Cloud Blog: Emulating the air-gapped experience: GDC Sandbox is now generally available

Jun 3, 2025

—

Source URL: https://cloud.google.com/blog/topics/hybrid-cloud/using-gdc-sandbox-to-emulate-air-gapped-environments/
Source: Cloud Blog
Title: Emulating the air-gapped experience: GDC Sandbox is now generally available

Feedly Summary: Many organizations in regulated industries and the public sector that want to start using generative AI face significant challenges in adopting cloud-based AI solutions due to stringent regulatory mandates, sovereignty requirements, the need for low-latency processing, and the sheer scale of their on-premises data. Together, these can all present institutional blockers to AI adoption, and force difficult choices between using advanced AI capabilities and adhering to operational and compliance frameworks.
We are announcing Google Distributed Cloud (GDC) Sandbox – AI Optimized, which offers a virtualized platform that mirrors the GDC air-gapped racks and appliance experience, allowing developers to innovate on new apps with gen AI capabilities, and it is now generally available.
GDC Sandbox can help organizations harness Google’s gen AI technologies while maintaining control over data, meeting rigorous regulatory obligations, and unlocking a new era of on-premises AI-driven innovation. With flexible deployment models, a robust security architecture, and transformative AI applications like Google Agentspace search, GDC Sandbox enables organizations to accelerate innovation, enhance security, and realize the full potential of AI.
Secure development in isolated environments
For sovereign entities and regulated industries, a secure Zero Trust architecture via platforms like GDC Sandbox is a prerequisite for leveraging advanced AI. GDC Sandbox lets organizations implement powerful use cases — from agentic automation and secure data analysis to compliant interactions — while upholding sovereign Zero Trust mandates for security and compliance.
“GDC Sandbox provides Elastic with a unique opportunity to enable air-gapped gen AI app development with Elasticsearch, as well as enable customers to rapidly deploy our Security Incident & Event Management (SIEM) capabilities.” – Ken Exner, Chief Product Officer, Elastic
“Accenture is excited to offer Google Distributed Cloud air-gapped to customers worldwide as a unique solution for highly secure workloads. By using GDC Sandbox, an emulator for air-gapped workloads, we can expedite technical reviews, enabling end-customers to see their workloads running in GDC without the need for lengthy proofs of concept on dedicated hardware.” – Praveen Gorur, Managing Director, Accenture
Air-gapped environments are challenging
Public sector agencies, financial institutions, and other organizations that handle sensitive, secret, and top-secret data are intentionally isolated (air-gapped) from the public internet to enhance security. This physical separation prevents cyberattacks and unauthorized data access from external networks, helping to create a secure environment for critical operations and highly confidential information. However, this isolation significantly hinders the development and testing of cutting-edge technologies. Traditional air-gapped development often requires complex hardware setups, lengthy procurement cycles, and limits access to the latest tools and frameworks. These limitations hinder the rapid iteration cycles essential to development.

Video Analysis Application Built on GDC Sandbox

According to Gartner® analyst Michael Brown in the recent report U.S. Federal Government Context: Magic Quadrant for Strategic Cloud Platform Services, where Google Cloud is evaluated as a Notable Vendor, “Federal CIOs will need to consider cost and feature availability in selecting a GCC [government community cloud] provider. Careful review of available services within the compliance scope is necessary. A common pitfall is the use of commercially available services in early solution development and subsequently finding that some of those services are not available in the target government community environment. This creates technical debt requiring refactoring, which results in delays and additional expense.”
GDC Sandbox: A virtualized air-gapped environment
GDC Sandbox addresses these challenges head-on. This virtual environment emulates the experience of GDC air-gapped, allowing you to build, test, and deploy gen AI applications using popular development tools and CI/CD pipelines. With it, you don’t need to procure hardware or set up air-gapped infrastructure to test applications with stringent security requirements before moving them to production. Customers can leverage Vertex AI APIs for key integrations with GDC Sandbox – AI Optimized including:

Google AI Studio: Access Vertex APIs

Optical character recognition (OCR): Extract text from images and documents

Speech-to-text: Convert spoken language into written text

Translation: Break down language barriers for multilingual applications

Containerized model hosting: Deploy and manage custom gen AI models within containers

