased to work together with AWS to practically and collaboratively implement sovereignty in line with our cloud strategy.” — Dr. Markus Richter, CIO of the German federal government, Federal Ministry of the Interior
Our commitments to our customers
We remain committed to giving our customers control and choices to help meet their evolving digital sovereignty needs. We continue to innovate sovereignty features, controls, and assurances globally with AWS, without compromising on the full power of AWS.
If you have feedback about this post, submit comments in the Comments section below. If you have questions about this post, contact AWS Support.
French
AWS Digital Sovereignty Pledge : Un nouveau cloud souverain, indépendant en Europe
Depuis sa création, Amazon Web Services (AWS) est convaincu qu’il est essentiel que les clients aient le contrôle de leurs données et puissent choisir la manière dont ils les sécurisent et les gèrent dans le cloud. L’année dernière, nous avons annoncé l’AWS Digital Sovereignty Pledge, notre engagement à offrir aux clients d’AWS l’ensemble le plus avancé de contrôles et de fonctionnalités de souveraineté disponibles dans le cloud. Nous nous sommes engagés à travailler pour comprendre les besoins et les exigences en constante évolution de nos clients et des régulateurs, et à nous adapter et innover rapidement pour y répondre. Nous nous sommes engagés à développer notre offre afin de permettre à nos clients de répondre à leurs besoins en matière de souveraineté numérique, sans compromis sur les performances, l’innovation, la sécurité ou encore l’étendue du Cloud AWS.
AWS propose l’infrastructure cloud la plus étendue et la plus complète au monde. Dès l’origine, notre approche a été de rendre AWS souverain dès la conception. Nous avons développé des fonctionnalités et des contrôles de protection des données dans le Cloud AWS en nous appuyant sur les retours de clients du secteur financier, de la santé et du secteur public, qui figurent parmi les organisations les plus soucieuses de la sécurité et de la confidentialité des données au monde. Cela a donné lieu à des innovations telles que AWS Nitro System, qui alimente toutes nos instances modernes Amazon Elastic Compute Cloud (Amazon EC2) et fournit une solide barrière de sécurité physique et logique pour implémenter les restrictions d’accès afin que personne, y compris les employés d’AWS, ne puisse accéder aux données des clients traitées dans Amazon EC2. La conception de la sécurité du Système Nitro a également été validée de manière indépendante par NCC Group dans un rapport public.
Avec AWS, les clients ont toujours eu le contrôle de l’emplacement de leurs données. En Europe, les clients qui doivent se conformer aux exigences européennes en matière de localisation des données peuvent choisir de déployer leurs données dans l’une de nos huit Régions AWS existantes (Irlande, Francfort, Londres, Paris, Stockholm, Milan, Zurich et Espagne) afin de conserver leurs données en toute sécurité en Europe. Pour exécuter leurs applications sensibles, les clients européens peuvent avoir recours à l’offre de services la plus étendue et la plus complète, de l’intelligence artificielle à l’analyse, du calcul aux bases de données, en passant par l’Internet des objets (IoT), l’apprentissage automatique, les services mobiles et le stockage. Pour soutenir davantage nos clients, nous avons innové pour offrir un plus grand choix en matière de contrôle sur leurs données. Par exemple, nous avons annoncé une transparence et des garanties de sécurité accrues, ainsi que de nouvelles options d’infrastructure dédiée appelées AWS Dedicated Local Zones.
Annonce de l’AWS European Sovereign Cloud Lorsque nous parlons à des clients du secteur public et des industries régulées en Europe, ils nous font part de l’incroyable complexité à laquelle ils sont confrontés dans un contexte de souveraineté en pleine évolution. Les clients nous disent qu’ils souhaitent adopter le cloud, mais qu’ils sont confrontés à des exigences réglementaires croissantes en matière de localisation des données, d’autonomie opérationnelle européenne et de résilience. Nous entendons que ces clients craignent de devoir choisir entre la pleine puissance d’AWS et des solutions de cloud souverain aux fonctionnalités limitées. Nous avons eu des contacts approfondis avec les régulateurs européens, les autorités nationales de cybersécurité et les clients afin de comprendre comment ces besoins de souveraineté peuvent varier en fonction de multiples facteurs tels que la localisation, la sensibilité des applications et le secteur d’activité. Ces facteurs peuvent avoir une incidence sur leurs exigences, comme l’endroit où leurs données peuvent être localisées, les personnes autorisées à y accéder et les contrôles nécessaires. AWS a fait ses preuves en matière d’innovation pour les applications spécialisées dans le monde entier.
Aujourd’hui, nous sommes heureux d’annoncer le lancement de l’AWS European Sovereign Cloud, un nouveau cloud indépendant pour l’Europe, conçu pour aider les organisations du secteur public et les clients des industries régulées à répondre à leurs besoins évolutifs en matière de souveraineté. Nous concevons l’AWS European Sovereign Cloud de manière à ce qu’il soit distinct et indépendant de nos Régions existantes, avec une infrastructure entièrement située dans l’Union européenne (UE), avec les mêmes niveaux de sécurité, de disponibilité et de performance que ceux dont bénéficient nos clients aujourd’hui dans les Régions existantes. Pour offrir une résilience opérationnelle accrue au sein de l’UE, seuls des résidents de l’UE qui se trouvent dans l’UE auront le contrôle sur l’exploitation et le support de l’AWS European Sovereign Cloud. Comme dans toutes les Régions existantes, les clients utilisant l’AWS European Sovereign Cloud bénéficieront de toute la puissance d’AWS avec la même architecture à laquelle ils sont habitués, le même portefeuille de services étendu et les mêmes API que ceux utilisés par des millions de clients aujourd’hui. L’AWS European Sovereign Cloud lancera sa première Région AWS en Allemagne, disponible pour tous les clients européens.
L’AWS European Sovereign Cloud sera souverain dès la conception et s’appuiera sur plus d’une décennie d’expérience dans l’exploitation de clouds indépendants pour les applications les plus critiques et les plus sensibles. À l’instar des Régions existantes, l’AWS European Sovereign Cloud sera conçu pour offrir une haute disponibilité et un haut niveau de résilience, et sera basé sur le Système AWS Nitro afin de garantir la confidentialité et l’intégrité des données des clients. Les clients auront le contrôle de leurs données et l’assurance qu’AWS n’y accèdera pas, ni ne les utilisera à aucune fin sans leur accord. AWS offre à ses clients les contrôles de souveraineté les plus puissants parmi les principaux fournisseurs de cloud. Pour les clients ayant des besoins accrus en matière de localisation des données, l’AWS European Sovereign Cloud est conçu pour aller plus loin et permettra aux clients de conserver toutes les métadonnées qu’ils créent (telles que les rôles de compte, les autorisations, les étiquettes de données et les configurations qu’ils utilisent au sein d’AWS) dans l’UE. L’AWS European Sovereign Cloud sera également doté de systèmes de facturation et de mesure de l’utilisation distincts et propres.
Apporter l’autonomie opérationnelle L’AWS European Sovereign Cloud permettra aux clients de répondre à des exigences strictes en matière d’autonomie opérationnelle et de localisation des données. Pour améliorer la localisation des données et la résilience opérationnelle au sein de l’UE, l’infrastructure de l’AWS European Sovereign Cloud sera exploitée indépendamment des Régions AWS existantes. Afin de garantir le fonctionnement indépendant de l’AWS European Sovereign Cloud, seul le personnel résidant de l’UE et situé dans l’UE contrôlera les opérations quotidiennes, y compris l’accès aux centres de données, l’assistance technique et le service client.
Nous tirons les enseignements de nos échanges approfondis auprès des régulateurs européens et des autorités nationales de cybersécurité et les appliquons à la création de l’AWS European Sovereign Cloud, afin que les clients qui l’utilisent puissent répondre à leurs exigences en matière de localisation des données, d’autonomie opérationnelle et de résilience. Par exemple, nous nous réjouissons de poursuivre notre partenariat avec l’Office fédéral allemand de la sécurité de l’information (BSI).
« Le développement d’un cloud AWS européen facilitera grandement l’utilisation des services AWS pour de nombreuses organisations du secteur public et des entreprises ayant des exigences élevées en matière de sécurité et de protection des données. Nous sommes conscients du pouvoir d’innovation des services cloud modernes et nous voulons contribuer à les rendre disponibles en toute sécurité pour l’Allemagne et l’Europe. Le C5 (Catalogue des critères de conformité du cloud computing), développé par le BSI, a considérablement façonné les normes de cybersécurité dans le cloud et AWS a été en fait le premier fournisseur de services cloud à recevoir la certification C5 du BSI. À cet égard, nous sommes très heureux d’accompagner de manière constructive le développement local d’un cloud AWS, qui contribuera également à la souveraineté européenne en termes de sécurité ». — Claudia Plattner, Présidente de l’Office fédéral allemand de la sécurité de l’information (BSI)
Contrôle sans compromis Bien que distinct, l’AWS European Sovereign Cloud proposera la même architecture à la pointe de l’industrie, conçue pour offrir la même sécurité et la même disponibilité que les autres Régions AWS. Cela inclura plusieurs Zones de Disponibilité (AZ), des infrastructures physiques placées dans des emplacements géographiques séparés et distincts, avec une distance suffisante pour réduire de manière significative le risque qu’un seul événement ait un impact sur la continuité des activités des clients. Chaque AZ disposera de plusieurs couches d’alimentation et de réseau redondantes pour fournir le plus haut niveau de résilience. Toutes les Zones de Disponibilité de l’AWS European Sovereign Cloud seront interconnectées par un réseau métropolitain de fibres dédié entièrement redondant, fournissant un réseau à haut débit et à faible latence entre les Zones de Disponibilité. Tous les échanges entre les AZ seront chiffrés. Les clients recherchant davantage d’options pour répondre à des besoins stricts en matière d’isolement et de localisation des données dans le pays pourront tirer parti des Dedicated Local Zones ou d’AWS Outposts pour déployer l’infrastructure de l’AWS European Sovereign Cloud sur les sites de leur choix.
Un investissement continu d’AWS en Europe L’AWS European Sovereign Cloud s’inscrit dans un investissement continu d’AWS en Europe. AWS s’engage à innover pour soutenir les valeurs européennes et l’avenir numérique de l’Europe.
