The course is part of these learning paths
Mapping Needs to GCP Services
Google Cloud Platform (GCP) lets organizations take advantage of the powerful network and technologies that Google uses to deliver its own products. Global companies like Coca-Cola and cutting-edge technology stars like Spotify are already running sophisticated applications on GCP. This course will help you design an enterprise-class Google Cloud infrastructure for your own organization.
When you architect an infrastructure for mission-critical applications, not only do you need to choose the appropriate compute, storage, and networking components, but you also need to design for security, high availability, regulatory compliance, and disaster recovery. This course uses a case study to demonstrate how to apply these design principles to meet real-world requirements.
- Map compute, storage, and network needs to Google Cloud Platform services
- Create designs for high availability and disaster recovery
- Use appropriate authentication, roles, service accounts, and data protection
- Create a design to comply with regulatory requirements
The first step in giving secure access to your Google Cloud infrastructure is to decide how to authenticate your users. By default, Google Cloud Platform requires users to have a Google account to access it. But if you have more than a handful of users, then you'll want to find a centralized way to manage your user accounts. The solution is to use the G Suite Global Directory. You don't have to use G Suite products like Google Docs, you can just use G Suite for user management.
Most organizations already have a user directory, so the best policy is usually to manage users in your existing directory, and then synchronize the account information in G Suite. There are three ways to do this: Google Cloud Directory Sync or GCDS, the Google Apps Admin SDK, or a third party connector.
Google Cloud Directory Sync is the easiest solution if you have either Active Directory or an LDAP server. It synchronizes users, groups, and other data from your existing directory to your Google Cloud Domain Directory. GCDS runs inside your network on a machine that you control.
It's a one-way synchronization, so GCDS doesn't modify your existing directory. Of course the synchronization can't be a one-time event. It has to happen on a regular basis to keep your Google Directory up-to-date.
To make authentication even easier for your users, you can implement single sign-on or SSO. Google Cloud Platform supports SAML 2.0-based SSO. If your system doesn't support SAML 2.0, then you can use a third party plugin.
Once you've implemented SSO, then when a user would normally have to login, Google will redirect your authentication system. If the user is already authenticated in your system, then they don't have to login to Google Cloud separately. If they aren't already logged in, then they're prompted to login.
In order for this to work, your users must have a matching account in Google's Directory. So you still need to use GCDS or one of the other synchronization options.
In our case study, since we have an active directory server, we'll use GCDS for synchronization and also implement single sign-on.
And that's it for authentication.
About the Author
Guy launched his first training website in 1995 and he's been helping people learn IT technologies ever since. He has been a sysadmin, instructor, sales engineer, IT manager, and entrepreneur. In his most recent venture, he founded and led a cloud-based training infrastructure company that provided virtual labs for some of the largest software vendors in the world. Guy’s passion is making complex technology easy to understand. His activities outside of work have included riding an elephant and skydiving (although not at the same time).