Google Cloud Platform (GCP) is a leading suite of cloud computing services and offers Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) features. GCP's share of the public cloud market trails only Amazon Web Services (AWS) and Microsoft Azure. Like these competitors, GCP uses the same massive infrastructure that supports its most popular online applications. In Google's case, these include Google Search and YouTube. The GCB cloud stack includes over 100 services that cover compute, storage, database management, networking, analytics, Big Data, machine learning, AI, identity and security, Internet of Things (IoT), and management tools.
Progent has experience helping organizations of all sizes to plan, configure, test, tune, manage, and troubleshoot IT ecosystems that use a variety of network models including on-prem data centers, private clouds, one or multiple public clouds, or a hybrid mix of local and cloud-based resources. Progent can provide fast online or onsite access to seasoned experts who can assist you to assess the advantages and drawbacks of different network architectures and compare the feature set and pricing structure of Google Cloud Platform vs. alternative public cloud offerings.
Progent's certified Microsoft, Linux, and Cisco experts can help you integrate your current network infrastructure with the Google Cloud Platform, and Progent's database consultants can help make your business-critical applications cloud ready so they can take full advantage of GCP services. Progent can help you deploy virtual machines on GCP Compute Engine, design an efficient storage solution using GCP Cloud Storage services, and streamline identity management with GCP Cloud Identity. Progent can also help you use GCP's tools to manage and monitor your GCP environment so it continues to deliver maximum business value.
Key Services Available for the Google Cloud Platform
Google Cloud Platform offers more than 100 IaaS and PaaS services covering virtually all areas of information technology including compute, data and storage, networking, management, security, web, mobile, applications, and development. GCP services are available on a subscription basis. As with other public cloud services, you pay for what you use. Popular GCP products and services for which Progent offers advanced consulting and technical support include:
Compute Engine is an IaaS service for running Windows and Linux virtual machines in the cloud, comparable to Amazon EC2 or Azure Virtual Machines. Compute Engine VMs have seamless access to GCP block block storage and state-of-the-art network infrastructure. GCP offers three basic types of VMs in pre-defined or custom machine sizes. GCP's N2 type virtual machine is value priced and designed for general purpose applications like web hosting, business apps, and databases. The C2 type VM provides up to 60 virtual CPUs (vCPUs) for processor-intensive applications like electronic computer-aided design (ECAD) and simulations. Google's M2 type VM includes up to 11.5 TB of RAM for memory-intensive applications like in-memory databases or time-critical analytics. Google's sole-tenant node option provides a physical Compute Engine server for your exclusive use, which simplifies the deployment of bring-your-own-license scenarios.
Important features of the GCP Compute Engine include live VM migration, which keeps virtual machines working even during scheduled maintenance, and preemptible VMs, low-cost VM compute instances which last for up to 24 hours and are designed for running batch jobs that can be paused and resumed intermittently without impacting productivity. Other available features for GCP include always-encrypted local solid-state drive (SSD) block storage for high performance and security, graphics processing unit (GPU) accelerators that can be added to VM instances for CPU-intense applications like machine learning and 3D visualizations, global load balancing for maximizing performance and uptime at minimal cost, and Google Kubernetes Engine for managing and orchestrating Docker containers on Compute Engine VMs.
Pricing for Compute Engine services is based on per-second usage according to VM instances and types, disks and images, network usage, sole-tenant nodes, GPUs, plus other selected resources and usage patterns.
Google Cloud Storage is object storage that scales to exabytes of data. All data held in Google Cloud Storage are organized in containers known as buckets. GCP offers four classes of cloud storage, differentiated and priced according to the object's expected duration and access vs. at-rest ratio. As you move through the storage classes from Standard to Archive, access costs go up, at-rest costs go down, and minimum storage duration increases. GCP's storage classes allow you to manage costs by designing the optimal price/performance balance for your environment, and Google's Object Life Cycle Management feature allows you to automate the migration of storage objects from high-access to low-access classes over time. All classes feature worldwide accessibility, unlimited storage (but a maximum size limit of 5 TB for individual objects), no minimum object size, low latency, high durability, optional geo-redundancy, and a common set cloud security and management tools. A single API applies to all storage classes.