Nous créons des milliers d’emplois qualifiés et investissons des milliards d’euros dans l’économie européenne. Amazon a créé plus de 100 000 emplois permanents dans l’UE.
Nous favorisons le développement économique en investissant dans les infrastructures, les emplois et les compétences dans les territoires et les pays d’Europe. Certaines des plus grandes équipes de développement d’AWS sont situées en Europe, avec des centres majeurs à Dublin, Dresde et Berlin. Dans le cadre de notre engagement continu à contribuer au développement des compétences numériques, nous recruterons et formerons du personnel local supplémentaire pour exploiter et soutenir l’AWS European Sovereign Cloud.
Les clients, partenaires et régulateurs accueillent favorablement l’AWS European Sovereign Cloud Dans l’UE, des centaines de milliers d’organisations de toutes tailles et de tous secteurs utilisent AWS, qu’il s’agisse de start-ups, de petites et moyennes entreprises ou de grandes entreprises, y compris des sociétés de télécommunications, des organisations du secteur public, des établissements d’enseignement ou des agences gouvernementales. Des organisations de toute l’Europe accueillent favorablement l’AWS European Sovereign Cloud.
« En tant que leader du marché des logiciels de gestion d’entreprise fortement ancré en Europe, SAP collabore depuis longtemps avec AWS pour le compte de ses clients, afin d’accélérer la transformation numérique dans le monde entier. L’AWS European Sovereign Cloud offre de nouvelles opportunités de renforcer notre relation en Europe en nous permettant d’élargir les choix que nous offrons aux clients lorsqu’ils passent au cloud. Nous apprécions le partenariat en cours avec AWS, et les nouvelles possibilités que cet investissement peut apporter à nos clients mutuels dans toute la région. » — Peter Pluim, Président, SAP Enterprise Cloud Services and SAP Sovereign Cloud Services.
« Le nouvel AWS European Sovereign Cloud peut changer la donne pour les secteurs d’activité très réglementés de l’Union européenne. En tant que fournisseur de télécommunications de premier plan en Allemagne, notre transformation numérique se concentre sur l’innovation, l’évolutivité, l’agilité et la résilience afin de fournir à nos clients les meilleurs services et la meilleure qualité. Cela sera désormais associé aux plus hauts niveaux de protection des données et de conformité réglementaire qu’offre AWS, avec un accent particulier sur les exigences de souveraineté numérique. Je suis convaincu que cette nouvelle offre d’infrastructure a le potentiel de stimuler l’adaptation au cloud des entreprises européennes et d’accélérer la transformation numérique des industries réglementées à travers l’UE. » — Mallik Rao, Chief Technology and Information Officer, O2 Telefónica, Allemagne
« Deutsche Telekom se réjouit de l’annonce de l’AWS European Sovereign Cloud, qui souligne la volonté d’AWS d’innover en permanence pour les entreprises européennes. La solution d’AWS offrira un plus grand choix aux organisations lorsqu’elles migreront des applications réglementées vers le cloud, ainsi que des options supplémentaires pour répondre à l’évolution des exigences en matière de gouvernance numérique dans l’UE. » — Greg Hyttenrauch, vice-président senior, Global Cloud Services chez T-Systems
« Aujourd’hui, nous sommes à l’aube d’une ère de transformation. Le lancement de l’AWS European Sovereign Cloud ne représente pas seulement une amélioration de l’infrastructure, c’est un changement de paradigme. Ce cadre sophistiqué permettra à Dedalus d’offrir des services inégalés pour le stockage sécurisé et efficace des données des patients dans le cloud AWS. Nous restons engagés, sans compromis, à servir notre clientèle européenne avec les meilleures solutions de leur catégorie, étayées par la confiance et l’excellence technologique ». — Andrea Fiumicelli, Chairman at Dedalus
« À de Volksbank, nous croyons qu’il faut investir dans l’avenir des Pays-Bas. Pour y parvenir efficacement, nous devons avoir accès aux technologies les plus récentes afin d’innover en permanence et d’améliorer les services offerts à nos clients. C’est pourquoi nous nous réjouissons de l’annonce de l’AWS European Sovereign Cloud, qui permettra aux clients européens de démontrer facilement leur conformité aux réglementations en constante évolution tout en bénéficiant de l’étendue, de la sécurité et de la suite complète de services AWS ». — Sebastiaan Kalshoven, Director IT/CTO, de Volksbank
« Eviden se réjouit du lancement de l’AWS European Sovereign Cloud. Celui-ci aidera les industries réglementées et le secteur public à satisfaire leurs exigences pour les applications les plus sensibles, grâce à un Cloud AWS doté de toutes ses fonctionnalités et entièrement opéré en Europe. En tant que partenaire AWS Premier Tier Services et leader des services de cybersécurité en Europe, Eviden a une longue expérience dans l’accompagnement de clients AWS pour formaliser et maîtriser leurs risques en termes de souveraineté. L’AWS European Sovereign Cloud permettra à Eviden de répondre à un plus grand nombre de besoins de ses clients en matière de souveraineté ». — Yannick Tricaud, Head of Southern and Central Europe, Middle East and Africa, Eviden, Atos Group
« Nous saluons l’engagement d’AWS d’étendre son infrastructure avec un cloud européen indépendant. Les entreprises et les organisations du secteur public auront ainsi plus de choix pour répondre aux exigences de souveraineté numérique. Les services cloud sont essentiels pour la numérisation de l’administration publique. La “stratégie de l’administration allemande en matière de cloud” et la norme contractuelle “EVB-IT Cloud” ont constitué les bases de l’utilisation du cloud dans l’administration publique. Je suis très heureux de travailler avec AWS pour mettre en œuvre de manière pratique et collaborative la souveraineté, conformément à notre stratégie cloud. » — Markus Richter, DSI du gouvernement fédéral allemand, ministère fédéral de l’Intérieur.
Nos engagements envers nos clients Nous restons déterminés à donner à nos clients le contrôle et les choix nécessaires pour répondre à l’évolution de leurs besoins en matière de souveraineté numérique. Nous continuons d’innover en matière de fonctionnalités, de contrôles et de garanties de souveraineté au niveau mondial au sein d’AWS, tout en fournissant sans compromis et sans restriction la pleine puissance d’AWS.
AWS Digital Sovereignty Pledge: Ankündigung der neuen, unabhängigen AWS European Sovereign Cloud
Amazon Web Services (AWS) war immer der Meinung, dass es wichtig ist, dass Kunden die volle Kontrolle über ihre Daten haben. Kunden sollen die Wahl haben, wie sie diese Daten in der Cloud absichern und verwalten.
Letztes Jahr haben wir unseren „AWS Digital Sovereignty Pledge“ vorgestellt: Unser Versprechen, allen AWS-Kunden ohne Kompromisse die fortschrittlichsten Steuerungsmöglichkeiten für Souveränitätsanforderungen und Funktionen in der Cloud anzubieten. Wir haben uns dazu verpflichtet, die sich wandelnden Anforderungen von Kunden und Aufsichtsbehörden zu verstehen und sie mit innovativen Angeboten zu adressieren. Wir bauen unser Angebot so aus, dass Kunden ihre Bedürfnisse an digitale Souveränität erfüllen können, ohne Kompromisse bei der Leistungsfähigkeit, Innovationskraft, Sicherheit und Skalierbarkeit der AWS-Cloud einzugehen.
AWS bietet die größte und umfassendste Cloud-Infrastruktur weltweit. Von Anfang an haben wir bei der AWS-Cloud einen „sovereign-by-design“-Ansatz verfolgt. Wir haben mit Hilfe von Kunden aus besonders regulierten Branchen, wie z.B. Finanzdienstleistungen, Gesundheit, Staat und Verwaltung, Funktionen und Steuerungsmöglichkeiten für Datenschutz und Datensicherheit entwickelt. Dieses Vorgehen hat zu Innovationen wie dem AWS Nitro System geführt, das heute die Grundlage für alle modernen Amazon Elastic Compute Cloud (Amazon EC2) Instanzen und Confidential Computing auf AWS bildet. AWS Nitro setzt auf eine starke physikalische und logische Sicherheitsabgrenzung und realisiert damit Zugriffsbeschränkungen, die unautorisierte Zugriffe auf Kundendaten in EC2 unmöglich machen – das gilt auch für AWS-Personal. Die NCC Group hat das Sicherheitsdesign von AWS Nitro im Rahmen einer unabhängigen Untersuchung in einem öffentlichen Bericht validiert.
Mit AWS hatten und haben Kunden stets die Kontrolle über den Speicherort ihrer Daten. Kunden, die spezifische europäische Vorgaben zum Ort der Datenverarbeitung einhalten müssen, haben die Wahl, ihre Daten in jeder unserer bestehenden acht AWS-Regionen (Frankfurt, Irland, London, Mailand, Paris, Stockholm, Spanien und Zürich) zu verarbeiten und sicher innerhalb Europas zu speichern. Europäische Kunden können ihre kritischen Workloads auf Basis des weltweit umfangreichsten und am weitesten verbreiteten Portfolios an Diensten betreiben – dazu zählen AI, Analytics, Compute, Datenbanken, Internet of Things (IoT), Machine Learning (ML), Mobile Services und Storage. Wir haben Innovationen in den Bereichen Datenverwaltung und Kontrolle realisiert, um unsere Kunden besser zu unterstützen. Zum Beispiel haben wir weitergehende Transparenz und zusätzliche Zusicherungen sowie neue Optionen für dedizierte Infrastruktur mit AWS Dedicated Local Zones angekündigt.
Ankündigung der AWS European Sovereign Cloud Kunden aus dem öffentlichen Sektor und aus regulierten Industrien in Europa berichten uns immer wieder, mit welcher Komplexität und Dynamik sie im Bereich Souveränität konfrontiert werden. Wir hören von unseren Kunden, dass sie die Cloud nutzen möchten, aber gleichzeitig zusätzliche Anforderungen im Zusammenhang mit dem Ort der Datenverarbeitung, der betrieblichen Autonomie und der operativen Souveränität erfüllen müssen.
