This document describes the lifecycle stages that Google Distributed Cloud (GDC) air-gapped features might transition through, such as the following launch stages:
There are also the following end-of-life stages:
Launch stages
GDC air-gapped features have unique standards that must pass increased security requirements. Because of these heightened standards, some features might require going through an accreditation process to satisfy a set of compliance requirements. For these features that need to go through an accreditation review by a third-party entity, they can be certified as production ready, but might not be available to use.
The lifecycle of GDC air-gapped features allows some features to be released to a subset of customers, which lets them test and approve them for their unique use cases.
The following sections describe the stages of a GDC air-gapped feature. Features are not required to go through all stages.
Preview
At Preview, a feature is ready for testing by customers before adopting it for production use at GA. Preview offerings are often publicly announced, but are not necessarily feature-complete, and Google provides no Service Level Agreements (SLA) or technical support commitments for these. Unless stated otherwise by Google, Preview offerings are intended for use in test environments only. Features in Preview are typically expected to reach GA within 12 months, but this might vary.
General Availability (GA)
General Availability (GA) features are production ready, though not always universally available. Some GA features might only be available to a limited group of customers. For customers with increased accreditation standards, some GA features are not available to use.
By default, all Marketplace services are configured as GA features unless otherwise noted. This means for highly regulated deployments, your Infrastructure Operator (IO) must manually enable Marketplace services before you can use them.
Accredited
Accredited features are GA features that have received approval from the concerned accreditation agencies and are ready for customer onboarding. Customers with regulated deployments might require some production-ready features be accredited before they can use them. This feature type is identified as a Significant Change Request (SCR) feature and is undergoing further review. This feature has not received an Authority to Operate (ATO) within a regulated environment. Reach out to your IO with questions regarding feature accessibility.
End-of-life stages
If a feature is determined to be obsolescent, it transitions to end-of-life stages. A feature is first marked as deprecated, which warns against future use with the intention of phasing it out. After a set time to allow for migration away from the feature, it is then removed from the product.
Deprecated
Marking an offering deprecated is an announcement that GDC is discontinuing a service or feature that it supports. See the Google Cloud deprecation policy for more information: https://cloud.google.com/terms/deprecation.
Decommissioned
Decommissioning an offering means that the feature is no longer available. Calling decommissioned software can result in unpredictable behavior or invalid responses.
Feature gates
Feature gates are a mechanism used by your Infrastructure Operator (IO) to manage features that are in the following feature stages:
- Preview
- In review for accreditation
Based on your deployment, the features in the following table might not be available to use. Check with your IO for more information.
| Feature | Stage | Description |
|---|---|---|
| Chirp Speech-to-Text model | Preview | Vertex AI Chirp universal speech model. |
| GDC air-gapped Org v2 Architecture | In review | The v2 organization architecture introduces changes in several components, including cluster, networking, and storage. |
| Cross-zone STS tokens | In review | Capability to enable cross-zone Security Token Service (STS) tokens. |
| API Platform for Vertex AI services | In review | API Platform authentication workflow for Vertex AI pre-trained and prediction APIs. |
| Splunk Kubernetes cluster | In review | Security Information and Event Management (SIEM) system hosted as a Splunk cluster in GDC air-gapped zones. |
| SVM architecture change | In review | Process for provisioning Storage Virtual Machines (SVM) for an organization. |
| KubeVirt CSI | In review | Capability to use the KubeVirt Container Storage Interface (CSI) driver for storage enhancements. |
| VM disk cloning | In review | Capability to clone a virtual machine (VM) disk from an existing disk. |
| VM metadata server | In review | Capability for a VM to store its metadata on a metadata server. |
| VM guest agent streaming | In review | Communication method between the VM guest agent and the host VM. |
| Server erasure during install | In review | Process for securely erasing data on a machine during the server install process. |
| Server disk encryption with LUKS | In review | Process for using Linux Unified Key Setup (LUKS) with Trusted Platform Module (TPM) sealed keys to encrypt bare metal server disks at rest. |
| Certificate Authority as a Service | In review | Capability to create and manage certificate authorities (CA) and issue certificates to secure workloads. |
Marketplace services are easy-to-install, self-managed solutions from third-party vendors and Google. Some Marketplace services are production ready, but not accredited by default. For customers with increased accreditation standards, the IO must enable the feature gate for non-accredited Marketplace services individually to make them available.
The following table lists the Marketplace services controlled by a feature gate that might not be available to use. Check with your IO for more information.
| Feature | Stage | Description |
|---|---|---|
| HashiCorp Vault (BYOL) | In review | An identity-based secrets and encryption management system. |
| Apache Kafka on Confluent Platform (BYOL) | In review | A solution that allows real-time access, storage, and management of continuous data streams. |
| Redis Software for Kubernetes (BYOL) | In review | Redis is the world's fastest in-memory database for building and scaling fast applications. |
| GitLab | In review | An open-source software development platform with built-in version control, issue tracking, code review, CI/CD, and more. |
| Neo4j (BYOL) | In review | Neo4j is an open-source, NoSQL, built-in graph database that provides an ACID-compliant transactional backend for your applications. |
| MariaDB Operator (BYOL) | In review | MariaDB Operator uses supported Docker images to provide a fleet management and HA/DR solution for MariaDB Enterprise Server and MaxScale. |
| Mandiant SOC | In review | Service for the Mandiant Security Operations Center (SOC). |
| Mandiant consulting services | In review | Service for Mandiant consulting. |