Understanding Industrial Protocols in the Perspective of IoT and Cloud

by | Nov 10, 2024 | AWS, AWS Managed Services, IoT, Serverless, White Paper

In-Short

CaveatWisdom

Caveat: To take advantage of latest technologies like Generative AI on Cloud, data is being ingested from different sources into the Cloud, coming to real-time industrial data, it’s important to understand the nature of data and it’s flow from its source on shop floor of the industry to its destination in the cloud.

Wisdom: To understand the nature of data and its flow, we need to understand the protocols involved at different levels of data flow, like Modbus, Profibus, EtherCAT, DNP3, OPC, MQTT, etc.

 

In-Detail

Before we jump into the IoT and Cloud, it’s important to understand the fact that sophisticated industrial automation systems which includes many sensors, instruments, actuators, PLCs, SCADA, etc., existed decades before the advent of Cloud and IoT technologies.

History

Industry 1.0 started with the advent of machine powered by steam engines which replaced the tools powered by human labour. This is during 1760s.

Industry 2.0 started when the machines were powered by electricity which made production more efficient. This is during 1870s.

Industry 3.0 started when machines were controlled by computers (Programmable Logic Controllers – PLCs) and SCADA (Supervisory Control and Data Acquisition) systems. This is during 1970s

Industry 4.0 started with the advent of Cloud and IoT Technologies from year 2011, this enabled analysing huge amounts of industrial data with respect to enterprise data.

Automation in industries is implemented with the help of Sensors, Instruments, PLCs, Actuators, Relays and SCADA systems.

Protocols:

To establish communication between sensors, instruments, PLCs and SCADA systems and also to support their products many major industrial automations companies like Schneider Electric, Siemens, Allen Bradly, GE, Mitsubishi, etc., have developed many industrial protocols like Modbus, Profibus, EtherCAT, DNP3, etc. If we go to any industry like Refineries, Cement Plants, Wind Farms etc., we find automation systems and instruments working on these protocols.

Modbus: Modbus is a data communication protocol that allows devices to communicate with each other over networks and buses. Modbus can be used over serial, TCP/IP, and UDP, and the same protocol can be used regardless of the connection type.

Profibus: is a fieldbus communication standard for industrial automation that allows devices like sensors, controllers, and actuators to share process values. It’s a digital network that connects field sensors to control systems. Profibus is used in many industries, including manufacturing, process industries, and factory automation.

Many of these industrial protocols are synchronous in nature with Client-Server architecture, they are designed to operate within the plant network delivering data on sub-milli second latency for machine operations.

When industrial systems became more and more complex with multiple providers of equipment in a single plant, major industrial automation companies formed an organization called OPC Foundation to define a standard protocol called OPC which can be interoperable between major industrial protocols. Initially OPC DA use to stand for “OLE for Process Control Data Access” based on Microsoft’s OLE (Object Linking and Embedding) technology which was used for communication between applications in the Windows ecosystem. This OPC DA became a legacy protocol (still used in many old industries) and OPC UA has evolved which is interoperable with multiple operating systems, today the acronym OPC stand for “Open Platform Communications” and UA stands for “Unified Architecture”. You can find more information at OPC Foundation.

As a first step to ingest data to cloud, basically we need to convert industrial protocols to OPC UA first. We can write a Driver software for that in .Net or Java using the OPC standard from OPC Foundation, or we can use software from companies who have already done it. There are many providers for this OPC software and open-source implementations are also available. Some major providers are Kepware OPC Server and MatrikonOPC.

The OPC servers will poll the data on different devices with Industrial Protocol Drivers and make the data available on OPC for the clients.

These industrial protocols including OPC are heavier, that is the data packet size is higher and because of the synchronous nature it becomes difficult to have a reliable connection over internet or to send data to a remote server in another geography over long distances, this is the reason for invention of light weight MQTT protocol by Andy Stanford-Clark (IBM) and Arlen Nipper (then working for Eurotech, Inc.) who authored the first version of the protocol in 1999.

Because of MQTT’s light weight nature and pub-sub model, it has been widely adopted for IoT (Internet of Things) after the advent of cloud computing.

As a second step to ingest data into cloud we must convert OPC to MQTT. IoT SiteWise OPC UA collector does this for us by becoming a client to the OPC server, subscribing or polling the data from OPC server and then converting it to MQTT. IoT SiteWise OPC UA collector is a component of AWS IoT Greengrass which is an edge runtime helping to build, deploy and manage IoT applications on the devices.

Important Points to Note:

Data is transitioning from Synchronous industrial protocols to Asynchronous IoT protocol, due to which there could be latency for the real-time data in the cloud.

  1. Key decisions to control the machine should be done at the factory level this can be achieved by running Lambda functions on IoT Greengrass.
  2. Important data processing for tasks such as Predictive Preventive Maintenance can be done with ML Inference components in IoT Greengrass.
  3. Post data ingestion to cloud, tasks like Analytics, Visualization and integrations with other services like Generative AI Apps, SAP systems can be done in the Cloud.

The Response from Generative AI depends on Our Intelligence more than the Intelligence within It

by | Feb 14, 2024 | AWS, AWS Managed Services, Machine Learning, White Paper

In-Short

CaveatWisdom

Caveat:

It is easy to type a question and get a response from the Generative AI, however it is important to get the right answer as per the context, because Large Language Models (LLMs) of Generative AI are designed to predict only the next word and they can hallucinate if they don’t get the context right or if they don’t have the required information with-in them.

