Google Cloud Platform (GCP) is a popular set of cloud computing services that includes Infrastructure-as-a-Service and Platform-as-a-Service products. Google Cloud's share of the public cloud sector is behind only Amazon AWS and Microsoft Azure. As with competitors, GCP uses the same massive network infrastructure that hosts its core online applications. For Google, these apps include Google Search and YouTube. The GCB cloud stack has over 100 products that cover compute, data storage, database management, network infrastructure, business analytics, Big Data, machine learning (ML), artificial intelligence, access management, security, Internet of Things (IoT), and centralized tools.
Progent offers expertise helping organizations of all sizes to design, configure, tune, administer, and maintain IT environments based on a variety of network architectures including on-premises data centers, private clouds, one or more public clouds, or a hybrid mix of onsite and cloud-based infrastructure. Progent offers quick online or onsite access to high-level experts to assist you to assess the potential benefits and limitations of possible network architectures and understand the services and pricing structure of Google Cloud vs. other public cloud vendors.
Progent's certified Microsoft, Linux, and Cisco experts can help your organization to expand your existing IT resources with the Google Cloud, and Progent's database management consultants can help make your business-critical applications cloud capable so they can take full advantage of GCP services. Progent can assist you to set up virtual machines on GCP Compute Engine, plan a cost-effective storage solution using GCP Cloud Storage services, and streamline identity management with Google Cloud Identity. Progent can also help you to use GCP's unified tools to manage and monitor your GCP Cloud environment so it consistently delivers maximum business value.
Popular Services Offered for the Google Cloud Platform
Google Cloud offers over Infrastructure-as-a-Service and Platform-as-a-Service services covering virtually all areas of information technology including compute, storage, database management, networking, administration, cybersecurity, web, mobility, and development. GCP services are available on a subscription basis. As with other public cloud platforms, you pay for the resources you use. Important Google Cloud products and services for which Progent offers advanced consulting and debugging include:
Compute Engine is a service for running Windows and Linux VMs in the cloud, similar to Amazon EC2 or Azure Virtual Machines. Compute Engine virtual machines have transparent access to GCP block storage and advanced infrastructure. GCP Compute Engine offers three basic types of VMs in either pre-defined or custom sizes. Google's N2 type virtual machine is affordably priced and designed for common applications such as web hosting, business applications, and databases. The C2 type VM provides up to 60 virtual CPUs for compute-intensive apps such as electronic computer-aided design (ECAD) and simulations. GCP's M2 class virtual machine includes as much as 11.5 TB of RAM for memory-intensive apps such as in-memory databases or time-critical analytics. GCP's sole-tenant node product features a physical Compute Engine server dedicated to your exclusive use.
Key benefits of the Google Compute Engine include live VM migration, which lets you keep virtual machines on line even while undergoing scheduled maintenance, and preemptible virtual machines, low-priced virtual machine compute instances which last for up to 24 hours and are designed for running batch jobs that can be paused and continued intermittently without compromising operations.
Additional available benefits for Google Cloud Compute Engine include:
Google Cloud Storage is object storage that can scale to exabytes of data. All data placed in Google Cloud Cloud Storage are organized in containers referred to as buckets. Google Cloud provides four types of cloud storage, differentiated and priced according to the object's anticipated duration and its busy/dormant ratio. As you move along Google's storage classes from Standard to Archive storage, access costs go up, at-rest expense decrease, and required minimum storage duration increases. Google Cloud's storage classes allow you to manage costs by designing the appropriate cost/performance profile for your environment, and Google's Object Life Cycle Management tool enables you to program the progression of storage objects from hot to cold types as they age. All storage types feature worldwide accessibility, unlimited scale (but a size limit of 5 TB for any given object, no minimum object size, low latency, on-request geo-redundancy, and a common set of cloud security and management tools. One API works with all storage classes.
