Managing large fleets of Compute Engine VM fleets

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
RAVI CHINTALAPUDI: Big hello and welcome, everyone to the Session CMP 103. This session is about how do you manage large fleets of Google Cloud compute engine VMs. And I'm Ravi Chintalapudi, a product manager in Google Cloud. And today, I'll walk you through a few solutions what we are building to address all of our customer challenges, what we have heard from you all, when managing large fleets of compute engine VMs. I'll start with the very high level all of the different problems, what we have heard from you all-- an aggregated way, summarized way there. And then we'll talk about what are the solutions we are building to go address those challenges. In that, specifically, I'll drill down on patch management, configuration management. I'll also give you a background on why we chose this and how we're going to go progress and make our roadmap. Going with demos-- deep dive into demos and wrapping up with a roadmap. I understand you'll be listening to a lot of sessions in Google [INAUDIBLE] next. So there'll be a lot of data. It's very hard to remember everything. But there is one key takeaway. If there's one thing I want you to remember from this session, that is this. GCP now provides automated patch management service, configuration management service across Windows and Linux, across your Linux distros, across your hybrid environments. Obviously, we prioritize GCP first, but things to come up in the near future. With that, I'll get started. So as I said, I'll start with what are the top challenges, what we have heard from you all, when managing your large VM fleet. Then we'll talking about how are we addressing that. In the interest of time, I'll talk about only a few of them. The first one I'll start with-- as more and more customers starts migrating their applications, building their applications in GCP, they're often dealing with thousands of applications, 10 thousands of VMs, petabytes of storage. So managing this large infrastructure at scale easily and effectively has become a big burden for our customers. Second thing is most of our customers are used to some management tools when managing their on-prem tools, their on-prem infrastructure. So as they make the journey to the cloud, they expect the cloud providers, like GCP, to provide some native management tools because either those existing tools are not compatible with the one that's running in the cloud, or they might be working with only specific cloud. Third big problem what we have seen is mostly from a security standpoint. Think of a scenarios where we had Wannacry, Meltdown, Spectre. When in any of these vulnerabilities hit, the biggest thing on an IT admin's mind is, is my environment compliant? How bad is that? How can I bring it back to the compliant state? Are all my VMs in a desired configuration? Which of them drifted, why it drifted, how it drifted. It's a lot. So managing security at a scale is another big problem. Well, these are just some of the problems talking of what we have heard from a lot of our customers. In the interest of time, I picked up the top thing what we heard. So what did really do after hearing all these problems? So we started with building a suite of VM management tools. In that, we prioritized patch and config, keeping security and compliance as the top view-- top priority for us. So over the next 15 minutes, 20 minutes, I'll walk you through each of the solutions, and how we build it, and how can you use, how can you observe it, and with the demos. I'll start with patch management. Patching servers is not something new. Many of our customers tell you, oh, no, we've been patching servers for years and years. But still it is one of the top IT management problems. So we're really curious to know why it was such a big pain. So we started talking to about 100+ customers across the globe, across the industries. Average size was ranging from 500 to 20,000, showing that we have covered SMBs and even the enterprise thing there. And here's a quick summary. First thing is, a patch Tuesday comes. We know it happens on the second Tuesday of every month. The biggest thing on IT admin's mind, especially the patch admin mind is what's the state of my compliance, how compliant I am, how bad. I am. And this thing I want is a report across my environment, across my feet, whether I'm running Windows or Linux or different Linux distros, I want one report unified across my environment, so I can see the state. Second big thing what we have heard is reliability of patches what does this really mean? As I was talking to many of the customers, one thing is super clear. Most of them are patching in a phased rollout. So they always start with their dev environment first. That goes fine. They go to staging, then pro-prod to prod. They do this because they're worried that a particular patch or a package might create some incompatibilities, might break their existing applications. So they're trying to hope to find any of the issues throughout this phased rollout, so that they'll find something, and they can fix it before applying to the next environment. Third big category what we have seen in general orchestrated patching-- what does this really mean? Most of our admins said they spend nights and weekends only when they're doing patching applications, primarily when patching applications. Their reason for that is they have to do a bunch of things before. They have to do a bunch of things later. For example, before patching, they have to make sure everything's working fine. The health checks are there. The agents are running. Users are hydrated. Load balance are taken care of. There's enough space. Right after