Google Cloud Platform
Last month today: August on GCP
In August, we followed up Next ‘18 with some deeper dives on new features and enhancements across Google Cloud Platform (GCP). Here are some of the most-read blog posts this month.
We announced the general availability of Cloud Functions this month. With Cloud Functions, you can develop event-driven cloud apps quickly and flexibly without having to worry about the underlying infrastructure. Since beta release we’ve made it more reliable and high-performing, and you can now write Cloud Functions with both Node 8 and Python 3.7. It also works well with other GCP services like Stackdriver to let you instrument and run your serverless apps in production, and Firebase to fine-tune application behavior.
We announced an upgrade to App Engine: Introducing App Engine Second Generation runtimes and Python 3.7. The Second Generation runtimes enable you to easily run apps using the latest versions of popular languages, frameworks and libraries, without any of the previous App Engine restrictions. It’s now easier to write microservices and portable apps to get the benefits of App Engine. Python 3.7 and PHP 7.2 are two recently announced Second Generation runtimes, along with Node.js 8, all of which use gVisor container sandbox runtime technology to eliminate previous restrictions. These runtimes are idiomatic, open-source and can run any framework, library or binary to help you deploy apps faster with better performance.
The Introducing headless Chrome support in Cloud Functions and App Engine post was a popular one, describing the development possibilities that now let you run headless Chrome for App Engine (recently unlocked with the release of the new Node.js runtime) without setup or configuration. You can now write Cloud Functions that use headless Chrome and get those useful web browser features—like taking screenshots, generating PDFs, doing performance and UI testing and more—in a serverless way. The Puppeteer Node.js library is a convenient module that can control headless Chrome. Check out the post to see how to use Puppeteer to create a service to take screenshots of web pages.
Advancing security in the cloud
Securing cloud infrastructure is a constant mission, and this month we brought some new security capabilities to market.
For those of you tasked with keeping your most sensitive workloads safe, Introducing Cloud HSM beta for hardware crypto key security was a useful post. This is our new managed cloud-hosted hardware security module (HSM) service, which lets you host encryption keys and perform cryptographic operations in a FIPS 140-2 Level 3 certified hardware boundary. With this managed service, you get the benefits of using HSM without the administrative overhead of tasks like cluster management, scaling, and patching. Cloud HSM is also fully integrated with Cloud Key Management Service (KMS) so that you can protect your data in services such as BigQuery, Google Compute Engine, Google Cloud Storage and DataProc with a hardware-protected key.
Also announced in August was a new container security feature: Binary Authorization, which helps ensure only trusted workloads are deployed to Kubernetes Engine. This supplements identity-based deployment control with content-addressable signatures to bring more security and scalability to microservices-based environments. It’s especially useful for enterprises with automated build and release infrastructure, where deployments may happen hundreds of times a day across dozens of teams. Integrated into the Kubernetes Engine deployment API, Binary Authorization provides a policy enforcement chokepoint to ensure only signed and authorized images are deployed in your environment.
Getting schooled on cloud
Along with announcements and upgrades, the following tutorials were popular last month. They both shed light on a few areas you’ll want to know more about as you’re building out an enterprise-ready cloud infrastructure.
This post brings to life the capabilities of Velostrata, a cloud migration technology: Performing VM mass migrations to Google Cloud with Velostrata. If you’re migrating a large number of virtualized workloads to the cloud, this is where Velostrata comes in (and it’s included when you’re moving those VMs to GCP). We’ve already seen users migrate hundreds of VMs in just a few weeks. Velostrata’s secret sauce is that it decouples compute from storage and adapts workloads on the fly, so the migration happens more quickly and with fewer operational difficulties than traditional methods like deep copy mirroring. Velotrata’s agentless technology bootstraps VMs in the cloud, then streams disk blocks in real time.
For a look into cloud network engineering, this post—Repairing network hardware at scale with SRE principles—provides an excellent set of tips for using automation to prevent common hardware problems. It’s especially useful as global networks become more complex and involve lots of different providers and hardware with its own consoles and components, leading to many places where hardware can fail. Avoiding manual tasks (known as toil in DevOps-speak) is essential, and our site reliability engineering (SRE) principles can help guide you to automate more network hardware tickets for better resolutions.