Kunden befürchten, dass sie sich zwischen der vollen Leistung von AWS und souveränen Cloud-Lösungen mit eingeschränkter Funktion entscheiden müssen. Wir haben intensiv mit Aufsichts- und Cybersicherheitsbehörden sowie Kunden aus Deutschland und anderen europäischen Ländern zusammengearbeitet, um zu verstehen, wie Souveränitätsbedürfnisse aufgrund verschiedener Faktoren wie Standort, Klassifikation der Workloads und Branche variieren können. Diese Faktoren können sich auf Workload-Anforderungen auswirken, z. B. darauf, wo sich diese Daten befinden dürfen, wer darauf zugreifen kann und welche Steuerungsmöglichkeiten erforderlich sind. AWS hat eine nachgewiesene Erfolgsbilanz insbesondere für innovative Lösungen zur Verarbeitung spezialisierter Workloads auf der ganzen Welt.
Wir freuen uns, heute die AWS European Sovereign Cloud ankündigen zu können: Eine neue, unabhängige Cloud für Europa. Sie soll Kunden aus dem öffentlichen Sektor und stark regulierten Industrien (z.B. Betreiber kritischer Infrastrukturen („KRITIS“)) dabei helfen, spezifische gesetzliche Anforderungen an den Ort der Datenverarbeitung und den Betrieb der Cloud zu erfüllen. Die AWS European Sovereign Cloud wird sich in der Europäischen Union (EU) befinden und dort betrieben. Sie wird physisch und logisch von den bestehenden AWS-Regionen getrennt sein und dieselbe Sicherheit, Verfügbarkeit und Leistung wie die bestehenden AWS-Regionen bieten. Die Kontrolle über den Betrieb und den Support der AWS European Sovereign Cloud wird ausschließlich von AWS-Personal ausgeübt, das in der EU ansässig ist und sich in der EU aufhält.
Wie schon bei den bestehenden AWS-Regionen, werden Kunden, welche die AWS European Sovereign Cloud nutzen, von dem gesamten AWS-Leistungsumfang profitieren. Dazu zählen die gewohnte Architektur, das umfangreiche Service-Portfolio und die APIs, die heute schon von Millionen von Kunden verwendet werden. Die AWS European Sovereign Cloud wird mit ihrer ersten AWS-Region in Deutschland starten und allen Kunden in Europa zur Verfügung stehen.
Die AWS European Sovereign Cloud wird “sovereign-by-design” sein und basiert auf mehr als zehn Jahren Erfahrung beim Betrieb mehrerer unabhängiger Clouds für besonders kritische und vertrauliche Workloads. Wie schon bei unseren bestehenden AWS-Regionen wird die AWS European Sovereign Cloud für Hochverfügbarkeit und Ausfallsicherheit ausgelegt sein und auf dem AWS Nitro System aufbauen, um die Vertraulichkeit und Integrität von Kundendaten sicherzustellen. Kunden haben die Kontrolle und Gewissheit darüber, dass AWS nicht ohne ihr Einverständnis auf Kundendaten zugreift oder sie für andere Zwecke verwendet. Die AWS European Sovereign Cloud ist so gestaltet, dass nicht nur alle Kundendaten, sondern auch alle Metadaten, die durch Kunden angelegt werden (z.B. Rollen, Zugriffsrechte, Labels für Ressourcen und Konfigurationsinformationen), innerhalb der EU verbleiben. Die AWS European Sovereign Cloud verfügt über unabhängige Systeme für das Rechnungswesen und zur Nutzungsmessung.
„Die neue AWS European Sovereign Cloud kann ein Game Changer für stark regulierte Geschäftsbereiche in der Europäischen Union sein. Als führender Telekommunikationsanbieter in Deutschland konzentriert sich unsere digitale Transformation auf Innovation, Skalierbarkeit, Agilität und Resilienz, um unseren Kunden die besten Dienste und die beste Qualität zu bieten. Dies wird nun von AWS mit dem höchsten Datenschutzniveau unter Einhaltung der regulatorischen Anforderungen vereint mit einem besonderen Schwerpunkt auf die Anforderungen an digitale Souveränität. Ich bin überzeugt, dass dieses neue Infrastrukturangebot das Potenzial hat, die Cloud-Adaption von europäischen Unternehmen voranzutreiben und die digitale Transformation regulierter Branchen in der EU zu beschleunigen.“ — Mallik Rao, Chief Technology and Information Officer bei O2 Telefónica in Deutschland
Sicherstellung operativer Autonomie Die AWS European Sovereign Cloud bietet Kunden die Möglichkeit, strenge Anforderungen an Betriebsautonomie und den Ort der Datenverarbeitung zu erfüllen. Um eine Datenverarbeitung und operative Souveränität innerhalb der EU zu gewährleisten, wird die AWS European Sovereign Cloud-Infrastruktur unabhängig von bestehenden AWS-Regionen betrieben. Um den unabhängigen Betrieb der AWS European Sovereign Cloud zu gewährleisten, hat nur Personal, das in der EU ansässig ist und sich in der EU aufhält die Kontrolle über den täglichen Betrieb. Dazu zählen der Zugang zu Rechenzentren, der technische Support und der Kundenservice.
Wir nutzen die Erkenntnisse aus unserer intensiven Zusammenarbeit mit Aufsichts- und Cybersicherheitsbehörden in Europa beim Aufbau der AWS European Sovereign Cloud, damit Kunden ihren Anforderungen an die Kontrolle über den Speicher- und Verarbeitungsort ihrer Daten, der betrieblichen Autonomie und der operativen Souveränität gerecht werden können. Wir freuen uns, mit dem Bundesamt für Sicherheit in der Informationstechnik (BSI) auch bei der Umsetzung der AWS European Sovereign Cloud zu kooperieren:
„Der Aufbau einer europäischen AWS-Cloud wird es für viele Behörden und Unternehmen mit hohen Anforderungen an die Datensicherheit und den Datenschutz deutlich leichter machen, die AWS-Services zu nutzen. Wir wissen um die Innovationskraft moderner Cloud-Dienste und wir wollen mithelfen, sie für Deutschland und Europa sicher verfügbar zu machen. Das BSI hat mit dem Kriterienkatalog C5 die Cybersicherheit im Cloud Computing bereits maßgeblich beeinflusst, und tatsächlich war AWS der erste Cloud Service Provider, der das C5-Testat des BSI erhalten hat. Insofern freuen wir uns sehr, den hiesigen Aufbau einer AWS-Cloud, die auch einen Beitrag zur europäischen Souveränität leisten wird, im Hinblick auf die Sicherheit konstruktiv zu begleiten.“ — Claudia Plattner, Präsidentin, deutsches Bundesamt für Sicherheit in der Informationstechnik (BSI)
Kontrolle ohne Kompromisse Obwohl sie separat betrieben wird, bietet die AWS European Sovereign Cloud dieselbe branchenführende Architektur, die auf Sicherheit und Verfügbarkeit ausgelegt ist wie andere AWS-Regionen. Dazu gehören mehrere Verfügbarkeitszonen (Availability Zones, AZs) – eine Infrastruktur, die sich an verschiedenen voneinander getrennten geografischen Standorten befindet. Diese räumliche Trennung verringert signifikant das Risiko, dass ein Zwischenfall an einem einzelnen Standort den Geschäftsbetrieb des Kunden beeinträchtigt. Jede Verfügbarkeitszone besitzt eine autarke Stromversorgung und Kühlung und verfügt über redundante Netzwerkanbindungen, um ein Höchstmaß an Ausfallsicherheit zu gewährleisten. Zudem zeichnet sich jede Verfügbarkeitszone durch eine hohe physische Sicherheit aus. Alle AZs in der AWS European Sovereign Cloud werden über vollständig redundante, dedizierte Metro-Glasfaser miteinander verbunden und ermöglichen so eine Vernetzung mit hohem Durchsatz und niedriger Latenz zwischen den AZs. Der gesamte Datenverkehr zwischen AZs wird verschlüsselt. Für besonders strikte Anforderungen an die Trennung von Daten und den Ort der Datenverarbeitung innerhalb eines Landes bieten bestehende Angebote wie AWS Dedicated Local Zones oder AWS Outposts zusätzliche Optionen. Damit können Kunden die AWS European Sovereign Cloud Infrastruktur auf selbstgewählte Standorte erweitern.
Kontinuierliche AWS-Investitionen in Deutschland und Europa Mit der AWS European Sovereign Cloud setzt AWS seine Investitionen in Deutschland und Europa fort. AWS entwickelt Innovationen, um europäische Werte und die digitale Zukunft in Deutschland und Europa zu unterstützen. Wir treiben die wirtschaftliche Entwicklung voran, indem wir in Infrastruktur, Arbeitsplätze und Ausbildung in ganz Europa investieren. Wir schaffen Tausende von hochwertigen Arbeitsplätzen und investieren Milliarden von Euro in europäische Volkswirtschaften. Amazon hat mehr als 100.000 dauerhafte Arbeitsplätze innerhalb der EU geschaffen.
„Die deutsche und europäische Wirtschaft befindet sich auf Digitalisierungskurs. Insbesondere der starke deutsche Mittelstand braucht eine souveräne Digitalinfrastruktur, die höchsten Anforderungen genügt, um auch weiterhin wettbewerbsfähig im globalen Markt zu sein. Für unsere digitale Unabhängigkeit ist wichtig, dass Rechenleistungen vor Ort in Deutschland entstehen und in unseren Digitalstandort investiert wird. Wir begrüßen daher die Ankündigung von AWS, die Cloud für Europa in Deutschland anzusiedeln.“ — Stefan Schnorr, Staatssekretär im deutschen Bundesministerium für Digitales und Verkehr
Einige der größten Entwicklungsteams von AWS sind in Deutschland und Europa angesiedelt, mit Standorten in Aachen, Berlin, Dresden, Tübingen und Dublin. Da wir uns verpflichtet fühlen, einen langfristigen Beitrag zur Entwicklung digitaler Kompetenzen zu leisten, wird AWS zusätzliches Personal vor Ort für die AWS European Sovereign Cloud einstellen und ausbilden.
