Introducing Cross-Cloud Network: a new way to network
Muninder Sambi
VP/GM, Product Management, Cloud Networking
Organizations depend on the network to drive transformation and deliver business outcomes. But networking has become incredibly complex, as organizations migrate workloads, assemble modern distributed applications (often across on-prem and multiple clouds), and adopt new innovations such as generative AI where they need high-performance networking to run foundation models, training and inferencing at scale, independent of where their data resides. At the same time, organizations are managing a larger-than-ever hybrid workforce that requires network and security access to applications from anywhere.
Today, the network has to be purpose-built for different use cases. For example, organizations operate bespoke networks with turnkey security to connect to multiple clouds. They set up private data centers to connect and secure the hybrid workforce to access cloud and on-prem resources, and manage multiple CDN clouds to accelerate web apps, shorts, streaming, etc. Operating multiple networks and security stacks increases operational complexity, leads to an inconsistent security posture, and drives up total cost of ownership.
As we spoke with customers about their networking needs, we learned that these challenges were common across organizations. Data from global sources indicate that organizations are seeing the same challenges. For example:
- “Gartner’s 2020 Cloud End-User Buying Behavior Survey shows that adoption of multicloud infrastructure is prevalent among respondents (76%).”1
- “A 2022 Gartner survey indicates that 66% of organizations are already adopting a hybrid workplace model, and another 30% are planning to adopt it toward the end of 2022.”2
- “In today’s operational environment, where cybersecurity is a board-level discussion, and the average breach costs over $3.5 million, organizations must understand and plan to address the risk at each level of the edge computing reference model.”3
- And according to Forrester, 74% of surveyed organizations reported at least one breach in 2022.4 This is not surprising given that Dataprot reported 560K new malware are detected daily.5
At Google Cloud, we take a holistic, modern approach to simplifying and securing networking to address the challenges of networking, and the need for organizations to have simple cross-cloud connectivity and security for their applications and users, all while reducing total cost of ownership. Today, at Google Cloud Next, we made an important step to that end, with the introduction of Cross-Cloud Network, and many enhancements to the Google Cloud Networking portfolio.
Introducing Cross-Cloud Network
We’re excited to announce Cross-Cloud Network, an open and programmable global cloud networking platform that enables simple connectivity between clouds and on-prem locations.
Cross-Cloud Network consists of existing and new products from Google Cloud and partners, which all work together to simplify and accelerate the deployment of key use cases. Cross-Cloud Network is built on the three following tenets:
- Open - Cross-Cloud Network simplifies integration of partner products and services, providing you choice and fast time to market. It’s also programmable so you can customize the services that you need for your business.
- Secure - We built ML-powered security products such as Cloud Armor and partnered with companies such as Palo Alto Networks to integrate advanced security technologies that can provide high threat efficacy with security posture controls.
- Optimized - Cross-Cloud Network optimizes workload performance with lower latency, higher throughput, and bandwidth. As organizations adopt generative AI, optimization is crucial for end-to-end performance.
Cross-Cloud Network helps address the networking needs of three most common use cases across clouds:
- Build distributed applications
- Deliver internet-facing applications
- Secure access for the hybrid workforce
Let’s take a look at each of these use cases, and how Cross-Cloud Network helps enable them. Along the way, we’ll tell you about new products and feature enhancements in the Cross-Cloud Network family that can help organizations successfully deploy these environments.
1. Build distributed applications efficiently
Cross-Cloud Network makes it easier to build and assemble distributed applications across clouds while reducing total cost of ownership by up to 40%. It does so with products such as Cross-Cloud Interconnect, which we introduced in May, offering a managed interconnect with 10 Gbps or 100 Gbps bandwidth, backed with a 99.99% SLA. It supports Alibaba Cloud, Amazon Web Services, Microsoft Azure, and Oracle Cloud Infrastructure with availability in all our regions to enable you to drive faster business outcomes.
