Cloud

With over ⅓ of the food in the USA ending up as waste according to the USDA, it is a compelling challenge to address this travesty.  What will happen to hunger, food prices, trash reduction, water consumption, and overall sustainability when we stop squandering this abundance?

Beginning with the departure from the farm to the back of the store, the freshness clock continues to run.  Grocers work very hard to purchase high quality produce items for their customers and the journey to the shelf can take a toll in both quality and remaining shelf life.  Suppliers focus on delivering their items through the arduous supply chain journey to the store with speed and gentle handling.  The baton is then passed to the store to unload and present the items to customers with care to sell through each lot significantly before the expiration or sell by date.  This is to ensure that the time spent in the customer’s home is ample to ensure a great eating experience as well. Food waste is a farm to fork problem with opportunity at every step of the chain, but today we will focus on the segment that the grocery industry oversees.

With the complexities of weather, geopolitical issues, distribution, sales variability, pricing, promotions, and inventory management, it seems daunting to impact waste.  Fortunately, data analytics and machine learning in the cloud is a powerful weapon in the fight against food waste. Data Scientists harness knowledge to draw meaning from data turning that data into decision driving information. 

One key Google has been working on to accelerate value is to break down data silos and leverage machine learning to realize better outcomes, using our Google Data Cloud platform. This enables better planning through demand forecasting, Inventory management, assortment planning, and dynamic pricing and promotions.

That sounds great but how does it work?  

Let’s walk through a day in the life journey to see how the integrated Google Data Cloudplatform can change the game for good. Our friendly fictitious grocer FastFreshFood is committed to selling high quality perishable items to their local market. Their goal is to minimize food waste and maximize revenue by selling as much perishable fresh food as possible before the sell by date. Our fictitious grocer in partnership with Google Cloud could build a solution that will take a significant bite out of their food waste volume and better satisfy customers. 

Sales through the register and online are processed in real time with Datastream, Dataflow to keep an accurate perpetual inventory by minute of every single item.

A Demand forecasting model using machine learning algorithms in BigQuery then identifies needs for back room replenishment, so Direct Store Delivery and daily store Distribution Centers manage ordering more efficiently to ensure just the right amount of each product each day.

Realtime reporting dashboards in Looker with alerting capabilities enable the system to operate with strong associate support and understanding. The reporting suite shows inventory levels into the future, daily orders, and at risk items.

The pricing algorithm could also alert store leadership concerning any items that will not sell through and suggest real time in store specials resulting in zero waste at shelf and maximized revenue.

This approach is not just for perishable categories and is a pattern that works well for in-store produced items and center store items.  The key point is that by bringing ML/AI to difficult business problems grocers are reinventing what is possible for both their profitability and sustainability.

The technical implementation of this design pattern in Google Cloud leverages Datastream, Dataflow, BigQuery and Looker products, it is detailed in a technical tutorial accompanying this blog post.

In partnership with Google Cloud, retailers can solve complex problems with innovative solutions to achieve higher quality, lower cost, and provide great customer experiences. To learn more from this and other use cases, please visit our Design Patterns website.

Curious to learn more? 

We’re excited to share what we know about tackling food waste at Google, a topic we’ve been working on in the last decade as we’ve embarked on reducing our own food waste in our operations in over 50 countries in the world. The Google Food for Good team works exclusively on Google Cloud Platform with our partners on this topic. Two additional articles below. 

Silos are for food, not for data – tackling food waste with technology
This business Cloud blog directly addresses information silos that currently exist across many nodes in the food system and how to break down cultural and organizational barriers to sharing. 

“Unsiloing” data to work toward solving food waste and food insecurity 
This follow-on technical Cloud blog articulates the path to setting up data pipelines, translating between data sets (not everyone calls a tomato a tomato!) and making sense of emergent insights.

Communication service providers (CSPs) are at the forefront of a remarkable digital transformation as network data traffic soars to record highs. Fromlow-latency edge computing, digitally reimagined infrastructure management, and sustainable networking practices, CSPs are meeting the massive increase in network demand by becoming data-driven and digital-first.

To achieve this, leading CSPs know they must harness the power of analytics, artificial intelligence, and machine learning to unify data across different silos, democratize access to data, generate timely insights, and accelerate innovation. Google Cloud is helping many of the world’s top CSPs achieve this essential work.

Today, Google Cloud is thrilled to continue these efforts as we announce the expansion of our ISV partnerships for CSP Analytics. With our partners, Google Cloud looks forward to supporting CSPs to deploy and integrate customer-focused analytics and AI/ML solutions such as service assurance, quality of experience, customer experience management, mobility insights, and data monetization solutions which leverage Google Cloud, Google Distributed Cloud Edge, and Google Cloud Marketplace.

Additionally, Google Cloud smart analytics solutions are fundamentally transforming CSP operations across multiple dimensions, including customer management, sales and marketing management, risk and compliance management, workforce management, and the network. 

One notable example is our recent collaboration with Cardinality, where we delivered to Vodafone the Network Performance Platform solution built with Google Cloud smart analytics. This work is helping Vodafone update its pan-European network faster, more dynamically, and more efficiently. 

“We can give our 300-million-plus mobile customers a consistently faster and more reliable service using this new platform developed jointly with Cardinality and Google Cloud,” said Johan Wibergh, Chief Technology Officer of Vodafone. “It is a global data hub that gives us a real-time view of what is happening anywhere on our network, uses our global scale to manage traffic growth cheaper and more efficiently as customer data consumption grows by around 40% per year, and supports the full automation of our network by 2025.” 

We are also excited to announce our partnership with Cellwize to help Telefónica Deutschland complete its migration of Cellwize’s cloud-native, AI-driven RAN orchestration on Google Cloud. 

Dr. Mariam Kaynia, Director Tech Architecture, Strategy & Analytics, at Telefónica Deutschland, said, “The rate of change happening in the cloud brings a significantly faster time to market over traditional telecom infrastructures. This is why we adopted cloud and selected Google Cloud as one of our central pillars of our overall strategy both in the network and digital domains. Through our longstanding partnership with Cellwize in the RAN automation domain, transitioning the Cellwize solution to the cloud was a natural fit on our way to a full OSS cloud migration, driving scalability and powering innovation.”

