Web21/10/ · A footnote in Microsoft's submission to the UK's Competition and Markets Authority (CMA) has let slip the reason behind Call of Duty's absence from the Xbox Game Pass library: Sony and Web26/10/ · Key findings include: Proposition 30 on reducing greenhouse gas emissions has lost ground in the past month, with support among likely voters now falling short of a majority. Democrats hold an overall edge across the state's competitive districts; the outcomes could determine which party controls the US House of Representatives. Four WebThe latest Lifestyle | Daily Life news, tips, opinion and advice from The Sydney Morning Herald covering life and relationships, beauty, fashion, health & wellbeing Web12/10/ · Microsoft pleaded for its deal on the day of the Phase 2 decision last month, but now the gloves are well and truly off. Microsoft describes the CMA’s concerns as “misplaced” and says that Web20/10/ · That means the impact could spread far beyond the agency’s payday lending rule. "The holding will call into question many other regulations that protect consumers with respect to credit cards, bank accounts, mortgage loans, debt collection, credit reports, and identity theft," tweeted Chris Peterson, a former enforcement attorney at the CFPB who ... read more
The following commands create the file system resources. These commands add each resource to the resource group that includes the logical volume resource for that file system. Verify that the GFS2 file systems are mounted on both nodes of the cluster. RHEL 8. This example creates one GFS2 file systems on a logical volume and encrypts the file system. Encrypted GFS2 file systems are supported using the crypt resource agent, which provides support for LUKS encryption.
On the second node in the cluster, run the following commands to add the shared device to the devices file on that node and to start the lock manager for the shared volume group. Create an LVM-activate resource for the logical volume to automatically activate the logical volume on all nodes.
Configure an ordering constraints to ensure that the locking resource group that includes the dlm and lvmlockd resources starts first. Configure a colocation constraints to ensure that the vg1 and vg2 resource groups start on the same node as the locking resource group. On both nodes in the cluster, verify that the logical volume is active.
On one node in the cluster, create a new file that will contain the crypt key and set the permissions on the file so that it is readable only by root. Distribute the crypt keyfile to the other nodes in the cluster, using the -p parameter to preserve the permissions you set.
Create the encrypted device on the LVM volume where you will configure the encrypted GFS2 file system. On one node in the cluster, format the volume with a GFS2 file system. Create a file system resource to automatically mount the GFS2 file system on all nodes. The following command creates the file system resource. This command adds the resource to the resource group that includes the logical volume resource for that file system.
Verify that the GFS2 file system is mounted on both nodes of the cluster. This procedure allows you to use your existing Red Hat Enterprise 7 logical volumes when configuring a RHEL 8 cluster that includes GFS2 file systems.
Additionally, this requires that you use the LVM-activate resource to manage an LVM volume and that you use the lvmlockd resource agent to manage the lvmlockd daemon. See Configuring a GFS2 file system in a cluster for a full procedure for configuring a Pacemaker cluster that includes GFS2 file systems using shared logical volumes. To use your existing Red Hat Enterprise Linux 7 logical volumes when configuring a RHEL8 cluster that includes GFS2 file systems, perform the following procedure from the RHEL8 cluster.
The RHEL8 cluster must have the same name as the RHEL7 cluster that includes the GFS2 file system in order for the existing file system to be valid.
From one node in the cluster, forcibly change the volume group to be local. From one node in the cluster, change the local volume group to a shared volume group. After performing this procedure, you can create an LVM-activate resource for each logical volume. This procedure sets up your system to use the pcsd Web UI to configure a cluster. On any system, open a browser to the following URL, specifying one of the nodes of the cluster note that this uses the https protocol.
This brings up the pcsd Web UI login screen. Log in as user hacluster. This brings up the Manage Clusters page as shown in the following figure. From the Manage Clusters page, you can create a new cluster, add an existing cluster to the Web UI, or remove a cluster from the Web UI. Once you have created or added a cluster, the cluster name is displayed on the Manage Cluster page. Selecting the cluster displays information about the cluster.
When using the pcsd Web UI to configure a cluster, you can move your mouse over the text describing many of the options to see longer descriptions of those options as a tooltip display. When creating a cluster, you can configure additional cluster options by clicking Go to advanced settings on the Create cluster screen. This allows you to modify the configurable settings of the following cluster components:. Selecting those options displays the settings you can configure. For information on each of the settings, place the mouse pointer over the particular option.
You can grant permission for specific users other than user hacluster to manage the cluster through the Web UI and to run pcs commands that connect to nodes over a network by adding them to the group haclient. You can then configure the permissions set for an individual member of the group haclient by clicking the Permissions tab on the Manage Clusters page and setting the permissions on the resulting screen. From this screen, you can also set permissions for groups. To configure the components and attributes of a cluster, click on the name of the cluster displayed on the Manage Clusters screen.
This brings up the Nodes page. The Nodes page displays a menu along the top of the page with the following entries:. Selecting the Nodes option from the menu along the top of the cluster management page displays the currently configured nodes and the status of the currently selected node, including which resources are running on the node and the resource location preferences.
This is the default page that is displayed when you select a cluster from the Manage Clusters screen. From this page, You can add or remove nodes. You can also start, stop, restart, or put a node in standby or maintenance mode. For information on standby mode, see Putting a node into standby mode.
You can also configure fence devices directly from this page, as described in by selecting Configure Fencing. Configuring fence devices is described in "Configuring fence devices with the pcsd Web UI". Selecting the Resources option from the menu along the top of the cluster management page displays the currently configured resources for the cluster, organized according to resource groups.
Selecting a group or a resource displays the attributes of that group or resource. From this screen, you can add or remove resources, you can edit the configuration of existing resources, and you can create a resource group. When configuring the arguments for a resource, a brief description of the argument appears in the menu. If you move the cursor to the field, a longer help description of that argument is displayed. You can define a resource as a cloned resource, or as a promotable clone resource.
For information on these resource types, see Creating cluster resources that are active on multiple nodes cloned resources. Selecting the Fence Devices option from the menu along the top of the cluster management page displays Fence Devices screen, showing the currently configured fence devices.
To configure an SBD fencing device, click on SBD on the Fence Devices screen. This calls up a screen that allows you to enable or disable SBD in the cluster. For more information on fence devices, see Configuring fencing in a Red Hat High Availability cluster.
Selecting the ACLS option from the menu along the top of the cluster management page displays a screen from which you can set permissions for local users, allowing read-only or read-write access to the cluster configuration by using access control lists ACLs. To assign ACL permissions, you create a role and define the access permissions for that role. After defining the role, you can assign it to an existing user or group. For more information on assigning permissions using ACLs, see Setting local permissions using ACLs.
Selecting the Cluster Properties option from the menu along the top of the cluster management page displays the cluster properties and allows you to modify these properties from their default values. For information on the Pacemaker cluster properties, see Pacemaker cluster properties. When you use the pcsd Web UI, you connect to one of the nodes of the cluster to display the cluster management pages. If the node to which you are connecting goes down or becomes unavailable, you can reconnect to the cluster by opening your browser to a URL that specifies a different node of the cluster.
It is possible, however, to configure the pcsd Web UI itself for high availability, in which case you can continue to manage the cluster without entering a new URL. To configure the pcsd Web UI for high availability, perform the following steps. Create custom SSL certificates for use with pcsd and ensure that they are valid for the addresses of the nodes used to connect to the pcsd Web UI. Even when you configure the pcsd Web UI for high availability, you will be asked to log in again when the node to which you are connecting goes down.
This document describes the procedures you can use to configure, test, and manage the fence devices in a Red Hat High Availability cluster. A node that is unresponsive may still be accessing data.
The only way to be certain that your data is safe is to fence the node using STONITH. STONITH is an acronym for "Shoot The Other Node In The Head" and it protects your data from being corrupted by rogue nodes or concurrent access. Using STONITH, you can be certain that a node is truly offline before allowing the data to be accessed from another node.
STONITH also has a role to play in the event that a clustered service cannot be stopped. In this case, the cluster uses STONITH to force the whole node offline, thereby making it safe to start the service elsewhere.
For more complete general information on fencing and its importance in a Red Hat High Availability cluster, see Fencing in a Red Hat High Availability Cluster. You implement STONITH in a Pacemaker cluster by configuring fence devices for the nodes of the cluster. The following commands can be used to view available fencing agents and the available options for specific fencing agents. This command lists all available fencing agents.