“Yahoo Mail is moving its backend onto Google Cloud and leveraging the planet-scale network for high performance and secure access to Google's data services. Cross-Cloud Network and Interconnects for high-scaled and high-performing secure access to Spanner and BigQuery will help Yahoo deliver performance and security across hundreds of millions of mailboxes." - Aaron Lake, Senior Vice President and CIO, Yahoo
“At Priceline, speed of innovation is a competitive advantage as we create ‘moments that matter’ for our customers. Cross-Cloud Network aims to simplify and speed up connectivity, scalability and security as we leverage emerging capabilities such as AI and machine learning on Google Cloud.” - Ken Kirchoff, Senior Director of Enterprise Architecture, Priceline
We are collaborating with partners such as BT to enable a global connectivity fabric to help connect customers to Google Cloud.
"BT is pleased to partner with Google Cloud in enabling customers to connect to the Google Cloud's Cross-Cloud Network using the BT Global Fabric. Google's global WAN and BT’s network are interconnected globally to enable enterprise branches and users to connect to cloud-based applications with the highest reliability and performance" - Colin Bannon, CTO of BT Global Services
As more organizations leverage hybrid and multicloud environments, Cross-Cloud Network helps ease operational requirements and lets them focus on running the business versus the network.
"Organizations are focused on achieving business outcomes and they need cloud offerings that combine best-in-class technologies to accelerate business transformation. Cross-Cloud Network is an innovative approach that promises to simplify connectivity and security with a programmable platform that is open to partners and customers. It supports organizations as they embark on cloud native apps, generative AI, SaaS, data and analytics across clouds." - Vijay Bhagavath, Vice President of Cloud Networking at IDC
AI/ML optimized networking
AI/ML and generative AI workloads require high-performance networking. Last year, we introduced our C3 VM family with 200 Gbps networking and line-rate encryption. C3 VMs feature the Titanium Network Adapter, part of our Titanium system of offloads, that delivers up to twice the throughput of prior VM generations, and three times the packet processing speed. Our recently announced A3 VMs also provide significantly higher throughput, lower latency, and greater scale with the Titanium Network Adapter’s ten-fold increase in the total networking bandwidth for AI/ML workloads.
Simplified connectivity and service networking
Customers are increasingly consuming SaaS applications across clouds. Private Service Connect provides simple and scalable connectivity to managed services without leaving the Google Cloud network. Now supporting 20+ different Google and partner managed services, Private Service Connect provides a consistent platform for service connectivity between different VPCs and companies. We are introducing several unique capabilities including:
- Global access for accessing services across regions
- PSC Interfaces for private and secure managed service egress
- Organization policies for help with broadly securing private connectivity across your entire company
To simplify the network layer, VPC Spokes support in Network Connectivity Center now lets you smoothly scale VPC connectivity, providing reachability between a large number of VPC spokes. Peered VPC spokes with overlapping RFC1918 addressing will be able to utilize Cloud NAT’s Inter-VPC NAT feature, ensuring that Inter-VPC network traffic stays within the Google Cloud network versus traversing the internet to help ensure privacy and security.
“As a leading global real estate group, Lendlease builds connected communities and delivers workplaces of the future around the world. We partner with Google Cloud to leverage their planet-scale network and with Network Connectivity Center, we are simplifying and scaling networking with hundreds of locations, enabling our team to accelerate business, and deliver optimal experiences everywhere." - Martin Hogan, Network Domain Architect, Lendlease
We also added new application load-balancer optimizations to support globally distributed workloads. These capabilities optimize traffic between distributed clients and backend services, which can improve traffic flows and overall resiliency for internal applications. Specifically, the internal Application Load Balancer now supports:
- Global access, which allows private clients from any Google Cloud region to access internal load balancers residing in any other Google Cloud region.
- Global backends, which allow internal Application Load Balancers to health-check and send traffic to globally distributed backend services.
