New Cloud Shell Editor: Get your first cloud-native app running in minutes

As enterprises move their applications and services to the cloud, developers frequently find themselves evaluating and experimenting with new technologies to identify the best solution to solve their day-to-day problems. This evaluation process could include tasks such as: identifying which platform to host or migrate an application to, or learning how to use an API to implement a new feature.However, we know from talking with you that you frequently spend more time than expected in this initial evaluation phase, doing things such as:Getting your development environment set upFinding the the right libraries and dependencies Switching back and forth between documentation, your Integrated Development Environment (IDE), terminal, and the Google Cloud Console In addition, making these kinds of configuration changes to your daily development environment could impact your core work—something you probably want to avoid.  Cloud Shell provides you with command-line access to your cloud resources directly from your browser. And today we’re excited to introduce a new version of our Cloud Shell Editor, immediately available in preview on ide.cloud.google.com and powered by the Eclipse Theia IDE platform. This new version extends Cloud Shell with an online development environment that includes:Cloud-native development via Cloud Code plugin supportRich language support for Go, Java, .Net, Python and NodeJS Additional features such as integrated source control and support for multiple projectsUnder the covers the Cloud Shell Editor development VM comes pre-configured with all the tools you need to get going with cloud-native development on Google Cloud, including:Local emulators for Kubernetes and serverless, andCommand line tools for working with cloud-native appsCloud Shell Editor is a fully functional development tool that requires no local setup, and is available directly from the browser. Let’s take a deeper look at how Cloud Shell Editor integrates with the rest of the Google Cloud developer ecosystem.Samples with interactive tutorialsWe’ve extended our online interactive tutorial platform to include the Cloud Shell Editor features, making initial experiences with a new platform a breeze. You can try it out now with our quickstarts:Google Kubernetes EngineCreate and deploy a containerized web app with Cloud Shell EditorCloud RunCreate and deploy a Cloud Run serverless service with Cloud Shell EditorCloud Code integration for cloud-native developmentCloud Code is a set of IDE plug-ins originally available for IntelliJ and VS Code that helps developers stay productive when developing cloud-native applications, and we’ve now extended it to support the Cloud Shell Editor. Cloud Code offers capabilities such as: an integrated Kubernetes and Cloud Run development and debugging environment; container tools such as minikube, Skaffold, Buildpacks and Jib integrated under the hood to provide local emulators and continuous feedback for faster local development; and an integrated API explorer to make it easy to incorporate Google APIs into your application.Rich language supportIn addition, to support day-to-day development tasks, Cloud Shell Editor now includes advanced language support for Go, Java, .Net, Python and Node.js out of the box, providing powerful editing features such as syntax highlighting, code suggestions, linting, code navigation, refactoring, testing and intuitive debugging support.Version control and support for multiple projectsLast but not least, to simplify team collaboration and work across multiple projects, we’re introducing integrated source control via Git and support for IDE workspaces, leveraging existing Theia development features. For example, you can perform typical source control tasks directly from Cloud Shell Editor such as exploring code samples, cloning a repository or pushing your changes back to a repository. You can also easily create or switch between projects via workspaces, which defines IDE and debugging environment configuration directly in the source.Get started todayWith Cloud Shell Editor, we want to make it easy for you to explore new cloud technologies, prototype applications or do short-term development tasks directly from your browser. We invite you to try the Cloud Shell Editor via our GKE and Cloud Run quickstart, or access it directly from ide.cloud.google.com.
Quelle: Google Cloud Platform

