Google Cloud Platform Blog: August 2017

Announcing new Stackdriver Logging features and expanded free logs limits

Thursday, August 31, 2017

By Mary Koes and Deepak Tiwari, Product Managers Google Stackdriver

Analysis - Logs based metrics are great, but you’d like to be able to extract labels and values from logs, too.

Exports - Love being able to easily export logs, but it’s hard to manage them across dozens or hundreds of projects.

Controls - Aggregating all logs in a single location and exporting them various places is fantastic, but you want control over which logs go into Stackdriver Logging.

Pricing - You want room to grow with Stackdriver without worrying too much about the cost of logging all that data.

Easier analysis with logs-based metrics Logs-based metrics

Faster - We’ve decreased the time from when a log entry arrives until it’s reflected in a logs-based metric from five minutes to under a minute.

Easier to manage - Now you can extract user-defined labels from text in the logs. Instead of creating a new logs based metric for each possible value, you can use a field in the log entry as a label.

More powerful - Extract values from logs and turn them into distribution metrics. This allows you to efficiently represent many data points at each point in time. Stackdriver Monitoring can then visualize these metrics as a heat map or by percentile.

“With LBMs [Logs based metrics], we can monitor errors that occur across multiple proxies and visualize the frequency based on when they occur to determine regressions or misconfigurations."
Manage logs across your organization with aggregated exports log sinksaggregated exportsgcloud beta logging sinks create my-bq-sink bigquery.googleapis.com/projects/my-project/datasets/my_dataset --log-filter='logName= "logs/cloudaudit.googleapis.com%2Factivity"' --organization=1234 --include-children Control your Stackdriver Logging pipeline with exclusion filters

BigQueryGoogle Cloud StoragePubSub Starting Dec 1, Stackdriver Logging offers 50GB of logs per project per month for free

Audit logs, still free and now available for 13 months admin activity audit logs Continuing the conversation sending us your requests and feedback

Discover new ways to extract value from your logs with the improved logs-based metrics.

Learn how to control log sinks across your organization using aggregated exports.

Read more on controlling which logs you bring into your Stackdriver Logging account using exclusion filters.

Find the details on our pricing model on the Stackdriver pricing page.

Learn our best practices on managing logs and controlling costs.

View your current logs usage on the Logging Resource Usage page.

Estimate the charges at your current usage rate with the Stackdriver Billing Calculator.

Demystifying ML: Intelligent email categorization with machine learning

Wednesday, August 30, 2017

You’ve probably heard the words "machine learning" thrown around a lot lately. But what exactly is it and how can it be used to improve your own services or workflows? To demystify this concept, we’ve created a series of articles that look at common problems and the different ways machine learning can be used to solve them. Our first article examines how machine learning can be used to improve customer service.Let's say you run a company that gets a wide variety of emails to your customer service account. There are numerous ways you can go about using these emails to make inferences about how your customers are feeling about your business. Many companies have a customer service representative manually read and categorize each and every email. But as the volume of emails you receive increases, this approach can be difficult and time consuming. The following is a look at the various ways companies are tackling this problem, and how machine learning presents a solution. .post-content #google-cloud-embed iframe { max-height: none; } Although we presented a simplified view of how this problem can be solved with and without machine learning, the power it can provide should be evident. But semi-supervised machine learning is just one of many concepts under the machine learning umbrella. In our next post, we’ll explore other models that help solve different problems.In the meantime, if you’re interested in learning more, you can build you own intelligent email routing model with code we’ve made available in Github. You can download it here.By Saptarshi Mukherjee, Product Marketing Manager and Prashant Dhingra, Google Cloud (function() { function setup() { var url = 'https://polygraph-cool.github.io/google_cloud_1/index.html'; var pymParent = new pym.Parent('google-cloud-embed', url, {}); } function check() { var el = document.querySelector('#google-cloud-embed'); if (el) setup(); else setTimeout(check, 500); } check(); })() <span itemprop='author' itemscope='itemscope' itemtype='http://schema.org/Person'> <meta content='https://plus.google.com/116899029375914044550' itemprop='url'/> </span>

Preventing log waste with Stackdriver Logging

Wednesday, August 30, 2017

By Aja Hammerly, Developer AdvocateStackdriver Logginghere

Logs from monitoring systems
Logs that indicate success Logs from non-production systems

Logs from high throughput endpoints The what ifs Cloud.google.com/logging/

Using Stackdriver Logging for visual effects and animation pipelines: new tutorial

