The course is part of these learning pathsSee 2 more
Products and Services
Google Cloud Platform Systems Operations
There are a lot of different options, across a variety of cloud platforms that are well suited for running specific workloads, such as web applications. Things such as Google App Engine, AWS Elastic Beanstalk, Azure App Services: Web Apps, among others.
However, there are still plenty of times where we need to setup our own infrastructure. And so cloud vendors offer IaaS (infrastructure as a service) options. Google provides us with Compute Engine which allows us to create virtual machines, custom images, snapshots, networks, auto-scalers and load balancers.
If we're going to create and implement an application on the Google Cloud Platform system operations, then understanding these services are going to help us to create highly available, highly scalable applications.
All the major cloud providers offer the ability to setup virtual machines, networks, auto-scalers and load balancers. Where the Google Cloud is different is in the speed of creating and starting up virtual machine instances. As well as the massively scalable software-based, global load balancer; which doesn't require pre-warming. Google also offers per-minute billing for VM instances, after the first 10 minutes.
So Google has a lot to offer. And if you're looking to learn more about the Google Cloud systems operations, then this may be the course for you.
What exactly will we cover in this course?
Course Objectives: Google Cloud Platform system operations
By the end of this course, you'll know:
How to use Compute Engine to create virtual machines
How to create disk snapshots
How to create images
How to create instance templates and groups
How to create networks
How to use the auto-scaler and load balancer
This is an intermediate level course because it assumes:
You have at least a basic understanding of the cloud
You’re at least familiar with general IT concepts
What You'll Learn
Summary A review of the course
|Lecture||What you'll learn|
|Intro||What will be covered in this course|
|Getting Started||An introduction to the Google Cloud Platform|
|Networking||How to create and secure Cloud Networks|
|Disks and Images||An overview of disk types and images|
|Authorization and IAM||How to authenticate and authorise users|
|Disk Snapshots||How to use snapshots for point-in-time backups|
|Cloud Storage Overview||A refresher on Cloud Storage|
|Instance Groups||How to manage instances with managed and unmanaged groups|
|Cloud SQL Overview||A quick primer on how to use Cloud SQL|
|Startup and Shutdown Scripts||Using startup scripts to provision machines at boot time|
|Autoscaling||How to automatically add and remove instances|
|Load Balancing||How to balance traffic across instances|
|Putting It All Together||A demo of how to use some of the services we've learned about|
Welcome back. In this lesson, we'll talk about Cloud Storage. We'll recap the basics and then we'll talk about how to access Buckets and Objects and we'll wrap up by talking about Security.
We covered Cloud Storage in the Fundamentals Course. So, this is going to be a quick overview. Cloud Storage is a Blob storage service. It allows you to store your files using Google's highly scalable and incredibly durable storage infrastructure. By default, Storage encrypts your data both at rest and in-flight, and it offers four Storage classes. And this is up from the three classes just recently. And the way Google Storage is set up, allows us to store our data using the same service and APIs, but with different availability.
There's Multi-Regional Storage, which is the highest availability and performance, and it's great to use for website content distribution and video streaming. The data is geo-redundant, which gives us a 99.95% SLA. The next option is Regional Storage. Where Multi-Regional Storage distributes the data across multiple regions, Regional Storage is distributed across multiple zones inside of a single region, and this is useful for general computing data storage needs. Next up, we have Nearline, which offers storage for files that only need to be accessed maybe monthly or so, and maybe something like documents or some types of backups. And then finally, we have Coldline Storage, which offers a way to store archives and backups that we don't really need to access all that often. Maybe something like yearly. And, unlike some of the cold storage services, you don't need to wait days to retrieve the files. If you want to learn more about Cloud Storage basics, I recommend you check out the documentation. Check it out at: cloud.google.com/storage/docs/.
Okay. Let's shoot from the overview to actually accessing and interacting with Cloud Storage. Like most everything else, you can use the Console, the REST API, or the SDK. If you need to do something that's simple, such as creating a Bucket or uploading a file, then the Console is great. If you need to do something programmatically, then you'll want to use the REST API. You'll be able to use the JSON or XML APIs, though the XML option only supports a limited subset of what the JSON API allows.
And if you want to use the Command line, you can use the gsutil command, which offers commands that will be similar to the UNIX file manipulation commands. These are commands such as mv, rm, cp, and rsync, as well as a few others that handle things like access control and removing Buckets.
And recently, Google released the beta version of Cloud tools for PowerShell. This is cool, because we can mount Storage as a drive, allowing us to use standard commands such as dir, to interact with Cloud Storage. And just like the gsutil command, we can use the PowerShell command list to edit the Access control list.
So, speaking of Access control lists, this leads us to our next topic. Access control lists allow us to determine who can access Buckets and Objects. And Access control lists consists of a scope or grantee, and a set of permissions. In plain English, a list of people and what they're allowed to do. Each Bucket or Object can have up to 100 Access control list entries.
The allowed permissions are Read, Write, and Full Permission. Full Permission means that the user or users can read, write, and delete. Write access, as the name implies, means they can write, but it also means that they can read. And Read, well, it means that they can read.
To make it easier, Google has created predefined Access control lists for some of the most common operations, and these are things such as Public Read, which allows anyone to read the file, and that's useful for static assets of a website. Here are some of the supported roles for setting up permissions. Now, we're not going to go through them all, however, if you want to check them out, I recommend that you pause and kind of skim through the list.
Even with all of these Access controls, sometimes you'll want to allow a random Internet user to be able to upload a file. Maybe it's for something such as uploading an image to your site, or something similar. Now, yes, you can handle this in code if you have your application process the file and write it to Cloud Storage. However, if you allow users to upload directly to Cloud Storage, then it's going to save your servers from needing to handle it. So, Cloud Storage offers what's called a Signed URL, which is a time-limited URL that anyone that has access to that specific URL can use to invoke whatever operations you've allowed when you created that URL. Here's a basic example of a Signed URL that allows a get request for a limited amount of time. This will allow anyone with that URL to read that object until the token expires.
Okay, that's going to wrap up our topic of Cloud Storage. We've covered most of this in the Fundamentals, so again, this was just a recap.
In our next lesson, let's cover Instance Groups. So, if you're ready to keep going, then let's get started with the next lesson.
About the Author
Ben Lambert is the Director of Engineering and was previously the lead author for DevOps and Microsoft Azure training content at Cloud Academy. His courses and learning paths covered Cloud Ecosystem technologies such as DC/OS, configuration management tools, and containers. As a software engineer, Ben’s experience includes building highly available web and mobile apps.
When he’s not building the first platform to run and measure enterprise transformation initiatives at Cloud Academy, he’s hiking, camping, or creating video games.