Google kicked off its Cloud Next London event today with a huge services dump that includes several new enterprise cloud networking capabilities. Two important ones are container-native load balancing and a managed network address translation (NAT) service called Cloud NAT.
NAT is a way to remap one IP address space into another by modifying network address information in the IP header of packets while they are in transit. This enables private IP networks that use unregistered IP addresses to connect to the internet. It’s traditionally done on routers and switches, but this type of routing becomes more difficult and complicated in the cloud.
The new Cloud NAT, fully managed by Google, simplifies the process. It allows users to provision application instances without a public IP address, while also allowing them to access the internet for things like patching and updates. Outside resources cannot directly access these private instances behind the Cloud NAT gateway, which keeps these instances secure.
It uses Google’s SDN platform Andromeda with no managed middle proxy. “What that means is there is no chokepoint in your network,” said Prajakta Joshi, senior product manager for cloud networking at Google Cloud. “You get high performance and scale, and under the hood there is no middle proxy. It is fully software-defined.”
It also supports both Google Compute Engine virtual machines (VMs) and Google Kubernetes Engine (GKE) containers. This speaks to Google’s two goals for growing its enterprise customers that it wants to address with all of its new cloud services.
The first goal: “closing the table-stakes gap,” Joshi said. This includes cloud networking, connectivity between on-premises and cloud deployments, and scalability. “And not only close it, but make sure the architecture is much more agile and software-defined,” she added.
Containers: ‘First-Class Citizens’
Google’s second goal is to help customers modernize their infrastructure. Containers, and specifically Kubernetes, play a big part in this one.
Google’s new container-native load balancing for applications running on GKE and self-managed Kubernetes in Google Cloud is also important. This capability uses an abstraction called Network Endpoint Groups. It load balances directly to the containers instead of the VMs, which saves one or two extra hops.
“These capabilities that work extremely well for VMs: we want to make sure they work as well if not better for containers, and this is one feature that does that,” Joshi said. “We want containers to be first-class citizens for all of these cloud services.”
In addition to these two cloud updates, Google also announced a couple new cloud networking services focused on security. One manages Transportation Layer Security (TLS) certificates for HTTPS load balancers. Another, called Firewall Rules Logging, allows customers to audit, verify, and analyze the effects of their firewall rules. Both are in beta.
More Enterprise Cloud Services
Also at Cloud Next London, Google made available new features for two of its cloud-native database offerings, Cloud Spanner and Cloud Bigtable. These help companies develop and deploy apps using the databases. And it added capabilities to Apigee, its lifecycle API Management platform.
It rolled out new enterprise-grade features in Google+ and said customers including Nielsen and Auchan are using them to share business information across their organizations.
And on the cloud storage side of things, Google added new data replication options including a dual-region option. This geo-redundant capability gives companies better data availability. It also provides low-latency storage access for co-located compute resources.