Kunden, Partner und Aufsichtsbehörden begrüßen die AWS European Sovereign Cloud In der EU nutzen Hunderttausende Organisationen aller Größen und Branchen AWS – von Start-ups über kleine und mittlere Unternehmen bis hin zu den größten Unternehmen, einschließlich Telekommunikationsunternehmen, Organisationen des öffentlichen Sektors, Bildungseinrichtungen und Regierungsbehörden. Europaweit unterstützen Organisationen die Einführung der AWS European Sovereign Cloud. Für Kunden wird die AWS European Sovereign Cloud neue Möglichkeiten im Cloudeinsatz eröffnen.
„Wir begrüßen das Engagement von AWS, seine Infrastruktur mit einer unabhängigen europäischen Cloud auszubauen. So erhalten Unternehmen und Organisationen der öffentlichen Hand mehr Auswahlmöglichkeiten bei der Erfüllung der Anforderungen an digitale Souveränität. Cloud-Services sind für die Digitalisierung der öffentlichen Verwaltung unerlässlich. Mit der Deutschen Verwaltungscloud-Strategie und dem Vertragsstandard EVB-IT Cloud wurden die Grundlagen für die Cloud-Nutzung in der Verwaltung geschaffen. Ich freue mich sehr, gemeinsam mit AWS Souveränität im Sinne unserer Cloud-Strategie praktisch und partnerschaftlich umzusetzen.” — Dr. Markus Richter, Staatssekretär im deutschen Bundesministerium des Innern und für Heimat sowie Beauftragter der Bundesregierung für Informationstechnik (CIO des Bundes)
„Als Marktführer für Geschäftssoftware mit starken Wurzeln in Europa, arbeitet SAP seit langem im Interesse der Kunden mit AWS zusammen, um die digitale Transformation auf der ganzen Welt zu beschleunigen. Die AWS European Sovereign Cloud bietet weitere Möglichkeiten, unsere Beziehung in Europa zu stärken, indem wir die Möglichkeiten, die wir unseren Kunden beim Wechsel in die Cloud bieten, erweitern können. Wir schätzen die fortlaufende Zusammenarbeit mit AWS und die neuen Möglichkeiten, die diese Investition für unsere gemeinsamen Kunden in der gesamten Region mit sich bringen kann.“ — Peter Pluim, President – SAP Enterprise Cloud Services und SAP Sovereign Cloud Services
„Heute stehen wir an der Schwelle zu einer transformativen Ära. Die Einführung der AWS European Sovereign Cloud stellt nicht nur eine infrastrukturelle Erweiterung dar, sondern ist ein Paradigmenwechsel. Dieses hochentwickelte Framework wird Dedalus in die Lage versetzen, unvergleichliche Dienste für die sichere und effiziente Speicherung von Patientendaten in der AWS-Cloud anzubieten. Wir bleiben kompromisslos dem Ziel verpflichtet, unseren europäischen Kunden erstklassige Lösungen zu bieten, die auf Vertrauen und technologischer Exzellenz basieren.“ — Andrea Fiumicelli, Chairman bei Dedalus
„Die Deutsche Telekom begrüßt die Ankündigung der AWS European Sovereign Cloud, die das Engagement von AWS für fortwährende Innovationen für europäische Unternehmen unterstreicht. Diese AWS-Lösung wird Unternehmen eine noch größere Auswahl bieten, wenn sie kritische Workloads in die AWS-Cloud verlagern, und zusätzliche Optionen zur Erfüllung der sich entwickelnden Anforderungen an die digitale Governance in der EU.” — Greg Hyttenrauch, Senior Vice President, Global Cloud Services bei T-Systems
„Wir begrüßen die AWS European Sovereign Cloud als neues Angebot innerhalb von AWS, um die komplexesten regulatorischen Anforderungen an die Datenresidenz und betrieblichen Erfordernisse in ganz Europa zu adressieren.“ — Bernhard Wagensommer, Vice President Prinect bei der Heidelberger Druckmaschinen AG
„Die AWS European Sovereign Cloud wird neue Branchenmaßstäbe setzen und sicherstellen, dass Finanzdienstleistungsunternehmen noch mehr Optionen innerhalb von AWS haben, um die wachsenden Anforderungen an die digitale Souveränität hinsichtlich der Datenresidenz und operativen Autonomie in der EU zu erfüllen.“ — Gerhard Koestler, Chief Information Officer bei Raisin
„Mit einem starken Fokus auf Datenschutz, Sicherheit und regulatorischer Compliance unterstreicht die AWS European Sovereign Cloud das Engagement von AWS, die höchsten Standards für die digitale Souveränität von Finanzdienstleistern zu fördern. Dieser zusätzliche robuste Rahmen ermöglicht es Unternehmen wie unserem, in einer sicheren Umgebung erfolgreich zu sein, in der Daten geschützt sind und die Einhaltung höchster Standards leichter denn je wird.“ — Andreas Schranzhofer, Chief Technology Officer bei Scalable Capital
„Die AWS European Sovereign Cloud ist ein wichtiges, zusätzliches Angebot von AWS, das hochregulierten Branchen, Organisationen der öffentlichen Hand und Regierungsbehörden in Deutschland weitere Optionen bietet, um strengste regulatorische Anforderungen an den Datenschutz in der Cloud noch einfacher umzusetzen. Als AWS Advanced Tier Services Partner, AWS Solution Provider und AWS Public Sector Partner beraten und unterstützen wir kritische Infrastrukturen (KRITIS) bei der erfolgreichen Implementierung. Das neue Angebot von AWS ist ein wichtiger Impuls für Innovationen und Digitalisierung in Deutschland.“ — Martin Wibbe, CEO bei Materna
„Als eines der größten deutschen IT-Unternehmen und strategischer AWS-Partner begrüßt msg ausdrücklich die Ankündigung der AWS European Sovereign Cloud. Für uns als Anbieter von Software as a Service (SaaS) und Consulting Advisor für Kunden mit spezifischen Datenschutzanforderungen ermöglicht die Schaffung einer eigenständigen europäischen Cloud, unseren Kunden dabei zu helfen, die Einhaltung sich entwickelnder Vorschriften leichter nachzuweisen. Diese spannende Ankündigung steht im Einklang mit unserer Cloud-Strategie. Wir betrachten dies als Chance, um unsere Partnerschaft mit AWS zu stärken und die Entwicklung der Cloud in Deutschland voranzutreiben.“ — Dr. Jürgen Zehetmaier, CEO von msg
Unsere Verpflichtung gegenüber unseren Kunden Um Kunden bei der Erfüllung der sich wandelnden Souveränitätsanforderungen zu unterstützen, entwickelt AWS fortlaufend innovative Features, Kontrollen und Zusicherungen, ohne die Leistungsfähigkeit der AWS Cloud zu beeinträchtigen.
AWS Digital Sovereignty Pledge: Annuncio di un nuovo cloud sovrano e indipendente in Europa
Fin dal primo giorno, abbiamo sempre creduto che fosse essenziale che tutti i clienti avessero il controllo sui propri dati e sulle scelte di come proteggerli e gestirli nel cloud. L’anno scorso abbiamo introdotto l’AWS Digital Sovereignty Pledge, il nostro impegno a offrire ai clienti AWS il set più avanzato di controlli e funzionalità di sovranità disponibili nel cloud. Ci siamo impegnati a lavorare per comprendere le esigenze e le necessità in costante evoluzione sia dei clienti che delle autorità di regolamentazione, e per adattarci e innovare rapidamente per soddisfarli. Ci siamo impegnati ad espandere le nostre funzionalità per consentire ai clienti di soddisfare le loro esigenze di sovranità digitale senza compromettere le prestazioni, l’innovazione, la sicurezza o la scalabilità del cloud AWS.
AWS offre l’infrastruttura cloud più grande e completa a livello globale. Il nostro approccio fin dall’inizio è stato quello di rendere il cloud AWS sovrano by design. Abbiamo creato funzionalità e controlli di protezione dei dati nel cloud AWS confrontandoci con i clienti che operano in settori quali i servizi finanziari e l’assistenza sanitaria, che sono in assoluto tra le organizzazioni più attente alla sicurezza e alla privacy dei dati. Ciò ha portato a innovazioni come AWS Nitro System, che alimenta tutte le nostre moderne istanze Amazon Elastic Compute Cloud (Amazon EC2) e fornisce un solido standard di sicurezza fisico e logico-infrastrutturale al fine di imporre restrizioni di accesso in modo che nessuno, compresi i dipendenti AWS, possa accedere ai dati dei clienti in esecuzione in EC2. Il design di sicurezza del sistema Nitro è stato inoltre convalidato in modo indipendente dal gruppo NCC in un report pubblico.
Con AWS i clienti hanno sempre avuto il controllo sulla posizione dei propri dati. I clienti che devono rispettare i requisiti europei di residenza dei dati possono scegliere di distribuire i propri dati in una delle otto regioni AWS esistenti (Irlanda, Francoforte, Londra, Parigi, Stoccolma, Milano, Zurigo e Spagna) per conservare i propri dati in modo sicuro in Europa. Per gestire i propri carichi di lavoro sensibili, i clienti europei possono sfruttare il portafoglio di servizi più ampio e completo, tra cui intelligenza artificiale, analisi ed elaborazione dati, database, Internet of Things (IoT), apprendimento automatico, servizi mobili e storage. Per supportare ulteriormente i clienti, abbiamo introdotto alcune innovazioni per offrire loro maggiore controllo e scelta sulla gestione dei dati. Ad esempio, abbiamo annunciato ulteriore trasparenza e garanzie e nuove opzioni di infrastruttura dedicate con AWS Dedicated Local Zones.
Annuncio AWS European Sovereign Cloud Quando in Europa parliamo con i clienti del settore pubblico e delle industrie regolamentate, riceviamo continue conferme di come si trovano ad affrontare una incredibile complessità e mutevoli dinamiche di un panorama di sovranità in continua evoluzione. I clienti ci dicono che vogliono adottare il cloud, ma si trovano ad affrontare crescenti interventi normativi in relazione alla residenza dei dati, all’autonomia operativa ed alla resilienza europea. Abbiamo appreso che questi clienti temono di dover scegliere tra tutta la potenza di AWS e soluzioni cloud sovrane ma con funzionalità limitate. Abbiamo collaborato intensamente con le autorità di regolamentazione europee, le agenzie nazionali per la sicurezza informatica e i nostri clienti per comprendere come le esigenze di sovranità possano variare in base a molteplici fattori come la residenza, la sensibilità dei carichi di lavoro e il settore. Questi fattori possono influire sui requisiti del carico di lavoro, ad esempio dove possono risiedere i dati, chi può accedervi e i controlli necessari, ed AWS ha una comprovata esperienza di innovazione per affrontare carichi di lavoro specializzati in tutto il mondo.