Below is the screenshot of above example and response from Gen AI model in Amazon Bedrock

Wisdom:

  1. Don’t be 100% sure that what ever Generative AI says is true, many times it can be false, and you need to apply your critical thinking.
  2. It is important to understand the limitations of the Generative AI and frame our prompts to get right answers.
  3. Be specific with what you need and provide detailed and precise prompts.
  4. Give clear instructions instead of jargon and overly complex phrases.
  5. Ask open ended questions instead of questions for which the answers could be yes or no.
  6. Give proper context with purpose of your request.
  7. Break down complicated tasks into simple tasks.
  8. Choose the right model as per the task.
  9. Consider the cost factor for different models to perform different tasks. Sometimes traditional AI is much less costly than Generative AI.

In-Detail

In this post I will be using different LLMs available in Amazon Bedrock Service to demonstrate where the models can go wrong and show you how to write prompts in the right manner to get meaningful answer with the appropriate model.

Amazon Bedrock

Amazon Bedrock is a fully managed serverless pay-as-you-go service offering multiple foundational Generative AI model through a single API.

In this repo I have discussed on how to develop an Angular Web App for any scenario accessing the Amazon Bedrock from the backend. In this post I will be using Bedrock Playground in the AWS Console.

Understanding Basics

Tokens – These are basic units of text or code that LLMs use to process and generate language. These can be individual characters, parts of words, words, or parts of sentences. These tokens are then assigned numbers which, in turn, are put into a vector that becomes the actual input to the first neural network of the LLM.

Some thumb rules with respect to tokens are.

  • 1 token ~= 4 chars in English
  • 1 token ~= ¾ words
  • 100 tokens ~= 75 words

Or

  • 1-2 sentence ~= 30 tokens
  • 1 paragraph ~= 100 tokens
  • 1,500 words ~= 2048 tokens

Some common configuration options you find in Amazon Bedrock playground across models are Temperature, Top P and Maximum Length.

Temperature – By increasing the temperature, you can make the model more creative by decreasing it the model become stable and you get repetitive completions. By making temperature zero you can disable random sampling and deterministic results.

Top P – It is the percentile of probability from which tokens are sampled. If the value is less than 1.0 then you get only the corresponding top percentile of options are considered, this results in more stable and repetitive results.

Maximum Length – You can control number of tokens generated by the model by defining maximum number of tokens.

I have used the above parameters with different variations in different models and posting only the important examples in this post.

The art of writing prompts to get right answers from Generative AI is called Prompt Engineering.

Some of the Prompting Techniques are as follows:

Zero-Shot Prompting

Large LLMs are trained to follow instructions given by us. So we can start the prompt by giving the instructions first on what to do with the given information.

In the below example we are giving instruction in the starting to classify the text for sentiment analysis.

Few-Shot Prompting

Here we enable the model for in-context learning where we provide examples in the prompt which serve as conditioning for subsequent examples where we would like the model to generate a response.

In the below example the model Titan Text G1 is unable to predict the right sentiment with few shot prompts. It says model is unable to predict negative opinion!

The same prompt works with other model A21 Lab’s Jurassic-2 Mid. So you need to test and be wise before choosing the right model for your task.

Few-Shot Prompting Limitation 

When dealing with complex reasoning tasks Few-Shot Prompting is not a perfect technique.

You can see below, even after giving examples, the model fails to give the right answer.

In the last group of numbers (15, 32, 5, 13, 82, 7, 1) which is question the odd numbers are 15, 5, 13, 7, 1 and sum of them (15+5+13+7+1=41) is 41 which is an odd number, but the model (Jurassic-2 mid) says, “The answer is True” and agrees that it is an even number.

The above failure leads to our next technique Chain-Of-Thought

Chain-Of-Thought Prompting

In Chain-of-Thought (CoT) technique we explain to the model with examples on how to solve a problem in a step-by-step process.

I am repeating the same example discussed in the Few-Shot-Prompting discussed above with a variation of explaining to the model how to group the odd numbers and their sum is even or not. After that stating the answer True or false.

In the below screen shots, you can see that the Models Jurassic-2 Mid, Titan Text G1 – Express and Jurassic-2 Ultra doesn’t do well even after giving the example with Chain-of-Thought. This shows their limitations. At the same time, we can see that Claude v2 does an excellent job in reasoning and arriving at the answer with the step-by-step process, that is Chain-of-Thought.

Zero-Shot Chain-Of-Thought Prompting

In this technique we directly instruct the model to think Step-by-Step and give answer in complex reasoning tasks.

One of the nice features of Amazon Bedrock is that we can compare the models’ side by side and decide the appropriate one for our use case.

In the below example I compared Jurassic-2 Ultra, Titan Text G1 – Express, Claude v2. And we can see that Claude v2 does an excellent job however the cost of it is also on the higher side.

So, its again our intelligence which defines which model to use as per the task at hand considering the cost factor.

Prompt Chaining

Breaking down a complex task into smaller tasks and output response of one small task used as an input to next task is called Prompt Chaining.

Tree-Of-Thoughts

This technique extends prompt chaining technique by asking the Gen AI to act as different personas or SMEs and then chain the responses from one persona as input to another persona.

Below are the screen shots of the example in which I have given a document stating about a complex cloud migration project of a global renewable energy company.

In the first step I have asked the model to act as a Business Analyst and give Functional and Non-Functional requirements of the project.