GPUs: Dedicate user-space GPUs for gen AI development

Interacting with GDC Sandbox

One of the things that sets GDC Sandbox apart is its consistent user interface. As seen above, developers familiar with Google Cloud will find themselves in a comfortable and familiar environment, which helps streamline the development process and reduces the learning curve. This means you can jump right into building and testing your gen AI applications without missing a beat.
“GDC Sandbox has proven to be an invaluable tool to develop and test our solutions for highly regulated customers who are looking to bring their air-gapped infrastructures into the cloud age.” – David Olivier, Defense and Homeland Security Director, Sopra Steria Group
"GDC Sandbox provides a secure playground for public sector customers and other regulated industries to prototype and test how Google Cloud and AI can solve their unique challenges. By ensuring consistency with other forms of compute, we simplify development and deployment, making it easier for our customers to bring their ideas to life. We’re excited to see how our customers use the GDC Sandbox to push the boundaries of what’s possible." – Will Grannis, VP & CTO, Google Cloud
The GDC Sandbox architecture and experience
GDC Sandbox offers developers a familiar and intuitive environment by mirroring the API, UI, and CLI experience of GDC air-gapped and GDC air-gapped appliance. It offers a comprehensive suite of services, including virtual machines, Kubernetes clusters, storage, observability, and identity management. This allows developers to build and deploy a wide range of gen AI applications, and leverage the power of Google’s AI and machine learning expertise within a secure, dedicated environment.

GDC Sandbox – Product Architecture

Use cases for GDC Sandbox
GDC Sandbox offers numerous benefits for organizations with air-gapped environments. Let’s explore some compelling use cases:

Gen AI development: Develop and test Vertex and gen AI applications via GPUs to cost-effectively validate them in secure production environments.

Partner enablement: Empower partners to build applications, host GDC Marketplace offerings, train personnel, and prepare services for production.

Training and proof of concepts: Provide hands-on training for developers and engineers on GDC air-gapped technologies and best practices. Deliver ground-breaking new capabilities and showcase the art of the possible for customers and partners.

Building applications in GDC Sandbox
GDC Sandbox leverages containers and Kubernetes to host your applications. To get your application up and running, follow these steps:

Build and push: Build your application image locally using Docker and ensure your Dockerfile includes all necessary dependencies. Tag your image in your source repository then sync with the Harbor instance URI and push it to the provided Harbor repository.

Deploy with Kubernetes: Create a Kubernetes deployment YAML file that defines your application’s specifications, including the Harbor image URI and the necessary credentials to access the image. Apply this file using the kubectl command-line tool to deploy your application to the Kubernetes cluster within the Sandbox.

Expose and access: Create a Kubernetes service to expose your application within the air-gap. Retrieve the service’s external IP using kubectl get svc to access your application.

Migrate and port: Move your solutions from GDC Sandbox to GDC air-gapped and appliance deployments.

Ready to try GDC Sandbox?
Watch our on-demand video and getting started demo to learn more about GDC Sandbox capabilities and benefits. If you would like to discuss how to get access to GDC Sandbox please complete this form, and a member of our team will be in touch.

U.S. Federal Government Context: Magic Quadrant for Strategic Cloud Platform Services, By Michael Brown, 3 February 2025
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and MAGIC QUADRANT is a registered trademark of Gartner, Inc. and/or its affiliates and are used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

AI Summary and Description: Yes

**Summary:**
The text highlights the launch of Google Distributed Cloud (GDC) Sandbox – AI Optimized, a significant development aimed at facilitating the secure utilization of generative AI in regulated industries. It tackles the critical issues of regulatory compliance, low-latency processing, and air-gapped security constraints, providing organizations with a secure, cloud-based environment for developing generative AI applications.

**Detailed Description:**
The announcement of the GDC Sandbox introduces a virtualized platform designed for organizations in regulated sectors looking to adopt AI solutions without compromising security or compliance. This innovation is particularly relevant for security and compliance professionals due to the following points:

– **Addressing Compliance Challenges**:
– Organizations often face roadblocks due to strict regulatory requirements and the need for sovereignty, which can hinder the adoption of advanced AI technologies.
– GDC Sandbox allows users to innovate while ensuring adherence to necessary regulations and providing control over sensitive data.

– **Air-Gapped Virtualization**:
– The GDC Sandbox creates a simulated air-gapped environment, enabling organizations to develop and deploy generative AI applications without the physical constraints of traditional air-gapped infrastructure.
– This alleviates the challenges associated with developing in air-gapped settings, such as complex hardware setups and prolonged procurement processes.

