Google Cloud Platform vs AWS: Is the answer obvious? Maybe not.

Google Cloud Platform vs AWS: Is the answer obvious? Maybe not.

Google Cloud Platform vs AWS: what’s the deal? A while back, we also asked the same question about Azure vs AWS. After the release of the latest earnings reports a few weeks ago from AWS, Azure, and GCP, it’s clear that Microsoft is continuing to see growth, Amazon is maintaining a steady lead, and Google is stepping in. Now that Google Cloud Platform has solidly secured a spot among the “big three” cloud providers, we think it’s time to take a closer look and see how the underdog matches up to the rest of the competition. 

Is Google Cloud catching up to AWS?

As they’ve been known to do, Amazon, Google, and Microsoft all released their recent quarterly earnings around the same time the same day. At first glance, the headlines tell it all:

The obvious conclusion is that AWS continues to dominate in the cloud war. With all major cloud providers reporting earnings around the same time, we have an ideal opportunity to examine the numbers and determine if there’s more to the story. Here’s what the quarterly earning reports tell us:

  • AWS had the slowest growth they have ever since they began separating their cloud reportings – up just 37% from last year.
  • Microsoft Azure reported a revenue growth rate of 59%.
    • Microsoft doesn’t break out specific revenue amounts for Azure, but Microsoft did report that its “Intelligent Cloud” business revenue increased 27% to $10.8 billion, with revenue from server products and cloud services increasing 30%
  • Google’s revenue has cloud sales lumped together with hardware and revenue from the Google Play app store, summing up to a total of $6.43 billion for the last quarter. 
    • To compare, last year during Q3 their revenue was at $4.64 billion.
  • During their second-quarter conference call in July, Google said their cloud is on an $8 billion revenue run rate – meaning cloud sales have doubled in less than 18 months.

 

You can see here that while Google is the smallest out of the “big three” providers, they have shown the most growth – from Q1 2018 to Q1 2019, Google Cloud has seen growth of 83%. While they still have a ways to go before surpassing AWS and Microsoft, they are moving quickly in the right direction as Canalys reported they were the fasted growing cloud-infrastructure vendor in the last year. 

It’s also important to note that Google is just getting started. Also making headlines was an increase in new hires, adding 6,450 in the last quarter, and most of them going to positions in their cloud sector. Google’s headcount now stands at over 114,000 employees in total.

The Obvious: Google is not surpassing AWS

When it comes to Google Cloud Platform vs AWS, we have a clear winner. Amazon continues to have the advantage as the biggest and most successful cloud provider in the market. While AWS is growing at a smaller rate now than both Google Cloud and Azure, Amazon still holds the largest market share of all three. AWS is the clear competitor to beat as they are the first and most successful cloud provider to date, with the widest range of services, and a strong familiarity among developers.

The Less Obvious: Google is actually gaining more ground

While it’s easy to write off Google Cloud Platform, AWS is not untouchable. AWS has already solidified itself in the cloud market, but with the new features and partnerships, Google Cloud is proving to be a force to be reckoned with. 

Where is Google actually gaining ground?

We know that AWS is at the forefront of cloud providers today, but that doesn’t mean Google Cloud is very far behind. AWS is now just one of the three major cloud providers – with two more (IBM and Alibaba) gaining more popularity as well. Google Cloud Platform has more in store for its cloud business in 2020. 

A big step for google was announced earlier this year at Google Cloud’s conference – Google Cloud Next – the CEO of Google Cloud announced that they would be coming out with a retail platform to directly compete with Amazon, called Google Cloud for Retail. What ‘s different about their product? For starters, they are partnering with companies such as Kohl’s, Target, Bed Bath & Beyond, Shopify, etc. – these retailers are known for being direct competition with Amazon. In addition to that, this will be the first time that Google Cloud has had an AI product that is designed to address a business process for a specific vertical. Google doesn’t appear to be stopping at just retail – Thomas Kurian said they are planning to build capabilities to assist companies in specialized industries, ex: healthcare, manufacturing, media, and more. 

Google’s stock continues to rise. With nearly 6,450 new hires added to the headcount, a vast majority of them being cloud-related jobs, it’s clear that Google is serious about expanding its role in the cloud market. In April of this year, Google reported that 103,459 now work there. Google CFO Ruth Porat said, “Cloud has continued to be the primary driver of headcount.” 