Boo! Fight off your scariest cloud monsters with Active Assist

Look, when you’re running your applications in the cloud there’s a lot you have to keep top of mind: performance, security, agility, cost, and more. One thing you shouldn’t have to worry about? Monsters. That’s right, monsters. And yet, many of you do have monsters running amok in your cloud—just not the kind you see in scary movies. With Halloween just around the corner, let’s talk about how these monsters can show up in your cloud and how you can fight them off! Compute zombies… brains, brains, BRAINS! If TV and movies have taught us one thing, it’s that zombies crave brains. Gross, we know. And in the cloud it’s actually still true, in that your compute resources are your “brains in the cloud,” and the zombies are coming for them! The most common manifestation of these ‘compute zombies’ are virtual machine instances that are either over-provisioned or sitting idle. They come to life (sort of) when well-intentioned developers set up a new project with cloud resources but forget to decommission them before moving on to their next project. As a result, these compute zombies hide in your cloud and eat up your budget without you even knowing about it. Thankfully for all of us, there is an easy way to thwart the compute zombie horde. With VM Rightsizing and Idle VM Recommendations, provided by Active Assist, you get instant insight into what VMs you can resize or turn off. With just a few clicks you could be on your way to saving hundreds or even thousands of dollars per month. Sometimes zombies evolve, too, so in case your compute zombies mutate into storage zombies or IP zombies, Active Assist also has recommendations for idle persistent disks (PDs) and will soon have recommendations for idle IP addresses. Complete zombie protection!Hungry vampires… sucking away at your company’s lifeblood! What’s one of the most top-of mind-topics for CIOs and CTOs today? Security. Making sure that your customer data, internal data, and intellectual property are safe and secure is a huge priority. And yet it seems every month or so there’s a new report of a huge company being hacked or breached. Unfortunately for these companies, a vampire found their way in and started to drain them of their most valuable digital assets! As we (once again) know from TV and movies, the most effective way to ward off vampires is sunlight. And, believe it or not, this metaphor applies to the cloud, too: you need to proactively “shine a light” on any potential security holes. You can do this with IAM Recommendations, also part of Active Assist, which uses ML and modeling to give you explicit guidance on over-provisioned user and service accounts. With just a few clicks you can take action on these recommendations and proactively plug the holes that vampires might have otherwise used in the cover of darkness!Budget werewolves… shape shifting your money into zeros!What’s the most terrifying thing about a werewolf? You could be standing next to one right now and not even know it… unless a full moon appears! Believe it or not, there are potential werewolves frolicking around your cloud, too, ready to consume your cloud budget. You see, Google Cloud offers substantive committed use discounts (CUDs) but you need to set them up first and operate your cloud accordingly. If you don’t do that, then your normal looking cloud resources might transform overnight into a budget thirsty werewolf, consuming your hard earned budget faster and less efficiently than if you maximized your committed use discount options! But have no fear, friends, we have an answer to keep the werewolves at bay, too. Within Active Assist, we offer committed use discount recommendations, a way for you to easily maximize all of the discounts available to you without requiring heavy manual analysis or interpretation. The recommendations are simple and clear, and let you make sure you make the best use of your cloud budget!Zombies, vampires, and werewolves — oh my! It’s been a scary blog post to say the least. Despite all the monster metaphors, we hope that this blog actually does the opposite of scare you. Because with Active Assist’s portfolio of intelligence tools and recommendations, it’s super easy to keep all the (figurative) cloud monsters at bay! Give it a try by checking out your Recommendations Hub, available to all Google Cloud users. Or if you’d just like to learn more, visit our Active Assist or Recommender web pages.Related ArticleIntroducing Active Assist: Reduce complexity, maximize your cloud ROIIntroducing Active Assist, a family of tools to help you easily optimize your Google Cloud environment.Read Article
Quelle: Google Cloud Platform

