DOCSLIB.ORG

Google Cloud Security IACA 2018

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Google Cloud Security IACA 2018 Google Cloud Security IACA 2018 Jack OConnell Google Account Executive Brad Schmerbeck, CISSP Google Solutions Engineer Confidential & Proprietary Agenda: ● Why Google? ● Google’s Security Approach ● BeyondCorp ● Cloud Identity - IAM in the Cloud ● Cloud Security Command Center & Forseti ● Q & A Confidential & Proprietary 7 Cloud products with 1 billion users Confidential & Proprietary Ecosystem & Content Confidential & Proprietary Chrome & Google Cloud G Suite Maps Devices Platform Unlock hidden A suite of tools built to Chromebooks, Android Build and host meaning help employees and purpose built applications and in your data and see communicate and devices that allow websites, store data, information in more collaborate more employees to work and analyze data on insightful, actionable effectively. from anywhere, Google's scalable ways. anytime. infrastructure. Connect Access Visualize Build Enable enterprise growth with all of Google’s technology infrastructure built for cloud Confidential & Proprietary Cloud First Open Standards Performance Infrastructure Security Machine Learning Cost Serverless Computing trends toward pay-as-you-go, fully automated services Now Next Storage Processing Memory Network Storage Processing Memory Network Physical/Colo Virtualized Serverless User-configured, managed, and maintained Fully automated Proprietary + Confidential © 2017 Google Inc. All rights reserved. Google and the Google logo are trademarks of Google Inc. All other company and product names may be trademarks of the respective companies with which they are associated. How Google Approaches Security 8 Confidential & Proprietary Your trusted security partner Google Cloud Platform G Suite Chrome & Android Confidential & Proprietary Defense in depth by default Operational and Device Security Internet Communication Storage Identity Services Hardware Infrastructure Service Deployment Confidential & Proprietary Purpose-built hardware infrastructure Provenance from the bottom of the stack to the top Purpose-built Purpose-built Purpose-built Purpose-built Purpose-built chips servers storage network data centers Reduced “vendor in the middle” risk Confidential & Proprietary End-to-end encryption by default All connections to Google Data is chunked and each Data encryption keys Encrypted chunks and wrapped Cloud require TLS chunk is encrypted with its (DEKs) are wrapped using a encryption keys are distributed across own data encryption key key encryption key (KEK) Google’s storage infrastructure. Confidential & Proprietary Fully-automated management Finer-grained customer control Default Customer-managed Customer-supplied Google encryption encryption keys (CMEKs) encryption keys (CSEKs) using Cloud KMS Only on GCP First on GCP Enjoy world-class Keep keys in the cloud, Keep keys on premise, encryption without further for direct use by and use them to encrypt need for configurations cloud services your cloud services By default Now generally Available for Cloud Storage available and Compute Engine Now with partner integrations © 2018 Google LLC. All rights reserved. Google Cloud Network Carries more than 25% of the world’s internet traffic Google’s network... Carries >25% of all internet traffic How do you spot Scans 694,000 Web pages every minute for malicious intent threats fast? Checks 400+ Million Android devices for health every day Protect more when Defends 1B+ Gmail accounts & Chrome users you see more. Encrypts all data at rest and in transit Operates 4x faster than the public internet 17 Confidential & Proprietary Google: Threat Detection and Mitigation at Scale 694,000 2 Billion 400+ Million 10+ Million Web pages scanned Devices protected with Android devices checked for Spam messages stopped for harm every minute safebrowsing technology daily health every day every minute 1000x+ Network Capacity beyond the largest DDoS attack ever recorded 18 Proprietary + Confidential Confidential & Proprietary The Threat Matrix Evermore frequent and larger incidents Identities and access, Data, and Resources Who is the attacker? How are they attacking? What do they want? Lone-wolves DDoS $$$$$ Script kiddies Spear-phishing Intellectual property Insider Risk Malware Espionage Hacktivist groups XSS Vandalism Malicious users Man-in-the-middle Public perception Criminal organizations User error Notoriety Nation-state actors Social ... ... 0-days ... 19 Proprietary + Confidential Result: End-to-end security Chips Servers Network Applications Devices Confidential & Proprietary Find vulnerabilities that impact everyone 21 Third-party audits and certification ISO 27001 ISAE 3402 Type II PCI DSS v3.2 FedRAMP ATO ISO 27017 AICPA SOC ISO 27018 AICPA SOC MTCS Level 3 HIPAA SSAE 15 Type II CSA STAR 22 BeyondCorp ...what is it? How many enterprises are probably set up But there are issues with this approach... Four issues are wrecking the castle approach Cloud services Mobile workforce Breaches Plethora of devices And we came to the realization that …. drumroll .... Beyondcorp’s realization... WALLS DON’T WORK A different approach Google’s six year BeyondCorp mission (2011-2017) To have every Google employee work successfully from untrusted networks without use of a VPN. I feel like I’ve heard this before... Similar visions of the future BeyondCorp Zero Trust Model Software Defined Perimeter Sounds like what Jason Truppi said – “segmenting each individual device”... Access Yesterday: On-prem walled gardens Employee ERP SERVER VPN Identity CRM SERVER On Prem What about contractors? Evolution: Not just employees