Google Cloud’s new CEO, Thomas Kurian, understands that Google is lagging behind the other two cloud giants, and plans to close that gap in the next two years by growing sales headcount. 

Deals have been made with major retailer Kohl’s department store, and payments processor giant, PayPal. Google CEO Sundar Pichai lists the cloud platform as one of the top three priorities for the company, confirming that they will continue expanding their cloud sales headcount. 

In the past few months, Pichai added his thoughts on why he believes the Google Cloud Platform is on a set path for strong growth. He credits their success to customer confidence in Google’s impressive technology and a leader in machine learning, naming the company’s open-source software TensorFlow as a prime example. Another key component to growth is strategic partnerships, such as the deal with Cisco that is driving co-innovation in the cloud with both products benefiting from each other’s features, as well as teaming up with VMware and Pivotal. 

Driving Google’s growth is also the fact that the cloud market itself is growing so rapidly. The move to the cloud has prompted large enterprises to use multiple cloud providers in building their applications. Companies such as Home Depot Inc. and Target Corp. rely on different cloud vendors to manage their multi-cloud environments. 

Home Depot, in particular, uses both Azure and Google Cloud Platform, and a spokesman for the home improvement retailer explains why that was intentional: “Our philosophy here is to be cloud-agnostic, as much as we can.” this philosophy goes to show that as long as there is more than one major cloud provider in the mix, enterprises will continue trying, comparing, and adopting more than one cloud at a time – making way for Google Cloud to gain more ground.

Multi-cloud environments have become increasingly popular due because companies enjoy the advantage of the cloud’s global reach, scalability, and flexibility. Google Cloud has been the most avid supporter of multi-cloud out of the three major providers. Earlier this year at Google Cloud Next, they announced the launch of Anthos, a new managed service offering for hybrid and multi-cloud environments to give enterprises operational consistency. They do this by running quickly on any existing hardware, leverage open APIs and give developers the freedom to modernize. There’s also Google Cloud Composer, which is a fully managed workflow orchestration service built on Apache Airflow that allows users to monitor, schedule and manage workflows across hybrid and multi-cloud environments.

Google Cloud Platform vs. AWS – Why Does It Matter?

Google Cloud Platform vs AWS is only one of the battles to consider in the ongoing cloud war. The truth is, market performance is only one factor in choosing the best cloud provider. As we always say, the specific needs of your business are what will ultimately drive your decision. 

What we do know: the public cloud market is not just growing – it’s booming. Referring back to our Azure vs AWS comparison – the basic questions still remain the same when it comes to choosing the best cloud provider: 

  • Are the public cloud offerings to new customers easily comprehensible?
  • What is the pricing structure and how much do the products cost?
  • Are there adequate customer support and growth options?
  • Are there useful management tools?
  • Will our DevOps processes translate to these offerings?
  • Can the PaaS offerings speed time-to-value and simplify things sufficiently, to drive stickiness?

Right now AWS is certainly in the lead among major cloud providers, but for how long? We will continue to track and compare cloud providers as earnings are reported, offers are increased, and price options grow and change. To be continued in 2020…

AWS IAM Roles and Ways to Use them to Improve Security

AWS IAM Roles and Ways to Use them to Improve Security

What are AWS IAM Roles?

Within AWS Identity and Access Management system (IAM) there are a number of different identity mechanisms that can be configured to secure your AWS environment, such as Users, Groups, and AWS IAM Roles. Users are clearly the humans in the picture, and Groups are collections of Users, but Roles can be a bit more obscure. Roles are defined as a set of permissions that grant access to actions and resources in AWS. Unlike Users, which are tied to a specific Identity and a specific AWS account, an IAM Role can be used by or assumed by IAM User accounts or by services within AWS, and can give access to Users from another account altogether.

To better understand Roles, I like the metaphor of a hat.  When we say a Role is assumed by a user – it is like saying someone can assume certain rights or privileges because of what hat they are wearing.  In any company (especially startups), we sometimes say someone “wears a lot of hats” – meaning that person temporarily takes on a number of different Roles, depending on what is needed. Mail delivery person, phone operator, IT support, code developer, appliance repairman…all in the space of a couple hours.