patching is done, they want to make sure their applications are running. They will do the health checks, services check. And that's way they make sure that they always do it in the maintenance windows, like on a Friday night, Saturday night, and they spend a lot of time to making sure that everything is up and running. And there is sequencing. They want to go automate these processes. When something goes fine, automatically roll out the next environment. When the dev environment goes fine, go to stage. So automatically rollout. Something goes wrong, stop. The other big thing is application-aware patching. So as I said, application is a key thing for any company. And when they're patching an application, they really want to understand the application architecture. So think if you're patching an end tier application. You always want to go do a back-end first or your databases first then back-end. So you do a right order and everything. So understanding the application infrastructure, having a knowledge of that is super important. The last thing is, as I talked earlier, patching's not something new. Our customers have been patching for years. So there are a lot of existing tools. So anything we build has to make sure that it at least integrates or provides some value on top of an existing patch management tools. So after listening to all these problems and reprioritizing we came up with a solution, where our vision is we want to go help our customers patch any OS anywhere. Any OS could be Windows or Linux. They could be running in GCP on GCP. But our priority is right now running in GCP. We launched GA in April this year. So that's the General Available. You all can go use it. However, the scope is at GCP. Both will do Windows and Linux. What's a big value prop? As a customer, why should I use this? Just two main value props you think about this. One is, like, I get a compliance reporting across my environments-- across Windows and Linux and GCP-- telling you what's bad, how bad it is that. Second thing is automated patch deployment. Ability to go fix that problematic [INAUDIBLE] and bring it back to the compliance. And I'm going to go detailed into each of this stuff there. So let's start double-clicking on what is patch compliance. So as I said, when patch Tuesday comes or any new packages get released from the repo-managers, one of the key thing for patch admin is give me a compliance report across Windows and Linux. So with our thing, you got a dashboard. As you can see on the screen, you can get a view of which part of my environment is green, which part of my environment is red, which part of it is bad, along with additional data. 'Cause when I just show you a patch, compliance is not enough. I want to know what's causing me to read that red. What type of patches I am missing, how many patches I'm missing, how long I've been missing because there's an action item for each of this. if I'm running a company. and I see everything red, that's a show stopper to me. I'm going to stop and go fix that. If everything is-- most of them are green, but somewhat yellow, probably time for me to take a weekend off, and come back and fix it on the next business day. So that's one big aspect of getting the compliance of your environment with the detailed metadata. Second big thing I want to call out is we tried our best to leverage native tools, native configuration rather than agreeing to using a lot of neutrals. Yes, we do have our own agent which actually does the job. But we actually go talk to the native Windows agent, called Windows Update Agent or MU when we are patching. For Linux, we talk to the native repositories like YUM, apt-get, the repo-managers, and everything. And we leverage to whatever configuration you have, whether you're talking to Microsoft update, whether you're talking to [INAUDIBLE],, or whether you're talking to repositories, the key thing is we're leveraging most of the native tools and config where we can. The last thing is on the supported operating systems. For Windows, we support 2012 and above. And Linux we do Red Hat and [INAUDIBLE] 6, 7, 8 versions, Ubuntu 16, 18, and Debian. In our documentation, there's a clear supported operating systems link. That will be constantly upgraded when we add new operating systems. So that's the first part. As an admin, I get the state of my environment, getting which one is good, which one is bad. But the next important thing for them is how do I bring in back to the green state. That's my desired state. How do I bring it back, everything to green? How do I automate this process so that I don't have to worry about everything? And that's where the patch deployment comes after you're knowing the compliant state. When you're patching machines or your environment, the four important questions come to any patch admin. First thing is-- what VMs should I patch? Should I patch at my application level? Should I patch at my project level, GCP project or a zone level, or a particular region level? So we provide you all the flexible targeting options. You could choose to patch all web servers because that's how you labeled it. Or you could patch all my dev environment. So you have all the flexible filters you can choose the way you want, which I'll be demoing in a few minutes when I go there. Second big important question an admin will as is what type of patch is installed? So first one is what VMs. That's great. Second-- what type of patches I want to install. Should I install critical, security, are others? Because, as I said, every company have different SLS. That's what we've heard. Windows is 30 days saved, for example. The next could be 60 days, 90 days. So every company differs. But on average, every company have different SLS to go patch. So