This session will cover IaaS (Compute Engine), PaaS (App Engine), FaaS (Cloud Functions), CaaS (GKE), compute offerings on GCP and IAM, and Storage in General.
4. In this session, we look at the IaaS
(Compute Engine) , PaaS (App
Engine) , FaaS (Cloud Functions)
and CaaS (GKE) compute
offerings on GCP. We also look at
IAM and Storage in General.
GCCP Camp Facilitator
Rupak Biswas
3rd Year, BTech
IIT Patna
Google Cloud Career Practitioner Campaign
5. Event
Agenda 25 min
1
2 GCP Storage Services
3 Cloud Security & IAM
4
GCP Compute Services
10 min
15 min
Q&A
10 min
6. Your training schedule
Session 1
(1st Dec 2022)
In this session, we will
cover about Cloud
Technology in general,
GCP Overview and how
you can get started and
access GCP.
Session 4
Introduction to Docker and
Kubernetes. Overview of
Google Kubernetes Engine
(GKE).
You are here!
Session 2
(5th Dec 2022)
In this session, we look at
the IaaS (Compute Engine) ,
PaaS (App Engine) , FaaS
(Cloud Functions) and CaaS
(GKE) compute offerings on
GCP. We also look at IAM
and Storage in General.
Session 3
Look at various Networking
Options.We also look at
Google Cloud Monitoring
and tools available in the
Cloud Operations Suite.
7. GCP Compute Services
Copyright Google LLC. For educational purposes in accordance with the terms of use set forth on the program
8. IaaS
Virtual machines with
industry-leading
price/performance
Hybrid
Cluster manager and
orchestration engine built
on Google’s container
experience
PaaS Serverless logic
A flexible, zero ops
platform for building
highly available apps
A lightweight fully
managed serverless
execution environment
for building and
connecting cloud services
(Functions + Containers)
Compute Engine
Google
Kubernetes Engine
App Engine
Cloud Functions /
Cloud Run
Google Cloud offers a variety of compute services
spanning different usage options
Copyright Google LLC. For educational purposes in accordance with the terms of use set forth on the program
9. Introducing Compute Engine
General purpose
and optimized VMs
Committed
and sustained
use discounts
Preemptible VMs,
BYOL and sole tenants
Right sizing
recommendations
Live migration
Custom and
predefined
machine types
Compute Engine lets you create and run virtual
machines on Google infrastructure.
Get access to a variety of predefined and
customizable VM families coupled with consumption
and pricing models, as well as functionality for all of
your application and workload requirements.
12. Proprietary + Confidential
Google Cloud Serverless Compute
Product Portfolio
App Engine
Cloud Run
Cloud Functions Event-driven Functions-as-a-Service
Run containers on a fully managed
environment
Run source-based web applications on a
fully managed environment
13. App Engine is a platform-centric solution
● Type of PaaS
● No need to buy, build, or operate
hardware/infrastructure
● No managing servers or configuring
deployments
● Focus on app development instead
of operations
● Use a range of languages and tools
● Automatic scaling
Copyright Google LLC. For educational purposes in accordance with the terms of use set forth on the program
14. Connect and
extend cloud
services
Events and triggers Serverless
The components that make Cloud Functions work
Copyright Google LLC. For educational purposes in accordance with the terms of use set forth on the program
15. Cloud services Other APIs
Cloud Functions
Responds to events
Emit events
Writes back
Invokes other
services
How Cloud Functions works
Copyright Google LLC. For educational purposes in accordance with the terms of use set forth on the program
16. “We can’t be locked in.”
“How can we use
existing binaries?”
“Why do I have to choose between
containers and serverless?”
“Can you support language ____ ?”
But… customers ask us:
17. Containers
• Any Language
• Any Library
• Any Binary
• Ecosystem of base images
.js .rb .go
.py .sh …
0 1 0
1 0 0
1 1 1
18. Deploying containers at scale is different!
A fundamentally different way of managing
applications requires different tooling and
abstractions
● Deployment
● Management, monitoring
● Isolation
● Updates
● Discovery
● Scaling, replication, sets
19. Scheduling:
Decide what pods to run on which nodes
Lifecycle and health:
Keep my containers running despite failures
Scaling:
Make sets of containers bigger or smaller
Naming and discovery:
Find where my containers are now
Load balancing:
Distribute traffic across a set of containers
Kubernetes handles...
