Google Cloud Platform (GCP) is a popular set of cloud computing services that includes IaaS and PaaS features. Google Cloud's penetration in the public cloud market is behind only Amazon Web Services (AWS) and Azure. Like these vendors, GCP uses the same massive network infrastructure that supports its core online applications. For Google, these include Google Search as well as YouTube. The Google cloud portfolio has over 100 services that cover compute, data storage, database management, networking, business analytics, Big Data, machine learning (ML), artificial intelligence (AI), access management, security, Internet of Things, and unified management.
Progent has experience assisting businesses from small offices to enterprises to design, deploy, tune, manage, and maintain IT ecosystems based on a variety of network architectures such as on-prem data centers, private clouds, one or multiple public clouds, or a hybrid mix of local and cloud infrastructure. Progent can provide quick online or onsite access to seasoned experts who can help you to assess the advantages and drawbacks of different network architectures and understand the feature set and cost of Google Cloud Platform vs. other cloud offerings.
Progent's Microsoft, Linux, and Cisco experts can help your organization to integrate your current IT infrastructure with the Google Cloud, and Progent's database consultants can show you how to make your key applications cloud ready so they can benefit fully from Google Cloud services. Progent can assist you to set up VMs on GCP Compute Engine, plan an efficient storage solution using Google Cloud Storage services, and streamline access management with GCP Cloud Identity. Progent can also assist you to use GCP's tools to manage and monitor your Google Cloud ecosystem so it consistently delivers top return on investment.
Major Services Available for the Google Cloud
Google Cloud has more than 100 IaaS and PaaS services covering nearly all areas of IT including compute, data storage, database management, networking, administration, security, web, mobility, and development. Google Cloud services are available on a subscription basis. Like other public cloud platforms, you pay for what you use. Important GCP services for which Progent offers advanced consulting and debugging include:
Compute Engine is a service for running Windows and Linux virtual machines in the cloud, similar to Amazon EC2 or Azure Virtual Machines. Compute Engine VMs have seamless access to GCP block storage and state-of-the-art infrastructure. Google Cloud Compute Engine offers three classes of virtual machines in your choice of standard or custom machine sizes. GCP's N2 type VM is affordably priced and intended for common applications such as web hosting, business apps, and databases. The C2 type virtual machine provides up to 60 virtual CPUs (vCPUs) for processor-intensive applications like ECAD and simulations. Google Cloud's M2 class virtual machine includes as much as 11.5 TB of memory for RAM-intensive apps like in-memory databases or in-depth analytics. Google's sole-tenant node product features a physical Compute Engine machine dedicated to your exclusive use.
Important features of the Google Cloud Compute Engine include live virtual machine migration, which lets you keep VMs on line even while undergoing system maintenance, and preemptible virtual machines, low-cost virtual machine compute instances which last for a max of 24 hours and are designed for running batch jobs that can be paused and resumed intermittently without impacting productivity.
Other key features for Google Compute Engine include:
Google Cloud Storage provides object storage that scales to exabytes of data. Objects held in GCP Cloud Storage are organized in containers referred to as buckets. Google Cloud provides four types of cloud storage, differentiated and priced based on the object's expected duration and its hot/cold ratio. As you progress along the storage classes from Standard to Archive, access expense increase, at-rest costs decrease, and required minimum storage duration goes up. Google Cloud's storage classes allow you to manage costs by designing the appropriate price/performance profile for your network, and Google Cloud's Object Life Cycle Management feature enables you to program the progression of storage objects from hot to cold classes as they age. All storage classes feature global accessibility, unlimited storage (but a size limit of 5 TB for individual objects, no minimum object size, low latency, on-request geo-redundancy, and a shared suite of security and management utilities. One API works with all Google Cloud Storage types.
