Google Cloud Platform (GCP) is a leading suite of cloud computing services and offers Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) features. GCP's share of the public cloud market trails only Amazon Web Services (AWS) and Microsoft Azure. Like these competitors, GCP uses the same massive infrastructure that supports its most popular online applications. In Google's case, these include Google Search and YouTube. The GCB cloud stack includes over 100 services that cover compute, storage, database management, networking, analytics, Big Data, machine learning, AI, identity and security, Internet of Things (IoT), and management tools.
Progent has experience helping organizations of all sizes to plan, configure, test, tune, manage, and troubleshoot IT ecosystems that use a variety of network models including on-prem data centers, private clouds, one or multiple public clouds, or a hybrid mix of local and cloud-based resources. Progent can provide fast online or onsite access to seasoned experts who can assist you to assess the advantages and drawbacks of different network architectures and compare the feature set and pricing structure of Google Cloud Platform vs. alternative public cloud offerings.
Progent's certified Microsoft, Linux, and Cisco experts can help you integrate your current network infrastructure with the Google Cloud Platform, and Progent's database consultants can help make your business-critical applications cloud ready so they can take full advantage of GCP services. Progent can help you deploy virtual machines on GCP Compute Engine, design an efficient storage solution using GCP Cloud Storage services, and streamline identity management with GCP Cloud Identity. Progent can also help you use GCP's tools to manage and monitor your GCP environment so it continues to deliver maximum business value.
Key Services Available for the Google Cloud Platform
Google Cloud Platform offers more than 100 IaaS and PaaS services covering virtually all areas of information technology including compute, data and storage, networking, management, security, web, mobile, applications, and development. GCP services are available on a subscription basis. As with other public cloud services, you pay for what you use. Popular GCP products and services for which Progent offers advanced consulting and technical support include:
Compute Engine is an IaaS service for running Windows and Linux virtual machines in the cloud, comparable to Amazon EC2 or Azure Virtual Machines. Compute Engine VMs have seamless access to GCP block block storage and state-of-the-art network infrastructure. GCP offers three basic types of VMs in pre-defined or custom machine sizes. GCP's N2 type virtual machine is value priced and designed for general purpose applications like web hosting, business apps, and databases. The C2 type VM provides up to 60 virtual CPUs (vCPUs) for processor-intensive applications like electronic computer-aided design (ECAD) and simulations. Google's M2 type VM includes up to 11.5 TB of RAM for memory-intensive applications like in-memory databases or time-critical analytics. Google's sole-tenant node option provides a physical Compute Engine server for your exclusive use, which simplifies the deployment of bring-your-own-license scenarios.
Important features of the GCP Compute Engine include live VM migration, which keeps virtual machines working even during scheduled maintenance, and preemptible VMs, low-cost VM compute instances which last for up to 24 hours and are designed for running batch jobs that can be paused and resumed intermittently without impacting productivity. Other available features for GCP include always-encrypted local solid-state drive (SSD) block storage for high performance and security, graphics processing unit (GPU) accelerators that can be added to VM instances for CPU-intense applications like machine learning and 3D visualizations, global load balancing for maximizing performance and uptime at minimal cost, and Google Kubernetes Engine for managing and orchestrating Docker containers on Compute Engine VMs.
Pricing for Compute Engine services is based on per-second usage according to VM instances and types, disks and images, network usage, sole-tenant nodes, GPUs, plus other selected resources and usage patterns.
Google Cloud Storage is object storage that scales to exabytes of data. All data held in Google Cloud Storage are organized in containers known as buckets. GCP offers four classes of cloud storage, differentiated and priced according to the object's expected duration and access vs. at-rest ratio. As you move through the storage classes from Standard to Archive, access costs go up, at-rest costs go down, and minimum storage duration increases. GCP's storage classes allow you to manage costs by designing the optimal price/performance balance for your environment, and Google's Object Life Cycle Management feature allows you to automate the migration of storage objects from high-access to low-access classes over time. All classes feature worldwide accessibility, unlimited storage (but a maximum size limit of 5 TB for individual objects), no minimum object size, low latency, high durability, optional geo-redundancy, and a common set cloud security and management tools. A single API applies to all storage classes.