Oggi siamo lieti di annunciare il nostro programma di lancio dell’AWS European Sovereign Cloud, un nuovo cloud indipendente per l’Europa, progettato per aiutare le organizzazioni del settore pubblico e i clienti in settori altamente regolamentati a soddisfare le loro esigenze di sovranità in continua evoluzione. Stiamo progettando il cloud sovrano europeo AWS in modo che sia separato e indipendente dalle nostre regioni esistenti, con un’infrastruttura situata interamente all’interno dell’Unione Europea (UE), con la stessa sicurezza, disponibilità e prestazioni che i nostri clienti ottengono dalle regioni esistenti oggi. Per garantire una maggiore resilienza operativa all’interno dell’UE, solo i residenti dell’UE che si trovano nell’UE avranno il controllo delle operazioni e il supporto per l’AWS European Sovereign Cloud. Come per tutte le regioni attuali, i clienti che utilizzeranno l’AWS European Sovereign Cloud trarranno vantaggio da tutta la potenza di AWS con la stessa architettura, un ampio portafoglio di servizi e API che milioni di clienti già utilizzano oggi. L’AWS European Sovereign Cloud lancerà la sua prima regione AWS in Germania, disponibile per tutti i clienti europei.
Il cloud sovrano europeo AWS sarà progettato per garantire l’indipendenza operativa e la resilienza all’interno dell’UE e sarà gestito e supportato solamente da dipendenti AWS che si trovano nell’UE e che vi risiedono. Questo design offrirà ai clienti una scelta aggiuntiva per soddisfare le diverse esigenze di residenza dei dati, autonomia operativa e resilienza. Come in tutte le regioni AWS attuali, i clienti che utilizzano l’AWS European Sovereign Cloud trarranno vantaggio da tutta la potenza di AWS, dalla stessa architettura, dall’ampio portafoglio di servizi e dalle stesse API utilizzate oggi da milioni di clienti. L’AWS European Sovereign Cloud lancerà la sua prima regione in Germania.
Il cloud sovrano europeo AWS sarà sovrano by design e si baserà su oltre un decennio di esperienza nella gestione di più cloud indipendenti per carichi di lavoro critici e soggetti a restrizioni. Come le regioni esistenti, il cloud sovrano europeo AWS sarà progettato per garantire disponibilità e resilienza elevate e sarà alimentato da AWS Nitro System per contribuire a garantire la riservatezza e l’integrità dei dati dei clienti. Clienti che avranno il controllo e la garanzia che AWS non potrà accedere od utilizzare i dati dei clienti per alcuno scopo senza il loro consenso. AWS offre ai clienti i controlli di sovranità più rigorosi tra quelli offerti dai principali cloud provider. Per i clienti con esigenze avanzate di residenza dei dati, il cloud sovrano europeo AWS è progettato per andare oltre, e consentirà ai clienti di conservare tutti i metadati che creano (come le etichette dei dati, le categorie, i ruoli degli account e le configurazioni che utilizzano per eseguire AWS) nell’UE. L’AWS European Sovereign Cloud sarà inoltre realizzato con sistemi separati di fatturazione e misurazione dell’utilizzo a livello regionale.
Garantire autonomia operativa L’AWS European Sovereign Cloud fornirà ai clienti la capacità di soddisfare rigorosi requisiti di autonomia operativa e residenza dei dati. Per offrire un maggiore controllo sulla residenza dei dati e sulla resilienza operativa all’interno dell’UE, l’infrastruttura AWS European Sovereign Cloud sarà gestita indipendentemente dalle regioni AWS esistenti. Per garantire il funzionamento indipendente dell’AWS European Sovereign Cloud, solo il personale residente nell’UE, situato nell’UE, avrà il controllo delle operazioni quotidiane, compreso l’accesso ai data center, il supporto tecnico e il servizio clienti.
Stiamo attingendo alle nostre profonde collaborazioni con le autorità di regolamentazione europee e le agenzie nazionali per la sicurezza informatica per applicarle nella realizzazione del cloud sovrano europeo AWS, di modo che i clienti che utilizzano AWS European Sovereign Cloud possano soddisfare i loro requisiti di residenza dei dati, di controllo, di autonomia operativa e resilienza. Ne è un esempio la stretta collaborazione con l’Ufficio federale tedesco per la sicurezza delle informazioni (BSI).
“Lo sviluppo di un cloud AWS europeo renderà molto più semplice l’utilizzo dei servizi AWS per molte organizzazioni del settore pubblico e per aziende con elevati requisiti di sicurezza e protezione dei dati. Siamo consapevoli della forza innovativa dei moderni servizi cloud e vogliamo contribuire a renderli disponibili in modo sicuro per la Germania e l’Europa. Il C5 (Cloud Computing Compliance Criteria Catalogue), sviluppato da BSI, ha plasmato in modo significativo gli standard cloud di sicurezza informatica e AWS è stato infatti il primo fornitore di servizi cloud a ricevere l’attestato C5 di BSI. In questo senso, siamo molto lieti di accompagnare in modo costruttivo lo sviluppo locale di un Cloud AWS, che contribuirà anche alla sovranità europea, in termini di sicurezza”. — Claudia Plattner, Presidente dell’Ufficio federale tedesco per la sicurezza informatica (BSI)
Controllo senza compromessi Sebbene separato, l’AWS European Sovereign Cloud offrirà la stessa architettura leader del settore creata per la sicurezza e la disponibilità delle altre regioni AWS. Ciò includerà multiple zone di disponibilità (AZ) e un’infrastruttura collocata in aree geografiche separate e distinte, con una distanza sufficiente a ridurre in modo significativo il rischio che un singolo evento influisca sulla continuità aziendale dei clienti. Ogni AZ disporrà di più livelli di alimentazione e rete ridondanti per fornire il massimo livello di resilienza. Tutte le AZ del cloud sovrano europeo AWS saranno interconnesse con fibra metropolitana dedicata e completamente ridondata, che fornirà reti ad alta velocità e bassa latenza tra le AZ. Tutto il traffico tra le AZ sarà crittografato. I clienti che necessitano di più opzioni per far fronte ai rigorosi requisiti di isolamento e residenza dei dati all’interno del Paese potranno sfruttare le zone locali dedicate o AWS Outposts per distribuire l’infrastruttura AWS European Sovereign Cloud nelle località da loro selezionate.
Continui investimenti di AWS in Europa L’AWS European Sovereign Cloud è parte del continuo impegno ad investire in Europa di AWS. AWS si impegna a innovare per sostenere i valori europei e il futuro digitale dell’Europa. Promuoviamo lo sviluppo economico investendo in infrastrutture, posti di lavoro e competenze nelle comunità e nei paesi di tutta Europa. Stiamo creando migliaia di posti di lavoro di alta qualità e investendo miliardi di euro nelle economie europee. Amazon ha creato più di 100.000 posti di lavoro permanenti in tutta l’UE. Alcuni dei nostri team di sviluppo AWS più grandi si trovano in Europa, con centri di eccellenza a Dublino, Dresda e Berlino. Nell’ambito del nostro continuo impegno a contribuire allo sviluppo delle competenze digitali, assumeremo e svilupperemo ulteriore personale locale per gestire e supportare l’AWS European Sovereign Cloud.
Clienti, partner e autorità di regolamentazione accolgono con favore il cloud sovrano europeo AWS Nell’UE, centinaia di migliaia di organizzazioni di tutte le dimensioni e in tutti i settori utilizzano AWS, dalle start-up alle piccole e medie imprese, alle grandi imprese, alle società di telecomunicazioni, alle organizzazioni del settore pubblico, agli istituti di istruzione e alle agenzie governative. Organizzazioni di tutta Europa sostengono l’introduzione dell’AWS European Sovereign Cloud.
