Infrastructure Modernization

New in Google Cloud VMware Engine: Single nodes, certifications and more

#gcp

We’ve made several updates to Google Cloud VMware Engine in the past few months — today’s post provides a recap of our latest milestones. 

Google Cloud VMware Engine delivers an enterprise-grade VMware stack running natively in Google Cloud. This fully managed cloud service is one of the fastest paths to the cloud for VMware workloads without making changes to existing applications or operating models across a variety of use-cases. These include rapid data center exit, application lift and shift, disaster recovery, virtual desktop infrastructure, or modernization at your own pace. 

The service helps our customers save money and time while accelerating their digital transformation journey. In fact, in a study conducted by VMware’s Cloud Economics team, Google Cloud VMware Engine delivers an average of 45% lower TCO compared to on-premises.Further, LIQ, a CRM software company was able to achieve 60% total infrastructure cost reduction compared with two years ago, and a 92% savings rate for storing historical data.

In June of 2021 we announced Autoscale, Mumbai expansion and more. 

Key updates this time around include:

  • Single node private cloud: a time-bound, 60-day, single node non-production environment for VMware Engine that allows you to do proofs-of-concept.

  • New private clouds will now deploy on vSphere version 7.0 Update 2 and NSX-T version 3.1.2.

  • Preview of NetApp Cloud Volumes Service enabling independent scaling of datastore storage from compute without adding additional hosts

  • Service availability in Toronto and expansion into a second zone in Frankfurt and Sydney

  • Compliance certifications updates: achievement of ISO 27001/27017/27018, SOC 2 Type 2, SOC 3 and PCI-DSS compliance certifications

  • We are also working on the ability to purchase Prepay options via the Google Cloud Console for 1 year and 3 year commitment terms

Let us look into each of these updates in more depth.

Single node private cloud: We understand that your Cloud Transformation decisions do not happen overnight. Often you want to understand the values and benefits of your option by using products through trials and technical validations. To support such scenarios, you can now get started with your Google Cloud VMware Engine experience with a 60-day time-bound single node private cloud. Designed for non-production usage such as pilots and proof-of-concept evaluations, this configuration allows you to understand the capabilities of this service. It has a 60-day time span - this means that after 60 days, the single node private cloud is automatically deleted along with the workloads and data in it. At any point during these 60 days, you can expand to a production 3 node private cloud with a single click. 

Note: A private cloud must contain at least 3 nodes to be eligible for coverage based on the SLA.

Upgrades to the core VMware stack: All new VMware Engine private clouds now deploy with VMware vSphere version 7.0 Update 2 and NSX-T version 3.1.2. For existing customers, Google Cloud VMware Engine automatically handles the upgrades of the VMware stack from version 7.0 Update 1 to 7.0 Update 2 and the NSX-T stack from version 3.0 to 3.1.2 with customers receiving proactive notifications and having the ability to select their upgrade window. Read more in our November 2021 service announcement.

  • ESXi: Enhanced administrative capabilities, reduced compute and I/O latency, and jitter for latency sensitive workloads, and more

  • vCenter: Scaled VMware vSphere vMotion operations, security fixes and more. 

  • NSX-T: New events and alarms, support for parallel cluster upgrade, migration from NVDS to VDS and more

Preview of NetApp Cloud Volumes Service as datastores: This capability will enable you to independently scale your datastore storage without adding additional hosts, thereby saving costs. In October 2021, NetApp announced the integration of NetApp Cloud Volumes Service (CVS) as datastores for Google Cloud VMware Engine. It will enable you to migrate your vSphere workloads that require large amounts of vmdk storage to the cloud and address the needs of storage-bound workloads and use-cases such as DR. This complements the ability for you to use NetApp CVS as external storage that is mounted from within the guest OS of your Google Cloud VMware Engine VMs. 

Google Cloud VMware Engine is now available in the Toronto region. This brings the availability of the service to 13 regions globally, enabling our multi-national and regional customers to leverage a VMware-compatible infrastructure-as-a-service platform on Google Cloud.