Standard Storage is the default type and is suited for objects used frequently or stored only briefly. There is no minimum storage time. To get the best performance and lowest network usage charges, Standard Storage data should reside in the same geographical location as the VM instances or the container clusters that use the data. Standard Storage delivers the highest average uptime across regions, dual-regions, and multi-regions. Nearline Storage is a economical storage type intended for data accessed only occasionally, preferably around once per month. Examples of appropriate use scenarios are monthly backup and archiving. At-rest costs are lower than with GCP's Standard Storage, but access is more expensive, availability is slightly less, and duration is a minimum of 30 days.
Coldline Storage provides very low storage pricing for dormant data and is suitable for situations where data are accessed no more frequently than once a quarter. Minimum storage duration is 90 days, availability is marginally less than with Google Cloud's Standard and Nearline Storage types, and access pricing is relatively high. Google's Archive Storage, which offers the least at-rest storage pricing and a minimum storage duration of one year, is the preferred storage service for data kept exclusively for backup or archive purposes. Data access costs for Archive Storage are the most of any GCP storage type.
Cloud Storage Encryption
Google Cloud Storage always encrypts stored data on the server side before placing it on disk. In addition to this routine encryption process, you can select more ways to encrypt your data. GCP offers two supplemental server-side encryption services that cause objects to be encrypted after arriving at Cloud Storage but before the data is written to disk. Google Cloud's Customer-supplied encryption keys enables you to create and manage your own encryption keys. Google Cloud's Customer-managed encryption keys option allows you to generate and control your encryption keys using Google's Cloud Key Management Service. Both these server-side encryption services provide an additional level of encryption above GCP's default Cloud Storage encryption.
If you use client-side encryption before transporting your data to GCP Cloud Storage, your pre-encrypted data will also be subject to server-side encryption.
Google Cloud Identity and Access Management (IAM) is Google's unified platform for managing access to resources and granting authority for users and services to use network resources for a specified period of time. Examples of Google Cloud resources are Compute Engine instances and Google Cloud Storage buckets. Centralized tools give admins the ability to manage access permissions for all services within GCP. Cloud IAM features high precision in designing policies to assign groups and users permissions to access only required resources while preventing access to unnecessary resources.
With Google Cloud Identity and Access Management, policies are made up of roles; roles are composed of permissions; and permissions are assigned to resources. Users or groups are assigned to policies, and through the policy they gain access to whatever resources their roles provide. As an example of Google Cloud IAM's role granularity, the Cloud Pub/Sub service can be accessed with a variety of usage right depending on whether a user or group has been given the role of Owner, Editor, Viewer, Publisher, or Subscriber.
Google Cloud Identity and Access Management policies are hierarchical, flowing downward from the organization to projects and lastly to resources. You can establish organization-wide policies, refine them as appropriate for a given project, and refine them further for a given resource. You can assign policies to individual resources, to a project, or at the organizational level. Policies you assign to an organization cascade down to projects within the organization and from there resources in those projects.
Additional refinement in controlling resource permissions is provided by allowing admins to factor in context such as device security status, IP address, resource class, and date/time. You can control permissions via the graphical interface of Google's web-based Cloud Console tool, via programming by using Google Cloud IAM methods, or through the gcloud command-line tool. Google Cloud IAM automatically creates a complete audit trail to facilitate regulatory compliance.
Cloud Identity and Access Management is provided without extra cost to all Google Cloud Platform customers.
Google Kubernetes Engine (GKE is a container service for orchestrating and managing containerized applications. Kubernetes was initially created by Google to automate container orchestration and was offered as open source at the end of 2014. Since that time Kubernetes has become the most popular solution for managing containerized applications.
Google Kubernetes Engine (GKE) is powered by Google's Container-Optimized OS and supports Certified Kubernetes, allowing workload portability to other Kubernetes platforms spanning cloud and local environments. To streamline development, prebuilt open-source deployment templates for enterprise-grade applications are offered on Google Cloud Marketplace.