Standard Storage is the default class and is optimized for data accessed frequently (so-called "hot" storage) or stored only briefly. There is no minimum storage duration. For the best performance and lowest network charges, Standard Storage objects should reside in the same geographical location as the Compute Engine instances or the container clusters that use the data. Standard Storage offers the highest average availability across regions, dual-regions, and multi-regions. Nearline Storage is a low-cost storage option intended for data accessed only occasionally, ideally once per month or less. Examples of suitable use cases are periodic backup and archiving. At-rest costs are lower than with Standard Storage, but data access is more expensive, availability is marginally lower, and storage duration is a minimum of 30 days.
Coldline Storage offers very low storage costs for at-rest data and is suitable for scenarios where objects are accessed no more frequently than once a quarter. Minimum storage duration is 90 days, availability is marginally lower than with Standard and Nearline Storage, and access costs are relatively high. Archive Storage, which features the lowest at-rest storage costs and a minimum storage duration of one year, is the preferred storage class for data held exclusively for backup or archive purposes. Access costs for Archive Storage are the highest of any storage class.
Cloud Storage Encryption
GCP Cloud Storage always encrypts data on the server side prior to writing it to disk. In addition to this standard encryption, you can select other ways to encrypt your data. There are two server-side encryption options that cause data to be encrypted after arriving at Cloud Storage but before the data is stored to disk. The Customer-supplied encryption keys allows you to create and manage your own encryption keys. The Customer-managed encryption keys option allows you to generate and manage your encryption keys via Google's Cloud Key Management Service. Both these server-side encryption options create an additional layer of encryption above standard Cloud Storage encryption.
If you use client-side encryption before sending data to GCP Cloud Storage, your encrypted data will also undergo server-side encryption.
Google Cloud Identity and Access Management (IAM) is Goole's unified system for managing access to resouces and assigning permissions for users and services to access resources for a specified duration. Examples of GCP resources are Compute Engine instances and Cloud Storage buckets. Centralized and consistent tools give administrators control over access rights for all services available within the Google Cloud Platform. Cloud IAM offers fine granularity in creating policies to assign groups and users permissions to access task-relevant resources while blocking access to unnecessary resources.
With Cloud IAM, policies are made up of roles; roles are made up of permissions; permissions are assigned to resources. Users or groups are added to policies, and through the policy they gain access to the specific resources the roles give them. As an example of Cloud IAM's role granularity, the Cloud Pub/Sub service can be accessed with a variety of permissions depending on whether a user or group has been assigned the role of Owner, Editor, Viewer, Publisher, or Subscriber.
Cloud IAM policies are hierarchical, flowing down from the organization to projects and then to resources. You can establish organization-wide policies, refine them for a given project, and tune them for a specific resource. You can assign access policies to individual resources, to a project, or at organizational level. Policies assigned to an organization cascade down to projects in the organization and then to resources in those projects.
Further refinement in managing resource permissions is provided by allowing admins to factor in contextual attributes like device security status, IP address, resource class, and date/time. You can manage access rights by using the graphical interface of the web-based Google Cloud Console, via programming by using Cloud IAM methods, or through the gcloud command-line tool. Cloud IAM automatically creates a full audit trail to simplify compliance.
Cloud IAM is provided without extra cost to all GCP customers.
Google Kubernetes Engine (GKE) is a Docker container service for running containerized applications. Kubernetes was originally developed by Google to automate container orchestration and was made available as open source in 2014. Since then Kubernetes has become the leading platform for managing containerized workloads.
Google Kubernetes Engine GKE is powered by Google's Container-Optimized OS and runs Certified Kubernetes, ensuring workload portability to other Kubernetes platforms spanning cloud and on-premises environments. To accelerate development, prebuilt open-source deployment templates for commercial applications are available on Google Cloud Marketplace.