IAM Roles are similar to wearing different hats this in that they temporarily let an IAM User or a service get permissions to do things they would not normally get to do.  These permissions are attached to the Role itself, and are conveyed to anyone or anything that assumes the role.  Like Users, Roles have credentials that can be used to authenticate the Role identity.

Here are a couple ways in which you can use IAM Roles to improve your security:

EC2 Instances

All too often, we see software products that rely on credentials (username/password) for services or accounts that are either hard-coded into an application or written into some file on disk. Frequently the developer had no choice, as the system had to be able to automatically restart and reconnect if the machine rebooted, without anyone to manually type in credentials during the rebootwhen the system rebooted. If the code is examined, or file system is compromised, then the credentials are exposed, potentially compromisingand can potentially used to compromise other systems and services. In addition, such credentials make it really difficult to periodically change the password. Even in AWS we sometimes see developers hard-code API Key IDs and Keys into apps in order to get access to some AWS service. This is a security accident waiting to happen, and can be avoided through the use of IAM Roles.

With AWS, we can assign a single IAM Role to an EC2 instance. This assignment is usually made when the instance is launched, but can also be done at runtime if needed. Applications running on the server retrieve the Role’s security credentials by pulling them out of the instance metadata through a simple web command. These credentials have an additional advantage over potentially long-lived, hard-coded credentials, in that they are changed or rotated frequently, so even if somehow compromised, they can only be used for a brief period.

Another key security advantage of Roles is that they can be limited to just the access/rights privileges needed to get a specific job done. Amazon’s documentation for roles gives the example of an application that only needs to be able to read files out of S3. In this case, one can assign a Role that contains read-only permissions for a specific S3 bucket, and the Role’s configuration can say that the role can only be used by EC2 instances. This is an example of the security principle of “least privilege,”, where the minimum privileges necessary are assigned, limiting the risk of damage if the credential is compromised. In the same sense that you would not give all of your users “Administrator” privileges, you should not create a single “Allow Everything” Role that you assign everywhere. Instead create a different Role specific to the needs of each system or group of systems.

Delegation

Sometimes one company needs to give access to their resources to another company. Before IAM Roles, (and before AWS) the common ways to do that were to share account logins (with the same issues identified earlier with hardcoded credentials) or to use complicated PKI/certificate based systems. If both companies using AWS, sharing access is much easier with Role-based Delegation. There are several ways to configure IAM Roles for delegation, but for now we will just focus on delegation between accounts from two different organizations.

At ParkMyCloud, our customers use Delegation to let us read the state of their EC2, RDS, and scaling group instances, and then start and stop them per the schedules they configure in our management console.

To configure Role Delegation, a customer first creates an account with the service provider, and is given the provider’s AWS Account ID and an External ID. The External ID is a unique number for each customer generated by the service provider.

The administrator of the customer environment creates an IAM Policy with a constrained set of access (principle of “least privilege” again), and then assigns that policy to a new Role (like “ParkMyCloudAccess”), specifically assigned to the provider’s Account ID and External ID.  When done, the resulting IAM Role is given a specific Amazon Resource Name (ARN), which is a unique string that identifies the role.  The customer then enters that role in the service provider’s management console, which is then able to assume the role.  Like the EC2 example, when the ParkMyCloud service needs to start a customer EC2 instance, it calls the AssumeRole API, which verifies our service is properly authenticated, and returns temporary security credentials needed to manage the customer environment.

Conclusions

AWS IAM Roles make some tasks a lot simpler by flexibly assigning roles to instances and other accounts. IAM Roles can help make your environment more secure by:

  • Using the principle of Least Privilege in IAM policies to isolate the systems and services to only those needed to do a specific job.
  • Prevent hard coding of credentials in code or files, minimizing danger from exposure, and removing the risk of long-unchanged passwords.
  • Minimizing common accounts and passwords by allowing controlled cross-account access.

3 Things Companies Using Cloud Computing Should Make Sure Their Employees Do

These days, there’s a huge range of companies using cloud computing, especially public cloud. While your infrastructure size and range of services used may vary, there are a few things every organization should keep in mind. Here are the top 3 we recommend for anyone in your organization who touches your cloud infrastructure.

