Hölzle on Google history
Quentin Hardy: You have overseen the creation of what was, I guess, a couple of stacks of servers into what people say is now the world's largest computing system. And what was that like?
Urs Hölzle: [laughs] That was 18 years of hard work, I think. You know, in the beginning, we barely had a one-year plan. We had $25 million of venture capital funding. And given the size of the problem, you know, download the entire web and index it and then serve it as search, that's actually not very much money. And so it was very clear even from the beginning that if you solve it the traditional way, it will never work. The money won't last. And so that was actually a challenge really from the beginning, but to some extent, it's also liberating. Because if you know that the standard way is really completely off the table, there's actually much less risk of trying something else because you don't really have a safe choice.
Hardy: You have to rethink it.
Hölzle: We actually started focus on the individual server, and so we had custom servers and then custom power supplies, and then it became the rack, and then it became the Building, more efficient data centers because we saw that actually we were giving up a lot of money by renting inefficient data centers. And then the next step was really the network.
Hardy: What lessons does that have for a normal corporation?
Hölzle: I think Google is like any other larger company, right? We have IT systems. We have security problems. We have compliance problems. We have HR systems. Every company with 50,000 employees has these kind of problems, right? And we look at other companies really as companies that struggle with the same problems that we have struggled with. They have an internal HR app that needs to run, or they have a sales support system that needs to run globally, and all of these problems that actually we can solve while with the infrastructure we have because pretty much everything in the end needs strong security, strong network, strong storage, right, strong compute, and then a strong stack of tools on top of it from sort of no ops kind of thing, "Please make my app just run," to analytics tools like BigQuery to machine learning things to make sense of unstructured information. Like, all of these things are things that actually any 50,000-person company has, and a subset of those are things that a 1,000-person company have.
Hölzle: In our Iowa data center site, we have 250 security guards on staff. And it's a big campus, so you really need a lot of people to ensure this, and we also test this all time, so we do our own penetration testing against the physical security. If you then look at the hardware, there's also much more security built into the hardware. Every machine has a certificate that— that really proves its identity, and it can attest to the cleanliness, so to speak, to the correctness of its software stack so that you know if the server says, "Hey, here's Gmail front end" talking to you, then you actually know cryptographically that this is in fact the server and this is in fact this binary that is the official release of the Gmail front end.
Hardy: You have had to think of so many different things at scale, in particular security because people will come at a system like this from any point on the planet using any potential device.
Hölzle: We basically came to the conclusion that in the corporate network your physical
location and the physical network that you use should not have any meaning for access. Just because I can plug in an ethernet port, you know, under your desk should not give me more rights for the laptop that you connect to this than if I was on Wi-Fi in a Starbucks, right? These two situations should be exactly the same.
Hardy: Google was here 10 years ago, 15 years ago, but now everyone has to assume a point of entry that could be anywhere.
Hölzle: What should matter is, is this a laptop in a good state, right, is this a
corporate-issued laptop and all the software is up to date? Is it you, right? Is it a correct user password? Do you have a second factor, right, or even a third factor? What's the time of day? Where is the location you're coming from? What application are you trying to access, right? Those are the things that should matter for saying yes or no.
Hardy: It's security for a world where you assume there's always computing everywhere.
Hardy: And firewalls are implicitly a statement of geography.
Hardy: But if computing is everywhere, there is no geography.
Hölzle: It used to be that your employees did work on premise, and if they were off premise, they weren't really connected, so they wrote things down on a notebook, and then they came back, and they typed it in on a terminal, but those times really are behind us. Everyone has a phone. It doesn't make sense to prohibit access to your corporation from your phone because the phone is with you when you are doing sales or when you're doing everything, and so you really have to kind of architect security for a world that is as distributed as the Cloud is, right? Your users are just as distributed.
So we're very, very early in the Cloud. I think security and compliance today are often still a question mark, even though that even today they shouldn't be, but today a lot of people are worrying about it. I think five years from now, every competent auditor will go to a company and say, "You still have some on-premise system. Do you realize that this is your biggest risk for security and compliance?"