– **Zero Trust Architecture**:
– The platform supports a Zero Trust security model, which is essential for organizations managing sensitive data.
– This architecture allows for secure interactions and data analysis while safely leveraging AI capabilities.

– **Flexible Deployment Models**:
– GDC Sandbox offers various deployment options that facilitate the seamless integration of AI applications in controlled environments.
– It includes the capacity to use Google’s AI technologies like Vertex AI APIs and other tools, ensuring organizations benefit from cutting-edge features while ensuring security compliance.

– **Use Cases**:
– **Gen AI Development**: The platform equips developers to create AI applications in secure, isolated environments without the hassle of hardware procurement.
– **Training and Proof of Concepts**: Organizations can train personnel or present new technological capabilities in a secure setting, promoting innovation without compromising on security.

– **Integration with Existing Tools**:
– Developers will find a familiar interface, which lowers the learning curve and enhances productivity as they engage with Google’s Cloud services and APIs.

Overall, the GDC Sandbox provides a compelling solution for organizations in regulated industries to harness the power of generative AI while maintaining stringent security and compliance protocols. The ability to innovate securely within a dedicated environment positions GDC Sandbox as a key enabler for advancements in AI and operational efficiency amidst increasing regulatory demands.

2 2025 3 5 a Accenture access Act actions addresses adoption ads advanced advanced AI advancement advancements agent agents Agentspace AGI AI AI applications AI development ai model AI models AI technologies air air-gapped environments analysis and anti API APIs app app development Application applications Arch architecture art as attack attacks Auto automation availability based Best best practices Bi building built by C capabilities capacity challenges CI CI/CD CIA Cloud cloud platform cloud service cloud services cloud-based cluster co Col command command-line tool commercial community compliance compliance challenges compliance framework compliance frameworks compliance professionals compliance protocols compute concept confidential information consistency container containers Context control controlled environment cost cost-effective credential credentials critical Customer cutting cyber cyberattack Cyberattacks D data data access data analysis de debt defense DeFi demand demo dependencies deployment deployment options design developer developers development development and testing development process development tools distributed cloud Docker dockerfile document drive driven e edge effective efficiency Elasticsearch end Engineer engineers environment event exp experience expert expertise External face fact feature features federal government file financial financial institutions fine fines for framework frameworks full g gapped appliance gapped environment gapped environments gapped security Gartner Gen gen AI general generative Generative AI GIS Go Google Google Agentspace Google AI Studio Google Cloud Google Distributed Cloud government GPU GPUs Group gs H hands Harbor hardware high Highlight Homeland Security hosting http HTTPS hybrid identity identity management image in incident information infrastructure infrastructures innovation institutions integration integrations intent inter interaction interactions interface intern internet io iOS Iron isolated environments isolation issue ite iteration J k Key Kubernetes Kubernetes clusters Kubernetes Deployment l land language latency learning led Li life limitations local logic long low M mac machine Machine Learning Magic making man management market marketplace michael mid Mir mission ML Mode model models multi Multil multilingual N nation network networks no o observability OCR oE of off on one only operation operational efficiency operations OPM opt Optical Character Recognition Optical Character Recognition (OCR) options organization organizations ory oS other out over physical constraints Pipeline pipelines platform platform services platform support platforms play point potential Power pre premises process processes processing procurement procurement process procurement processes product production production environment production environments productivity professionals proof protocol protocols prototype public public sector publications Q R rack rag rapid iteration cycles rate RCE ready real red refactoring regulated industries Regulation regulations regulatory regulatory compliance regulatory demands regulatory requirements report repository Requirements research right Ro robust security RoT Rust s safe sandbox Scale search sec sector secure secure development secure environment Secure Workload security security and compliance security architecture security compliance security incident Security Model security requirements sensitive data service services settings side SIEM Sig Sim SoC solutions source sovereignty specific Speech speech-to-text SSE SSL SSO start state storage strategic structures support T team tech technical debt technological technologies technology technology use test Testing text the to tool tools Tor TP trade training Transform transformative translation trie trust trust architecture Trust Security two type U.S. Uber UI unauthorized data access up ups US use use cases user user interface Users uth utilization V val vendor vendors vents Vertex Vertex AI video video analysis virtual virtual environment virtual machine virtual machines virtualization WAN Ware Well Wi workload workloads world x zero Zero Trust Zero Trust Architecture Zero Trust security Zero Trust Security Model