Cybersecurity Awareness Month—New security announcements for Google Cloud

Security is at the heart of any cloud journey. On the one hand, as you adopt cloud services and move workloads to the cloud, you need to make sure you’re conforming to your established security policies. On the other hand, you can take advantage of new capabilities, use new tools, and help improve your security posture. Today’s announcements include new security features, whitepapers that explore our encryption capabilities and use-case demos to help deploy products optimally. These updates will help facilitate safer cloud journeys and give admins increased visibility and control for their organizations.New Google Cloud Security Showcase videosThe Google Cloud Security Showcase is a video resource that’s focused on solving security problems and helping you create a safer cloud deployment. With more than 50 step-by-step videos on specific security challenges or use cases, complete with actionable information to help you solve that specific issue, there’s something for every security professional. We’ve added 2 new use-case based videos this month:How do I get started on Confidential GKE nodes?Built on Confidential VMs, which utilize the AMD Secure Encrypted Virtualization (SEV) feature, Confidential GKE Nodes encrypt the memory of your nodes and the workloads that run on top of them with a dedicated per-Node instance key that is generated and managed by the AMD Secure Processors, which is embedded in the AMD EPYC™ processor.How do I enable safer and more productive meetings on Google Meet?Get a deeper look at the security controls available within Google Meet and how to use them.SMS based MFA in Identity PlatformMulti-factor authentication (MFA) is an essential option for users of online apps and services to help keep account data safe and protect against account takeovers. To better protect your applications and user accounts, Identity Platform, Google Cloud’s customer identity and access management platform, is making MFA via SMS generally available.Refer to the quickstart guide for more information. If your project has multiple tenants, you will need to enable MFA individually for each tenant. Select the tenant that you want to enable MFA for using the drop down menu on the left navigation panel, and follow the same process as documented in the guide. Encryption whitepapers for Google Cloud and Google WorkspaceCentral to our comprehensive security strategy is encryption in transit and at rest, which ensure that data can be accessed only by authorized roles and services with audited access to the encryption keys. Our updated encryption-at-rest whitepaper describes Google Cloud’s approach to encryption at rest, and how we use it to keep your information more secure.Alongside the encryption-at-rest whitepaper, we have rolled out a new Google Workspace encryption deep-dive whitepaper that details how Google Workspace helps keep your data safe with encryption. In this paper, you’ll find information around our encryption methodology and key management processes.We also recently released a new Cloud Key Management Service Deep Dive whitepaper to help you make informed decisions about cloud key management. Discussing Google Cloud’s Key Management Service (Cloud KMS) platform and generally available key management capabilities, this paper can help you understand the options you have to protect your keys and other sensitive information you store in Google Cloud. With these announcements, we’re adding to our constantly growing security portfolio that aims to help you prioritize security in your move to the cloud. To learn more about Google Cloud’s security vision and understand how to implement cutting-edge security technology in your organization, tune into the latest installment of our Google Cloud Security Talks on November 18th.Related ArticleA better, safer normal: Helping you modernize security in the cloud or in placeWe’re sharing more on unique and powerful capabilities Google Cloud has to simplify security operations in your organization.Read Article
Quelle: Google Cloud Platform