it depends on the type of patches you want to go select. You need to have an option to select type of patches. That's the patch configuration I'm talking about. A couple of key things to hit here-- patch exclusion. And many times when you have a particular patch, it might break some of your line-of-business applications, or there could be some incompatibility issues. So you might want to exclude certain patches because you know that's going to break something. So there's a patch exclusion capability where you can specify a KB article or a wildcard in Linux like [INAUDIBLE] kernel if you really wanted to install kernel patches. There's a patch exclusion. Similarly, there is patch inclusion. Think of a scenario where you've got a security patch, and you want that to roll out to your environment immediately. And you just put that patch. Include only this patch and roll out all my environment. So that's the patch inclusion capabilities. So the first question was, what VMs to patch. Second thing was what patches to apply. Third big question comes to customers as, like, when should I patch? Patching is not a one-time thing. I'll be doing regularly. I could be doing, like, first day of the month, last day of the month, the last Friday of the months. So we provide all those flexible options. You can do now. You can one time. You can do regularly. And you can choose different dates, times, weeks of the days, and everything. I'll go a lot more details when I demo that. The last part of scheduling is the maintenance window enforcement. Almost 90% of our customers told me that they'll patch only during a maintenance window as we see people do it typically on the Friday nights, Saturday nights, or on the weekends. So they have a maintenance window set, and they want to doing the patch deployment only during that time. So in our product, you can specify a window saying that, hey, start at 9:00 in the night on a Friday, but run for only for three hours. So we'll ensure that we run only that three hours, including the reboot. And we finish out what we are running. And we get out off to process, so that you're app's up and up and running and coming. After the key questions-- what VMs, what patches, went should I patch-- the last important thing is controls, what additional controls I would need. I talked about a lot of batch orchestration. That's one of the top concerns what we have heard from our customers. One of the big thing is ability to run pre-steps-- something before patch. It could be health checks or disk space. And something to run after the patch. So in our UI, you will be able to select certain prescripts. This could be a script which you upload to a Google cloud storage GCS pocket. And it'll pull up from there and will run it. And it can also condition it. If the script fails, the patch in deployment will stop. So you do not need having to worry about, like, hey, have a messed up something there? The last part of the control was one of the major feedback what we have heard from beta when we released early this year was reboot control, especially when you're patching applications. Even though we do a controlled reboot, as a patch admin, I want to control my reboot because it's my application running. So we don't reboot if the user chooses this selection. It's a configuration option. We will not reboot. We will hand over the control to the user. So after the patching is done, they can come and control the reboot per their needs. So that's about the two value props I talked about. One is this patch-compliant state, giving you the state of environment, how-it-is-right-now snapshot. And the second thing is the ability to go fix that and automate this, so future you don't have to do it. Those are the two big value props of patch management. Enough of me talking. I really want to show you how the product looks in the UI. So in this patch-management demo, I'm going to walk you through three things. The first thing is how do you onboard, navigate an onboard patch management service. Second thing is, how do you get the patch compliance. And third thing is how do you or do a patch deployment, basically go fixing those problematic machines and bringing it back to this compliance. And you can automate this process. OK, how do I navigate? So if I go to my Google Console, go here, go to Compute Engine. And on the bottom, you can see OS Patch Management. And this is the screen what you will see, 'cause you have not enabled the services. And you can see what APIs we need, what permissions. we need. And if you click on Learn More, it talks about whole details about what is the service, how you can enable it, how it works, what's architecture, what does its agent do, what permissions-- all the details. Once you enable the service and activate the agent, the OS config agent is part of the most of the GC base image packages, except, I think, Ubuntu and Suzy, which we are working to add right now. But those things, you have to do it separately. And we have a clear instructions how to go install an agent, especially after if you are using an older VMs, you have to follow the instructions of how to go get this OS configuration onto the VMs. So now we enable the services. In the interest of time, I've already enabled it. I'll go to a project where I've already enabled the service. So once you enable and activate, we'll go scan all your VMs, collect the data from all the sources, aggregate it, and generate these reports. Let me walk you through each of this stuff. The first tile talks about all the VMs I have in my operating systems. Looks like I've got a thing 18 in this environment who have different operating systems. Looks like my Ubuntu is good. It's not missing any red. So I don't have a showstopper. I can