Standard Storage is the default class and is suited for data used often or stored only briefly. There is no minimum storage duration. To get the best speed and least network usage fees, Standard Storage objects should be kept in the same geographical location as the Compute Engine instances or the container clusters that interact with the objects. Standard Storage offers the highest average availability for any regional distribution scheme. Nearline Storage is a economical storage type designed for objects accessed infrequently, ideally once per month or less. Examples of appropriate use cases are periodic backup and archiving. At-rest costs are lower than with Google Cloud's Standard Storage, but access is more expensive, availability is marginally less, and storage duration is a minimum of 30 days.
Coldline Storage offers very low storage costs for dormant data and is suitable for scenarios where objects are accessed no more frequently than once every 90 days Minimum duration is three months, availability is slightly lower than with Google Cloud's Standard and Nearline Storage services, and access costs are comparatively expensive. GCP's Archive Storage, which offers the lowest at-rest storage pricing and a minimum storage duration of one year, is the preferred storage service for objects held only for backup or archive scenarios. Data access costs for Archive Storage are the most of any GCP storage service.
Cloud Storage Encryption
GCP Cloud Storage always encrypts stored data on the server end before writing it to disk. Added to this routine encryption process, you can select other options to encrypt your data. There are two server-side encryption options that allow objects to be encrypted after arriving at Cloud Storage but before the data is stored to disk. The Customer-supplied encryption keys allows you to supply and control your own encryption keys. The Customer-managed encryption keys alternative allows you to create and manage your encryption keys using Google's Cloud Key Management Service. Both these server-side encryption options create an extra layer of encryption above GCP's default Cloud Storage encryption.
If you use client-side encryption prior transporting data to Google Cloud Storage, your pre-encrypted data will also be subject to server-side encryption.
Google Cloud Identity and Access Management (IAM) is Google's centralized system for controlling access to resources and granting authority for users and services to access network resources for a specified period of time. Examples of Google Cloud resources are Compute Engine virtual machine instances and Google Cloud Storage buckets. Unified and consistent tools offer admins the ability to control access rights for all services available within Google Cloud. Cloud Identity and Access Management features high precision in designing policies to grant groups and users rights to use task-relevant resources while preventing access to unnecessary resources.
With Google Cloud Identity and Access Management, policies are based on roles; roles are composed of permissions; and permissions are associated with resources. Users or groups are assigned to policies, and by means of policy they gain access rights to the specific resources the roles give them. As an example of Cloud Identity and Access Management's role granularity, the Google Cloud Pub/Sub service can be accessed with a variety of permissions depending on whether a user or group has been given the role of Owner, Editor, Viewer, Publisher, or Subscriber.
Google Cloud IAM policies are hierarchy-based, cascading down from the organization to projects and lastly to resources. You can define organization-wide policies, refine them for a given project, and refine them even more for a given resource. You can define policies to individual resources, to a project, or at the organizational level. Policies you assign to an organization cascade down to projects within the organization and then to resources in those projects.
Additional flexibility in managing resource access rights is offered by permitting admins to factor in contextual attributes such as endpoint security status, IP address, resource type, and time. You can manage access rights by using the graphical interface of the web-based Cloud Console tool, through automation with Cloud IAM methods, or through Google's gcloud command-line tool. Cloud IAM automatically maintains a full audit trail to simplify regulatory compliance.
Google Cloud IAM is provided without additional cost to all GCP customers.
Google Kubernetes Engine is a container service for orchestrating and managing containerized applications. Kubernetes was originally developed by Google to automate Docker container orchestration and was made available as open source at the end of 2014. Since then Kubernetes has become the leading solution for managing containerized applications.
Google Kubernetes Engine is powered by Google's Container-Optimized OS and supports Certified Kubernetes, allowing workload portability to other Kubernetes platforms across cloud and local networks. To accelerate software development, prebuilt open-source deployment templates for enterprise-grade applications are offered on Google Cloud Marketplace.
The Migrate for Anthos service, available at no cost with GKE, allows you to migrate and port your workloads directly from your existing infrastructure into GKE containers. These workloads can be physical servers and virtual machines located on-premises, in Google's Compute Engine, or in third-party clouds. Google Kubernetes Engine allows pod and cluster autoscaling for continuous analysis of the CPU and RAM usage of pods and for dynamically tuning CPU and RAM requests across node pools.