Standard Storage is the default class and is optimized for data accessed frequently (so-called "hot" storage) or stored only briefly. There is no minimum storage duration. For the best performance and lowest network charges, Standard Storage objects should reside in the same geographical location as the Compute Engine instances or the container clusters that use the data. Standard Storage offers the highest average availability across regions, dual-regions, and multi-regions. Nearline Storage is a low-cost storage option intended for data accessed only occasionally, ideally once per month or less. Examples of suitable use cases are periodic backup and archiving. At-rest costs are lower than with Standard Storage, but data access is more expensive, availability is marginally lower, and storage duration is a minimum of 30 days.
Coldline Storage offers very low storage costs for at-rest data and is suitable for scenarios where objects are accessed no more frequently than once a quarter. Minimum storage duration is 90 days, availability is marginally lower than with Standard and Nearline Storage, and access costs are relatively high. Archive Storage, which features the lowest at-rest storage costs and a minimum storage duration of one year, is the preferred storage class for data held exclusively for backup or archive purposes. Access costs for Archive Storage are the highest of any storage class.
Cloud Storage Encryption
GCP Cloud Storage always encrypts data on the server side prior to writing it to disk. In addition to this standard encryption, you can select other ways to encrypt your data. There are two server-side encryption options that cause data to be encrypted after arriving at Cloud Storage but before the data is stored to disk. The Customer-supplied encryption keys allows you to create and manage your own encryption keys. The Customer-managed encryption keys option allows you to generate and manage your encryption keys via Google's Cloud Key Management Service. Both these server-side encryption options create an additional layer of encryption above standard Cloud Storage encryption.
If you use client-side encryption before sending data to GCP Cloud Storage, your encrypted data will also undergo server-side encryption.
Google Cloud Identity and Access Management (IAM) is Goole's unified system for managing access to resouces and assigning permissions for users and services to access resources for a specified duration. Examples of GCP resources are Compute Engine instances and Cloud Storage buckets. Centralized and consistent tools give administrators control over access rights for all services available within the Google Cloud Platform. Cloud IAM offers fine granularity in creating policies to assign groups and users permissions to access task-relevant resources while blocking access to unnecessary resources.
With Cloud IAM, policies are made up of roles; roles are made up of permissions; permissions are assigned to resources. Users or groups are added to policies, and through the policy they gain access to the specific resources the roles give them. As an example of Cloud IAM's role granularity, the Cloud Pub/Sub service can be accessed with a variety of permissions depending on whether a user or group has been assigned the role of Owner, Editor, Viewer, Publisher, or Subscriber.
Cloud IAM policies are hierarchical, flowing down from the organization to projects and then to resources. You can establish organization-wide policies, refine them for a given project, and tune them for a specific resource. You can assign access policies to individual resources, to a project, or at organizational level. Policies assigned to an organization cascade down to projects in the organization and then to resources in those projects.
Further refinement in managing resource permissions is provided by allowing admins to factor in contextual attributes like device security status, IP address, resource class, and date/time. You can manage access rights by using the graphical interface of the web-based Google Cloud Console, via programming by using Cloud IAM methods, or through the gcloud command-line tool. Cloud IAM automatically creates a full audit trail to simplify compliance.
Cloud IAM is provided without extra cost to all GCP customers.
Google Kubernetes Engine (GKE) is a Docker container service for running containerized applications. Kubernetes was originally developed by Google to automate container orchestration and was made available as open source in 2014. Since then Kubernetes has become the leading platform for managing containerized workloads.
Google Kubernetes Engine GKE is powered by Google's Container-Optimized OS and runs Certified Kubernetes, ensuring workload portability to other Kubernetes platforms spanning cloud and on-premises environments. To accelerate development, prebuilt open-source deployment templates for commercial applications are available on Google Cloud Marketplace.
