

Google Cloud SQL now available with an SLA, 500 GB databases, and encryption - diggan
http://googlecloudplatform.blogspot.com/2014/02/google-cloud-sql-now-generally-available.html

======
sandGorgon
Why do most of these "cloud database" offerings, seem to be built on MySQL ?
RDS, Rackspace and Google all are MySQL first - only Heroku seems to be
Postgres.

Does Mysql lend itself innately to scalability at Amazon/Google scale that is
hard to do with Postgres ?

~~~
Lewisham
MySQL provides the underpinnings for many other hosted apps, like Wordpress.
It's the lingua franca of web databases, so that's why we're working with it.

Disclaimer: I'm a developer on Cloud SQL.

~~~
sandGorgon
Thank you for replying, but it seems weird that are competing for that segment
against... well, Dreamhost.

In fact, I would say that you would have a large segment of people/startups
interested in leveraging postgresql on the cloud without the headache of
managing replication,etc.

~~~
Lewisham
Speaking for myself and not for the company (I only joined Cloud SQL in
October), given limited time/people/money, I'd have made the same choice.
Everything on the web can run on MySQL, or has a connector to do so. Postgres,
even a year or two ago, was a lot more difficult. Things are different now
with the popularity of Postgres, but that's how we got from there to here.

The goal of Cloud is to provide the building blocks so people can make great
products. The quickest way to making good stuff is to use the same tools that
everyone is already familiar with, and I think that's why Cloud SQL exists. If
you want more "touch" on the database for more power, there's Cloud Datastore
[1]. But we support companies like Costco on Cloud SQL, so it's good for a lot
of folks.

[https://cloud.google.com/products/cloud-
datastore/](https://cloud.google.com/products/cloud-datastore/)

~~~
michaelt
Are there any plans to offer mysql 5.6 or 5.7? As I understand it [1]
currently only mysql 5.5 is available.

[1] [https://developers.google.com/cloud-
sql/faq#version](https://developers.google.com/cloud-sql/faq#version)

~~~
Lewisham
Lawyercats won't let me speak about future plans, I'm afraid :(

~~~
MWil
Lawyercats.com is available...surprisingly.

------
omh
What is the purpose of encryption in these cases? Is it just a compliance tick
box?

The keys are managed by Google and obviously this won't protect against them
getting at your data. And any external attacker who gets into Google's
infrastructure could (in theory at least) get the keys as well. It presumably
protects against someone stealing the hard drives from the data centre, but
that doesn't seem like a significant threat.

~~~
corresation
The various internal encryption statements seem to be speaking to the various
NSA issues.

~~~
michaelt
The encryption that has been proposed does nothing to address the NSA issues.

Amazon has a similar feature on S3 - they will encrypt your data on upload,
and automatically decrypt it when you read it [1]. From a security
perspective, this appears to be useless [2].

I suppose it might be useful if you're at an organisation with a rule saying
"all data must be encrypted at rest" where the rule cannot be changed, but
does not have to be implemented in an effective or useful manner.

[1] [http://aws.typepad.com/aws/2011/10/new-amazon-s3-server-
side...](http://aws.typepad.com/aws/2011/10/new-amazon-s3-server-side-
encryption.html) [2] [http://security.stackexchange.com/questions/8765/what-
does-a...](http://security.stackexchange.com/questions/8765/what-does-
amazons-s3-server-side-encryption-protect-against)

~~~
GauntletWizard
There is some, albiet limited, use: a) It protects your data from hard-drive
theft. Not an especially common occurrence in Amazon or Google scale
datacenters b) It segments out the storage admins at your cloud-hosting
provider from being accidentally granted access to your data. Useful from a
principle-of-least-privilege standpoint.

~~~
michaelt
Seems to me these claims of encryption are like selling full outfits with
bulletproof socks and telling customers they're buying bulletproof clothes.

It's technically true, and it does offer protection against a minute range of
threats, but it's mostly dangerous snake oil that'll end up with people who
think they have protection when they don't.