The Migrate for Anthos tool, offered for free with GKE, allows you to migrate and port your applications easily from your current infrastructure into GKE containers. These workloads can be physical servers and VMs situated on-premises, in Google's Compute Engine, or in third-party clouds. Google Kubernetes Engine supports pod and cluster autoscaling for continuous analysis of the CPU and RAM usage of pods and for dynamically tuning processor and memory requests across multiple node pools.
Additional capabilities of Google Kubernetes Engine include preemptible VMs, persistent disks, always-encrypted local SSD block storage, global load balancing to optimize performance and availability, compatibility with both Windows and Linux nodes, the ability to run stateless serverless containers via the Google Cloud Run service, and usage metering for granular visibility into your Kubernetes clusters.
GKE is compliant with HIPAA and PCI DSS 3.1. For stronger security, GKE Sandbox provides an extra layer of protection between containerized Google Kubernetes Engine workloads. GKE clusters provide integrated support for Kubernetes Network Policy to filter traffic via pod-level firewall security policies. Private clusters in Google Kubernetes Engine can be limited to a private or public device with access limited to specified address ranges.
GKE is priced based on each Google Compute Engine instance in a cluster. Use of GCP Compute Engine resources is billed by the second with a one-minute minimum usage charge.
Cloud AI Building Blocks allow developers, even with little or no machine learning experience, to integrate Google's leading-edge AI capabilities into their applications. Essential services address vision, language, and speech. By using APIs, you can take advantage of Google's pre-trained models and avoid having to hassle with developing your own datasets from scratch and training and testing your own models. As Google's catalog of pre-trained models expands, you can immediately add leading-edge AI technology to your applications. In addition, Google AutoML products provide the tools you need to train, validate and deploy your custom domain-specific machine learning models. Developers can use any Google AI Building Block individually or in any combination with other AI Building Blocks depending on your business requirements.
For advanced imaging, Google Cloud AI Building Blocks offer the AutoML Vision and Vision API services that help you to extract insights from image libraries. Both products include REST and RPC APIs and enable your app to detect objects and their position within the image. AutoML Vision simplifies the training process for your home-grown machine learning (ML) models by providing an intuitive graphical interface. Once you optimize your models for accuracy, latency and size, you can export them to the Google Cloud or to a variety of edge devices.
Vision API offers programmatic access to Google's pre-trained machine learning models. You can rapidly classify images via Google's extensive collections of predefined labels. Google Cloud's Vision API uses OCR tools to identify text, in over 50 languages, embedded within your images. Used in conjunction with Google's Document Understanding AI technology, you can benefit from the same ML technology behind Google Search to extract useful insights from volumes of free-form documents. You can detect web objects and pages, distinguish a face from other items and detect facial attributes, and recognize product logos and popular landmarks. You can also recognize adult or violent content in images.
Google Cloud's AutoML Video Intelligence and Video Intelligence API services, which offer a comparably wide array of capabilities as Google's Vision services, make it easy to mine value from video files.
Language Products
Language is Google's wheelhouse, and Google's portfolio of AI Building Blocks understandably includes a rich suite of services. Google GCP language products include:
Progent can assist your organization to decide which of your applications are suited for Google Cloud and can show you how to make your legacy apps cloud ready. Progent has experience helping clients evaluate migrating to Google Cloud SQL, using Google Dataproc for local Hadoop, adopting Google Kubernetes Engine as a virtualization replacement, and deploying MongoDB Atlas on Google Cloud vs. on-premises MongoDB. Progent can provide as-needed remote consulting expertise for short-term tasks to help you quickly overcome occasional technical challenges or Progent can provide end-to-end project management consulting services to ensure your GCP deployment initiative is completed on time and within budget.
Some of most common technical issues organizations run into when integrating with GCP or other public cloud is setting up firewalls and VPN connections to provide users with convenient but protected access to cloud resources. Progent offers the services of Cisco-certified CCIE network infrastructure engineers and firewall specialists for security gateways from major vendors like Cisco, Palo Alto Networks, Check Point, WatchGuard, and Fortinet to help you to configure or troubleshoot firewalls for connecting to Google Cloud. To support BYOD computing, Progent's iPhone and iPad management consultants and Google Android integration experts can assist you to integrate and manage secure mobile endpoints for your Google Cloud users. Progent can work in conjunction with your internal IT staff and Google's support engineers to resolve Google Cloud integration problems rapidly and affordably.