BHI: Embracing Google Workspace and AppSheet to transform the workplace

In the last two decades, BHI, once a small construction company in Vernal, Utah, has expanded its operations to dozens of industries in over 25 states. But while the company grew, its technology trailed behind. File sharing and emails both ran off a single server. Editing a document was a grueling undertaking that required an employee to VPN in, patiently download the file, edit it, then upload it again—all from a job site with limited internet connection. Acknowledging the need for better technology, BHI adopted Google Workspace and AppSheet and transformed its business to be more innovative, productive, and profitable.Rebuilding collaboration and productivityBHI first looked to replace its archaic email and file-sharing systems. They found that Google Workspace—as a proven and popular collaboration solution for remote teams and a familiar, preferred platform that most employees use in their personal lives—was the clear choice. BHI migrated its 500 employees to Google Workspace in less than a week. Productivity immediately soared, since employees could collaborate more easily with Google Workspace’s products and access them from any device, from anywhere—even at the construction sites.For instance, the contract writing process drastically improved with Google Workspace. Version control had always been a struggle—as employees circulated a draft contract from one computer to the next, versions became unruly and randomized, untracked changes popped up, and files went missing. With Google Workspace, the pre-construction, legal, and finance teams can all edit and track changes of a contract from wherever they work. Version control has become a thing of the past, as everyone is always working on the latest version.By adopting Google Workspace, BHI decentralized its operations and began collaborating in real time across over 150 job sites. Management and IT gained new insights into challenges that they may never have uncovered nor confronted without a cloud-based productivity tool. The IT team also saw an opportunity to overhaul the methods of their deskless workforce, which accounts for 90% of the company. This deskless majority needed to connect directly to the data that influenced, impacted, and comprised their work. They also required more streamlined processes. AppSheet provided the answer to the workforce’s needs, enabling IT to create applications that simplified key tasks so mobile workers could get their jobs done faster and better.For example, one BHI client required extensive inspections multiple times a day. Before using AppSheet, a BHI inspector would perform the inspection, return to a computer, record the results from paper to a spreadsheet, copy and paste them into a formatted report in a Google Docs, convert the Doc to a PDF, and email the final inspection report to the customer. This manual process took two hours to complete. Now, using AppSheet, the inspector inputs the results on their mobile device while performing the inspection. As soon as the device connects to the internet, it automatically updates the database with the inspector’s inputs, adds the inspection results to a preformatted report built in Google Docs, and emails the final report as a PDF to the customer. With AppSheet, BHI shortened this inspection process from two hours to six minutes, saving over $50,000 a month in labor.With Google Workspace and AppSheet, BHI has turned into a digital company with real-time data allowing for real-time decisions, collaboration, and transparency in a decentralized environment. Johnny Hacking, Director of ITAn easier software choice for faster resultsBHI also found that building apps with AppSheet is much easier than using other solutions, such as developing with low- or full-code tools or purchasing third-party products. Because AppSheet is a true no-code platform, anyone can learn to build and maintain apps. Since adopting AppSheet, the BHI IT team has become so proficient with the platform that they have eliminated the company’s previous backlog of software needs. Now, when a new site opens up, IT proactively works with the site managers to understand its unique requirements in order to build a custom app. Start to finish, scoping and building this site-specific app typically takes less than a week—compared to months with traditional development platforms. IT team members aren’t the only BHI employees building apps. As Johnny Hacking, BHI’s Director of IT explains, “We have people that aren’t in IT, and when they have an idea we say hey, log into AppSheet, build it out, and then we’ll help out with some final touches on it.” Empowering employees outside of IT to build AppSheet apps has benefited teams across the company. For example, one team on a solar farm construction project needed to perform inspections of an array of specialized technical equipment with which IT was not familiar. In this case, the solar team, being the subject matter experts, simply built the app according to their specifications. All IT had to do was jump in at the end to help finalize the app—the final product was completely customized to the solar team’s very specific needs. This highlights the benefits of no-code development: on-the-ground experts build and prototype job-specific apps and IT puts the finishing touches on the functionality, all while keeping guardrails in place.Using Google Workspace and AppSheet also simplifies BHI’s reliance on third-party software. “Our company divisions are so diverse that they each require different software,” says Hacking. “Plus, if we buy a third-party software, we still have to customize it by getting other software, because they don’t play well together. By replacing this software with AppSheet apps, we save a lot of money. And it’s easy to integrate those apps because on the back end, they’re all connected to Google Sheets.” For the few third-party software products that BHI hasn’t been able to replace, they’ve used Apps Scripts to import the software’s data into Google Sheets, so that their data all lives on one platform. Overall, BHI has been able to free up 10% of its total IT spend by replacing third-party software with Google Workspace and AppSheet apps.Company culture transformed by technology“Because we’ve used Google Workspace and AppSheet and it’s been so successful, people are very willing to use them,” Hacking says. “And for a construction company to gain so much trust in these platforms in such a short period of time—that’s huge. Now we’re at the point where employees are asking, ‘What else can we do?’”Adopting Google Workspace and AppSheet has not only made BHI more productive, but also transformed the company culture. Employees feel empowered to be more innovative and are constantly seeking ways to improve. Simplifying employees’ work has led to a direct boost in morale. The role of IT has also transformed. As Hacking explains, “In just three years of using these technologies, IT has gone from being support overhead to being proactively brought to the table to take part in the business strategy.” Increased IT visibility and culpability has helped solve business problems and led to increased profitability. BHI continues to find new ways to leverage Google Workspace and AppSheet to improve business. In response to COVID, they created a timesheet app that allows employees to clock in without touching a device. Most meetings are now held virtually using Google Meet. Fleet maintenance and repairs are all managed with apps. And, of course, the company has better data and insights than ever. As Hacking puts it, “We’re continuing to stay on the cusp of innovation because of Google Workspace and AppSheet.”Learn more about Google Workspace and AppSheet.Related ArticleIntroducing Google WorkspaceGoogle Workspace includes the productivity apps you know and love—Gmail, Drive, Docs, Meet, and many more—in one location, so you can cre…Read Article
Quelle: Google Cloud Platform

Setting Up Cloud Deployments Using Docker, Azure and Github Actions

A few weeks ago I shared a blog about how to use GitHub Actions with Docker, prior to that Guillaume has also shared his blog post on using Docker and ACI. I thought I would bring these two together to look at a single flow to go from your code in GitHub all the way through to deploying on ACI using our new Docker to ACI experience!

