The US National Institute of Standards and Technology created a definition It has 5
equally important traits: Virtualized
data centers brought you Infrastructure as a Service, IaaS, and Platform as a Service, PaaS offerings. In the IaaS model, you pay for
what you allocate. In the PaaS model, you pay for what you use. Both sure beat the old way where you bought everything in advance based on lots of risky forecasting. As Cloud Computing has evolved, the momentum has shifted towards managed infrastructure and managed services. GCP offers many services in which you need not worry about any resource provisioning at all. We'll discuss many in this course. They're easy to build into your applications and you pay per
use. What about SaaS? Of course, Google's popular applications like, Google Search, Gmail, Google Docs and Google Drive are Software as a Service applications in that they're consumed directly over the internet by end users (e.g. GSuite). article: https://cloud.google.com/blog/products/gcp/time-to-hello-world-vms-vs-containers-vs-paas-vs-faas GCP Multi-regions, Regions & Zones
Pricing innovations
Multi-layered security approachvideo Starting with Google Cloudyour workloads in GCP:
ProjectsProjects are the main way you organize the resources you use in GCP. Use them to group together related resources, usually because they have a common business objective. IAMThe principle of least privilege is very important in managing any kind of compute infrastructure, whether it's in the Cloud or on-premises. This principle says that each user should have only those privileges needed to do their jobs. In a least-privilege environment, people are protected from an entire class of errors. GCP customers use IM to implement least privilege, and it makes everybody happier. There are four ways to interact with GCP's management layer:
When you build an application on your on-premises infrastructure, you're responsible for the entire stack security. From the physical security of the hardware, and the premises in which they're housed, through the encryption of the data on disk, the integrity of your network, all the way up to securing the content stored in those applications. When you move an application to Google Cloud Platform, Google handles many of the lower layers of security. Because of its scale, Google can deliver a higher level of security at these layers than most of its customers could afford to do on their own. The upper layers of the security stack remain the customers' responsibility. Google provides tools such as IAM to help customers implement the policies they choose at these layers. GCP resource hierarchyvideo #1 video #2 Policies are inherated downwards in the hierarchy. Identity and Access Management (IAM)video Who (Account/Identity)/Doing what (Roles)/On which resources?IAM lets administrators authorize who can take action on specific resources. An IAM policy has:
Predefined roles Be careful, if you have several people working together on a project that contains sensitive data, primitive roles are probably too coarse. Fortunately, GCP IAM provides a finer grained types of roles. GCP services offer their own sets of predefined roles and they define where those roles can be applied. For example, later in this course, we'll talk about Compute Engine, which offers virtual machines as a service. Compute Engine offers a set of predefined roles, and you can apply them to Compute Engine resources in a given project, a given folder, or in an entire organization. Another example. Consider Cloud Bigtable, which is a managed database service. Cloud Bigtable offers roles that can apply across an entire organization to a particular project or even to individual Bigtable database instances. *IAM more fine-grained predefined roles on particular services (video).
Services Accountsmid of video What if you want to give permissions to a Compute Engine virtual machine, rather than to a person? Then you would use a service account. Interacting with GCPvideo APIs Explorer Cloud Marketplace (formerly Cloud Launcher)console.cloud.google.com/marketplace video A Quick way to get access to "solutions" with minimum effort. e.g.:
Virtual Machines on GCPCompute Engine lets you run virtual machines on Google's global infrastructure. Virtual Private Cloud (VPC) NetworkYour VPC networks connect your GCP resources to each other and to the internet:
The way a lot of people get started with GCP is:
The Virtual Private Cloud networks that you define have global scope.