Google Cloud and our partners continue to bring differentiated analytics experience to our CSP customers.  We have added the following partners to our CSP Analytics ISV ecosystem.

Cardinality’s cloud-native Cardinality.io platform was forged in the highly complex world of telecom data analytics. With award-winning AI capabilities, super-fast streaming that can handle upwards of 50 billion events per day, and a DataOps engine that can easily move data from edge to core to cloud, Cardinality.io helps some of the world’s largest Communications Service Providers solve their most complex data challenges. 

CanGo Networks is a leader in Cloud Native Inventory, Real Time 5G Assurance, AI and ML driven Analytics and Network Automation Solutions on Google Cloud empowers Operators to evolve their Legacy NOC to Dark NOC as part of their Digital OSS Transformation Journey. Leveraging CanGo’s OSS Suite helps Network Operations, Planning, Optimization and NOC/SOC Teams to have an Ultimate End-to-End Network Visibility across Cloud, Mobility, IT/MEC and IoT platforms.

Cellwize will deliver its cloudified, AI-driven and Open RAN-ready automation and orchestration platform, CHIME, on Google Cloud, accelerating and simplifying 5G rollout while fostering innovation via self-development of network rApps and bridging the gap between Purpose Built RAN networks, Open RAN and vRAN.

Continual analyzes and predicts the network quality and experiences of all connected cars, drivers, passengers and subscribers-on-the-move, across all roads, highways and railways – nationwide. Based on AI / ML and optimized for GCP, Mobile Operators use Continual to optimize their network for advanced mobility services.

Infovista will provide Google Cloud customers with access to its open, integrated, cloud-native network lifecycle automation (NLA) platform that leverages data, AI/ML and analytics to bring end-to-end intelligence to network operations.

PI Works will provide its market-leading AI-based Automated Mobile Networks Management and Optimization solutions on Google Cloud, to enable communication service providers across the globe to ensure excellent subscriber experience and maximize cost efficiency of mobile networks.

Sandvine’s Application and Network Intelligence solutions are being integrated into Google Cloud Platform to give CSPs the ability to analyze, optimize and automate the delivery of low-latency, QoS-driven 5G services. 

Teoco is a leading provider of analytics, assurance, and optimization solutions to over 300 communication service providers (CSPs) and OEMs worldwide. Our solutions enable the digital transformation of CSPs while enhancing their network QoS, improving their customer experience and reducing their operational costs through intelligent analytics of vast amounts of data.

Tupl accelerates your digital transformation journey by AI, with telco ops automation solutions such as e.g. AI Care, Power Savings Advisor, Network Intelligence Automation, NOC Automation, Open RAN SMO/RIC or Unifier. TuplOS is the MLOps platform that enables a full framework to develop complex and intelligent automation applications with a fast time to market. 

Unacast provides a leading human mobility data processing platform for use on Google Cloud. With their Turbine platform, Telcos are enabled to deliver state of the art data products describing human mobility within their subscriber base. Enabled by the strong data processing capabilities of Google Cloud, the Turbine focuses on depicting the behavior and patterns of vast populations within the spatial realm.

In 2022, Google Cloud continues to double down on our ISV ecosystem across domains, and our CSP collaborations are core to that work. We want to meet our CSP customers’ increasing needs to move data into the cloud, and to build real-time, actionable analytics and automation. We’ve already seen how cloud helps accelerate deployment and optimization of network functions, improve customer experience, and drive new monetization opportunities—and we’re excited to power even more of that growth. Last year, as part of Google Cloud’s continued commitment to CSPs, we expanded our ISV network to include more than 50 new partners to help bring solutions to the network edge. 

Discover new insights through our AI report:Using AI to win the customer experience battle in telecommunications or contact your Google Cloud partner representative through our Telecommunications industry page.

We understand that at each stage of the startup journey, you need different levels of support and resources to start, build and grow. To help with your journey, we created the Google Cloud Technical Guide for Startups to help your organization across these different milestones.

Technical Guides for Startups to support your startup journey

The Google Cloud Technical Guides for Startups series includes a video series and handbooks, consisting of three parts optimized for different stages of a startup’s journey.

The Start Series: Begin by building, deploying and managing new applications on Google Cloud from start to finish.

The Build Series: Optimize and scale existing deployments to reach your target audiences.

The Grow Series:  Grow and attain scale with deployments on Google Cloud.

The Start Series – is fully available on this playlist. In this series,  we introduced topics to get you started on Google Cloud. This included setting up your project, choosing the right compute option, configuring databases, networking, as well as understanding support and billing.

Now that you have applications running on Google Cloud, it is time to take the next step to optimize and scale these deployments.

Kicking off the Build Series

With our Start Series complete, we are happy to announce the second program in the series – the Build Series! 

The Build Series focuses on optimizing deployments and scaling your business, enabling you to build a foundation to accelerate your startups’ growth in the future. We will dive into many exciting topics, ranging from startup programs to Google Cloud’s data analytics and pipelines solutions, machine learning, API management and more. You will learn to gain insights from your data and to better manage and secure your applications, which will accelerate scale and understanding of your end user. 

Our first episode shares an overview of these topics, and features our new website which has many useful startup resources and technical handbooks. Watch our kick off video to find out more.

Embark on the journey together

We hope that you will join us on this journey, as we Start, Build, and Grow together. Get started by checking out our website and our full playlist on the Google Cloud Tech channel. Don’t forget to subscribe to stay up to date. 

See you in the cloud!

At Google, we follow a security-first philosophy to make safeguarding our clients’ and users’ data easier and more scalable, with strong security principles built into multiple layers of Google Cloud. In line with this philosophy, we want to make sure that our Container-Optimized OS adheres to industry-standard security best practices. To this end, we released a CIS benchmark for Container-Optimized OS that codifies the recommendations for hardening and security measures we have been using. Our Container-Optimized OS  97 releases now support CIS Level 1 compliance, with an option to enable support for CIS Level 2 hardening.