with corporate devices Unintended CRM access for contractor Employee ERP SERVER VPN Identity CRM Contractor SERVER On Prem What about the cloud? Evolution: Infra leaves the building ERP VM CRM VM Employee VPN Identity Contractor On Prem What about Identity Management in the Cloud? Evolution: Identity leaves the building ERP VM CRM Identity VM Employee Now everything is over the internet! Contractor How’s this secure without a castle? Where Are The Risks? XSS/SQL injection? ERP Man in the Middle? VM Phishing? Malware? CRM Identity VM Employee No chokepoint to enforce access control? Contractor What should I do? App Security Solutions Scans ERP TLS VM Security Device Key management CRM Access Proxy Identity VM Employee IAP - Identity-Aware Proxy for access control, TLS termination, based on BeyondCorp vision Contractor So what’s the ideal scenario? Ideal access policy for ERP application I want my ERP application service to be ● Accessed only by finance employees .. ● from well-managed client devices … ● In home country … ● using strong user authentication … ● and proper transport encryption and … ● hardened against application attacks … We did this for Google’s 57,000 employees. Who Manage access to can do what resources on which resource 37 Google Cloud Identity Centrally manage users, devices, and apps from one console 38 Confidential & Proprietary Cloud Identity Single pane of glass Powerful account security wrapped around each user, across devices and applications 40 Google Cloud Identity simple, secure access for any user to any cloud application from any device. User lifecycle management: Create or import user accounts into a cloud-based directory. Provision and deprovision as users join the organization, change roles, and leave. Manage everything from an easy-to-use mobile app. Account security: Protect user accounts with 2-step verification methods like push notifications and one-time passwords (OTPs). Enforce the use of phishing-resistant Security Keys for high-value users and applications. Single sign on: Increase user convenience and security by allowing users to access multiple apps using the same credentials. Hundreds of pre-integrated SAML 2.0 and OpenID Connect apps are supported, in addition to custom apps that use Google as an identity provider. Device management: Manage Android, iOS, Chrome Browser, and other desktop devices from a central console. Enforce screen locks or passcodes, wipe corporate data, view and search for devices, and export details. App management: Build a catalog of pre-approved third-party SaaS apps and enterprise mobile applications that users can access. Ensure visibility and compliance. Reporting and analytics: Monitor your security and compliance posture with reporting and auditing capabilities, including log-ins and third-party app use. Receive alerts for suspicious activity. 41 Cloud Identity Single pane of glass User lifecycle Account Single Cloud management security sign-on Directory Device Reporting App Extensible management and analytics management through APIs Deep and granular reporting and analytics across your ecosystem 42 Proprietary + Confidential Identity: Foundation for Cloud/Digital Workplace ● Power Cloud First Enterprises by Chrome for Edu securely connecting people, & Enterprise applications and devices ● Cloud is changing how people Android securely access applications from Enterprise their devices ● Unlike on-prem, no clear “edge” for assumed trust Cloud Identity ● User + device identity + context Google Cloud Platform = the “New Perimeter” Proprietary + Confidential Google Cloud Security Command Center & Forseti What is the Cloud Security Command Center? Cloud SCC is the canonical security and data risk platform for GCP - unifies, assets, vulnerabilities, threats, detections, policies, IAM, findings, security/risk specific annotations in one place enabling security and data risk insights, prioritization, management, investigations, recommendations and actions. ● Gather and integrate security
Load more

Recommended publications
  • System and Organization Controls (SOC) 3 Report Over the Google Cloud Platform System Relevant to Security, Availability, and Confidentiality
    System and Organization Controls (SOC) 3 Report over the Google Cloud Platform System Relevant to Security, Availability, and Confidentiality For the Period 1 May 2020 to 30 April 2021 Google LLC 1600 Amphitheatre Parkway Mountain View, CA, 94043 650 253-0000 main Google.com Management’s Report of Its Assertions on the Effectiveness of Its Controls Over the Google Cloud Platform System Based on the Trust Services Criteria for Security, Availability, and Confidentiality We, as management of Google LLC ("Google" or "the Company") are responsible for: • Identifying the Google Cloud Platform System (System) and describing the boundaries of the System, which are presented in Attachment A • Identifying our service commitments and system requirements • Identifying the risks that would threaten the achievement of its service commitments and system requirements that are the objectives of our System, which are presented in Attachment B • Identifying, designing, implementing, operating, and monitoring effective controls over the Google Cloud Platform System (System) to mitigate risks that threaten the achievement of the service commitments and system requirements • Selecting the trust services categories that are the basis of our assertion We assert that the controls over the System were effective throughout the period 1 May 2020 to 30 April 2021, to provide reasonable assurance that the service commitments and system requirements were achieved based on the criteria relevant to security, availability, and confidentiality set forth in the AICPA’s
