Flow logs sharpen visibility into GCP network

Google Cloud juiced up its networking capabilities with the addition of VPC Flow Logs. It's an important feature for enterprises accustomed to these insights on their own networks.

Google Cloud customers now have a window for deeper insights into their network traffic that other cloud platforms and private enterprise networks have had for years.

VPC Flow Logs increases transparency into users' network traffic on Google Cloud Platform (GCP), and the data collected by this tool can be used to monitor and respond to performance and security issues. That addresses a big concern for many enterprises that require this level of network scrutiny to operate production workloads on the cloud. It's also another example of how Google has caught up to its competition, though some of this functionality has actually surpassed what many other providers offer.

Amazon Web Services added flow logs in 2015, and Microsoft did the same a little over a year ago, but Google stands apart with its near-real-time visibility. AWS logs are updated every 10 to 15 minutes, while GCP's logs are updated every five seconds.

VPC Flow Logs capture geolocation metadata within a GCP environment, as well as between a virtual private cloud (VPC) and on-premises environments, an internet endpoint or any other Google services. Telemetry is collected at different levels, from a specific VPC network down to individual VMs or interfaces. Users can export those metrics natively to Stackdriver or BigQuery, or to third-party platforms via Cloud Pub/Sub.

In the initial release, VPC Flow Logs integrates with Sumo Logic and Cisco Stealthwatch for logging and analytics. Sumo Logic is a popular choice among cloud customers, while Cisco already has a partnership with GCP to build hybrid cloud deployments.

Customers with private data centers are accustomed to this sort of information, so Google must offer something comparable on its cloud, said Bob Laliberte, an analyst with Enterprise Strategy Group in Milford, Mass.

As applications gain unprecedented importance in hybrid and multi-cloud [environments], organizations are going to desire as much visibility as they can get into that application and the network that carries them.
Brad Casemoreanalyst, IDC

"This is a big step for making organizations feel comfortable to move critical applications into the cloud environment knowing they'll have complete visibility into them -- not only in the cloud, but between clouds," he said.

Customers want to detect anomalies as soon as possible, so the near-real-time tracking and the extension to private data centers is an advantage for GCP, though other vendors are likely to move in the same direction, said Brad Casemore, an analyst with IDC.

"Outages, exploits and hacks can be tremendously costly to an organization -- not only monetarily, but in terms of reputation," Casemore said. "As applications gain unprecedented importance in hybrid and multi-cloud [environments], organizations are going to desire as much visibility as they can get into that application and the network that carries them."

Google has long touted its network as an advantage over other public clouds, but VPC Flow Logs is the latest in a string of tools and features added to GCP over the past year to make enterprise customers comfortable hosting applications on the platform.

"They won't be satisfied with parity in network services," Casemore said. "They feel this is an area where they can use their network as a cloud differentiator, and you'll see continued moves around this area."

Google charges for VPC Flow Logs on a tiered basis, starting at $0.50 per gigabyte for the first 10 TB of logs generated. The price drops the more logs a user creates and plateaus at $0.05 per gigabyte for more than 50 TB per month. Google waives those charges for logs exported to Stackdriver, with only the Stackdriver logging charges applied.

Dig Deeper on Cloud app development and management

Data Center