Source URL: https://cloud.google.com/blog/products/compute/introducing-workload-manager-custom-rules/
Source: Cloud Blog
Title: Introducing custom rules in Workload Manager: Evaluate workloads against customized best practices
Feedly Summary: Are you a cloud architect or IT admin tasked with ensuring deployments are following best practices and generating configuration validation reports? The struggle of adopting best practices is real. And not just the first time: ensuring that a config doesn’t drift from org-wide best practices over time is notoriously difficult.
Workload Manager provides a rule-based validation service for evaluating your workloads running on Google Cloud. Workload Manager scans your workloads, including SAP and Microsoft SQL Server, to detect deviations from standards, rules, and best practices to improve system quality, reliability, and performance. .
Introducing custom rules in Workload Manager
Today, we’re excited to extend Workload Manager with custom rules (GA), a detective-based service that helps ensure your validations are not blocking any deployments, but that allows you to easily detect compliance issues across different architectural intents. Now, you can flexibly and consistently validate your Google Cloud deployments across Projects, Folders and Orgs against best practices and custom standards to help ensure that they remain compliant.
Here’s how to get started with Workload Manager custom rules in a matter of minutes.
1) Codify best practices and validate resourcesIdentify best practices relevant to your deployments from the Google Cloud Architecture Framework, codify them in Rego, a declarative policy language that’s used to define rules and express policies over complex data structures, and run or schedule evaluation scans across your deployments.
Start with sample Rego policies in our GitHub repository: https://github.com/GoogleCloudPlatform/workload-manager
You can create new Rego rules based on your preferences, or reach out to your account team to get more help crafting new rules.
2) Export findings to BigQuery dataset and visualize them using LookerYou can configure your own BigQuery dataset to export each validation scan and easily integrate it with your existing reporting systems, build a new Looker dashboard, or export results to Google Sheets to plan remediation steps.
Additionally, you can configure Pub/Sub-based notifications to send email, Google Chat messages, or integrate with your third-party systems based on different evaluation success criteria.
A flexible system to do more than typical config validation
With custom rules you can build rules with complex logic and validation requirements across multiple domains. You can delegate build and management to your subject matter experts, reducing development time and accelerating the time to release new policies.
And with central BigQuery table export, you can combine violation findings from multiple evaluations and easily integrate with your reporting system to build a central compliance program.
Get started today with custom rules in Workload Manager by referring to the documentation and testing sample policies against your deployments.
Need more help? Engage with your account teams to get more help in crafting, curating and adopting best practices.
AI Summary and Description: Yes
Summary: The text discusses the introduction of custom rules in Workload Manager, a tool used for validating configurations and ensuring compliance with best practices on Google Cloud. It highlights the challenges of maintaining consistent deployments and offers practical solutions for cloud architects and IT admins to monitor their workloads effectively.
Detailed Description:
The text centers around Workload Manager’s new feature, custom rules, designed to assist cloud architects and IT admins in validating their Google Cloud configurations against best practices. The feature addresses ongoing challenges faced by organizations in maintaining compliance over time, rather than just during initial deployments. Below are the key points detailed in the text:
– **Problem Identification**:
– Ensuring deployments adhere to best practices can be a challenge both initially and over time, as configurations may drift.
– There’s a need for solutions that not only validate configurations against established standards but also adapt continuously to changing requirements.
– **Workload Manager Overview**:
– Workload Manager offers a rule-based validation service for workloads running on Google Cloud, including applications like SAP and Microsoft SQL Server.
– The tool helps detect deviations from standards to enhance system quality, reliability, and performance.
– **Introduction of Custom Rules**:
– Custom rules (GA) feature allows users to create bespoke validation rules without hindering deployment processes.
– This feature enables flexible validation across Google Cloud resources such as Projects, Folders, and Organizations, ensuring consistent compliance.
– **Getting Started with Custom Rules**:
1. **Codifying Best Practices**:
– Users can codify relevant best practices from the Google Cloud Architecture Framework using Rego, a declarative policy language.
– Sample policies are available on GitHub for users to get started easily.
2. **Data Handling and Visualization**:
– Validation scan findings can be exported to BigQuery for data management and analysis.
– The integration with Looker allows users to create dashboards or export results for reporting and remediation planning.
– Notifications can be automated via Pub/Sub to inform stakeholders of compliance evaluation results.
– **Benefits of Custom Rules**:
– Users can develop complex logic and validation requirements tailored to their specific needs.
– Delegating rule creation and management to subject matter experts streamlines the process and speeds up policy release.
– Centralized data storage in BigQuery enables comprehensive compliance reporting by consolidating violation findings.
– **Engagement and Support**:
– IT admins are encouraged to consult documentation and engage with their account teams for assistance in implementing and customizing these rules.
Overall, the introduction of custom rules in Workload Manager is a significant advancement for cloud compliance and security management, providing a versatile and effective approach to maintaining compliance in Google Cloud deployments.