AWS Graviton Blog Image_2

Protecting Arm-based Container Workloads on AWS Graviton2

Moving at the pace of innovation in cloud native infrastructure, Aqua is announcing support for Amazon services run on the new Amazon Graviton2 processors, built using Arm based technology. Now Aqua customers can take advantage of the high density and cost-effectiveness provided by Arm-powered hosts and devices across cloud infrastructure, edge and IoT platforms, while ensuring unified, consistent security across all architectures.

What is AWS Graviton2?

In the end of 2019, Amazon Web Services announced the introduction of Amazon Graviton2 processors to power a portion of its cloud infrastructure. For Amazon’s largest customers, this means lower costs and better performance. “If you run in the same benchmark on the Graviton2 and the latest Intel processor, Graviton2 is about 20% faster. It is also about 20% cheaper. As a result, you get about a 40% price-performance improvement,” David Brown, Vice President of AMAZON EC2 said. These benefits will be possible as Graviton2 is used to power multiple services, such as Amazon RDS and Amazon EKS for containers.

We believe that Graviton 2 is a sign of more to come in the evolution of cloud infrastructure, as customers demand more for cloud native workloads. Indeed, to serve the unmet opportunity in the market, in March of 2020 Ampere, a start-up run by a former Intel executive, has come out with a new, Ampere Altra 64-bit Arm processor. And for Amazon, uptake has been gradual, but steady. Brown said, “Customers often start using Graviton for their application tier before moving more of their stack. It doesn’t have to be massively compute-intensive; it’s just the most general-purpose workloads that are CPU bound and would use more CPU if it was available. And a lot of the cloud native [workloads], whether it’s native running on EC2 or running on one of our container stacks, will see that significant performance benefit.

It is not just cloud native application workloads that can take advantage of these benefits. Ampere mentions a variety of use-cases, including, “data analytics, artificial intelligence, database, storage, telco stacks, edge computing, web hosting and cloud native applications.

How Aqua supports Arm-based technology 

The cloud native ecosystem must take note in order to ensure compatibility with the new wave of cloud infrastructure. There is a fundamental difference in communication with a reduced instruction set at the assembly language level for processors built using Arm based technology. The reduced instruction set is what frees up CPU, making the lower costs and higher performance possible. It is also what has generally made Arm based technology popular in powering the IoT compute landscape. The cloud native products at the workload level must also be able to work with the reduced instruction set.

Aqua's runtime controls look deep into the processes that containers run, and assess them against policies that prevent drift against the original container image, that allow or deny specific executables, network connections, files and resources, and that create a behavioral profile for the container's allowed activities - all of these are now also available for ARM-based Linux environments.

At Aqua, the compatibility we have built for our Enforcers and MicroEnforcers for Amazon Graviton2 extends to any other processor built using Arm technology. 

Conclusion

With Aqua's support for ARM-based architectures and AWS Graviton2, we open the door for customers to add high-density workload environments for their cloud native applications, as well as edge devices for IoT workloads, enjoying the same level of protection they've been getting for their "traditional" X86 architecture based workloads.
 
ARM Webinar
Picture of Story Tweedie-Yates

Story Tweedie-Yates

Story is a Senior Director of Product Marketing at Aqua Security, where she is passionate about helping to define the future of cloud native security. In her time off, you will find her scooting her twins around London’s parks or exploring underwater treasures with a scuba mask alongside her husband.

AWS Security

Subscribe to Email Updates

Popular Posts

Filter by Topic

Show more...