The Migrate for Anthos service, available for free with GKE, allows you to move and convert your workloads directly from your current infrastructure into GKE containers. These workloads can include physical servers and virtual machines located on-premises, in GCP's Compute Engine, or in third-party clouds. GKE supports pod and cluster autoscaling for continuously analyzing the CPU and memory usage of pods and dynamically adjusting CPU and memory requests across multiple node pools.
Other features of GKE include preemptible VMs, persistent disks, always-encrypted local solid-state drive (SSD) block storage, global load balancing to maximize performance and availability, support for both Windows Server and Linux nodes, the ability to run stateless serverless containers with the GCP Cloud Run service, and usage metering for fine-grained visibility into your Kubernetes clusters.
GKE is compliant with HIPAA and PCI DSS 3.1. For enhanced cyber security, GKE Sandbox delivers an additional layer of protection between containerized GKE workloads. GKE clusters offer native support for Kubernetes Network Policy to filter traffic by applying pod-level firewall policies. Private clusters in GKE can be limited to a private or public endpoint accessible only to specified address ranges.
GKE charges for each Google Compute Engine instance in a cluster. Compute Engine resources are billed on a per-second basis with a one-minute minimum usage cost.
Cloud AI Building Blocks allow developers, even without machine learning (ML) backgrounds, to incorporate Google's leading-edge AI capabilities into their applications. Core capabilities cover vision, language, and conversation. By using APIs you can access Google's pre-trained models and avoid having to deal with developing your own datasets and training your own models. As Google's library of pre-trained models expands, you can immediately add state-of-the-art AI technology to your apps. You can also train and deploy your own domain-specific custom machine learning models by using Google's Cloud AutoML products, which use Google's advanced transfer learning and neural architecture search technology. AI Building Blocks can be used individually or in combination, according to your business requirements.
As examples of AI Building Blocks, Google Cloud offers the AutoML Vision and Vision API products that help you derive useful intelligence from your images. Both products use REST and RPC APIs and allow your app to detect objects and their location within the image. AutoML Vision streamlines the training process for your home-grown machine learning models by providing an intuitive graphical interface. Once you optimize your models for accuracy, latency and size, you can export them to the cloud or to various edge devices.
Vision API offers programmatic access to pre-trained machine learning models. You can classify images using Google's giant libraries of predefined labels. Vision API uses OCR technology to identify text in over 50 languages embedded within images. Combined with Google's Document Understanding AI technology, you can use the same ML technology behind Google Search to extract actionable insights from masses of unstructured documents and to automate compliance workflows. You can detect web entities and pages, distinguish a face from other objects and detect facial attributes (but not facial recognition except for celebrities), and identify famous landmarks and product logos. You can also detect adult or violent content in images.
Google's AutoML Video Intelligence and Video Intelligence API products, which offer a similarly extensive range of features as the Vision products, make it easier to search and extract value from your video library.
Language Products
Language is Google's wheelhouse, and Google's portfolio of AI Building Blocks predictably includes a potent arsenal of products. Language products include:
Progent can help you decide which of your applications are appropriate for GCP and can help you make your legacy applications cloud ready. Progent has experience helping clients evaluate running Cloud SQL as a replacement for hundreds of MySQL databases, Google Dataproc for on-premises Hadoop, Google Kubernetes Engine as a virtualization replacement, and MongoDB Atlas on GCP vs. local MongoDB. Progent can provide on-demand remote consulting expertise for small tasks to help you quickly overcome technical hurdles or Progent can deliver end-to-end project management outsourcing or co-sourcing services to ensure your GCP integration initiative is successfully completed on time and within budget.
Among the most common technical problems organizations run into when migrating to Google Cloud Platform or other public clouds is reconfiguring firewalls and VPN tunnels to provide users with secure access to cloud resources. Progent can provide the services of Cisco-certified CCIE network consultants and firewall experts for security appliances from major vendors like Palo Alto Networks, Barracuda, Fortinet, Cisco, SonicWall, WatchGuard, and Check Point to help you set up or debug firewalls for connecting to GCP. To support BYOD computing, Progent's iPhone and iPad technology consultants and Android integration experts can help you integrate and manage secure mobile endpoints for your GCP users. Progent can set up remote access to your GCP computers and work in concert with your in-house technical staff and Google's support engineers to resolve GCP integration problems quickly and affordably.
