Jump to Content
Management Tools

Using Recommenders to keep your cloud running optimally

June 8, 2020
Chris Law

Product Manager, Google Cloud

Tom Nikl

Senior Product Marketing Manager, Cloud Migration

As a cloud project owner, you want your environment to run smoothly and efficiently. At Google Cloud, one of the ways we help you do that is through a family of tools we call Recommenders, which leverage analytics and machine learning to automatically detect issues and present you with optimizations that you can act on. 

With Recommenders, our goal is to suggest quick, easy ways to optimize your cloud for price, performance, and security. Several Recommenders are already generally available, including VM Recommenders, Firewall Insights and IAM Recommender. In fact, there are many teams at Google Cloud who are working to build Recommenders that help you improve your cloud. But, we want to make sure it’s effortless and simple for you to find and take action on those recommendations. That’s why we’re also releasing the beta of our new Recommendation Hub, which highlights proactive recommendations in one place for you to view and act on. 

Recommendation Hub is vital to bringing all of these optimization efforts together for you to see and take action on. Not only does the Hub capture the most impactful opportunities in your projects, but it also helps guide you across Google Cloud in general. Whether it’s networking, security, compute and storage resources, cost and billing, or Anthos, the Recommendation Hub will give you the tools you need to prioritize, analyze, and act on all of these valuable insights and recommendations.

Recommendation Hub and Recommenders are also part of a bigger initiative at Google Cloud to use machine learning and analytics to help you make better decisions, drive down costs, and automate your operations. There will be more announcements on that soon, but for now, let’s explore some of the Recommenders currently available for you to use.

Optimize resources for cost and performance with VM Recommenders

There will come a day when you might need to scale your virtual machine (VM) instances up or down. For that, we’ve got two types of Recommenders available: one to help you optimize your VMs for cost and performance, and a second to help you identify and delete (or back up) your unused VMs and persistent disks (PD) to avoid paying for resources you don’t use. 

All of this helps you properly balance your performance and cost based on your unique situation. One customer, VuClip, decided to experiment with the Idle VM Recommender and is now making it a key part of how they optimize their cloud environment: 

“We were in the midst of a hackathon recently, and we decided to test out Google Cloud’s Idle VM Recommender. We quickly learned that we had over 200 VMs that were sitting idle, but ultimately costing us money, that we wouldn’t have otherwise known about. The real bonus was that it only took a matter of seconds for Google Cloud to shine light on these idle VMs.” - Hrushikesh Kulkarni, Associate Director of Technology, VuClip

Secure your network with Firewall Insights

Firewall rule management is a constant challenge for security and network engineers. Firewall configuration can grow in complexity as more accesses are added over time, making it really hard to maintain. Firewall Insights, now in beta, is a new tool that helps secure your cloud environment by detecting and providing easy remediation options for a number of key firewall issues, including:

  • Shadowed rules that can’t be reached during firewall rule evaluation because they overlap with higher-priority rules

  • Unnecessary allow rules, open ports and IP ranges

  • Sudden hit increases on firewall rules (and a drill down into the source of the traffic) that signal an emerging attack

  • Redundant firewall rules, which can be cleaned up to reduce the total firewall rule count

  • Deny firewall rules with hit counts from sources trying to access unauthorized IP ranges and ports

Flowmon, a company that develops network performance monitoring and network security products, has been using Firewall Insights to gain new insights into its existing firewall rules:

“Firewall Insights has already proven to be an extremely valuable tool. With barely any effort, it gives us precise knowledge about what our firewall rules are actually doing. Through that, we’re able to optimize all of our firewall rules quickly and easily." - Boris Parák, Cloud Product Manager, Flowmon

For more information on using Firewall Insights (which is also available in Network Intelligence Center), please reference our documentation or check out this video:

Video Thumbnail

Lock down unwanted access with IAM Recommender

In addition to firewall rules, permissions play another crucial role in your overall security posture. With IAM Recommender, you can remove unwanted access to Google Cloud resources with smart access control recommendations. IAM Recommender uses machine learning to automatically detect overly permissive access and help security teams figure out what permissions their project members really need. Not only does this help establish least-privilege best practices and reduce your organization’s security risks, but also prevents accidental changes to your data and cloud infrastructure. Here’s a video to show you how it works:

Video Thumbnail

Many more Recommenders coming soon

We’re busy building more Recommenders which will appear in Recommender Hub. Here are a few that you can expect to see within the next few months: 

Cost and performance

  • Compute Engine cross-family recommendations: Select the optimal VM family for your workload (e.g., memory-optimized).

  • Committed Use Discount (CUD) maximizer: Keep your cloud costs on budget by making sure you utilize your discounts to the fullest. 


  • GKE RBAC: Assess and remove over-granted permissions.

  • Security keys: Protect high-risk users against phishing by implementing phone-as-a-security-key.

Reliability, availability

  • Compute Engine predictive auto-scaling: Reduce latency and costs by scaling compute proactively.

  • VPN tunnel: Proactively detect overutilized tunnels to prevent network packet loss.

With Recommenders, we’re trying to take the guesswork and toil out of keeping your cloud running optimally. To learn more about how Recommenders can help you, please check out our upcoming session “Cloud is Complex. Managing it Shouldn’t Be” during our Next OnAir digital event.

Posted in