“In qualità di leader di mercato nel software applicativo aziendale con forti radici in Europa, SAP collabora da tempo con AWS per conto dei clienti per accelerare la trasformazione digitale in tutto il mondo. L’AWS European Sovereign Cloud offre ulteriori opportunità per rafforzare le nostre relazioni in Europa consentendoci di ampliare le scelte che offriamo ai clienti mentre passano al cloud. Apprezziamo la partnership continua con AWS e le nuove possibilità che questo investimento può offrire ai nostri comuni clienti in tutta la regione.” — Peter Pluim, Presidente, SAP Enterprise Cloud Services e SAP Sovereign Cloud Services
“Il nuovo AWS European Sovereign Cloud può rappresentare un punto di svolta per i segmenti di business altamente regolamentati nell’Unione Europea. In qualità di fornitore leader di telecomunicazioni in Germania, la nostra trasformazione digitale si concentra su innovazione, scalabilità, agilità e resilienza per fornire ai nostri clienti i migliori servizi e la migliore qualità. Ciò sarà ora abbinato ai più alti livelli di protezione dei dati e conformità normativa offerti da AWS e con un’attenzione particolare ai requisiti di sovranità digitale. Sono convinto che questa nuova offerta di infrastrutture abbia il potenziale per stimolare l’adozione del cloud da parte delle aziende europee e accelerare la trasformazione digitale delle industrie regolamentate in tutta l’UE”. — Mallik Rao, Chief Technology & Information Officer (CTIO) presso O2 Telefónica in Germania
“Deutsche Telekom accoglie l’annuncio dell’AWS European Sovereign Cloud, che evidenzia l’impegno di AWS a un’innovazione continua nel mercato europeo. Questa soluzione AWS offrirà opportunità important per le aziende e le organizzazioni nell’ambito della migrazione regolamentata sul cloud e opzioni addizionali per soddisfare i requisiti di sovranità digitale europei in continua evoluzione”. — Greg Hyttenrauch, Senior Vice President, Global Cloud Services presso T-Systems
“Oggi siamo al culmine di un’era di trasformazione. L’introduzione dell’AWS European Sovereign Cloud non rappresenta semplicemente un miglioramento infrastrutturale, è un cambio di paradigma. Questo sofisticato framework consentirà a Dedalus di offrire servizi senza precedenti per l’archiviazione dei dati dei pazienti in modo sicuro ed efficiente nel cloud AWS. Rimaniamo impegnati, senza compromessi, a servire la nostra clientela europea con soluzioni best-in-class sostenute da fiducia ed eccellenza tecnologica”. — Andrea Fiumicelli, Presidente di Dedalus
“Noi di de Volksbank crediamo nell’investire per migliorare i Paesi Bassi. Ma perché questo avvenga in modo efficace, dobbiamo avere accesso alle tecnologie più recenti per poter innovare e migliorare continuamente i servizi per i nostri clienti. Per questo motivo, accogliamo con favore l’annuncio dello European Sovereign Cloud che consentirà ai clienti europei di rispettare facilmente la conformità alle normative in evoluzione, beneficiando comunque della scalabilità, della sicurezza e della suite completa dei servizi AWS”. — Sebastiaan Kalshoven, Direttore IT/CTO della Volksbank
“Eviden accoglie con favore il lancio dell’AWS European Sovereign Cloud, che aiuterà le industrie regolamentate e il settore pubblico a soddisfare i requisiti dei loro carichi di lavoro sensibili con un cloud AWS completo e interamente gestito in Europa. In qualità di partner AWS Premier Tier Services e leader nei servizi di sicurezza informatica in Europa, Eviden ha una vasta esperienza nell’aiutare i clienti AWS a formalizzare e mitigare i rischi di sovranità. L’AWS European Sovereign Cloud consentirà a Eviden di soddisfare una gamma più ampia di esigenze di sovranità dei clienti”. — Yannick Tricaud, Responsabile Europa meridionale e centrale, Medio Oriente e Africa, Eviden, Gruppo Atos
“Accogliamo con favore l’impegno di AWS di espandere la propria infrastruttura con un cloud europeo indipendente. Ciò offrirà alle imprese e alle organizzazioni del settore pubblico una scelta più ampia nel soddisfare i requisiti di sovranità digitale. I servizi cloud sono essenziali per la digitalizzazione della pubblica amministrazione. Con l’” Strategia cloud per l’Amministrazione tedesca” e lo standard contrattuale “EVB-IT Cloud”, sono state gettate le basi per l’utilizzo del cloud nella pubblica amministrazione. Sono molto lieto di collaborare con AWS per implementare in modo pratico e collaborativo la sovranità in linea con la nostra strategia cloud.” — Dr. Markus Richter, CIO del governo federale tedesco, Ministero federale degli interni
I nostri impegni nei confronti dei nostri clienti Manteniamo il nostro impegno a fornire ai nostri clienti il controllo e la possibilità di scelta per contribuire a soddisfare le loro esigenze in continua evoluzione in materia di sovranità digitale. Continueremo a innovare le funzionalità, i controlli e le garanzie di sovranità del dato all’interno del cloud AWS globale e a fornirli senza compromessi sfruttando tutta la potenza di AWS.
Compromiso de Soberanía Digital de AWS: anuncio de una nueva nube soberana independiente en la Unión Europea
Desde el primer día, en Amazon Web Services (AWS) siempre hemos creído que es esencial que los clientes tengan el control sobre sus datos y capacidad para proteger y gestionar los mismos en la nube. El año pasado, anunciamos el Compromiso de Soberanía Digital de AWS, nuestra garantía de que ofrecemos a todos los clientes de AWS los controles y funcionalidades de soberanía más avanzados que estén disponibles en la nube. Nos comprometimos a trabajar para comprender las necesidades y los requisitos cambiantes tanto de los clientes como de los reguladores, y a adaptarnos e innovar rápidamente para satisfacerlos. Asimismo, nos comprometimos a ampliar nuestras capacidades para permitir a los clientes satisfacer sus necesidades de soberanía digital sin reducir el rendimiento, la innovación, la seguridad o la escalabilidad de la nube de AWS.
AWS ofrece la infraestructura de nube más amplia y completa del mundo. Nuestro enfoque desde el principio ha sido hacer que AWS sea una nube soberana por diseño. Creamos funcionalidades y controles de protección de datos en la nube de AWS teniendo en cuenta las aportaciones de clientes de sectores como los servicios financieros, sanidad y entidades gubernamentales, que se encuentran entre los más preocupados por la seguridad y la privacidad de los datos en el mundo. Esto ha dado lugar a innovaciones como el sistema Nitro de AWS, que impulsa todas nuestras instancias de Amazon Elastic Compute Cloud (Amazon EC2) y proporciona un límite de seguridad físico y lógico sólido para imponer restricciones de acceso, de modo que nadie, incluidos los empleados de AWS, pueda acceder a los datos de los clientes que se ejecutan en Amazon EC2. El diseño de seguridad del sistema Nitro también ha sido validado de forma independiente por el Grupo NCC en un informe público.
Con AWS, los clientes siempre han tenido el control sobre la ubicación de sus datos. En Europa, los clientes que deben cumplir con los requisitos de residencia de datos europeos tienen la opción de implementar sus datos en cualquiera de las ocho Regiones de AWS existentes (Irlanda, Frankfurt, Londres, París, Estocolmo, Milán, Zúrich y España) para mantener sus datos de forma segura en Europa. Para ejecutar sus cargas de trabajo sensibles, los clientes europeos pueden aprovechar la cartera de servicios más amplia y completa, que incluye inteligencia artificial, análisis, computación, bases de datos, Internet de las cosas (IoT), aprendizaje automático, servicios móviles y almacenamiento. Para apoyar aún más a los clientes, hemos innovado ofreciendo más control y opciones sobre sus datos. Por ejemplo, anunciamos una mayor transparencia y garantías, y nuevas opciones de infraestructura de uso exclusivo con Zonas Locales Dedicadas de AWS.
Anunciamos AWS European Sovereign Cloud Cuando hablamos con clientes del sector público y de sectores regulados en Europa, nos comparten cómo se enfrentan a una gran complejidad y a una dinámica cambiante en el panorama de la soberanía, que está en constante evolución. Los clientes nos dicen que quieren adoptar la nube, pero se enfrentan a un creciente escrutinio regulatorio en relación con la ubicación de los datos, la autonomía operativa europea y la resiliencia. Sabemos que a estos clientes les preocupa tener que elegir entre toda la potencia de AWS o soluciones de nube soberana con funciones limitadas. Hemos mantenido conversaciones muy provechosas con los reguladores europeos, las autoridades nacionales de ciberseguridad y los clientes para entender cómo las necesidades de soberanía de los clientes pueden variar en función de diferentes factores, como la ubicación, la sensibilidad de las cargas de trabajo y el sector. Estos factores pueden impactar en los requisitos aplicables a sus cargas de trabajo, como dónde pueden residir sus datos, quién puede acceder a ellos y los controles necesarios. AWS tiene un historial comprobado de innovación para abordar cargas de trabajo sensibles o especiales en todo el mundo.
Hoy nos complace anunciar nuestros planes de lanzar la Nube Soberana Europea de AWS, una nueva nube independiente para la Unión Europea, diseñada para ayudar a las organizaciones del sector público y a los clientes de sectores altamente regulados a satisfacer sus necesidades de soberanía en constante evolución. Estamos diseñando la Nube Soberana Europea de AWS para que sea independiente y separada de nuestras Regiones actuales, con una infraestructura ubicada íntegramente dentro de la Unión Europea y con la misma seguridad, disponibilidad y rendimiento que nuestros clientes obtienen en las Regiones actuales. Para ofrecer una mayor resiliencia operativa dentro de la UE, solo los residentes de la UE que se encuentren en la UE, tendrán el control de las operaciones y el soporte de la Nube Soberana Europea de AWS. Como ocurre con todas las Regiones actuales, los clientes que utilicen la Nube Soberana Europea de AWS se beneficiarán de toda la potencia de AWS con la misma arquitectura conocida, una amplia cartera de servicios y las APIs que utilizan millones de clientes en la actualidad. La Nube Soberana Europea de AWS lanzará su primera Región de AWS en Alemania disponible para todos los clientes en Europa.
La Nube Soberana Europea de AWS será soberana por diseño y se basará en más de una década de experiencia en la gestión de múltiples nubes independientes para las cargas de trabajo más críticas y restringidas. Al igual que las Regiones existentes, la Nube Soberana Europea de AWS se diseñará para ofrecer una alta disponibilidad y resiliencia, y contará con la tecnología del sistema Nitro de AWS, a fin de garantizar la confidencialidad e integridad de los datos de los clientes. Los clientes tendrán el control y la seguridad de que AWS no accederá a los datos de los clientes ni los utilizará para ningún propósito sin su consentimiento. AWS ofrece a los clientes los controles de soberanía más estrictos entre los principales proveedores de servicios en la nube. Para los clientes con necesidades de residencia de datos mejoradas, la Nube Soberana Europea de AWS está diseñada para ir más allá y permitirá a los clientes conservar todos los metadatos que crean (como funciones, permisos, etiquetas de recursos y configuraciones), las funciones de las cuentas y las configuraciones que utilizan para ejecutar AWS) dentro de la UE. La Nube Soberana Europea de AWS también se construirá con sistemas independientes de facturación y medición del uso dentro de la Región.
Ofreciendo autonomía operativa La Nube Soberana Europea de AWS proporcionará a los clientes la capacidad de cumplir con los estrictos requisitos de autonomía operativa y residencia de datos que sean de aplicación a cada cliente. Para proporcionar una mejor residencia de los datos y resiliencia operativa en la UE, la infraestructura de la Nube Soberana Europea de AWS se gestionará de forma independiente del resto de las Regiones de AWS existentes. Para garantizar el funcionamiento independiente de la Nube Soberana Europea de AWS, solo el personal residente en la UE y ubicado en la UE tendrá el control de las operaciones diarias, incluido el acceso a los centros de datos, el soporte técnico y el servicio de atención al cliente.
Estamos aprendiendo de nuestras intensas conversaciones con los reguladores europeos y las autoridades nacionales de ciberseguridad, aplicando estos aprendizajes a medida que construimos la Nube Soberana Europea de AWS, de modo que los clientes que la utilicen puedan cumplir sus requisitos de residencia, autonomía operativa y resiliencia de los datos. Por ejemplo, esperamos continuar colaborando con la Oficina Federal de Seguridad de la Información (BSI) de Alemania.
