Services Flashcards
Cloud Logging
other modules
Cloud Logging, which is a real-time log-management system with storage, search, analysis, and monitoring support. Cloud Logging automatically collects log data from Google Cloud resources
View and analyze your log data by using the Google Cloud console, either with the Logs Explorer or the Log Analytics pages
When you want to troubleshoot and analyze the performance of your services and applications, we recommend that you use the Logs Explorer
When you’re interested in performing aggregate operations on your logs, for example, to compute the average latency for HTTP requests issued to a specific URL over time, use the Log Analytics interface
You can configure Cloud Logging to notify you when certain kinds of events occur in your logs
You don’t have to configure the location where logs are stored
- Cloud Logging bucket
- BigQuery dataset
- Cloud Storage bucket
- Pub/Sub topic
- Google Cloud project
https://cloud.google.com/logging/docs/overview
Dedicated Interconnect
networking
Dedicated Interconnect provides direct physical connections between your on-premises network and Google’s network. Dedicated Interconnect enables you to transfer large amounts of data between networks
Your network must physically meet Google’s network in a colocation facility. You must provide your own routing equipment
When you create a VLAN attachment, you associate it with a Cloud Router. This Cloud Router creates a BGP session for the VLAN attachment and its corresponding on-premises peer router. The Cloud Router receives the routes that your on-premises router advertises. These routes are added as custom dynamic routes in your VPC network. The Cloud Router also advertises routes for Google Cloud resources to the on-premises peer router.
10-Gbps circuits, single mode fiber, 10GBASE-LR (1310 nm), or 100-Gbps circuits, single mode fiber, 100GBASE-LR4
https://cloud.google.com/network-connectivity/docs/interconnect/concepts/dedicated-overview
Cloud Data Loss Prevention
other module
discover, classify, and protect your most sensitive data.
Sensitive Data Protection includes data discovery, inspection, de-identification, data risk analysis, and the DLP API.
Automated sensitive data discovery and classification
Sensitive data intelligence for security assessments
De-identification, masking, tokenization, and bucketing
Powerful and flexible masking of your AI/ML workloads
https://cloud.google.com/security/products/dlp?hl=en
Cloud Shell
other modules
Cloud Shell provisions a Compute Engine virtual machine running a Debian-based Linux operating system for your temporary use. This virtual machine is owned and managed by Google Cloud, so will not appear within any of your Google Cloud projects.
Cloud Shell instances are provisioned on a per-user, per-session basis. The instance persists while your Cloud Shell session is active; after an hour of inactivity, your session terminates and its VM is discarded
Persistent disk storage :
Cloud Shell provisions 5 GB of free persistent disk storage mounted as your $HOME directory on the virtual machine instance. This storage is on a per-user basis and is available across projects. Unlike the instance itself, this storage does not time out on inactivity. All files you store in your home directory, including installed software, scripts and user configuration files like .bashrc and .vimrc, persist between sessions. Your $HOME directory is private to you and can’t be accessed by other users.
Root user :
When you set up a Cloud Shell session, you get a regular Unix user account with a username based on your email address. With this access, you have full root privileges on your allocated VM and can even run sudo commands, if you need to.
https://cloud.google.com/shell/docs/how-cloud-shell-works
Cloud VPN
Networking
Cloud VPN securely extends your peer network to your Virtual Private Cloud (VPC) network through an IPsec VPN connection. The VPN connection encrypts traffic traveling between the networks, with one VPN gateway handling encryption and the other handling decryption. This process protects your data during transmission. You can also connect two VPC networks together by connecting two Cloud VPN instances. You cannot use Cloud VPN to route traffic to the public internet; it is designed for secure communication between private networks.
1 Gbps and 3 Gbps of bandwidth.
Google Cloud offers two types of Cloud VPN gateways:
HA VPN is a high-availability (HA) Cloud VPN solution that lets you securely connect your on-premises network to your VPC network through an IPsec VPN connection. Based on the topology and configuration, HA VPN can provide an SLA of 99.99% or 99.9% service availability.