move on. Looks like CentOS is bad. I've got all the different categories I'm missing. I'm missing critical, important, other, and a few are up to date. Similarly with Windows. And Red Hat is also bad. And if you want to know more what are this type categories, what does each one mean, if you click on this particular link, it'll take your documentation. Let me just navigate there. So if you go to our documentation page, it talks about the whole charts what you see there and explaining what each one means and how do we compute that. . All right, going back to the dashboard. If I'm an admin and looking at this, I really want to know why is this bad. Let me know which VMs are having problems and what sort of things we already have this here. OK, so you can also click on the VM instance page as well here. So you see the same thing. And here's where you'll see the different VMs, what you have. Part of that is-- let me pick up the [INAUDIBLE] CentOS VM it's having, and you can see all the metadata here-- like what zone it is, what OS distribution it's running, what OS version. And saying that it's missing critical updates. When you click on that, that's where it shows that, oh, I'm missing a lot of updates in this. Three of them are critical. The other things are security and other important, something for me to take an action. So in upcoming releases, we are adding a lot of metadata. I have to show you a lot more data, like CB score, what repo manager I can connect to, where do I get this patch-- it's a lot more information. In Windows we are adding that key billings, the MSR facilities. We'll get a lot more metadata in our upcoming releases. So that completes the first part, where we have seen-- actually, two parts. First we have shown about onboarding. We have seen how to get the patch compliance in an environment state of your environment. The third thing is as an admin, I want to go fix this problematic machines. I want to go create a deployment so that it installs the patches and brings these VMs back to the compliant state. So now I'm going to click on Patch Deployment. So as I talked earlier in the slide, there are four questions which really matter for patch admins when you're doing a deployment. First is what VMs to patch. And we give a lot of flexibility to choose different filtering mechanisms, whether we can patch by a project, a zone-- I'm talking about a GCP project zone, region. Or you an use labels, tags, name prefixes. In this case, I'm using same labels called A-- environment have all my definitions I want to go patch. Or I can choose to patch all VMs. OK, we've finished the first question of what VMs to patch. Second important question is what patches I want to install because every customer will have different SLS for different patches. I've seen most of the customers have critical and security have to be done within 30 days. If it is non-critical, they have a little bit more time-- 45 days. there. So we give you all the flexibility, so you can choose what sort of patches you want. Like, for example, critical security, that's the only thing I care about. Patch exclusion-- so this one I was talking about earlier. If you know that a particular patch-- or KB in this thing-- it's going to break your line-of-business application or some incompatibility with a known thing, you can put that KB article, you can put multiple KB articles, comma separated. We will exclude that when you are installing the remaining patches there. In Linux, we can do, like, kernel updates, or you can do wildcards. You can use any of those stuff there. But other than critical patch inclusion, you just want to install selective updates. Microsoft released a security patch, or they've got a separate package from the next one that I want to install that particular security package on my fleet right now or as soon as possible. So you can include that particular KB article, or the Linux, or whatever the wildcard you are using to do that. Similarly, we do that same thing for both Windows and Linux whether it's running YUM, Red Hat, CentOS, or APT, you can choose your own configuration and do that. So that finishes the second question what we had-- number of VMs, what type of VMs, what patches. Third question comes to patch admins as when should I patch? Patching is not something I do once. It's a recurring thing. So I need to give me all the flexibilities to do it now, do it later. So for example, if I choose End of the month to [INAUDIBLE] or I want to be in a particular recurring schedule, like, I want to do it on a specific day. I want to do it on a fourth Friday of the month, or I can do second Saturday of the month, second Tuesday of the month, aligning patch Tuesday. So whatever means you have, we provided flexible recurring scheduling options. So you can choose whatever is right for you. In my case, I'm going to choose scheduled for later and doing end of the month. The other key thing to talk about is duration. Almost every customer confirmed that they're going to install the patches only during the maintenance window. Typically happens on a Friday night or on a weekend there. So they want to make sure that the app is down at that time. No user is connected to that. So here, you can specify a maintenance window, like a duration-- how long you want to install the patches. If you on install the patches, say, for 120 minutes, that's only time we'll be installing the patches, including the reboot. We'll take care of that. However, we'll finish whatever the step is there. We'll not start any new step there. The last thing which every patch admin will care about is rebooting. By default, the system will decide if the reboot is necessary based on the metadata, what I'm getting from the package or packages. But