CIS benchmarks help define the security recommendations for various software systems, including various operating systems. In the past, Google had developed a CIS benchmark for Kubernetes as part of the continued contributions to the container orchestration space. We decided to build a CIS benchmark for Container-Optimized OS because they are well recognized across the industry, are created and reviewed in open source, and can provide a good baseline when it comes to hardening your operating systems. 

Our benchmarks for Container-Optimized OS are based on the CIS benchmarks defined by their security community for distribution-independent Linux OSes. In addition to applying some of the security recommendations for generic Linuxes—such as making file permissions more strict—we included measures to support hardening specific to Container-Optimized OS, such as verifying that the OS has the capabilities for checking filesystem integrity with dm-verity or that logs can be exported to Cloud Logging. We also removed some checks that don’t apply to Container-Optimized OS due to its minimal OS footprint that can reduce the attack surface. Container-Optimized OS 97 and later versions come with support for CIS Level 1 and can allow users to optionally apply support for Level 2 hardening as well.

Compliance is not just about a one-time hardening effort, however. You will need to ensure that the deployed OS images stay within compliance throughout their life. At Google, we continually run scans on our Google Cloud projects to help verify that our VMs and container images are kept up-to-date with the latest CIS security guidelines. To help scan a wide range of products with a low resource usage overhead, we developed Localtoast, our own open-source configuration scanner.

Localtoast is highly customizable and can be used to detect insecure OS configurations on local and remote machines, VMs, and containers. Google uses Localtoast internally to help verify CIS compliance on a wide range of Container-Optimized OS installations and other OSes. Its configuration and scan results are stored in the same Grafeas format that deploy-time security enforcement systems such as Kritis use, which can make it easier to integrate with existing supply chain security and integrity tooling. See this video for a showcase of how you can use this Localtoast scanner on COS.

Included in the Localtoast repo is a set of scan configuration files that help scan Container-Optimized OS’ CIS benchmarks. For other Linux OSes, we include a fallback config which supports and is based on the distribution-independent Linux CIS benchmarks and aims to help provide relevant security findings for a wide range of Linuxes—with support for more OSes coming in the future.

Apart from the configs for scanning live instances, we also released modified configs for scanning container images.

Container-Optimized OS 97 and above comes with Localtoast and the Container-Optimized OS-specific scanning config that supports CIS compliance pre-installed. We welcome you to try out our user-guide, and hope that the provided tools will help you get a step further in your journey toward keeping your cloud infrastructure secure. 

If you have any questions, don’t hesitate to reach out to us.

With rapid expansion of internet and cloud computing, warehouse-scale computing (WSC) workloads (search, email, video sharing, online maps, online shopping, etc.) have reached planetary scale and are driving the lion’s share of growth in computing demand. WSC workloads also differ from others in their requirements for on-demand scalability, elasticity and availability. 

Many studies (e.g., Profiling a warehouse-scale computer) and books (e.g., The Datacenter as a Computer: Designing Warehouse-Scale Machines) have pointed out that WSC workloads have fundamentally different characteristics than traditional benchmarks and require changes to modern computer architecture to achieve optimal efficiency. Google workloads have data and instruction footprints that go beyond the capacity of modern CPU caches, such that the CPU spends a significant portion of its time waiting for code and data. Simply increasing memory bandwidth would not solve the problem, as many accesses are in the critical path for application request processing; it is just as important to reduce memory access latency as it is to increase memory bandwidth.

Over the years, the computer architecture community has expressed the need for WSC workload traces to perform architecture research. Today, we are pleased to announce that we’ve published select Google workload traces. These traces will help systems designers better understand how WSC workloads perform as they interact with underlying components, and develop new solutions for front-end and data-access bottlenecks.

We captured these workload traces using DynamoRIO on computer servers running Google workloads — you can find more details at https://dynamorio.org/google_workload_traces.html. To protect user privacy, these traces only contain instruction and memory addresses. 

We have found these traces useful for understanding WSC workloads and seeding internal research on processor front-ends, on-die interconnects, caches and memory subsystems, etc. — all areas that greatly impact WSC workloads. For example, we used these traces to develop AsmDB. Likewise, we hope these traces will enable  the computer architecture community to develop new ideas that improve performance and efficiency of other WSC workloads.

Mosquitoes aren’t just the peskiest creatures on Earth; they infect more than 700 million people a year with dangerous diseases like Zika, Malaria, Dengue Fever, and Yellow Fever. Prevention is the best protection, and stopping mosquito bites before they happen is a critical step.

SC Johnson—a leading developer and manufacturer of pest control products, consumer packaged goods, and other professional products—has an outsized impact in reducing the transmission of mosquito-borne diseases. That’s why Google Cloud was honored to team up with one of the company’s leading pest control brands, OFF!®, to develop a new publicly available, predictive model of when and where mosquito populations are emerging nationwide. 

As the planet warms and weather changes, OFF! noticed month-to-month and year-to-year fluctuations in consumer habits at a regional level, due to changes in mosquito populations. Because of these rapid changes, it’s difficult for people to know when to protect themselves. The OFF!Cast Mosquito Forecast™, built on Google Cloud and available today, will predict mosquito outbreaks across the United States, helping communities protect themselves from both the nuisance of mosquitoes and the dangers of mosquito-borne diseases—with the goal of expanding to other markets, like Brazil and Mexico, in the near future.

With the OFF!Cast Mosquito Forecast™, anyone can get their local mosquito prediction as easily as a daily weather update. Powered by Google Cloud’s geospatial and data analytics technologies, OFF!Cast Mosquito Forecast is the world’s first public technology platform that predicts and shares mosquito abundance information. By applying data that is informed by the science of mosquito biology, OFF!Cast accurately predicts mosquito behavior and mosquito populations in specific geographical locations.  

Starting today, anyone can easily explore OFF!Cast on a desktop or mobile device and get their local seven-day mosquito forecast for any zip code in the continental United States. People can also sign up to receive a weekly forecast. To make this forecasting tool as helpful as possible, OFF! modeled its user interface after popular weather apps, a familiar frame of reference for consumers.

The technology behind the OFF!Cast Mosquito Forecast

To create this first-of-its-kind forecast, OFF! stood up a secure and production-scale Google Cloud Platform environment and tapped into Google Earth Engine, our cloud-based geospatial analysis platform that combines satellite imagery and geospatial data with powerful computing to help people and organizations understand how the planet is changing. 