This architecture makes it easy for you to define your own network layout with global scope:
Compute Enginevideo
Important VPC capabilitiesvideo
Create a VM from ConsoleCreate a VM with gcloud in Cloud ShellCreate the new VM in the same region, but in another zone, setting SSH the new VM: Install a simple webserver and edit its homepage on the new VM: Check that the running webserver serves the homepage locally on the new VM: Check that the running webserver serves the homepage from the other VM on the same VPC: Lab about Compute Enginenotes GCP Storage Optionsvideo GCP has other storage options to meet your needs for:
Its core storage options:
Cloud Storage & Cloud Storage interactions
Cloud Storage objects are immutable 4 classes:
Google Cloud Bigtablevideo Definition: Google CLoud (fully-managed) NoSQL, BigData, database service for TeraBytes applications (up to PetaBytes of data). Google Cloud Datastorevidoe Definition: Google CLoud Datastore is a managed horizontally scalable NoSQL database. Google Cloud SQLvideo a managed Relational Database Management System (RDBMS) database service. Either based on MySQL or PostgreSQLBeta. It manages "database transactions". Google Cloud Spannervideo, together with Cloud SQL Definition: Google Spanner is horizontally scalable Relational Database Management System (RDBMS). Lab: Cloud Storage / Cloud SQLvideo notes Containers, Kubernetes, and Kubernetes Enginevideo ContainersIt scales like PaaS, but gives you nearly the same flexibility as IaaS. With this abstraction, your code is ultra portable, and you can treat the OS and the hardware as a blackbox. You can go from your laptop to the cloud without changing or rebuilding anything. Kubernetesvideo Let's you orchestrate many containers on many hosts, scale them as microsrvices and deploy rollouts and rollbacks. Kubernetes is a set of APIs that you can use to deploy containers on a set of nodes called a cluster GKE is "hosted Kubernetes" by Google!! GKE clusters:
One way to run a container in a POD in Kubernetes is to use
To get the IP of the load balancer: To scale the deployment: the real strength of Kubernetes comes when you work in a declarative way. Instead of issuing commands, you provide a configuration file that tells Kubernetes what you want your desired state to look like, and Kubernetes figures out how to do it. Watch the PODs come online: Which ones are deployed? Find out the external IP of the service(s): And hit a public IP from a client: What happens when you want to upload a new version of your app? It might be too risky to rollout all of your services all at once! Use New PODs will get created according to your update strategy:
Lab: Containers / Kubernetes / GKEvideo: k8s on GKE is much more...
App Engine
App Engine:
Standard Environment
Flexible Environment
Comparison Standard vs FlexibleComparison App Engine vs Kubernetes EngineGoogle Cloud Endpoints and Apigee Edgevideo
Google provides 2 APIs-related approach:
Many users of Apigee Edge are providing a software service to other companies and those features come in handy.
Lab: Getting Started with App Engine
Development in the cloudvideo
Deployment: Infrastructure as codevideo It's often more efficient to use a template to set up your GCP environment. That means a specification of what the environment should look like. It's declarative rather than imperative, using either:
Then you give the template to Deployment Manager, and you allows you to version control your deployment templates in Git repositories (e.g. Cloud Source Repositories). Monitoring: Proactive instrumentation (Stackdriver & )video You can't run an application stably without monitoring. Monitoring lets you figure out whether the changes you made were good or bad. It lets you respond with information rather than with panic, when one of your end users complains that your application is down Stackdriver is GCP's tool for monitoring, logging and diagnostics. lab: Getting Started with Deployment Manager and Stackdriver
Big Data and Machine Learning
Dataproc
Dataflow
BigQuery
Cloud Pub/Sub and Cloud Datalab
Google Cloud Machine Learning Platform
Machine learning APIs
lab: Getting Started with BigQuery
Summaryvideo
Resources/Articles
Why might a Google customer use resources in several zones within a region?Google Cloud resources are hosted in multiple locations worldwide. These locations are composed of regions with zones within those regions. Putting resources in different zones in a region provides isolation from many types of infrastructure, hardware, and software failures.
Which statement is true about the zones within a region?Which statement is true about the zones within a region? ( ) The zones within a region are never closer to each other than 160 km.
Why might a Google Cloud customer choose to use cloud functions?Why might a GCP customer choose to use Cloud Functions? Their application contains event-driven code that they don't want to have to provision compute resources for.
What are the three classifications of resources in the Google Cloud Platform?Global, regional, and zonal resources
These regional resources include static external IP addresses. Other resources can be accessed only by resources that are located in the same zone. These zonal resources include VM instances, their types, and disks.
|