PLATFORMS（平台）

Password security is still a hotly debated topic with the UK government advocating technical controls that let users remember simpler passwords and Edward Snowden’s password advice being described as only ‘borderline secure’. Passwords are generally one of the weakest links in the security chain, so we recommend employing two-factor authentication, which can significantly improve security. Time-based One-Time Password (TOTP) is the standard algorithm in this space, with straightforward server-side implementations and free smartphone authenticator apps from Google and Microsoft.、

英国政府提倡使用技术控制让用户记住简单的密码，爱德华•斯诺登的密码建议称作只达到了“及格线的安全”，密码的安全性仍然是一个激烈争论的话题。密码在安全链中是最薄弱的环节之一，所以我们建议采用可显著提高安全性的双因素认证。基于时间的一次性密码(TOTP)是这个领域的标准算法，服务器端的实现简单直接，在谷歌和微软的智能手机中也免费提供这样的认证应用。

Mesos is a platform that abstracts out underlying computing resources to make it easier to build massively scalable distributed systems. It can be used to provide a scheduling layer for Docker, or to act as an abstraction layer to things like AWS. Twitter has used it to great effect to help it scale its infrastructure. Tools built on top of Mesos are starting to appear, such as Chronos, which is a distributed, fault-tolerant cron replacement. Prominent success stories are appearing, such as Apple’s Siri rearchitecting to use Mesos.

Mesos平台通过抽象出底层的计算资源，使得建立大规模可扩展的分布式系统变得更加容易。它可以用来为Docker提供一个调度层、或者充当AWS之类云计算平台的一层抽象。Twitter已经用它来助力扩展其基础设施，取得了很好的效果。基于Mesos之上的工具也开始出现，例如Chronos，它是一种分布式的、能容错的cron的替代工具。显著的成功安全已经出现，Apple的Siri重新架构于Mesos之上。

AWS releases a huge number of new features on what seems like a monthly basis, so it can sometimes be hard for any new service offering to rise above the noise, but Lambda certainly manages to attract notice. Initially just supporting JavaScript, but now adding support for JVM-based applications (with more no doubt to follow), Lambda allows you to fire up very short-lived processes either in reaction to an event, or via a call from the related API Gateway. For stateless services, this means you don’t need to worry about running any long-lived machines, potentially reducing costs and improving security. Despite other forays into the PaaS space by AWS, Lambda looks the closest to getting this right.

AWS几乎在每个月都会发布大量的新特性，因此有时候，一项新的服务很难从这些特性里面脱颖而出。但是Lambda明显成功地吸引了大家的注意力。最开始它只支持JavaScript，但是现在已经加入了对JVM语言的相关支持(毫无疑问还会有更多支持)。Lambda让你可以快速创建短生命周期的进程，来响应一个事件或者从API网关进来的访问请求。对于无状态服务，这意味着你不需要长时间保持机器一直运行，因而可以减少开销并且增强安全性。在AWS进军PaaS领域的尝试中，Lambda可能是最正确的努力。

Fastly, one of a number of CDNs on the market, has a large and growing following on ThoughtWorks projects and is used by many web-scale household names, such as GitHub and Twitter. Its feature set, speed and price point combine to make it a very attractive option when you’re looking for an edge caching solution. We have also seen significant cost savings on projects that move to this platform from another CDN. If you are in the market for a CDN, you could do worse than investigate this one.

Fastly,作为CND市场中的一员，在ThoughtWorks的项目中的使用日益增加，同时也受到许多如GitHub和Twitter等家喻户晓的网站所亲睐。当你在寻找一个优越的缓存解决方案时，Fastly的功能，速度和价格都使它极具吸引力。我们也在从其他CDN解决方案向Fastly迁移的项目中看到了显著的成本节省。如果你正寻找CDN解决方案，不如仔细研究一个Fastly.