The OFF!Cast Mosquito Forecast is the result of multiple data sources coming together to provide consumers with an accurate view of mosquito activity. First, Google Earth Engine extracts billions of individual weather data points. Then, a scientific algorithm co-developed by the SC Johnson Center for Insect Science and Family Health and Climate Engine experts translates that weather data into relevant mosquito information. Finally, the collected information is put into the model and distilled into a color-coded, seven-day forecast of mosquito populations. The model is applied to the lifecycle of a mosquito, starting from when it lays eggs to when it could bite a human.

The SC Johnson Center for Insect Science and Family Health is one the world’s leading entomology research centers, studying advanced science of insect biology, insect-borne disease prevention and effective product solutions for consumer use. The science behind brands like OFF! is grounded in knowledge from world-class entomologists who have devoted their careers to SC Johnson’s mission of eradicating diseases like Malaria and Zika. 

“We are putting the power in consumers’ hands in providing them with a tool to help predict their exposure and prevent mosquito bites,” said Maude Meier, SC Johnson entomologist. “It’s an exciting time to be working in the field of insect science as we find new opportunities to combine science and technology, like Google Earth Engine, to be a force for good in our mission to prevent the spread of insect-borne diseases.”

It takes an ecosystem to battle mosquitos

Over the past decade, academics, scientists and NGOs have used Google Earth Engine and its earth observation data to make meaningful progress on climate research, natural resource protection, carbon emissions reduction and other sustainability goals. It has made it possible for organizations to monitor global forest loss in near real-time and has helped more than 160 countries map and protect freshwater ecosystems. Google Earth Engine is now available in preview with Google Cloud for commercial use.

Our partner, Climate Engine, was a key player in helping make the OFF!Cast Mosquito Forecast a reality. Climate Engine is a scientist-led company that works with Google Cloud and our customers to accelerate and scale the use of Google Earth Engine, in addition to those of Google Cloud Storage and BigQuery, among other tools. With Climate Engine, OFF! integrated insect data from VectorBase, an organization that collects and counts mosquitoes and is funded by the U.S. National Institute of Allergy and Infectious Diseases.

The model powering the OFF!Cast Mosquito Forecast combines three inputs—knowledge of a mosquito’s lifecycle, detailed climate data inputs, and mosquito population counts from more than 5,000 locations provided by VectorBase. The model’s accuracy was validated against precise mosquito population data collected over six years from more than 33 million mosquitoes across 141 different species at more than 5,000 unique trapping locations.

A better understanding of entomology, especially things like degree days and how they affect mosquito populations, and helping communities take action is critically important to improving public health. Learn more about OFF!Cast Mosquito Forecast and see here to learn more about Google Earth Engine on Google Cloud.

Today, manufacturers are advancing on their digital transformation journey, betting on innovative technologies like cloud and AI to strengthen competitiveness and deliver sustainable growth. Nearly two thirds of manufacturers already use cloud solutions, according to McKinsey. The actual work of scaling digital transformation projects from proof of concept to production, however, still remains a challenge for the majority of them, according to analysts.

We believe the scalability challenges revolve around two factors—the lack of access to contextualized operational data and the skills gap to use complex data science and AI tools on the factory floor.

To ensure manufacturers can scale their digital transformation efforts into production, Google Cloud is announcing new manufacturing solutions, specifically designed for manufacturers’ needs. 

The new manufacturing solutions from Google Cloud give manufacturing engineers and plant managers access to unified and contextualized data from across their disparate assets and processes.

Let’s take a look at the new solutions as we follow the data journey, from the factory floor to the cloud:

Manufacturing Data Engine is the foundational cloud solution to process, contextualize and store factory data. The cloud platform can acquire data from any type of machine, supporting a wide range of data, from telemetry to image data, via a private, secure, and low cost connection between edge and cloud. With built-in data normalization and context-enrichment capabilities, it provides a common data model, with a factory-optimized data lakehouse for storage. 

Manufacturing Connect is the factory edge platform co-developed with Litmus Automation that quickly connects with nearly any manufacturing asset via an extensive library of 250-plus machine protocols. It translates machine data into a digestible dataset and sends it to the Manufacturing Data Engine for processing, contextualization and storage. By supporting containerized workloads, it allows manufacturers to run low-latency data visualization, analytics and ML capabilities directly on the edge.

Built on the Manufacturing Data Engine are a growing set of data analytics and AI use cases, enabled by Google Cloud and our partners:

Manufacturing analytics & insights: An out-of-the-box integration with Looker templates that delivers a dashboarding and analytics experience. As an easy-to-use, no-code data and analytics model, it empowers manufacturing engineers and plant managers to quickly create and modify custom dashboards, adding new machines, setups, and factories automatically. The solution enables drill down into the data against KPIs, or on-demand to uncover new insights and improvement opportunities throughout the factory. Shareable insights unlock collaboration across the enterprise and with partners.

Predictive maintenance: Pre-built predictive maintenance machine learning models allow manufacturers to deploy in weeks without compromising on prediction accuracy. Manufacturers can continuously improve their models and refine them in collaboration with Google Cloud engineers. 

Machine-level anomaly detection: A purpose-built integration that leverages Google Cloud’s Time Series Insights API on real-time machine and sensor data to identify anomalies as they occur and provide alerts. 

“The growing amount of sensor data generated on our assembly lines creates an opportunity for smarter analytics around product quality, production efficiency, and equipment health monitoring, but it also means new data intake and management challenges,” said Jason Ryska, director of manufacturing technology development at Ford Motor Company. “We worked with Google Cloud to implement a data platform now operating on more than 100 key machines connected across two plants, streaming and storing over 25 million records per week. We’re gaining strong insights from the data that will help us implement predictive and preventive actions and continue to become even more efficient in our manufacturing plants.”

“With the tight integration of a powerful factory edge solution with Google Cloud, it is easier than ever for factories to tap into cloud capabilities,” said Masaharu Akieda, general manager for the Digital Solutions Division at KYOCERA Communication Systems Company. “Google Cloud’s solutions enable a broader group of users beyond data scientists to quickly access, analyze and use data in a variety of use cases. We are excited to partner with Google Cloud as we implement new manufacturing solutions to optimize production operations and consistently increase quality.”

