Using Recommenders to keep your cloud running optimally
Product Manager, Google Cloud
Senior Product Marketing Manager, Cloud Migration
As a cloud project owner, you want your environment to run smoothly and efficiently. At Google Cloud, one of the ways we help you do that is through a family of tools we call Recommenders, which leverage analytics and machine learning to automatically detect issues and present you with optimizations that you can act on.
With Recommenders, our goal is to suggest quick, easy ways to optimize your cloud for price, performance, and security. Several Recommenders are already generally available, including VM Recommenders, Firewall Insights and IAM Recommender. In fact, there are many teams at Google Cloud who are working to build Recommenders that help you improve your cloud. But, we want to make sure it’s effortless and simple for you to find and take action on those recommendations. That’s why we’re also releasing the beta of our new Recommendation Hub, which highlights proactive recommendations in one place for you to view and act on.
Recommendation Hub is vital to bringing all of these optimization efforts together for you to see and take action on. Not only does the Hub capture the most impactful opportunities in your projects, but it also helps guide you across Google Cloud in general. Whether it’s networking, security, compute and storage resources, cost and billing, or Anthos, the Recommendation Hub will give you the tools you need to prioritize, analyze, and act on all of these valuable insights and recommendations.
Recommendation Hub and Recommenders are also part of a bigger initiative at Google Cloud to use machine learning and analytics to help you make better decisions, drive down costs, and automate your operations. There will be more announcements on that soon, but for now, let’s explore some of the Recommenders currently available for you to use.
Optimize resources for cost and performance with VM Recommenders
There will come a day when you might need to scale your virtual machine (VM) instances up or down. For that, we’ve got two types of Recommenders available: one to help you optimize your VMs for cost and performance, and a second to help you identify and delete (or back up) your unused VMs and persistent disks (PD) to avoid paying for resources you don’t use.
All of this helps you properly balance your performance and cost based on your unique situation. One customer, VuClip, decided to experiment with the Idle VM Recommender and is now making it a key part of how they optimize their cloud environment:
“We were in the midst of a hackathon recently, and we decided to test out Google Cloud’s Idle VM Recommender. We quickly learned that we had over 200 VMs that were sitting idle, but ultimately costing us money, that we wouldn’t have otherwise known about. The real bonus was that it only took a matter of seconds for Google Cloud to shine light on these idle VMs.” - Hrushikesh Kulkarni, Associate Director of Technology, VuClip
Secure your network with Firewall Insights
Firewall rule management is a constant challenge for security and network engineers. Firewall configuration can grow in complexity as more accesses are added over time, making it really hard to maintain. Firewall Insights, now in beta, is a new tool that helps secure your cloud environment by detecting and providing easy remediation options for a number of key firewall issues, including:
Shadowed rules that can’t be reached during firewall rule evaluation because they overlap with higher-priority rules
Unnecessary allow rules, open ports and IP ranges
Sudden hit increases on firewall rules (and a drill down into the source of the traffic) that signal an emerging attack
Redundant firewall rules, which can be cleaned up to reduce the total firewall rule count
Deny firewall rules with hit counts from sources trying to access unauthorized IP ranges and ports
Flowmon, a company that develops network performance monitoring and network security products, has been using Firewall Insights to gain new insights into its existing firewall rules:
“Firewall Insights has already proven to be an extremely valuable tool. With barely any effort, it gives us precise knowledge about what our firewall rules are actually doing. Through that, we’re able to optimize all of our firewall rules quickly and easily." - Boris Parák, Cloud Product Manager, Flowmon
Lock down unwanted access with IAM Recommender
In addition to firewall rules, permissions play another crucial role in your overall security posture. With IAM Recommender, you can remove unwanted access to Google Cloud resources with smart access control recommendations. IAM Recommender uses machine learning to automatically detect overly permissive access and help security teams figure out what permissions their project members really need. Not only does this help establish least-privilege best practices and reduce your organization’s security risks, but also prevents accidental changes to your data and cloud infrastructure. Here’s a video to show you how it works:
Many more Recommenders coming soon
We’re busy building more Recommenders which will appear in Recommender Hub. Here are a few that you can expect to see within the next few months:
Cost and performance
Compute Engine cross-family recommendations: Select the optimal VM family for your workload (e.g., memory-optimized).
Committed Use Discount (CUD) maximizer: Keep your cloud costs on budget by making sure you utilize your discounts to the fullest.
GKE RBAC: Assess and remove over-granted permissions.
Security keys: Protect high-risk users against phishing by implementing phone-as-a-security-key.
Compute Engine predictive auto-scaling: Reduce latency and costs by scaling compute proactively.
VPN tunnel: Proactively detect overutilized tunnels to prevent network packet loss.
With Recommenders, we’re trying to take the guesswork and toil out of keeping your cloud running optimally. To learn more about how Recommenders can help you, please check out our upcoming session “Cloud is Complex. Managing it Shouldn’t Be” during our Next OnAir digital event.