Next the response from the first step is given as input and asked to act as a Cloud Architect and give the Architecting considerations as per the functional and non-functional requirements.

Applying Mechanical Sympathy with Built-In Algorithms of Amazon SageMaker

by | Jan 16, 2024 | AWS, AWS Managed Services, Machine Learning

Mechanical Sympathy

The term Mechanical Sympathy was coined by racing driver Jackie Stewart, he said that “You don’t have to be an engineer to be a racing driver, but you do have to have Mechanical Sympathy.” He meant that understanding how a car works makes you a better driver. In case of Machine Learning by understanding when to use a specific algorithm we can get maximum efficiency from the resources we provision in the cloud.

In-Short

CaveatWisdom

Caveat

It is important to note that there is no one-size-fits-all solution when it comes to selecting a machine learning algorithm. The best algorithm for your problem will depend on a variety of factors, including the size and structure of your dataset, the complexity of the problem, and the trade-offs between accuracy, training time, and ease of use. Choosing a wrong algorithm can easily get you into cost over-runs and low performance of the models.

Wisdom

  • It is important to understand the problem you are trying to solve and the type of data you are working with. This will help you determine whether you need a classification, regression, or clustering algorithm.
  • Consider the size of your dataset and the complexity of the algorithm along with their input formats.
  • Evaluate the performance of multiple algorithms on your dataset and choose the one that performs best.
  • Be aware of the trade-offs between accuracy, training time, and ease of use when selecting an algorithm.
  • Use K-Fold cross-validation techniques to assess the performance of your models and prevent overfitting.

In-Detail

Amazon SageMaker

Amazon SageMaker is a one stop solution to develop, train and deploy the machine learning models in AWS. It gives four Algorithm options as follows:

  1. Bring your own algorithm.
  2. Write a script in your framework like TensorFlow, MXNet, PyTorch, etc.
  3. Get an Algorithm from AWS Marketplace.
  4. Use Built-In Algorithms.

Built-In algorithms enable us to quickly train and deploy machine learning models. Understanding when to use these algorithms is important to get the best results for the specific problem which we are trying to solve with machine learning.

AWS is always evolving, and many more built-in algorithms and jump start models are getting added to SageMaker service frequently. In this post I will be discussing some of the important algos which are highly used and referred in AWS Machine Learning Speciality Exam as per my experience.

Following are the mind maps to easily remember these algos:

Amazon SageMaker’s Built-In Algorithms:

Linear Learner

Linear Learner combines the simplicity of linear models with the flexibility of gradient boosting algorithms. The algorithm automatically handles feature transformations and missing values, making it easy to use. It supports large datasets and can be trained quickly, making it suitable for real-time applications.

 Use Cases:

Fraud detection: By training Linear Learner algorithm on historical data that includes both fraudulent and legitimate transactions, it can learn to classify new transactions as either fraudulent or legitimate. The algorithm can analyze various features of the transactions, such as transaction amount, location, and time, to make accurate predictions.

 

XGBoost

XGBoost can deal with both classification and regression problems. It is particularly useful when you have structured data with a large number of features. XGBoost is known for its ability to handle complex relationships between variables and its capability to handle missing values.

Use Cases:

Customer Churn Prediction

By training the algorithm on historical customer data, including factors such as demographics, purchase history, and customer interactions, it can learn to predict which customers are likely to churn or cancel their subscriptions. This information can help businesses take proactive measures to retain customers and improve customer satisfaction.

Anomaly detection

XGBoost can be used to identify unusual patterns or outliers in data. This can be applied in various domains such as fraud detection, network intrusion detection, or equipment failure prediction. By training the algorithm on normal data patterns, it can effectively identify deviations from the norm and flag potential anomalies.

 

Seq2Seq

Seq2Seq (Sequence-to-Sequence) can work with tasks that involve sequential data, such as language translation, text summarization, or speech recognition. It is specifically designed to handle problems where the input and output are both sequences of varying lengths.

Use Cases:

Machine Translation

By training the algorithm on pairs of sentences in different languages, it can learn to translate text from one language to another. For example, it can be used to translate English sentences into French or vice versa. The Seq2Seq algorithm is capable of capturing the contextual information and dependencies between words in a sentence, allowing it to generate accurate translations.

Text Summarization

By training the algorithm on pairs of long documents and their corresponding summaries, it can learn to generate concise summaries of text. This can be particularly useful in scenarios where there is a need to extract key information from lengthy documents, such as news articles or research papers.

DeepAR

DeepAR can be used when working with time series forecasting problems. It is specifically designed to handle tasks where the goal is to predict future values based on historical data.

Use Cases:

Demand Forecasting

By training the algorithm on historical sales data, it can learn to predict future demand for products or services. This can be particularly useful for businesses to optimize inventory management, production planning, and resource allocation.

Energy Load Forecasting

By training the algorithm on historical energy consumption data, it can learn to predict future energy demand. This can help utility companies optimize energy generation and distribution, as well as enable consumers to make informed decisions about energy usage.

Other Use Cases

The DeepAR algorithm is also applicable to other time series forecasting tasks such as stock market prediction, weather forecasting, and traffic flow prediction. It can capture complex patterns and dependencies in the data, making accurate predictions based on historical trends and seasonality.

 

BlazingText

BlazingText will help in text classification or natural language processing tasks. It is specifically designed to handle large-scale text data and can efficiently train models on massive datasets.