Help protect with 20x higher efficacy
Today, we are introducing our new Cloud NGFW in preview, a cloud-first next-generation firewall, or NGFW, co-developed with Mandiant and Palo Alto Networks to deliver advanced threat protection and operational simplicity, including a unified approach to network security posture control through:
- Inline threat protection with 20x higher efficacy compared to other cloud firewalls, as validated using Ixia Breakingpoint benchmarks, enabled with threat protection from Palo Alto Networks
- A built-in distributed firewall architecture to ensure simplicity, scale, and coverage across the cloud without the need to re-route traffic or re-architect cloud networks
- Unified network security posture controls across perimeters and workloads that allow setting org-wide policies or IAM-provisioned tag-based policies that follow the workload across network and application layers
- Simplified single-policy threat response that’s enforced org-wide to quickly address security incidents
“Increasingly our workloads are migrating to the cloud, we wanted to have comprehensive threat protection closer to our workloads. Google’s Firewall Plus with its Cloud NGFW capabilities simplified our network architecture, gave us granular access control and advanced policy enforcement, all of which improved our overall security posture and lowered operations costs.” - Richard Persaud, Network Security Architect, McKesson CoverMyMeds
Some customers need operational consistency with their on-prem environments. We’ve extended the Cloud NGFW architecture to enable SaaS-like consumption of our partners’ NGFWs, providing operational simplicity and broad coverage of network-based threats via policy-driven firewall insertion. With Network Service Integration Manager, we simplify the setup and operation of partner NGFWs from Checkpoint, Cisco, Fortinet, and Palo Alto Networks.
2. Accelerate the delivery of internet-facing applications
Quality of experience is crucial for internet-facing applications such as gaming, shopping, shorts, live streaming, and super apps. With Cross-Cloud Network, our global frontend delivers the performance, reliability, and global reach with 40% lower TCO.
"With 100+ million monthly active users, Moj, ShareChat, India’s leading short video platform needs an infrastructure partner that can provide instant scalability. Google Cloud’s frontend is able to deliver the performance and user experience with lower TCO to help us expand rapidly.” - Chhaya Sharma, Director of Engineering, Sharechat
To help further accelerate the delivery of internet-facing applications, we have added many enhancements to products and features in the Cross-Cloud Network portfolio:
Extending programmability to application delivery
As an open platform, Cross-Cloud Network is built for programmability and we continue to expand on that. We introduced Service Extensions last year, providing the insertion of WebAssembly (Wasm) plugins into the Media CDN data path. And today, we are introducing Service Extensions callouts for Cloud Load Balancers, so you can customize services such as specialized monitoring, logging, traffic steering, or authentication. Service Extensions callouts enable organizations to address the unique requirements of their applications.
"Replit provides a powerful platform used by millions of developers worldwide to build and deploy apps. Google Cloud, combined with our custom software, provides low-latency, high-reliability infrastructure for our platform to deliver the best performance and scale for our users. We are excited about Service Extensions callouts to help integrate and scale our software, unlock future data plane customizations, and enable developers to deploy AI-powered applications.” - Scott Kennedy, Head of Infrastructure, Replit
Service Extensions callouts for Cloud Load Balancers also allow integration of partner solutions for a variety of use cases like API security, Bot management, logging, monitoring etc. Human Security and Traceable are early partners who are in the process of integrating their services with Google Cloud Load Balancers.
The global frontend is further simplified with a new automation solution toolkit that lets customers quickly integrate and automate our unified application delivery and protection offerings including Cloud Armor, Cloud Load Balancing, and Cloud CDN into popular CI/CD platforms. This solution provides pre-created tasks and workflows for common operations and an opinionated automation approach with best practices built-in. This automation toolkit contains pre-built integrations with popular CI/CD DevOps automation platforms including Jenkins, Gitlab, and Cloud Build. You can find the full repository here.
Secure cross-project application delivery
Today, we introduced new capabilities into Cloud Load Balancing to support additional deployment options for teams with many cloud projects, and enhance end-to-end security for traffic.