------
tnuc
Purely on pricing Azure easily wins.

[http://www.cleardb.com/store/azure](http://www.cleardb.com/store/azure)

On an ability to plug things in and get things working Azure still wins. I
would stick to AWS or Azure.

I get the feeling Google is only offering the same as its in house services to
the public so they can get free troubleshooting/bug fixing and stop their
support staff from growing complacent.

~~~
Lewisham
I would frame it the other way which is that Google has had to dogfood the
inhouse services so has spent a bunch of time troubleshooting/bug fixing
internally ;)

I know that Google as a whole has a rep for support which isn't great.
However, I also know that Cloud is trying really hard to show that isn't the
case with Cloud products (as is the company as a whole, my personal experience
with support phone lines at Google Play, for example, have been really good).
We have Stack Overflow (which we as devs check in on to see if there are
problems we can help with e.g. [1]), we have support packages which have real
live human beings on the other end [2].

 _I_ know everyone here in my dev team is 110% behind support being great, but
it's one of those things where we'll be judged by execution rather than words
(as it should be).

[1] [http://stackoverflow.com/questions/21774738/google-cloud-
sql...](http://stackoverflow.com/questions/21774738/google-cloud-sql-
authorized-network-cant-connect) [2]
[https://cloud.google.com/support/](https://cloud.google.com/support/)

~~~
jfoster
The support experience is going to vary depending on what you need. I once
called Google Wallet developer support to let them know that their sandbox was
down. I pointed them toward some samples on their documentation that had
broken as a result. They didn't seem able to grasp that it wasn't a problem on
my end, and I'm not convinced they knew what a sandbox is. In the end, I
reached out to a Google Wallet product manager via Google+ who confirmed that
it was down and that they were working on it.

It seems a waste of talent to have developers picking up the phone when I call
developer support, but it would be nice if that team could run stuff by
developers when they need to. They also need better training on typical things
that developers might call about. (Eg. "Sandbox seems to be down, can you
confirm and provide an ETA on the fix?")

------
cwyers
It's frustrating how the docs constantly refer to MySQL, but make no mention
of version number. This page includes a version, seemingly on accident, but
because it's part of an example of using the MySQL connector I have no idea if
it reflects the version currently in use or just the one that was in use when
this page was written:

[https://developers.google.com/cloud-sql/docs/mysql-
client](https://developers.google.com/cloud-sql/docs/mysql-client)

It's showing 5.5 -- 5.6 went General Availability over a year ago, and it's
not even a recent build of 5.5 at that, so you're seemingly missing out on
nearly a year's worth of bugfixes and security patches. I know Google is
applying a lot of custom patches to MySQL here, but I would really worry that
the work they're doing to customize MySQL is causing them to lag behind the
official version in terms of features and fixes.

------
mark_l_watson
I tried this a year or two ago when it was in beta, seemed OK. I used to run
several web apps on AppEngine, but more or less stopped when they dropped Wave
as a product - I basically had a negative emotional response to a cancelled
service, and walked away from AppEngine.

I have been thinking of giving AppEngine, etc. another chance but I have been
spoiled by very good customer support at RimuHosting, and the knowledge that
some support for AWS would be available if I ever had any problems. Google
needs to crank up their customer support efforts. I guess that the fact that
Google makes relatively little money from PaaS services worries me. All that
said, I really enjoyed using Google internal infrastructure during a brief
consulting gig at Google, so using AppEngine, etc. is appealing to me out of
nostalgia - for for the general public they might not be a great choice.

------
tsumnia
Has anyone had the opportunity to try Google's Cloud in comparison to AWS?

~~~
curiousDog
I'd say both Azure and AWS are better right now in terms of features,
availability, maturity and support. App engine support is terrible

~~~
tsumnia
I just switched from GAE to AWS due to not handling OpenCV; but I had someone
suggest I could do the image handling via Google Cloud. I'd already made the
switch, but was still curious since the original site was written for GAE.

