Google Cloud Next ‘18: From Kubernetes On-Prem to Browser Management in the Cloud
Google has solidified their position as one of the primary leaders in the space, and spending a week at Google Cloud Next ‘18 only confirmed this for me. Google has created what I think of as “Cloud 2.0”, they have everything already offered by the other big players, like AWS and Azure, but they’ve made it better. It’s more intuitive and more useful. If you want to monitor, they’ll do real-time monitoring for you. If you want security, they’ll encrypt everything from in transit to data at rest, the whole nine yards.
While there were more than 100 different product and solution launches, customer stories and announcements from Next ‘18, here are seven things that really stood out for me.
In the coming months, Google will offer pricing updates aimed at reducing monthly spend on Compute Engine machines. This is a new way of calculating sustained use discounts on Compute machines, aggregating all vCPUs and memory resources to maximize savings. This is a nice addition to the way Google bills VMs and will make Google more competitive in Compute pricing than AWS. You’ll pay for sustained use across ALL of your instances (both custom and pre-defined). Previously, you received sustained use discounts based on machine type.
When buying servers in the cloud, typically you buy a 2 CPU machine with 4GB of RAM and a 4 CPU machine has 8GB of RAM. But Google now allows you to customize that. They don't want you to pay for a resource you don't use, if you don't need 8 cores, they'd rather you only pay for 2 and then select how much memory you want. Rather than charging you based on what you’re running, Google will charge you one rate and give you a discount the longer you run it.
Think managed container services for clusters that can live anywhere. GKE On-Prem with multi-cluster management is Google’s version of Kubernetes that includes multi-cluster management and can be deployed on-premise or in other clouds, enabling true hybrid computing.
This is by far, one of the coolest things I saw at Next ‘18. Google understands that it’s difficult to move workloads to the cloud for various reasons. You can create a Kubernetes Cluster in your own data center that is registered with your GCP account, then manage your cluster from within GCP. This allows customers to slowly move applications to their local Kubernetes cluster and then ultimately to the cloud when they’re ready.
This is kind of a big deal. Google is saying everyone wants to move to the cloud and that’s great, but we also see a need that you may want to do things in your own data center. They’re essentially offering hardware that will enable you to create a hybrid cloud approach.
Security. Security. Security.
The word security was never less than 10 sentences away from any sentence spoken at Google Cloud Next ‘18. Security is baked into everything Google does, plus they’re doing extra things that Amazon doesn’t even do. For example, they know that people aren’t going to encrypt their disks, so they don’t even offer it as an option, they just automatically do it.
Google also released a trio of announcements aimed at securing Chrome and the Google Play Store. These enhancements focus on allowing admins to control and manage settings for Chrome and Google Play from within the Google Admin panel and set rules in Chrome Browser to prevent corporate password use on sites outside of the company’s control. Google really made a concerted effort to demystify cloud security. It’s not an all-or-nothing approach, you can decide which services you want to deploy in the cloud and which services you want to keep on-premise.
In Azure and AWS, some of the security features run on top, allowing you to access them if you have an account with a certain permission level. With Google, you can have a Service Account that belongs to a machine and when the machine does things, it can inherit permissions within GCP, where it can create virtual machines or it can turn other services on and off. You imbue the machine with the privilege, not store the privileges on the machine. A service account can have zero or more pairs of service account keys, which are used to authenticate to Google. This allows the machine to do things automatically without users having to intervene and without you having to store your secrets on that machine.
Imagine having a house that has keys to all the doors in the house. It can open and close those doors when it wants to and it will open the doors for you whenever you ask. But you don't have your own key, so if someone picks your pocket, they can't break into your house because your house has its own keys and only it can open its own doors. That’s the level of security Google offers.
From a single view, admins can manage Chrome Browsers running on Windows, Mac, Chrome OS and Linux. This enables IT with the ability to set and apply policies from the cloud, while providing increased visibility into their Chrome Browser deployments. IT teams will also be able to assign different admins to manage the browser—even if they aren’t well-versed in Active Directory, giving IT a lot more flexibility.
Admins can set rules in Chrome to prevent the company’s password from being used on sites outside of corporate control. This reduces an organization’s risk of data loss due to third-party exploits enabled by stolen account credentials. This feature will be available to enterprises in September 2018.
As an administrator, you can decide which Android apps users can install on their managed Chrome devices, or simply force-install. Admins can curate applications by user groups as well as customize a number of policies and functions such as blacklisting apps and remote uninstall.
Google presented a very cool idea for companies that have employees that work offsite. Instead of issuing each employee their own laptop, you’ll have a rack of Chromebooks employees can grab on their way out. They then sign in to that laptop at home and all of their information, stored in the cloud will be available for them to get right to work, seamlessly syncing back to the computer at their desk.
On behalf of the UpCurve Cloud DevOps team, I had an amazing time at Google Cloud Next ‘18. We’re looking forward to learning more about each of the latest features from Google and implementing them for our customers aiming to simplify their workflow with G Suite by Google Cloud and Google Cloud Platform (GCP).
Google Cloud Platform is a cloud computing services suite that runs on the same infrastructure that Google uses internally for its end-user products, such as Google Search or Youtube.