Classic VPN gateways have a single interface, a single external IP address, and support tunnels that use static routing (policy based or route based) Classic VPN gateways provide an SLA of 99.9% service availability.
https://cloud.google.com/network-connectivity/docs/vpn/concepts/overview
Cloud CDN
Networking
Cloud CDN (Content Delivery Network) uses Google’s global edge network to serve content closer to users, which accelerates your websites and applications.
Cloud CDN works with the global external Application Load Balancer or the classic Application Load Balancer to deliver content to your users. The external Application Load Balancer provides the frontend IP addresses and ports that receive requests and the backends that respond to the requests.
Cloud CDN content can be sourced from various types of backends.
In Cloud CDN, these backends are also called origin servers. Figure 1 illustrates how responses from origin servers that run on virtual machine (VM) instances flow through an external Application Load Balancer before being delivered by Cloud CDN. In this situation, the Google Front End (GFE) comprises Cloud CDN and the external Application Load Balancer.
https://cloud.google.com/cdn/docs/overview
Sustained use discounts
Compute Engine offers sustained use discounts (SUDs) on resources that are used for more than 25% of a billing month and are not receiving any other discounts. Whenever you use an applicable resource for more than a fourth of a billing month, you automatically receive a discount for every incremental hour that you continue to use that resource. The discount increases incrementally with usage and you can get up to a 30% net discount off of the resource cost for virtual machine (VM) instances that run the entire month.
Limitations
Sustained use discounts have the following limitations:
Only Self-serve (or Online) Cloud Billing accounts are eligible for receiving SUDs. SUDs don't apply to the resource usage that is already covered by committed use discounts (CUDs). SUDs don't apply to VMs created using the App Engine (standard and flexible) environments and Dataflow. Only VMs created by Google Kubernetes Engine and Compute Engine are eligible for SUDs. Sustained use discounts apply only to the machine series listed in the Eligible resources and discount percentages section.
Eligible resources and discount percentages
The following resources are eligible to receive sustained use discounts:
The vCPUs and memory for general-purpose N1, N2, and N2D custom and predefined machine types The vCPUs and memory for compute-optimized C2 machine types The vCPUs and memory for memory-optimized M1 and M2 machine types The vCPUs and memory for sole-tenant nodes The premium cost for sole-tenant nodes, even if the vCPUs and memory in those nodes are covered by CUDs All GPU devices with the exception of NVIDIA H100, A100, and L4 GPU types.
https://cloud.google.com/compute/docs/sustained-use-discounts
Resource-based committed use discounts
other modules
Compute Engine provides resource-based committed use discounts (CUDs) for your predictable workloads to help you cut costs on resources that you need. You can purchase and renew resource-based committed use contracts or commitments in return for heavily discounted prices for VM usage.
Resource-based commitments are ideal for predictable and steady state usage. These commitments require no upfront costs. Compute Engine lets you purchase the following categories of resource-based commitments:
Hardware commitments: You can purchase hardware commitments for a specific machine series and commit to resources available for that machine series, such as vCPUs, memory, GPUs, Local SSD disks, and sole tenant nodes. For more information, see Purchase commitments without attached reservations and Purchase commitments with attached reservations. Software license commitments: You can purchase license commitments for applicable premium operating system (OS) licenses. For more information, see Purchase commitments for licenses.
https://cloud.google.com/compute/docs/instances/signing-up-committed-use-discounts
PCI DSS
The PCI Security Standards Council is a global forum for the ongoing development, enhancement, storage, dissemination, and implementation of security standards for account data protection. The Standards Council was established by the major credit card associations (Visa, MasterCard, American Express, Discover, JCB) as a separate organization to define appropriate practices that merchants and service providers should follow to protect cardholder data. It is this council of companies that created the Payment Card Industry (PCI) Data Security Standards (DSS).
https://cloud.google.com/security/compliance/pci-dss?hl=en
https://cloud.google.com/architecture/pci-dss-and-gke-guide?hl=en
https://cloud.google.com/architecture/limiting-compliance-scope-pci-environments-google-cloud
https://cloud.google.com/architecture/gke-pci-dss-blueprint