To start, let’s remember where we were with our last Github action. Last time we got to a point where our builds to master would be re-built and pushed to Docker Hub (and we used some caching to speed these up).  

name: CI to Docker Hub

on:
push:
tags:
– “v*.*.*”

jobs:

build:
runs-on: ubuntu-latest
steps:

name: Checkout
uses: actions/checkout@v2

name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v1

name: Cache Docker layers
uses: actions/cache@v2
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-

uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}

name: Build and push
id: docker_build
uses: docker/build-push-action@v2
with:
context: ./
file: ./Dockerfile
builder: ${{ steps.buildx.outputs.name }}
push: true
tags: bengotch/simplewhale:latest
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache

name: Image digest
run: echo ${{ steps.docker_build.outputs.digest }}

Now we want to find out how we could take our image we have built and get that deployed onto ACI. 

The first thing I will need to do is head over to my Github repository and add in a few more secrets which will be used to store my credentials for Azure. If you already have an Azure account and can grab your credentials that is great. If not, you will need to create your Azure credentials that we are going to use, but we cover that as well. 

I will need to add in my tenant ID as the secret AZURE_TENANT_ID, I will then need to go and create an App in Azure to get a client and a secret. The easiest way to do this is to use the Azure console with the command 

az ad sp create-for-rbac –name http://myappname –role contributor –sdk-auth

This will output your AZURE_CLIENT_ID and an AZURE_CLIENT_SECRET.

Lastly I will need to add my subscription ID, I can find this here and will add it as AZURE_SUBSCRIPTION_ID.

If this is the first time you have used Azure you will also need to create a resource group, this is the Azure way to group a set of resources for a single solution. You can set up new resource groups by going here and adding one, for example I created a new one called simplewhale in uk-south.  

Now we can start to build out our action, we will want to put in a condition for when we want this workflow to trigger. I would like to be quite continuous so will deploy the image each time I have pushed it to Docker Hub:

on:
workflow_run:
workflows: [”CI to Docker Hub”]
branches: [main]
types:
– completed

With this in place, I will now setup on an Ubuntu box for my action:

jobs:
run-aci:
runs-on: ubuntu-latest
steps:
– name: Checkout code
uses: actions/checkout@v2

Next I will need to install the Docker Compose CLI onto the actions instance I am running on:

– name: Install Docker Compose CLI
run: >
curl -L https://raw.githubusercontent.com/docker/compose-cli/main/scripts/install/install_linux.sh | sh

With this installed, I can then log into Azure using the Compose CLI and making use of our secrets we entered earlier:

– name: “login azure”
run: “docker login azure –client-id $AZURE_CLIENT_ID –client-secret $AZURE_CLIENT_SECRET –tenant-id $AZURE_TENANT_ID”
env:
AZURE_TENANT_ID: ‘${{ secrets.AZURE_TENANT_ID }}’
AZURE_CLIENT_ID: ‘${{ secrets.AZURE_CLIENT_ID }}’
AZURE_CLIENT_SECRET: ‘${{ secrets.AZURE_CLIENT_SECRET }}’

Having logged in, I need to create an ACI context to use for my deployments:

– name: “Create an aci context”
run: ‘docker context create aci –subscription-id $AZURE_SUBSCRIPTION_ID –resource-group simplewhale –location uksouth acicontext’
env:
AZURE_SUBSCRIPTION_ID: ‘${{ secrets.AZURE_SUBSCRIPTION_ID }}’

Then I will want to deploy my container using my ACI context. I have added a curl it to make sure it exists:

– name: “Run my App”
run: ‘docker –context acicontext run -d –name simplewhale –domainname simplewhale -p 80:80 bengotch/simplewhale ‘

– name: “Test deployed server”
run: ‘curl http://simplewhale.uksouth.azurecontainer.io/’

And then we can just double check to be sure:

Great! Once again my Whale app has been successfully deployed! Now I have a CI that stores things in the Github Registry for minor changes, that ships my full numbered versions to Docker Hub and then re-deploys these to ACI for me!