Storage volumes:
Provide data to containers
Logging and monitoring:
Track what’s happening with my containers
Debugging and introspection:
Enter or attach to containers
Identity and authorization:
Control who can do things to my containers
20. GKE is a managed environment for deploying
containerized apps
Copyright Google LLC. For educational purposes in accordance with the terms of use set forth on the program
21. Where GKE fits within Google Cloud
IaaS
Virtual machines with
industry-leading
price/performance
Hybrid
Cluster manager and
orchestration engine built
on Google’s container
experience
PaaS Serverless logic
A flexible, zero ops
platform for building
highly available apps
A lightweight fully
managed serverless
execution environment
for building and
connecting cloud services
Compute Engine
Google
Kubernetes Engine
App Engine Cloud Functions
Copyright Google LLC. For educational purposes in accordance with the terms of use set forth on the program
22. Proprietary + Confidential
Cloud Run
Deploy in seconds
Automatic HTTPS, Custom domains
Any language, any library
Portability
No cluster management
Run containers on a fully managed environment
26. There are three common use cases for cloud
storage
Copyright Google LLC. For educational purposes in accordance with the terms of use set forth on the program
1 Content storage and delivery
2
3 Backup and archival storage
Storage for data analytics and
general compute
27. Structured data
Unstructured data
First_Name Last_Name Address City Age
Sherlock Holmes 12 Main St Mesa 60
James Bond 23 Old St Napa 43
Scarlett O’Hara 34 New St Derby 23
Marge Simpson 56 West St Cody 36
Transactions
Online
communities
Notes & text
fields
Email
Social
media
Ratings &
reviews
Voice
transcriptions
Surveys
Call center
Chat
Structured versus unstructured data
Copyright Google LLC. For educational purposes in accordance with the terms of use set forth on the program
28. Cloud SQL
Cloud
Spanner
Datastore
Cloud
Bigtable
BigQuery
Cloud
Storage
Is your data structured?
?
No
Is your workload analytics?
?
No
No
Is your data relational?
?
Yes
Do you need updates
or low latency?
?
Do you need horizontal
scalability?
?
No
Yes
Yes
Yes
No
Yes
What type of storage will meet my needs best?
Copyright Google LLC. For educational purposes in accordance with the terms of use set forth on the program
29. GCP Security & IAM
Copyright Google LLC. For educational purposes in accordance with the terms of use set forth on the program
30. Hardware infrastructure
Service deployment
User identity
Storage services
Internet communication
Operational security
Google’s infrastructure security layers
Copyright Google LLC. For educational purposes in accordance with the terms of use set forth on the program Website.
31. Provide an identity for carrying out server-to-server interactions in a project.
Used to authenticate from one service to another.
Used to control privileges used by resources so that applications can
perform actions on behalf of authenticated end users.
Identified with an email address:
PROJECT_NUMBER-compute@developer.gserviceaccount.com
PROJECT_ID@appspot.gserviceaccount.com
Service accounts control server-to-server interactions
Copyright Google LLC. For educational purposes in accordance with the terms of use set forth on the program Website.
32. PaaS
On-
premises
IaaS
Content
Access policies
Usage
Deployment
Web app security
Identity
Operations
Access and authentication
Network security
OS, data, and content
Audit logging
Network
Storage and encryption
Hardware
Managed
services
Responsibility
Google-managed
Customer-managed
With Google Cloud, security responsibility is shared
Copyright Google LLC. For educational purposes in accordance with the terms of use set forth on the program Website.
33. Data access is almost always the customer’s responsibility
Copyright Google LLC. For educational purposes in accordance with the terms of use set forth on the program Website.
34. Who can do what on which resource
Cloud Identity and Access Management lets admins
authorize who can take action on specific resources
Copyright Google LLC. For educational purposes in accordance with the terms of use set forth on the program Website.
35. Service account
test@project_id.iam.gserviceaccount.com
Google account or Cloud Identity user
test@gmail.com test@example.com
Cloud Identity or Google Workspace domain
example.com
Google Groups
test@googlegroups.com
Who: IAM policies can apply to any of four types
of user sources
Copyright Google LLC. For educational purposes in accordance with the terms of use set forth on the program Website.
Who
36. Basic Predefined Custom
There are three types of IAM roles
Copyright Google LLC. For educational purposes in accordance with the terms of use set forth on the program Website.
37. Who can do what
on Compute Engine
resources in this project,
or folder, or org
IAM predefined roles apply to a particular Google Cloud
service in a project
Copyright Google LLC. For educational purposes in accordance with the terms of use set forth on the program Website.
38. ✔ compute.instances.delete
✔ compute.instances.get
✔ compute.instances.list
✔ compute.instances.setMachineType
✔ compute.instances.start
✔ compute.instances.stop
. . .
InstanceAdmin
role
project_a
Google
Group
IAM predefined roles offer more fine-grained permissions
on particular services
Copyright Google LLC. For educational purposes in accordance with the terms of use set forth on the program Website.
39. ✔ compute.instances.get
✔ compute.instances.list
✔ compute.instances.start
✔ compute.instances.stop
. . .
InstanceOperator
role
project_a
Google
Group
IAM custom roles let you define a precise set
of permissions
Copyright Google LLC. For educational purposes in accordance with the terms of use set forth on the program Website.