Expansion into a second zone in Frankfurt and Sydney: While we provide 4-9’s of SLA in a single zone in each one of the 13 regions that the service is available in, there are customers who want even more availability. We are happy to announce that Google Cloud VMware Engine is now available in second zones in Frankfurt and Sydney. In addition, we are working on making Google Cloud VMware Engine available in additional zones.

Compliance certifications updates:

We enable customers to meet their security and compliance needs for their VMware workloads - with a single operator model. Google manages the Google Cloud VMware Engine infrastructure and the administrative tasks that go with managing the systems, platforms, and VMware stack that supports it. These components run on Google Cloud, which leverages the same secure-by-design infrastructure, built-in protection, and global network that Google uses to protect your information, identities, applications, and devices. 

One of the areas that we have been working on is adding more compliance certifications to Google Cloud VMware Engine. As you may remember, Google Cloud VMware Engine is covered under the Google Cloud Business Associate Agreement (BAA). Let us take a look at new certifications we have achieved in the last few months. The below certifications are available for Google Cloud VMware Engine running in Ashburn, Los Angeles, Frankfurt, London, Tokyo, Sydney, Netherlands, Singapore,  São Paulo, Montreal, Council Bluffs, Mumbai. The supported locations are listed in the corresponding audit reports. Your Google contact should be able to provide you with those reports.

ISO Compliance: As of November 4 2021, Google Cloud VMware Engine is certified as ISO/IEC 27001/27017/27018 compliant. The International Organization for Standardization (ISO) is an independent, non-governmental international organization with an international membership of 163 national standards bodies. The ISO/IEC 27000 family of standards enable organizations to keep their information assets more secure.

SOC 2 Type 2 and SOC 3 Compliance: Google Cloud VMware Engine has received the SOC 2 Type 2 as well as the SOC 3 report based on third-party audit. 

  • The SOC 2 is a report based on the Auditing Standards Board of the American Institute of Certified Public Accountants' (AICPA) existing Trust Services Criteria (TSC). The purpose of this report is to evaluate an organization’s information systems relevant to security, availability, processing integrity, confidentiality, and privacy. 

  • Like SOC 2, the SOC 3 report has been developed based on the Auditing Standards Board of the American Institute of Certified Public Accountants’ (AICPA) Trust Service Criteria (TSC). The SOC 3 is a public report of internal controls over security, availability, processing integrity, and confidentiality.

  •  Please contact your Google account team if you would like a copy of the report.

PCI DSS Compliance:  Google Cloud VMware Engine has been reviewed by an independent Qualified Security Assessor and determined to be PCI DSS 3.2.1 compliant. This means that the service provides an infrastructure upon which customers may build their own services or applications which store, process, or transmit cardholder data. It is important to note that customers are still responsible for ensuring that their applications are PCI DSS compliant. PCI DSS is a set of network security and business best practices guidelines adopted by the PCI Security Standards Council to establish a “minimum security standard” to protect customers’ payment card information. Google Cloud undergoes at least an annual third-party audit to certify individual products against the PCI DSS.

Please contact your Google account team if you would like a copy of the reports.

Prepay via Google Cloud Console: As you are aware, you have monthly as well as prepay options for 1 year and 3 year commitment contracts for purchasing Google Cloud VMware Engine. Monthly payment options are executable via the Google Cloud console, but prepay options require offline order processing. Prepay options are attractive due to the high discount levels they create (up to 50% discounts are possible). We are working on enabling prepay purchasing option directly via your Google Cloud console. If you are interested in this capability, please contact your Google Sales representative.

This brings us to the end of our updates this time around. For the latest updates to the service, please bookmark our release notes.


The authors would like to thank Krishna Chengavalli and Manish Lohani for their contributions to this article.

1. https://blogs.vmware.com/cloud/2021/07/28/google-cloud-vmware-engine-saves-over-45-on-tco-in-first-study/