The Migrate for Anthos service, available for free with GKE, allows you to move and convert your workloads directly from your current infrastructure into GKE containers. These workloads can include physical servers and virtual machines located on-premises, in GCP's Compute Engine, or in third-party clouds. GKE supports pod and cluster autoscaling for continuously analyzing the CPU and memory usage of pods and dynamically adjusting CPU and memory requests across multiple node pools.
Other features of GKE include preemptible VMs, persistent disks, always-encrypted local solid-state drive (SSD) block storage, global load balancing to maximize performance and availability, support for both Windows Server and Linux nodes, the ability to run stateless serverless containers with the GCP Cloud Run service, and usage metering for fine-grained visibility into your Kubernetes clusters.
GKE is compliant with HIPAA and PCI DSS 3.1. For enhanced cyber security, GKE Sandbox delivers an additional layer of protection between containerized GKE workloads. GKE clusters offer native support for Kubernetes Network Policy to filter traffic by applying pod-level firewall policies. Private clusters in GKE can be limited to a private or public endpoint accessible only to specified address ranges.
GKE charges for each Google Compute Engine instance in a cluster. Compute Engine resources are billed on a per-second basis with a one-minute minimum usage cost.
Cloud AI Building Blocks allow developers, even without machine learning (ML) backgrounds, to incorporate Google's leading-edge AI capabilities into their applications. Core capabilities cover vision, language, and conversation. By using APIs you can access Google's pre-trained models and avoid having to deal with developing your own datasets and training your own models. As Google's library of pre-trained models expands, you can immediately add state-of-the-art AI technology to your apps. You can also train and deploy your own domain-specific custom machine learning models by using Google's Cloud AutoML products, which use Google's advanced transfer learning and neural architecture search technology. AI Building Blocks can be used individually or in combination, according to your business requirements.
As examples of AI Building Blocks, Google Cloud offers the AutoML Vision and Vision API products that help you derive useful intelligence from your images. Both products use REST and RPC APIs and allow your app to detect objects and their location within the image. AutoML Vision streamlines the training process for your home-grown machine learning models by providing an intuitive graphical interface. Once you optimize your models for accuracy, latency and size, you can export them to the cloud or to various edge devices.
Vision API offers programmatic access to pre-trained machine learning models. You can classify images using Google's giant libraries of predefined labels. Vision API uses OCR technology to identify text in over 50 languages embedded within images. Combined with Google's Document Understanding AI technology, you can use the same ML technology behind Google Search to extract actionable insights from masses of unstructured documents and to automate compliance workflows. You can detect web entities and pages, distinguish a face from other objects and detect facial attributes (but not facial recognition except for celebrities), and identify famous landmarks and product logos. You can also detect adult or violent content in images.
Google's AutoML Video Intelligence and Video Intelligence API products, which offer a similarly extensive range of features as the Vision products, make it easier to search and extract value from your video library.
Language Products
Language is Google's wheelhouse, and Google's portfolio of AI Building Blocks predictably includes a potent arsenal of products. Language products include:
Progent can help you decide which of your applications are appropriate for GCP and can help you make your legacy applications cloud ready. Progent has experience helping clients evaluate running Cloud SQL as a replacement for hundreds of MySQL databases, Google Dataproc for on-premises Hadoop, Google Kubernetes Engine as a virtualization replacement, and MongoDB Atlas on GCP vs. local MongoDB. Progent can provide on-demand remote consulting expertise for small tasks to help you quickly overcome technical hurdles or Progent can deliver end-to-end project management outsourcing or co-sourcing services to ensure your GCP integration initiative is successfully completed on time and within budget.
Among the most common technical problems organizations run into when migrating to Google Cloud Platform or other public clouds is reconfiguring firewalls and VPN tunnels to provide users with secure access to cloud resources. Progent can provide the services of Cisco-certified CCIE network consultants and firewall experts for security appliances from major vendors like Palo Alto Networks, Barracuda, Fortinet, Cisco, SonicWall, WatchGuard, and Check Point to help you set up or debug firewalls for connecting to GCP. To support BYOD computing, Progent's iPhone and iPad technology consultants and Android integration experts can help you integrate and manage secure mobile endpoints for your GCP users. Progent can set up remote access to your GCP computers and work in concert with your in-house technical staff and Google's support engineers to resolve GCP integration problems quickly and affordably.