Tuesday, August 29, 2017

By Joseph Holley and Adrian Graham, Cloud Solutions ArchitectstutorialStackdriver LoggingGoogle Cloud Platform@gcpjoe@agrahamvfx

ASP.NET Core developers, meet Stackdriver diagnostics

Monday, August 28, 2017

By Ian Talarico, Software Engineer

Stackdriver Diagnostics integration for ASP.NET Core applicationsLoggingError ReportingTraceGoogle.Cloud.Diagnostics.AspNetCoreNuGetGoogle.Cloud.Diagnostics.AspNetGoogle Cloud Platform Stackdriver Logging Google.Cloud.Diagnostics.AspNetCoreproviderloggerStackdriver Logging sectionGoogle Cloud Consolepublic void Configure(IApplicationBuilder app, ILoggerFactory loggerFactory) { // Initialize Stackdriver Logging loggerFactory.AddGoogle("YOUR-GOOGLE-PROJECT-ID"); ... } public void LogMessage(ILoggerFactory loggerFactory) { // Send a log to Stackdriver Logging var logger = loggerFactory.CreateLogger("NetworkLog"); logger.LogInformation("This is a log message."); }

Stackdriver Error Reporting public void ConfigureServices(IServiceCollection services) { services.AddGoogleExceptionLogging(options => { options.ProjectId = "YOUR-GOOGLE-PROJECT-ID"; options.ServiceName = "ImageGenerator"; options.Version = "1.0.2"; }); ... } public void Configure(IApplicationBuilder app) { // Use before handling any requests to ensure all unhandled exceptions are reported. app.UseGoogleExceptionLogging(); ... }IExceptionLoggerpublic void ReadFile(IExceptionLogger exceptionLogger) { try { string scores = File.ReadAllText(@"C:\Scores.txt"); Console.WriteLine(scores); } catch (IOException e) { exceptionLogger.Log(e); } }

Stackdriver Trace public void ConfigureServices(IServiceCollection services) { string projectId = "YOUR-GOOGLE-PROJECT-ID"; services.AddGoogleTrace(options => { options.ProjectId = projectId; }); ... } public void Configure(IApplicationBuilder app) { // Use at the start of the request pipeline to ensure the entire request is traced. app.UseGoogleTrace(); ... }public void TraceHelloWorld(IManagedTracer tracer) { using (tracer.StartSpan(nameof(TraceHelloWorld))) { Console.Out.WriteLine("Hello, World!"); } }

Not using ASP.NET Core? Google.Cloud.Diagnostics.AspNetError ReportingTracinglog4netGoogle.Cloud.Logging.Log4Netfeedback on GitHub

How to build a conversational app using Cloud Machine Learning APIs, Part 3

Monday, August 28, 2017

By Chang Luo and Bob Liu, Software Engineers part 1part 2 New Intents for Actions on Googlepart 1

where

hours-no-contextticket-no-contextmap-no-contextlocation

Enable Actions on Google Integration

Open your API.AI console. Under the Integrations Tab, turn on the Actions on Google integration.

In the popup dialog under Additional triggering intents, add all intents you want to support on the Google Assistant. The system will automatically set the Welcome Intent to Default Welcome Intent. You can also click SETTINGS under Actions on Google to bring up this settings dialog in the future. Note that the inquiry.where intent requires uploading an image and won’t work on the Google Assistant, so you should not add that intent to the triggering intents list. We discussed how to add a new intent to support that in New Intent for Actions on Google section.

After you’re done adding all the intents that we want to support on Google on Actions (e.g., hours-no-context intent) to the additional triggering intents list, hit UPDATE and TEST button on the bottom. It will generate a green box. Tap the VIEW button to go to the Actions on Google Web Simulator.

If this is your first time on Actions on Google console, it will prompt you to turn on Device Information and Voice & Audio Activity on your Activity controls center.

By default these settings are off. If you already turn them on, you won’t see the prompt.

Go back to the simulator after turning on these two settings. Now we're ready to test the integration on the simulator! Start by typing or saying “Talk to my test app”. The simulator will respond with the texts from the Default Welcome Intent. Afterward, you can test the app as if you were in the API.AI test console.