some admins, like, I want to control my reboot, especially in patching. My application, I want to make sure that this is actually working. I want to be in front of it. And I want to run some presteps and poststeps. So we gave you that options to choose never, so that you can control it. For now, I'll leave it as a default system. Next, comes the pre and post scripts. This is what I was talking about. A lot of admins want to run some things before to make sure everything's working fine. They want to run a lot of things after to make sure everything is working fine there. How do you do that? So you create your script, upload your GCS packet-- Google Cloud Storage packet. In our documentation, we explain how do you get that script into the packet. Now I can go click on that. It opens up a GCS packet. And I can go select. Hey, I want to go do this, my Linux prescript. And normally, you want to do some postscript. You want to go select this, and you want to go build this. Then you create your deployment. So let me show you what happens if you create a deployment. For the interest of time, I've already created a few things. That's where we go to Schedule Deployments. So once you create a deployment, you can actually see it here. Right now, we have an option only to delete, recreate it if you want to make any changes. But in the near future, we'll be adding capabilities where you can edit. You want to add more machines. You want add in the configuration. You want to change the date. You will be able to do all the changes. Again, I created it. When the time triggers, the patch deployment runs, and it'll give you a detailed patch status. So let me show you an example there. So I've run some patch jobs last week, earlier this week. And it actually shows all completed. But there are some others. So let me pick up a deployment which had a lot of VMs, and it failed. So let me take this one which has got 16 VMs, and it failed. First, it talks about a number of incidents it has-- over 11 status. And something errors occurred. As an admin here, please take an action here. Look into that. How long was the duration wanted to run? It will give you all the details. If anything was left in between. It was 100% done. And what classifications you have selected gives all the details. Now this is the result state. If you look at in this state, some are successful in that 16. Some failed because there's no agent detected. Somewhere there was configuration that was not running, or something happened. Somewhat inactive, which means that the machine could be offline, or something happened. It's not running. So there could be other state in there. Or the action failed because of incorrect function for the batch. But here is a clear logs. If you click on any of the logs, you can clearly see all the details about this failure, why it failed, what time it failed-- typical logs you get that stuff. And this is where you can go to our stack driver logs to get a lot more details. OK, so that completes the three parts I was talking about from patch-- how do you navigate an onboard patch management, how to get the compliant state of your environment, and finally, how to deploy patches to install those patches so that you bring that machines back into the compliance and set an automated recurring deployment, so every time, it takes care of that. Now let's talk about the next service-- so on the configuration management. There's another service what we prioritize based on our customers need and also keeping compliance in mind. So let's start with what are the top problems what we have heard with our customers when we spoke to them. The first thing is, when you go create your VM environment, you want that to be in a certain desired state. Like, I want security agents. I want monitoring agents to collect all the logs. I want open certain firewalls, certain posts, certain accounts, or you want to have certain software. So that's the first part. You define your desired configuration. The second big thing is how do I do deploys this to entire environment at scale? How do I deploy this at scale? Third big thing is maintaining it. It's not about deploying it one time. That's all good. But how do I ensure that this is maintaining? I don't want any drifts. Whenever there is a drift, as a user, it I want to be notified. And, obviously, I want to auto-fix it later stage once I get a context. But at the minimum, I want to be notified if there is a drift. What drifted Who caused drift? What happened? Why it was drift. How long it's been drifted. So you need to know all those details, what we call a complianced reporting, from a configuration standpoint. The other big thing they'll ask in a unified way, whether I'm bootstrapping or installing a Google first-party software or a third-party software, I need a unified way. The other big thing what we have heard from our customers how do we integrate with existing CICD tools? For example, most of our customers use different third-party CICD tools, like whether it's Jenkins, Packard, Spinnaker-- any that they have their own tools there. They use our tools to go create the packages. And key thing is they want to take that package and deploying to that environment at scale and maintain it. So these are some of the problems. To solve some of the problems, we started creating configuration management, where our value prop is going to be three things-- define, deploy, and maintain. So what does it mean? We'll help you to define your configuration file. Second step is we'll help you to deploy at scale, your entire environment. The same sort of filters what I taught earlier in patch management, where you can do it at a project level, at a region level, at a zone level, or a different instance level