20+ Cloud Networking innovations unveiled at Google Cloud Next
VP/GM, Product Management, Cloud Networking
Networking is the foundational fabric that allows organizations to thrive in a digital business world. Today at Next ‘22, we are announcing a series of innovations to our Google Cloud networking services, all designed to meet customers where they are with AI/ML-powered services and built-in security.
We start with a planet-scale network that is continually expanding to reach more customers. At 35 regions, 106 zones and 173 network edge locations across 200+ countries and territories, the Google Cloud Network offers services that allow customers to easily migrate, modernize, secure, and observe their workloads.
“As enterprises continue to migrate new and established workloads to public cloud, they are recognizing that network architectures, infrastructure, and operating models must be modernized. In a cloud context, the network truly is the digital nervous system, providing secure and ubiquitous connectivity for business resilience and digital experiences. With these latest enhancements and additions to its network and security portfolio, Google Cloud is responding to the need for simplified cloud migrations through network modernization, which is integral to the success of enterprise digital transformation,” said Brad Casemore, Research VP, Datacenter and Multicloud Networks, IDC.
Let’s take a closer look at all the enhancements we announced today, also covered in our Networking session MOD 205.
As customers migrate services to the cloud, they may face connectivity and security challenges. Private Service Connect connects services across VPC networks that are in different groups, teams, projects or organizations, over an encrypted connection. Today, we are announcing the following Private Service Connect enhancements in Preview:
- L7 PSC provides consumer-controlled security, routing, and telemetry to help enable more flexible and consistent policy for all services
- Private Service Connect over interconnect provides support for on-prem traffic through Cloud Interconnects to PSC endpoints
- Private Service Connect for hybrid environments can enable producers and consumers to securely connect and access managed services from cloud or on-prem
- Integration with 5 new partner managed services from Confluent, Databricks, DataStax, Grafana, and Neo4J, enabling customers to easily consume data and analytics services
You can learn more about Private Service Connect and these enhancements here.
Customers with High Performance Computing (HPC) workloads are migrating to the cloud to leverage exponential gains in IOPS. Workloads such as scale-out analytics, AI/ML, and financial risk modeling and simulation demand the highest compute and network performance. We are introducing the preview of 200 Gbps networking for the new C3 virtual machine family, offering 2x the bandwidth of the C2 family, and line rate encryption using the open-source PSP Security Protocol.
When it comes to the network, modernization takes on many forms. For some customers, it’s about application modernization and for others, it’s about modernizing with cloud and reaching more customers through content-delivery networks (CDNs). Here are just a few of the ways we’re helping Google Cloud customers modernize their network infrastructure.
Content Delivery Network
Earlier this year, we introduced Media CDN, which leverages the same infrastructure as YouTube to enable exceptional video-on-demand and live streaming experiences through caching presence across 1,300+ cities and 200+ countries and territories. Paramount Global is one of the world’s largest producers of premium entertainment content, and has adopted Media CDN:
“Streaming is one of the key growth areas for Paramount Global. When we migrated traffic onto Media CDN, we observed consistently superior performance and offload metrics. Partnering with Google Cloud enables us to provide our subscribers with the highest quality viewing experience.” says Chris Xiques, SVP of Video Technology Group at Paramount Global.
Media CDN now supports the Live Stream API to ingest and package source content into HTTP-Live Streaming and DASH formats for optimized live streaming. We are enabling two new developer-friendly integrations in Preview for Media CDN: Dynamic Ad Insertion with Google Ad Manager which provides customized video ad placements, and third-party Ad Insertion using our Video Stitcher API for personalized ad placement. With these options, content producers can introduce additional monetization and personalization opportunities to their streaming services.
For advanced customization, we are introducing the Preview of Network Actions for Media CDN (update April 24, 2003: the feature has since been renamed to Service Extensions), a fully managed serverless solution based on open-source web assembly that enables programmability for customers to deploy their own code directly in the request/response path at the edge. Using Network Actions, customers can unlock a wide variety of custom use cases such as security controls, cache offload, custom logs, and more.
Many customers are rethinking and modernizing their CDNs and migrating to cloud-based solutions to minimize costs and maximize end-to-end performance. AppLovin, which provides an industry-leading mobile app platform, is one such customer that migrated to Cloud CDN for improved performance.
“AppLovin powers many of the world’s most popular mobile apps and game studios. Partnering with Google Cloud has enabled us to expand our platform globally and reach more users quickly. We tripled our traffic in 90 days with millions of requests per second and saw a 50% reduction in latency with Google Cloud Load Balancing and Cloud CDN,” says Omer Hasan, VP of Operations at AppLovin.