Keep it Secure

OK, so this one is obvious, but it bears repeating every time. Keep your cloud access secure.

For one, make sure your cloud provider keys don’t end up on GitHub… it’s happened too many times.

(there are a few open source tools out there that can help search your GitHub for this very problem, check out AWSLabs’s git-secrets).

Organizations should also enforce user governance and use Role-Based Access Control (RBAC) to ensure that only the people who need access to specific resources can access them.

Keep Costs in Check

There’s an inherent problem created when you make computing a pay-as-you-go utility, as public cloud has done: it’s easy to waste money.

First of all, the default for computing resources is that they’re “always on” unless you specifically turn them off. That means you’re always paying for it.

Additionally, over-provisioning is prevalent – 55% of all public cloud resources are not correctly sized for their resources. The last is perhaps the most brutal: 15% of spend is on resources which are no longer used. It’s like discovering that you’re still paying for that gym membership you signed up for last year, despite the fact that you haven’t set foot inside. Completely wasted money.

In order to keep costs in check, companies using cloud computing need to ensure they have cost controls in place to eliminate and prevent cloud waste – which, by the way, is the problem we set out to solve when we created ParkMyCloud.

Keep Learning

Third, companies should ensure that their IT and development teams continue their professional development on cloud computing topics, whether by taking training courses or attending local Meetup groups to network with and learn from peers. We have a soft spot in our hearts for our local AWS DC Meetup, which we help organize, but there are great meetups in cities across the world on AWS, Azure, Google Cloud, and more.

Best yet, go to the source itself. Microsoft Azure has a huge events calendar, though AWS re:Invent is probably the biggest. It’s an enormous gathering for learning, training, and announcements of new products and services (and it’s pretty fun, too).

We’re a sponsor of AWS re:Invent 2017 – let us know if you’re going and would like to book time for a conversation or demo of ParkMyCloud while you’re there, or just stop by booth #1402!

AWS Lambda + ParkMyCloud = Supercharged Automation

AWS Lambda + ParkMyCloud = Supercharged Automation

Among the variety of AWS services and functionality, AWS Lambda seems to be taking off with hackers and tinkerers. The idea of “serverless” architecture is quite a shift in the way we think about applications, tools, and services, but it’s a shift that is opening up some new ideas and approaches to problem solving.  

If you haven’t had a chance to check out Lambda, it’s a “function-as-a-service” platform that allows you to run scripts or code on demand, without having to set up servers with the proper packages and environments installed. Your lambda function can trigger from a variety of sources and events, such as HTTP requests, API calls, S3 bucket changes, and more. The function can scale up automatically, so more compute resources will be used if necessary without any human intervention. The code can be written in Node.js, Python, Java, and C#.

Some pretty cool ideas already exist for lambda functions to automate processes.  One example from AWS is to respond to a Github event to trigger an action, such as the next step in a build process.  There’s also a guide on how to use React and Lambda to make an interactive website that has no server.

For those of you who are already using ParkMyCloud to schedule resources, you may be looking to plug in to your CI/CD pipeline to achieve Continuous Cost Control.  I’ve come up with a few ideas of how to use Lambda along with ParkMyCloud to supercharge your AWS cloud savings.  Let’s take a look at a few options:

Make ParkMyCloud API calls from Lambda

With ParkMyCloud’s API available to control your schedules programmatically, you could make calls to ParkMyCloud from Lambda based on events that occur.  The API allows you to do things like list resources and schedules, assign schedules to resources, snooze schedules to temporarily override them, or cancel a snooze or schedule.

For instance, if a user logs in remotely to the VPN, it could trigger a Lambda call to snooze the schedules for that user’s instances.  Alternatively, a Lambda function could change the schedules of your Auto Scaling Group based on average requests to your website.  If you store data in S3 for batch processing, a trigger from an S3 bucket can tell Lambda to notify ParkMyCloud that the batch is ready and the processing servers need to come online.

Send notifications from ParkMyCloud to Lambda

With ParkMyCloud’s notification system, you can send events that occur in the ParkMyCloud system to a webhook or email.  The events can be actions taken by schedules that are applied to resources, user actions that are done in the UI, team and schedule assignments from policies, or errors that occur during parking.

