New AlloyDB for PostgreSQL and Assured Open Source Software service

Hello Cloud Gurus! You can tell that this month's Google Cloud Platform announcements are a pretty big deal because Google's two new cloud regions coming online aren't even the biggest stories! That honor is shared by Google's new AlloyDB product that competes with Amazon's "Aurora" database, and their new service to dramatically improve the security of your products by — well, let's not spoil the surprise! Read to the end to find out — or just scroll down if you're feeling impatient. 

Your keys to a better career

Get started with ACG today to transform your career with courses and real hands-on labs in AWS, Microsoft Azure, Google Cloud, and beyond.

Our first big story this month is Google's shiny new AlloyDB product for PostgreSQL. This offering seems to fit in between Cloud SQL and Cloud Spanner. And, although they refuse to use clear terms in their marketing posts about it, Google obviously intends this to compete directly with Amazon's Aurora database and lure people away from Oracle. 

Their article begins by saying, "Enterprises are struggling to free themselves from legacy database systems and need an alternative option to modernize their applications." And in the second paragraph, they claim that "in our performance tests…AlloyDB was also two times faster for transactional workloads than Amazon's comparable service." 

The first thing I need to make clear about AlloyDB is that it is currently in Preview. So it's not really fair to draw concrete conclusions about it. But I think there is still value in trying to answer some of the most likely questions about how it works and how it might fit into people's architectures once it's ready for prime time.

For the question of how it works, we can turn to Google's articles about it. The announcement post doesn't go into too much detail about this, but Google has helpfully written another article that explains how AlloyDB is built to have a PostgreSQL processing layer that uses a new database-aware storage layer that is, in turn, using Google's Distributed File System. What this extra layer means is much better separation between processing and storage. For what it's worth, this seems a lot like how Amazon has structured Aurora. 

However, a second under-the-hood article describes how AlloyDB uses a columnar engine that reminds me more of BigQuery, Amazon Redshift, or, notably, Oracle offerings. And this is likely why Google can claim that "in our performance tests, it's more than 4x faster on transactional workloads and up to 100x faster on analytical queries than standard PostgreSQL." 

Now, this is definitely all very interesting, especially the bit about analytical queries being a hundred times faster! And Google also says they will offer a 99.99% availability Service Level Agreement when they go Generally Available. That includes maintenance because "AlloyDB automatically detects and recovers from most database failures within seconds, independent of database size and load". 

I do need to temper things a bit, though, because this is an early offering. And I don't just mean because it's still in Preview. I also mean that for it to compete directly with Amazon's Aurora, it seems to have a lot of catching up to do in some other areas. For example, I haven't found anything yet where AlloyDB could replace Aurora's Global Database. That still seems like an area better-handled by Cloud Spanner. Also, because AlloyDB seems to require you to provision and manually-scale instances to handle capacity, its minimum monthly cost looks like it will be astronomically higher than Aurora Serverless v2, which can theoretically scale down to almost nothing — just the storage. 

But I wouldn't write AlloyDB off yet! It certainly seems like it will have a place in some architectures when it is released. And I am sure the Googlers are already busy working on making it even better.

Our other main story is Google's announcement of their upcoming Assured Open Source Software service, also known as Assured OSS. Now, this name might first strike some of you as pretentious mumbo jumbo, but I want to tell you why I think this is a Really Big Deal™.

Let me start by explaining the problem. Currently, in software development, we all use publicly-available packages, modules, libraries, frameworks, etc. to build our applications. Trying to build everything without the support of open-source projects would put us at such a competitive disadvantage that that's only ever done for the most restrictive and bureaucratic projects. All the rest of us move forward and get our work done. But, by incorporating code that we haven't written and don't control into our apps, we are giving those who do control that code the power to affect us. 

And we certainly are affected. Remember how the creator of Leftpad pretty much broke the internet for a while in 2016? If you're not familiar with the story, read the article. But of course, that is just one example. 

Now there are some things we can do to mitigate this issue — like pinning version numbers in our build files so that we only include versions of packages that we've reviewed as safe. Although, unfortunately, that wouldn't even address an issue like unpublishing Leftpad. Instead, we need to make our own copies of these packages and manage them ourselves. But then those packages use other packages, too, so we need to include those dependencies. And so on, and so on, almost forever! I'm not exaggerating when I say that a simple "Hello World" application might easily pull in hundreds of thousands of other people's lines of code. And a change to any one of those lines might turn our app into malware. So we arguably need to review any, and all, changes. 

This is clearly a nightmare. The whole point of using these packages was so we could get our work done, right? Not trade one problem for another. 

And this is the whole point of Google's upcoming Assured Open Source Software service. Google already has teams of people responsible for doing all of the careful reviewing I mentioned because they're a massive company. And sure, you would still not be reviewing all of those things yourself if you use the Assured OSS service, but I'm sure that Google will do a better job of reviewing all that than I would, myself. Besides, I just don't have the time. 

As for the service itself, you can read the article to learn more about how Google scans, analyzes, and fuzz-tests the packages, then builds, signs, and distributes them through Artifact Registry. Google notes that "Assured OSS is expected to enter Preview in Q3 2022." 

Now, onto some of our bite-size stories for the month!

First up, let's talk about those two newly opened regions I mentioned: The first one is in the Madrid region of Spain and is called europe-southwest1. The second one is in Columbus, Ohio, and is called us-east-5. Yes, this is the fifth Google Cloud region in the Eastern USA and that doesn't even include the two further regions in Eastern Canada. This brings Google's new global total to 33 regions, made up of 100 zones. And since we're counting, they also have 146 network edge locations around the world.

Another cool thing Google has done this month is to give BigQuery the ability to call your Cloud Functions as part of its query processing. Now you might wonder why you would choose to use this paid option over the free one of built-in User-Defined Functions (UDFs). Well, one reason is that the built-in ones only support Javascript or SQL, whereas Cloud Functions support a whole bunch of other languages. Another reason is that the Cloud Functions can call out to other services and let you do things like, for example, interact with external tokens—and that could dramatically simplify some compliance requirements you have.

This month, Google's new "Spot VMs" are generally available as the replacement for "Preemptible" VMs. You can still use the old ways of creating Preemptible VMs, but those will now be charged according to the new variable pricing model of Spot VMs. Preemptible VMs used to have a fixed cost, but the prices for Spot VMs move around depending on demand, so check out the blog post to spot how those details might apply to you.

Ok, let's finish off with a few rapid-fire updates so you can decide whether you want to read these articles for more info:

• Cloud Logging has just gotten some new, simpler options for querying, and your custom queries will even update the field pickers in the UI if they're not too complex.
• Cloud TPU VMs are now generally available, so you no longer need to use another Compute Engine instance to access those Tensor Processing Units.
• Google has been named a Leader in the 2022 Gartner® Magic Quadrant™for Cloud AI Developer Services.
• You can now use N2D and C2D instances with Google's "Confidential Computing" offering that keeps your data encrypted even in RAM.

Cloud ROI: How cloud skills generate real returns
We analyzed information from nearly 100 companies to determine the impact of a commitment to cloud maturity. In this guide, see how much value companies get when investing in cloud skills and technology.

Well, that does it for this month! I hope you're getting value from these updates. Don't forget that you can hop onto our Discord to discuss all sorts of things, and get support from the community on your technology learning journey. You can also follow ACG on Twitter and Facebook, and subscribe to A Cloud Guru on YouTube for monthly GCP updates.

Looking to learn more about cloud and GCP? Check out our rotating line-up of free courses, which are updated every month. (There’s no credit card required!)