When you specify a filter, this command displays only the fencing agents that match the filter. For fence agents that provide a method option, a value of cycle is unsupported and should not be specified, as it may cause data corruption.
The format for the command to create a fence device is as follows. For a listing of the available fence device creation options, see the pcs stonith -h display. Some fence devices can fence only a single node, while other devices can fence multiple nodes. The parameters you specify when you create a fencing device depend on what your fencing device supports and requires. After configuring a fence device, it is imperative that you test the device to ensure that it is working correctly.
For information on testing a fence device, see Testiing a fence device. There are many general properties you can set for fencing devices, as well as various cluster properties that determine fencing behavior. Any cluster node can fence any other cluster node with any fence device, regardless of whether the fence resource is started or stopped.
Whether the resource is started controls only the recurring monitor for the device, not whether it can be used, with the following exceptions:. A mapping of host names to port numbers for devices that do not support host names. For example: node;node,3 tells the cluster to use port 1 for node1 and ports 2 and 3 for node2.
How to determine which machines are controlled by the device. The following table summarizes additional properties you can set for fencing devices. Note that these properties are for advanced use only.
An alternate parameter to supply instead of port. Some devices do not support the standard port parameter or may provide additional ones. Use this to specify an alternate, device-specific parameter that should indicate the machine to be fenced. A value of none can be used to tell the cluster not to supply any additional parameters. An alternate command to run instead of reboot. Some devices do not support the standard commands or may provide additional ones. Use this to specify an alternate, device-specific, command that implements the reboot action.
Specify an alternate timeout to use for reboot actions instead of stonith-timeout. Use this to specify an alternate, device-specific, timeout for reboot actions. The maximum number of times to retry the reboot command within the timeout period.
Some devices do not support multiple connections. Operations may fail if the device is busy with another task so Pacemaker will automatically retry the operation, if there is time remaining. Use this option to alter the number of times Pacemaker retries reboot actions before giving up. An alternate command to run instead of off. Use this to specify an alternate, device-specific, command that implements the off action.
Specify an alternate timeout to use for off actions instead of stonith-timeout. Some devices need much more or much less time to complete than normal. Use this to specify an alternate, device-specific, timeout for off actions.
The maximum number of times to retry the off command within the timeout period. Use this option to alter the number of times Pacemaker retries off actions before giving up.
An alternate command to run instead of list. Use this to specify an alternate, device-specific, command that implements the list action. Specify an alternate timeout to use for list actions.
Use this to specify an alternate, device-specific, timeout for list actions. The maximum number of times to retry the list command within the timeout period. Use this option to alter the number of times Pacemaker retries list actions before giving up.
An alternate command to run instead of monitor. Use this to specify an alternate, device-specific, command that implements the monitor action. Specify an alternate timeout to use for monitor actions instead of stonith-timeout. Use this to specify an alternate, device-specific, timeout for monitor actions. The maximum number of times to retry the monitor command within the timeout period. Use this option to alter the number of times Pacemaker retries monitor actions before giving up.
An alternate command to run instead of status. Use this to specify an alternate, device-specific, command that implements the status action. Specify an alternate timeout to use for status actions instead of stonith-timeout.
Use this to specify an alternate, device-specific, timeout for status actions. The maximum number of times to retry the status command within the timeout period. Use this option to alter the number of times Pacemaker retries status actions before giving up. Enable a base delay for stonith actions and specify a base delay value. In a cluster with an even number of nodes, configuring a delay can help avoid nodes fencing each other at the same time in an even split.
A random delay can be useful when the same fence device is used for all nodes, and differing static delays can be useful on each fencing device when a separate device is used for each node. The overall delay is derived from a random delay value adding this static delay so that the sum is kept below the maximum delay. This allows a single fence device to be used in a two-node cluster, with a different delay for each node.
This helps prevent a situation where each node attempts to fence the other node at the same time. For example, node;nodes would use no delay when fencing node1 and a second delay when fencing node2. If both of these delays are configured, they are added together and thus would generally not be used in conjunction. Enable a random delay for stonith actions and specify the maximum of random delay. The overall delay is derived from this random delay value adding a static delay so that the sum is kept below the maximum delay.
The maximum number of actions that can be performed in parallel on this device. A value of -1 is unlimited. For advanced use only: An alternate command to run instead of on. Use this to specify an alternate, device-specific, command that implements the on action. For advanced use only: Specify an alternate timeout to use for on actions instead of stonith-timeout.
Use this to specify an alternate, device-specific, timeout for on actions. For advanced use only: The maximum number of times to retry the on command within the timeout period. Use this option to alter the number of times Pacemaker retries on actions before giving up. In addition to the properties you can set for individual fence devices, there are also cluster properties you can set that determine fencing behavior, as described in the following table.
Indicates that failed nodes and nodes with resources that cannot be stopped should be fenced. Protecting your data requires that you set this true. If true , or unset, the cluster will refuse to start resources unless one or more STONITH resources have been configured also. Red Hat only supports clusters with this value set to true.
Action to send to STONITH device. Allowed values: reboot , off. The value poweroff is also allowed, but is only used for legacy devices. How many times fencing can fail for a target before the cluster will no longer immediately re-attempt it. The maximum time to wait until a node can be assumed to have been killed by the hardware watchdog.
It is recommended that this value be set to twice the value of the hardware watchdog timeout. This option is needed only if watchdog-only SBD configuration is used for fencing. Red Hat Enterprise Linux 8. A cluster node may receive notification of its own fencing if fencing is misconfigured, or if fabric fencing is in use that does not cut cluster communication.
Allowed values are stop to attempt to immediately stop Pacemaker and stay stopped, or panic to attempt to immediately reboot the local node, falling back to stop on failure.
Although the default value for this property is stop , the safest choice for this value is panic , which attempts to immediately reboot the local node.
If you prefer the stop behavior, as is most likely to be the case in conjunction with fabric fencing, it is recommended that you set this explicitly. For information on setting cluster properties, see Setting and removing cluster properties. Fencing is a fundamental part of the Red Hat Cluster infrastructure and it is important to validate or test that fencing is working properly.
Use ssh, telnet, HTTP, or whatever remote protocol is used to connect to the device to manually log in and test the fence device or see what output is given. For example, if you will be configuring fencing for an IPMI-enabled device, then try to log in remotely with ipmitool.
Take note of the options used when logging in manually because those options might be needed when using the fencing agent. If you are unable to log in to the fence device, verify that the device is pingable, there is nothing such as a firewall configuration that is preventing access to the fence device, remote access is enabled on the fencing device, and the credentials are correct.
Run the fence agent manually, using the fence agent script. This does not require that the cluster services are running, so you can perform this step before the device is configured in the cluster. This can ensure that the fence device is responding properly before proceeding.
The actual fence agent you will use and the command that calls that agent will depend on your server hardware. You should consult the man page for the fence agent you are using to determine which options to specify. You will usually need to know the login and password for the fence device and other information related to the fence device.
This allows you to test the device and get it working before attempting to reboot the node. When running this command, you specify the name and password of an iLO user that has power on and off permissions for the iLO device. Running this command on one node reboots the node managed by this iLO device. If the fence agent failed to properly do a status, off, on, or reboot action, you should check the hardware, the configuration of the fence device, and the syntax of your commands.
In addition, you can run the fence agent script with the debug output enabled. The debug output is useful for some fencing agents to see where in the sequence of events the fencing agent script is failing when logging into the fence device. When diagnosing a failure that has occurred, you should ensure that the options you specified when manually logging in to the fence device are identical to what you passed on to the fence agent with the fence agent script.
Once the fence device has been configured in the cluster with the same options that worked manually and the cluster has been started, test fencing with the pcs stonith fence command from any node or even multiple times from different nodes , as in the following example. The pcs stonith fence command reads the cluster configuration from the CIB and calls the fence agent as configured to execute the fence action. This verifies that the cluster configuration is correct.
If the pcs stonith fence command works properly, that means the fencing configuration for the cluster should work when a fence event occurs. If the command fails, it means that cluster management cannot invoke the fence device through the configuration it has retrieved.