By sending schedule events, you could use a Lambda function to tell your monitoring tool when servers are being shut down from schedules.  This could also be a method for letting your build server know that the build environment has fully started before the rest of your CI/CD tools take over.  You could also send user events to Lambda to feed into a log tool like Splunk or Logstash.  Policy events can be sent to Lambda to trigger an update to your CMDB with information on the team and schedule that’s applied to a new server.

Think outside the box!

Are you already using AWS Lambda to kick off functions and run scripts in your environment?  Try combining Lambda with ParkMyCloud and let us know what cool tricks you come up with for supercharging your automation and saving on your cloud bill! Stop by Booth 1402 at AWS re:Invent this year and tell us.

5 Favorite AWS Training Resources

5 Favorite AWS Training Resources

When it comes to AWS training resources, there’s no shortage of information out there. Considering the wide range of videos, tutorials, blogs, and more, it’s hard knowing where to look or how to begin. Finding the best resource depends on your learning style, your needs for AWS, and getting the most updated information available. With this in mind, we came up with our 5 favorite AWS training resources, sure to give you the tools you need to learn AWS:

1. AWS Self-Paced Labs

What better way to learn that at your own pace? AWS self-paced labs give you hands-on learning in a live AWS environment, with AWS services, and actual scenarios you would encounter in the cloud. Among the recommended labs you’ll find an Introduction to Amazon Elastic Compute Cloud (EC2), and for more advanced users, a lab on Creating Amazon EC2 Instances with Microsoft Windows. If you’re up for an adventure, enroll in a learning quest and immerse yourself in a collection of labs that will help you master any AWS scenario at your own pace. Once completed, you will earn a badge that you can boast on your resume, LinkedIn, website, etc.  

2. AWS Free Tier

Sometimes the best way to learn something is by jumping right in. With the AWS Free Tier, you can try AWS services for free. This is a great way to test out AWS for your business, or for the developers out there, to try services like AWS CodePipeLine, AWS Data Pipeline, and more. While you are still getting a hands-on opportunity to learn a number of AWS services, the only downside is that there are certain usage limits. You can track your usage with a billing alarm to avoid unwanted charges, or you can try ParkMyCloud and park your instances when they’re not in use to get the most out of your free tier experience. In fact, ParkMyCloud started its journey by using AWS’ free tier – we eat our own dog food!

3. AWS Documentation

AWS Documentation is like a virtual encyclopedia of tools, terms, training, and everything AWS. You’ll find white papers, case studies, tutorials, cloud computing basics, and so much more. This resource is a one-stop-shop for all of your AWS documentation needs, whether you’re a beginner or advanced user. No matter where you are in your AWS training journey, AWS documentation is always a useful reference and certainly deserves a spot in your bookmarks.

4. YouTube

So far, we’ve gone straight to the source for 3 out of 5 of our favorite AWS training resources. Amazon really does a great job of providing hands-on training, tutorials, and documentation for users with a range of experience. However, YouTube opens up a whole new world of video training that includes contributions from not only Amazon, but other great resources as well. Besides the obvious Amazon Web Services channel, there are also popular and highly rated videos by Edureka, Simplilearn, Eli the Computer Guy, and more.

5. Bloggers

As cloud technology usage continues to expand and evolve, blogs are a great way to stay up to speed with AWS and the world of cloud computing. Of course, in addition to labs, a free-trial, extensive documentation, and their own YouTube channel, AWS also has their own blog. Since AWS actually has a number of blogs that vary by region and technology, we recommend that you start by following Jeff Barr – Chief Evangelist at Amazon Web Services, and primary contributor. Edureka was mentioned in our recommended YouTube channels, they also have a blog that covers plenty of AWS topics. In addition, the CloudThat blog is an excellent resource for AWS and all things cloud, and was co-founded by Bhaves Goswami – a former member of the AWS product development team.

 


There’s plenty of information out there when it comes to AWS training resources. We picked our 5 favorite resources for their reliability, quality, and range of information. Whether you’re new to AWS or consider yourself an expert, these resources are sure to help you find what you’re looking for.

Want tips, tricks, and insights for an optimized cloud?



No, I like wasting time and money.