    [Show full text]
  • Google Managed Ssl Certificate Pricing
    Google Managed Ssl Certificate Pricing Mucous Montague never carcases so radiantly or te-heeing any news southward. Alary Philip transhipping patrilineally while Fletcher always cobwebbed his wreckfish seres bifariously, he enswathes so baggily. Quent attitudinised his truce threw connubial, but tachistoscopic Clarence never wived so reversedly. Why they originated from google managed ssl certificate is Try 90-day Trial SSL Certificate before having real capital to test cert's functionality. ZeroSSL Free SSL Certificates and SSL Tools. A user is far behind likely to buy would you school your affect is secure. You require purchase that single site certificate a multiple-domains certificate SAN Looking for. GlobalSign's Managed PKI platform significantly lowers the sale Cost of Ownership for SSL by reducing the man hours needed to manage certificates and. If you must verify that a nice to edit an ai format is most disliked by the site that point to procure, for cost of managed ssl policies do not working. July 201 Google Chrome made it official If their site doesn't have a security certificate. Best Websites to Buy SSL Certificates 7year & up. Step 1 Purchase your SSL certificate from a reputable vendor into your. Data is slightly different prices are authenticated as a different scenarios where i have verified that does, thank you have been confirmed. But when using its pricing should be misleading because i set. Introducing managed SSL for Google App Engine googblogs. Installing an SSL certificate on Google App Engine Hosting. Low pricing a private global network improved performance and features. Analytics tech notes Adobe Analytics for Google Analytics users.
    [Show full text]
  • Google Cloud / Google Maps API Custom Software Solutions for Geospatial Information Needs
    Google Cloud / Google Maps API Custom Software Solutions for Geospatial Information Needs Sanborn is a Service Partner within the Google Cloud Platform Partner Program. Google Cloud Platform is a set of modular cloud-based services that allow you to create anything from simple websites to complex applications. We have a team of Google Qualified Cloud Platform developers fully certified in five disciplines critical for building effective client solutions. Sanborn can provide Google Cloud services and solutions to help clients build and run geospatial applications to store / access data from the same infrastructure that allows Google to return billions of search results in milliseconds. Building business solutions on Google’s cloud platform allows Sanborn to eliminate concerns about future scalability and lack of infrastructure. As a Google Cloud Platform Channel Partner, Sanborn helps clients design, develop and manage new cloud-based solutions. Customers benefit by engaging with Sanborn as a result of our investment in developing the skills needed to build these powerful new solutions on top of Google’s Cloud Platform. Sanborn Google Certified Developers Can Build Client Google Cloud Platform Products Solutions Leveraging: Enable Sanborn Customers to Implement: Google Cloud Storage Google Big Query Google App Engine Google Compute Engine Cloud Storage Solutions: such as high-end backup Google Cloud SQL and recovery, using Google Cloud Storage with Service Level Agreements that include guaranteed monthly uptime that’s greater than 99%. Sanborn Google Cloud Services Include: Cloud App Solutions: such as web-based analysis, Application Services Platform as a service assessment, and visualization apps and websites, using Google App Engine and Google Cloud SQL.
    [Show full text]
  • Google Cloud Security Whitepapers
    1 Google Cloud Security Whitepapers March 2018 Google Cloud Encryption at Rest in Encryption in Transit in Application Layer Infrastructure Security Google Cloud Google Cloud Transport Security Design Overview in Google Cloud 2 Table of Contents Google Cloud Infrastructure Security Design Overview . 3 Encryption at Rest in Google Cloud . 23 Encryption in Transit in Google Cloud . 43 Application Layer Transport Security in Google Cloud . 75 3 A technical whitepaper from Google Cloud 4 Table of Contents Introduction . 7 Secure Low Level Infrastructure . 8 Security of Physical Premises Hardware Design and Provenance Secure Boot Stack and Machine Identity Secure Service Deployment . 9 Service Identity, Integrity, and Isolation Inter-Service Access Management Encryption of Inter-Service Communication Access Management of End User Data Secure Data Storage . 14 Encryption at Rest Deletion of Data Secure Internet Communication . 15 Google Front End Service Denial of Service (DoS) Protection User Authentication Operational Security . 17 Safe Software Development Keeping Employee Devices and Credentials Safe Reducing Insider Risk Intrusion Detection 5 Securing the Google Cloud Platform (GCP) . .. 19 Conclusion . 21 Additional Reading . 22 The content contained herein is correct as of January 2017, and represents the status quo as of the time it was written. Google’s security policies and systems may change going forward, as we continually improve protection for our customers. 6 CIO-level summary • Google has a global scale technical infrastructure designed to provide security through the entire information processing lifecycle at Google. This infrastructure provides secure deployment of services, secure storage of data with end user privacy safeguards, secure communications between services, secure and private communication with customers over the internet, and safe operation by administrators.