On the future of cloud
Hardy: Google Cloud is not the first in the business. What do you think differentiates it?
Hölzle: I often compare this to 2007 with smartphones. You had iPhone and Android, but really actually 98 percent of people had no smartphone, and this is kind of the situation today, right? There are there clouds, but actually, 95 percent, 98 percent of workloads are not running in any one of those clouds. They're running on premise or in a colo or something like that, so really, we're very much in the beginning. One of our big advantages, I think, is not just having done this actually for a large customer for a very long time and a very demanding customer but also of approaching this really not as a product but as an ecosystem. Just like Android is not a Product. It's an ecosystem, where really many other people can be successful be they software developers or hardware vendors, and so we, I think, are the only cloud vendor who really looks at this as an ecosystem. For Cloud to take over the world, it needs to make everyone successful. Of course there are individual products in it, but just as many — or actually many more products — will come from third party providers. Just like on an Android phone or on an iPhone.
Hardy: So the style in which you establish this computing environment and welcome in partners to work with it will shape where the industry goes overall.
Hölzle: Absolutely. A lot of things are really things that should become standards, and we don't just publish, but we actually have open source implementations of things, right? And so on the Cloud side, for example, this would be things like Kubernetes for container management. It makes no sense for us to have three different Linux versions in three different Clouds. There should just be one Linux, right? Or, for example, for TensorFlow, right? TensorFlow is really a low-level tool for machine learning that really everyone benefits from if we standardize on it. Open source is basically a way to standardize without being slow, right? Traditional standards say, "Let us have a committee. Let us write it down. Let's have a spec book." It's very painful, but standards are actually good, right? Everyone agrees that this thing works this way.
With open source, you actually have a way to have a standard because everyone uses the same piece of code. Therefore, it behaves the same way by definition.
Hardy: And it tends to promote the best idea at all times.
Hölzle: But at the same time, you can evolve it, and every new — every month there's a new release or et cetera, et cetera, and so you can actually move the ecosystem, so that's something we strongly believe in, we've done in Android in Chrome, in Cloud now, in machine learning, in all kinds of places.
Hardy: You have some intimation of where this is going.
Hölzle: You know, nobody can predict what's gonna happen really five years from now. Like, we couldn't do it in 2007, so, you know, don't think we can do it today, but a few things are clear. Machine learning is really for the first time really working. It's been around for 25 years, but now it's really working for many problems, not all, and it's starting to be accessible, right? And I'm confident that just two years from now it's gonna be much more accessible than it is today, and two years afterwards, it's even more accessible, so really it becomes something that everyday people can use. Very few customers will actually administer applications, even complicated applications, in a detailed way, the way you're forced to today because many of these things will just be automated. The Cloud cannot be only a good economic choice, right? It really has to be a good operational choice, a good functionality choice. It has to accelerate your innovation, right? And it has to be the easiest way to do great security, great compliance, really great — all of the things that you care about in IT. It is a huge distance that you cover, but you don't cover it in a huge step. You're gonna cover it in a sequence of steps, each of which is much less scary and actually very doable.
Through the combination of these things, I think there is really a huge opportunity to improve security for almost every company. Like, it's a huge problem today both economic and actually technical, and we're not in a good state almost anywhere, and now all the things are coming together, and I think it is in our grasp collectively as an industry to really make a huge step as a sequence of smalls steps but get to a point where the transition in IT both in terms of what can you do, how easy is it to do it, how cheaply is it to run it. has sort of a similar step as it had for consumers to an Android or an iPhone. This is a really huge step that is possible.
For example, just by moving those workloads to Cloud, if 50 percent of the world's IT goes to Cloud, we're gonna save countless gigawatts of energy just because the efficiency of the Cloud. It's just so incomparably higher because of the operating model and because of the ability of the providers to really focus on that-
Hardy: And free up capital, free up brain power, free up all sorts of things to do other problems.
Hölzle: So that's a super exciting time.
Hardy: Thank you so much for your time today.
Hölzle: You're welcome.