GDG_Google_Cloud_Infra_Next_Ext_19.pdf

Transcript

1. Google Next ‘19 Infra/Data Ayrat Khayretdinov Cloud Architect

2. Infrastructure services

3. Infrastructure services on GCP

4. Google Compute Engine today • Run large-scale workloads on virtual

   machines hosted on Google’s Infrastructure • Machine types: ◦ Predefined ▪ High CPU ▪ High memory ▪ Standard ◦ Shared-core machine types ◦ Custom machine types • GPU support • Sole-tenant nodes • Shield VMs

5. GCE Billing • Per-minute billing • Sustained use discounts -

   machine type SKUs included vCPUs and memory as a single unit. • Preemptible instances • Custom machine types

6. GCE highlights 1. New Compute-Optimized & Memory Optimized VMs (alpha)

   for Compute Engine — new VM family type that is optimized for very consistent, high-end compute performance. Customers can run more EDA, gaming and HPC workloads on GCP.

7. GCE highlights 1. GCE Windows BYOL (Beta) for Compute Engine

   — customers can leverage their existing investment in Microsoft Windows and SQL Server licenses while running on GCE sole tenant nodes and have more purchasing flexibility, and licensing compliance with MSFT
8. None
9. None

10. cloudops.com @cloudops_ Page K8s Overview - Kubern what? 10 •

    Greek for “Pilot” or “Helmsman of a ship” • Container automation framework • 100% Open source, written in Go *Slide Inspired by Bob Killen and Jeffrey Sica’s slide deck on K8s 1.12

11. cloudops.com @cloudops_ Page K8s 11 *Slide Inspired by Bob Killen

    and Jeffrey Sica’s slide deck on K8s 1.12

12. Google Kubernetes Engine (GKE) • Fully managed Kubernetes cluster (orchestration

    system for running containers) • Complimentary services: ◦ Google Cloud Build ◦ Google Container Registry ▪ Scanning vulnerabilities

13. Google Kubernetes Engine • Flexible Deployments based on you use

    case: ◦ Zonal vs Regional ◦ Public Nodes + VPC Native ▪ Public master API endpoint ▪ Master Authorized Networks ◦ Private

14. cloudops.com @cloudops_ Page GKE - VPC-native and Private Cluster VPC-native

    • Default starting March 31st 2019 • Network / Node / Pod / Service ◦ Same as previous section • VPC-native cluster using Alias IP, removes the job of routing between pods from the Kubernetes Control Plane (Master(s)) in favor of a native VPC integration. This allows for things like CloudSQL private IP access or direct access to things like BigQuery without a NAT proxy. 14

15. cloudops.com @cloudops_ Page Private Cluster • In a private cluster,

    nodes do not have public IP addresses, and the master is inaccessible by default. • Private nodes don’t have internet access. • Requires VPC Peering ◦ Wait, what the heck is VPC peering? ▪ Let’s do a quick GCP Networking 101 • VPC Networks • Shared VPC • VPC Network Peering GKE - VPC Native and Private Cluster 15

16. Google Kubernetes Engine • Notable Features ◦ Secure (CoS, Networking

    Policy, PSP) ◦ Service Mesh (Managed Istio) ◦ Autoscaling ◦ Auto-healing ◦ Auto-upgrades

17. Announcement 1. GKE - RBAC support Google Groups (Beta) 2.

    GKE Sandbox (Beta) - based on Gvisor 3. Kubernetes development plug-ins for Visual Studio Code (Beta) GKE

18. Anthos (Hybrid-Cloud+Multi-Cloud)

19. None

20. Announcements: Anthos Migrate - Migrate tool that existing monolithic applications

    and breaks them down into smaller microservices and containers, then moves them into Anthos or GKE (without requiring VM modifications) (Beta)

21. Announcements: Traffic Director (Beta) - Google Control plane for Traffic

    and config management. ◦ Global load balancing ◦ Traffic control capabilities

22. Serverless on Google cloud

23. Announcements

24. Announcements

25. Announcements

26. Announcements

27. Networking 1. 100 Gbps Interconnect (Beta) - The new 100

    Gbps Interconnect pipe provides customers with additional capacity 2. VPC Peering for Custom - Enables custom route (static routes or dynamic routes) exchange between peered VPC networks in GCP 3. VPC Firewall Logs (GA) - Allows you to audit, verify, and analyze the effects of your firewall rules 4. High Availability VPN (Beta) - High availability VPN offers a 99.99% uptime SLA; we are first in the industry to achieve a 99.99% SLA 5. DNS Private Zones (GA) - Easy-to-manage internal DNS solution for your private GCP networks 6. Network Tiers (GA) - Premium Tier vs Standard Tiers

28. IAM 1. Managed Service for Microsoft Active Directory (Alpha) -

    is a highly available, hardened Google Cloud service running Microsoft AD, to help you manage cloud-based AD-dependent workloads, automate AD server maintenance and security configuration, and extend your on-premises AD domain to the cloud. 2. Policy Intelligence (Alpha) - 3 new tools to help you understand and manage your IAM policies and reduce risk: IAM Recommender, Access Troubleshooter, and Validator.