GDCH — Cloud on your terms
!!!This blog is first in Series of blogs about Google Distributed Cloud portfolio .!!!
Imagine a situation where you are Developing an app with confidential, top-secret data or translating sensitive legal documents, public policy on the fly in multiple languages, all within the secure confines. Or maybe you’re pushing the boundaries of AI, real-time translation, and document digitization, needing bleeding-edge tech under lock and key or solutions for even the most sensitive and demanding workloads or harnessing the full potential of cutting-edge technology (GKE, managed database) without data exposure risks or run mission-critical apps where latency matter a lot in air-gapped environments with guaranteed security compliance.
Stop the struggle. Google Distributed Cloud Hosted (GDCH) is Solution for you
What is GDCH ?
It is an offering under Google Distributed Cloud which is designed to run sensitive workloads keeping digital sovereignty vision — Data sovereignty, Operational sovereignty, Software sovereignty in an air-gapped environment (No internet connectivity required )
Unique Features of GDCH:
- Fully Isolated
GDC Hosted is air-gapped and does not require connectivity to Google Cloud or the public internet to manage the infrastructure, services, APIs, or tooling, and is built to remain disconnected in perpetuity. GDC Hosted is designed to support strict requirements in alignment with NIST SP 800–53-FedRAMP high security controls. You can run any application that interacts with sensitive data under your lock and key.
It provides services like GKE which help you to run modernized applications in container environments which support single tenant and multi-tenant with enterprise level database storage services like AlloyDB, PostgreSQL, Oracle.
It offers Google Pre-built AI API (OCR, Speech to text, Translation ) for your developer and if you want to start from scratch building a model with zero trust then workbench is a service to start.
If you want to develop ,train and deploy AI models on sensitive data then Data Proc(Coming soon), Vertex Pipeline ,Prediction (coming soon) service support least privileges access to control to data and model code.
Flexible hardware options
It offers unmatched flexibility with hardware options to meet the needs of any organization, regardless of size. Whether you are a startup or an enterprise, you can choose the right hardware for your workload, whether it’s a few racks or hundreds. It’s like having a T-shirt that fits perfectly, no matter your size.
Baked in Security
It has baked-in security that’s second to none which covers operational, data sovereignty and a robust set of features that give you complete control over who has access to what, and where at hardware, software and network layer. OS and every single line of platform code follows stringent secure software supply chain principles, SLSA framework.
Hardware security: Hardware is purchased and assembled from hardware partners who are certified under a customer’s specific sovereignty requirements. This ensures that the hardware is secure and meets the customer’s needs.
Secure network boot: GDCH uses a secure network boot mechanism with a custom-packaged image of Linux that is FIPS 140–2 certified. This image is resistant to tampering and ensures that the system is booted securely.
Encryption at rest and transit: FIPS 140–2 level 3 hardware security modules (HSM) encryption support at rest and and all traffic in transit is encrypted by default using FIPS 140–2 certified encryption and industry standard protocols such as TLS 1.2+, HTTPS, or IPSec tunnels.
Secure Network
- Anti-virus and anti-malware protection: it provides anti-virus and anti-malware detection systems for the OS running on the bare metal nodes and a solution to scan the storage systems.
- Firewall and intrusion detection: All network traffic between the customer’s private network and GDCH systems passes through a hardware firewall and intrusion detection system (IDS/IPS). This provides a first line of defense against unauthorized access and malicious activity.
- SSH access: SSH access for administration is managed with a custom certificate authority (CA) in the root admin cluster. This ensures that only authorized users can access the system
Secure software development: Software for GDCH is developed in accordance with the best practices recommended by the Supply chain Levels for Software Artifacts (SLSA) supply chain security framework. This helps to ensure that the software is secure and free of vulnerabilities.
Secure Operations: It ensures the utmost security with its robust set of features, including least-privilege IAM access, a built-in observability platform, and secure upgrade and patch management.
High availability and data backup :All traffic into GDCH passes through a set of load balancers. This helps to ensure that traffic is distributed evenly and that no single point of failure can cause a disruption to service. Integrated backup solution for data recovery ability to control data resident either in local and remote data . Upgrades are performed non-disruptive in offline mode only after binary hash verification by the customer.
Industry use cases
Regulated Industry
It gives flexibility to support evolving regulatory needs. This gives customers like financial services, healthcare, and manufacturing the flexibility to support regional data residency, security, or isolation regulations by providing a consistent set of platform services in multiple venues and operational models.
- Perform highly sensitive economic analysis
- Documentation digitization and translation
- Identify money laundering and tax evasion using AI
- Local operation of medical equipment, and to enable the development and protection of sensitive clinical trial data
- Low latency to process data tied to industrial devices in their facility
Air-gapped workloads for federal/Public Sector and defense
- Document & speech processing
- AI in military operation to improve productivity of staff
- Detect cyber threats and fraud using AI
- Public safety and surveillance identification
Decision Tree
“I know what my compliance and regulatory requirements are, but I’m not sure which offering will best meet those needs. Do I have to use assured workload or sovereign control or an air-gap solution? I’m feeling like I’m drowning in information and I don’t know where to turn. Can someone please help me?” This is a common question we hear a lot from users.
Below decision tree will help you to narrow down the best Google Cloud offering as per your requirements.
Ready to start your GDCH journey or want to learn more?
Public Documentation : https://cloud.google.com/distributed-cloud-hosted?hl=en#section-1
Video: Next 23 : Mind the gap
Official Blogs:
!!!Next Blog in this series will be focus Google distributed cloud-Edge.
