Cloud Computing
On-demand service.
No human intervention.
Provides shared resources to customers.
Offers rapid elasticity.
Pay only for what you consume.
Software waves
- The first was physical
- The second virtualized
- The third serverless
GCP computing architectures
Lets you choose from computing, storage, big data, machine learning and application services. Its global, cost effective, open source friendly and designed for security.
The following are opposite models
IaaS (Infrastructure as a Service)
Offers raw compute, storage and network
You pay for what you allocate
PaaS (Platform)
Bind application code you write, to libraries that give access to the infrastructure your application needs. This way you can just focus on your application model
You pay for what you use
SaaS (Software)
They’re consumed directly over the internet by end users. For example, Google search, gmail, docs, drive…
GCP Organization
From bigget to smaller, they’re divided into
- Multi-Region: europe
- Region: europe-west2
- Zone: europe-west2-a
Zone
Is a deployment area for GCP Resources. When you launch a virtual machine in GCP, it runs in a zone you specify.
A zone doesnt always correspond to a single physical building.
They are grouped into regions
Region
Independent geographic areas. All zones within a region have fast network connectivity among them with latencies of under 5ms. You can choose what regions your GCP Resources are in. Single failure domain within a region
Their resources are spread across multiple zones in a region to build fault tolerant applications You can run resources in different regions
Multi-Region
A few GCP Services support placing resources in multiregions. That means it’s stored redundantly in at least two geographic locations separated by at least 160km
Security
Google manages the lower layers of security for the stack such as a physical security and gives customers the tools for managing the upper layers.
The server boards and networking equipment are custom designed. They include a custom hardware security chip (Titan). It automatically encrypts PC traffic in transift between data centers.
Google Central Identity Service (log-in page) checks for more than username and password. It checks additional information such as same device or similar location in the past It supports U2F (universal second factor) [as in a security pendrive]
Google services that want to make themselves available on the internet register themselves with the Google Front End which checks incoming network connections for correct certificates and best practices. It also applies protection against DoS attacks.