Use Cases:

Sentiment Analysis

By training the algorithm on a large corpus of text data labeled with sentiment (positive, negative, or neutral), it can learn to classify new text inputs based on their sentiment. This can be particularly useful for businesses to analyze customer feedback, social media posts, or product reviews to gain insights into customer sentiment and make data-driven decisions.

Document Classification

By training the algorithm on a diverse set of documents labeled with different categories, it can learn to classify new documents into relevant categories. This can be applied in various domains such as news categorization, spam detection, or topic classification.

Object2Vec

Object2Vec can be used with tasks that involve embedding and similarity analysis of objects or entities. It is specifically designed to handle scenarios where the goal is to learn meaningful representations of objects in a high-dimensional space.

Use Cases:

Recommendation Systems

By training the algorithm on user-item interaction data, it can learn to generate embeddings for users and items. These embeddings can then be used to calculate similarity scores between users and items, enabling personalized recommendations. For example, in an e-commerce setting, the algorithm can learn to recommend products to users based on their browsing and purchase history.

Document Similarity Analysis

By training the algorithm on a collection of documents, it can learn to generate embeddings for each document. These embeddings can be used to measure the similarity between documents, enabling tasks such as document clustering or search result ranking.

Other Use Cases

The Object2Vec algorithm is also applicable to tasks such as image similarity analysis, fraud detection, and anomaly detection. It can learn meaningful representations of objects or entities, allowing for efficient comparison and identification of similar instances.

 

Object Detection

Object Detection can help in detecting and localizing objects within images or videos. It is specifically designed to handle scenarios where the goal is to identify and locate multiple objects of interest within an image or video frame.

Use Cases:

Autonomous Driving

By training the algorithm on a dataset of labeled images or videos, it can learn to detect and localize various objects on the road, such as cars, pedestrians, traffic signs, and traffic lights. This can be crucial for developing advanced driver assistance systems (ADAS) or autonomous vehicles, enabling them to perceive and respond to their surroundings.

Inventory Management and Loss Prevention

By training the algorithm on images or videos of store shelves, it can learn to detect and locate products, ensuring accurate inventory counts and identifying instances of theft or misplaced items.

Other Use Cases

The Object Detection algorithm is also applicable to tasks such as surveillance, object tracking, and medical imaging. It can detect and localize objects of interest within complex scenes, providing valuable insights and enabling automated analysis.

 

Image Classification

Image Classification can categorize images into different classes or labels. It is specifically designed to handle scenarios where the goal is to classify images based on their visual content.

Use Cases:

Medical Imaging

By training the algorithm on a dataset of labeled medical images, it can learn to classify images into different categories such as normal or abnormal, or specific medical conditions. This can assist healthcare professionals in diagnosing diseases, identifying abnormalities, and making informed treatment decisions.

Product Categorization

By training the algorithm on a dataset of labeled product images, it can learn to classify images into different categories such as clothing, electronics, or home goods. This can help automate the process of organizing and categorizing products, improving search and recommendation systems for online retailers.

Other Use Cases

The Image Classification algorithm is also applicable to tasks such as facial recognition, object recognition, and quality control in manufacturing. It can accurately classify images based on their visual features, enabling a wide range of applications in various industries.

Semantic Segmentation

Semantic Segmentation can do pixel-level segmentation of images. It is specifically designed to handle scenarios where the goal is to assign a class label to each pixel in an image, thereby segmenting the image into meaningful regions.

Use Cases:

Autonomous Driving

By training the algorithm on a dataset of labeled images, it can learn to segment the images into different classes such as road, vehicles, pedestrians, and buildings. This can be crucial for developing advanced driver assistance systems (ADAS) or autonomous vehicles, enabling them to understand and navigate their environment.

Medical Imaging

By training the algorithm on a dataset of labeled medical images, it can learn to segment the images into different anatomical structures or regions of interest. This can assist healthcare professionals in accurate diagnosis, treatment planning, and surgical interventions.

Other Use Cases

The Semantic Segmentation algorithm is also applicable to tasks such as object detection, scene understanding, and image editing.

Random Cut Forest

Random Cut Forest (RCF) can do anomaly detection in high-dimensional data. It is specifically designed to handle scenarios where the goal is to identify unusual patterns or outliers within a dataset.

Use Cases:

Fraud Detection

By training the algorithm on a dataset of normal transactions, it can learn to identify anomalous transactions that deviate from the normal patterns. This can help businesses detect fraudulent activities, such as credit card fraud or money laundering, and take appropriate actions to mitigate risks.

Cybersecurity

By training the algorithm on a dataset of normal network traffic patterns, it can learn to detect abnormal network behaviors that may indicate a cyber attack or intrusion. This can help organizations identify and respond to security threats in real-time, enhancing their overall cybersecurity posture.

Other Use Cases

Random Cut Forest algorithm can also be used for tasks such as equipment failure prediction, sensor data analysis, and quality control in manufacturing. It can effectively identify anomalies or outliers within high-dimensional data, enabling proactive maintenance, process optimization, and early detection of potential issues.

Neural Topic Model

Neural Topic Model algorithm is specifically designed for topic modeling tasks, which involve discovering latent topics within a collection of documents. It utilizes a neural network-based approach to learn the underlying structure and relationships between words and topics in the text data.

Use Cases:

Content Analysis and Recommendation Systems

By training the algorithm on a large corpus of documents, it can learn to identify and extract meaningful topics from the text. This can be useful for organizing and categorizing large document collections, enabling efficient search and recommendation systems.

