What's New at GCP: IBM Power Systems Service, Premium Support, Kubernetes Engine Benchmark

Often playing third fiddle to Amazon Web Services (AWS) and Microsoft Azure, the Google Cloud Platform (GCP) has been busy lately trying to catch up, announcing a new IBM Power Systems service, an enterprise Premium Support plan and a Kubernetes Engine Benchmark. Here's a look at recent developments.

IBM Power Systems as a Service
These server computers, featuring Big Blue's POWER processors, are offered as a serivce for customers using AIX, IBM i, or Linux on IBM Power.

"For organizations using a hybrid cloud strategy, especially, IBM Power Systems are an important tool," Google said. "Because of their performance and ability to support mission critical workloads—such as SAP applications and Oracle databases—enterprise customers have been consistently looking for options to run IBM Power Systems in the cloud. IBM Power Systems for Google Cloud offers a path to do just that, providing the best of both the cloud and on-premise worlds. You can run enterprise workloads like SAP and Oracle on the IBM Power servers that you've come to trust, while starting to take advantage of all the technical capabilities and favorable economics that Google Cloud offers."

Other benefits are said to include: integrated billing; private API access; integrated customer support; and rapid deployment.

Google Cloud Premium Support
Google said this new Premium Support plan builds upon its current technical account manager (TAM) service and 15-minute service-level objectives (SLOs) for a more proactive approach and improved experience.

"Premium Support helps bring consistency between the support plans for Google Cloud Platform and G Suite; a more competitive set of features and services; simplified pricing compared to the previous Google Cloud support offerings; intelligent systems (like third-party technology support, Support API and Recommenders); enterprise-class services; and as mentioned, customer context-aware interactions to help optimize the customer experience in Google Cloud," Google said."

CIS Google Kubernetes Engine Benchmark
Google released its own CIS Kubernetes Engine (GKE) Benchmark in conjunction with the CIS Kubernetes Benchmark v1.5.0 from Center for Internet Security (CIS) because all of the latter's recommendations aren't applicable to users running managed distributions, including GKE. Google said CIS Kubernetes Benchmark targets open-source Kubernetes distributions, so even though it tries to be unviversal, it doesn't fully apply to GKE, a hosted distribution.

"To help, we've released in conjunction with CIS, a new CIS Google Kubernetes Engine (GKE) Benchmark, available under the CIS Kubernetes Benchmark, which takes the guesswork out of figuring out which CIS Benchmark recommendations you need to implement, and which ones Google Cloud handles as part of the GKE shared responsibility model," Google said.

Referring to the the CIS Kubernetes Benchmark v1.5.0, Google said it includes additional recommendations for:

  • Secret management. New recommendations include Minimize access to secrets (5.1.2), Prefer using secrets as files over secrets as environment variables (5.4.1), and Consider external secret storage (5.4.2).
  • Audit logging. In addition to an existing recommendation on how to ensure audit logging is configured properly with the control plane's audit log flags, there are new recommendations to Ensure that a minimal audit policy is created (3.2.1), and Ensure that the audit policy covers key security concerns (3.2.2).
  • Preventing unnecessary access, by locking down permissions in Kubernetes following the principle of least privilege. Specifically, you should Minimize wildcard use in Roles and ClusterRoles (5.1.3).

The cloud giant said the CIS Kubernetes Benchmark should be viewed as a list of recommendations rather than as a must-do checklist.

About the Author

David Ramel is an editor and writer for Converge360.


Subscribe on YouTube