Personal blog of Yzmir Ramirez

At its virtual Cloud Next ’20 event, Google Cloud today announced Confidential VMs, a new type of virtual machine that makes use of the company’s work around confidential computing to ensure that data isn’t just encrypted at rest but also while it is in memory.

“We already employ a variety of isolation and sandboxing techniques as part of our cloud infrastructure to help make our multi-tenant architecture secure,” the company notes in today’s announcement. “Confidential VMs take this to the next level by offering memory encryption so that you can further isolate your workloads in the cloud. Confidential VMs can help all our customers protect sensitive data, but we think it will be especially interesting to those in regulated industries.”

In the backend, Confidential VMs make use of AMD’s Secure Encrypted Virtualization feature, available in its second-generation EPYC CPUs. With that, the data will stay encrypted when used and the encryption keys to make this happen are automatically generated in hardware and can’t be exported — and with that, even Google doesn’t have access to the keys either.

Image Credits: Google

Developers who want to shift their existing VMs to a Confidential VM can do so with just a few clicks. Google notes that it built Confidential VMs on top of its Shielded VMs, which already provide protection against rootkits and other exploits.

“With built-in secure encrypted virtualization, 2nd Gen AMD EPYC processors provide an innovative hardware-based security feature that helps secure data in a virtualized environment,” said Raghu Nambiar, corporate vice president, Data Center Ecosystem, AMD. “For the new Google Compute Engine Confidential VMs in the N2D series, we worked with Google to help customers both secure their data and achieve performance of their workloads.”

That last part is obviously important, given that the extra encryption and decryption steps do incur at least a minor performance penalty. Google says it worked with AMD and developed new open-source drivers to ensure that “the performance metrics of Confidential VMs are close to those of non-confidential VMs.” At least according to the benchmarks Google itself has disclosed so far, both startup times and memory read and throughput performance are virtually the same for regular VMs and Confidential VMs.

At its virtual Cloud Next ’20 event, Google today announced a number of updates to its cloud portfolio, but the private alpha launch of BigQuery Omni is probably the highlight of this year’s event. Powered by Google Cloud’s Anthos hybrid-cloud platform, BigQuery Omni allows developers to use the BigQuery engine to analyze data that sits in multiple clouds, including those of Google Cloud competitors like AWS and Microsoft Azure — though for now, the service only supports AWS, with Azure support coming later.

Using a unified interface, developers can analyze this data locally without having to move data sets between platforms.

“Our customers store petabytes of information in BigQuery, with the knowledge that it is safe and that it’s protected,” said Debanjan Saha, the GM and VP of Engineering for Data Analytics at Google Cloud, in a press conference ahead of today’s announcement. “A lot of our customers do many different types of analytics in BigQuery. For example, they use the built-in machine learning capabilities to run real-time analytics and predictive analytics. […] A lot of our customers who are very excited about using BigQuery in GCP are also asking, ‘how can they extend the use of BigQuery to other clouds?’ ”

Image Credits: Google

Google has long said that it believes that multi-cloud is the future — something that most of its competitors would probably agree with, though they all would obviously like you to use their tools, even if the data sits in other clouds or is generated off-platform. It’s the tools and services that help businesses to make use of all of this data, after all, where the different vendors can differentiate themselves from each other. Maybe it’s no surprise then, given Google Cloud’s expertise in data analytics, that BigQuery is now joining the multi-cloud fray.

“With BigQuery Omni customers get what they wanted,” Saha said. “They wanted to analyze their data no matter where the data sits and they get it today with BigQuery Omni.”

Image Credits: Google

He noted that Google Cloud believes that this will help enterprises break down their data silos and gain new insights into their data, all while allowing developers and analysts to use a standard SQL interface.

Today’s announcement is also a good example of how Google’s bet on Anthos is paying off by making it easier for the company to not just allow its customers to manage their multi-cloud deployments but also to extend the reach of its own products across clouds. This also explains why BigQuery Omni isn’t available for Azure yet, given that Anthos for Azure is still in preview, while AWS support became generally available in April.

Docker and AWS today announced a new collaboration that introduces a deep integration between Docker’s Compose and Desktop developer tools and AWS’s Elastic Container Service (ECS) and ECS on AWS Fargate. Previously, the two companies note, the workflow to take Compose files and run them on ECS was often challenging for developers. Now, the two companies simplified this process to make switching between running containers locally and on ECS far easier.