Examples of online consulting services offered by Progent to help businesses integrate their networks with Google Cloud Platform include:
Other public cloud platforms supported by Progent include:
Progent's Azure cloud planning and integration experts can assist you with any aspect of Microsoft Azure integration including needs definition, readiness assessment, solution design, pre-production testing, implementation, automated management, performance optimization, software license management, disaster recovery preparedness, security planning, and regulatory compliance assessment. Progent can assist your IT staff to set up and troubleshoot firewalls and VPN tunnels so your clients can securely access to Azure-based services, and Progent's Microsoft-certified consultants can help you set up key Microsoft technologies to work in Azure including Microsoft Windows Server, Exchange, SQL and Skype for Business. Progent can also help you to set up a hybrid environment that transparently integrates physical datacenters with Azure services.
Microsoft has made a strong effort to enable transparent hybrid ecosystems that integrate Microsoft 365 Exchange Online and local Exchange. This allows you to have specific Exchange mailboxes hosted on your on-premises datacenter or private cloud and other mailboxes hosted by Microsoft 365. Progent's certified Exchange consultants can help your organization with any facet of planning, integrating and debugging your hybrid Exchange solution. Progent's Exchange consultants can deliver occasional support to help you through challenging technical problems and also can provide comprehensive project management outsourcing or co-sourcing to ensure your hybrid Exchange initiative is successfully completed on time and on budget. For more information about Progent's online consulting services for hybrid Microsoft 365 Exchange and on-premises Exchange environments, refer to Microsoft 365 Exchange Online integration solutions with on-prem Exchange.
Progent's certified Office and Microsoft 365 consultants can assist businesses to incorporate Microsoft Office desktop and Microsoft 365 apps such as Office Excel, Word, PowerPoint, Outlook, Microsoft Access, Project and OneNote into a seamless solution that provides quick return on investment and promotes better business results. Progent can assist your company to integrate Office or Microsoft 365 apps with each other and with additional core Microsoft platforms such as SharePoint Server, Microsoft Exchange Server and Microsoft SQL Server deployed on-premises or in the cloud. Progent's consultants can also assist you to fix compatibility issues between various releases of Office desktop and can provide live online Office and Microsoft 365 instruction to individuals and groups.
Progent's Amazon Web Services (AWS) integration experts can provide affordable remote support to help companies of any size to access Amazon Web Services (AWS) cloud services such as Elastic Compute Cloud (EC2) for virtual machine hosting, Amazon S3 for scalable high-performance storage, and Amazon Glacier for low-cost archival storage. Progent can assist you with every aspect of Amazon AWS integration including needs analysis, readiness evaluation, system design and review, pilot testing, deployment, centralized administration, performance tuning, software license management, disaster recovery solutions, and security and compliance. Progent offers advanced expertise with firewalls and VPN access and can help you deploy cloud-centric or hybrid networking models that efficiently incorporate Amazon AWS resources. Progent offers as-needed support or Progent can deliver project management outsourcing or co-sourcing to help you migrate efficiently to the Amazon AWS cloud platform.
Amazon Marketplace Web Service is a collection of APIs that enables Amazon sellers to streamline their business processes by automating key sales activities such as listings, orders, shipments, fulfillment, and reports. By tapping into Amazon's vast online selling environment and automating their sales processes, vendors can expand their reach, reduce their operating costs, accelerate reaction time to customers, and increase their profits. Progent's Amazon Marketplace Web Service developers can work with your development staff and provide programming, workflow integration, project management support, and mentoring so you can shorten development time and costs and expedite your ROI.
Contact Progent for Google Cloud Integration Consulting
If you need help with any aspect of integrating your network with Google Cloud Platform or other public cloud service, call Progent at