what I talked about-- basically giving a lot of flexible options, so that you can choose how you want to deploy that. Going to give you a nice compliance dashboard across Windows and Linux. They'll be similar to what we have done with the patch. And with a lot of additional data, as a user you know which machines are in the compliance, which machines went out of the compliance, what caused it to go out of the compliance, when it actually drifted. So you get a lot more details on that. So let me walk you through how the product works. From a user standpoint, when you have to go start configuration management, there are two things you think about. One is I'm creating my desired config. There's a thing called that as simple YAML file, where you define your desired config installs a particular monitoring agent, installs security agent, open this firewall. So you define all that stuff. We call that as a guest policy in our terms because you're applying a policy to the guest VM. Second big step is take the policy and apply what we call assignment to the bunch of VMs. So let me double-click on each of the stuff. Guest policy-- when I'm defining my policy or the configuration, you might want to say what packages you want to install. All this is part of the guest policy. For example, in this example, took an example of it. I want to install a Stack driver, and I want that to be always installed. My desired state is always to be installed, as you can see in the screen. So in the same guest policy, now you define where do I get this package binaries from. I want to install Stack driver. That's great. But go pull it out from this, the order or what I've given here-- packages.cloud.com. Third part of policy would be if a particular software needs any configuration. For example, in this case, it's an MSI. I want to do it in a certain way. And if you have other configuration, like, I want to do like silent install. So whatever configuration you have, you can put it there. So think of, like, guest policy. Open up a notepad, or open up any of the editors, create file, put what package you want to install, where do you want to get binaries from, put any configuration. And the next step is, boom, take that and apply to a bunch of VMs. Now let me walk you through how that happens in Pantheon console. This is Google Cloud console. So in this configuration management demo, just like patch management, I'll talk about three things. One is how do you onboard out of the configuration management, how to use the service, and next is how do you get this-- creating a policy, applying the policy. I'll show you some of the key cloud commands, then assignment. The first thing is onboarding. So if you have onboarded the patch management service, what I've showed earlier, that will enable all our OS config APIs. So you're all taken care of. And you'll have everything done. You'll also have the G-cloud commands. You can start using it. When we launched the config management beta and the first half of the year, it's API only. So we are building the UI, the user experience there. So the API is already enabled. But in a scenario where if you want to use only config management-- so go to the same compute engine, or you can go to API services. And just type OS config API. And you'll see a screen just like this, where there will be an Enable button. In this case, I've already enabled, so I'm showing Disable button there. So once you enable it, it's the same API which powers both patch management, configuration management, other services, [INAUDIBLE].. But links to think of this as a common API layer where you can access that. That's the first part of creating the configuration part. Second step as I talked about last lecture, first thing is about how do I create my guest policy, which is my desired configuration there. So just start with any editor, whatever you have, and start drafting your AML file-- what package do you want to install, what configuration do you want, where do you get the repo manager there. Or you can take any from other examples. So if you go to our configuration recourse link-- and I've added all of these things in the later parts of the slide, so you can actually look at that stuff. But if you go to Google Compute Engine and take configuration management, setting up config, you can see all those examples here. In this we have provided a lot of examples, like, how to install a stack driver agent, how to install other things there. So there's a lot of examples you can see-- what state do you want, how do you do an assignment, where you want to keep it-- it's lot of examples. Then it talks about how to create a guest policy. So there is a simple G-Cloud command, what we use to go create a policy, so that it brings into the system. So for my demo, in the interest of time, I've already created the policies and everything and got to the system. So first thing I'll start with a simple view of show me all the policies I have in my environment. So let me increase the size a little bit, so you can actually see better. So G-Cloud-- that's a beta because that OS Configuration Manager is beta. Then you'd have covered OS config and guest policies list. Hit that. I think I've done two policies. I should see both the policies. One is a stack driver policy and the Windows policy. Second thing, is I want to know what exactly is in that stack driver policy. So I want to say, again, G-Cloud beat OS config guest policy. I want to say describe. And all the examples, the G-Cloud examples and everything are in our documentation, so you can find out all the samples, which G-cloud to run when. Click on it. It will actually show the sample. In this case, I'm installing a stack driver agent. If we go up, it talks about where am I