“With a large number of containers being built using Docker, we’re very excited to work with Docker to simplify the developer’s experience of building and deploying containerized applications to AWS,” said Deepak Singh, the VP for compute services at AWS. “Now customers can easily deploy their containerized applications from their local Docker environment straight to Amazon ECS. This accelerated path to modern application development and deployment allows customers to focus more effort on the unique value of their applications, and less time on figuring out how to deploy to the cloud.”

In a bit of a surprise move, Docker last year sold off its enterprise business to Mirantis to solely focus on cloud-native developer experiences.

“In November, we separated the enterprise business, which was very much focused on operations, CXOs and a direct sales model, and we sold that business to Mirantis,” Docker CEO Scott Johnston told TechCrunch’s Ron Miller earlier this year. “At that point, we decided to focus the remaining business back on developers, which was really Docker’s purpose back in 2013 and 2014.”

Today’s move is an example of this new focus, given that the workflow issues this partnership addresses had been around for quite a while already.

It’s worth noting that Docker also recently engaged in a strategic partnership with Microsoft to integrate the Docker developer experience with Azure’s Container Instances.

Customer engagement company Freshworks today announced that it has acquired Flint, an IT orchestration and cloud management platform based in India. The acquisition will help Freshworks strengthen its Freshservice IT support service by bringing a number of new automation tools to it. Maybe just as importantly, though, it will also bolster Freshworks’ ambitions around cloud management.

Freshworks CPO Prakash Ramamurthy, who joined the company last October, told me that while the company was already looking at expanding its IT services (ITSM) and operations management (ITOM) capabilities before the COVID-19 pandemic hit, having those capabilities has now become even more important, given that a lot of these teams are now working remotely.

“If you take ITSM, we allow for customers to create their own workflow for service catalog items and so on and so forth, but we found that there’s a lot of things which were repetitive tasks,” Ramamurthy said. “For example, I lost my password or new employee onboarding, where you need to auto-provision them in the same set of accounts. Flint had integrated with Freshservice to help automate and orchestrate some of these routine tasks and a lot of customers were using it and there’s a lot of interest in it.”

He noted that while the company was already seeing increased demand for these tools earlier in the year, the pandemic made that need even more obvious. And given that pressing need, Freshworks decided that it would be far easier to acquire an existing company than to build its own solution.

“Even in early January, we felt this was a space where we had to have a time-to-market advantage,” he said. “So acquiring and aggressively integrating it into our product lines seemed to be the most optimal thing to do than take our time to build it — and we are super fortunate that we placed the right bet because of what has happened since then.”

The acquisition helps Freshworks build out some of its existing services, but Ramamurthy also stressed that it will really help the company build out its operations management capabilities to go from alert management to also automatically solving common IT issues. “We feel there’s natural synergy and [Flint’s] orchestration solution and their connectors come in super handy because they have connectors to all the modern SaaS applications and the top five cloud providers and so on.”

But Flint’s technology will also help Freshworks build out its ability to help its users manage workloads across multiple clouds, an area where it is going to compete with a number of startups and incumbents. Since the company decided that it wants to play in this field, an acquisition also made a lot of sense given how long it would take to build out expertise in this area, too.

“Cloud management is a natural progression for our product line,” Ramamurthy noted. “As more and more customers have a multi-cloud strategy, we want to give them a single pane of glass for all the work workloads they’re running. And if they wanted to do cost optimization, if you want to build on top of that, we need the basic plumbing to be able to do discovery, which is kind of foundational for that.”

Freshworks will integrate Flint’s tools into Freshservice and likely offer it as part of its existing tiered pricing structure, with service orchestration likely being the first new capability it will offer.

Suse, which describes itself as “the world’s largest independent open source company,” today announced that it has acquired Rancher Labs, a company that has long focused on making it easier for enterprises to make their container clusters.

The two companies did not disclose the price of the acquisition, but Rancher was well funded, with a total of $95 million in investments. It’s also worth mentioning that it has only been a few months since the company announced its $40 million Series D round led by Telstra Ventures. Other investors include the likes of Mayfield and Nexus Venture Partners, GRC SinoGreen and F&G Ventures.

