Google is seeking to entice more enterprise customers, not just through new cloud capabilities, but also by doubling down on the areas that matter the most to them: robust security, state-of-the-art data centers, and, as revealed at its latest Cloud Next conference, extensive support for hybrid cloud deployments.

The hybrid enterprise

In an admission that hybrid IT has become the new enterprise standard, at least for now, Google unveiled an on-premises version of the Google Kubernetes Engine (GKE) that it hopes will help organizations make a more gradual transition to the public cloud. As we reported at that time, GKE On-Prem will work exactly like the popular cloud service, enabling customers to orchestrate both versions within the same Google Cloud Platform (GCP) console.

“Eight out of 10 enterprises have their own multi-cloud strategy, and this is on top of their on-premises infrastructure that is not going away overnight,” said Urs Hölzle, senior VP for cloud infrastructure at Google Cloud, as he demonstrated the container engine running on a vSphere cluster.

“In a hybrid environment, you have to do things several times; each environment with its own rules. It is not surprising that administration has become one of the key expenses. According to an IDC study, between 2005 and 2015, server cost fell by 15 percent, but administration cost rose by 83 percent. That’s not a good trend, and we want to change that.”

Google’s efforts to simplify management for enterprises is also evident through the launch of Managed Istio, a tool used to connect, orchestrate and secure microservices. Currently in testing, Managed Istio is available for Google Kubernetes Engine and offers a common platform for managing microservices with “no scripts, no code changes”, Hölzle said.

A secure cloud

Brandon Baker speaking on the two distinct security boundaries within Google Cloud
Brandon Baker speaking on the two distinct security boundaries within Google Cloud – Paul Mah

Google wants businesses to know that its public cloud is secure. Unlike cloud rivals such as Amazon Web Services (AWS), which has traditionally been tight-lipped about its cyber defenses, Google was more than happy to talk about the many security mechanisms that its cloud platform incorporates.

Part of the plan to establish trust in its platform revolves around the creation of a verifiable security foundation, in which Google’s penchant for custom hardware plays a big part.

Using custom-built equipment cuts down on unnecessary features and reduces the “vendor in the middle” risk for a smaller attack surface, Mike Aiello, director of product management and Rob Sadowski, a trust and security marketing lead, explained in a joint presentation.

Indeed, practically every component of the Google cloud is made to order, ranging from its data centers to purpose-built servers that arrive with a proprietary Titan security chip designed to serve as a ’hardware root of trust’ for both machines and peripherals.

Google also takes great pains to protect against malicious code. On the software side, the rule of thumb is at least two distinct boundaries between non-trusted code and its core systems, according to Brandon Baker, cloud security tech lead at Google Cloud. This typically means the use of a purpose-built virtual machine designed with security in mind, running on a hypervisor such as KVM.

And should a global patch be necessary, built-in live migration capability allows Google to patch an entire cloud zone within the span of a few hours, and with no disruption to customers. Baker noted that this was done in response to the Spectre and Meltdown debacle, which saw Google patch the flaws late last year, before they were made public.

Joe Kava, senior vice president of technical infrastructure at Google
Joe Kava, senior vice president of technical infrastructure at Google – Paul Mah

Upgradeable data centers

While Google’s efforts to achieve better energy efficiency through machine learning (ML) technology, in particular the DeepMind neural network, have been widely publicized, less is known about the upgradeable nature of its data centers. The latter was revealed by Joe Kava, Google’s senior vice president of technical infrastructure.

“A few years ago, I would not have been able to predict that we needed liquid cooling at the chips for our latest generation of Tensor processing units, the cloud chips that is powering our AI and ML systems. But we do; we were able to retrofit our [existing] data centers,” he said.

While Kava admitted that the upgrading process was “a bit like open heart surgery,” it was the forward-looking design that made such a task possible: “We built in hooks when designing our data centers that allow us to upgrade, to change the physical infrastructure without having to rip it down and start from scratch.”

Google’s efforts to optimize its data centers through machine learning had also resulted in some surprising outcomes, Kava said, including non-intuitive configurations that had seasoned data center managers scratching their heads.

“Most people think that running fewer chillers at higher load is better for efficiency, [but] under certain weather conditions that’s apparently not the case, and we proved it. The machine [recommended]: turn on two more chillers and run them at 70 percent. That’s not the most efficient, [but] we did it and we measured. Power consumption was actually lower.”

For now, Kava says Google is rolling out “Tier 2” automated control systems. Instead of having operators key in recommendations generated from ML systems, the new system will see data centers optimize themselves in real-time in response to weather and load conditions.

Challenges in Southeast Asia

This is not to say that Google is finding the cloud market to be smooth sailing. Despite the unveiling of its third data center in Singapore last week, it remains to be seen whether the cloud giant’s strategy of building larger facilities in fewer locations will work well in the Asia Pacific, due to the gathering momentum when it comes to data sovereignty.

Ajey Gore, group CTO of Indonesia unicorn Go-Jek told DCD that while his company’s infrastructure runs on Google Cloud, systems supporting its GoPay payment gateway actually operate from colocation facilities in Indonesia to meet regulations. Moreover, Google Cloud is not yet available in every country in the region, which means some organizations that would have preferred Google Cloud had to look for alternatives.

Malaysian low-cost airline AirAsia uses Alibaba Cloud in China, said Nikunj Shanti, its chief data and digital officer, to address increasing ticket sales from customers on the mainland. Shanti is currently involved in ongoing efforts to move the airline’s complex operations and ticketing systems onto a serverless architecture on Google Cloud.

In a press interview, Rick Harshman, the managing director of Asia Pacific and Japan, noted that Google will soon have six regions, once the Hong Kong cloud region goes live, giving Google Cloud an enviable footprint that includes India (Mumbai), Singapore, Taiwan, Japan (Tokyo) and Australia (Sydney). There are also persistent rumors about the company entering the Chinese market in partnership with local infrastructure providers.

“The cloud allows businesses to be nimbler, more agile, [to deliver] amazing customer experiences and grow fast. That’s why so many big companies and small companies are looking at the cloud,” Harshman said. “Our growth is phenomenal right now, and we expect that to continue.”