Announcing Google Cloud 2022 Summits [frequently updated]

Register for our 2022 Google Cloud Summit series, and be among the first to learn about new solutions across data, machine learning, collaboration, security, sustainability, and more. You’ll hear from experts, explore customer perspectives, engage with interactive demos, and gain valuable insights to help you accelerate your business transformation. Bookmark the Google Cloud Summit series website to easily find updates as news develops. Can’t join us for a live broadcast? You can still register to enjoy all summit content, which becomes available for on-demand viewing immediately following each event. Upcoming eventsData Cloud Summit | April 6, 2022Mark your calendars for the Google Data Cloud Summit, April 6, 2022. Join us to explore the latest innovations in AI, machine learning, analytics, databases, and more. Learn how organizations are using a simple, unified, open approach with Google Cloud to make smarter decisions and solve their most complex business challenges.At the event, you will gain insights that can help move you and your organization forward. From our opening keynote to customer spotlights to sessions, you’ll have the chance to uncover up-to-the-minute insights on how to make the most of your data.Equip yourself with the technology, the confidence, and the experience to capitalize on the next wave of data solutions. Register today for the 2022 Google Data Cloud Summit.Related ArticleRead Article
Quelle: Google Cloud Platform

Cloud Spanner myths busted

Intro to Cloud SpannerCloud Spanner is an enterprise-grade, globally distributed, externally consistent database that offers unlimited scalability and industry-leading 99.999% availability. It requires no maintenance windows and offers a familiar PostgreSQL interface. It combines the benefits of relational databases with the unmatched scalability and availability of non-relational databases. As organizations modernize and simplify their tech stack, Spanner provides a unique opportunity to transform the way they think about and use databases as part of building new applications and customer experiences.But choosing a database for your workload can be challenging; there are so many options in the market and each one has a different onboarding and operating experience. At Google Cloud we know it’s hard to navigate this choice and are here to help you. In this blog post, I want to bust the seven most common misconceptions that I regularly hear about Spanner so that you can confidently make your decision.Myth #1 Only use Spanner if you have a massive workloadThe truth is that Spanner powers Google’s most popular, globally available products, like YouTube, Drive, and Gmail, and has enabled many large scale transformations including that of Uber, Niantic and Sharechat. It is also true that Spanner processes more than 1 Billion queries per second at peak.At the same time, many customers also use Spanner for their smaller workloads (both in terms of transactions per second and storage size) for availability and scalability reasons. For example, Google Password Manager has small workloads that run on Spanner. These customers cannot tolerate downtime, require high availability to power their applications and seek scale insurance for future growth scenarios.Limitless scalability with the highest availability is critical in many industry verticals such as gaming and retail, especially when a newly launched game goes viral and becomes an overnight success or when a retailer has to handle a sudden surge in traffic due to a  Black Friday/Cyber Monday sale.  Regardless of workload size, every customer on the journey to the cloud wants the benefits of scalability and availability while reducing the operational burden and the costs associated with patching, upgrades and other maintenance.Myth #2 Spanner is too expensiveThe truth is, when looking at the cost of a database, it is better to consider Total Cost of Ownership (TCO) and the value it offers rather than the raw list price. We deliver significant value to our customers starting at this price including critical things like availability, price performance, and reduced operational costs. Availability: Spanner provides high availability and reliability by synchronously replicating data. When it comes to Disaster Recovery, Spanner offers 0-RPO and 0-RTO for zonal failures in case of a regional instance and regional failure in case of multi-regional instances. Less downtime, more revenue!Price-performance: Spanner offers one of the industry’s leading price-performance ratios which makes it a great choice if you are running a demanding, performance sensitive application. Great customer experiences require consistent, optimal latencies!Reduced operational cost: With Spanner, customers enjoy zero downtime upgrades and schema changes, and no maintenance windows. Sharding is automatically handled so the challenges associated with scaling up traditional databases don’t exist. Spend more time innovating, and less time administering!Security & Compliance: By default, Spanner already offers encryption for data-in-transit via its client libraries and for data-at-rest using Google-managed encryption keys. CMEK support for Spanner lets you now have complete control of the encryption keys. Spanner also provides VPC Service Controls support and has compliance certifications and necessary approvals so that it can be used for workloads requiring ISO 27001, 27017, 27018, PCI DSS, SOC1|2|3, HIPAA and FedRAMP.With Spanner, you have peace of mind knowing that your data’s security, availability and reliability won’t be compromised.And best of all, with the introduction of Granular Instance Sizing, you can now get started for as little as $65/month and unlock the tremendous value spanner offers.Pro tip : Use the auto-scaler to right size your Spanner instances. Take advantage of TTL to reduce the amount of data stored.Myth #3 You have to make a trade off between scale, consistency, and latencyThe