pulling the packages from. It'll talk about some labels here, as we can see, so which means that any VM just got a label called color is it called red-- that's where we'll apply this VM. So next time we create a new VM, put a label. This configuration will be automatically applied. And you can put some policy assignments there. In the interest of time, I took the policy and applied to a few VMs. Let me see how many VMs I got applied to. So you want to see, like, guest policies. You want to see describe. And again, I also want to know what's been installed and everything there. So let me show that one as well very quickly. Another command for this is G-Cloud command. And this is actually saying G-Cloud compute instance OS inventory list instances. So instance which as got described as agent. So you can actually see that stuff. All instances is what I have in that stuff. there. So I've got two machines which have got this particular stack driver agent installed. So that completes configuration management demo where we talked about how do you onboard the service, how do you create the compliance, your desired configuration guest policy, how do you apply that on your things, and, again, how can you verify that stuff there. Cool. Let me go back to the slides. So the key thing is about roadmap. So as I said, we launched GA patch management in April, the first half of the year, same time as we launched configuration management. So the rest of the year, second half of 2020, we will be launching multiple versions of OS patch management, where we'll be doing incremental updates, improvements. Some of the things could be really simplifying their onboarding experience. Applying a lot of customer feedback and getting a lot of feedback from our customers Thank you so much for that. Really appreciate your feedback. And also adding a lot of compliance data, so making the whole experience very smooth. And the documentation, when we launch it, will provide clear details about what's coming in each of the launches. You'll have way more details on what's coming in each of the stuff there. As far as configuration management, we launched the beta in the first half of it. And that's API only, as I talked earlier. Now we'll be building UI on top of her-- the user experience, a lot more other capabilities, which we are targeting configuration management preview by close to the end of the year. OK, that brings up another important topic-- pricing-- this being one of the topmost concerns questions. I have been asked from my customers there. So briefly a few key things here-- this pricing, what we're talking about is for both patch and configuration management-- so both the services. There's no cost from now until end of the year. So you don't have to pay there anything until the end of the year. Starting Jan 2021, we'll be charging per node, which like per VM per month-- of course, pro-rated and hourly rate. Key thing is-- there's no cost for the first 100 VMs. After the additional ones, that have 101 VM. If the OS config agent is running, and conversely sending the data, and doing something, that's where you will be charged. We'll charge the rate of $0.03 per hour. So if you keep this just for a math, if you keep this running OS agent continuously 24 by 7, 30 days, you pay $2 per node per month for both config and YUM. I put a link here that gives you complete details in our documentation about what does OS config agent running mean, what sort of things I can do, I cannot do, how I'm getting charged-- a lot more details on that. OK, moving on-- so in this slide, having cleared a lot of resources. So if you're getting started with how to do patch management, what's our architecture, and how does this thing works, and I put a links for detail-- how to create a bad job, how do you manage a bad job. Same thing with configuration management policies-- how do you manage these policies there? Along with SDK links, API links. It's the same thing what I showed you earlier, just that we have a full link to the full page, where you can see all the details about the supported operating systems, how to get started and everything, including some of our blog links. I'd like to make one announcement. You must have already heard about Active Assist, which is a new solution to reduce the cloud complexity by providing some proactive and intelligent features. And it doesn't matter what you're running-- compute, storage, security, billing, cost. So there are features in every area which helps you with how to reduce the cloud complexities. In the below links, you'll have a more details than this. I'm happy to say patch and configuration management are also part of Active Assist. OK, moving on-- key takeaway. So I know I've covered a lot of content, like, demos and everything, and it's hard to remember everything. But if there is one thing, the key takeaway, that you take out of the session, this is this-- GCP now provides an automated patch and configuration management tools across your fleet, across your Windows and Linux, across your Linus distros. With that, we'll wrap up. Thank you so much for everyone for your time today and going through the session. And, especially, thanks to all the customers who have given a lot of product feedback and make us help better the product than where it is right now. I continue to request that. Please go play with the product. Give us more and more feedback to make it better. Thank you.
Info
Channel: Google Cloud Tech
Views: 2,398
Rating: undefined out of 5
Keywords: type: Conference Talk (Full production);, pr_pr: Google Cloud Next, purpose: Educate
Id: LeaA66WUaaM
Channel Id: undefined
Length: 37min 30sec (2250 seconds)
Published: Tue Sep 15 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.