Google Cloud Technology Nuggets — October 16–31, 2022 Edition

Welcome to the October 16–31, 2022 edition of Google Cloud Technology Nuggets.

Google Cloud Next ’22 Catalog

This edition is heavy with Cloud NEXT ’22, the flagship event of the year. All the sessions including keynotes are available on-demand and can be accessed from the main NEXT website.

Google Cloud Medium publication

Google Cloud Medium is a community-driven publication, where both Googlers and non-Googlers contribute articles across various areas of Google Cloud. We just completed 400+ articles for the year and if you haven’t checked out the medium site, do so now. If you’d like to share your knowledge on the publication, ping @alexismp or @iRomin on Twitter!

Infrastructure

Google Cloud has been named a leader for Cloud Infrastructure and Platform services in Gartner’s report. This is a good testament for the multiple innovations that have been pushed across the year in its Infrastructure offerings. Check out the blog post, where you can download the complimentary report and get a summary of various announcements across the year in this space.

A new Google Cloud Region in Israel is now open. There are now a total of 35 regions in the world, where Google Cloud is available. Check out the infrastructure page for information on regions, zones and more.

Spot VMs, formerly known as Preemptible VMs, are ideal for fault-tolerant workloads and provide a steep discount in pricing. Often, it comes down to not just the pricing but also the scenarios and best practices around Spot VMs. Check out this detailed blog post that touches upon the use cases, a guide on how to create Spot VMs and Best Practices.

Migrating to Google Cloud brings about key benefits to an organization. There are tools, guides, processes and more to help organizations assess, plan and do the migration. Often these tools are available separately and it’s left to the team to put all these resources and manage the migration in one place. At Google Cloud Next ’22, this has been addressed via the Cloud Migration Center, first-party service that is available in the Google Cloud console. Migration Center is designed to streamline your cloud journey with intelligent, data-driven insights and actionable recommendations. The service is currently available in Preview. Check out the blog post for details.

Application Modernization

Google Cloud’s Blockchain Node Engine is now available in Private Preview. It is a fully managed node-hosting service powered by Google Cloud’s compute and network infrastructure. If you require dedicated nodes, you can use this to relay transactions, deploy smart contracts and read/write blockchain data. Ethereum is the first blockchain supported by the service. For more information, check out the blog post.

Networking

Business Continuity is a key requirement for enterprise organizations and it is important that applications are architected with that in mind. The architecture depends to a large extent on the underlying services that are made available by the platform. Cloud DNS routing policies can play a key role in highly available global applications. While this suffices, in the case of a failure, it requires manual intervention to update the ge-location policy configuration, as demonstrated by this blog post. In an extension of the previous blog post, a feature, where you can use the Cloud DNS health check for Internal Load Balancers to automatically failover to healthy instances is discussed. Check out the blog post for more details.

Storage, Databases and Data Analytics

There are several posts highlighting some key features around BigQuery usage:

• Looking for Backup and Disaster Recovery strategies around BigQuery, check out this blog post.
• Think BigQuery is a SQL-only interface ? This is no longer true with a series of announcements around support for different programming models/extensions announced at Cloud Next ’22. These features include Preview support for Stored Procedures for Apache Spark, integration of serverless notebook service, Colab into the BigQuery console and support for Remote Functions , where you can augment BigQuery’s SQL Library with functionality deployed in Cloud Functions or Cloud Run.

• Search Indexes and Search Functions in BigQuery are now GA. This functionality allows for efficient searching across structured and unstructured data in BigQuery. In an interesting and detailed blog post, the authors take you through performance tests that were performed on a large dataset to extract specific information. Using Search indexes and functions, the queries are faster and more efficient in BigQuery slot usage too. Several examples are discussed and especially one that is highlighted as “finding a needle in a haystack”. Check out the blog post for more details.
• Looking to build out a Data Mesh on Google Cloud, check out this blog post that has the details, including a whitepaper, an architecture and more.

Active Assist is increasingly finding its way not just across products but increasing the number of recommendations within a particular product too. Cloud SQL has seen the addition to additional Active Assist recommendations, based on suggestions received from customers. These Proactive Wellness Recommendations for Cloud SQL are categories in 4 areas as given below. Check out the blog post for more details.

For a round up of all news and announcements on Data Analytics at Google Cloud Next ’22, check out this post.

Identity and Security

An interesting feature, called Sensitive Actions, is now available in Preview, to identify risky behaviors that could put your customers at risk. For e.g. what if someone provisions too many instances, changes an organization policy, adds a sensitive role, adds a SSH Key, etc. These are actions that could be a precursor to someone planning out damage to your environment. The Sensitive Actions feature is meant to capture exactly that. Some of the sample actions that can be flagged off are given below.

These actions will then surface in Security Command Center (SCC) Premium and also in Cloud Logging, which can then be monitored to raise Alerts. Check out the blog post for more details.

A move to Kubernetes is now considered to be an essential path to application modernization and GKE presents a great way for you to run these workloads on Google Cloud. This move also potentially opens up your workloads to new security threats in ways that you would not have planned for. While the underlying Infrastructure security presents one way to strengthen your security posture, often your workloads could still be at risk due to CVEs, misconfigurations, overly permissive policies and more. Keeping that in mind and going with the theme of invisible security, the GKE Team has introduced the GKE Security posture management dashboard, available in preview.

