google cloud platform intro why gcp
play

Google Cloud Platform Intro Why GCP? Student-friendly Credits - PowerPoint PPT Presentation

Jul 23, 2023 •1.16k likes •1.64k views

Google Cloud Platform Intro Why GCP? Student-friendly Credits without credit-cards Ability to use pdx.edu accounts for credits Per-second billing Supports open-source APIs and tools to avoid vendor lock-in Go Kubernetes

  1. Google Cloud Platform Intro

  2. Why GCP?  Student-friendly  Credits without credit-cards  Ability to use pdx.edu accounts for credits  Per-second billing  Supports open-source APIs and tools to avoid vendor lock-in  Go  Kubernetes  TensorFlow*  Carbon-neutral since 2007  Abstractions the same across cloud providers Portland State University CS 410/510 Internet, Web, and Cloud Systems

  3. Why GCP?  Generous free-tier  App Engine  28 instance-hours per day  Cloud Datastore  1GB storage, 50k reads, 20k writes, 20k deletes  VisionAPI  1k units/month  Unit == feature (e.g. facial detection)  BigQuery  Arbitrary loading, copying, exporting  First TB of processed data in queries free  But, $0.02 per GB per month storage Portland State University CS 410/510 Internet, Web, and Cloud Systems

  4. Projects  Many companies with multiple sites  Each site needs its own  Security/access control policies, permissions, and credentials  Billing account with separate credit-card/bank accounts  Resource and quota tracking  Set of enabled services and APIs (most are default OFF and turn on once first used)  Project abstraction encapsulates this collection  Google has 100,000+ projects on GCP to run its sites  Contains all resources associated with site and the ability to set permissions on them Portland State University CS 410/510 Internet, Web, and Cloud Systems

  5. Regions and zones in GCP  Regions: geographic areas where data centers reside  us-west, us-east, us-central  Consist of collections of zones  Zones: isolated location within region  https://cloud.google.com/compute/docs/regions-zones/ Portland State University CS 410/510 Internet, Web, and Cloud Systems

  6. Access to resources  Also programmatic access in many languages (JavaScript, Python, Go, Java, Ruby) Portland State University CS 410/510 Internet, Web, and Cloud Systems

  7. Command-line GCP  Install SDK on your local VM ( google-cloud-sdk) to get commands  https://cloud.google.com/sdk/docs/quickstart-debian- ubuntu  gcloud  gsutil (Cloud Storage)  bq (Big Query)  Docker image docker pull google/cloud-sdk Portland State University CS 410/510 Internet, Web, and Cloud Systems

  8. Command-line GCP  Google Cloud Shell  Command-line access to cloud resources via web browser  Containerized version of Linux with the latest gcloud SDK running on a ComputeEngine instance  Has nano , vim , emacs , python2/3 , virtualenv , etc. Portland State University CS 410/510 Internet, Web, and Cloud Systems

  9. Google Cloud Storage

  10. Google file system (GFS) 2003  Google search engine  Retrieving, storing, and querying of web pages at massive scale  Performance requirements  Management costs  File system designed to support Google Search  Massive data sets  High-throughput, low-latency querying  Durability and availability  Very little management overhead  Dead disks simply replaced and system seamlessly adapts  https://research.google.com/archive/gfs-sosp2003.pdf  But, initially proprietary  Yahoo! later reverse-engineered GFS  Released as Hadoop Distributed File System (HDFS).  Open-sourced and distributed by Apache  More later… Portland State University CS 410/510 Internet, Web, and Cloud Systems

  11. Google Cloud Storage (gcs)  Commercial iteration of GFS  AWS equivalent is S3  Storage done via "buckets"  Fully-managed, no-ops storage service  No administration or capacity management  Backed up and versioned automatically  Replicated and cached over multiple zones/regions  Can be fixed to a region based on location of computation  Can set multi-region if serving multimedia files to a global population  Replicas automatically adapt to load and access patterns to achieve high availability and throughput  Low latency: 10s of ms on first use, then faster via migration  Data encrypted at rest when not being used and in flight  Key sharding with parts of keys in multiple jurisdictions  But, unencrypted when being used  Massive scale  Autism Speaks: 1300 genomes and > 100 TB of data  Projected to 10,000 genomes > 1 PB of data Portland State University CS 410/510 Internet, Web, and Cloud Systems