Like similar companies, Rancher’s original focus was first on Docker infrastructure before it pivoted to putting its emphasis on Kubernetes, once that became the de facto standard for container orchestration. Unsurprisingly, this is also why Suse is now acquiring this company. After a number of ups and downs — and various ownership changes — Suse has now found its footing again and today’s acquisition shows that its aiming to capitalize on its current strengths.

Just last month, the company reported the annual contract value of its booking increased by 30% year over year and that it saw a 63% increase in customer deals worth more than $1 million in the last quarter, with its cloud revenue growing 70%. While it is still in the Linux distribution business that the company was founded on, today’s Suse is a very different company, offering various enterprise platforms (including its Cloud Foundry-based Cloud Application Platform), solutions and services. And while it already offered a Kubernetes-based container platform, Rancher’s expertise will only help it to build out this business.

“This is an incredible moment for our industry, as two open source leaders are joining forces. The merger of a leader in Enterprise Linux, Edge Computing and AI with a leader in Enterprise Kubernetes Management will disrupt the market to help customers accelerate their digital transformation journeys,” said Suse CEO Melissa Di Donato in today’s announcement. “Only the combination of SUSE and Rancher will have the depth of a globally supported and 100% true open source portfolio, including cloud native technologies, to help our customers seamlessly innovate across their business from the edge to the core to the cloud.”

The company describes today’s acquisition as the first step in its “inorganic growth strategy” and Di Donato notes that this acquisition will allow the company to “play an even more strategic role with cloud service providers, independent hardware vendors, systems integrators and value-added resellers who are eager to provide greater customer experiences.”

When the inventor of AWS Lambda, Tim Wagner, and the former head of blockchain at AWS, Shruthi Rao, co-found a startup, it’s probably worth paying attention. Vendia, as the new venture is called, combines the best of serverless and blockchain to help build a truly multicloud serverless platform for better data and code sharing.

Today, the Vendia team announced that it has raised a $5.1 million seed funding round, led by Neotribe’s Swaroop ‘Kittu’ Kolluri. Correlation Ventures, WestWave Capital, HWVP, Firebolt Ventures, Floodgate and Future\Perfect Ventures also participated in this oversubscribed round.

Image Credits: Vendia

Seeing Wagner at the helm of a blockchain-centric startup isn’t exactly a surprise. After building Lambda at AWS, he spent some time as VP of engineering at Coinbase, where he left about a year ago to build Vendia.

“One day, Coinbase approached me and said, ‘Hey, maybe we could do for the financial system what you’ve been doing over there for the cloud system,’” he told me. “And so I got interested in that. We had some conversations. I ended up going to Coinbase and spent a little over a year there as the VP of Engineering, helping them to set the stage for some of that platform work and tripling the size of the team.” He noted that Coinbase may be one of the few companies where distributed ledgers are actually mission-critical to their business, yet even Coinbase had a hard time scaling its Ethereum fleet, for example, and there was no cloud-based service available to help it do so.

Tim Wagner, Vendia co-founder and CEO. Image Credits: Vendia

“The thing that came to me as I was working there was why don’t we bring these two things together? Nobody’s thinking about how would you build a distributed ledger or blockchain as if it were a cloud service, with all the things that we’ve learned over the course of the last 10 years building out the public cloud and learning how to do it at scale,” he said.

Wagner then joined forces with Rao, who spent a lot of time in her role at AWS talking to blockchain customers. One thing she noticed was that while it makes a lot of sense to use blockchain to establish trust in a public setting, that’s really not an issue for enterprise.

“After the 500th customer, it started to make sense,” she said. “These customers had made quite a bit of investment in IoT and edge devices. They were gathering massive amounts of data. They also made investments on the other side, with AI and ML and analytics. And they said, ‘Well, there’s a lot of data and I want to push all of this data through these intelligent systems. I need a mechanism to get this data.’” But the majority of that data often comes from third-party services. At the same time, most blockchain proof of concepts weren’t moving into any real production usage because the process was often far too complex, especially enterprises that maybe wanted to connect their systems to those of their partners.

Shruthi Rao, Vendia co-founder and CBO. Image Credits: Vendia

“We are asking these partners to spin up Kubernetes clusters and install blockchain nodes. Why is that? That’s because for blockchain to bring trust into a system to ensure trust, you have to own your own data. And to own your own data, you need your own node. So we’re solving fundamentally the wrong problem,” she explained.

