Forseti 2.0 Launch

Forseti 1.0 was first launched at Google Cloud Next ‘17 about a year ago. Since then, over 100 businesses and organizations have adopted Forseti, helping to secure Google Cloud Platform (GCP) environments large and small.

We received great feedback on how we could improve Forseti, and insight into new features you’d like to see. To make those improvements possible and take Forseti to the next level, we’re making fundamental architectural changes to Forseti. As a direct result of all our contributors’ hard work, we are now ready to share some of the exciting new changes in Forseti 2.0!

New Features

  • New Explain component to help you understand the effective roles and permissions that Cloud IAM policies grant to your GCP resources.
  • New command-line interface (CLI) client to operate all the Forseti components on demand.
  • Parallelized inventory process.
  • Easier to add new inventory types: Bucket Cloud IAM Policies, API Configurations, Audit Logging Configurations, Networks, Subnetworks, and G Suite Users.
  • New scanners for service account key rotation, audit log configuration, and enabled APIs.
  • Cloud IAM policy scanner now audits bucket Cloud IAM policies.
  • A more intuitive installation process with better default rule files.

Architecture Improvements

  • Centralized table for all GCP inventory data, with optimized schema and indexes for easier and faster queries.
  • New authentication library that negates the use of a separate G Suite service account and exported key.
  • Forseti Compute Engine VMs now run on the latest Ubuntu 18.04.

If you’d like to upgrade from version 1.0, see the Forseti v2 upgrade guide.

If you’re new to Forseti and want to get started, see the Forseti v2 installation guide.

As always, we are eager for you to get involved and add your ideas to take Forseti to even greater heights!

Written By
Henry Chang
Published On
11 June 2018