truth is, depending on the use case and instance configuration, users can use Spanner such that they don’t have to pick between consistency, latency and scale.To provide strong data consistency, Spanner uses a synchronous, Paxos-based replication scheme, in which replicas acknowledge every write request. A write is committed when a majority of the replicas (e.g 2 out of 3), called a quorum, agree to commit the write. In the case of regional instances, the replicas are within the region and hence the writes are faster than in the case of multi-region instances, where the replicas are distributed across multiple regions. In the latter case, forming a quorum on writes can result in slightly higher latency. Nevertheless, Spanner multi-regions are carefully designed in geographical configurations that ensure that the replicas can communicate fast enough and write latencies are acceptably low.A read can be served strong (by default) or stale. A strong read is a read at a current timestamp and is guaranteed to see all the data that has been committed up until the start of the read. A stale read is a read executed at a timestamp in the past. In case of a strong read, the serving replica ​​will guarantee that you will see all data that has been committed up until the start of the read. In some cases, this means that the serving replica has to contact the leader to ensure that it has the latest data. In case of a multi-region instance where the read is served from a non-leader replica, this would mean that read latency can be slightly higher than if it was served from a leader region. Stale reads are performed over data that was committed at a  timestamp in the past and can, therefore, be served at very low latencies by the closest replica that is caught up until that timestamp. If your application is latency sensitive, stale reads may be a good option and we recommend using a stale read value of 15 seconds. Myth #4 Spanner does not have a familiar interfaceThe truth is that Spanner offers the flexibility to interact with the database via a SQL dialect based on ANSI 2011 standard as well as via a REST or gRPC API interface, which are optimized for performance and ease-of-use. In addition to Spanner’s interface, we recently introduced a PostgreSQL interface for Spanner, that leverages the ubiquity of PostgreSQL to meet development teams using an interface that they are familiar with. The PostgreSQL interface provides a rich subset of the open-source PostgreSQL SQL dialect, including common query syntax, functions, and operators. It supports a core collection of open-source PostgreSQL data types, DDL syntax, and information schema views. You get the PostgreSQL familiarity, and relational semantics at Spanner scale. Learn more about our PostgreSQL interface here.Myth #5 The only way to get observability data is via the Spanner Console​​The truth is that Spanner client libraries support OpenCensus Tracing and Metrics, which gives insight into the client internals and aids in debugging production issues. For instance, client-side traces and metrics include sessions and transactions related information. Spanner also supports the OpenTelemetery receiver, which provides an easy way for you to process and visualize metrics from Cloud Spanner System tables, and export these to the Application Monitoring (APM) tool of your choice. This could be either an open source combination of a time-series database like Prometheus coupled with a Grafana dashboard, or it could be a commercial offering like Splunk, Datadog, Dynatrace, NewRelic or AppDynamics. We’ve also published reference Grafana dashboards, so that you can debug the most common user journeys such as “Why is my tail latency high” or “Why do I see a CPU spike when my workload did not change”. Here is a sample docker service, to show how the Cloud Spanner receiver can work with Prometheus exporter and Grafana dashboards.We are continuing to embrace open standards, and continuing to integrate with our partner ecosystem. We also continue to evolve the observability experience offered by the Google console so that our customers get the best experience wherever they are. Myth #6 Spanner is only for global workloads requiring copies in multiple regions The truth is that, while Spanner offers a range of multi-region instance configurations, it also offers regional configuration in each GCP region. Each regional node is replicated in 3 zones within the region, while a multi-regional node is replicated at least 5 times across multiple regions. A regional configuration offers 4 nines of availability and protection against zonal failures.Typically, multi-regional instance configurations are indicated if your application runs workloads in multiple geographical locations or your business needs 99.999% of availability and protection against regional failures. Learn more here.Myth #7 Spanner schema changes require expensive locksThe truth is that Spanner never has table level locks. Spanner uses a multi-version concurrency control architecture to manage concurrent versions of schema and  data allowing ad-hoc and online qualified schema changes that do not require any downtime, additional tools, migration pipelines or complex rollback/backup plans. When issuing a schema update you can continue writing and reading from the database without interruption while Spanner backfills the update, whether you have 10 rows or 10 billon rows in your table.The same mechanism can be used for Point-in-time recovery (PITR) and snapshot queries using stale reads to restore both schema and the state of data at a given query-condition and timestamp up to a maximum of seven days.Now that we’ve learned the truth about Cloud Spanner, I invite you to get started – visit our website.Related ArticleImproved troubleshooting with Cloud Spanner introspection capabilitiesCloud-native database Spanner has new introspection capabilities to monitor database performance and optimize application efficiency.Read Article
Quelle: Google Cloud Platform