  12. Applications  Good for large unstructured data that does not need to be queried  Images, Video, Zip files  Structured data that needs to be queried should use DBs  Used to feed and store data and logs from all cloud services  BigQuery, App Engine, Cloud SQL, ComputeEngine, Dataflow/Dataproc, Etc..  Access via many methods  gcloud SDK, Web interface, REST API  Client libraries in Python, Java, PHP, Go Portland State University CS 410/510 Internet, Web, and Cloud Systems

  13. Security, IAM

  14. Cloud security  In this context, enterprise security  Security of the infrastructure running the applications  Developers, operations, accounting access to cloud resources  Securing the applications  See CS 495/595: Web Security  Some things shared Portland State University CS 410/510 Internet, Web, and Cloud Systems

  15. Traditional enterprise security  Castle-moat model where trusted access only from within internal networks  Firewalls filter external traffic entering enterprise network  VPNs for accessing internal services from an external device  Implicit trust for machines within internal network  Issues  Enterprise laptops infected on home networks and then moved inside enterprise (WannaCry)  Rogue insider with full-access to network and intranet (Edward Snowden)  Rogue scripts accessing internal network (DNS rebinding) Portland State University CS 410/510 Internet, Web, and Cloud Systems

  16. Cloud security  Deperimiterization of network  Valid access to cloud resources can come from anywhere  Network boundaries that separate “internal” and “external” no longer applicable  Crux of "zero- trust networks" and Google’s BeyondCorp approach https://www.beyondcorp.com/  Building applications on top of networks you can not trust  Reaction against Aurora operation 2009  Trust built not from where you connect from (e.g. internal network or VPN), but on strong authentication of user and integrity of the device  Restrict kinds of access based on your overall security posture Portland State University CS 410/510 Internet, Web, and Cloud Systems

  17. IAM (Identity and Access Management)  AWS and GCP approach for implementing cloud security policies  Largely similar (i.e. copied) Portland State University CS 410/510 Internet, Web, and Cloud Systems

  18. Identity (Authentication)  Validating users and applications  For users, done via  What you know (password)  What you have (YubiKey/phone, WebAuthn)  Who you are (fingerprint sensor, FaceID)  Where you are (network, geographic location)  For applications (e.g. external web application, internal web application, database)  Done via API keys, service-account keys (which must be kept safe!) Portland State University CS 410/510 Internet, Web, and Cloud Systems

  19. Access Management (Authorization)  Policy to set which users are allowed which actions on which objects  Users given roles that grant them specific privileges for access Portland State University CS 410/510 Internet, Web, and Cloud Systems

  20. Types of access management policies  Discretionary Access Control (object owner decides)  Object owner decides  Linux model of owner setting coarse permissions on user, group, other  Mandatory Access Control (system/administrator decides)  System or administrator decides  Mandated in high-security environments (e.g. government) Portland State University CS 410/510 Internet, Web, and Cloud Systems

  21. Types of access management policies  Role-Based Access Control (system decides based on user role)  Role determines privileges afforded  Examples  IT admin  Software developer  Billing administrator  Third-party integrator  Partner users  End-users  Partner applications  Principle of least privilege  Ensure the minimal level of access that a task or user needs  Must apply regardless of the type of policy Portland State University CS 410/510 Internet, Web, and Cloud Systems

  22. Access management via IAM  Based on Role-based Access control  Policy determines who can do what action to which resource  Action permissions assigned by role  Primitive pre-defined roles with permissions  Curated roles so you do not need to roll your own  Owner (create, destroy, assign access, read, write, deploy)  Editor (read, write, deploy)  Reader (read-only)  Billing administrator (manage billing)  On specified resources that include  Virtual machines, network, database instances  Cloud storage buckets (gs ://…)  BigQuery stores  Projects Portland State University CS 410/510 Internet, Web, and Cloud Systems