Market Research and Customer Feedback Analysis

By training the algorithm on customer reviews, surveys, or social media data, it can uncover the main topics and themes discussed by customers. This can provide valuable insights into customer preferences, sentiment analysis, and help businesses make data-driven decisions.

 

Latent Dirichlet Allocation – LDA

LDA can help in topic modeling. It is specifically designed to uncover latent topics within a collection of documents and assign topic probabilities to each document.

Use Cases:

Text Mining and Document Clustering

By training the algorithm on a dataset of documents, it can learn to identify the underlying topics present in the text. This can be useful for organizing and categorizing large document collections, enabling efficient search, recommendation systems, or content analysis.

Social Media Analysis and Sentiment Analysis

By training the algorithm on social media posts or customer reviews, it can uncover the main topics being discussed and analyze the sentiment associated with each topic.

Other Use Cases

The LDA algorithm is also applicable to tasks such as information retrieval, document summarization, and content recommendation. It can uncover the hidden thematic structure within text data, allowing for efficient organization, summarization, and retrieval of relevant information.

  

K Nearest Neighbors – KNN

KNN can help with both classification or regression tasks based on similarity measures. It is specifically designed to handle scenarios where the goal is to predict the class or value of a new data point based on its proximity to its neighboring data points.

Use Cases:

Recommendation Systems

By training the algorithm on a dataset of user-item interactions, it can learn to predict user preferences or recommend items based on the similarity of users or items. This can be useful for personalized recommendations in e-commerce, content streaming platforms, or social media.

Anomaly Detection

By training the algorithm on a dataset of normal data points, it can learn to identify anomalies or outliers based on their dissimilarity to the majority of the data. This can be applied in various domains such as fraud detection, network intrusion detection, or equipment failure prediction.

Other Use Cases

The KNN algorithm is also applicable to tasks such as image recognition, text classification, and customer segmentation. It can classify or predict based on the similarity of features or patterns, making it suitable for a wide range of applications.

 

K-Means

K-Means can work with tasks that involve clustering or grouping similar data points together. It is specifically designed to handle scenarios where the goal is to partition data into K distinct clusters based on their similarity.

Use Cases:

Customer Segmentation

By training the algorithm on customer data, such as demographics, purchase history, or browsing behavior, it can learn to group customers into distinct segments based on their similarities. This can help businesses tailor marketing strategies, personalize recommendations, or optimize customer experiences based on the characteristics of each segment.

Image Compression or Image Recognition

By training the algorithm on a dataset of images, it can learn to group similar images together based on their visual features. This can be useful for tasks such as image compression, where similar images can be represented by a single representative image, or for image recognition, where images can be classified into different categories based on their similarities.

Other Use Cases

K-Means can also help with document clustering, anomaly detection, and market segmentation. It can group data points based on their similarity, allowing for efficient organization, analysis, and decision-making.

 

Principal Component Analysis – PCA

Principal Component Analysis (PCA) can do dimensionality reduction and feature extraction. It is designed to handle scenarios where the goal is to transform high-dimensional data into a lower-dimensional representation while preserving the most important information.

Use Cases:

Data Visualization

By applying PCA to a high-dimensional dataset, it can reduce the dimensionality of the data while retaining the most significant features. This allows for visualizing the data in a lower-dimensional space, making it easier to understand and interpret complex relationships or patterns.

Feature Extraction

By applying PCA to a dataset with a large number of features, it can identify the most informative features and create a reduced set of features that capture the most important information. This can be useful for improving the efficiency and performance of machine learning models by reducing the dimensionality of the input data.

Factorization Machines

Factorization Machines mainly work for recommendation systems, personalized marketing, or collaborative filtering. It is designed to handle scenarios where the goal is to predict user preferences or make recommendations based on interactions between users and items.

Use Cases:

Recommendation Systems

By training the algorithm on user-item interaction data, such as ratings or purchase history, it can learn to predict user preferences and make personalized recommendations. This can be useful for e-commerce platforms, content streaming services, or social media platforms to enhance user experiences and drive engagement.

Personalized Marketing

By training the algorithm on customer data, such as demographics, browsing behavior, or past purchases, it can learn to predict customer preferences and tailor marketing campaigns accordingly. This can help businesses deliver targeted advertisements, personalized offers, or product recommendations to individual customers, improving conversion rates and customer satisfaction.

Other Use Cases

Factorization Machines is also applicable to tasks such as click-through rate prediction, sentiment analysis, and fraud detection. It can capture complex interactions between features and make accurate predictions based on the learned factorization model.

 

IP Insights

IP Insights is a feature in Amazon SageMaker that provides IP address geolocation and threat intelligence. However, it is not a built-in algorithm in the traditional sense.

It is designed to provide information about the geographical location and potential threat level associated with an IP address. It leverages data from various sources to determine the country, city, and coordinates associated with an IP address. Additionally, it provides threat intelligence information, such as whether the IP address is associated with known malicious activities or has a high-risk reputation.

Use Cases:

Cybersecurity and Network security

By utilizing IP Insights, organizations can analyze incoming network traffic and identify potential threats based on the geolocation and threat intelligence associated with IP addresses. This can help in detecting and mitigating malicious activities, such as unauthorized access attempts or distributed denial-of-service (DDoS) attacks.