Strengthen protection for your GCE VMs with new FIDO security key support

With the release of OpenSSH 8.2 almost two years ago, native support for FIDO authentication became an option in SSH. This meant that you could have your SSH private key protected in a purpose-built security key, rather than storing the key locally on a disk where it may be more susceptible to compromise. Building on this capability, today we are excited to announce in public preview that physical security keys can be used to authenticate to Google Compute Engine (GCE) virtual machine (VM) instances that use our OS Login service for SSH management. These advances in OpenSSH made it easier to protect access to sensitive VMs by setting up FIDO authentication to these hosts and physically protecting the keys used to grant access. And while we’ve seen adoption of this technology, we also know that management of these keys can be challenging, particularly around the manual process of generating and storing FIDO keys. Additionally, physical security key lifecycle issues could leave you without access to your SSH host. And if you lose or misplace your security key, you could be locked out.At Google Cloud we’ve been working hard on integrating our industry-first account level support for FIDO security keys with SSH in a way that makes it simple to get all the benefits of using FIDO security keys for SSH login, without any of the drawbacks.Now, when you enable security key support through OS Login for your GCE VMs, and one of your security keys will be required to complete the login process, any of the security keys configured on your Google account will be accepted during login. If you ever lose a security key, you can easily update your security key configuration (i.e. delete the lost key and add a new one) and your VMs will automatically start accepting the new configuration on next login.If desired, OS Login’s FIDO security key support can further be combined with 2 Step Verification to add an extra layer of security with two-factor authentication (2FA). When this is enabled, a user is required to both have their security key available, and prove authorized access to their Google Account at the time of logging in to their GCE instance through additional factors.If you’d like to learn more or try this capability out on your own instances, visit our documentation to get started.Related ArticleRead Article
Quelle: Google Cloud Platform

AWS SSO erweitert Unterstützung für Kunden-Compliance mit PCI-DSS und IRAP

Amazon Web Services (AWS) gab heute bekannt, dass AWS Single Sign-On (AWS SSO) seine Ausrichtung auf die Compliance-Anforderungen der Kunden in Bezug auf Sicherheit und Datenschutz verbessert hat. AWS SSO hat die Einhaltung des Payment Card Industry – Data Security Standard (PCI DSS) erreicht und ist das Information Security Registered Assessors Program (IRAP), das auf der GESWCHÜTZTEN Ebene bewertet wird. Diese sind zusätzlich zur bestehenden AWS-SSO-Unterstützung für die Einhaltung der Anforderungen der International Organization for Standardization (ISO), der System and Organization Controls (SOC) 1, 2 und 3, der Esquema Nacional de Seguridad (ENS) High, der Financial Market Supervisory Authority (FINMA) International Standard on Assurance Engagements (ISAE) 3000 Type 2 Report-Anforderungen und der Multi-Tier Cloud Security (MTCS). Dadurch haben Kunden mehr Möglichkeiten, die Zugriffsverwaltung für mehrere Konten und die Anwendungsauthentifizierung für Umgebungen, die Compliance-Standards unterliegen, zu vereinfachen.
Quelle: aws.amazon.com

AWS WAF führt AWS WAF Fraud Control – Account Takeover Prevention ein, um Ihre Anmeldeseite vor Credential-Stuffing-Angriffen zu schützen

AWS WAF kündigt die Einführung von AWS WAF Fraud Control – Account Takeover Prevention an, um die Anmeldeseite Ihrer Anwendung vor Credential-Stuffing-Angriffen, Brute-Force-Versuchen und anderen anomalen Anmeldeaktivitäten zu schützen. Account Takeover Prevention ermöglicht es Ihnen, Kontoübernahmeversuche am Netzwerkrand proaktiv zu stoppen. Mit Account Takeover Prevention können Sie unbefugten Zugriff verhindern, der zu betrügerischen Aktivitäten führen kann, oder Sie können betroffene Benutzer informieren, damit sie vorbeugende Maßnahmen ergreifen können.
Quelle: aws.amazon.com