Check for the following issues and update your cluster configuration as needed. If the protocol that your fence device uses is accessible to you, use that protocol to try to connect to the device. For example many agents use ssh or telnet. You should try to connect to the device with the credentials you provided when configuring the device, to see if you get a valid prompt and can log in to the device.
If you determine that all your parameters are appropriate but you still have trouble connecting to your fence device, you can check the logging on the fence device itself, if the device provides that, which will show if the user has connected and what command the user issued. Once the fence device tests are working and the cluster is up and running, test an actual failure.
To do this, take an action in the cluster that should initiate a token loss. Take down a network. How you take a network depends on your specific configuration.
In many cases, you can physically pull the network or power cables out of the host. For information on simulating a network failure, see What is the proper way to simulate a network failure on a RHEL Cluster? Disabling the network interface on the local host rather than physically disconnecting the network or power cables is not recommended as a test of fencing because it does not accurately simulate a typical real-world failure.
Block corosync traffic both inbound and outbound using the local firewall. The following example blocks corosync, assuming the default corosync port is used, firewalld is used as the local firewall, and the network interface used by corosync is in the default firewall zone:. Simulate a crash and panic your machine with sysrq-trigger. Note, however, that triggering a kernel panic can cause data loss; it is recommended that you disable your cluster resources first.
Pacemaker supports fencing nodes with multiple devices through a feature called fencing topologies. To implement topologies, create the individual devices as you normally would and then define one or more fencing levels in the fencing topology section in the configuration. Use the following command to add a fencing level to a node. The devices are given as a comma-separated list of stonith ids, which are attempted for the node at that level.
This example also shows the output of the pcs stonith level command after the levels are configured. The following command removes the fence level for the specified node and devices. If no nodes or devices are specified then the fence level you specify is removed from all nodes. The following command clears the fence levels on the specified node or stonith id. If you do not specify a node or stonith id, all fence levels are cleared. If you specify more than one stonith id, they must be separated by a comma and no spaces, as in the following example.
The following command verifies that all fence devices and nodes specified in fence levels exist. You can specify nodes in fencing topology by a regular expression applied on a node name and by a node attribute and its value. For example, the following commands configure nodes node1 , node2 , and node3 to use fence devices apc1 and apc2 , and nodes node4 , node5 , and node6 to use fence devices apc3 and apc4. When configuring fencing for redundant power supplies, the cluster must ensure that when attempting to reboot a host, both power supplies are turned off before either power supply is turned back on.
If the node never completely loses power, the node may not release its resources. This opens up the possibility of nodes accessing these resources simultaneously and corrupting them. You need to define each device only once and to specify that both are required to fence the node, as in the following example.
The following command shows all currently configured fence devices. If the --full option is specified, all configured stonith options are displayed. Use the following command to modify or add options to a currently configured fencing device. Updating a SCSI fencing device with the pcs stonith update command causes a restart of all resources running on the same node where the stonith resource was running. You can fence a node manually with the following command.
If you specify --off this will use the off API call to stonith which will turn the node off instead of rebooting it. In a situation where no fence device is able to fence a node even if it is no longer active, the cluster may not be able to recover the resources on the node.
If this occurs, after manually ensuring that the node is powered down you can enter the following command to confirm to the cluster that the node is powered down and free its resources for recovery. To prevent a specific node from using a fencing device, you can configure location constraints for the fencing resource.
The following example prevents fence device node1-ipmi from running on node1. If your cluster uses integrated fence devices, you must configure ACPI Advanced Configuration and Power Interface to ensure immediate and complete fencing. If a cluster node is configured to be fenced by an integrated fence device, disable ACPI Soft-Off for that node. Disabling ACPI Soft-Off allows an integrated fence device to turn off a node immediately and completely rather than attempting a clean shutdown for example, shutdown -h now.
Otherwise, if ACPI Soft-Off is enabled, an integrated fence device can take four or more seconds to turn off a node see the note that follows. In addition, if ACPI Soft-Off is enabled and a node panics or freezes during shutdown, an integrated fence device may not be able to turn off the node. Under those circumstances, fencing is delayed or unsuccessful.
Consequently, when a node is fenced with an integrated fence device and ACPI Soft-Off is enabled, a cluster recovers slowly or requires administrative intervention to recover. The amount of time required to fence a node depends on the integrated fence device used. Some integrated fence devices perform the equivalent of pressing and holding the power button; therefore, the fence device turns off the node in four to five seconds. Other integrated fence devices perform the equivalent of pressing the power button momentarily, relying on the operating system to turn off the node; therefore, the fence device turns off the node in a time span much longer than four to five seconds.
Disabling ACPI Soft-Off with the BIOS may not be possible with some systems. If disabling ACPI Soft-Off with the BIOS is not satisfactory for your cluster, you can disable ACPI Soft-Off with one of the following alternate methods:. This is the second alternate method of disabling ACPI Soft-Off, if the preferred or the first alternate method is not available.
This method completely disables ACPI; some computers do not boot correctly if ACPI is completely disabled. Use this method only if the other methods are not effective for your cluster.
You can disable ACPI Soft-Off by configuring the BIOS of each cluster node with the following procedure. The procedure for disabling ACPI Soft-Off with the BIOS may differ among server systems.
You should verify this procedure with your hardware documentation. At the Power menu, set the Soft-Off by PWR-BTTN function or equivalent to Instant-Off or the equivalent setting that turns off the node by means of the power button without delay. The BIOS CMOS Setup Utiliy example below shows a Power menu with ACPI Function set to Enabled and Soft-Off by PWR-BTTN set to Instant-Off. The equivalents to ACPI Function , Soft-Off by PWR-BTTN , and Instant-Off may vary among computers.
However, the objective of this procedure is to configure the BIOS so that the computer is turned off by means of the power button without delay.
This example shows ACPI Function set to Enabled , and Soft-Off by PWR-BTTN set to Instant-Off. conf file, use the following procedure. conf file:. Use the --args option in combination with the --update-kernel option of the grubby tool to change the grub. cfg file of each cluster node as follows:. This section provides formats and examples for the basic commands to create and delete cluster resources.
You can determine the behavior of a resource in a cluster by configuring constraints for that resource. The following command creates a resource with the name VirtualIP of standard ocf , provider heartbeat , and type IPaddr2. The floating address of this resource is Alternately, you can omit the standard and provider fields and use the following command.
This will default to a standard of ocf and a provider of heartbeat. For example, the following command deletes an existing resource with a resource ID of VirtualIP. The identifiers that you define for a resource tell the cluster which agent to use for the resource, where to find that agent and what standards it conforms to. d directory. The name of the resource agent you wish to use, for example IPaddr or Filesystem. The OCF spec allows multiple vendors to supply the same resource agent.
Most of the agents shipped by Red Hat use heartbeat as the provider. pcs resource list string. Displays a list of available resources filtered by the specified string. You can use this command to display resources filtered by the name of a standard, a provider, or a type. For any individual resource, you can use the following command to display a description of the resource, the parameters you can set for that resource, and the default values that are set for the resource.
For example, the following command displays information for a resource of type apache. In addition to the resource-specific parameters, you can configure additional resource options for any resource. These options are used by the cluster to decide how your resource should behave.
If not all resources can be active, the cluster will stop lower priority resources in order to keep higher priority ones active.
Indicates what state the cluster should attempt to keep this resource in. Allowed values:. These role names are the functional equivalent of the Master and Slave Pacemaker roles. Indicates whether the cluster is allowed to start and stop the resource. Allowed values: true , false. Value to indicate how much the resource prefers to stay where it is. For information on this attribute, see Configuring a resource to prefer its current node.
Defaults to fencing except under the conditions noted below. Possible values:. How many failures may occur for this resource on a node before this node is marked ineligible to host this resource. A value of 0 indicates that this feature is disabled the node will never be marked ineligible ; by contrast, the cluster treats INFINITY the default as a very large but finite number.
Used in conjunction with the migration-threshold option, indicates how many seconds to wait before acting as if the failure had not occurred, and potentially allowing the resource back to the node on which it failed. Indicates what the cluster should do if it ever finds the resource active on more than one node. The influence colocation constraint option determines whether the cluster will move both the primary and dependent resources to another node when the dependent resource reaches its migration threshold for failure, or whether the cluster will leave the dependent resource offline without causing a service switch.