Targeted Marketing and Content Localization

By leveraging IP Insights, businesses can tailor their marketing campaigns or content based on the geographical location of website visitors or customers. This can enable personalized experiences, targeted advertisements, or region-specific content delivery.

 

Reinforcement Learning

Reinforcement Learning (RL) can be used for sequential decision-making and learning from interactions with an environment. It is specifically designed to handle scenarios where the goal is to optimize an agent’s actions to maximize a reward signal over time.

Use Cases:

Autonomous Robotics

By training the algorithm on simulated or real-world environments, it can learn to control robotic systems to perform complex tasks. This can include tasks such as object manipulation, navigation, or even playing games. RL enables the agent to learn from trial and error, improving its performance over time through exploration and exploitation of the environment.

Recommendation Systems

By training the algorithm on user interactions and feedback, it can learn to make personalized recommendations that maximize user engagement or satisfaction. This can be applied in various domains such as e-commerce, content streaming platforms, or online advertising, where the goal is to optimize user experiences and increase conversion rates.

Other Use Cases

The Reinforcement Learning algorithm is also applicable to tasks such as resource allocation, portfolio management, and energy optimization. It can learn to make optimal decisions in dynamic and uncertain environments, leading to efficient resource utilization, investment strategies, or energy consumption.

Best Practices in Implementing Security Groups for Web Application on AWS

by | Jul 15, 2023 | AWS, Networking, Security, White Paper

In-Short

CaveatWisdom

Caveat: Its easy to assign source as large VPC wide CIDR range (ex: 10.0.0.0/16) in Security Groups for private instances and avoid painful debugging of data flow however we are opening our systems to a plethora of security vulnerabilities. For example, a compromised system in the network can affect all other systems in the network.

Wisdom:

  1. Create and maintain separate private subnets for each tier of the application.
  2. Only allow the required traffic for instances, you can do this easily by assigning “Previous Tier Security Group” as the source (from where the traffic is allowed) in the in-bound rule of the “Present tier’s Security Group”.
  3. Keep Web Servers as private and always front them with a managed External Elastic Load Balancer.
  4. Access the servers through Session Manager in the System Manager Server.

In-Detail

Some Basics

Security Group is an Instance level firewall where we can apply allow rules for in-bound and out-bound traffic. In-fact security groups associate with Elastic Network Interfaces (ENIs) of the EC2 instances through which data flows.

We can apply multiple security groups for a instance, all the rules from all security groups associated with instance will be aggregated and applied.

Connection Tracking

Security Groups are stateful, that means when a request is allowed in Inbound rules, corresponding response is automatically allowed and no need to apply outbound rules explicitly. This is achieved by tracking the connection state of the traffic to and from the instance.

It is to be noted that connections can be throttled if traffic increases beyond max number of connections. If all traffic is allowed for all ports (0.0.0.0/0 or ::/0) for both in-bound and out-bound traffic then that traffic is not tracked.

Scenario

Let’s take a three-tier web application where the front end or API receiving the traffic from users will be the Web tier, application logic API lies at App tier and Database in the third tier.

Directly exposing the web servers to the open internet is a big vulnerability, it is always better to keep them in a private subnet and front them with a Load Balancer in a public subnet.

It is better to maintain separate private subnets for each tier with their own auto scaling groups.

Overall, we can have one public subnet and three private subnets in each availability zone where we host the application. It is recommended to use at least two availability zones for high availability.

The architecture for our three-tier web application can be as below.

    Architecture for 3-tier Web Application

    Architecture for 3-tire Web Application

    Chaining Security Groups

    In the above architecture Security Groups are chained from one tier to the next tier. We need to create a separate security group for each tier and a security group for load balancer in the public subnet. For Application load balancer, we need to select at least 2 subnets, 1 in each availability zone.

    Implementing Chaining of Security Groups

    1. A Security Group ALB-SG for an External Application Load Balancer should be created with source open to internet (0.0.0.0/0) in the Inbound rule for all the traffic on HTTPS Port 443. TLS/SSL can be terminated at the ALB which can take the heavy lifting of encryption and decryption. An ID for the ALB-SG will be created automatically let’s say sgr-0a123.
    2. For Web tier a Security Group Web-SG with the source as ALB-SG sgr-0a123 in the Inbound rule on HTTP port 80 should be created. With this rule only connections from ALB are allowed to web servers. Let the ID created for Web-SG be sgr-0b321.
    3. For App tier a Security Group APP-SG with the source as Web-SG sgr-0b321 in the Inbound rule on Custom port 8080 should be created. With this rule only connections from Instances with Web-SG security group are allowed to App servers. Let the ID created for App-SG be sgr-0c456.
    4. For Database tier a Security Group DB-SG with the source as App-SG sgr-0c456 in the Inbound rule on MySQL/Aurora port 3306 should be created. With this rule only connections from Instances with App-SG security group are allowed to Database servers. Let the ID created for DB-SG be sgr-0d654.

    Running Containers on AWS as per Business Requirements and Capabilities

    by | Mar 19, 2023 | AWS, AWS Managed Services, Containers, Kubernetes, Open Source, Serverless, White Paper

    We can run containers with EKS, ECS, Fargate, Lambda, App Runner, Lightsail, OpenShift or on just EC2 instances on AWS Cloud. In this post I will discuss on how to choose the AWS service based on our organization requirements and capabilities.

    In-Short

    CaveatWisdom

    Caveat: Meeting the business objectives and goals can become difficult if we don’t choose the right service based on our requirements and capabilities.