Other capabilities of GKE include preemptible virtual machines, persistent storage, always-encrypted local solid-state drive (SSD) block storage, global load balancing to maximize speed and availability, support for both Windows Server and Linux nodes, the capability of running stateless serverless containers with the GCP Cloud Run service, and usage metering for granular visibility into Kubernetes clusters.
GKE is compliant with HIPAA and PCI DSS 3.1. For stronger security, GKE Sandbox provides an extra layer of protection between containerized GKE workloads. GKE clusters offer integrated support for Kubernetes Network Policy to filter traffic via pod-level firewall security policies. Private clusters in GKE can be limited to a private or public device with access limited to distinct addresses.
Google Kubernetes Engine is priced based on each Google Compute Engine instance in a cluster. Use of Google Compute Engine resources is priced on a per-second basis with a one-minute minimum charge.
Cloud AI Building Blocks enable developers, even without machine learning (ML) experience, to integrate Google's leading-edge AI technology into their applications. Core capabilities address sight, language, and speech. By using APIs, you can take advantage of Google's pre-trained models and avoid having to hassle with developing your own datasets from scratch and training and validating your own AI models. As Google's catalog of pre-trained models grows in sophistication and size, you can immediately add leading-edge AI technology to your applications. Also, Google AutoML products provide the utilities you need to train, test and deploy your own domain-specific ML models. Developers can use any Google Cloud AI Building Block by itself or in combination with other AI Building Blocks according to your business requirements.
For advanced imaging, Google Cloud AI Building Blocks offer the AutoML Vision and Vision API services that help you to derive insights from your images. Both services include REST and RPC APIs and enable your app to discern objects and their location inside the image. AutoML Vision streamlines the training process for your home-grown machine learning (ML) models by offering an easy-to-use graphical interface. Once you refine your models for accuracy, latency and size, you can send them to the Google GCP Cloud or to a variety of edge devices.
Google Cloud's Vision API offers programmatic access to Google's pre-trained machine learning models. Developers can rapidly classify images via Google's extensive libraries of predefined labels. Google Cloud's Vision API uses OCR tools to detect text, in over 50 languages, contained anywhere within your images. Combined with Google's Document Understanding AI technology, you can benefit from the same ML technology behind Google Search to derive actionable insights from masses of free-form documents. You can discern web objects and pages, isolate a face from other items and notice facial attributes, and identify brand logos and famous landmarks. You can also detect mature or violent content within images.
Google Cloud's AutoML Video Intelligence and Video Intelligence API products, which provide a similarly wide range of features as Google's Vision products, make it simpler to derive information from video files.
Language Services
Language is Google's wheelhouse, and Google's portfolio of AI Building Blocks understandably includes a rich suite of services. Google Cloud language services include:
Progent can assist your organization to decide which of your applications are appropriate for GCP and can show you how to make your legacy applications cloud compatible. Progent has experience helping clients assess the value of running Google Cloud SQL, using Google Dataproc for on-prem Hadoop, adopting Google Cloud Kubernetes Engine as a virtualization replacement, and deploying MongoDB Atlas on Google Cloud vs. local MongoDB. Progent can deliver on-demand online consulting expertise for short-term jobs to help you quickly overcome occasional technical hurdles or Progent can deliver comprehensive project management consulting services to make sure your Google Cloud integration initiative is carried out on schedule and within budget.
Among the most frequently encountered technical obstacles businesses face when migrating to GCP or other public cloud is reconfiguring firewalls and VPN tunnels to give users convenient but protected access to cloud services. Progent offers the services of Cisco-certified CCIE network engineers and firewall experts for security appliances from leading vendors like Cisco, Palo Alto Networks, Barracuda, WatchGuard, and Fortinet to help you to configure or debug firewalls for accessing Google Cloud. To accommodate BYOD computing, Progent's iPhone and iPad management consultants and Android integration consultants can help you to configure and administer protected mobile endpoints for your Google Cloud users. Progent can work in conjunction with your internal technical team and Google's support engineers to resolve Google Cloud connectivity issues rapidly and affordably.