“As the global innovator of solid state cooling and heating technology, we’ve developed a sustainable manufacturing platform that uses less water, less electricity, and less chemical waste,” says Jason Ruppert, chief operations officer of Phononic. “This partnership with Google Cloud allows us to contextualize data across all of our manufacturing processes – ultimately providing us the analytics and insights to optimize our operations and continue to bring to the world products that cool sustainably, reducing greenhouse gas (GhG) emissions and improving the environment.”

A growing number of partners are extending Google Cloud’s manufacturing solutions, from connectors, to AI-driven use cases. Take a look at what our partners are saying about the Manufacturing Data Engine and Manufacturing Connect at our upcoming Google Cloud Manufacturing Spotlight.

With Google cloud’s new manufacturing solutions, three critical pieces of smart manufacturing operations are strengthened and integrated: factory-floor engineers, data, and AI. 

Empowering factory-floor engineers to be the hub of smart manufacturing

Over the last few years, the manufacturing industry contributed more than 10% of the U.S. gross domestic product, or 24% of GDP with indirect value (i.e. purchases from other industries) included. This is also the sector that employs approximately 15 million people, representing 10% of total U.S. employment. However, more than 20% of manufacturers’ workforce in the US is older than 55 years, and an average age of 44 years old – with similar patterns seen across the world. Finding new talent to replace the retiring workforce is getting increasingly harder for manufacturers.

Companies therefore need to both enable their existing workforce, while making it more attractive to new talent to join. This balance requires making critical technology such as Cloud and AI accessible, easier to use, and deeply embedded in manufacturers’ day-to-day operations.

Google Cloud’s manufacturing solutions are designed with this end in mind. Combining fast implementation and ease-of-use, powerful digital tools are put directly into the hands of the manufacturers’ workforce to uncover new insights and optimize operations in entirely new ways.

Key parts of the solution are low- to no-code in setup and use, and therefore are suitable for a large variety of end users. Built for scale, the solutions allow for template-based rollouts and encourage reuse through standardization. Designed with best practices in mind, manufacturers are enabled to focus precious resources on use cases, instead of the underlying infrastructure.

Manufacturing engineers can visualize and drill down into data using Manufacturing Analytics & Insights, built on Looker’s business intelligence engine. Being integrated with the Manufacturing Data Engine, its automatic configuration provides an up-to-date view into any aspect of manufacturing operations.  From the COO to plant managers and factory engineers, users are enabled to easily browse and explore factory data on the enterprise, factory, line machine, and sensor level.

Besides designing manufacturing solutions from the ground up for ease-of-use, Google Cloud and partners are actively helping manufacturers in upskilling their workforce capabilities with a dedicated enablement service.

Making every data point accessible and actionable

Data is the backbone of digital manufacturing transformation and manufacturers have a potential abundance of data: performance logs from a single machine can generate 5 gigabytes of data per week, and a typical smart factory can produce 5 petabytes per week.

However, this wealth of data and the insights contained within it remain largely inaccessible for many manufacturers today: data is often only partially captured, and then locked away in a variety of disparate and proprietary systems.

Manufacturing Connect, co-developed with Litmus Automation, provides an industry-leading breadth of 250-plus native protocol connectors to quickly connect to and acquire data from nearly any production asset and system with a few clicks. Integrated analytics features and support for containerized workloads provide manufacturers with the option for on-premise processing of data.

A complementary cloud component allows manufacturers to centrally manage, configure, standardize and update edge instances across all their factories for roll-outs on a global scale. Integrated in the same UI, users can also manage downstream processing of data sent to the cloud by configuring Google Cloud’s Manufacturing Data Engine solution.

The Manufacturing Data Engine provides structure to the data, and allows for semantic contextualization. Doing so, data is made universally accessible and useful across the enterprise. By abstracting away the underlying complexity of manufacturing data, manufacturers and partners are enabled to develop high value, repeatable, scalable, and quick to implement analytics and AI use cases.

AI for smart manufacturing demands a broad partner ecosystem

Manufacturers recognize the value of AI solutions in driving cost and production optimizations. So much so that several of them have active patents on AI initiatives. In fact, according to research from Google in June, 2021, 66% of manufacturers that use AI in their day-to-day operations report their reliance on AI is increasing. 

Google Cloud helps manufacturers put cloud technology and artificial intelligence to work helping factories run faster and smoother. Customers using the Manufacturing Data Engine from Google Cloud can directly access Google Cloud’s industry-leading Vertex AI platform, which offers integrated AI/ML tools ranging from AutoML for manufacturing engineers, to advanced AI tools for experts to fine-tune results. With Google Cloud, AI/ML use case development has never been more accessible for manufacturers.

Crossing the scalability chasm for using the power of cloud and AI in manufacturing

Our mission is to accelerate your digital transformation by bridging data silos, and to help make every engineer into a data scientist with easy-to-use AI technologies and an industry data platform. Join us at the Google Cloud Manufacturer Spotlight to learn more.

The new manufacturing solutions will be demonstrated in person for the first time at Hannover Messe 2022, May 30–June 2. Visit us at Stand E68, Hall 004, or schedule a meeting for an onsite demonstration with our experts.

If you’ve worked in any facet of IT you know all too well how rapidly technology changes. You’ve probably seen some trendy industry buzz words lately like “cloud native”, “containers”,  or “infrastructure as code” just to name a few.

The Cloud

And then there’s “Cloud”—the buzzword to rule them all! If you are coming from a different cloud platform or even an on-prem environment it can be a little intimidating and confusing to get started. Read on to learn how to set up and secure your Google Cloud account and your resources.

A tale of two consoles 

Google Cloud gives you access to two consoles to help secure your account and resources: 

The Admin console: Allows you to manage people, groups, access controls, and Google Workspace domains
and 

The cloud console: Allows you to implement granular access controls via Identity and Access Management (IAM), enable APIs and services, create and manage infrastructure and resources like virtual machines, networking, and much more.