Examples of online consulting expertise provided by Progent to assist organizations integrate their networks with GCP include:
Other leading cloud platforms supported by Progent include:
Progent's Azure integration consultants can assist you with any aspect of Azure cloud integration including requirements definition, readiness evaluation, system architecture, pilot testing, deployment, automated management, performance optimization, software license controls, disaster recovery strategies, security policy enforcement, and compliance validation. Progent can assist you to configure and troubleshoot firewalls and VPN connections so your users can securely connect to Azure-based resources, and Progent's Microsoft-certified consulting experts can help you integrate key Microsoft platforms to work in the cloud including Windows Server, Exchange Server, SQL Server and SharePoint. Progent can also help your organization to set up a hybrid environment that seamlessly integrates physical datacenters with Azure services.
Microsoft has made a strong effort to enable transparent hybrid networks that integrate Microsoft 365 Exchange Online and local installations of Exchange. This allows you to have certain mailboxes hosted on your on-premises datacenter and other mailboxes resident on Microsoft 365. Progent's Microsoft-certified consultants can help you with any facet of designing, implementing and troubleshooting your hybrid Microsoft 365/Exchange network. Progent's Exchange consultants can deliver occasional support to help you resolve stubborn technical bottlenecks and also can provide extensive project management outsourcing to ensure your hybrid Exchange solution is completed on schedule and within budget. For more information about Progent's consulting services for integrating Microsoft 365 Exchange and on-premises Exchange systems, see Microsoft 365 Exchange Online integration with on-prem Exchange.
Progent's certified Office and Microsoft 365 experts can help companies of any size to integrate Office desktop and Microsoft 365 apps such as Excel, Office Word, PowerPoint, Microsoft Outlook, Microsoft Access, Project and OneNote into a seamless solution that provides quick ROI and promotes improved business outcomes. Progent can assist you to integrate Microsoft Office or Microsoft 365 apps with each other and with other key Microsoft platforms including SharePoint Server, Exchange Server and SQL Server deployed on-premises or hosted in the cloud. Progent can also assist you to resolve compatibility issues with various releases of Office desktop and offers live online Office and Microsoft 365 training to individuals or teams.
Progent's Amazon AWS integration consultants can provide affordable remote support to help companies of any size to integrate Amazon Web Services (AWS) cloud services such as Elastic Compute Cloud (EC2) for virtual machine hosting, Amazon S3 for expandable cloud storage, and Glacier for value-priced archival storage. Progent can help you with every phase of Amazon AWS migration and troubleshooting including needs analysis, preparedness assessment, system design, pilot testing, configuration, administration, performance optimization, licensing management, disaster recovery solutions, and security. Progent offers advanced expertise with firewall configuration and VPN technology and can show you how to create all-cloud or hybrid environments that seamlessly incorporate Amazon AWS services. Progent can provide as-needed expertise or Progent can provide project management outsourcing services to help you migrate smoothly to the Amazon AWS cloud.
Amazon Marketplace Web Service (Amazon MWS) is a library of APIs that enables Amazon sellers to streamline their business processes by automating crucial sales activities such as listings, orders, shipments, fulfillment, and finances. By tapping into Amazon's extensive online selling environment and automating their sales processes, vendors can broaden their reach, lower their cost of sales, improve reaction time to customers, and add to their bottom line. Progent's Amazon Marketplace Web Service (Amazon MWS) developers can collaborate with your development team and provide application programming, workflow integration, project management support, and training to help you cut development time and expedite your ROI.
Contact Progent for Google Cloud Integration Expertise
If you need assistance with any aspect of integrating your IT system with Google Cloud Platform or other public cloud platform, call Progent at