Examples of online consulting services offered by Progent to help businesses integrate their networks with Google Cloud Platform include:
Other public cloud platforms supported by Progent include:
Progent's Microsoft Azure cloud integration experts can assist you with any aspect of Microsoft Azure migration including requirements definition, prerequisites evaluation, solution design, pre-production testing, deployment, automated administration, performance tuning, software license management, disaster recovery preparedness, security planning, and regulatory compliance validation. Progent can assist your IT staff to set up and troubleshoot firewall appliances and VPN tunnels so your users can securely access to Azure resources, and Progent's Microsoft-certified consulting experts can help you set up critical Microsoft platforms to work in Azure including Windows Server, Exchange, SQL Server and SharePoint. Progent can also assist you to set up a hybrid environment that seamlessly combines on-premises datacenters with Azure services.
Microsoft has made a strong effort to enable seamless hybrid ecosystems that combine Microsoft 365 Exchange Online and on-premises installations of Exchange. This permits you to have some Exchange mailboxes hosted on your corporate datacenter and other mailboxes resident on Microsoft 365. Progent's Microsoft-certified consulting team can help you with any facet of planning, implementing and troubleshooting your hybrid Exchange solution. Progent's Exchange specialists can provide as-needed expertise to help you through stubborn technical problems and also offer extensive project management outsourcing to ensure your hybrid Exchange initiative is completed on schedule and on budget. To find out more about Progent's consulting expertise for hybrid Microsoft 365 Exchange and on-premises Exchange environments, go to Microsoft 365 Exchange Online integration solutions with on-premises Exchange.
Progent's certified Microsoft Office and Microsoft 365 consultants can assist companies to integrate Office desktop and Microsoft 365 apps such as Excel, Word, PowerPoint, Microsoft Outlook, Microsoft Access, Project and Publisher into a cohesive productivity solution that offers quick ROI and enables improved business results. Progent can help you to interface Microsoft Office or Microsoft 365 apps with each other and with other core Microsoft technologies such as SharePoint, Exchange Server and Microsoft SQL Server deployed on-premises or in the cloud. Progent can also assist you to resolve compatibility problems with various versions of Office desktop and offers live online Microsoft Office and Microsoft 365 training to individual users or groups.
Progent's Amazon Web Services (AWS) integration experts offer cost-effective online support to assist companies of any size to access Amazon Web Services (AWS) cloud services including Elastic Compute Cloud (EC2) for virtual machine hosting, Amazon S3 for expandable cloud storage, and Amazon Glacier for low-cost archival storage. Progent can help your IT team with every aspect of Amazon AWS migration and troubleshooting including needs analysis, preparedness assessment, architectural design, pilot testing, deployment, administration, performance tuning, software license management, disaster recovery mechanisms, and security and compliance. Progent offers advanced expertise with firewall configuration and VPN technology and can show you how to deploy cloud-centric or hybrid environments that efficiently incorporate Amazon AWS resources. Progent can provide as-needed consulting or Progent can provide project management outsourcing or co-sourcing services to help you move smoothly to the Amazon AWS cloud.
Amazon Marketplace Web Service (Amazon MWS) is an integrated library of APIs that allows Amazon sellers to improve the efficiency of their business processes by automating key sales activities including listings, orders, shipments, inbound and outbound fulfillment, and finances. By tapping into Amazon's extensive online ecosystem and automating their sales, merchants can expand their market, reduce their cost of sales, accelerate response time to customers, and add to their profits. Progent's Amazon Marketplace Web Service consultants can work with your development team and provide application programming, workflow integration, project management support, and training so you can cut development time and costs and expedite your ROI.
Contact Progent for Google Cloud Integration Consulting
If you need help with any aspect of integrating your network with Google Cloud Platform or other public cloud service, call Progent at