Difference between tell() and ask() APIs tell()ask() Next steps

Cloud Speech API Quickstart

Cloud Vision API Quickstart

Cloud Translation API Quickstart

API.AI Quickstart

source code

Introducing Puppet support for Google Cloud Platform

Friday, August 25, 2017

By Nelson Araujo, Software Engineer

Google Container Engine: install / docs | source

Google Compute Engine: install / docs | source

Google Cloud SQL: install / docs | source

Google Cloud DNS: install / docs | source

Google Cloud Storage: install / docs | source

Puppet ApprovedGCP’s Github repositoryauthentication moduleoperating system support matrixPuppet Open SourcePuppet Enterpriseregister for the webinar with me and Cody Herriges from Puppet on 13 September 2017 The power of Puppet notdoes nothingGoogle Container Enginegauth_credential { 'mycred': provider => serviceaccount, path => '/home/nelsona/my_account.json', scopes => ['https://www.googleapis.com/auth/cloud-platform'], } gcontainer_cluster { 'myapp-netes': ensure => present, initial_node_count => 2, node_config => { machine_type => 'n1-standard-4', # we want a 4-core machine for our cluster disk_size_gb => 500, # ... and a lot of disk space }, zone => 'us-central1-f', project => 'google.com:graphite-playground', credential => 'mycred', } Getting started with Puppet on GCP

Get a service account with privileges on the GCP resources you want to manage and enable the the APIs for each of the GCP services you intend to use.

Describe your GCP infrastructure in Puppet.

Define a gauth_credential resource.
Define your GCP resources.

Apply your manifest.

1. Install your modules Puppet ForgeNote: Google modules requires neither administrator privileges nor special privileges/scopes on the machines being executed. It is safe to install the modules either as a regular user or in your Puppet master. Install on the master if you want it distributed to all clients.gems released by Google$ puppet apply <<EOF package { [ 'googleauth', 'google-api-client', ]: ensure =< present, provider =< gem, } EOFpuppet module install google/cloudpuppet module install google/gcompute # Google Compute Engine puppet module install google/gcontainer # Google Container Engine puppet module install google/gdns # Google Cloud DNS puppet module install google/gsql # Google Cloud SQL puppet module install google/gstorage # Google Cloud Storagepuppet module list$ puppet module list /home/nelsona/.puppetlabs/etc/code/modules ├── google-cloud (v0.1.0) ├── google-gauth (v0.1.0) ├── google-gcompute (v0.1.0) ├── google-gcontainer (v0.1.0) ├── google-gdns (v0.1.0) ├── google-gsql (v0.1.0) └── google-gstorage (v0.1.0) /opt/puppetlabs/puppet/modules (no modules installed) 2. Get your service account credentials and enable APIs Note: Because service accounts are portable, you don’t need to run Puppet inside GCP. Our modules run on any computer with internet access, including on other cloud providers. You might, for example, execute deployments from within a CI/CD system pipeline such as Travis or Jenkins, or from your own development machine.herehow to create and enable themenabled the the APIs 3a. Define authentication mechanism 'mycred' credential gauth_credential { 'mycred': provider => serviceaccount, path => '/home/nelsona/my_account.json', scopes => ['https://www.googleapis.com/auth/cloud-platform'], }Google Authentication documentation 3b. Define your resources aggregate summary viewgcontainer_cluster { 'myapp-netes': ensure => present, initial_node_count => 2, node_config => { machine_type => 'n1-standard-4', # we want a 4-core machine for our cluster disk_size_gb => 500, # ... and a lot of disk space }, project => 'google.com:graphite-playground', credential => 'mycred', } 4. Apply your manifest puppet apply <your-file.pp> Next steps Puppet on GCP Discussions forumpuppet-on-gcp@google.com Further Reading

Mini Puppet Quick Start and Tips

Puppet Learning / Training / Certification

Titan in depth: Security in plaintext

Thursday, August 24, 2017

By Uday Savagaonkar, Technical Lead Manager, Nelly Porter, Senior Product Manager, Nadim Taha, Software Lead, Benjamin Serebrin, Tech Lead and Neal Mueller, Product Marketing LeadGoogle Cloud Platform

Photograph of Titan inside Google's purpose-built server

hardware root of trustintroduced at Google Cloud Next '17

Photograph of Urs Hölzle unveiling Titan at Google Cloud Next '17 (YouTube)

Machine boot basics

The machine's boot process starts when the BMC configuring the machine hardware lets the CPU come out of reset.

The CPU then loads the basic firmware (Boot or UEFI) from the boot firmware flash, which performs further hardware/software configuration.

Once the machine is sufficiently configured, the boot firmware accesses the "boot sector" on the machine's persistent storage, and loads a special program called the "boot loader" into the system memory.

