kentoh - Fotolia

Amazon EKS, ECS Anywhere broaden hybrid container management

Amazon EKS users with hybrid cloud infrastructure may see cost savings from a new AWS Kubernetes distro and forthcoming software-only on-premises container services.

Amazon EKS and ECS will soon run on-premises customers' existing infrastructure, a significant shift in the cloud provider's hybrid container management strategy that may also reduce enterprise costs.

Amazon EKS and ECS Anywhere, due out in the first half of 2021, as well as the Amazon EKS Distro, released to open source this week, will offer software-only versions of the AWS container management services that users can run on their own VMs or bare-metal servers. In the past, hybrid cloud customers have been required to use hardware/software packages from Amazon such as AWS Outposts or Snowball Edge devices to run AWS software on premises.

This was often an expensive proposition. Outposts have a price tag starting at $100,000, that can go as high as $1 million for large deployments. Snowball Edge jobs are designed for temporary deployments in remote, limited-connectivity environments, and include a daily device rental fee after 10 days.

AWS also offers Wavelength for on-premises infrastructure, but specifically for mobile edge computing apps. Local Zones, extensions to AWS Regions that place compute resources closer to customer locations, are not infrastructure-agnostic, as EKS Anywhere (EKS-A) and ECS Anywhere (ECS-A) will be.

The announcement of these software-only options at AWS re:Invent virtual this week had Amazon EKS customers envisioning significant cost savings over previous options.

"Being a not-for-profit organization sometimes restrains our ability to innovate without jeopardizing our forecasted budget," said Chruz Cruz, systems integration lead at the Municipal Property Assessment Corporation (MPAC) in Pickering, Ont. "[EKS Anywhere] allows us the flexibility of leveraging our on-premises capacity, while still maintaining the usability, and functionality of EKS, without impacting our cost forecasting."

In fact, users such as MPAC could theoretically begin using a version of Amazon EKS on premises now at no charge. EKS-D's release this week is meant to give users a chance to preview features that will become available with EKS Anywhere, but there's nothing stopping those that want to take on their own upgrades and management on premises from using it now.

For those who want Amazon to manage the lifecycle of container clusters on premises, Amazon EKS-A will be "a supported, packaged product and installation method for EKS-D," according to an AWS product page. EKS-A will build in default cluster management tools such as a container OS, container registry, logging, monitoring, networking and storage.

Even with a presumed additional cost for AWS support with EKS-A -- though pricing for the product has not yet been published -- keeping some workloads on premises could lead to savings on bandwidth and data transfer to the cloud, Cruz added.

"We can run our applications closer to our users in which would [otherwise] require high throughput," he said.

Meanwhile, ECS-A is based on Amazon's first container service and does not use the Kubernetes container scheduler. Amazon claims ECS-A is more deeply integrated than EKS-A with other AWS services such as AWS Fargate, and it also will be a managed service for on-premises users.

Andy Jassy, AWS CEO
AWS CEO Andy Jassy, shown here in 2019, previewed Amazon EKS and ECS Anywhere at re:Invent 2020 this week.

Amazon EKS-A raises the stakes in hybrid container management

These updates, along with a new public container registry, represent Amazon's stiffest challenge yet for incumbent IT software vendors that stake their container management strategy on hybrid cloud deployments, especially Red Hat and VMware, one analyst said.

"This isn't anything anybody else isn't doing," said Tom Petrocelli, analyst at Amalgam Insights. "But it's definitely better than Outposts, where you're basically just getting their service layer for your data center -- this makes much more sense in terms of how people are architecting container-based hybrid cloud."

[EKS Anywhere] allows us the flexibility of leveraging our on-premises capacity, while still maintaining the usability, and functionality of EKS, without impacting our cost forecasting.
Chruz CruzSystems integration lead, MPAC

Red Hat and Amazon have a partnership based around OpenShift on AWS, but EKS-A also could be seen as a specific jab at Red Hat because it will support multiple Linux operating systems, including Ubuntu and AWS Linux along with Red Hat Enterprise Linux (RHEL), Petrocelli said. OpenShift, on the other hand, is tied to RHEL.

Rancher, now a part of SUSE, also supports multiple Linux distributions. Still, it could potentially be displaced by EKS-A at joint customers such as MPAC, which uses Rancher for multicluster and hybrid cloud container management.

It's too soon to tell whether that will be the case, Cruz said. Rancher, the more mature of the two, has features that go beyond Kubernetes cluster provisioning and management, Cruz said. This includes integration with single sign-on systems, CIS benchmark reporting, a built-in centralized dashboard for logs and metrics, an application catalog and support for custom AMIs.

"We have to do a full proof of concept with the latest EKS features to do a valid comparison," he said.

AWS Proton automates container and serverless CI/CD

In addition to container management updates, AWS used the kickoff of its re:Invent virtual conference to publicize a forthcoming CI/CD tool set specifically for containers and Lambda serverless functions, AWS Proton.

Cloud platform teams can use Proton to create curated stacks of infrastructure services for developers to use to deploy container and serverless apps through CI/CD pipelines. It's available now in public preview.

Proton also presents developers with templates with a subset of adjustable parameters they can use to customize aspects of container and serverless app environments as needed, such as memory allocation. When developers finish modifying the templates, Proton configures the CI/CD pipeline to automate app deployments onto the back-end infrastructure set up by the platform team.

It's not clear yet which CI/CD tools Proton might support aside from AWS' own CodePipeline service, which is the only one mentioned in an AWS blog about the Proton launch. Still, users such as MPAC's Cruz are eager to try out the new service.

"Currently, we are using a combination of GitLab, [AWS Serverless Application Model] templates, and [HashiCorp's] Terraform to create and provision our environments, but this appears to have streamlined the process," Cruz said. "We're looking forward to simplifying our workflow once [Proton] availability in Canada is presented."

Next Steps

Key Amazon EKS monitoring best practices

Future of containers faces tools surplus, skills shortage

How to deploy an EKS cluster using Terraform

Dig Deeper on Containers and virtualization

Software Quality
App Architecture
Cloud Computing
Data Center