The latest thrust of Google’s strategy to establish greater relevance in the multi-cloud landscape may seem counterintuitive: luring more companies to its public cloud by building more offramps to other platforms.
Updates to Google’s cloud platform last week tripled down on portability, with workflow capabilities hitched to an open source technology, open source cloud tools for confidential computing and an open-sourced container runtime.
Of that trio, the one with the most potential for immediate impact is Cloud Composer, a managed Apache Airflow service now in beta for workflow creation and management. This fills an important gap on Google Cloud Platform (GCP), which lacked tools to connect its various analytics services, while its two main competitors, AWS and Microsoft Azure, have had workflow tools for years.
Google can pitch Cloud Composer as a tool that provides freedom from lock-in, which should be particularly attractive, as the open source community has been a driving force behind analytics and big data, said Mike Leone, an analyst with Enterprise Strategy Group in Milford, Mass.
“The open source aspects and ability to bring together data sources across different clouds and on premises serve as key differentiators that really set the managed service apart from the competition,” he said.
Cloud Composer is only available in the U.S. Central1 region, though Google plans to expand availability in the future. It also intends to add version selections for Airflow and Python, as well as autoscaling. It currently supports BigQuery, Cloud Dataflow, Cloud Dataproc, Cloud Datastore, Cloud Storage and Cloud Pub/Sub, and Google has also explored hooks into other GCP services, such as Cloud Spanner and Cloud Bigtable.
Michael Collisstaff software engineer, Blue Apron
Google said it won’t gate its managed version of Airflow, which means users will able to extend it to other cloud environments. It also intends to be a significant contributor to the Airflow community, including efforts to incorporate Kubernetes in the open source software.
Cloud Composer, which can be accessed via API or the command-line interface, takes away much of the work to get Airflow up and running. It incorporates GCP tools for identity and access management, audit logging and integrates with Stackdriver.
Blue Apron was among the hundreds of companies that participated in the alpha tests of Cloud Composer. It was a natural fit, because the company was already using Airflow and is a heavy user of BigQuery. Cloud Composer has the potential to save time and money by removing the difficult task of updating to new versions of Airflow, but it also keeps the company flexible if it opts to move workloads elsewhere, said Michael Collis, staff software engineer at Blue Apron, based in New York.
“That commitment to open source and knowing that they’re going to compete with the other cloud providers for our business on dimensions other than locking us in, that’s fairly appealing,” he said.
Free software offers Google customer inroads
This isn’t the first time Google has tapped open source cloud tools to advance GCP. It was part of the group behind Istio, an open source platform to manage microservices, and it’s the maker of Kubernetes, which is now the de facto standard for container orchestration.
That’s not to say Google’s efforts are purely altruistic. Google pitches GCP as an “open cloud,” but the majority of its services are proprietary. And that promise to keep lock-in at bay entices corporations to build applications on GCP, rather than going with a vendor they know, like Microsoft, or the one that created and still dominates the public cloud market — AWS.
“The goal, from Google’s perspective, is to pull applications into their Google Cloud, so they have a somewhat selfish perspective,” said Abhi Dugar, an IDC analyst.
Nor is Google alone to extend its cloud embrace. For years, Microsoft has attempted to shed its image as a closed-system hardliner, while IBM, Oracle and others have welcomed open source tools in their clouds, as well.
Containers at the center of it all
Google continues to bet heavily on containers and correlated open source projects as a differentiator. Last week, it also open sourced gVisor, a sandbox container runtime, and delved further into container security with a project called Asylo.
Asylo is an open source framework and software development kit for confidential computing, a model that runs applications in trusted execution environments (TEE) to ward off attacks on the underlying layers of the stack. Like the other major cloud vendors, Google already offers encryption at rest and in transit, but Asylo adds encryption in use. That isolation can prevent vendors from seeing sensitive information and limit internal access to guard against malicious parties inside a company.
Asylo is installed as a Docker image from the Google Container Registry and includes the dependencies required to run a corporation’s containers anywhere. Asylo also works with traditional virtual machines, but Google recommends using it with containers.
There’s nothing new about securing everything from the silicon up — chip manufacturers are working on confidential computing, and Microsoft added a framework for Azure last year. But Google sees broader implications with Asylo’s portability and ease of use to secure applications across multiple environments. IT shops don’t access the underlying infrastructure in the cloud, and creating a TEE on public clouds requires a lot of expertise.
Security vendor Gemalto tested Asylo for 5G, virtual network functions, blockchain and other secure forms of communication that require application secrets. “Some of the major industry users are restraining from moving workloads, because they don’t have that control of the infrastructure,” said Todd Moore, senior vice president of data protection at Gemalto. The degree of abstraction with Google’s strategy could upend that paradigm, he said.
However, IDC’s Dugar said he thinks Asylo’s impact will be less on the public cloud market and more tailored to the edge and IoT, which are less mature.
“It will be useful, but I don’t think it’s going to be the be-all end–all and, all of a sudden, because of this everyone rushes to Google,” he said.