Cloud Storage
Start course
1h 48m

There are a lot of different options, across a variety of cloud platforms that are well suited for running specific workloads, such as web applications. Things such as Google App Engine, AWS Elastic Beanstalk, Azure App Services: Web Apps, among others.

However, there are still plenty of times where we need to set up our own infrastructure. And so cloud vendors offer IaaS (infrastructure as a service) options. Google provides us with Compute Engine which allows us to create virtual machines, custom images, snapshots, networks, auto-scalers and load balancers.

If we're going to create and implement an application on the Google Cloud Platform system operations, then understanding these services are going to help us to create highly available, highly scalable applications.

All the major cloud providers offer the ability to set up virtual machines, networks, auto-scalers, and load balancers. Where the Google Cloud is different is in the speed of creating and starting up virtual machine instances. As well as the massively scalable software-based, global load balancer; which doesn't require pre-warming. Google also offers per-minute billing for VM instances, after the first 10 minutes.

So Google has a lot to offer. And if you're looking to learn more about the Google Cloud systems operations, then this may be the course for you.

What exactly will we cover in this course?

Course Objectives: Google Cloud Platform system operations 

By the end of this course, you'll know:

How to use Compute Engine to create virtual machines
How to create disk snapshots
How to create images
How to create instance templates and groups
How to create networks
How to use the auto-scaler and load balancer
Intended Audience

This is an intermediate level course because it assumes:

You have at least a basic understanding of the cloud
You’re at least familiar with general IT concepts

What You'll Learn

Summary A review of the course

Lecture What you'll learn
Intro What will be covered in this course
Getting Started An introduction to the Google Cloud Platform
Networking How to create and secure Cloud Networks
Disks and Images An overview of disk types and images
Authorization and IAM How to authenticate and authorise users
Disk Snapshots How to use snapshots for point-in-time backups
Cloud Storage Overview A refresher on Cloud Storage
Instance Groups How to manage instances with managed and unmanaged groups
Cloud SQL Overview A quick primer on how to use Cloud SQL
Startup and Shutdown Scripts Using startup scripts to provision machines at boot time
Autoscaling How to automatically add and remove instances
Load Balancing How to balance traffic across instances
Putting It All Together A demo of how to use some of the services we've learned about



Welcome back. In this lesson, we'll talk about Cloud Storage. We'll recap the basics and then we'll talk about how to access Buckets and Objects and we'll wrap up by talking about Security.

By default, Cloud Storage encrypts our data both at rest and in flight and and the way Google Storage is set up allows us to store data using the same service and same APIs, but with different access pricing.

There are three options for where your data gets stored. To maximize an application's performance, you can choose to store your data in the same region as the services that are going to consume that data. Even though it's only stored in one region, it still does have a fairly high level of availability because it's replicated across multiple zones in that region.

If you wanna have the same performance benefits, but you also wanna increase your data's availability, you can choose the dual region option and that will give you geo-redundancy. 

Now finally there's the multi-region option which is the best way to make your data available around the world with very low latency and it's great for using with website content distribution, video streaming and those sorts of things. 

If you wanna learn more about cloud storage basics, I recommend you check out the documentation. Check it out at

Okay. Let's shoot from the overview to actually accessing and interacting with Cloud Storage. Like most everything else, you can use the Console, the REST API, or the SDK. If you need to do something that's simple, such as creating a Bucket or uploading a file, then the Console is great. If you need to do something programmatically, then you'll want to use the REST API. You'll be able to use the JSON or XML APIs, though the XML option only supports a limited subset of what the JSON API allows.

And if you want to use the Command line, you can use the gsutil command, which offers commands that will be similar to the UNIX file manipulation commands. These are commands such as mv, rm, cp, and rsync, as well as a few others that handle things like access control and removing Buckets.

And recently, Google released the beta version of Cloud tools for PowerShell. This is cool because we can mount Storage as a drive, allowing us to use standard commands such as dir, to interact with Cloud Storage. And just like the gsutil command, we can use the PowerShell command list to edit the Access control list.

So, speaking of Access control lists, this leads us to our next topic. Access control lists allow us to determine who can access Buckets and Objects. And Access control lists consists of a scope or grantee, and a set of permissions. In plain English, a list of people and what they're allowed to do. Each Bucket or Object can have up to 100 Access control list entries.

The allowed permissions are Read, Write, and Full Permission. Full Permission means that the user or users can read, write, and delete. Write access, as the name implies, means they can write, but it also means that they can read. And Read, well, it means that they can read.

To make it easier, Google has created predefined Access control lists for some of the most common operations, and these are things such as Public Read, which allows anyone to read the file, and that's useful for static assets of a website. Here are some of the supported roles for setting up permissions. Now, we're not going to go through them all, however, if you want to check them out, I recommend that you pause and kind of skim through the list.

Even with all of these Access controls, sometimes you'll want to allow a random Internet user to be able to upload a file. Maybe it's for something such as uploading an image to your site, or something similar. Now, yes, you can handle this in code if you have your application process the file and write it to Cloud Storage. However, if you allow users to upload directly to Cloud Storage, then it's going to save your servers from needing to handle it. So, Cloud Storage offers what's called a Signed URL, which is a time-limited URL that anyone that has access to that specific URL can use to invoke whatever operations you've allowed when you created that URL. Here's a basic example of a Signed URL that allows a get request for a limited amount of time. This will allow anyone with that URL to read that object until the token expires.

Okay, that's going to wrap up our topic of Cloud Storage. We've covered most of this in the Fundamentals, so again, this was just a recap.

In our next lesson, let's cover Instance Groups. So, if you're ready to keep going, then let's get started with the next lesson.

About the Author
Learning Paths

Ben Lambert is a software engineer and was previously the lead author for DevOps and Microsoft Azure training content at Cloud Academy. His courses and learning paths covered Cloud Ecosystem technologies such as DC/OS, configuration management tools, and containers. As a software engineer, Ben’s experience includes building highly available web and mobile apps. When he’s not building software, he’s hiking, camping, or creating video games.