The name of the base system (platform): | Google Cloud Platform (GCP) |
Developers: | |
Last Release Date: | 2015/06/18 |
Technology: | IaaS - Infrastructure as service, PaaS - Platform As A Service - the Business platform as service, Development tools of applications |
Content |
Google App Engine is service of a hosting of the websites and web applications on servers of Google with the free name <имя_сайта>.appspot.com, or with own name involved using services Google.
Google App Engine is the system of development of cloud applicaions from Google created on the basis of tools which are used by Google in infrastructure of the applications. App Engine allows developers to create scalable applications in the Python and Java languages, without thinking of low-level architecture.
At the same time, App Engine has important architectural restrictions: it is possible to create applications only in the Python and Java languages (implementations of several other languages which are executed over Java are also available), instead of traditional DBMS with SQL syntax DBMS with syntax of GQL where, in particular, the operator of JOIN allowing to integrate tables in the database is not supported is provided. Access to the file system is possible in the mode "only for reading".
It is possible to use Google App Engine free of charge – but only if the application keeps within the quotas set by Google. First, for data storage only 1 GB of disk space is selected. Secondly, limits on the daily volume of the used resources are set: 1 GB entering and up to 1 GB of the outbound traffic, till 6.5 o'clock CPU time, up to 1.3 million HTTP requests, up to 10 million requests to API of the Datastore database and up to 2000 outgoing e-mails.
App Engine is provided in April, 2008, is in the testing mode, are available as free accounts: "… up to 1 GB of disk space, 10GB of the incoming traffic in day, 10GB of the outbound traffic in day, 200 million gigacycles CPU a day and 2000 transactions of departure of e-mail a day", and a possibility of acquisition of additional resources.
The applications developed based on App Engine should be written on Python or Java. The environment of execution includes complete implementation of opportunities of Python, the majority of functions of standard library of language, the limited version of Django, etc.
The API set for services of storage, datastore API (en), Google accounts, data loadings on URL, e-mail, etc. is offered.
An opportunity to use a task scheduler of cron both for the applications implemented on Python, and on Java is given. Planning no more than 20 tasks is authorized.
Use of service of Google accounts allows to begin quickly work with the application, there is no need to carry out separate registration of credentials on each website. It also allows the developer not to care for implementation of one more recording system of users especially for the application.
The Google platform competes with similar services from Amazon (en) which give opportunities to place files and web applications, using the infrastructure.
Differences from traditional model of a hosting of applications
Unlike many normal placements of applications on virtual machines, such as Amazon EC2, the App Engine platform it is integrated with applications and imposes some restrictions for developers. The competing environments allow to operate with a set of the software created under * NIX systems while App Engine demands from the developer of compulsory use of the Python or Java programming languages and preserving of information in own storage (Datastore) — a subset of the proprietary BigTable (en) database which is a know-how of Google company.
Though it is possible to start the majority of the applications developed in the Python language without changes under App Engine (excepting those which require access to low-level functions of a system or access to network), use of storage will demand significant forces from developers on adaptation of applications. Unlike popular DBMS MySQL and PostgreSQL, storage is not a relational database, in particular does not support the scheme and does not require normalization of data. The architecture of the platform supports scaling without change of the code. Implementation of support of relational logic would lead to considerable deceleration of work. Not the relational nature of storage demands from developers of use of nonconventional architecture of storage and data processing. For example, instead of the normalized data storage in two or several tables with the subsequent consolidation in a request (join), logically connected data are recommended to be stored in one table.
At the same time all these restrictions can lead to the fact that many developers should make additional efforts for adaptation to the new environment, and they will prefer the choice of alternative platforms.
Restrictions
Runtime environment of the Google App Engine platform allows the developer to control only a part of parameters of the operating system that can represent a problem for application development.
There is no access to record to a server file system. The only way to save data — internal storage, not relational, high-scalable database. The storage differs from relational DBMS MySQL and PostgreSQL which are used on the majority of the websites.
The management systems for sessions using the file system will not work. Google provides alternative option — Memcache API. There is an opportunity to organize authorization of users through Google accounts.
Google widely uses in the applications MapReduce technology, the high-speed interface for the parallel computings which are carried out on a set of nodes of a cluster, its support will probably be added to platform opportunities.
2018
The researcher received $36 thousand for information on vulnerabilities in Google App Engine
The Google company paid to the 18-year-old researcher of security Ezequiel Pereira more than $36 thousand for detection[1] of several vulnerabilities in App Engine Google service, including one critical[2].
In February, 2018 Pereira could get media access of development of Google App Engine and detected a possibility of use of some internal API Google.
For the program of remuneration for search of vulnerabilities of Google the researcher did not specify anything dangerous in the first report, however score of P1 which indicates that the problem should be fixed as soon as possible as can affect a large number of users was assigned to his results.
Having continued a research, the expert detected some interesting methods of operation and sent Google the second report after which the company advised Pereira to stop further testing as it can "is easy to break something, using these internal API".
Having analyzed the detected vulnerabilities, experts of Google came to a conclusion that they could be exploited for remote accomplishment of the code "because of features of operation of Google".