The critical resource meta option can have a value of true or false , with a default value of true. The following command resets the default value of resource-stickiness to However, pcs resource defaults update is now the preferred version of the command.
In RHEL 8. With the pcs resource defaults set create command, you can configure a default resource value for all resources of a particular type. If, for example, you are running databases which take a long time to stop, you can increase the resource-stickiness default value for all resources of the database type to prevent those resources from moving to other nodes more often than you desire.
The following command sets the default value of resource-stickiness to for all resources of type pqsql. In this example, ::pgsql means a resource of any class, any provider, of type pgsql. To change the default values in an existing set, use the pcs resource defaults set update command. The pcs resource defaults command displays a list of currently configured default values for resource options, including any rules you specified.
The following example shows the output of this command after you have reset the default value of resource-stickiness to Whether you have reset the default value of a resource meta option or not, you can set a resource option for a particular resource to a value other than the default when you create the resource.
The following shows the format of the pcs resource create command you use when specifying a value for a resource meta option. For example, the following command creates a resource with a resource-stickiness value of You can also set the value of a resource meta option for an existing resource, group, or cloned resource with the following command. This command sets the failure-timeout meta option to 20 seconds, so that the resource can attempt to restart on the same node in 20 seconds.
To simplify this configuration, Pacemaker supports the concept of resource groups. You create a resource group with the following command, specifying the resources to include in the group. If the group does not exist, this command creates the group.
If the group exists, this command adds additional resources to the group. The resources will start in the order you specify them with this command, and will stop in the reverse order of their starting order. You can use the --before and --after options of this command to specify the position of the added resources relative to a resource that already exists in the group.
You can also add a new resource to an existing group when you create the resource, using the following command. There is no limit to the number of resources a group can contain. The fundamental properties of a group are as follows. The following example creates a resource group named shortcut that contains the existing resources IPaddr and Email.
You remove a resource from a group with the following command. If there are no remaining resources in the group, this command removes the group itself. You can set the following options for a resource group, and they maintain the same meaning as when they are set for a single resource: priority , target-role , is-managed.
For information on resource meta options, see Configuring resource meta options. Stickiness, the measure of how much a resource wants to stay where it is, is additive in groups. So if the default resource-stickiness is , and a group has seven members, five of which are active, then the group as a whole will prefer its current location with a score of As a shorthand for configuring a set of constraints that will locate a set of resources together and ensure that the resources start sequentially and stop in reverse order, Pacemaker supports the concept of resource groups.
After you have created a resource group, you can configure constraints on the group itself just as you configure constraints for individual resources. Location constraints determine which nodes a resource can run on. You can configure location constraints to determine whether a resource will prefer or avoid a specified node. In addition to location constraints, the node on which a resource runs is influenced by the resource-stickiness value for that resource, which determines to what degree a resource prefers to remain on the node where it is currently running.
For information on setting the resource-stickiness value, see Configuring a resource to prefer its current node. You can configure a basic location constraint to specify whether a resource prefers or avoids a node, with an optional score value to indicate the relative degree of preference for the constraint. The following command creates a location constraint for a resource to prefer the specified node or nodes.
Note that it is possible to create constraints on a particular resource for more than one node with a single command. The following command creates a location constraint for a resource to avoid the specified node or nodes. The following table summarizes the meanings of the basic options for configuring location constraints. Positive integer value to indicate the degree of preference for whether the given resource should prefer or avoid the given node.
INFINITY is the default score value for a resource location constraint. A value of INFINITY for score in a pcs constraint location rsc prefers command indicates that the resource will prefer that node if the node is available, but does not prevent the resource from running on another node if the specified node is unavailable.
A value of INFINITY for score in a pcs constraint location rsc avoids command indicates that the resource will never run on that node, even if no other node is available. This is the equivalent of setting a pcs constraint location add command with a score of -INFINITY.
A numeric score that is, not INFINITY means the constraint is optional, and will be honored unless some other factor outweighs it. The following command creates a location constraint to specify that the resource Webserver prefers node node1. pcs supports regular expressions in location constraints on the command line. These constraints apply to multiple resources based on the regular expression matching resource name. This allows you to configure multiple location constraints with a single command line.
The following command creates a location constraint to specify that resources dummy0 to dummy9 prefer node1. Before Pacemaker starts a resource anywhere, it first runs a one-time monitor operation often referred to as a "probe" on every node, to learn whether the resource is already running. This process of resource discovery can result in errors on nodes that are unable to execute the monitor. When configuring a location constraint on a node, you can use the resource-discovery option of the pcs constraint location command to indicate a preference for whether Pacemaker should perform resource discovery on this node for the specified resource.
Limiting resource discovery to a subset of nodes the resource is physically capable of running on can significantly boost performance when a large set of nodes is present. The following command shows the format for specifying the resource-discovery option of the pcs constraint location command. As with basic location constraints, you can use regular expressions for resources with these constraints as well.
The following table summarizes the meanings of the basic parameters for configuring constraints for resource discovery. Integer value to indicate the degree of preference for whether the given resource should prefer or avoid the given node. A positive value for score corresponds to a basic location constraint that configures a resource to prefer a node, while a negative value for score corresponds to a basic location constraint that configures a resource to avoid a node.
A value of INFINITY for score indicates that the resource will prefer that node if the node is available, but does not prevent the resource from running on another node if the specified node is unavailable. A value of -INFINITY for score indicates that the resource will never run on that node, even if no other node is available.
A numeric score that is, not INFINITY or -INFINITY means the constraint is optional, and will be honored unless some other factor outweighs it. This is the default resource-discovery value for a resource location constraint. Multiple location constraints using exclusive discovery for the same resource across different nodes creates a subset of nodes resource-discovery is exclusive to. If a resource is marked for exclusive discovery on one or more nodes, that resource is only allowed to be placed within that subset of nodes.
It is up to the system administrator to make sure that the service can never be active on nodes without resource discovery such as by leaving the relevant software uninstalled. When using location constraints, you can configure a general strategy for specifying which nodes a resource can run on:.
Whether you should choose to configure your cluster as an opt-in or opt-out cluster depends on both your personal preference and the make-up of your cluster. If most of your resources can run on most of the nodes, then an opt-out arrangement is likely to result in a simpler configuration. On the other hand, if most resources can only run on a small subset of nodes an opt-in configuration might be simpler. To create an opt-in cluster, set the symmetric-cluster cluster property to false to prevent resources from running anywhere by default.
Enable nodes for individual resources. The following commands configure location constraints so that the resource Webserver prefers node example-1 , the resource Database prefers node example-2 , and both resources can fail over to node example-3 if their preferred node fails. When configuring location constraints for an opt-in cluster, setting a score of zero allows a resource to run on a node without indicating any preference to prefer or avoid the node.
To create an opt-out cluster, set the symmetric-cluster cluster property to true to allow resources to run everywhere by default. This is the default configuration if symmetric-cluster is not set explicitly. The following commands will then yield a configuration that is equivalent to the example in "Configuring an "Opt-In" cluster". Both resources can fail over to node example-3 if their preferred node fails, since every node has an implicit score of 0.
Note that it is not necessary to specify a score of INFINITY in these commands, since that is the default value for the score. Resources have a resource-stickiness value that you can set as a meta attribute when you create the resource, as described in Configuring resource meta options. The resource-stickiness value determines how much a resource wants to remain on the node where it is currently running.
Pacemaker considers the resource-stickiness value in conjunction with other settings for example, the score values of location constraints to determine whether to move a resource to another node or to leave it in place.
With a resource-stickiness value of 0, a cluster may move resources as needed to balance resources across nodes. This may result in resources moving when unrelated resources start or stop. With a positive stickiness, resources have a preference to stay where they are, and move only if other circumstances outweigh the stickiness. This may result in newly-added nodes not getting any resources assigned to them without administrator intervention.
By default, a resource is created with a resource-stickiness value of 0. This may result in healthy resources moving more often than you desire. To prevent this behavior, you can set the default resource-stickiness value to 1.
This default will apply to all resources in the cluster. This small value can be easily overridden by other constraints that you create, but it is enough to prevent Pacemaker from needlessly moving healthy resources around the cluster. The following command sets the default resource-stickiness value to 1. With a positive resource-stickiness value, no resources will move to a newly-added node. If resource balancing is desired at that point, you can temporarily set the resource-stickiness value to 0.