The boot firmware then passes execution control to the boot loader, which loads the initial OS image from storage into system memory and passes execution control to the operating system.

privileged software attacks increase more research becomes available Secure boot with Titan Serial Peripheral Interface (SPI)Platform Controller Hub (PCH)

Photograph of Titan up-close on a printed circuit board. Chip markings obscured.

Cryptographic identity using Titan Conclusion

Titan provides a hardware-based root of trust that establishes strong identity of a machine, with which we can make important security decisions and validate the “health” of the system.

Titan offers integrity verification of firmware and software components.

The system’s strong identity ensures that we'll have a non-repudiable audit trail of any changes done to the system. Tamper-evident logging capabilities help identify actions performed by an insider with root access.

Google Cloud Platform Security page

Introducing App Engine firewall, an easy way to control access to your app

Thursday, August 24, 2017

By Lorne Kligerman, Product ManagerEditor's Note: App Engine Firewall is now generally available. Learn more. Google App Engine firewall—
Getting started with App Engine firewall Google Cloud ConsoleApp Engine Admin API gcloud command-line toolfirewall rules

Test IP

hereGoogle App Engine forumpublic issueApp Engine slack channel (#app-engine)

Introducing Network Service Tiers: Your cloud network, your way

Wednesday, August 23, 2017

By Prajakta Joshi, Product Manager, Cloud NetworkingNetwork Service Tiers AlphaGoogle Cloud Platform Power of Premium Tier Premium Tierover 100 points of presence (POPs)

Outbound and Inbound traffic delivery

Global Load Balancing

"75% of homedepot.com is now served out of Google Cloud. From the get-go, we wanted to run across multiple regions for high availability. Google's global network is one of the strongest features for choosing Google Cloud." — Ravi Yeddula, Senior Director Platform Architecture & Application Development, The Home Depot.
Introducing Standard Tier

Outbound and Inbound traffic delivery

Compare performance of tiers Cedexiswww.cedexis.com/google-reports/testing methodologygraph

Compare pricing for tiers hereexisting internet egress pricing appliesNetwork Tiers pricing Choose the right tier

Configure the tier for your application(s) Configure the tier

Try Network Service Tiers today “Cloud customers want choices in service levels and cost. Matching the right service to the right business requirements provides the alignment needed by customers. Google is the first public cloud provider to recognize that in the alpha release of Network Service Tiers. Premium Tier caters to those who need assured quality, and Standard Tier to those who need lower costs or have limited need for global networking.” — Dan Conde, Analyst at ESGNetwork Service Tierssigning up for alphayour feedback

Rolling your own private Ruby gem server on Google Cloud Platform

Monday, August 21, 2017

By Arham Ahmed, Software Engineering Interngoogle-cloud-gemserverGoogle Cloud Platform$ google-cloud-gemserver create --use-proj [MY_PROJECT_ID]GemfuryGoogle App Engine Flex99.95% uptimeGoogle Container EngineStackdriver LoggingCloud Storage
Using the gem server

First install the gem:

$ gem install google-cloud-gemserver

Ensure you have Cloud SDK installed and a GCP project created with billing enabled. Also ensure that you're authenticated with it. For a full list of prerequisites, read this checklist.

Run the following command in your terminal:

$ google-cloud-gemserver create --use-proj [MY_PROJECT_ID]

where MY_PROJECT_ID is the GCP project ID the gem server will be deployed to. This deploys the gem server to App Engine and creates a default key used to push and fetch gems from the gem server. For brevity, the value of this key will later be referred to as “my-key” and its name will later be referred to as “my-key-name”.

$ gem push --key my-key-name [PATH_TO_MY_GEM] --host \ > http://[MY_PROJECT_ID].appspot.com/private/bundlermy-keymy-keysource “[GEMSERVER_URL]” source “[GEMSERVER_URL]/private” do gem “MY_GEM” end“bundle install” Conclusion Google Cloud SQLgemopen source

Distributed TensorFlow and the hidden layers of engineering work

Friday, August 18, 2017

By Brad Svee, Staff Cloud Solutions ArchitectTensorFlowGoogle CloudGPUsTPUsdistributed TensorFlow cluster on Google Compute Enginetrain the same model on Google Cloud Machine Learning EngineMNISTRaspberry PIdistributed clusterCompute Enginecustom imageCloud Shell

Figure 1. A distributed TensorFlow cluster on Google Compute Engine.

Cloud ML EngineTensorBoard

Figure 2. Visualizing the training result with TensorBoard.

Cloud ML Engine prediction serviceCloud Datalab

Figure 3.

Figure 4.

Summary