It’s easy to get these two portals mixed up, as they are both so important to managing who can access resources. Let’s take a look at the differences between them and their respective functions.

Our architect

To help us understand the difference we are going to use the help of Ramalton. Ramalton just got a job at a SaaS company called Big Horn Inc. building apps and software specifically for the city of Ramsville. The company is expanding their IT department and hired a cloud architect to help them use Google Cloud and make their applications and infrastructure safer and more reliable. 

Ramalton’s first job is to set up the company’s Google Cloud account, so he holds a meeting with the Executive Board of Rams (EBORs) and decides to start with the basics. He proceeds to give a crash course about setting up a Super Admin account and about Identity and Access Management (IAM).

Ramalton goes into detail about how super admins have irrevocable administrative permissions. This option made some executives a little nervous at first, “That’s too much power for one Ram to have,” they said. Ramalton assured them that the super admin account would not be used for the day-to-day administration of the organization; he would set up an org admin account for that. Next he explained to the EBORs how IAM allows Rams to give specific people, groups, or identities access to specific cloud resources or capabilities. IAM gives Rams the ability to keep their cloud infrastructure safe by restricting who can read, edit, or modify it.

So back to our hero…Ramalton’s meeting was a success. The EBORs were very impressed. They wanted to get their Google Cloud account set up right away. 

Ramalton’s next tasks: Create the super admin to set up Big Horn’s account, then create users and groups. Ramalton knew that the initial account set up could be done from the Admin console.

What is the Admin console?

The Admin console allows an administrator (like Ramalton) to add users, create groups, manage devices, configure billing, and manage security settings. All these Google Cloud administration tasks can be done from a single location. 

Ramalton knew his company was already using Google Workspace so he knew it would be a good idea to set up an organization to manage their Google Cloud account.

What is an organization? 

I am glad you asked. An organization is the root node in the Google Cloud resource hierarchy, which means it sits at the top above all your folders, projects, and resources. Existing policies or restrictions made at the organization level are inherited by the folders, projects, and resources below it. Organizations are available for Google Workspace or through Cloud Identity for Google Cloud customers, and you can create an organization today if you don’t have one.

Back to our friend. Now it was time to set up the company’s billing account along with users and groups.

What is a billing account? 

In the Google Cloud console, you can set up billing accounts, which allows you to create new services and pay for them, and decide which users in your organization have view-only or admin-access to billing. View-only access allows a user to only see billing details, while admin access allows the user to make changes and/or adjustments to the account billing. It’s a good idea to understand each person’s responsibility in order to give appropriate access as needed. Note that you may have a billing account if you are already a Google Maps Platform customer.

Now that billing has been set up, Ramalton needs to create users and groups in the admin console. 

Users

A user is a person that you want to give access to so that they can do a specific task or access specific resources in your account. Under your organization you can invite people to become users.

Groups

Groups are a way to manage users and their permissions. Usually you will put users into groups based on the tasks they normally complete, need to do, or by resources they regularly access. You can attach a role (also known as permissions) to groups. For example if you have several users who only need read-only access to compute resources, you can place them in a group and attach the compute.viewer role to it. Now each user in that group will be able to inherit compute.viewer permissions.

Then it was time for a late day snack. Ramalton headed to the vending machine and decided to buy a bag of salt licks and some grass chips. They were his favorite. While daydreaming Ramalton thought about how he could provide additional security to the company’s Google Cloud account. He decided it would be a good idea to set up some guardrails. 

He wanted certain users to only have access to specific services in the company’s account. He found an article on organizational policies, which explained how to set high-level rules that help provide governance within Rams’ account. Organizational policies allow customers to do things like restrict resource creation to certain regions, restrict the APIs that can be enabled, and limit resource creation to only specific configurations.

Ramalton was all done setting up the organization, billing, users, and group and organizational policies. Now he was ready to get into the account and set up the infrastructure so he logged into the Cloud Console.

What is the Cloud Console?

As your main gateway to creating, monitoring, and changing Google Cloud VMs, storage buckets and everything else, the Cloud Console allows you to access and provision a wide variety of services. Within the Cloud Console you will find a navigation menu that logically groups services based on category. The Cloud Console provides the tools and settings you need to configure and secure your applications and the infrastructure they run on. 

VPC 

Ramalton took a look at his whiteboard, where he took notes from his meeting with the networking and security teams. He remembered they spoke about the need to set up a virtual private cloud (VPC). From an infrastructure networking and security standpoint you will need one or more VPCs to build resources. VPCs allow you to create your own private network within the cloud, set up routing, and define firewall rules.

A VPC is like your own section of a Google datacenter with its own networking that you build your resources in. By default Google Cloud gives you an initial “default” VPC to group your resources. Google Cloud’s best practice is to set up and configure your own VPC, so you can fine-tune your network to your specific needs and maintain complete control over the network. 

Authenticating Workloads 

Ramalton hears the thud of a hoove bamming on his office door. A burly voice then says, “Hey wassup Ramalton!” It’s his supervisor Ramsey. Ramsey starts to go on and on about how one of his horns is starting to curl and how it’s hard to find hats now. After complaining to Ramalton, he switches the conversation to one of their apps. In Big Horn’s on-prem data center there is an application called Sheepdreams. Sheepdreams keeps track of all the baby sheep that have jumped over the moon. This app is mission critical for Big Horn as it’s their biggest source of revenue.

It helps millions sleep better at night and without it the world as we know it would be doomed. Ramalton needs to give their on-prem database access to a workload in their Google Cloud account. Due to state regulations the customer data needs to stay on-prem. Ramalton doesn’t want to use long lived service keys because they can become a secret management headache. After reading Google Cloud docs, Ramalton thinks that Workload Identity Federation would be a great option to use.

He can use his current on-prem identity provider to call Google Cloud’s short token service (STS) to exchange identities for an access token that will then impersonate a service account configured within his Google Cloud account. This option will allow him to avoid the headache of managing and securing service keys. 

Workload identity federation allows external workloads of your applications to securely obtain access to your workload in Google Cloud by providing short lived access as opposed to long lived service account keys.