    Wisdom:

    1. Understand the complexity of your application based on how many microservices and how they interact with each other.
    2. Estimate how your application scales based on business.
    3. Analyse the skillset and capabilities of your team and how much time you can spend for administration and learning.
    4. Understand the policies and priorities of your organization in the long-term.

    In-Detail

    You may wonder why we have many services for running the containers on AWS. One size does not fit all. We need to understand our business goals and requirements and our team capabilities before choosing a service.

    Let us understand each service one by one.

    All the services which are discussed below require the knowledge of building containerized images with Docker and running them.

    Running Containers on Amazon EC2 Manually

    You can deploy and run containers on EC2 Instances manually if you have just 1 to 4 applications like a website or any processing application without any scaling requirements.

    Organization Objectives:

    1. Run just 1 to 4 applications on the cloud with high availability.
    2. Have full control at the OS level.
    3. Have standard workload all the time without any scaling requirements.

    Capabilities Required:

    1. Team should have full understanding of AWS networking at VPC level including load balancers.
    2. Configure and run container runtime like docker daemon.
    3. Deploying application containers manually on the EC2 instances by accessing through SSH.
    4. Knowledge of maintaining OS on EC2 instances.

    The cost is predictable if there is no scaling requirement.

    The disadvantages in this option are:

    1. We need to maintain the OS and docker updated manually.
    2. We need to constantly monitor the health of running containers manually.

    What if you don’t want to take the headache of managing EC2 instances and monitoring the health of your containers? – Enter Amazon Lightsail

     Running Containers with Amazon Lightsail

    The easiest way to run containers is Amazon Lightsail. To run containers on Lightsail we just need to define the power of the node (EC2 instance) required and scale that is how many nodes. If the number of containers instances is more than 1, then Lightsail copies the container across multiple nodes you specify. Lightsail uses ECS under the hood. Lightsail manages the networking.

    Organization Objectives:

    1. Run multiple applications on the cloud with high availability.
    2. Infrastructure should be fully managed by AWS with no maintenance.
    3. Have standard workload and scale dynamically when there is need.
    4. Minimal and predictable cost with bundled services including load balancer and CDN.

    Capabilities Required:

    1. Team should have just knowledge of running containers.

    Lightsail can dynamically scale but it should be managed manually, we cannot implement autoscaling based on certain triggers like increase in traffic etc.

    What if you need more features like building a CI/CD pipeline, integration with a Web Application Firewall (WAF) at the edge locations? – Enter AWS App Runner

     

    Running Containers with AWS App Runner

    AWS App runner is one more easy service to run containers. We can implement Auto Scaling and secure the traffic with AWS WAF and other services like private endpoints in VPC. App Runner directly connects to the image repository and deploy the containers. We can also integrate with other AWS services like Cloud Watch, CloudTrail and X-Ray for advanced monitoring capability.

    Organization Objectives:

    1. Run multiple applications on the cloud with high availability.
    2. Infrastructure should be fully managed by AWS with no maintenance.
    3. Auto Scale as per the varying workloads.
    4. Implement high security features like traffic filtering and isolating workloads in a private secured environment.

    Capabilities Required:

    1. Team should have just knowledge of running containers.
    2. AWS knowledge of services like WAF, VPC, CloudWatch is required to handle the advanced requirements.

    App Runner supports full stack web applications including front-end and backend services. At present App Runner supports only stateless applications, stateful applications are not supported.

    What if you need to run the containers in a serverless fashion, i.e., an event driven architecture in which you run the container only when needed (invoked by an event) and pay only for the time the process runs to service the request? – Enter AWS Lambda.

    Running Containers with AWS Lambda

    With Lambda, you pay only for the time your container function runs in milliseconds and how much RAM you allocate to the function, if your function runs for 300 milliseconds to process a request then you pay only for that time. You need to build your container image with the base image provided by AWS. The base images are open-source made by AWS and they are preloaded with a language runtime and other components required to run a container image on Lambda. If we choose our own base image then we need to add appropriate runtime interface client for our function so that we can receive the invocation events and respond accordingly.

    Organization Objectives:

    1. Run multiple applications on the cloud with high availability.
    2. Infrastructure should be fully managed by AWS with no maintenance.
    3. Auto Scale as per the varying workloads.
    4. Implement high security features like traffic filtering and isolating workloads in a private secured environment.
    5. Implement event-based architecture.
    6. Pay only for the requests process without idle time for apps.
    7. Seamlessly integrate with other services like API Gateway where throttling is needed.

    Capabilities Required:

    1. Team should have just knowledge of running containers.
    2. Team should have deep understanding of AWS Lambda and event-based architectures on AWS and other AWS services.
    3. Existing applications may need to be modified to handle the event notifications and integrate with runtime client interfaces provided by the Lambda Base images.

    We need to be aware of limitations of Lambda, it is stateless, max time a Lambda function can run is 15 minutes, it provides a temporary storage for buffer operations.

    What if you need more transparency i.e., access to underlying infrastructure at the same time the infrastructure is managed by AWS? – Enter AWS Elastic Beanstalk.

    Running Containers with AWS Elastic Beanstalk

    We can run any containerized application on AWS Elastic Beanstalk which will deploy and manage the infrastructure on behalf of you. We can create and manage separate environments for development, testing, and production use, and you can deploy any version of your application to any environment. We can do rolling deployments or Blue / Green deployments. Elastic Beanstalk provisions the infrastructure i.e., VPC, EC2 instances, Load Balances with Cloud Formation Templates developed with best practices.

