About Google Distributed Cloud air-gapped

Google Distributed Cloud brings Google Cloud's infrastructure and services to diverse physical locations, also known as distributed environments, and can run in on-premises data centers.

Distributed Cloud offers two distinct solutions:

  • Google Distributed Cloud (GDC) connected brings Google Cloud infrastructure and services closer to where data is being generated and consumed.

  • Google Distributed Cloud (GDC) air-gapped lets you host, control, and manage infrastructure and services directly on your premises.

Google Distributed Cloud air-gapped does not require connectivity to Google Cloud and helps customers meet compliance and regulatory requirements. Key advantages of using the Distributed Cloud platform include but are not limited to the following:

  • Open: Leveraging open source and commercial prebuilt hardware tapping into industry innovation and open ISV ecosystem.
  • Intelligence: Based on the Google AI portfolio, enabling real time decisioning and automation in the platform and as a service.
  • Consistent: Provides a consistent application experience across Google Cloud, data centers, and Google, operator, and customer edges.
  • Modern: Modern Cloud approach based on Google leadership in Kubernetes and GKE Enterprise leading hybrid-cloud solution.
  • Proven: Leveraging proven best practices at scale and technologies used for Google services.
  • Secure: Security spanning Google Cloud, Google Global Network, Google Edge Infrastructure, and end-user devices.

Personas

The Distributed Cloud architecture is hierarchical and consists of three tiers that map to the following personas:

  • Infrastructure Operator (IO) has full access to administer the GDC hardware, not the data or customer applications. An IO is responsible for managing and maintaining the infrastructure, hardware, and security of the operational system. The IO must refer to the Operator tab.

  • Platform Administrator (PA) manages organization resources, policies, and teams. A PA interacts with an IO to secure additional bulk resources, get support, plan for upgrades, and request specific configuration changes. A PA can create and delete clusters on demand for any of the customers. A PA must refer to the Administer section of the Documentation tab.

  • Application Operator (AO) has full access to a set of Kubernetes namespaces within a user cluster assigned by a PA. An AO interacts with a PA to secure more resources, get policy exemptions, and troubleshoot larger issues. An AO must refer to the Develop section of the Documentation tab.

The following table introduces major tasks and responsibilities of existing Distributed Cloud personas.

Infrastructure Operator Platform Administrator Application Operator
Tasks
  • Managing the organization's central infrastructure
  • Monitoring reliability and performance of the central platform and service-level objectives
  • Coordinating with a hardware vendor for maintenance and repair activities
  • Resolving platform issues or outages
  • Testing and rolling out platform updates
  • Planning and delegating platform resources to application owners
  • Provisioning and creating resources for application owners
  • Enforcing resources, such as usage quotas, or role-based access control
  • Operating live deployments
  • Monitoring health of deployments
  • Managing workloads, applications, and projects

Prerequisites

Before deploying Distributed Cloud on your premises, Google runs a site survey to ensure your location can support GDC by validating capabilities such as space, power, cooling, and connectivity.

Based on your requirements, Google generates a solution design and provides a planning document to the cloud hardware provider that ships the required hardware to your data center.

Hardware

Distributed Cloud hardware comes fully integrated into racks and securely delivered to your premises. We partner with OEM hardware vendors to provide customers with the latest, best-in-class enterprise equipment that is backed by comprehensive services and support.

Distributed Cloud can run on minimal hardware to provide flexibility, availability, and performance.

Software

In an isolated environment, you cannot download Distributed Cloud binaries directly to a network. Before deploying Distributed Cloud on an air-gapped system, it is important to have:

  • Internet access to Google Cloud to download the Distributed Cloud distribution.
  • A portable storage device to transfer the distribution to the air-gapped environment, for example, an external hard drive or a thumb drive.
  • On-premise hardware to upload the downloaded files to.
  • SHA256 or MD5 checksum to verify the integrity of the downloaded Distributed Cloud software in the air-gapped environment.
  • Nodes and clusters with enough CPU, RAM, and storage resources to meet the needs of clusters and workloads you are running regardless of your Distributed Cloud configuration.
  • Downloaded Distributed Cloud documentation to use offline.

Distributed Cloud provides a FIPS 140-2 certified Ubuntu 20.04 long-term support (LTS) operating system (OS) image that runs on Distributed Cloud bare metal servers and virtual machines. The certified OS image meets all security and compliance requirements.

Major technical features

Distributed Cloud delivers a multitude of features that let enterprises use the full functionality of a private isolated environment with no internet access.

Services

The extensive collection of Distributed Cloud services includes data management, artificial intelligence, machine learning, security, observability, and computing services. Distributed Cloud supports both Kubernetes and virtual machine-based workloads.

Storage

To build a robust infrastructure and store data across an air-gapped cloud environment, Distributed Cloud provides block and object storage services. The underlying storage hardware includes high-performing all-flash solutions for block and more cost-efficient solutions for object storage.

High availability and data backup

To conform to the data sovereignty requirements, Distributed Cloud delivers an integrated backup solution for data recovery and the ability to control data residency either in a local or remote data center.

Deploying resources across multiple data centers with Multi-zone lets you run disconnected, mission critical workloads on Distributed Cloud by delivering high availability (HA) and disaster recovery (DR) capabilities similar to public hyperscale cloud providers.

Distributed Cloud enables enterprises to perform rolling non-disruptive hardware and software upgrades.

Networking

Distributed Cloud provides secure networking and high-speed performance to support your mission critical services.

Data plane and management plane networks connect all cloud components hosted in an on-premises environment to ensure data sovereignty. The networks secure data and enable customers to scale and optimize their infrastructure.

The network load balancing service distributes TCP and UDP traffic among clusters and gives absolute control over handling traffic in the Distributed Cloud environment.

Support

The Cloud Support API might not be available for use with Distributed Cloud. Consult your account manager for details.

Third-party notices and source code

Third-party notices are provided with each release of GDC. They are provided using a tar file stored in the same Cloud Storage location under a matching tar file that includes notice in the name. Alternatively, third-party notices are provided directly in the images included in GDC.

For some of these third-party sources, we also provide copies of the source code. Third-party sources can also be found either in the images or in the following Google-hosted repositories:

For our Ubuntu mirror, we have not modified the packages. To find sources, run:

deb-src http://archive.ubuntu.com/ubuntu VERSION main universe