«El desarrollo de una nube europea de AWS facilitará mucho el uso de los servicios de AWS a muchas organizaciones y empresas del sector público con altos requisitos de seguridad y protección de datos. Somos conscientes del poder innovador de los servicios en la nube modernos y queremos contribuir a que estén disponibles de forma segura en Alemania y Europa. El C5 (Cloud Computing Compliance Criteria Catalogue), desarrollado por la BSI, ha influido considerablemente en los estándares de ciberseguridad en la nube y, de hecho, AWS fue el primer proveedor de servicios en la nube en recibir el certificado C5 de la BSI. En este sentido, nos complace acompañar de manera constructiva el desarrollo local de una nube de AWS, que también contribuirá a la soberanía europea en términos de seguridad». — Claudia Plattner, presidenta de la Oficina Federal Alemana de Seguridad de la Información (BSI)
Control sin concesiones A pesar de ser independiente, la Nube Soberana Europea de AWS ofrecerá la misma arquitectura líder en el sector que otras Regiones de AWS, creada para garantizar la seguridad y la disponibilidad. Esto incluirá varias Zonas de Disponibilidad, una infraestructura distribuida en ubicaciones geográficas separadas y distintas, con una distancia suficiente para reducir el riesgo de que un incidente afecte a la continuidad del negocio de los clientes. Cada Zona de Disponibilidad tendrá varias fuentes de alimentación eléctrica y redes redundantes para ofrecer el máximo nivel de resiliencia. Todas las Zonas de Disponibilidad de la Nube Soberana Europea de AWS estarán interconectadas mediante fibra de uso exclusivo y totalmente redundante, lo que proporcionará una red de alto rendimiento y baja latencia entre las Zonas de Disponibilidad. Todo el tráfico entre las Zonas de Disponibilidad se encriptará. Los clientes que necesiten más opciones para abordar estrictas necesidades de aislamiento y residencia de datos en el país podrán utilizar las Zonas Locales Dedicadas o AWS Outposts para implementar la infraestructura de Nube Soberana Europea de AWS en las ubicaciones que elijan.
Inversión continua de AWS en Europa La Nube Soberana Europea de AWS representa una inversión continua de AWS en la UE. AWS se compromete a innovar para respaldar los valores y el futuro digital de la Unión Europea. Impulsamos el desarrollo económico mediante la inversión en infraestructura, empleos y habilidades en comunidades y países de toda Europa. Estamos creando miles de puestos de trabajo de alta calidad e invirtiendo miles de millones de euros en las economías europeas. Amazon ha creado más de 100 000 puestos de trabajo permanentes en toda la UE. Algunos de nuestros equipos de desarrollo de AWS más importantes se encuentran en Europa, con centros clave en Dublín, Dresde y Berlín. Como parte de nuestro compromiso continuo de contribuir al desarrollo de las habilidades digitales, contrataremos y capacitaremos a más personal local para gestionar y apoyar la Nube Soberana Europea de AWS.
Los clientes, socios y reguladores dan la bienvenida a la Nube Soberana Europea de AWS En la UE, cientos de miles de organizaciones de todos los tamaños y sectores utilizan AWS, desde startups hasta PYMEs, grandes compañías incluyendo empresas de telecomunicaciones, organizaciones del sector público, instituciones educativas, ONGs y agencias gubernamentales. Organizaciones de toda Europa apoyan la introducción de la Nube Soberana Europea de AWS.
“Como líder del mercado en software de aplicaciones empresariales con sólidas raíces en Europa, SAP lleva colaborando durante mucho tiempo con AWS en nombre de los clientes para acelerar la transformación digital en todo el mundo. La Nube Soberana Europea de AWS ofrece nuevas oportunidades para fortalecer nuestra relación en Europa, ya que nos permite ampliar las opciones que ofrecemos a los clientes a medida que se trasladan a la nube. Valoramos la asociación existente con AWS y las nuevas posibilidades que esta inversión puede ofrecer a los clientes de ambos en toda la región”. – Peter Pluim, Presidente de SAP Enterprise Cloud Services y SAP Sovereign Cloud Services.
“La nueva Nube Soberana Europea de AWS puede cambiar las reglas del juego para los segmentos empresariales altamente regulados de la Unión Europea. Como proveedor de telecomunicaciones líder en Alemania, nuestra transformación digital se centra en la innovación, la escalabilidad, la agilidad y la resiliencia para ofrecer a nuestros clientes los mejores servicios y la mejor calidad. Esto se combinará ahora con los niveles más altos de protección de datos y cumplimiento normativo que ofrece AWS, y con un enfoque particular en los requisitos de soberanía digital. Estoy convencido de que esta nueva oferta de infraestructura tiene el potencial de impulsar la adaptación a la nube de las empresas europeas y acelerar la transformación digital de las industrias reguladas en toda la UE”. — Mallik Rao, Directora de Tecnología e Información de O2 Telefónica en Alemania
“Hoy nos encontramos en la cúspide de una era de transformación. La introducción de la Nube Soberana Europea de AWS no solo representa una mejora de la infraestructura, sino que supone un cambio de paradigma. Este sofisticado marco permitirá a Dedalus ofrecer servicios incomparables para almacenar los datos de los pacientes de forma segura y eficiente en la nube de AWS. Mantenemos nuestro compromiso, sin concesiones, de servir a nuestra clientela europea con las mejores soluciones de su clase respaldadas por la confianza y la excelencia tecnológica”. — Andrea Fiumicelli, Presidente de Dedalus
“En de Volksbank, creemos en invertir en unos Países Bajos mejores. Para hacerlo de manera eficaz, necesitamos tener acceso a las últimas tecnologías para poder innovar y mejorar continuamente los servicios para nuestros clientes. Por este motivo, acogemos con satisfacción el anuncio de la Nube Soberana Europea, que permitirá a los clientes europeos demostrar fácilmente el cumplimiento de las cambiantes normativas y, al mismo tiempo, beneficiarse de la escala, la seguridad y la gama completa de servicios de AWS”. — Sebastian Kalshoven, director de TI y CTO de Volksbank
“Eviden acoge con satisfacción el lanzamiento de la Nube Soberana Europea de AWS. Esto ayudará a las industrias reguladas y al sector público a abordar los requisitos de sus cargas de trabajo confidenciales con una nube de AWS con todas las funciones y que funcione exclusivamente en Europa. Como socio de servicios de primer nivel de AWS y líder en servicios de ciberseguridad en Europa, Eviden tiene una amplia trayectoria ayudando a los clientes de AWS a formalizar y mitigar sus riesgos de soberanía. La Nube Soberana Europea de AWS permitirá a Eviden abordar una gama más amplia de necesidades de soberanía de los clientes”. — Yannick Tricaud, director de Europa Central y Meridional, Oriente Medio y África, de Eviden, del Grupo Atos
Nuestros compromisos con nuestros clientes Mantenemos nuestro compromiso de ofrecer a nuestros clientes el control y las opciones que les ayuden a satisfacer sus necesidades de soberanía digital en constante evolución. Seguiremos innovando en las funcionalidades, los controles y las garantías de soberanía globalmente, y ofreceremos esto sin renunciar a la toda la potencia de AWS.
Puede descubrir más sobre la Nube Soberana Europea de AWS y obtener más información sobre nuestros clientes en nuestra Nota de Prensa y en la web European Digital Sovereignty. También puede obtener más información en AWS News Blog.
Amazon Redshift is a fully managed, petabyte-scale data warehouse service in the cloud, providing up to five times better price-performance than any other cloud data warehouse, with performance innovation out of the box at no additional cost to you. Tens of thousands of customers use Amazon Redshift to process exabytes of data every day to power their analytics workloads.
In this post, we discuss Amazon Redshift SYS monitoring views and how they simplify the monitoring of your Amazon Redshift workloads and resource usage.
Overview of SYS monitoring views
SYS monitoring views are system views in Amazon Redshift that can be used to monitor query and workload resource usage for provisioned clusters as well as for serverless workgroups. They offer the following benefits:
They’re categorized based on functional alignment, considering query state, performance metrics, and query types
We have introduced new performance metrics like planning_time, lock_wait_time, remote_read_io, and local_read_io to aid in performance troubleshooting
It improves the usability of monitoring views by logging the user-submitted query instead of the Redshift optimizer-rewritten query
It provides more troubleshooting metrics using fewer views
It enables unified Amazon Redshift monitoring by enabling you to use the same query across provisioned clusters or serverless workgroups
Let’s look at some of the features of SYS monitoring views and how they can be used for monitoring.
Unify various query-level monitoring metrics
The following table shows how you can unify various metrics and information for a query from multiple system tables & views into one SYS monitoring view.
STL/SVL/STV
Information element
SYS Monitoring View
View columns
STL_QUERY
elapsed time, query label, user ID, transaction, session, label, stopped queries, database name
To enhance query performance, the Redshift query engine can rewrite user-submitted queries. The user-submitted query identifier is different than the rewritten query identifier. We refer to the user-submitted query as the parent query and the rewritten query as the child query in this post.
The following diagram illustrates logging at the parent query level and child query level. The parent query identifier is 1000, and the child query identifiers are 1001, 1002, and 1003.
Query lifecycle timings
SYS_QUERY_HISTORY has an enhanced list of columns to provide granular time metrics relating to the different query lifecycle phases. Note all times are recorded in microseconds. The following table summarizes these metrics.
Time metrics
Description
planning_time
The time the query spent prior to running the query, which typically includes query lifecycle phases like parse, analyze, planning and rewriting.
lock_wait_time
The time the query spent on acquiring the locks on the required database objects referenced.
queue_time
The time the query spent in the queue waiting for resources to be available to run.
compile_time
The time the query spent compiling.
execution_time
The time the query spent running. In the case of a SELECT query, this also includes the return time.
elapsed_time
The end-to-end time of the query run.
Solution overview
We discuss the following scenarios to help gain familiarity with the SYS monitoring views:
Workload and query lifecycle monitoring
Data ingestion monitoring
External query monitoring
Slow query performance troubleshooting
Prerequisites
You should have the following prerequisites to follow along with the examples in this post:
Additionally, download all the SQL queries that are referenced in this post as Redshift Query Editor v2 SQL notebooks.
