<a href="https://colab.research.google.com/github/navyz/notebooks/blob/main/gcp_services.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

# Google Cloud services

## Storages

### Firestore
Document Database

* Servless
* Live synchronization and offline mode
* Powerful query engine
* Multi-region replication

### Firebase
* Mobile development platform
* Have 3 commons module with normal GCP project

### Cloud SQL
* Multiple zones
* Support: MySQL, Postgres, SQL Server

## Compute

### Cloud Run
* Abstract away all infrastructure management 
* Built upon the container and Knative open standards
* Deploy container images using the programming language of your choice

### Cloud Function
* Deploy snippets of code (functions) written in a limited set of programming languages
* Similar as Lambda

## Security

### Cloud Armor

| Features | Remark |
| --- | --- | 
| Protect data at transit | |
| Against Global Load Balancer |  |
| DDoS | AWS Shield |
| WAF | AWS WAF |
| Pre-configured WAF rules. OWASP Top 10 risks | Required |
| IP-based and geo-based access control |  |
| Support for hybrid and multicloud deployments |  |
| Managed Protection Plus for enterprise | 3000$ per month |
| Log in StackDriver |  |


### Web Sercurity Scanner

| Features | Remark |
| --- | --- | 
| Protect data at transit | |
| WAF | AWS Inspector |
| Free but limited vulnerability scanner |  |
| Supported services | GAE, GKE, GCE |
| Pre-configured WAF rules. OWASP Top 10 risks | Required |
| GET-only requests |  |


### Data lost prevention

| Features | Remark |
| --- | --- | 
| Protect data at rest | AWS Macie |
| Use machine learning |  |
| Data discovery and classification | |
| De-identify your data: redact, mask, tokenize, and transform text and images | |
| Pay as you go, servless|  |
| On and off the cloud |  |
| Text and images |  |


### Event Thread Protection

| Features | Remark |
| --- | --- | 
| Scan log for security detection | AWS Guard Duty |
| Malware, DDoS, port scanning, brute-force |  |


### Security Command Center

* Is a Security Information & Event Management System (SIEM)
* Similar services
  * AWS Security Hub
  * Splunk Enterprise Security
  * Sumo Logic



### KMS

* Regional & global
* Support HSM
* FIPS compliance

## Monitoring

### Audit log
| Features | Remark |
| --- | --- | 
| Admin log (eg. create new VM) | Required |
| System Event (eg. Auto scalling) | Required |
| Access transparency log (by Google support staff) | Required |
| BigQuery | Required |
| Data access | Custom |
| User defined | Custom |
| Required log | 400 days |
| Custom log | 30 days |

### Stack driver family
1. SD Logging
   * Base on Fluentd
   * Store, search, analyze, monitor, alert on log and events
   * Hybrid cloud
   * Scope: global
   * Similar as: AWS CloudWatch

2. SD Error Reporting
   * Error dashboard
   * Counts, analyze, aggregate, track crash
   * Alarm
   * Understand programming language
   * Support gcp, aws, on-premise
   * Similar: Rollbar, Bugsnag
3. SD Trace
   * Track call tree and ``latency`` across distributed system
   * Java, Node, Ruby, Go
   * Automatic captured for App Engine
   * Monitor ``performance``
   * Scope: global
   * Similar: AWS X-Ray, Zipkin, Open Tracking
4. SD Debugger
   * View the application state (variables) without adding logging statements.
   * Logpoint, conditional, source view
   * Support Java, Python, Node, Ruby
   * GCE, GKE, GAE
   * Automatic capture for App Engine
   * Scope: global
   * Support: github, gitlab, bitbucket, app engine
4. SD Profileer
   * Watch application CPU, memory
   * Low overhead (less than 5%)
   * Go, Java, Node, Python
   * Agent based
   * 30 days log
   * Free of chage


| Tool | Target | Method | Based on | Hybrid |
| --- | --- | --- | --- | --- |
| SD Logging | Log | SDK, role | fludentd | Yes |
| SD Error Reporting | Error | SDK |  | Yes |
| SD Trace | Performance | SDK | | - |
| SD Debugger | Debug | SDK | | Yes |
| SD Profiler | CPU/RAM |Agent|  | Yes |



## Development

### Deploy Management

1. Infrastructure as Service
2. Template based
3. Language supported: Yaml, Python, Jinja2, Json
4. Similar: AWS CloudFormation, HashiCorp TerraForm, Free of charge

### Billing API
1. Detial billing
2. Get list of billable SKU
3. Get public pricing
4. Regional availability

### Source repository
1. No pull requests
2. Auto sync from Bitbucket, Github
3. Integration with stackdriver debugger
4. Pay per active users + resources
5. No enhance feature like pull request