In total Google paid to the researcher $36,337, including $5 thousand for detection of less serious problem. According to Pereira, the first report was sent to the company on February 25, 2018, and corrections were released during the period between March 6 and 13.
Google does not allow to use itself for a bypass of blocking any more
Application developers will not be able to use more infrastructure of Google for a bypass of blocking on the Internet. The service of a hosting of the websites and web applications on servers of Google which is called Google App Engine closed opportunities for use of the technology of concealment of an end address known as[3].
The company did not make about it statements — the first changes in architecture of network were noticed by Tor developers, as drew to a problem attention to media.
Domain fronting allowed developers to use Google as a proxy, redirecting traffic on own servers through the domain Google.com. It gave the chance to bypass blocking of the state level at which all traffic sent on a certain service can be blocked. When using domain fronting all requests coming from the specific country looks as if they are directed to Google.com. Prevented to trace them further to supervising departments enciphering.
Google reported to the The Verge edition that termination of work of domain fronting resulted from the planned updating long ago. The company claims that domain fronting was never specially supported function — it was just fancy feature of a software platform of Google. Now this feature is liquidated during incessant updating of networks, and the company is not going to revive it as function.
2015: Google App Engine supports PHP
On June 18, 2015 it became known of opening of a public access to a set of technologies of a Google service App Engine for creating applications and other software in the Google App Engine PHP programming language[4].
Earlier the platform supported only the Python, Go and Java languages.
In Google App Engine SDK are available to the developer:
- joining with Google Cloud SQL and besskhemny data warehouse,
- caching,
- work with binary files,
- image processing,
- maintaining logs,
- search,
- e-mail,
- organization of XMPP chats,
- task management and queues,
- joining with Android and iOS,
- registration of users via Google Account or OpenID,
- JavaScript customer interaction.
As a part of SDK there is a compatibility mode of a cloud of Google on the PC by means of which local debugging of the application is available.
The GAE property - if is required to start the web application on Java, Python, Go or PHP, but there is no desire or an opportunity to be engaged in a hosting, servers, Linux, MariaDB and other infrastructure of the web application - GAE resolves the most part of these issues and the developer needs only to develop the application, and then to send it to a cloud one command. Data storage, backup, scaling of computing powers, etc. undertakes Google.
In May, 2015 data on vulnerabilities in Google App Engine appeared.
According to the statement of the Polish Security Explorations research group, in Google App Engine for Java there were open vulnerabilities, including three escapes from Java sandbox. After three weeks of silence from Google researchers decided to divulge details of these vulnerabilities, having complemented them with the PoC-code. The provided code does not break a sandbox, but allows to bypass partially protection of Google App Engine, giving attacking chance to get access to Java Wednesday to Google App Engine.
Representatives of the company which staff detected vulnerabilities, announced incorrect implementation of a number of methods and lack of checks on security in App Engine, as becomes basic reasons of these gaps. The vulnerabilities detected by them are present at the "additional protection" implemented atop JRE and intended for protection of Google App Engine against Java vulnerabilities now.
2014
For February 4, 2014 App Engine has very considerable customer base, it makes, according to Google, about 30 thousand active (paying service) customers among whom small clients and very large business websites. According to vendor, more than 90% of its own IT systems work at the App Engine platform and this project appeared as a result of conversion of own internal IT infrastructure of the company to option of public service.
The high reputation of Google as cloud service provider and one of pioneers of use of the Big Data methods in many respects defined trust of the market to App Engine and other PaaS-offers of the company intended for project implementation, the requiring highly elastic scaling, processing of a large number of sets of unstructured data and the solution of a number of problems of a business intelligence. Some added features for the corporate level (providing SLA at the level of 99.95%, proper technical support, existence of relational DBMS, the developed control of versions, the minimum downtime, automatic scaling, existence of basic services of distributed caching, management of project lifecycle based on frameworks of Apache Maven and Spring for Java version of service) in an essential measure eliminated traditional concerns of the market concerning approaches of aPaaS in general and performed by Google in particular.
Abilities to integrate at the level API are allowed to offer PaaS-functionality for creation by customers of hybrid IT systems, including using other programming systems. The option of the combined use applied (Google Apps in implementation SaaS) and platform (Google Cloud Platform IaaS i PaaS) offers is attractive to customers Google.
App Engine 1.9.0
On February 26, 2014 the Google company announced a release of the new version of App Engine 1.9.0.
In the version of App Engine 1.9.0 appeared Modules API which helps to separate applications into the logical modules having own settings and versions.
As a part of updating there was a MapReduce library for Java integrated with Google Cloud Storage.
The Wednesday of runtime of PHP scripts accelerating loading of standard libraries is improved. External interaction happens to runtime programs only by means of HTTP/HTTPS requests, it limits App Engine to the sphere of web systems.
More than 30 gaps in Google App Engine
On December 10, 2014 mass media reported existence more than 30 vulnerabilities in a cloud platform of Google App Engine. Vulnerabilities the Polish company Security Explorations detected [5].