  23. GCP example https://cloud.google.com/compute/docs/access/iam https://cloud.google.com/compute/docs/access/iam-permissions Portland State University CS 410/510 Internet, Web, and Cloud Systems

  24. Example Who? What resources? What actions? Portland State University CS 410/510 Internet, Web, and Cloud Systems

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Containers At Scale At Google, the Google Cloud Platform and Beyond Joe Beda jbeda@google.com

Containers At Scale At Google, the Google Cloud Platform and Beyond Joe Beda jbeda@google.com

Containers At Scale At Google, the Google Cloud Platform and Beyond Joe Beda jbeda@google.com @jbeda google.com/+JoeBeda Senior Staff Software Engineer, Google Cloud Platform GlueCon - May 22, 2014 Google and Containers Everything

574 views • 18 slides
No Shard Left Behind Straggler-free data processing in Cloud Dataflow Eugene Kirpichov Senior

No Shard Left Behind Straggler-free data processing in Cloud Dataflow Eugene Kirpichov Senior

No Shard Left Behind Straggler-free data processing in Cloud Dataflow Eugene Kirpichov Senior Software Engineer Workers Time Google Cloud Platform 2 Google Cloud Platform 3 Plan 01 Intro 04 Autoscaling Setting the stage Why dynamic

826 views • 55 slides
Tutorial on using the Google Cloud Platform (GCP) Tutorial on using the Google Cloud Platform

Tutorial on using the Google Cloud Platform (GCP) Tutorial on using the Google Cloud Platform

Tutorial on using the Google Cloud Platform (GCP) Tutorial on using the Google Cloud Platform (GCP) Courtesy to the following helpful resources online: Courtesy to the following helpful resources online: http://cs231n.github.io/gce-tutorial/

551 views • 41 slides
Big Data on Google Cloud Using Cloud Dataflow, BigQuery, and friends to process data the Cloud

Big Data on Google Cloud Using Cloud Dataflow, BigQuery, and friends to process data the Cloud

Big Data on Google Cloud Using Cloud Dataflow, BigQuery, and friends to process data the Cloud way William Vambenepe, Lead Product Manager for Big Data, Google Cloud Platform @vambenepe / vbp@google.com Agenda 1 Big Data at Google 2

969 views • 38 slides
ICANN 57 Tech Day Nomulus What is Nomulus The registry platform that powers Googles TLDs

ICANN 57 Tech Day Nomulus What is Nomulus The registry platform that powers Googles TLDs

ICANN 57 Tech Day Nomulus What is Nomulus The registry platform that powers Googles TLDs and takes advantage of the scalability and easy operation of Google Cloud Platform Runs on Google App Engine and backed by Google Cloud

372 views • 12 slides
Is Docker Infrastructure or Platform? & Cloud Foundry intro A Lecture for InstallFest 2017

Is Docker Infrastructure or Platform? & Cloud Foundry intro A Lecture for InstallFest 2017

Is Docker Infrastructure or Platform? & Cloud Foundry intro A Lecture for InstallFest 2017 by Ing. Tom Vondra Cloud Architect at Outline Virtualization and IaaS PaaS Docker Problems with Docker Cloud Foundry

956 views • 62 slides
Beta Presentation Document Management Using Google Cloud Platform The Capstone Experience Team

Beta Presentation Document Management Using Google Cloud Platform The Capstone Experience Team

Beta Presentation Document Management Using Google Cloud Platform The Capstone Experience Team Technology Services Group Ali Alaali Luke Kline Justin Newman Rohit Sen Joe Wan Department of Computer Science and Engineering Michigan State

278 views • 9 slides
Machine Intelligence at Google Scale: Vision/Speech API, TensorFlow and Cloud ML Kaz Sato Staff