Note that if a location constraint score is higher than the resource-stickiness value, the cluster may still move a healthy resource to the node where the location constraint points. For further information about how Pacemaker determines where to place a resource, see Configuring a node placement strategy. To determine the order in which the resources run, you configure an ordering constraint.
The following table summarizes the properties and options for configuring ordering constraints. The action to be ordered on the resource. Possible values of the action property are as follows:. How to enforce the constraint. The possible values of the kind option are as follows:. For information on optional ordering, see Configuring advisory ordering. If the first resource you specified is stopping or cannot be started, the second resource you specified must be stopped.
For information on mandatory ordering, see Configuring mandatory ordering. The first and second resource you specify can start in either order, but one must complete starting before the other can be started. A typical use case is when resource startup puts a high load on the host.
If true, the reverse of the constraint applies for the opposite action for example, if B starts after A starts, then B stops before A stops. Ordering constraints for which kind is Serialize cannot be symmetrical. The default value is true for Mandatory and Optional kinds, false for Serialize. A mandatory ordering constraint indicates that the second action should not be initiated for the second resource unless and until the first action successfully completes for the first resource. Actions that may be ordered are stop , start , and additionally for promotable clones, demote and promote.
For example, "A then B" which is equivalent to "start A then start B" means that B will not be started unless and until A successfully starts.
An ordering constraint is mandatory if the kind option for the constraint is set to Mandatory or left as default. If the symmetrical option is set to true or left to default, the opposite actions will be ordered in reverse. The start and stop actions are opposites, and demote and promote are opposites. For example, a symmetrical "promote A then start B" ordering implies "stop B then demote A", which means that A cannot be demoted until and unless B successfully stops.
For example, given "A then B", if A restarts due to failure, B will be stopped first, then A will be stopped, then A will be started, then B will be started. Note that the cluster reacts to each state change. If the first resource is restarted and is in a started state again before the second resource initiated a stop operation, the second resource will not need to be restarted.
Any change in state by the first resource you specify will have no effect on the second resource you specify. A common situation is for an administrator to create a chain of ordered resources, where, for example, resource A starts before resource B which starts before resource C. If your configuration requires that you create a set of resources that is colocated and started in order, you can configure a resource group that contains those resources. There are some situations, however, where configuring the resources that need to start in a specified order as a resource group is not appropriate:.
In these situations, you can create an ordering constraint on a set or sets of resources with the pcs constraint order set command. You can set the following options for a set of resources with the pcs constraint order set command. sequential , which can be set to true or false to indicate whether the set of resources must be ordered relative to each other. The default value is true. Setting sequential to false allows a set to be ordered relative to other sets in the ordering constraint, without its members being ordered relative to each other.
Therefore, this option makes sense only if multiple sets are listed in the constraint; otherwise, the constraint has no effect. You can set the following constraint options for a set of resources following the setoptions parameter of the pcs constraint order set command.
If you have three resources named D1 , D2 , and D3 , the following command configures them as an ordered resource set. If you have six resources named A , B , C , D , E , and F , this example configures an ordering constraint for the set of resources that will start as follows:.
It is possible for a cluster to include resources with dependencies that are not themselves managed by the cluster. In this case, you must ensure that those dependencies are started before Pacemaker is started and stopped after Pacemaker is stopped. You can configure your startup order to account for this situation by means of the systemd resource-agents-deps target. You can create a systemd drop-in unit for this target and Pacemaker will order itself appropriately relative to this target.
For example, if a cluster includes a resource that depends on the external service foo that is not managed by the cluster, perform the following procedure. conf that contains the following:. A cluster dependency specified in this way can be something other than a service. conf that contains the following. If an LVM volume group used by a Pacemaker cluster contains one or more physical volumes that reside on remote block storage, such as an iSCSI target, you can configure a systemd resource-agents-deps target and a systemd drop-in unit for the target to ensure that the service starts before Pacemaker starts.
The following procedure configures blk-availability. service as a dependency. The blk-availability. service service is a wrapper that includes iscsi. service , among other services. If your deployment requires it, you could configure iscsi. service for iSCSI only or remote-fs. target as the dependency instead of blk-availability. To specify that the location of one resource depends on the location of another resource, you configure a colocation constraint.
There is an important side effect of creating a colocation constraint between two resources: it affects the order in which resources are assigned to a node.
Target benefits are delivered through speed, transparency, and security, and their impact can be seen across a diverse range of use cases. Sharing financial data across providers can enable a customer individual or business to have real-time access to multiple bank accounts across multiple institutions all in one platform, saving time and helping consumers get a more accurate picture of their own finances before taking on debt, providing a more reliable indication than most lending guidelines currently do.
Companies can also create carefully refined marketing profiles and therefore, finely tune their services to the specific need.
Open Banking platforms like Klarna Kosma also provide a unique opportunity for businesses to overlay additional tools that add real value for users and deepen their customer relationships. The increased transparency brought about by Open Banking brings a vast array of additional benefits, such as helping fraud detection companies better monitor customer accounts and identify problems much earlier.
The list of new value-add solutions continues to grow. The speed of business has never been faster than it is today. For small business owners, time is at a premium as they are wearing multiple hats every day. Macroeconomic challenges like inflation and supply chain issues are making successful money and cash flow management even more challenging.
This presents a tremendous opportunity that innovation in fintech can solve by speeding up money movement, increasing access to capital, and making it easier to manage business operations in a central place.
Fintech offers innovative products and services where outdated practices and processes offer limited options. For example, fintech is enabling increased access to capital for business owners from diverse and varying backgrounds by leveraging alternative data to evaluate creditworthiness and risk models. This can positively impact all types of business owners, but especially those underserved by traditional financial service models.
When we look across the Intuit QuickBooks platform and the overall fintech ecosystem, we see a variety of innovations fueled by AI and data science that are helping small businesses succeed. By efficiently embedding and connecting financial services like banking, payments, and lending to help small businesses, we can reinvent how SMBs get paid and enable greater access to the vital funds they need at critical points in their journey.
Overall, we see fintech as empowering people who have been left behind by antiquated financial systems, giving them real-time insights, tips, and tools they need to turn their financial dreams into a reality.
Innovations in payments and financial technologies have helped transform daily life for millions of people. People who are unbanked often rely on more expensive alternative financial products AFPs such as payday loans, money orders, and other expensive credit facilities that typically charge higher fees and interest rates, making it more likely that people have to dip into their savings to stay afloat. A few examples include:. Mobile wallets - The unbanked may not have traditional bank accounts but can have verified mobile wallet accounts for shopping and bill payments.
Their mobile wallet identity can be used to open a virtual bank account for secure and convenient online banking. Minimal to no-fee banking services - Fintech companies typically have much lower acquisition and operating costs than traditional financial institutions. They are then able to pass on these savings in the form of no-fee or no-minimum-balance products to their customers. This enables immigrants and other populations that may be underbanked to move up the credit lifecycle to get additional forms of credit such as auto, home and education loans, etc.
Entrepreneurs from every background, in every part of the world, should be empowered to start and scale global businesses. Most businesses still face daunting challenges with very basic matters. These are still very manually intensive processes, and they are barriers to entrepreneurship in the form of paperwork, PDFs, faxes, and forms. Stripe is working to solve these rather mundane and boring challenges, almost always with an application programming interface that simplifies complex processes into a few clicks.
Stripe powers nearly half a million businesses in rural America. The internet economy is just beginning to make a real difference for businesses of all sizes in all kinds of places. We are excited about this future. The way we make decisions on credit should be fair and inclusive and done in a way that takes into account a greater picture of a person.
Lenders can better serve their borrowers with more data and better math. Zest AI has successfully built a compliant, consistent, and equitable AI-automated underwriting technology that lenders can utilize to help make their credit decisions. While artificial intelligence AI systems have been a tool historically used by sophisticated investors to maximize their returns, newer and more advanced AI systems will be the key innovation to democratize access to financial systems in the future.
D espite privacy, ethics, and bias issues that remain to be resolved with AI systems, the good news is that as large r datasets become progressively easier to interconnect, AI and related natural language processing NLP technology innovations are increasingly able to equalize access. T he even better news is that this democratization is taking multiple forms.