------
jpalomaki
Dangerous to compare these by just looking at features or pricing. Based on my
limited experience from these kind of shared services I would say the devil is
in the details and in performance.

In shared services one interesting topic is how the various limits are
implemented. Is there some hard timeouts that prevent complex queries? Is
there throttling? Do you get some kind of penalties for running queries that
are not optimal? Do you need to implement some specific retry-logic?

------
russell_h
The SLA seems odd:

    
    
        - "Downtime" means more than a twenty percent Error Rate. Downtime is measured based on server side Error Rate.
        - "Error Rate" means the number of Valid Requests to open a connection that fail to open a connection, divided by the total number of Valid Requests during that period.
    

So does a network outage not count as downtime?

------
chiph
Pricing info here: [https://developers.google.com/cloud-
sql/pricing](https://developers.google.com/cloud-sql/pricing)

You can buy a package (reserved capacity?) or pay per-use.

~~~
bpicolo
Doesn't seem that page includes the 500GB package yet (or anything even close)

~~~
Lewisham
The 500GB bit is listed under "Storage Size", the column in the table is the
amount of storage you get without needing to pay.

This is a bit confusing, I'll file a bug to get it cleaned up. Thanks for the
spot.

------
curiousDog
Anyone know how they handle failover? I'd imagine they won't be physically
copying 500GB databases between machines. But then the size limitation
indicates they're constrained to what a single machine can hold.

~~~
Lewisham
Basically, Cloud SQL databases are written out to Google's storage system,
which automagically replicates across several datacenters. If the primary
datacenter that your database is in goes down, it's still replicated across
other datacenters and the data at rest isn't at risk. When a connection comes
in, we see that the database isn't up right now, and spin in up into a new
datacenter (this happens automatically if your database is always on).

We offer two different ways of working with Cloud SQL: synchronous and
asynchronous writes. With the synchronous writes, you'll get an OK back when
you update the database, which lets you know that the write completed
successfully and is replicated. If something bad happens, you'll get an
exception back and can keep the data in memory until the database is live and
accepting connections again.

A faster method is asynchronous, which performs the writes every second or so,
so you're not waiting for replication to complete. If something dies during
that second, you could lose data during that period and not know it.

Does this help?

Disclaimer: I'm a developer on Cloud SQL.

~~~
curiousDog
Ah I see, so the database sits in a shared storage network and you spin-up a
VM with MySQL when needed? If yes, is latency a concern? Also, if my database
goes cold, will you spin down the VM?

~~~
Lewisham
Externally it appears this way (I can't talk about infrastructure in any real
detail).

Latency is the same as if you were running MySQL on any other platform AFAIK.
If the database is cold, yes, the DB is spun down. An incoming connection will
cause the DB to spin up, and in most languages the common MySQL connector will
block until it's ready, so it doesn't require special coding around. Databases
almost always come up in a matter of seconds.

------
dsr12
As all data is encrypted when stored, I think it will have serious performance
degradation for large databases. If it performs well then it will be
interesting to know how Google is achieving that.

~~~
omh
Why would there be a significant performance degradation?

I'd expect this to be implemented by hardware encryption, probably at the
storage layer, with minimal speed impact.

~~~
thrownaway2424
That seeks like by far the least likely way it is implemented.

~~~
lallysingh
Why? It's also the cheapest (in CPU utilization).

~~~
thrownaway2424
A notorious cheapskate like Google is not going to pay to put hardware crypto
modules in huge number of servers. Those things are expensive, power hungry,
unreliable, instantly obsolete, full of bugs, often associated with binary
drivers or HALs, and barely or not at all faster than CPU cryptography. I've
never seen a case where a real server with a real CPU could benefit from
hardware crypto.

~~~
omh
Any modern CPU has dedicated hardware for encryption. And a huge number of
storage devices have it too - either storage arrays (which perhaps Google
aren't using) or standard hard disks, especially SSDs.