Predictive analytics are used in more and more products, often directly in end user-facing functionality. H2O is an interesting open source package (with a startup behind it) that makes predictive analytics accessible to development teams, offering straightforward use of a wide variety of analytics, great performance and easy integration on JVM-based platforms. At the same time it integrates with the data scientists’ favorite tools, R and Python, as well as Hadoop and Spark.

预测分析在越来越多的产品中被使用，而且通常出现在面向最终用户的功能上。H2O是一套非常有意思的开源工具包（其背后是一家创业公司），使预测分析可以为开发团队所用，他提供了简单和丰富的分析方式，具有极好的性能并且易于与JVM平台进行集成。同时它还集成了数据科学家最喜欢的工具，R、Python、Hadoop和Spark。

HTTP Strict Transport Security (HSTS) is a now widely supported policy that allows websites to protect themselves from downgrade attacks. A downgrade attack in the context of HTTPS is one that can cause users of your site to fall back to HTTP rather than HTTPS, allowing for further attacks such as man-in-the-middle attacks. By using the server header, you inform browsers that they should only use HTTPS to access your website, and should ignore downgrade attempts to contact the site via HTTP. Browser support is now widespread enough that this easy-to-implement feature should be considered for any site using HTTPS.

超文本传输协议严格传输安全策略（HSTS）是目前广泛被支持的策略，它能够使网站免于降级攻击。超文本传输安全协议中（HTTPS）降级攻击能够使网站的用户避开超文本传输安全协议（HTTPS）而使用超文本传输协议（HTTP）,从而使如中间人攻击等进一步的攻击成为可能。通过使用服务器头，你可以通知浏览器必须使用超文本传输安全协议（HTTPS）访问你的网站而且忽略通过超文本传输协议（HTTP）访问网站的降低攻击。浏览器对此策略的支持非常广泛，任何使用超文本传输安全协议的网站都应该考虑实行这个容易实现的功能。

The Elastic Container Service (ECS) is AWS’ entry into the multihost Docker space. Although there is a lot of competition in this area, there aren’t many off-premises managed solutions out there yet. Although ECS seems like a good first step, we are worried that it is overly complicated at the moment and lacks a good abstraction layer. If you want to run Docker on AWS, though, this tool should certainly be high on your list. Just don’t expect it to be easy to get started with.

弹性容器服务（ECS）是AWS进军多主机Docker容器市场的切入点。虽然在这个领域内存在诸多竞争，但目前为止还未出现太多像ECS这样基于云的解决方案。ECS看上去是个不错的开端，但我们担心它目前过于复杂，并且缺乏一个良好的抽象层。不过，如果你想在AWS上运行Docker，该工具毋容置疑是你应当首先考虑的。只是不要期望它很容易上手。

Ceph is a storage platform that can be used as object storage, as block storage, and as a file system, typically running on a cluster of commodity servers. With its first major release having been in July 2012, Ceph is certainly not a new product. We do want to highlight it on this Technology Radar as an important building block for private clouds. It is particularly attractive because its RADOS Gateway component can expose the object store through a RESTful interface that is compatible with Amazon S3 and the OpenStack Swift APIs.

Ceph是一款可以运行在普通服务器集群上的用作对象存储，块存储和文件系统的存储平台。我们想在技术雷达中强调其为私有云的重要构件的作用。另外，Ceph还提供了一个非常用吸引力的组件RADOS Gateway, 将对象存储中的数据通过与Amazon S3和OpenStack Swift APIs相兼容的RESTful接口的方式暴露出去。

Kubernetes is Google’s answer to the problem of deploying containers into a cluster of machines, which is becoming an increasingly common scenario. It is not the solution used by Google internally, but an opensource project that originated at Google and has seen a fair share of external contributions. Docker and Rocket are supported as container formats and services offered include health management, replication, and discovery. A similar solution in this space is Rancher, an open-source solution that also allows deployment of containers into a cluster of machines. It provides services such lifecycle management, monitoring, health checks, and discovery. Also included is a completely containerized operating system based on Docker. The broad focus on containerization and very small footprint are key advantages for Rancher.