Examples of online consulting services provided by Progent to help organizations integrate their networks with Google Cloud include:
Other leading clouds supported by Progent include:
Progent's Microsoft Azure cloud planning and integration experts can help you with every phase of Azure cloud integration such as needs definition, readiness evaluation, system architecture, pre-production testing, implementation, automated management, performance optimization, software license controls, disaster recovery preparedness, security planning, and compliance validation. Progent can assist you to configure and troubleshoot firewall appliances and VPN connections so your clients can safely access to Azure-based resources, and Progent's Microsoft-certified consulting experts can help you set up key Microsoft platforms to run in Azure including Windows Server, Exchange Server, SQL Server and SharePoint. Progent can also help your organization to create a hybrid environment that seamlessly integrates on-premises datacenters with Azure services.
Microsoft allows you to create transparent hybrid networks that combine Microsoft 365 Exchange Online and on-premises installations of Exchange. This allows you to have certain mailboxes located on your physical datacenter and other mailboxes resident on Microsoft 365. Progent's certified Exchange consultants can assist your organization with any phase of designing, integrating and troubleshooting your hybrid Exchange solution. Progent's Exchange specialists can provide as-needed expertise to help you resolve stubborn technical problems and also can provide extensive project management outsourcing or co-sourcing to make sure your hybrid Exchange solution is successfully completed on schedule and on budget. For more information about Progent's consulting services for hybrid Microsoft 365 Exchange and on-premises Exchange systems, visit Exchange Online integration with on-prem Exchange.
Progent's Office and Microsoft 365 consultants can help companies of any size to integrate Microsoft Office desktop and Microsoft 365 applications such as Excel, Office Word, PowerPoint, Outlook, Access, Project and OneNote into a cohesive solution that provides fast ROI and promotes better business results. Progent can help your company to integrate Microsoft Office or Microsoft 365 apps with one another and with other core Microsoft technologies including SharePoint Server, Microsoft Exchange Server and SQL Server running locally or in the cloud. Progent's consultants can also assist you to fix compatibility problems between different releases of Office and can provide live online Office and Microsoft 365 training to individual users and groups.
Progent's Amazon AWS cloud planning and integration consultants offer cost-effective remote support to assist businesses to access Amazon AWS cloud services including Elastic Compute Cloud (EC2) for virtual server hosting, Amazon Simple Storage Service (Amazon S3) for expandable cloud storage, and Glacier for value-priced archival storage. Progent can assist you with every aspect of Amazon AWS migration and troubleshooting including needs analysis, readiness evaluation, architectural design, testing, configuration, centralized administration, performance optimization, licensing management, disaster recovery mechanisms, and security strategies. Progent offers advanced expertise with firewall configuration and VPN access and can help you deploy cloud-centric or hybrid networking models that efficiently integrate Amazon AWS cloud services. Progent can provide occasional expertise or Progent can provide comprehensive project management outsourcing to help you migrate efficiently to the Amazon AWS cloud.
Amazon Marketplace Web Service (Amazon MWS) is an integrated library of APIs that enables Amazon sellers to improve the efficiency of their business processes by automating key sales functions including listings, orders, payments, fulfillment, and finances. By tapping into Amazon's extensive online selling environment and automating their sales processes, vendors can broaden their reach, lower their cost of sales, improve reaction time to customers, and add to their profits. Progent's Amazon Marketplace Web Service consultants can work with your development staff and provide application programming, workflow integration, project management support, and mentoring to help you cut development time and speed up your return on investment.
Contact Progent for Google Cloud Integration Expertise
If you need help with any phase of integrating your network with Google Cloud or other public cloud platform, call Progent at