After researchers were selected from "sandbox" of the Java virtual machine, they had an opportunity of start of any code at lower level and access to system files of the virtual machine. They began to study exit methods from "sandbox" of the operating system, i.e. is level lower. But it was not succeeded to make it — the account was blocked by a security service of Google. According to researchers, in Google considered their activity of suspicious and decided to block access.
Defects in the system of protection allow withdrawal of the user from "sandbox" (sandbox is the isolated environment) the Java virtual machine in which applications, and accomplishment of any code in an environment of lower level are started, Adam Gowdiak, the head and the founder of Security Explorations told. He did not begin to be engaged in determination of level of danger which is constituted by the detected gaps, and preferred to notify Google.
In addition to Java, the GAE platform supports the applications written on Python, PHP and Go. According to the director of the company researcher, the actual amount of the vulnerabilities which are contained in the platform can be much bigger? as the conducted research mentioned only the Java virtual machine.
At 4:10 p.m. on December 10, 2014 the Google company did not comment on the statement of Security Explorations.
2012
At the beginning of 2012 Google began to test function of full-text search for service of a hosting of the App Engine web applications. Developers complain for a long time that possibilities of present search API for App Engine are far from expected, and are irritated that in Google so long delayed implementation of full-text search.
The company warns that API represents the experimental version, and further changes because of which the applications using present option will cease to work can be made to interfaces. According to Google, API will allow to execute keyword-based search, on the set fields, on ranges of numbers and lines, etc. Also ranging of results and receiving text fragments is supported.
API can use free of charge on condition of accomplishment no more than 20 thousand requests a day and uses of the index no more than 250 MB in size.
2013
App Engine 1.5.0
In this version there was a support of the processes requiring large volumes of memory and the experimental environment of execution of applications on Go — a programming language with the open code which is developed by Google. In the second half of this year App Engine is going to be saved from the status of the fact-finding version. Resource-intensive processes of App Engine 1.5 are supported by means of the module Backends which allows to apply the Java and Python languages. As explain in Google, using Backends it is possible to create, for example, specialized search mechanisms. Applications on Go, in turn, can be compiled in machine code — thanks to it language can be applied to the tasks which are actively using resources of the central processor. SDK for Go is already available to loading, and an opportunity to place Go-applications in App Engine will appear shortly. After removal of the status of an oznakompleniye from App Engine in Google promise to provide error-free running time of the platform of 99.5%, to implement offline - tariffing and to offer the agreements on terms of service focused on the enterprises.
App Engine 1.4.0
In App Engine 1.4.0 there was API Channel implementing delivery service of notifications from applications to the browser. This API saves from need of the regular code execution on JavaScript polling the application.
The addition of High Replication Datastore offered at extra charge expands the possibilities of replication implemented by the platform: now with its help it is possible to update up to four copies of data, and not at most two as earlier.
In App Engine the limit for the period of execution in the background of supporting services, such as processing and indexing is increased from 30 seconds to 10 minutes. The admissible extent of requests URLFetch from 1 MB to 32 MB is increased.
The new feature of Always On allows to reserve copies of applications, for example, with guarantee to have continuously working copy. According to specialists of Google, Always On is an alternative of activation of applications on demand and allows to avoid waiting of availability of a free copy.
2011
In October, 2011 in the platform of development and a hosting of the Google App Engine web applications addition, the need for which was felt long ago by many authors of applications, is implemented. Now except the Big Table database which was available in App Engine constructed on the key value system, applications will be able to use the standard relational DBMS under the name Google Cloud SQL supporting language of requests of SQL. Moreover, in it it will be possible to move the available local databases under control of MySQL. The cloud system of Google will undertake administration of base and its replication in several data centers.
Analysts of Forrester Research consider emergence of Google Cloud SQL extremely important event. Relational databases with language of requests of SQL are used much more widely, than klyuch-znacheniye bases like Big Table. The lack of a possibility of application of SQL in the App Engine applications was an essential obstacle for implementation of this system.
Google Cloud SQL works in a limited attraction mode — only some developers who are specially selected by the company have access to it. For them work with Cloud SQL is still free. The company will announce the prices how it will begin to levy a payment.
2010: Version 1.3.8 of a developer kit (SDK) for Google App Engine
For developments on Java or Python of the cloud applicaions intended for execution on servers of Google company. In the new version in the administrative Google App Engine console there was an Instances page where information on servers which resources uses the application at present is output. Response time and level of memory fill of each of systems is displayed, in particular. Developers on Python will find experimental function of removal of all stored objects in Admin Console. In the Python-version use of fixed functions, for example, of performance measurement became simpler. Java option SDK will be finished the same way in the next version. There are some more corrections and new features. It is possible to load a set on the website of Google.[6]
Notes
- ↑ of $36 of k Google App Engine RCE
- ↑ the Researcher received $36 thousand for information on vulnerabilities in Google App Engine
- ↑ domain fronting Google does not allow to use itself for a bypass of blocking any more
- ↑ got support of PHP
- ↑ Over 30 vulnerabilities it is found in a cloud platform of Google
- ↑ Google updated a set of development tools of cloud applicaions