Google Cloud Technology Nuggets — August 16–31, 2022 Edition

Welcome to the August 16–31, 2022 edition of Google Cloud Technology Nuggets.

Infrastructure

Apigee, Google Cloud’s API Management platform has introduced a “Pay-As-You-Go” pricing model in addition to the subscription and evaluation plans that are available. This pricing model applies to API gateway nodes, API Analytics and networking costs. Check out the blog post for more information.

Committed use discounts (“CUDs”) for SUSE Linux Enterprise Server (“SLES”) with 24/7 support are now available in General Availability. Keep in mind that SLES CUDs are region-specific. Check out the blog post for more details. Shown below is a table of approximate effective hourly price as of blog publish date, calculated using VMs running 730 hours per month,12 months per year.

Containers and Kubernetes

Google Kubernetes Engine (GKE) celebrates its 7th anniversary. The blog post provides 7 ways in which it helps customers do things ranging from: bolstering security in software supply chains as the graphic below indicates to accelerating productivity for developers, freedom from proprietary tools and more. Check out the post.

Looking to manage a fleet of GKE clusters across regions using ArgoCD. Check out this blog post that presents how you can do that across multiple scenarios. All the code for the demo used in the blog post is available on Github.

Storage and Data Analytics

Google Cloud Practitioners have had various storage classes in Google Cloud Storage to manage costs. Storage objects could be moved into various classes based on various lifecycle events like age of the object, version history, etc. You can now use conditions on the names of the objects, specifically prefix and suffix of the names. For e.g. you can group objects based on a prefix or even types of objects based on their suffix i.e. extension types (.mp4, .zip, etc). Check out the blog post for more details.

Dataflow Prime is the new next generation serverless, no-ops, autotuning platform for your data processing needs on Google Cloud. One of the breakthrough resource optimization technologies used in it, Vertical Autoscaling is interesting. It automatically scales worker memory in order to remove the need to do manual tuning of worker configuration and finds the right worker configuration for your job. Check out this blog post which provides the details on this technology.

Example-based Explanations, a new feature in Vertex AI has just been released in preview. It provides actionable explanations to mitigate data challenges such as mislabeled examples. This should definitely speed up the time it takes to debug the models and to address the issues in a timely fashion. Check out the blog post for more details.

Identity and Security

The largest Layer 7 DDoS reported to date was targeted towards one of Google Cloud’s customers. The attack peaked at 46 million requests per second. To state the blog “Cloud Armor Adaptive Protection was able to detect and analyze the traffic early in the attack lifecycle. Cloud Armor alerted the customer with a recommended protective rule which was then deployed before the attack ramped up to its full magnitude. Cloud Armor blocked the attack ensuring the customer’s service stayed online and continued serving their end-users.” Check out the details of how the attack was mitigated.

Security Command Center has added Virtual Machine Threat Detection (VMTD) service for all customers. A key advantage of VMTD is that it is deployed from the hypervisor, rather than inside the instance. This is an invisible-to-adversaries approach, which avoids additional compute overhead and all that customers need to do is select a checkbox. Check out the blog post for more details.

Google Cloud Certificate Manager, a service that allows users to acquire, manage, and deploy public Transport Layer Security (TLS) certificates at scale for use with your Google Cloud workloads . Check out the blog post for more details.

CISO Perspectives for August 2022 is out. In addition to the regular updates around security news, industry updates, compliance and control updates, this edition focuses on the Vulnerabilities Rewards i.e. Bug Bounty program.

One of the anti-patterns that has been noticed with the move to the cloud, has been the dependence that security leaders have on tools, processes and technologies that they have used to secure their on-premises resources and using the same for the cloud. The Cloud provides completely different threat vectors and it helps to relook at how you can use cloud native approaches to address security. To help you in this journey, the blog post looks at multiple areas that you should be covering when looking at securing your cloud resources ranging from Network Security, Endpoint Security, Shared Resource Model and more.

Developers and Practitioners

Organizations have adopted the cloud due to obvious benefits like cost, elasticity, security, reliability and more. For anyone who has been associated with this journey, it’s only got complex and with the number of services increasing manifold along with specific ways to optimize it, the task is challenging. But can the cloud provider help out by understanding the current state of the deployment and recommending optimized configurations/suggestions to upgrade/downgrade or tighten security settings, etc. Active Assist in one such technology from Google Cloud and is part of the Intelligent Cloud program, where it combines this data with machine learning techniques to provide recommendations to customers. The Recommenders as they are called are available in multiple areas like: VM Machine Type Recommenders, Idle VM Recommender, Cost Optimization Recommenders, IAM Settings Recommender and many more that will be rolling out in due course. Learn about Active Assist via this blog post today.

In our previous newsletter, we mentioned the first of the integrations of 3rd party applications into EventArc. One of them was Datadog, which is a popular monitoring tool for cloud applications. If you are using Datadog to monitor your Google Cloud resources, it would be interesting to connect an Alert that you have setup in Datadog for one of Google Cloud resources and make that trigger an Action (say invoke a Google Cloud Function or any other compute service) to execute some code. This blog post does exactly that and gives you a step by step process to configure Datadog to route alerts via an event to Eventarc, which can then be used to trigger a compute action in Google Cloud.

The series “Databases on Google Cloud” continues with Part-5 of the series being published. This part demonstrates how you can build a Java based Cloud Function that will connect to a Cloud SQL for SQL Server database using the Cloud SQL Connector for Java. More on the Cloud SQL Connector in the next section.

If you are a developer looking to connect to Cloud SQL using Python, it’s not been an easy task. This is now addressed via the Cloud SQL Python Connector, a Python package that makes allows you to connect securely to Cloud SQL both easy and secure for all three supported database engines (Postgres, MySQL, and SQL Server), from anywhere (local machine, Cloud Run, App Engine, Cloud Functions, etc.). The Connector library is available for Java and Go flavors too. Check out the post for more details.

Let’s learn about GCP

We are entering the latter part of the year 2022 and if you are still looking to get certified on Google Cloud but not sure about which certification you should opt for, help is on the way with this infographic that provides you an option depending on your current skills/interest areas.

Looking to refresh the various Networking concepts in Kubernetes? Check out this blog post for more details on IP Addressing, DNS, Load Balancers, Ingress, Service Routing and more within the context of Kubernetes.

Data Analytics is one of the most sought after fields by students. But where do you exactly start? What are the tools available within Google Cloud and how do you get a handle or a path towards building your Data Skills as a student. Check out this blog post that has it all laid out step by step.