[HN Gopher] Google Distributed Cloud air-gapped appliance
___________________________________________________________________
Google Distributed Cloud air-gapped appliance
Author : radeeyate
Score : 50 points
Date : 2024-07-20 20:52 UTC (2 hours ago)
(HTM) web link (cloud.google.com)
(TXT) w3m dump (cloud.google.com)
| dhosek wrote:
| Given the discontinuance of the Google search appliance, I would
| be reluctant to consider any Google hardware. I'd likely use
| something like PCF on owned hardware for the scenarios they
| describe.
| imglorp wrote:
| When would someone reach for PCF now instead of K8s?
| jeffbee wrote:
| Given what Broadcom did to almost all of VMWare's products,
| I'd be a lot more worried about PCF than really anything
| else.
| pighive wrote:
| There's an opensource version of CloudFoundry.
| https://github.com/cloudfoundry/cf-deployment
| gcbirzan wrote:
| I mean, the search appliance was discontinued after 17 years.
| Not sure it's that bad...
| summerlight wrote:
| And they supported their last search appliance over 10 years
| and provided a transition path toward cloud-based
| alternative. This is probably better than usual industry
| cases and I'm pretty sure Google wouldn't get this bad
| reputation if they adopted this case as their own product
| longevity standard.
| bryanlarsen wrote:
| The customer is the DoD. They know how to negotiate contracts
| to cover this scenario and have the clout to negotiate such and
| enforce it.
| gigatexal wrote:
| And they'll likely have a "this need to be supported for 50
| years" provision too
| StephenAmar wrote:
| Well, Google already distribute hardware to various ISP - it's
| called GGC (https://www.gstatic.com/isp/docs/ggc-
| installation.pdf?sjid=5...).
|
| We (GSA) & GGC used to source our hardware from the same
| supplier (Dell).
| dilyevsky wrote:
| The post announces a physical (i presume) appliance and it's just
| a wall of text and not a single photo. Mkay...
| r0n22 wrote:
| Yeah I just wanted to see a picture of it
| wmf wrote:
| I couldn't find any specs in the docs either. Welcome to
| enterprise.
| qmarchi wrote:
| There's a bit complexity there as the system is designed to
| be modular based on requirements. GPUs? Raw RAM? DC or AC?
| All different compoents that you can swap in/out.
| wmf wrote:
| I would assume there's some kind of catalog or
| configuration guide y'all could publish but maybe not.
| kristjansson wrote:
| I mean this is literally their 'AI, but for TLAs' product. I'm
| kinda shocked there's a public announcement at all.
| surfingdino wrote:
| Is the box painted yellow? That's all I want to know, and if you
| are old enough you will get the Google Search Appliance
| reference.
| toomuchtodo wrote:
| We had a blue mini appliance!
|
| Teardowns previously:
|
| https://rothgar.medium.com/google-mini-search-appliance-tear...
| | http://1n73r.net/2012/12/11/google-mini-search-appliance-
| tea...
|
| https://www.anandtech.com/show/1781/3
| peanut-walrus wrote:
| It's for military applications so it's quite obviously green.
| qmarchi wrote:
| In this particular case, no, they're unbranded HP boxes, though
| some that have been deployed have GCP logos on the racks
| themselves.
| surfingdino wrote:
| How lame, Google used to be fun.
| karolist wrote:
| parts of it is still is, you're just focusing on non fun
| parts
| transpute wrote:
| _> unbranded HP boxes_
|
| HPEnterprise (Compaq-derived servers) or HPInc
| (desktops/laptops)?
| alpb wrote:
| Truly puzzling why Google is doing these things that do not
| scale. Their DNA historically has been doing things for billions
| of users, not 10 companies that might ever pay for this. Google
| is a technology company through and through, they have a great
| engineering talent, and they can keep shifting paradigm in many
| areas, especially in cloud. Yet, the short-term profit motive of
| the rot economy is taking another tech giant hostage.
| wmf wrote:
| Kurian = enterprise IT = high-margin low-scale customized
| solutions. In theory the long tail of the market is just as
| lucrative as the big head.
| nkmskdmfodf wrote:
| That's what happens when you take your most productive/creative
| minds, thrown them in the trash, and replace them with greedy
| MBA drones.
| dr_kiszonka wrote:
| I have no experience in this space, but I suspect supplying the
| US Air Force with this equipment may have a number of indirect
| benefits.
| yunohn wrote:
| The post seems to really be vague around the obvious and most
| likely majority defense use cases this would be deployed for. It
| instead tries to emphasize all the other potential uses and
| mentions defense only as the final one with a generic quote from
| the air force.
|
| I think it's very likely that's due to historical Googler outrage
| against working with defense organizations.
| siliconc0w wrote:
| I was hoping for a picture of a box with sundar's signature on
| it.
| lukeh wrote:
| Ha, very good.
| dmead wrote:
| Richard, we're making the box.
| candiddevmike wrote:
| It'll be the next iteration, Sundar's signature edition.
| moandcompany wrote:
| I'm glad they've finally learned to appreciate the conjoined
| triangles of success.
| asah wrote:
| Curious about open source licenses: this was a big problem for
| the Google search appliance IIRC
| rvnx wrote:
| I spent tons of time with Google Search Appliance (at least 100
| hours reverse-engineering it) it was just a CentOS machine with
| a daemon called Babysitter (which was just a loop restarting
| services), and a C++ binary called gws (Google Web Server).