AI can be used to provide risk assessments necessary to bank those under-served or denied access. AI systems can also retrieve troves of data not used in traditional credit reports, including personal cash flow, payment applications usage, on-time utility payments, and other data buried within large datasets, to create fair and more accurate risk assessments essential to obtain credit and other financial services.
By expanding credit availability to historically underserved communities, AI enables them to gain credit and build wealth. Additionally, personalized portfolio management will become available to more people with the implementation and advancement of AI.
Sophisticated financial advice and routine oversight, typically reserved for traditional investors, will allow individuals, including marginalized and low-income people, to maximize the value of their financial portfolios. Moreover, when coupled with NLP technologies, even greater democratization can result as inexperienced investors can interact with AI systems in plain English, while providing an easier interface to financial markets than existing execution tools.
Open finance technology enables millions of people to use the apps and services that they rely on to manage their financial lives — from overdraft protection, to money management, investing for retirement, or building credit.
More than 8 in 10 Americans are now using digital finance tools powered by open finance. This is because consumers see something they like or want — a new choice, more options, or lower costs. What is open finance? At its core, it is about putting consumers in control of their own data and allowing them to use it to get a better deal.
When people can easily switch to another company and bring their financial history with them, that presents real competition to legacy services and forces everyone to improve, with positive results for consumers. For example, we see the impact this is having on large players being forced to drop overdraft fees or to compete to deliver products consumers want. We see the benefits of open finance first hand at Plaid, as we support thousands of companies, from the biggest fintechs, to startups, to large and small banks.
All are building products that depend on one thing - consumers' ability to securely share their data to use different services. Open finance has supported more inclusive, competitive financial systems for consumers and small businesses in the U. and across the globe — and there is room to do much more. As an example, the National Consumer Law Consumer recently put out a new report that looked at consumers providing access to their bank account data so their rent payments could inform their mortgage underwriting and help build credit.
This is part of the promise of open finance. At Plaid, we believe a consumer should have a right to their own data, and agency over that data, no matter where it sits.
This will be essential to securing benefits of open finance for consumers for many years to come. As AWS preps for its annual re:Invent conference, Adam Selipsky talks product strategy, support for hybrid environments, and the value of the cloud in uncertain economic times. Donna Goodison dgoodison is Protocol's senior reporter focusing on enterprise infrastructure technology, from the 'Big 3' cloud computing providers to data centers.
She previously covered the public cloud at CRN after 15 years as a business reporter for the Boston Herald. AWS is gearing up for re:Invent, its annual cloud computing conference where announcements this year are expected to focus on its end-to-end data strategy and delivering new industry-specific services.
Both prongs of that are important. But cost-cutting is a reality for many customers given the worldwide economic turmoil, and AWS has seen an increase in customers looking to control their cloud spending. By the way, they should be doing that all the time. The motivation's just a little bit higher in the current economic situation. This interview has been edited and condensed for clarity. Besides the sheer growth of AWS, what do you think has changed the most while you were at Tableau?
Were you surprised by anything? The number of customers who are now deeply deployed on AWS, deployed in the cloud, in a way that's fundamental to their business and fundamental to their success surprised me. There was a time years ago where there were not that many enterprise CEOs who were well-versed in the cloud.
It's not just about deploying technology. The conversation that I most end up having with CEOs is about organizational transformation. It is about how they can put data at the center of their decision-making in a way that most organizations have never actually done in their history. And it's about using the cloud to innovate more quickly and to drive speed into their organizations. Those are cultural characteristics, not technology characteristics, and those have organizational implications about how they organize and what teams they need to have.
It turns out that while the technology is sophisticated, deploying the technology is arguably the lesser challenge compared with how do you mold and shape the organization to best take advantage of all the benefits that the cloud is providing. How has your experience at Tableau affected AWS and how you think about putting your stamp on AWS? I, personally, have just spent almost five years deeply immersed in the world of data and analytics and business intelligence, and hopefully I learned something during that time about those topics.
I'm able to bring back a real insider's view, if you will, about where that world is heading — data, analytics, databases, machine learning, and how all those things come together, and how you really need to view what's happening with data as an end-to-end story.
It's not about having a point solution for a database or an analytic service, it's really about understanding the flow of data from when it comes into your organization all the way through the other end, where people are collaborating and sharing and making decisions based on that data.
AWS has tremendous resources devoted in all these areas. Can you talk about the intersection of data and machine learning and how you see that playing out in the next couple of years?
What we're seeing is three areas really coming together: You've got databases, analytics capabilities, and machine learning, and it's sort of like a Venn diagram with a partial overlap of those three circles. There are areas of each which are arguably still independent from each other, but there's a very large and a very powerful intersection of the three — to the point where we've actually organized inside of AWS around that and have a single leader for all of those areas to really help bring those together.
There's so much data in the world, and the amount of it continues to explode. We were saying that five years ago, and it's even more true today. The rate of growth is only accelerating.
It's a huge opportunity and a huge problem. A lot of people are drowning in their data and don't know how to use it to make decisions. Other organizations have figured out how to use these very powerful technologies to really gain insights rapidly from their data. What we're really trying to do is to look at that end-to-end journey of data and to build really compelling, powerful capabilities and services at each stop in that data journey and then…knit all that together with strong concepts like governance.
By putting good governance in place about who has access to what data and where you want to be careful within those guardrails that you set up, you can then set people free to be creative and to explore all the data that's available to them.
AWS has more than services now. Have you hit the peak for that or can you sustain that growth? We're not done building yet, and I don't know when we ever will be. We continue to both release new services because customers need them and they ask us for them and, at the same time, we've put tremendous effort into adding new capabilities inside of the existing services that we've already built.
We don't just build a service and move on. Inside of each of our services — you can pick any example — we're just adding new capabilities all the time. One of our focuses now is to make sure that we're really helping customers to connect and integrate between our different services. So those kinds of capabilities — both building new services, deepening our feature set within existing services, and integrating across our services — are all really important areas that we'll continue to invest in.
Do customers still want those fundamental building blocks and to piece them together themselves, or do they just want AWS to take care of all that? There's no one-size-fits-all solution to what customers want. It is interesting, and I will say somewhat surprising to me, how much basic capabilities, such as price performance of compute, are still absolutely vital to our customers.
But it's absolutely vital. Part of that is because of the size of datasets and because of the machine learning capabilities which are now being created. They require vast amounts of compute, but nobody will be able to do that compute unless we keep dramatically improving the price performance.
We also absolutely have more and more customers who want to interact with AWS at a higher level of abstraction…more at the application layer or broader solutions, and we're putting a lot of energy, a lot of resources, into a number of higher-level solutions.
One of the biggest of those … is Amazon Connect, which is our contact center solution. In minutes or hours or days, you can be up and running with a contact center in the cloud. At the beginning of the pandemic, Barclays … sent all their agents home.
In something like 10 days, they got 6, agents up and running on Amazon Connect so they could continue servicing their end customers with customer service. We've built a lot of sophisticated capabilities that are machine learning-based inside of Connect. We can do call transcription, so that supervisors can help with training agents and services that extract meaning and themes out of those calls. We don't talk about the primitive capabilities that power that, we just talk about the capabilities to transcribe calls and to extract meaning from the calls.
It's really important that we provide solutions for customers at all levels of the stack. Given the economic challenges that customers are facing, how is AWS ensuring that enterprises are getting better returns on their cloud investments? Now's the time to lean into the cloud more than ever, precisely because of the uncertainty.
We saw it during the pandemic in early , and we're seeing it again now, which is, the benefits of the cloud only magnify in times of uncertainty.
For example, the one thing which many companies do in challenging economic times is to cut capital expense. For most companies, the cloud represents operating expense, not capital expense.
You're not buying servers, you're basically paying per unit of time or unit of storage. That provides tremendous flexibility for many companies who just don't have the CapEx in their budgets to still be able to get important, innovation-driving projects done.
Another huge benefit of the cloud is the flexibility that it provides — the elasticity, the ability to dramatically raise or dramatically shrink the amount of resources that are consumed. You can only imagine if a company was in their own data centers, how hard that would have been to grow that quickly. The ability to dramatically grow or dramatically shrink your IT spend essentially is a unique feature of the cloud.
