Google Cloud Platform (GCP)

Cloud SQL is a hosted MySQL service. It provides: Rich query language Primary and secondary indexes ACID transactions Relational integrity Stored procedures Fully managed MySQL and PostgreSQL databases Fully managed instances Patches and updates automatically applied You still have to administer MySQL users Cloud SQL supports many clients gcloud beta sql App Engine, G Suite scripts Applications and tools    SQL Workbench, Toad    External applications using standard MySQL drivers

Cloud Storage offers layers of increasingly granular access control. For most purposes, Cloud IAM is sufficient, and roles are inherited from project to bucket to object. Access control lists (ACL) offer finer control. And for detailed control, signed URLs provide a cryptographic key that gives time-limited access to a bucket or object. A signed policy document further refines the control by determining what kind of file can be uploaded by someone with a signed URL Cloud IAM Works with Cloud Storage just as with using Cloud IAM with any other resource. Project Owners are automatically granted Bucket Owner role for all buckets in the project. Note that ACLs and Cloud IAM are independent, so Project-level Cloud IAM permissions will not appear in bucket or object ACLs. Signed URLs A signed URL gives you the ability to grant access to a bucket without Cloud IAM user authentication for a limited period of time. e.g., when you don’t want to require users to have Goog...

Cloud Storage stores objects in buckets. There are several differences between Cloud Storage and a file system. 1. A file system has a hierarchical structure. Cloud Storage is unstructured. It is a flat system of buckets (not directories) that cannot be nested. 2. An object name may consist of up to 222 characters. A valid character in an object name include '/' (forward slash). Using this character in object names can simulate some of the hierarchical structure of a file system, even though the slash is not a functionally significant entity. 3. Objects are replicated and distributed for availability. However, there is no distributed equivalent of a file lock. Therefore, the last entity to write to an object "wins." If you use Cloud Storage in a distributed application, the application is responsible for locking and serialization of access. 4. Cloud Storage treats objects as an unstructured series of bytes. Multi-Regional = Data is stored red...

All application need persistent and durable storage to accomplish their purpose. Applications vary in their storage requirements, so Google Cloud Platform offers many persistent storage services. Note: BigQuery is grayed out. BigQuery sits on the edge between data storage and data processing. You can store data in BigQuery, but the usual reason to do this is to use BigQuery's big data analysis and interactive querying capabilities All data in GCP is encrypted while at rest and encrypted in flight. Different applications and workloads require different storage and database solutions. Google offers a full suite of industry-leading storage services that are price performant and meet your needs for structured, unstructured, transnational, and relational data. This decision chart helps you identify the solutions that fit your scenarios.

Compute Engine offers managed virtual machine. You can configured high CPU, high memory and standard and shared core machine type like building out a physical servers. Also you can set persistence disk likes Standard, SSD, local SSD and also create Snapshots (global image). We can resized the disks without downtime. You can create a virtual machine instance by using the Google Cloud Platform Console or the gcloud command-line tool. A Compute Engine instance can run Linux and Windows Server images provided by Google or any customized versions of these images. You can also build and run images of other operating systems. Scale up or scale out with Compute Engine: You can make very large VMs in Compute Engine. The maximum number of virtual CPUs in a VM was 96, and the maximum memory size was at 624 These huge VMs are great for workloads like in-memory databases and CPU-intensive analytics. But most GCP customers start off with scaling out, not up. Compute Engine has a fea...

When you create a GCP firewall rule, you specify a VPC network and a set of components that define what the rule will do. The components enable you to target certain types of traffic, based on the traffic's protocol, ports, sources, and destinations. In addition to firewall rules that you create, GCP has other rules that can affect incoming and outgoing traffic: ·          GCP doesn't allow certain IP protocols, such as GRE, within a VPC network ·          GCP always allows communication between a VM instance and its corresponding metadata server at 169.254.169.254 ·          Every network has two implied firewall rules which permit outgoing connections and block incoming connections. Firewall rules that you create can override these implied rules. ·          The default network is pre-populated with firewall rules t...

Google Cloud Platform (GCP) Virtual Private Cloud (VPC) provides networking functionality to Compute Engine virtual machine (VM) instances, GKE containers and App Engine Flex . VPC provides global, scalable, flexible networking for your cloud-based services. Virtual Private Cloud Networking VPC network connect your GCP resources to each other and to the internet. You can segment your networks, use firewall rules to restrict access to instances, and create static routes to forward traffic to specific destinations. You can define your own VPC inside the project or Can Choose the default VPC. Google Cloud VPC networks are global; subnets are regional. VPC Network that you define have the Global Scope and they can have subnets in any GCP region worldwide. Subnets can span the zones that makeup a region. This architecture makes it easy for you to define your own network layout with global scope. You can also have resources in different zones on the same subnet. ...