Machine Intelligence at Google Scale: Vision/Speech API, TensorFlow and Cloud ML Kaz Sato Staff

Machine Intelligence at Google Scale: Vision/Speech API, TensorFlow and Cloud ML Kaz Sato Staff Developer Advocate +Kazunori Sato Tech Lead for Data & Analytics @kazunori_279 Cloud Platform, Google Inc. What well cover Deep learning

919 views • 45 slides
Digital Forensics of Data Theft on the Google Cloud Platform TJEERD SLOKKER | FRANK WIERSMA

Digital Forensics of Data Theft on the Google Cloud Platform TJEERD SLOKKER | FRANK WIERSMA

Digital Forensics of Data Theft on the Google Cloud Platform TJEERD SLOKKER | FRANK WIERSMA SUPERVISOR: KORSTIAAN STAM Monday February 3 th Introduction MITRE ATT&CK Matrix 2 Research questions What design, utilizing exclusively GCP

737 views • 20 slides
FROM ANALYTICS TO DATA SCIENCE How to build your data maturity on Google Cloud Platform AGENDA

FROM ANALYTICS TO DATA SCIENCE How to build your data maturity on Google Cloud Platform AGENDA

ANTTI ERONEN | @AEVARR | APRIL 17, 2018 FROM ANALYTICS TO DATA SCIENCE How to build your data maturity on Google Cloud Platform AGENDA 1 2 3 DATA MATURITY MODEL BUSINESS CASE EXAMPLES ARCHITECTURE Characteristics of each What did we do?

654 views • 22 slides
HTCondor with Google Cloud Platform Michiru Kaneda The International Center for Elementary

HTCondor with Google Cloud Platform Michiru Kaneda The International Center for Elementary

HTCondor with Google Cloud Platform Michiru Kaneda The International Center for Elementary Particle Physics (ICEPP), The University of Tokyo 22/May/2019, HTCondor Week, Madison, US 1 The Tokyo regional analysis center The computing center

801 views • 40 slides
Real-Time Decisions Using ML on the Google Cloud Platform Przemysaw Pastuszka & Carlos

Real-Time Decisions Using ML on the Google Cloud Platform Przemysaw Pastuszka & Carlos

Real-Time Decisions Using ML on the Google Cloud Platform Przemysaw Pastuszka & Carlos Garcia QCon London 7th March 2018 How many of you are interested in machine learning? but how many of you are running real-time machine

900 views • 59 slides
What is Google App Engine? Wesley Chun Developer Advocate, Google

What is Google App Engine? Wesley Chun Developer Advocate, Google

What is Google App Engine? Wesley Chun Developer Advocate, Google http://code.google.com/appengine @wescpy / @Google / @App_Engine Cloud Computing What is it (besides being buzzword-compliant)? 1 What is Cloud Computing? "Cloud

517 views • 48 slides
JAVA IN THE CLOUD PAAS PLATFORM IN COMPARISON Eberhard Wolff Architecture and Technology Manager

JAVA IN THE CLOUD PAAS PLATFORM IN COMPARISON Eberhard Wolff Architecture and Technology Manager

JAVA IN THE CLOUD PAAS PLATFORM IN COMPARISON Eberhard Wolff Architecture and Technology Manager adesso AG, Germany 12.10. 11 Agenda A Few Words About Cloud Java and IaaS PaaS Platform as a Service Google App Engine

601 views • 37 slides
Go Tooling in Action Francesc Campoy Francesc Campoy Developer Advocate Google Cloud Platform

Go Tooling in Action Francesc Campoy Francesc Campoy Developer Advocate Google Cloud Platform

Go Tooling in Action Francesc Campoy Francesc Campoy Developer Advocate Google Cloud Platform Go @francesc github.com/campoy Agenda Who are you? Lets code Ask me questions! Demo time! We saw go go - build - fmt - run - vet

455 views • 8 slides
Full Stack Kotlin on Google Cloud Brent Shaffer, Google Cloud DPE bshaffe r Brent Shaffer No