The first product Vendia is bringing to market is Vendia Share, a way for businesses to share data with partners (and across clouds) in real-time, all without giving up control over that data. As Wagner noted, businesses often want to share large data sets but they also want to ensure they can control who has access to that data. For those users, Vendia is essentially a virtual data lake with provenance tracking and tamper-proofing built in.

The company, which mostly raised this round after the coronavirus pandemic took hold in the U.S., is already working with a couple of design partners in multiple industries to test out its ideas, and plans to use the new funding to expand its engineering team to build out its tools.

“At Neotribe Ventures, we invest in breakthrough technologies that stretch the imagination and partner with companies that have category creation potential built upon a deep-tech platform,” said Neotribe founder and managing director Kolluri. “When we heard the Vendia story, it was a no-brainer for us. The size of the market for multiparty, multicloud data and code aggregation is enormous and only grows larger as companies capture every last bit of data. Vendia’s serverless-based technology offers benefits such as ease of experimentation, no operational heavy lifting and a pay-as-you-go pricing model, making it both very consumable and highly disruptive. Given both Tim and Shruthi’s backgrounds, we know we’ve found an ideal ‘Founder fit’ to solve this problem! We are very excited to be the lead investors and be a part of their journey.”

Hasura is an open-source engine that can connect to PostgreSQL databases and microservices across hybrid- and multi-cloud environments and then automatically build a GraphQL API backend for them, making it easier for developers to then build their own data-driven applications on top of this unified API . For a while now, the San Francisco-based startup has offered a paid version (Hasura Pro) with enterprise-ready reliability and security tools, in addition to its free open-source version. Today, the company launched Hasura Cloud, which takes the existing Pro version, adds a number of cloud-specific features like dynamic caching, auto-scaling and consumption-based pricing, and brings those together in a fully managed service.

Image Credits: Hasura

At its core, Hasura’s service promises businesses the ability to bring together data from their various siloed databases and allow their developers to extract value from them through its GraphQL APIs. While GraphQL is still relatively new, the Facebook-incubated technology has quickly become extremely popular among many development teams.

Before founding the company and launching it in 2018, Hasura CEO and co-founder Tanmai Gopal worked for a consulting firm — and like with so many founders, that’s where he got the inspiration for the service.

“One of the key things that we noticed was that in the entire landscape, computing is becoming better, there are better frameworks, it is easier to deploy code, databases are becoming better and they kind of work everywhere,” he said. “But this kind of piece in the middle that is still a bottleneck and that there isn’t really a good solution for is this data access piece.” Almost by default, most companies host data in various SaaS services and databases — and now they were trying to figure out how to develop apps based on this for both internal and external consumers, noted Gopal. “This data distribution problem was this bottleneck where everybody would just spend massive amounts of time and money. And we invented a way of kind of automating that,” he explained.

The choice of GraphQL was also pretty straightforward, especially because GraphQL services are an easy way for developers to consume data (even though, as Gopal noted, it’s not always fun to build the GraphQL service itself). One thing that’s unusual and worth noting about the core Hasura engine itself is that it is written in Haskell, which is a rather unusual choice.

Image Credits: Hasura

The team tells me that Hasura is now nearing 50 million downloads for its free version and the company is seeing large and small users from across various industries relying on its products, which is probably no surprise, given that the company is trying to solve a pretty universal problem around data access and consumption.

Over the last few quarters, the team worked on launching its cloud service. “We’ve been thinking of the cloud in a very different way,” Gopal said. “It’s not your usual, take the open-source solution and host it, like a MongoDB Atlas or Confluent. What we’ve done is we’ve said, we’re going to re-engineer the open-source solution to be entirely multi-tenant and be completely pay-per pricing.”

Given this philosophy, it’s no surprise that Hasura’s pricing is purely based on how much data a user moves through the service. “It’s much closer to our value proposition,” Hasura co-founder and COO Rajoshi Ghosh said. “The value proposition is about data access. The big part of it is the fact that you’re getting this data from your databases. But the very interesting part is that this data can actually come from anywhere. This data could be in your third-party services, part of your data could be living in Stripe and it could be living in Salesforce, and it could be living in other services. […] We’re the data access infrastructure in that sense. And this pricing also — from a mental model perspective — makes it much clearer that that’s the value that we’re adding.”

