In general we IT-professionals are familiar with Microsoft Azure and Amazon Web Services when we talk Public Cloud Providers. But what about Google Cloud? Personally I always had a soft spot for Google, but where do I begin understanding the cloud services from Google? I thought I would start with the basic concepts and let you in on it through this blog. I understand this is not the most exiting blog post you will ever read but I am planning to do more with Google products, so I feel this it is necessary to break down the basics of Google Cloud first. Bear with me on this one..
Google Cloud Platform (GCP) is a collection of Cloud computing services and various management tools that are offered by Google. GCP operates on the same platform as Google uses for their own search engine, Gmail, YouTube and Google Drive. So you can see why security and reliability are important aspects of the Google Cloud infrastructure.
Just like other cloud vendors there are multiple options to run cloud services on Google Cloud depending on the chosen architecture. You decide what part of your infrastructure you would like to move to the cloud by choosing for a Infrastructure as a Service (IaaS), Platform as a Service (PaaS) or Software as a Service (SaaS) strategy.
GCP is divided in different regions and zones. A region is an independent area that consists of zones. A zone is a deployment area for resources within a region. To create high availability for infrastructure components you should consider working with multiple zones. To prepare for the unlikely event of a loss of an entire region (due to a natural disaster) you could include a disaster recovery within a secondary region. The first question IT-managers will ask when migrating data to the cloud is: ‘Where is my data?’ Fortunately Google understands that customers can have special security and compliance needs and in consultation with Google it is possible to fulfill those requirement. You can choose where to locate your apps or workload to reduce latency, create higher availability and meet other delivery requirements.
With the services within Compute it’s all about virtual machines. GCP gives customers the ability to create, delete and manage virtual machines. There are different types of VM’s with different settings and costs models. Besides the standard machine types (standard) with 1 to 96 VPU’s and 3.75GB to 360 GB memory you have the choice to go for:
More memory, 6.5 GB per vCPU.
More CPU power, 1 vCPU for every 0.90 GB memory.
Higher ratio memory to vCPU than the highmem series.
Besides the series described above there are VM’s available to cope with temporary CPU spikes (f1-micro & g1-small) and it’s also possible to create VM’s with custom preferences.
You only pay for the resources you use. With GCP you always pay for the first minute that a VM runs. Even if you run a VM for twenty seconds, you will be charged for one minute. After the first minute costs will be calculated per second. Google has special discounts for VM’s that run a longer adjusted period of time called committed use discounts. Costs differ per machine type and region. For a full overview for compute pricing click here.
Storage & Databases
Different forms of architecture require different types of storage. Google made this nifty decision tree to determine which storage solution fits your requirements.
|Persistent Disk||Block-storage for Google compute as used for the various virtual machines.|
|Google Cloud Storage||Scalable storage for objects, blobs, media files and unstructured data. Used for back-ups, data archive or multimedia streaming.|
|Google Cloud Bigtable||No-SQL database for realtime as well as static analyses. This is the ideal storage for IoT or finance related usage.|
|Google Cloud Datastore||No-SQL database for web and mobile applications.|
|Google Cloud SQL||Fully managed MySQL and PostgreSQL database service. This service is most suitable for websites, content management systems, BI-apps, ERP-, CRM- and e-commerce apps.|
|Google Cloud Spanner||Rational database service with transactional consistency which a high available on a global scale. This service is suited for core applications and services that involve a lot of transactions.|
|Google BigQuery||Managed Enterprise Data Warehouse with SQL. Ideal for processing Big Data.|
|Drive Enterprise||Shared storage for editing and sharing of files|
On top of that Google has special services for mobile storage solutions.
|Cloud Storage for Firebase||Access through mobile and web to Google Cloud Storage with serverless verification and authorization form third party vendors.|
|Firebase Realtime Database||Realtime NoSQL, JSON-database for web and mobile applications.|
|Firebase Hosting||Content hosting for developers|
|Cloud Firestore for Firebase||NoSQL document database to save data for web and mobile applications.|
It is needless to say that Google has one of the most advanced network in the world. When using network services on GCP you can benefit of that network. With the Google Virtual Private Cloud Network you can build a private network for your storage solutions and virtual machines, complete with custom IP ranges, subnets, firewalls and cloud routing. To avoid unnecessary downtime of services or applications we need proper load balancing. Google Cloud Load Balancing makes the services high available through load balancing over multiple regions. With intelligent auto scaling functionality this service always provides the option to dynamically scale your resources up or down. Google Cloud Load Balancing is integrated with Google Cloud DNS. Google Cloud DNS is a Domain Name System-service which operates in the cloud. With Google Cloud Interconnect it is possible to connect your on-premises infrastructure to GCP through a direct connection. This provides a direct access to the RFC1918-IP-addresses in a Virtual Private Cloud Network through a IPsec-VPN connection. This connection comes with a Service Level Agreement (SLA). Google also accepts straightforward peering to GCP. To increase performance for websites and application delivered from the Google Compute Engine you can use Google Cloud Content Delivery Network (CDN). CDN uses worldwide stored cache to accelerate content delivery. CDN reduces waiting time for network traffic and lowers delivery costs.
It’s no secret that the cloud is a digital playground for developers. It is not my cup of tea, but I want to mention some services here to complete the GCP story. Of course there is a command-line interface for GCP to code your scripts and apps. The command-line interface is called Cloud SDK. If you used to code from your Linux machine, you can use Cloud Shell. With Cloud Shell you can manage your infra and apps from the command-line through any browser. Containers are popular in the online development world and Google meets that demand with a service called Container Registry where you can store an manage Docker images. Google also offers an integration with a variety of other programs. With cloud tools for Android Studio, IntelliJ, Eclipse, Powershell and Visual Studio developers can have their way with their personal favorite development tooling. With the Cloud Deployment Manager you can create and manage cloud resources with the ease of templates.
Identity & Security
Where in the previous subjects Google shares a lot of common ground with Microsoft and Amazon, we see that they differ in identity management. Google Identity & Access Management (IAM) supports:
- Standard Google accounts;
- Service account;
- Google Group;
- G Suite domain;
- Cloud Identity domain.
The accounts can have individual access to Cloud resources (for example, a virtual machine of section of storage) but more likely you would like to give access and permissions to a specific role. There are predefined roles but you can also create custom roles.
All accounts are managed through the IAM console. The Google IAM service is free. You only pay for other Platform services from Google not for the identities you use. In the near future it is possible to restrict access to resources by device, IP address, resource type and time or date. Unfortunately IAM conditions, as what this service is named, is only available in a private beta version and is not recommended for production use.
On a security point-of-view Google wants to be a reliable business partner. With encryption for data at rest by default Google shows that securing data is not to be taken lightly. You can go as far as to give Google encryption keys, so Google cannot decrypt your data even if they would want to. With Identity-Aware Proxy you can easily manage the services an employee is entitled to. And employees can work from an external locations without the use of a VPN.
More Google to come!
Remember that the services which are described above are you just basic services in GCP. Machine learning is a key functionality for the development of the Google Cloud services. There is a world of API possibilities to develop applications, manage end-point devices and create your own infrastructure.
Personally I would like to explore the possibilities of Google and end-user computing. What can Google do to make daily work easier and more effective for your employees? Keep a close eye on my blog because I will get back to that!