It’s been a couple of months now and Ramalton has made some really great progress with adapting and using Google Cloud. One day while talking to new manager Hamilton, they began to discuss the newest craze sweeping social media called the tough horn challenge. Hamilton came up with an idea to build an application that would allow rams all over the world to post pictures so they could show how much damage their horns could do. This idea could potentially add a new stream of revenue to Big Horn Inc.

The application would need to have a database, web server, and persistent storage along with load balancing. They wanted to make use of containers because they require less overhead and provide increased portability. Ramalton remembers watching a YouTube video from Google Cloud Next 2018 that highlighted Google Kubernetes Engine (GKE) as a quick and easy way to create and manage containerized workloads. He knew it would be perfect to use for this project because as a container orchestration tool it can deploy, manage, and scale containers. Tools like Google Kubernetes Engine allow Ramalton to create and deploy cloud native applications securely.

Securing all the things

Due to the ongoing pandemic, Ramalton has spent months working from home. He feels confident going back to the office after getting his last dose of the COVID vaccine. Before he could get his hooves in his cubicle, he gets called to the new CISO’s office. He has been impressed with Ramalton’s progress and Google Cloud knowledge and wants help with a new project to modernize Big Horn’s security practices. Recently one of Big Horn’s compute resources was compromised, and an attacker obtained access to company credentials, letting them start some crypto-mining.

Ramir suggested that Ramalton look into using Identity-Aware Proxy (IAP) for access to apps running on Compute Engine instances and secure the apps using identity controls. In addition, Google BeyondCorp Enterprise allows them to give access to critical applications and services whether they run on-prem or in the public cloud. BeyondCorp Enterprise allows access decisions to be made on a per request basis using the context of the request, rather than the network it came from. BeyondCorp Enterprise is flexible, scalable, and most of all, helps secure more than a traditional perimeter model; it also easily integrates with existing device management systems to help make good context-based access decisions. 

Get started

Now that you can tell these two consoles apart, frolic freely and secure your Google Cloud account and resources. You can sign up for a Google Cloud account here. Happy clouding!

Setting up Service Level Objectives (SLOs) is one of the foundational tasks of Site Reliability Engineering (SRE) practices, giving the SRE team a target against which to evaluate whether or not a service is running reliably enough. The inverse of your SLO is your error budget — how much unreliability you are willing to tolerate. Once you’ve identified those targets and learned how to set SLOs, the next question you should ask yourself is whether your SLOs are realistic, given your application architecture and team practices? Are you sure that you can meet them? And what’s most likely to spend the error budget?

At Google, SREs answer these questions up front when they take on a new service, as part of a Production Readiness Review (PRR). The intention of this risk analysis is not to prompt you to change your SLOs, but rather to prioritize and communicate the risks to a given service, so you can evaluate whether you’ll be able to actually meet your SLOs, with or without any changes to the service. In addition, it can help you identify which risks are the most important to prioritize and mitigate, using the best available data.

Risk analysis basics

Before you can evaluate and prioritize your risks, though, you need to come up with a comprehensive list of things to watch out for. In this post, we’ll provide some guidelines for teams tasked with brainstorming all the potential risks to an application. Then, with that list in hand, we’ll show you how to actually analyze and prioritize the risks you’ve identified. 

What risks do you want to consider?

When brainstorming risks, it’s important to try to map risks in different categories — risks that are related to your dependencies, monitoring, capacity, operations, and release process. And for each of those, imagine what will happen if specific failures happen, for example, if a third party is down, or if you introduce an application or configuration bug. Thus, when thinking about your measurements, ask yourself: 

Are there any observability gaps? 

Do you have alerts for this specific SLI? 

Do you even currently collect those metrics? 

Also be sure to also map any monitoring and alerting dependencies. For example, what happens if a managed system that you use goes down?

Ideally, you want to identify the risks associated with each failure point for each critical component in a critical user journey, or CUJ. And after identifying those risks, you will want to quantify them:

What percentage of users was affected by the failure?

How often do you estimate that failure will occur?

How long did it take to detect the failure? 

It’s also helpful to gather information about any incidents that happened in the last year that affected CUJs. Compared with gut feelings, relying on historical data can provide more accurate estimates and a good starting point for actual incidents. For example, you may want to consider incidents such as:

A configuration mishap that reduces capacity, causing overload and dropped requests

A new release that breaks a small set of requests; the failure is not detected for a day; quick rollback when detected.

A cloud provider’s single-zone VM/network outage

A cloud provider’s regional VM/network outage

The operator accidentally deletes a database, requiring a restore from backup

Another aspect to think about is risk factors; these are global factors that affect the overall time to detection (TTD) and time to repair (TTR). These tend to be operational factors that can increase the time needed to detect outages (for example when using log-based metrics) or alert the on-call engineers. Another example could be a lack of playbooks/documentation or lack of automatic procedures. For example, you have:  

Estimated time to detection (ETTD) of +30m due to operational overload such as noisy alerting

A 10% greater frequency of a possible failure, due to lack of postmortems or action item follow-up

Brainstorming guidelines: Recommendation for the facilitator

Beyond the technical aspects of what to look for in a potential risk to your service, there are some best practices to consider when holding a brainstorming session with your team. 

Start the discussion with a high-level block diagram of the service, its users, and its dependencies. 

Get a set of diverse opinions in the room — different roles that intersect with the product differently than you do. Also, avoid having only one party speak. Ask participants for the ways in which each element of the diagram could cause an error to be served to the user. Group similar root causes together into a single risk category, such as “database outage”.

Try to avoid spending too long discussing things where the estimated time between a given failure is longer than a couple of years, or where the impact is limited to a very small subset of users.

Creating your risk catalog 

You don’t need to capture an endless list of risks; seven to 12 risks per Service Level Indicator (SLI) are sufficient. The important thing is that the data capture high probability and critical risks. 

Starting with real outages is best. Those can be as simple as unavailability of <depended service or network>.

Capture both infrastructure- and software-related issues. 

Think about risks that can affect the SLI, the time-to-detect and time-to-resolve, and frequency — more on those metrics below.

Capture both risks in the risk catalog and risk factors (global factors). For example, the risk of not having a playbook adds to your time-to-repair; not having alerts for the CUJ adds to the time-to-detection; the risk of a log sync delay of x minutes increases your time-to-detection by the same amount. Then, catalog all these risks and their associated impacts to a global impacts tab.