The GKE Team with its years of experience, provides guidance to not just improve but also insights into vulnerabilities and workload configuration checks, and offers integrated event logging so you can subscribe to alerts and stream insight data elsewhere. Check out the blog post for details.

Assured Workloads is a Google Cloud service that helps customers create and manage controlled environments with specific requirements of enforcing data residency, security controls and more. Assured Workloads is becoming available across additional regions and is now available in Canada and available as a preview in Australia. Assured Workloads Monitoring has been announced too.

To learn more about Assured Workloads, check out this session from Cloud Next ‘22.

Machine Learning

Applying ML to any document-based workflow has been made easier with the release of Document AI Workbench. This service available in the console, focuses on speed and reduces the time to ingest data to train your models and extract relevant fields from the document for business processes. Check out the details and how customers are putting it to use.

While the above tackles extracting meaning from your documents, a similar service has been released to tackle Vision applications. At Google Cloud Next ’22, Vertex AI Vision, a fully managed end-to-end application development environment was announced, that lets enterprises easily build, deploy, and manage computer vision applications.

As the blog post states “Its a one-stop application that provides an integrated environment that includes all the tools needed to develop computer vision applications; developers can easily ingest live video streams (all they need is the IP address), add pre-trained models for common tasks such as “Occupancy Analytics,” “PPE Detection,” “Visual Inspection,” add custom models from Vertex AI for specialized tasks, and define a target location for output/ analytics.”

BigQuery ML has seen a lot of traction too in recent times. First up, is a blog post that demonstrates how you can simplify your ML workflows using BigQuery ML and Vertex AI.

Next up, is an interesting preview feature called Object Tables. It is a new table type in BigQuery that allows you to provide metadata for objects stored in Google Cloud Storage. This allows BigQuery to be used for unstructured data (videos, images, audio, etc) analysis and thereby in a single management interface.

Check out the blog post for more details.

SRE and DevOps

In recent times, there has been a significant increase in the number of discussions around cloud costing. One of the factors that could be leading to high cloud costs is turning on the Observability logs for all the services. Specifically, when it comes to Google Cloud, the service that we are referring to here is Cloud Logging. It is essential that you understand what Cloud Logging is about, what you are being billed for and how you can manage the costs, while ingesting logs that matter to you. This blog post goes into great detail to help you understand the different components of Cloud Logging, what you are being charged for and multiple pricing scenarios with best practices to help you manage costs. For teams managing and running Google Cloud environments, this is an essential read.

Developers and Practitioners

Firestore has seen some significant announcements in the recent weeks. This includes the following:

• The limit of 10,000 write operations per second per database has been lifted. The new model allows for the system to scale up automatically as your write traffic increases. This will be fully backwards compatible and will require no changes to existing applications. Check out a deep dive into the system architecture that allows for this.

• Preview launch of count(), that allows you to easily and cost-efficiently perform a count() directly in Firestore. It’s available via server, client SDKs, Google Cloud and Firebase console. Check out the blog post for details.

• No need to self-manage data that you no longer need in Firestore (Both for Native and Datastore mode). Firestore now supports TTL (Time To Live) feature on data.

Binary Authorization and Artifact Registry are key building blocks that help organizations in building containerized software that is secure. Two popular runtime environments for deploying containers in Google Cloud are GKE and Cloud Run. While deploying to these environments, you would like to make use of both Binary Auth and Artifact Registry and yet be flexible in terms of different policies that you might want to apply at Organization or individual projects, depending on the environment. This blog post demonstrates how easy it is to enforce Binary Authorization with Cloud Run.

Looking for an overview of the tools/services that Google Cloud has to build, deploy and monitor, and engage the users? Check out this blog post that introduces you to services that help you in each of these phases. This is key for startups, who are looking to reduce the time to deliver functionality.

Skaffold, the command-line tool that helps developers optimize their inner development loop while developing container based applications, has seen a V2 release. This release features (From the blog post):

• Support for Cloud Run as a deployment environment.
• Support for building from and deploying to both ARM and x86 architectures.
• Enhanced support for CI/CD and GitOps workflows, with the introduction of the `skaffold render` phase, `verify` phase, and kpt integration.
• Existing Skaffold configurations are fully compatible with Skaffold V2, and upgrading from V1 is as easy as running `skaffold fix`.

Learn about Google Cloud

In this edition, learn about Peering, which is the physical fiber interconnection between networks such as Google and your Internet Service Provider (ISP), or between Google and cloud customers.

New Google Cloud Certification Benefits and Looker BI Hackathon

Those achieving Google Cloud Certifications for the first time and for those recertifying, there are a list of digital benefits that are being made available. This includes a Google Meet background, an email signature and a Social media banner to showcase your certification status. Check out the blog post for more details.

Are you a Looker and Looker Studio developer? If yes, there is an interesting 2-day virtual Google Cloud BI Hackathon, that is scheduled for December 6th. Check out the blog post for more details and links to register.

Stay in Touch

Have questions, comments, or other feedback on this newsletter? Please send Feedback.

Looking to keep a tab on new Google Cloud product announcements? We have a handy page that you should bookmark → What’s new with Google Cloud.