    For running containers Elastic Beanstalk uses ECS under-the-hood. ECS provides the cluster running the docker containers, Elastic Beanstalk manages the tasks running on the cluster.

    Organization Objectives:

    1. Run multiple applications on the cloud with high availability.
    2. Infrastructure should be fully managed by AWS with no maintenance.
    3. Auto Scale as per the varying workloads.
    4. Implement high security features like traffic filtering and isolating workloads in a private secured environment.
    5. Implement multiple environments for developing, staging and productions.
    6. Deploy with strategies like Blue / Green and Rolling updates.
    7. Access to the underlying instances.

    Capabilities Required:

    1. Team should have just knowledge of running containers.
    2. Foundational knowledge of AWS and Elastic Beanstalk is enough.

    What if you need to implement more complex microservices architecture with advanced functionality like service mesh and orchestration? Enter Elastic Container Service Directly

    Running Containers with Amazon Elastic Container Service (Amazon ECS)

    When we want to implement a complex micro-services architecture with orchestration of container, then ECS is the right choice. Amazon ECS is a fully managed service with built-in best practices for operations and configuration. It removes the headache of complexity in managing the control plane and gives option to run our workloads anywhere in cloud and on-premises.

    ECS give two launch types to run tasks, Fargate and EC2. Fargate is a serverless option with low overhead with which we can run containers without managing infrastructure. EC2 is suitable for large workloads which require consistently high CPU and memory.

    A Task in ECS is a blueprint of our microservice, it can run one or more containers. We can run tasks manually for applications like batch jobs or with a Service Schedular which ensures the scheduling strategy for long running stateless microservices. Service Schedular orchestrates containers across multiple availability zones by default using task placement strategies and constraints.

    Organization Objectives:

    1. Run complex microservices architecture with high availability and scalability.
    2. Orchestrate the containers as per complex business requirements.
    3. Integrate with AWS services seamlessly.
    4. Low learning curve for the team which can take advantage of cloud.
    5. Infrastructure should be fully managed by AWS with no maintenance.
    6. Auto Scale as per the varying workloads.
    7. Implement high security features like traffic filtering and isolating workloads in a private secured environment.
    8. Implement complex DevOps strategies with managed services for CI/CD pipelines.
    9. Access to the underlying instances for some applications and at the same time have a serverless option for some other workloads.
    10. Implement service mesh for microservices with a managed service like App Mesh.

    Capabilities Required:

    1. Team should have knowledge of running containers.
    2. Intermediate level of understanding of AWS services is required.
    3. Good knowledge of ECS orchestration and scheduling configuration will add much value.
    4. Optionally Developers should have knowledge of services mesh implementation with App mesh if it is required.

    What if you need to migrate existing on-premises container workloads running on Kubernetes to the Cloud or what if the organization policy states to adopt open-source technologies? – Enter Amazon Elastic Kubernetes Service.

     

    Running Containers with Amazon Elastic Kubernetes Service (Amazon EKS)

    Amazon EKS is a fully managed service for Kubernetes control plane and it gives option to run workloads on self-managed EC2 instances, Managed EC2 Instances or fully managed serverless Fargate service. It removes the headache of managing and configuring the Kubernetes Control Plane with in-built high availability and scalability. EKS is an upstream implementation of CNCF released Kubernetes version, so all the workloads presently running on-premises K8S will work on EKS. It gives option to extend and use the same EKS console to on-premises with EKS anywhere.

    Organization Objectives:

    1. Adopt open-source technologies as a policy.
    2. Migrate existing workloads on Kubernetes.
    3. Run complex microservices architecture with high availability and scalability.
    4. Orchestrate the containers as per complex business requirements.
    5. Integrate with AWS services seamlessly.
    6. Infrastructure should be fully managed by AWS with no maintenance.
    7. Auto Scale as per the varying workloads.
    8. Implement high security features like traffic filtering and isolating workloads in a private secured environment.
    9. Implement complex DevOps strategies with managed services for CI/CD pipelines.
    10. Access to the underlying instances for some applications and at the same time have a serverless option for some other workloads.
    11. Implement service mesh for microservices with a managed service like App Mesh.

    Capabilities Required:

    1. Team should have knowledge of running containers.
    2. Intermediate level of understanding of AWS services is required and deep understanding of networking on AWS for Kubernetes will a lot, you can read my previous blog here.
    3. Learning curve is high with Kubernetes and should spend sufficient time for learning.
    4. Good knowledge of EKS orchestration and scheduling configuration.
    5. Optionally Developers should have knowledge of services mesh implementation with App mesh if it is required.
    6. Team should have knowledge on handling Kubernetes updates, you can refer to my vlog here.

     

    Running Containers with Red Hat OpenShift Service on AWS (ROSA)

    If the Organization manages its existing workloads on Red Hat OpenShift and want to take advantage of AWS Cloud then we can migrate easily to Red Hat OpenShift Service on AWS (ROSA) which is a managed service. We can use ROSA to create Kubernetes clusters using the Red Hat OpenShift APIs and tools, and have access to the full breadth and depth of AWS services. We can also access Red Hat OpenShift licensing, billing, and support all directly through AWS

     

    I have seen many organizations adopt multiple service to run their container workloads on AWS, it is not necessary to stick to one kind of service, in a complex enterprise architecture it is recommended to keep all options open and adopt as the business needs changes.