Google LLC is upping its edge game at the Cloud Next conference this week.

The cloud division today announced a generative artificial intelligence feature that works on internal data, as well as expanded cross-network features that allow users to train AI models on data from any cloud or on-premises data store in a fully managed and secure environment.

Gen AI search in Google Distributed Cloud, which will enter preview this quarter, is a packaged product that enables customers to search sensitive enterprise data at the edge or on-premises using natural language. It’s powered by Gemma 7B, an instruction fine-tuned large language model developed by Google DeepMind for natural language processing.

Google’s Vertex AI is used to serve large language models. Data ingestion is handled by pretrained application program interfaces for speech-to-text conversion, language translation and optical character recognition. Customers also have the option of using a variety of other open-source models.

Google’s AlloyDB Omni png vector extension, which provides features for working with vectors in high-dimensional space, is used for the vector database. Users also have the option of employing alternatives such as Elasticsearch.

Significantly for security-conscious customers, the package can also be deployed in a Google Distributed Cloud air-gapped environment. That option addresses many business leaders’ concerns about the risks of compromising sensitive data during model training. “You can operate fully air-gapped in perpetuity with no connectivity to Google or the internet,” said Sachin Gupta, general manager of Google Cloud’s infrastructure and solutions group.

Simplifying multicloud operations

Introduced about a year ago, Cross-Cloud Network provides a simplified configuration that minimizes hardware and reduces the overhead of connecting to clouds from Amazon Web Services Inc., Microsoft Corp., Oracle Corp. and Alibaba Group Holding Ltd.

“With Cross-Cloud Network, you can train and inference AI models anywhere,” wrote Muninder Sambi, general manager of networking and security for Google Cloud, in a draft blog post released to the media. Google’s Private Service Connect, a Google Cloud networking capability that allows data consumers to access managed services privately from inside their virtual private cloud network, ensures that security is consistently applied across services, Google said.

With this announcement, Google also previews Private Service Connect transitivity over the Network Connectivity Center. This enables services in a spoke VPC to be transitively accessible from other spoke VPCs, meaning a virtual private network can forward routes between networks.

Partner-led protections

New security features include network threat protection from Palo Alto Networks Inc., security posture controls for the network perimeter, and zero-trust microsegmentation. Identity-based authorization with mutual Transport Layer Security integrates an identity-aware proxy with a load balancer for zero-trust network access, initially on the client side and soon with back-end mutual TLS.

Identity-based authorization means users are identified and authorized based on their unique identity, such as a username or email address, rather than relying on a specific network location. MTLS is a security protocol where the client and the server identify and authenticate each other before establishing a secure connection. The identity-aware proxy is a cloud service that acts as a secure gateway that verifies user identities before granting access.

To protect sensitive data-in-transit from accidental or malicious exposure, Google also plans to incorporate in-line network data loss prevention from Symantec Corp. integrated with its load balancers and secure web proxy using service extensions.

“Service Extensions open up the web data plane (load balancers, secure proxies) in the Cross-Cloud Network to easily allow customizations and services to be added to workload data paths, helping to protect, accelerate, and optimize web experiences,” Sambi wrote.

Gemini is also being applied to network design, operations, and optimization in a new feature currently in preview called Gemini Cloud Assist. Sambi wrote that Gemini can help with tasks such as generating configurations, recommending capacity, correlating changes with issues, identifying vulnerabilities and optimizing performance.

Image: SiliconANGLE/DALL-E