如今容器在分布式集群环境下容器部署的需求场景正变得越来越多，Kubernetes正是Google为解决这类容器部署问题而推出的容器集群管理框架。实际上Kubernetes并不是一个被Google在内部使用的解决方案，而是一个由Google发起并与外部贡献者一起维护的开源项目。Kubernetes支持Docker和Rocket作为容器格式，还提供了包括健康管理、容器复制，和服务发现等在内的服务。Rancher是另一个类似的开源解决方案，也提供了容器集群的部署功能。Rancher还提供了容器的生命周期管理、监控、健康度检查和服务发现等功能，并且还包含了一个基于Docker的完整的容器化的操作系统。Rancher的优势在于其对容器化的各个方面的关注并且更加轻量级。

Mesosphere DCOS is a platform built on top of Mesos. It provides an abstraction over underling machines, giving you a pool of storage and compute that allows services built for DCOS to operate at massive scale (Support is already there for Hadoop, Spark and Cassandra, among others). This is probably overkill for more modest workloads at the moment (where plain old Mesos could still be a good fit), but it will be interesting to see if Mesosphere starts trying to position DCOS as a general-purpose system.

Mesosphere DCOS（数据中心操作系统）是建立在Mesos内核之上的统一资源调度平台。它在虚拟机集群的基础上提供了存储和计算资源池的抽象，以便能够在数据中心上运行极大规模的服务集群（已支持包括Hadoop、Spark和Cassandra在内的许多框架）。目前看来，这个平台对于那些负载不高的任务来说有些大材小用（这些场景下原始的Mesos也许更加合适），然而依然值得观察Mesosphere是否会在将来使得DCOS（数据中心操作系统）发展成为一个通用功能的系统。

In contrast to modern cloud and container solutions based on Linux, even Windows Server Core is large and unwieldy. Microsoft is reacting and has provided the first previews of Nano Server, a further-strippeddown version of Windows Server that drops the GUI stack, 32-bit Win32 support, local logins and remote desktop support, resulting in an on-disk size of about 400MB. The early previews are difficult to work with, and the final solution will be restricted to using the CoreCLR, but for companies that are interested in running .NET-based solutions, Nano Server is definitely worth a look at this stage.

与现代的基于Linux的云和容器解决方案相比，即使是Windows Server Core也显得大而笨重。微软刚推出了第一版预览版的Nano Server作为对策。Nano Server是一款只有400MB大小，移除了图形用户界面，32位支持，本地登录及远程桌面的裁剪版Windows Server。虽然早期预览版很难使用，而最终版也将被限制只使用CoreCLR,但对有兴趣运行.Net应用的公司来说，现阶段的Nano Server极值得考虑。

Presto is an open source distributed SQL query engine designed and optimized for running interactive analytics workloads. Presto’s massively parallel processing architecture - combined with advanced code-generation techniques and in-memory processing pipelines - makes it highly scalable. It supports a large subset of ANSI SQL including complex queries, joins, aggregations and window functions. Presto comes with support for a wide range of data sources including Hive, Cassandra, MySQL and PostgreSQL, thereby unifying the interactive analytics interface across data stores of an organization. Applications can connect to Presto using its JDBC interface.

Prestro是一个开源的分布式SQL查询引擎，这个工具是为了运行交互式分析负载进行设计和优化的。Presto的大规模并行运算架构，结合了先进的代码生成技术和基于内存的数据处理流水线，使其具备极高的可扩展性。它支持ANSI SQL的一个大子集，包括复杂查询，联结、聚合以及窗口函数。同时Presto支持包括Hive, Cassandra, MySQL和PostgreSQL在内的各种数据源，从而可以针对一个组织内各种数据存储提供统一的交互式分析接口。应用程序可以使用JDBC接口来连接Presto.