Here are a few examples of risks: 

A new release breaks a small set of requests; not detected for a day; quick rollback when detected.

A new release breaks a sizable subset of requests; and no automatic rollback.

A configuration mishap reduces capacity / Unnoticed growth in usage hits max.

Recommendation: Examining the data/result of implementing the SLI will give you a good indication of where you stand in regard to achieving your targets. I recommend starting with creating one dashboard for each CUJ — ideally a dashboard that includes metrics that will also allow us to troubleshoot and debug problems in achieving the SLOs.

Analyzing the risks

Now that you’ve generated a list of potential risks, it’s time to analyze them, in order to prioritize their likelihood, and potentially find ways to mitigate against them. It’s time, in other words, to do a risk analysis. 

Risk analysis provides a data-driven approach to address and prioritize the needed risks, by estimating four key dimensions: the above-mentioned TTD and TTR, as well as time-between failures (TBF), and their impact on users.

In Shrinking the impact of production incidents using SRE principles, we introduced a diagram of the production incident cycle. Blue represents when users are happy, and red represents when users are unhappy. 

The time that your services are unreliable and your users are unhappy consists of the time-to-detect and the time-to-repair, and is affected by the frequency of incidents (which can be translated to time-between-failures).

Therefore, we can improve reliability by increasing the time between failures, decreasing the time-to-detect or time-to-repair, and of course, reducing the impact of the outages in the first place.

Engineering your service for resiliency can reduce the frequency of total failures. You should avoid single points of failure in your architecture, whether it be an individual instance, availability zone, or even an entire region, which can prevent a smaller, localized outage from snowballing into global downtime.

You can reduce the impact on your users by reducing the percentage of infrastructure or users affected or the requests (e.g., throttling part of the requests vs. all of them). In order to reduce the blast radius of outages, avoid global changes and adopt advanced deployments strategies that allow you to gradually deploy changes. Consider progressive and canary rollouts over the course of hours, days, or weeks, which allow you to reduce the risk and to identify an issue before all your users are affected.

Further, having robust Continuous Integration and Continuous Delivery (CI/CD) pipelines allows you to deploy and roll back with confidence and reduce customer impact (See: SRE Book: Chapter 8 – Release Engineering). Creating an integrated process of code review and testing will help you find the issues early on before users are affected. 

Improving the time to detect means that you catch outages faster. As a reminder, having an estimated TTD expresses how long until a human being is informed of the problem. For example, imagine someone receives and acts upon a page. TTD also includes any delays until the ‘detection’ like data processing. For example, if I’m using a log-based alert, and my log system has an ingestion time of 5 minutes, this increases the TTD for every alert by 5 minutes.

ETTR (estimated time-to-repair) is the time between the time a human sees the alert and the time your users are happy. Improving time-to-repair means that we fix outages quicker, in principle. That said, our focus should still be “does this incident still affect our users?” In most cases mitigations like rolling back new releases or diverting traffic to unaffected regions can reduce or eliminate the impact of an ongoing outage on users much faster than trying to roll forward to a new, patched build. The root cause isn’t yet fixed, but the users don’t know or care — all they see is that the service is working again. 

While it takes the human out of the loop, using automation can reduce the TTR and can be crucial to achieving higher reliability targets. However, it doesn’t eliminate the TTR altogether, because even if a mitigation such as failing over to a different region is automated, it still takes time for it to have an impact.

A note about “estimated” values: At the beginning of a risk analysis, you might start with rough estimates for these metrics. But as you collect more data from incidents data you can update these estimates based on data from prior outages. 

Risk analysis process at a high level 

The risk analysis process starts by brainstorming risks for each of your SLOs, and more correctly for each one of your SLIs, as different SLIs will be exposed to different risks. In the next phase, build a risk catalog and iterate on it.

Create a risk analysis sheet for two or three SLIs, using this template. Read more at How to prioritize and communicate risks.

Brainstorm risks internally, considering the things that can affect your SLOs, and gathering some initial data. Do this first with the engineering team and then include the product team.

The risk analysis sheets for each of your SLIs should include ETTD, ETTR, impact, and frequency. Include global factors and suggested risks and whether these risks are acceptable or not.

Collect historical data and consult with the product team regarding the SLO-business needs. 

Iterate and update data based on incidents in production.

Accepting risks

After building the risk catalog and capturing the risk factors, finalize the SLOs according to business need and risk analysis. This step means you need to evaluate whether your SLO is achievable given the risks, and if it isn’t — what do you need to do to achieve your targets? It is crucial that PMs be part of this review process especially as they might need to prioritize engineering work that mitigates or eliminates any unacceptable risks.

In how to prioritize and communicate risks, we introduce how to use the ‘Risk Stack Rank’ sheet to see how much a given risk may “cost” you, and which risks you can accept (or not) for a given SLO. For example, in the template sheet, you could accept all risks and achieve 99.5% reliability, some of the risks to achieve 99.9% and none of them to achieve 99.99%. If you can’t accept a risk because you estimate that it will burn more error budget than your SLO affords you, that is a clear argument for dedicating engineering time to either fixing the root cause or building some sort of mitigation.

One final note: similar to SLOs, you will want to iterate on your risk refining your ETTD based on actual TTD observed during outages, and similarly for ETTR. After incidents, you need to update the data and see where you stand regarding those estimates. In addition, revisit those estimates periodically to evaluate whether your risks are still relevant, if your estimates are correct, or if there are any additional risks that you need to account for. Like the SRE principle of continuous improvement, it’s work that’s never truly done, but that is well worth the effort!

For more on this topic, check out my upcoming DevOpsDays 2022 talk, taking place in Birmingham on May 6 and in Prague on May 24.   

Further reading and resources

Site Reliability Engineering: Measuring and Managing Reliability (Coursera course)

Google Cloud Architecture Framework: Reliability

The Calculus of Service Availability

Know thy enemy: how to prioritize and communicate risks—CRE life lessons

Incident Metrics in SRE – Google – Site Reliability Engineering

SRE on Google Cloud