These kinds of challenging times are exactly when you want to prepare yourself to be the innovators … to reinvigorate and reinvest and drive growth forward again. We've seen so many customers who have prepared themselves, are using AWS, and then when a challenge hits, are actually able to accelerate because they've got competitors who are not as prepared, or there's a new opportunity that they spot.
We see a lot of customers actually leaning into their cloud journeys during these uncertain economic times. Do you still push multi-year contracts, and when there's times like this, do customers have the ability to renegotiate? Many are rapidly accelerating their journey to the cloud.
Some customers are doing some belt-tightening. What we see a lot of is folks just being really focused on optimizing their resources, making sure that they're shutting down resources which they're not consuming.
You do see some discretionary projects which are being not canceled, but pushed out. Every customer is free to make that choice. But of course, many of our larger customers want to make longer-term commitments, want to have a deeper relationship with us, want the economics that come with that commitment.
We're signing more long-term commitments than ever these days. We provide incredible value for our customers, which is what they care about. That kind of analysis would not be feasible, you wouldn't even be able to do that for most companies, on their own premises. So some of these workloads just become better, become very powerful cost-savings mechanisms, really only possible with advanced analytics that you can run in the cloud.
In other cases, just the fact that we have things like our Graviton processors and … run such large capabilities across multiple customers, our use of resources is so much more efficient than others.
We are of significant enough scale that we, of course, have good purchasing economics of things like bandwidth and energy and so forth.
So, in general, there's significant cost savings by running on AWS, and that's what our customers are focused on. The margins of our business are going to … fluctuate up and down quarter to quarter. It will depend on what capital projects we've spent on that quarter.
Obviously, energy prices are high at the moment, and so there are some quarters that are puts, other quarters there are takes. The important thing for our customers is the value we provide them compared to what they're used to. And those benefits have been dramatic for years, as evidenced by the customers' adoption of AWS and the fact that we're still growing at the rate we are given the size business that we are.
That adoption speaks louder than any other voice. Do you anticipate a higher percentage of customer workloads moving back on premises than you maybe would have three years ago? Absolutely not. We're a big enough business, if you asked me have you ever seen X, I could probably find one of anything, but the absolute dominant trend is customers dramatically accelerating their move to the cloud.
Moving internal enterprise IT workloads like SAP to the cloud, that's a big trend. Creating new analytics capabilities that many times didn't even exist before and running those in the cloud. More startups than ever are building innovative new businesses in AWS.
Our public-sector business continues to grow, serving both federal as well as state and local and educational institutions around the world. It really is still day one. The opportunity is still very much in front of us, very much in front of our customers, and they continue to see that opportunity and to move rapidly to the cloud. In general, when we look across our worldwide customer base, we see time after time that the most innovation and the most efficient cost structure happens when customers choose one provider, when they're running predominantly on AWS.
A lot of benefits of scale for our customers, including the expertise that they develop on learning one stack and really getting expert, rather than dividing up their expertise and having to go back to basics on the next parallel stack. That being said, many customers are in a hybrid state, where they run IT in different environments. In some cases, that's by choice; in other cases, it's due to acquisitions, like buying companies and inherited technology.
We understand and embrace the fact that it's a messy world in IT, and that many of our customers for years are going to have some of their resources on premises, some on AWS. Some may have resources that run in other clouds. We want to make that entire hybrid environment as easy and as powerful for customers as possible, so we've actually invested and continue to invest very heavily in these hybrid capabilities.
A lot of customers are using containerized workloads now, and one of the big container technologies is Kubernetes. We have a managed Kubernetes service, Elastic Kubernetes Service, and we have a … distribution of Kubernetes Amazon EKS Distro that customers can take and run on their own premises and even use to boot up resources in another public cloud and have all that be done in a consistent fashion and be able to observe and manage across all those environments.
So we're very committed to providing hybrid capabilities, including running on premises, including running in other clouds, and making the world as easy and as cost-efficient as possible for customers. Can you talk about why you brought Dilip Kumar, who was Amazon's vice president of physical retail and tech, into AWS as vice president applications and how that will play out?
He's a longtime, tenured Amazonian with many, many different roles — important roles — in the company over a many-year period. Dilip has come over to AWS to report directly to me, running an applications group. We do have more and more customers who want to interact with the cloud at a higher level — higher up the stack or more on the application layer. We talked about Connect, our contact center solution, and we've also built services specifically for the healthcare industry like a data lake for healthcare records called Amazon HealthLake.
We've built a lot of industrial services like IoT services for industrial settings, for example, to monitor industrial equipment to understand when it needs preventive maintenance. We have a lot of capabilities we're building that are either for … horizontal use cases like Amazon Connect or industry verticals like automotive, healthcare, financial services. We see more and more demand for those, and Dilip has come in to really coalesce a lot of teams' capabilities, who will be focusing on those areas.
You can expect to see us invest significantly in those areas and to come out with some really exciting innovations. Would that include going into CRM or ERP or other higher-level, run-your-business applications?
I don't think we have immediate plans in those particular areas, but as we've always said, we're going to be completely guided by our customers, and we'll go where our customers tell us it's most important to go next.
It's always been our north star. Correction: This story was updated Nov. Bennett Richardson bennettrich is the president of Protocol. Prior to joining Protocol in , Bennett was executive director of global strategic partnerships at POLITICO, where he led strategic growth efforts including POLITICO's European expansion in Brussels and POLITICO's creative agency POLITICO Focus during his six years with the company.
Prior to POLITICO, Bennett was co-founder and CMO of Hinge, the mobile dating company recently acquired by Match Group. Bennett began his career in digital and social brand marketing working with major brands across tech, energy, and health care at leading marketing and communications agencies including Edelman and GMMB.
A federal appeals court struck a major blow against the Consumer Financial Protection Bureau with a finding that its funding mechanism is unconstitutional. The decision is likely to be challenged, setting up a major fight for the future of the top U. consumer-finance watchdog. As set up under the Dodd-Frank Act, the CFPB is funded by the Federal Reserve rather than congressional appropriations. But Republicans have chafed at what they view as anti-business practices and a lack of oversight. The structure has been the target of legal challenges before.
Democratic Sen. Elizabeth Warren, who oversaw the CFPB's creation , responded to the ruling on Twitter, writing that "extreme right-wing judges are throwing into question every rule the CFPB enforces to protect consumers and businesses alike.
Republican Sen. Cynthia Lummis, meanwhile, said the CFPB "needs the same Congressional oversight as every other government agency. The CFPB is expected to challenge the ruling, though it has yet to confirm that. To that point, the CFPB issued new guidance to credit-reporting agencies Thursday about omitting what it called "junk data" from credit reports.
The CFPB has faced several challenges to its existence over its 11 years in business. In , the Supreme Court ruled that restrictions on when its leader can be removed were unconstitutional, but rejected a plea to strike down the agency as a whole. The most significant fear from progressive lawmakers and consumer groups is that the CFPB could see its resources chopped if left to the whims of Congress. Public Interest Research Group. The new court decision comes as the CFPB, under Biden-appointed director Rohit Chopra , has taken a more aggressive stance toward the financial industry than his Trump administration predecessors.
Chopra has also promised scrutiny over the way large technology companies are expanding into financial services. But the agency is also taking up initiatives with fintech industry support, including finally setting up open-banking rules to guide data-sharing between financial institutions and tech companies.
What the ruling means for the fintech industry remains to be seen. While regulators and companies can occasionally come into conflict, the agencies also serve an important role in providing rules of the road and certainty for business models. His decisions on major cryptocurrency cases have quoted "The Big Lebowski," "SNL," and "Dr.
The ways Zia Faruqui right has weighed on cases that have come before him can give lawyers clues as to what legal frameworks will pass muster. Veronica Irwin vronirwin is a San Francisco-based reporter at Protocol covering fintech. Previously she was at the San Francisco Examiner, covering tech from a hyper-local angle. Before that, her byline was featured in SF Weekly, The Nation, Techworker, Ms. Magazine and The Frisc. One hundred percent electronic. The author is Magistrate Judge Zia Faruqui.
His rulings have made smart references to "The Big Lebowski," "Dr. Strangelove," and "SNL" parodies of the McLaughlin Group. Rather, before taking the judge position Faruqui was one of a group of prosecutors in the U. There, Faruqui prosecuted cases that involved terrorism, child pornography, and weapons proliferation. But the ways Faruqui has weighed on cases that have come before him can give lawyers clues as to what legal frameworks will pass muster.