To run through a deeper example using Compose as well, why not check out Karol’s example of using the ACI experience with his Compose application which also includes how to use mounts and connect to another registry.You can get started using the ACI experience locally using Docker Desktop today. Remember, you will also need to have your images in a repo to use them in ACI, which can easily be done with Docker Hub.
The post Setting Up Cloud Deployments Using Docker, Azure and Github Actions appeared first on Docker Blog.
Quelle: https://blog.docker.com/feed/

AWS Auto Scaling ist jetzt in den AWS-Regionen Europa (Mailand) und Afrika (Kapstadt) verfügbar

AWS Auto Scaling mit Skalierungsplänen und vorausschauender Skalierung (für Amazon EC2) ist nun in den AWS-Regionen Europa (Mailand) und Afrika (Kapstadt) verfügbar. AWS Auto Scaling überwacht Ihre Anwendungen und passt die Kapazität automatisch an, um eine stabile, vorhersagbare Leistung zu den geringstmöglichen Kosten zu erreichen. Mit einer einfachen, leistungsstarken Benutzeroberfläche können Sie in Minutenschnelle Skalierungspläne für alle Ressourcen erstellen, einschließlich Amazon EC2-Instances und Spot-Flotten, Amazon ECS-Aufgaben, Amazon DynamoDB-Tabellen und -Indizes sowie Amazon Aurora-Replikate.
Quelle: aws.amazon.com

AWS Shield bietet jetzt allen AWS-Kunden globale und kontobezogene Ereigniszusammenfassungen

AWS Shield bietet jetzt allen AWS-Kunden globale und kontobezogene Ereigniszusammenfassungen. Diese Zusammenfassungen geben Ihnen einen Überblick über alle von AWS Shield erkannten Ereignisse, wie z. B. Distributed Denial of Service (DDoS)-Angriffe und andere volumetrische Anomalien, für jedes Ihrer Konten und für alle auf AWS erkannten und behandelten Ereignisse. 
Quelle: aws.amazon.com

Neuer digitaler Kurs: Fortgeschrittene Testpraktiken mit AWS DevOps Tools

Dieser neue digitale Kurs, Fortgeschrittene Testpraktiken mit AWS DevOps Tools, lehrt Sie, wie Sie die Zuverlässigkeit und Sicherheit von Anwendungen durch die Integration und Automatisierung von Tests in Ihre AWS DevOps Pipelines verbessern können. Dieser Kurs für Fortgeschrittene richtet sich an DevOps-Ingenieure und -Entwickler, die über beträchtliche Erfahrung mit der DevOps-Methodik und -Praxis verfügen.
Quelle: aws.amazon.com

Amazon SageMaker Studio Notebooks unterstützen jetzt benutzerdefinierte Images

Amazon SageMaker Studio ist die erste integrierte Entwicklungsumgebung (Integrated Development Environment, IDE) für Machine Learning (ML). Mit einem einzigen Mausklick können Daten-Wissenschaftler und Entwickler SageMaker Studio Notebooks schnell in Betrieb nehmen, um Datasets zu untersuchen und Modelle zu erstellen. Ab heute können Sie SageMaker Studio Notebooks mit Ihren eigenen Images starten.
Quelle: aws.amazon.com

Amazon Textract gibt Verbesserungen bekannt, um die durchschnittlichen API-Verarbeitungszeiten um bis zu 20 % zu reduzieren

Amazon Textract ist ein Machine Learning Service, der es Ihnen ermöglicht, Text und Daten automatisch zu extrahieren, auch aus Tabellen und Formularen in gescannten Dokumenten und Bildern. Als verwalteter Service liefert Textract im Laufe der Zeit kontinuierliche Verbesserungen. Wir freuen uns, heute bekannt geben zu können, dass wir Verbesserungen an den zugrunde liegenden Machine Learning-Modellen vorgenommen haben, die zu einer Verringerung der durchschnittlichen Latenzzeit beim Aufruf sowohl der synchronen als auch der asynchronen APIs um 20 % geführt haben. Diese Verbesserungen gelten für die DetectDocumentText-API und AnalyzeDocument-APIs. 
Quelle: aws.amazon.com