What if you want to give permissions to a Compute Engine virtual machine rather than to a person? That’s what service accounts are for. For instance, maybe you have an application running in a virtual machine that needs to store data in Google Cloud Storage. But you don’t want to let just anyone on the Internet have access to that data; only that virtual machine. So you’d create a service account to authenticate your VM to Cloud Storage. Service accounts are named with an email address, but instead of passwords they use cryptographic keys to access resources. Service Accounts control server-to-server interactions: Provide an identity for carrying out server-to-server interactions in a project Used to authenticate from one service to another Used to control privileges used by resources                 So that applications can perform actions on behalf of authenticated end users Identified with an ...

IAM lets administrators authorized who can take on specific resources. An IAM Policy has “Who” Part A “Can do What” part and “On which resource” Part Who can do what on which resources? Who: IAM policies can apply to any of four types of principals Google Account or Cloud Identity User Service Account Google group G Suite domain Can do what : IAM roles are collections of related permissions Example Instance Admin Role can have below list of permission compute.instance.list compute.instance.delete compute.instance.start compute.instance.stop On Which Resources: Users get roles on specific items in the hierarchy When you give a user, group, or service account a role on a specific element of the resource hierarchy, the resulting policy applies to the element you chose, as well as to elements below it in the hierarchy. Organization à folder à Project à Resources There are three kinds of roles in Cloud IAM IAM primitive roles ap...

GCP resource hierarchy from the bottom up. All the resources you use--whether they’re virtual machines, Cloud Storage buckets, tables in BigQuery, or anything else in GCP are organized into projects.Optionally, these projects may be organized into folders; folders can contain other folders. All the folders and projects used by your organization can be brought together under an organization node. Projects, folders, and organization nodes are all places where policies can be defined. Some GCP resources let you put policies on individual resources too, like Cloud Storage buckets Project: All Resources belong to GCP console project. Projects are the basis for enabling and using GCP services, like managing APIs, enabling billing, adding and removing collaborators, and enabling other Google services. Each project is a separate compartment, and each resource belongs to exactly one. Projects can have different owners and users. They’re billed separately, and they’re managed se...

Google Cloud Platform provide to developer to build, test deploy applications on Google’s highly, secure, reliable, and scalable, infrastructure. Let developer to choose from Computing, storage, big data/Machine learning and application services for your web, mobile, analytics, and backend solutions. Google gives customers the ability to run their applications elsewhere if Google becomes no longer the best provider for their needs as Google services are compatible with open source products. Compute Services: Compute Engine Kubernets Engine App Engine Cloud Function Compute Services: Big table Cloud Storage Cloud SQL Cloud Spanner Cloud Datastore Services for getting Value from Data: Big Data: BigQuery Pub/Sub Dataflow Dataproc Datalab Machine Learning: Natural Language API Vision API Translate API Speech API Machine Learning

Google Cloud Platform is organized into Regions and Zones Regions are independent geographic areas that consist of zones A zone is is a deployment area for Google Cloud Platform resources (like Compute Engine, VPC) with in region.Think of a zone as a single failure domain within a region. In order to deploy fault-tolerant applications with high availability, you should deploy your applications across multiple zones in a region to help protect against unexpected failures. To protect against the loss of an entire region due to natural disaster, you should have a disaster recovery plan and know how to bring up your application in the unlikely event that your primary region is lost. Zonal resources Zonal resources operate within a single zone. If a zone becomes unavailable, all of the zonal resources in that zone are unavailable until service is restored. ● Google Compute Engine VM instance resides within a specific zone. Regional resources Regional resources ...

Virtualized data centers brought you infrastructure as a service (IaaS) and platform as a service (PaaS) offerings IaaS offering provide you with raw compute,storage and network, organized familiar to you from physical and virtualized data centers. PaaS offerings,  bind your code to libraries that provide access to the infrastructure your application needs, thus allow you to focus on your application logic. In the IaaS model, you pay for what you allocate. In the PaaS model, you pay for what you use. As cloud computing has evolved, the momentum has shifted toward managed infrastructure and managed services.

Cloud Computing has five fundamental attributes. On demand self service Broad Network Access Resource pooling Rapid elasticity Measure Service On demand self service: No human intervention needed to get the resource. Broad network access:   Can Access the resources from anywhere. Resource pooling :Provider shares resources to customers. Rapid elasticity:  Get more resources quickly as needed. Measure Service:P ay only for what we use or reserve, as they go. If we stop using resources, provider stop charging.