Crypto lawyers have drawn on his prior decisions in the context of the Tornado Cash sanctions, for example. Faruqui spoke with Protocol about the power of his position, and what people in crypto should understand about the law. There was another prosecutor, Christopher Brown — you know, the other Chris Brown — and he had taken an interest in this when we were both working on financial crime in the Washington, D.
Our U. attorney at the time, Jessie Liu, had this idea of using financial investigations in a way that was not limited to just white collar crime, or even narcotics cases, but also for cyber investigations, to national security investigations, and in civil cases. A lot of what we were investigating was related to following the money and so she wanted us to be this multidisciplinary unit. But I have to say, we started with the goal of wanting to make T-shirts, and we never did that while I was there.
Your decisions have also gotten a lot of attention. We're public servants! And in order for the public to have faith and trust us, they need to understand what it is that we're doing and what we're saying. Humor is one way, not using a lot of legalese is another way. But I think there are many judges who are trying to make the judiciary more accessible, and so people can see the work that we're doing and understand what we're doing and then make their own opinions about if it's right or wrong.
But at least, if it's understandable, then there's still some trust in the framework even if you don't agree with how our decisions are stated. We are ambassadors for the judiciary to the people in our courtroom — it's a very frightening proposition being in court if you've been federally charged, and people have perceptions of what they think can happen there in terms of fairness or unfairness.
But then it goes far beyond that. I do a lot of work with the Administrative Office of the Courts, our central body doing civic education and outreach to high schools, because I want college and high school students and law students to have an experience where they get a chance to talk to a judge.
So my goal is certainly not just getting to one segment of the population, but it's making decisions accessible to whoever's interested in reading them. What has it felt like for you switching from that prosecutor role to magistrate judge? Lawyers are trying to take different frameworks from one topic and apply them to another, and then convince you that that is or is not appropriate.
Being a judge is very different because you're evaluating what the parties present to you as the applicable legal frameworks, and deciding how new, groundbreaking technology fits into legal frameworks that were written 10 or 15 years ago.
But that's not really a place where judges get involved in saying how it ought to be regulated. There was, famously, a judge in Florida that said cryptocurrency was not money because you couldn't put it underneath your bed, and that's what money is: something that is tangible. So different people are going to have different decisions. And that's not just true for crypto, but also other areas of the law.
Your best-known crypto decisions strongly assert that crypto is traceable. One way people try to make it less traceable is with mixers, and Tornado Cash was sanctioned by OFAC not too long ago. Do you think the legal reasoning was sound enough for similar sanctions to be applied to other mixers, or decentralized exchanges?
I don't know. I think there's been some discussion that people may litigate some of these things, so I can't comment, because those frequently do come to our courthouse. And I think there are certainly people opining on that, yes and no. So much of what judges do is that we rely on the parties that are before us to tell us what's right and what's wrong. And then, you know, obviously, they'll have different views, and we make a decision based on what people say in front of us.
Are you aware that some legal analysis of the Tornado Cash sanctions references your recent decision in a cryptocurrency sanctions case?
That's what good lawyers will always do. Even legislators might look at that as they try to think about where the gaps are. As a prosecutor I had a case where we sued three Chinese banks to give us their bank records, and it had never been done before. Afterwards, Congress passed a new law, using the decisions from judges in this court and the D.
circuit court, the court above us. So I'm sure people look at prior decisions and try to apply them in the ways that they want to. Are there any misconceptions about how the law applies to crypto, or how your decisions should be interpreted, that you wish you could get across? One misconception is that the judges can't understand this technology — we can. People have these views in two extremes. The lawyer's fundamental job is to take super complex and technical things and boil them down to very easily digestible arguments for a judge, for a jury, or whoever it might be.
The financial technology transformation is driving competition, creating consumer choice, and shaping the future of finance. Hear from seven fintech leaders who are reshaping the future of finance, and join the inaugural Financial Technology Association Fintech Summit to learn more.
Financial technology is breaking down barriers to financial services and delivering value to consumers, small businesses, and the economy. Fintech puts American consumers at the center of their finances and helps them manage their money responsibly. From payment apps to budgeting and investing tools and alternative credit options, fintech makes it easier for consumers to pay for their purchases and build better financial habits.
Fintech also arms small businesses with the financial tools for success, including low-cost banking services, digital accounting services, and expanded access to capital. We advocate for modernized financial policies and regulations that allow fintech innovation to drive competition in the economy and expand consumer choice. Spots are still available for this hybrid event, and you can RSVP here to save your seat.
Join us as we discuss how to shape the future of finance. In its broadest sense, Open Banking has created a secure and connected ecosystem that has led to an explosion of new and innovative solutions that benefit the customer, rapidly revolutionizing not just the banking industry but the way all companies do business.
Target benefits are delivered through speed, transparency, and security, and their impact can be seen across a diverse range of use cases. Sharing financial data across providers can enable a customer individual or business to have real-time access to multiple bank accounts across multiple institutions all in one platform, saving time and helping consumers get a more accurate picture of their own finances before taking on debt, providing a more reliable indication than most lending guidelines currently do.
Companies can also create carefully refined marketing profiles and therefore, finely tune their services to the specific need. Open Banking platforms like Klarna Kosma also provide a unique opportunity for businesses to overlay additional tools that add real value for users and deepen their customer relationships. The increased transparency brought about by Open Banking brings a vast array of additional benefits, such as helping fraud detection companies better monitor customer accounts and identify problems much earlier.
The list of new value-add solutions continues to grow. The speed of business has never been faster than it is today. For small business owners, time is at a premium as they are wearing multiple hats every day.
Macroeconomic challenges like inflation and supply chain issues are making successful money and cash flow management even more challenging. This presents a tremendous opportunity that innovation in fintech can solve by speeding up money movement, increasing access to capital, and making it easier to manage business operations in a central place. Fintech offers innovative products and services where outdated practices and processes offer limited options.
For example, fintech is enabling increased access to capital for business owners from diverse and varying backgrounds by leveraging alternative data to evaluate creditworthiness and risk models.
Web20/10/ · That means the impact could spread far beyond the agency’s payday lending rule. "The holding will call into question many other regulations that protect consumers with respect to credit cards, bank accounts, mortgage loans, debt collection, credit reports, and identity theft," tweeted Chris Peterson, a former enforcement attorney at the CFPB who Web12/10/ · Microsoft pleaded for its deal on the day of the Phase 2 decision last month, but now the gloves are well and truly off. Microsoft describes the CMA’s concerns as “misplaced” and says that WebAbout Our Coalition. Prop 30 is supported by a coalition including CalFire Firefighters, the American Lung Association, environmental organizations, electrical workers and businesses that want to improve California’s air quality by fighting and preventing wildfires and reducing air pollution from vehicles Web19/10/ · Microsoft is quietly building an Xbox mobile platform and store. The $ billion Activision Blizzard acquisition is key to Microsoft’s mobile gaming plans Web19/03/ · Common options (such as -rand/-writerand, TLS version control, etc) were refactored and point to newly-enhanced descriptions in blogger.com Added style conformance for all options (with help from Richard Levitte), documented all reported missing options, added a CI build to check that all options are documented and that no Web26/10/ · Key findings include: Proposition 30 on reducing greenhouse gas emissions has lost ground in the past month, with support among likely voters now falling short of a majority. Democrats hold an overall edge across the state's competitive districts; the outcomes could determine which party controls the US House of Representatives. Four ... read more
Acknowledgments This survey was supported with funding from the Arjay and Frances F. Many application protocols require data to be sent from the client to the server first. November 15, EST. Added and enabled by default implicit rejection in RSA PKCS 1 v1. Support for loading root certificates from the Windows certificate store has been added. The default value is true. Billy Bob Brumley, Nicola Tuveri, Cesar Pereida García, Sohaib ul Hassan.For example, given "A then B", if A restarts due to failure, B will be stopped first, then A will be stopped, then A will be started, then B will be started. The first and second resource you specify can start in either order, but one must complete starting before the other can be started. It is not set by default. And that's not just true for crypto, but also other areas of the law. Run this procedure from sn sixty seconds binary options node of the cluster only.