Full Stack Kotlin on Google Cloud Brent Shaffer, Google Cloud DPE bshaffe r Brent Shaffer No

KotlinConf, Amsterdam Oct 4, 2018 Full Stack Kotlin on Google Cloud Brent Shaffer, Google Cloud DPE bshaffe r Brent Shaffer No language makes you feel more like a cog in a machine than Java Google Employee who will remain anonymous 3

818 views • 55 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #13 Oct 7 th 2004 CSCI 6268/TLEN 5831, Fall 2004 Announcements Two new readings were assigned How to 0wn the Internet in

768 views • 39 slides
Q3 2020 Results 30 th October 2020 Alison ison Rose se Chief Executive Officer 2 Q3 2020

Q3 2020 Results 30 th October 2020 Alison ison Rose se Chief Executive Officer 2 Q3 2020

Q3 2020 Results 30 th October 2020 Alison ison Rose se Chief Executive Officer 2 Q3 2020 results highlights Q320 Operating performance Impai airments nts CET1 1 ratio tio Resilient operating 3.1 billion 0.6 billion 18.2%

599 views • 29 slides
A Beautiful Journey Lorenzo Cavallaro <Lorenzo.Cavallaro@rhul.ac.uk> Information Security

A Beautiful Journey Lorenzo Cavallaro <Lorenzo.Cavallaro@rhul.ac.uk> Information Security

A Beautiful Journey Memory Error Protections The Aftermath Conclusions A Beautiful Journey Lorenzo Cavallaro <Lorenzo.Cavallaro@rhul.ac.uk> Information Security Group Royal Holloway, University of London Jan, 26 2012 Lorenzo

969 views • 72 slides
22:010:622 Internet Technology and E-Business Dr. Peter R. Gillett Associate Professor

22:010:622 Internet Technology and E-Business Dr. Peter R. Gillett Associate Professor

22:010:622 Internet Technology and E-Business Dr. Peter R. Gillett Associate Professor Department of Accounting & Information Systems Rutgers Business School Newark & New Brunswick Dr. Peter R Gillett April 23, 2003 1 Outline

777 views • 40 slides
Software Development & Technology Your Study Plan, Fall 2011 Andrzej W asowski

Software Development & Technology Your Study Plan, Fall 2011 Andrzej W asowski

Software Development & Technology Your Study Plan, Fall 2011 Andrzej W asowski Curriculum Structure Software Technology Track Software Technology Track Primarily for you with limited or non IT experience Software Enginering Track

792 views • 58 slides
IDN BOF Agenda Harald Alvestrand, chair Agenda - 1 0900: Agenda bash, blue sheet, scribe ! 0910:

IDN BOF Agenda Harald Alvestrand, chair Agenda - 1 0900: Agenda bash, blue sheet, scribe ! 0910:

IDN BOF Agenda Harald Alvestrand, chair Agenda - 1 0900: Agenda bash, blue sheet, scribe ! 0910: Introduction to the IDN revision - John Klensin - An orientation on the main goals of the revision - Explanation of the division of labor between

233 views • 10 slides
Value-added Services on the WEB June 1996 Gio Wiederhold Stanford University

Value-added Services on the WEB June 1996 Gio Wiederhold Stanford University

prepared for WETICE96 Value-added Services on the WEB June 1996 Gio Wiederhold Stanford University Gio Wiederhold 1995 1 Abstract To exploit existing and potential resources on the Web for effective engineering a number

344 views • 21 slides
Website eCommerce Domain Name Online Storefront Webhosting Product Pages SSL Certificate

Website eCommerce Domain Name Online Storefront Webhosting Product Pages SSL Certificate

eSHOP Website eCommerce Domain Name Online Storefront Webhosting Product Pages SSL Certificate Order Processing Mobile Design, Platform Payment Gateways Extensions & Plugins Shipping or Delivery Content B R O N Z E S I LV E R G O

304 views • 4 slides

More recommend