Now, there are obviously plenty of other data-centric API services on the market, but Gopal argues that Hasura has an advantage because of its advanced caching for dynamic data, for example.

Technology has dramatically changed over the last decade, and so has how we build and deliver enterprise software.

Ten years ago, “modern computing” was to rely on teams of network admins managing data centers, running one application per server, deploying monolithic services, through waterfall, manual releases managed by QA and release managers.

Today, we have multi and hybrid clouds, serverless services, in continuous integration, running infrastructure-as-code.

SaaS has grown from a nascent 2% of the $450B enterprise software market in 2009, to 23% in 2020 and crossed $100B in revenue. PaaS and IaaS revenue represent another $50B in revenue, expecting to double to $100B by 2022.

With 77% of the enterprise software market — over $350B in annual revenue — still on legacy and on-premise systems, modern SaaS, PaaS and IaaS eating at the legacy market alone can grow the market 3x-4x over the next decade.

As the shift to cloud accelerates across the platform and infrastructure layers, here are four trends starting to emerge that will change how we develop and deliver enterprise software for the next decade.

1. The move to “everything as code”

Companies are building more dynamic, multiplatform, complex infrastructures than ever. We see the “-aaS” of the application, data, runtime and virtualization layers. Modern architectures are forcing extensibility to work with any number of mixed and matched services.

Ryan Easter couldn’t believe he was being asked to run a pandemic business continuity test.

It was late October, 2019 and Easter, IT Director and a principal at Johnson Investment Counsel, was being asked by regulators to ensure that their employees could work from home with the same capabilities they had in the office. In addition, the company needed to evaluate situations where up to 50% of personnel were impacted by a virus and unable to work, forcing others to pick up their internal functions and workload.

“I honestly thought that it was going to be a waste of time,” said Easter. “I never imagined that we would have had to put our pandemic plan into action. But because we had a tested strategy already in place, we didn’t miss a beat when COVID-19 struck.”

In the months leading up to the initial test, Johnson Investment Counsel developed a work anywhere blueprint with their technology partner Evolve IP. The plan covered a wide variety of integrated technologies including voice services, collaboration, virtual desktops, disaster recovery and remote office connectivity.

“Having a strategy where our work anywhere services were integrated together was one of the keys to our success,” said Easter. “We manage about $13 billion in assets for clients across the United States and provide comprehensive wealth and investment management to individual and institutional investors. We have our own line of mutual funds, a state-chartered trust company, a proprietary charitable gift fund, with research analysts and traders covering both equity and fixed income markets. Duct taping one-off solutions wasn’t going to cut it.”

Easter continued, “It was imperative that our advisors could communicate with clients, collaborate with each other and operate the business seamlessly. That included ensuring we could make real-time trades and provide all of our other client services.”

Five months later, the novel coronavirus hit the United States and Johnson Investment Counsel’s blueprint test got real.

Google Cloud today announced the launch of Filestore High Scale, a new storage option — and tier of Google’s existing Filestore service — for workloads that can benefit from access to a distributed high-performance storage option.

With Filestore High Scale, which is based on technology Google acquired when it bought Elastifile in 2019, users can deploy shared file systems with hundreds of thousands of IOPS, 10s of GB/s of throughput and at a scale of 100s of TBs.

“Virtual screening allows us to computationally screen billions of small molecules against a target protein in order to discover potential treatments and therapies much faster than traditional experimental testing methods,” says Christoph Gorgulla, a postdoctoral research fellow at Harvard Medical School’s Wagner Lab., which already put the new service through its paces. “As researchers, we hardly have the time to invest in learning how to set up and manage a needlessly complicated file system cluster, or to constantly monitor the health of our storage system. We needed a file system that could handle the load generated concurrently by thousands of clients, which have hundreds of thousands of vCPUs.”

The standard Google Cloud Filestore service already supports some of these use cases, but the company notes that it specifically built Filestore High Scale for high-performance computing (HPC) workloads. In today’s announcement, the company specifically focuses on biotech use cases around COVID-19. Filestore High Scale is meant to support tens of thousands of concurrent clients, which isn’t necessarily a standard use case, but developers who need this kind of power can now get it in Google Cloud.

In addition to High Scale, Google also today announced that all Filestore tiers now offer beta support for NFS IP-based access controls, an important new feature for those companies that have advanced security requirements on top of their need for a high-performance, fully managed file storage service.