|
| Fun fact, if you ran gws without its config files you would see
| the real front end for Google Search, News, etc.
|
| Web configuration interface was in Java, writing some XML
| templates if I remember well.
|
| So taking all of that, besides a very boring OS there was
| "nothing" or very little amount of open-source they were using.
|
| It was more all homemade (except the OS).
|
| Fun fact: There was a secret hardcoded password in clear (but
| only for physical access).
|
| EDIT: Password was different for each instance, not the same as
| I thought.
| StephenAmar wrote:
| Well that's fun. I was the TL of the GSA platform team and
| you are mostly spot on. You are missing the whole
| crawling/indexing & security parts though. the GWS on the GSA
| was, tbh, one of the simplest component.
|
| Each GSA had a set of unique BIOS/root password generated
| during bootstrap though.
| rvnx wrote:
| I edited the message, sorry for that mistake, I had assumed
| it was the same everywhere.
|
| It was great to see how it was engineered, some parts were
| truly remarkable, my main interest was to learn about the
| ranking algorithm (not for SEO purposes, but because I
| thought it was fun and interesting).
|
| We would have been in love 15 years ago when there was the
| GSA, sadly, our paths have separated :D
| wmf wrote:
| What was the problem specifically?
| mos_6502 wrote:
| Though other use cases for the appliance are given, it seems
| primarily designed for military applications?
|
| It's designed to military standards and to be as individually
| transportable as other military communications equipment:
|
| > Department of Defense (DoD) Impact Level 5 (IL5) accreditation
|
| > rugged and portable design that meets stringent accreditation
| requirements like MIL-STD-810H
|
| > The appliance can be conveniently transported in a rugged case
|
| > Weighing approximately 100lbs, it's human-portable, making it
| easy to transport and deploy in various locations.
|
| > disaster zones, remote research stations, or long-haul trucking
| operations
|
| Military operations are all three of these.
|
| Its design enables the offline self-hosting of cloud surveillance
| tools:
|
| > Google Distributed Cloud air-gapped appliance is designed to
| operate without any connectivity to Google Cloud or the public
| internet. The appliance remains fully functional in disconnected
| environments
|
| > built-in AI solutions from the Google Distributed Cloud air-
| gapped appliance like translation, speech, and optical character
| recognition
|
| What about facial recognition?
| Havoc wrote:
| Does anyone care about this except DoD?
| sneak wrote:
| This is to let the military use AI to help kill people.
|
| "Don't be evil" is dead.
| thomasjudge wrote:
| It looks like this is an evolution of an offering they've had for
| some time:
|
| https://cloud.google.com/distributed-cloud#modern-experience...
| transpute wrote:
| Need: - photo/video - root of trust
| definition (OpenTitan?) - firmware and OS description
| - specs
|
| There's an edge device family from AWS, with specs and photos,
| https://aws.amazon.com/blogs/aws/introducing-aws-snowcone-sm...
|
| _> AWS Snow Family of physical edge computing, edge storage, and
| data transfer devices for rugged or disconnected environments..
| can be used in a variety of environments including desktops, data
| centers, messenger bags, vehicles, and in conjunction with
| drones.. enclosure is both tamper-evident and tamper-resistant,
| and also uses a Trusted Platform Module (TPM) designed to ensure
| both security and full chain-of-custody for your data. The device
| encrypts data at rest and in transit using keys that are managed
| by AWS Key Management Service (AWS KMS) and are never stored on
| the device.. use Snowcone for data migration, content
| distribution, tactical edge computing, healthcare IoT, industrial
| IoT, transportation, logistics, and autonomous vehicle use
| cases._
|
| AWS Snowball hardware, https://youtube.com/watch?v=BIx9bbe58K8
|
| GDC video of users and control panels, no hardware,
| https://youtube.com/watch?v=i5fCfgNaPE0
|
| With hardware expertise from servers, OpenCompute, Project Ara,
| Chromebooks, Pixels and TPUs, hopefully this appliance is more
| than a PC OEM whitebox.
| loloquwowndueo wrote:
| The Hooli/Pied Piper box - https://silicon-
| valley.fandom.com/wiki/The_box
| upon_drumhead wrote:
| This seems like GCP's version of AWS Outposts Servers
|
| https://aws.amazon.com/outposts/servers/
|
| Does Azure have a similar option?
| MarkSweep wrote:
| Their hardware is called Azure Stack Edge:
|
| https://azure.microsoft.com/en-us/products/azure-stack/edge/
| mvkel wrote:
| Feels like something that will almost certainly be sunset in <2
| years
| klipklop wrote:
| Would never consider this after getting rug pulled when Google
| abandoned the search appliance. That was fun.
| gz5 wrote:
| Useful for a truly never-connected 'island' (meaning it never
| needs to speak to the outside world).
|
| However, even some of the use cases they cite rarely exist on a
| never-connected island, e.g. industrial automation and
| transportation.
|
| So, to be broadly applicable, it needs to be secure by design for
| connected use cases as well, even if those connections are
| considered to be ephemeral (e.g. remote management, periodic
| telemetry, metadata sharing, etc.).
___________________________________________________________________
(page generated 2024-07-20 23:03 UTC)