Cloud Application Load Balancers now support cross-project service referencing. This capability was available in our regional Application Load Balancers and is now added to the global Application Load Balancers. Cross-project service referencing allows organizations to route traffic to services in different cloud projects, enabling deployment flexibility for services to reside in the projects that best meet your organizational needs.
Additionally, global external Application Load Balancers have enhanced security with mTLS client-side authentication. This capability allows the server to verify the client’s identity in the same way that the client verifies the server’s identity during standard TLS authentication.
Accelerated DDoS response with ML-powered security
Since launching Cloud Armor Adaptive Protection, our ML-based mechanism to detect and help protect from DDoS attacks, customers have had such positive results that they have requested further automation to react faster to attacks. Today we are proud to announce the general availability of auto-deployment for Cloud Armor Adaptive Protection. Now you can configure Adaptive Protection to automatically deploy the tailored rules proposed by our machine learning models and help quickly mitigate DDoS attacks before they have a chance to impact your business.
3. Enable secure access for the hybrid workforce
Security Service Edge (SSE) solutions are being adopted by organizations to provide secure access to enterprise applications, SaaS and to help protect the distributed workforce. However, users connecting to SSE experience higher latency for private apps as SSE solutions rely on fixed tunnels over best-effort internet links to reach private applications across clouds.
Organizations also find it difficult to bring their high-bandwidth on-premises user traffic into SSE for security inspection due to complex networking. As a result, they often deploy firewalls on-prem instead.
To help businesses standardize on a common SSE stack of their choice for securing access for all their hybrid workforce and enabling optimal user experience, we are announcing a partnership with Palo Alto Networks leveraging Prisma Access, and Broadcom with Secure Web Gateway to offer their solutions natively in Google Cloud.
Cross-Cloud Network can direct all on-prem user traffic to these SSE solutions hosted in Google Cloud. After security inspection, traffic is routed to applications in Google Cloud or over Cross-Cloud Interconnect to other clouds. Because the security stack is deployed natively in Google Cloud, there are no tunnels or overlay networks required, allowing the stack to perform at its best. As a result of the native integration of these SSE solutions into Cross-Cloud Network, businesses will gain security controls and up to a 35% reduction in network latency.
Simplifying cross-cloud connectivity and security
With Cross-Cloud Network, we’re building simple, repeatable networking use cases built on products in our portfolio and those of our partners, helping our customers reduce network latency by up to 35%, protect with 20x higher threat efficacy compared to other cloud offers, and driving down total cost of ownership by up to 40% enable accelerated transformation.
“Business outcomes and use cases continue to drive the adoption of cloud and not the other way around. Top outcomes sought by executive leaders by adopting cloud buying patterns are IT modernization, improved efficiency and data security.”6 - Sid Nag, Research Vice President at Gartner.
For more on the Cross-Cloud Network, be sure to tune into the Google Cloud Next breakout session ARC201, What's new in cloud networking: AI-optimized infrastructure, ML-powered security, and more, ARC202, Design secure enterprise networks for a multi-cloud world, and ARC 203, Elevate end user experience with planet scale Google Cloud CDN. Hope to see you there!
1. Gartner®, Quick Answer: Who Is Adopting Multicloud Infrastructure? Michael Warrilow, Hank Barnes, September 2022. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
2. Gartner, Forecast Analysis: Knowledge Employees, Hybrid, Fully Remote and On-site Work Styles, Worldwide, Ranjit Atwal, Anna Griffen, Rishi Padhi, Namrata Banerjee, January 6, 2023
3. Gartner, Use Our Edge Computing Reference Model to Reduce Complexity and Risk, Tim Zimmerman, Mohini Dukes, August 16, 2023
4. Forrester, The State of Application Security, Janet Worthington, Sandy Carielli, June 2023
5. Dataprot, A Not-So-Common Cold: Malware Statistics in 2023, July 2023
6. Gartner, How Should Executive Leaders Navigate the Cloud Market?, Sid Nag, July 24, 2023