Today, we are adding dynamic compression to Cloud CDN to further accelerate applications by significantly reducing the size of responses transferred from the edge to a client. Dynamic compression accelerates page load times and reduces egress traffic for better performance and efficiency.
Customers running network-intensive Enterprise and Telco workloads in container network functions (CNFs) can use high-performance dataplane and multi-networking under the umbrella of Network Function Optimizer. Network Function Optimizer, in Preview, delivers enhanced networking capabilities that allow customers to connect multiple container network functions, apply labels for selection and to steer the traffic to them. High performance networking in Google Distributed Cloud Edge platform leverages capabilities such as DPDK and SR-IOV for faster packet processing.
Protect with built-in security
Google Cloud offers a comprehensive network security solution to help protect your cloud infrastructure. Cloud Firewall and Cloud Armor are two of those tools.
Expanding Cloud Firewall
Google Cloud Firewall helps customers achieve a zero-trust network posture via a fully distributed, cloud-native firewall service with advanced protection capabilities and granular controls. We are expanding our Cloud Firewall product line and introducing two new tiers: Cloud Firewall Essentials and Cloud Firewall Standard.
The new Cloud Firewall Standard in Preview offers expanded policy objects for firewall rules that can simplify configuration and micro-segmentation to help protect your cloud infrastructure and workloads. It includes the following types of objects, whose contents are built and auto-updated by Google: Google Cloud Threat Intelligence - with five types of curated lists, one of which is known malicious IPs - Domain Name (FQDN), and Geo-location based objects, which together, combine to offer robust and highly scalable protection.
Cloud Firewall Essentials is our current foundational tier of firewall capabilities. We recently introduced new configuration structures, Global and Regional Network Firewall Policies, which have built-in IAM controls, may be applied across VPCs, and support batch rules updates. In addition, we announced IAM-governed Tags, enabling scalable micro-segmentation policies that follow the workload. Both of these features are now generally available. And we have added Address Group objects, in Preview, to help simplify automation and infrastructure-as-code operations.
The combination of IAM-governed Tags in Cloud Firewall Essentials, the dynamic objects in Cloud Firewall Standard, Address Groups, and our existing hierarchical firewall rules helps customers run a very flexible, least-privilege, self-service environment that enforces pinpoint policy with greater simplicity and decreased operational cycles. You can hear more about Cloud Firewall at Next session MOD107.
Cloud Armor named a Strong Performer
We’ve also extended the capabilities of another network security product, Google Cloud Armor, which helps protect web applications, services, and APIs from both DDoS attacks and web application exploit attempts. You can now configure the ML-based Adaptive Protection capability – which recently detected and protected a customer from the largest L7 DDoS attack to date (hear more in session SEC201) – to automatically deploy its proposed rules. We’ve also enhanced tuning for preconfigured WAF rules, adding field exclusion, signature opt-in, and expanded JSON content type support, all now in Preview. Preconfigured WAF rules using the latest ModSecurity Core Rule Set v3.3 covering the OWASP Top 10 web-app vulnerability risks are now generally available.
And we are pleased to share that Google Cloud Armor was named a Strong Performer in The Forrester Wave™: Web Application Firewalls, Q3 2022 (report linked here). This is our initial debut in the WAF Wave, and it's encouraging to see the third party recognition for the product in this market segment.
Observe, detect, and recommend
Throughout the customer journey, observability is a key enabler of successful network migration, modernization, and security. Network Intelligence Center, our real-time observability platform, continues to expand its ability to help customers tame operational complexity. Here are several enhancements to Network Intelligence Center.
Network Analyzer, now generally available, automatically learns and monitors customers’ network deployment , specifically to detect mis-configurations and drifts on network topology, firewall rules, routes, load balancers and connectivity to services and applications. Customers can set alerts on insights with log-based alerting, and programmatically access the data with the Recommender API.
Performance Dashboard now provides visibility into latency measurements for Google Cloud to Internet traffic at per-project and global levels. This visibility helps customers plan the placement of their Google Cloud resources and overall network architecture.
Network Topology is enhanced with a new “top talkers” view so that customers can quickly identify and monitor their top contributors to egress, and optimize the architecture for performance and cost.
Firewall Insights launched new enhancements to provide IPv6 rule coverage and custom insight refresh cycle to generate shadowed rule insights for projects.
Innovating at all layers of the stack
From startups born in the cloud to enterprises migrating to the cloud, companies are leveraging the ubiquity of cloud everywhere as a catalyst to shape, expand, and accelerate their digital transformation. At Google Cloud, we are working side-by-side with customers to simplify their cloud journey with innovations at all layers of the networking and security stack to open new possibilities. Check out these Cloud Networking sessions from Google Cloud NEXT to learn more.