Workload and query lifecycle monitoring
In this section, we discuss how to monitor the workload and query lifecycle.
Identify in-flight queries
SYS_QUERY_HISTORY provides a singular view to look at all the in-flight queries as well as historical runs. See the following example query:
SELECT
*
FROM
sys_query_history
WHERE status IN ('planning', 'queued', 'running', 'returning')
ORDER BY
start_time;
We get the following output.
Identify top long-running queries
The following query helps retrieve the top 100 queries that are taking the longest to run. Analyzing (and, if feasible, optimizing) these queries can help improve overall performance. These metrics are accumulated statistics across all runs of the query. Note that all the time values are in microseconds.
--top long running query by elapsed_time
SELECT
user_id
, transaction_id
, query_id
, database_name
, query_type
, query_text::VARCHAR(100)
, lock_wait_time
, planning_time
, compile_time
, execution_time
, elapsed_time
FROM
sys_query_history
ORDER BY
elapsed_time DESC
LIMIT 100;
We get the following output.
Gather daily counts of queries by query types, period, and status
The following query provides insight into the distribution of different types of queries across different days and helps evaluate and track any changes in the workload:
--daily breakdown of workload by query types and status
SELECT
DATE_TRUNC('day', start_time) period_daily
, query_type
, status
, COUNT(*)
FROM
sys_query_history
GROUP BY
period_daily
, query_type
, status
ORDER BY
period_daily
, query_type
, status;
We get the following output.
Gather run details of an in-flight query
To determine the run-level details of a query that is in-flight, you can use the is_active = ‘t’ filter when querying the SYS_QUERY_DETAIL table. See the following example:
SELECT
query_id
, child_query_sequence
, stream_id
, segment_id
, step_id
, step_name
, table_id
, coalesce(table_name,'')|| coalesce(source,'') as table_name
, start_time
, end_time
, duration
, blocks_read
, local_read_io
, remote_read_io
FROM
sys_query_detail
WHERE is_active = 't'
ORDER BY
query_id
, child_query_sequence
, stream_id
, segment_id
, step_id;
To view the latest 100 COPY queries run, use the following code:
SELECT
session_id
, transaction_id
, query_id
, database_name
, table_name
, data_source
, loaded_rows
, loaded_bytes
, duration / 1000.00 duration_ms
FROM
sys_load_history
ORDER BY
start_time DESC LIMIT 100;
We get the following output.
Gather transaction-level details for commits and undo
SYS_TRANSACTION_HISTORY provides transaction-level logging by providing insights into committed transactions with details like blocks committed, status, and isolation level (serializable or snapshot used). It also logs details about the rolled back or undo transactions.
The following screenshots illustrate fetching details about a transaction that was committed successfully.
The following screenshots illustrate fetching details about a transaction that was rolled back.
Stats and vacuum
The SYS_ANALYZE_HISTORY monitoring view provides details like the last timestamp of analyze queries, the duration for which a particular analyze query ran, the number of rows in the table, and the number of rows modified. The following example query provides a list of the latest analyze queries that ran for all the permanent tables:
SELECT
TRIM(schema_name) schema_name
, TRIM(table_name) table_name
, table_id
, status
, COUNT(*) times_analyze_was_triggered
, MAX(last_analyze_time) last_analyze_time
, MAX(end_time) end_time
, AVG(ROWS) "rows"
, AVG(modified_rows) modified_rows
FROM
sys_analyze_history
WHERE
status != 'Skipped'
GROUP BY
schema_name
, table_name
, table_id
, status
ORDER BY
schema_name
, table_name
, table_id
, status
, end_time;
We get the following output.
The SYS_VACUUM_HISTORY monitoring view provides a complete set of details on VACUUM in a single view. For example, see the following code:
SELECT
user_id
, transaction_id
, query_id
, TRIM(database_name) as database_name
, TRIM(schema_name) as schema_name
, TRIM(table_name) table_name
, table_id
, vacuum_type
, is_automatic as is_auto
, duration
, rows_before_vacuum
, size_before_vacuum
, reclaimable_rows
, reclaimed_rows
, reclaimed_blocks
, sortedrows_before_vacuum
, sortedrows_after_vacuum
FROM
sys_vacuum_history
WHERE status LIKE '%Finished%'
ORDER BY
start_time;
We get the following output.
Data ingestion monitoring
In this section, we discuss how to monitor data ingestion.
Summary of ingestion
SYS_LOAD_HISTORY provides details into the statistics of COPY commands. Use this view for summarized insights into your ingestion workload. The following example query provides an hourly summary of ingestion broken down by tables in which data was ingested:
SELECT
date_trunc('hour', start_time) period_hourly
, database_name
, table_name
, status
, file_format
, SUM(loaded_rows) total_rows_ingested
, SUM(loaded_bytes) total_bytes_ingested
, SUM(source_file_count) num_of_files_to_process
, SUM(file_count_scanned) num_of_files_processed
, SUM(error_count) total_errors
FROM
sys_load_history
GROUP BY
period_hourly
, database_name
, table_name
, status
, file_format
ORDER BY
table_name
, period_hourly
, status;
We get the following output.
File-level ingress logging
SYS_LOAD_DETAIL provides more granular insights into how ingestion is performed at the file level. For example, see the following query using sys_load_history:
SELECT
*
FROM
sys_load_history
WHERE table_name = 'catalog_sales'
ORDER BY
start_time;
We get the following output.
The following example shows what detailed file-level monitoring looks like:
SELECT
user_id
, query_id
, TRIM(file_name) file_name
, bytes_scanned
, lines_scanned
, splits_scanned
, record_time
, start_time
, end_time
FROM
sys_load_detail
WHERE query_id = 1824870
ORDER BY
start_time;
Check for errors during ingress process
SYS_LOAD_ERROR_DETAIL enables you to track and troubleshoot errors that may have occurred during the ingestion process. This view logs details for the file that encountered the error during the ingestion process along with the line number at which the error occurred and column details within that line. See the following code:
select * from sys_load_error_detail order by start_time limit 100;
We get the following output.
External query monitoring
SYS_EXTERNAL_QUERY_DETAIL provides run details for external queries, which includes Amazon Redshift Spectrum and federated queries. This view logs details at the segment level and provides useful insights to troubleshoot and monitor performance of external queries in a single monitoring view. The following are a few useful metrics and data points this monitoring view provides:
Number of external files scanned (scanned_files) and format of external files (file_format) such as Parquet, text file, and so on
Data scanned in terms of rows (returned_rows) and bytes (returned_bytes)
Usage of partitioning (total_partitions and qualified_partitions) by external queries and tables
Granular insights into time taken in listing (s3list_time) and qualifying partitions (get_partition_time) for a given external object
External file location (file_location) and external table name (table_name)
Type of external source (source_type), such as Amazon Simple Storage Service (Amazon S3) for Redshift Spectrum, or federated
Recursive scan for subdirectories (is_recursive) or access of nested column data type (is_nested)
For example, the following query shows the daily summary of the number of external queries run and data scanned:
SELECT
DATE_TRUNC('hour', start_time) period_hourly
, user_id
, TRIM(source_type) source_type
, COUNT (DISTINCT query_id) query_counts
, SUM(returned_rows) returned_rows
, ROUND(SUM(returned_bytes) / 1024^3,2) returned_gb
FROM
sys_external_query_detail
GROUP BY
period_hourly
, user_id
, source_type
ORDER BY
period_hourly
, user_id
, source_type;
We get the following output.
Usage of partitions
You can verify whether the external queries scanning large sums of data and files are partitioned or not. When you use partitions, you can restrict the amount of data that your external query has to scan by pruning based on the partition key. See the following code:
SELECT
file_location
, CASE
WHEN NVL(total_partitions,0) = 0
THEN 'No'
ELSE 'Yes'
END is_partitioned
, SUM(scanned_files) total_scanned_files
, COUNT(DISTINCT query_id) query_count
FROM
sys_external_query_detail
GROUP BY
file_location
, is_partitioned
ORDER BY
total_scanned_files DESC;
We get the following output.
For any errors encountered with external queries, look into SYS_EXTERNAL_QUERY_ERROR, which logs details at the granularity of file_location, column, and rowid within that file.
Slow query performance troubleshooting
Refer to the sysview_slow_query_performance_troubleshooting SQL notebook downloaded as part of the prerequisites for a step-by-step guide on how to perform query-level troubleshooting using SYS monitoring views and find answers to the following questions:
Do the queries being compared have similar query text?
Did the query use the result cache?
Which parts of the query lifecycle (queuing, compilation, planning, lock wait) are contributing the most to query runtimes?
Has the query plan changed?
Is the query reading more data blocks?
Is the query spilling to disk? If so, is it spilling to local or remote storage?
Is the query highly skewed with respect to data (distribution) and time (runtime)?
Do you see more rows processed in join steps or nested loops?
Are there any alerts indicating staleness in statistics?
When was the last vacuum and analyze performed for the tables involved in the query?
Clean up
If you created any Redshift provisioned clusters or Redshift Serverless workgroups as part of this post and no longer need them for your workloads, you can delete them to avoid incurring additional costs.
Conclusion
In this post, we explained how you can use the Redshift SYS monitoring views to monitor workloads of provisioned clusters and serverless workgroups. The SYS monitoring views provide simplified monitoring of the workloads, access to various query-level monitoring metrics from a unified view, and the ability to use the same SYS monitoring view query to run across both provisioned clusters and serverless workgroups. We also covered some key monitoring and troubleshooting scenarios using SYS monitoring views.
We encourage you to start using the new SYS monitoring views for your Redshift workloads. If you have any feedback or questions, please leave them in the comments.
About the authors
Urvish Shah is a Senior Database Engineer at Amazon Redshift. He has more than a decade of experience working on databases, data warehousing and in analytics space. Outside of work, he enjoys cooking, travelling and spending time with his daughter.
Ranjan Burman is a Analytics Specialist Solutions Architect at AWS. He specializes in Amazon Redshift and helps customers build scalable analytical solutions. He has more than 15 years of experience in different database and data warehousing technologies. He is passionate about automating and solving customer problems with the use of cloud solutions.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