### Code build
1. CI/CD service
2. Can trigger from GitHub, BitBucket
3. Can build parallel for muiltiple source repos
4. Dockerfile built-in
5. Integrate with CCR
6. Build model: Pay per minutes, Free for 120 mins
7. Similar: AWS CodeBuild, Travis CI, Jenkins




### Google Container Registry
1. Google Container Registry
2. Stored in Cloud Storaged
3. Scope: Regional & Multi-regional
4. Similar: AWS ECR, Docker Hub

### Anthos

1. Unifies the management of infrastructure and applications
2. Multi-cloud + on-premise
3. Similar: AWS ECR, Docker Hub


### Cloud Endpoint

1. Handles authorization, monitoring, logging, AIP keys in GCP
2. Proxy base on LB
3. Use JWT
4. Integrate with firebase, Auth0, Google Auth
5. Extensible Service Proxy Container
6. Support both REST and gRPC
7. Similar: AWS API Gateway, Nginx

### Apigee

1. Full lifecycle api management
2. More powerful, more exepensive
3. Support both REST and gRPC
4. Support throttle, api versions
5. Similar: AWS API Gateway, AWS Shield, CA API Gateway



### Test Lab

1. For Android
2. Test with real devices
3. Similar: AWS Device Farm, Xamarin test cloud, Sauce Lab mobile testing


# Technologies used in Google Cloud

| Features | Remark |
| --- | --- | 
| Borg | cluster manager. Userd by Kubernetes |
| Spanner | globally-consistent, scalable regional database |
| Colossus | cluster-level file system |
| fluentd | logging |
| fluent-bit | logging, minified |
| loggingd | monitoring |


# Data & Data analytics

## Database


| Product | Remark | Similar |
| --- | --- | --- |
| CloudSQL | AWS Inspector | RDS |
| Cloud Spanner | Enterprise RDBM | Aurora |
| Cloud DataStore | Wide-column | DynamoDB |
| BigTable | Append only | DynamoDB |
| BigQuery | Rrelational structured data | Redshift |


## Data analytics


| Product | Purpose | Similar |
| --- | --- | --- |
| Datalab | - | Jupiter notebook |
| Google Data Studio | Dashboard, reporting | - |
| Looker | BI - third party | Anthena |
| Cloud Genomics | Genomics processing | - |
| BigQuery | Rrelational structured data | Athena, Redshift |


### Data processing


| Product | Purpose | Similar |
| --- | --- | --- |
| Dataprep (vendor) | data eingineering tool | MapReduce, AWS EMR |
| Dataflow | Batch data processing | Kinesis |
| Dataproc | Data processing | Hadoop, Spark |
| Data Composer | Orchestration | Datapipeline, Glue |
| Pub/Sub | Dashboard, reporting | Kinesis |


### Data migration

# Pricing

## Storage

| A | B | Compare |
| --- | --- | --- | 
| Class A | Class B | 10 times |
| Standard | Archived | 10 times |
| Standard | Coldline | 2 times |
| HD | Standard | 2 times |
| Firestore | Standard | 10 times |
| Snapshot | Standard | equal |

## Compute

| A | B | Compare |
| --- | --- | --- | 
| Standard | Preempty | > 3 times |
| Standard | Reserved | < 2 times |
| GKE | Compute | 2 times |
| GKE Demand | GKE reserved | 1.5 times |
| NVIDIA | Tesla | 8 times |
| GPU | CPU | 50 times |
| TPU | GPU | 5 times |


### xxx

| Features | Remark |
| --- | --- | 
| WAF | AWS Inspector |
| Free but limited vulnerability scanner |  |
| Supported services | GAE, GKE, GCE |
| Pre-configured WAF rules. OWASP Top 10 risks | Required |
| GET-only requests |  |


### xxx

| Features | Remark |
| --- | --- | 
| WAF | AWS Inspector |
| Free but limited vulnerability scanner |  |
| Supported services | GAE, GKE, GCE |
| Pre-configured WAF rules. OWASP Top 10 risks | Required |
| GET-only requests |  |


### xxx

| Features | Remark |
| --- | --- | 
| WAF | AWS Inspector |
| Free but limited vulnerability scanner |  |
| Supported services | GAE, GKE, GCE |
| Pre-configured WAF rules. OWASP Top 10 risks | Required |
| GET-only requests |  |


### xxx

| Features | Remark |
| --- | --- | 
| WAF | AWS Inspector |
| Free but limited vulnerability scanner |  |
| Supported services | GAE, GKE, GCE |
| Pre-configured WAF rules. OWASP Top 10 risks | Required |
| GET-only requests |  |


### xxx

| Features | Remark |
| --- | --- | 
| WAF | AWS Inspector |
| Free but limited vulnerability scanner |  |
| Supported services | GAE, GKE, GCE |
| Pre-configured WAF rules. OWASP Top 10 risks | Required |
| GET-only requests |  |