    [Show full text]
  • HYCU for Google Cloud Compatibility Matrix
    COMPATIBILITY MATRIX HYCU Data Protection as a Service for Google Cloud Service update date: September 2021 Document release date: September 2021 COMPATIBILITY MATRIX Legal notices Copyright notice © 2021 HYCU. All rights reserved. This document contains proprietary information, which is protected by copyright. No part of this document may be photocopied, reproduced, distributed, transmitted, stored in a retrieval system, modified or translated to another language in any form by any means, without the prior written consent of HYCU. Trademarks HYCU logos, names, trademarks and/or service marks and combinations thereof are the property of HYCU or its affiliates. Other product names are the property of their respective trademark or service mark holders and are hereby acknowledged. GCP™, GKE™, Google Chrome™, Google Cloud™, Google Cloud Platform™, Google Cloud Storage™, and Google Compute Engine™ are trademarks of Google LLC. Kubernetes® is the registered trademark of The Linux Foundation in the United States and/or other countries. Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries. Microsoft®, Microsoft Edge™, and Windows® are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Mozilla and Firefox are trademarks of the Mozilla Foundation in the U.S. and other countries. SAP HANA® is the trademark or registered trademark of SAP SE or its affiliates in Germany and in several other countries. Disclaimer The details and descriptions contained in this document are believed to have been accurate and up to date at the time the document was written. The information contained in this document is subject to change without notice.
    [Show full text]
  • SAP の本番環境に Google Cloud Platform を 選ぶ理由
    SAP の本番環境に Google Cloud Platformを 選ぶ理由 Google Cloud Japan SAP スペシャリスト 井上 和英(Kazuhide Inoue) Confidential & Proprietary Proprietary + Confidential 井上 和英 自己紹介 Kazuhide Inoue カスタマーエンジニア SAP Specialist Google Cloud Japan [email protected] < 略歴 > ● GCP で IM Specialist(SAP)を担当 ● パブリックク ラウドベンダーで SAP 担当を歴任 https://twitter.com/inkz1101 ● SAP Japan で テクノロジー コンサルタントとして導入 PJ 参画 ● SIer で業務系システムの開発プロジェクトに参画 https://www.facebook.com/kazuhide.inoue.129 ● https://www.linkedin.com/in/kazuhide-inoue-4a198574/ < 趣味 > ● ロードバイク ● 音楽 Proprietary + Confidential 本セッションでお伝えしたいこと SAP 本番環境に求められる要件と Google Cloud での対応 | 次のステップに向けて Proprietary + Confidential SAP 本番環境に 求められる要件と Google Cloud で の対応 01 + SAP 本番環境に求められる要件 東阪にサイトを設けたい。 拡張性 グローバル事業なので、海外からの利用も・・・。 とりあえず S/4HANA を試したい。 インフラのメンテナンスやパッチ適用に引きづられたくな 安定性 い。 5 年後の利用状況がわからない・・・。 柔軟性 容量に縛られないインフラが欲しい。 SAP インフラのコストは最小限に押さえたい。 コスト効率性 時期性のあるインフラ利用に対応したい。 Proprietary + Confidential Google Cloud のインフラについて Google Cloud Current region Future region Edge point Network Platform with 3 zones with 3 zones of presence Regions, PoPs, and network GCP 大阪 GCP 東京 a a Finland Netherlands b c b c Warsaw London Frankfurt Montréal Belgium Oregon Iowa* Zurich Salt Lake City N. Virginia Seoul Las Vegas Tokyo Los Angeles S. Carolina Osaka Taiwan Hong Kong Mumbai Singapore Jakarta São Paulo Sydney Google Cloud Current region Future region Edge point Platform with 3 zones with 3 zones of presence Regions and PoPs *Exception: region has 4 zones. Google Compute Engine(GCE)について ● 仮想マシン(VM)のサービス ● CPU やメモリなどのリソースを柔軟に変更 可能 ● ライブ マイグレーションを標準実装。
    [Show full text]
  • Understanding Alphabet and Google, 2017
    This research note is restricted to the personal use of [email protected]. Understanding Alphabet and Google, 2017 Published: 24 February 2017 ID: G00297707 Analyst(s): Tom Austin, David Mitchell Smith, Yefim V. Natis, Isabelle Durand, Ray Valdes, Bettina Tratz-Ryan, Roberta Cozza, Daniel O'Connell, Lydia Leong, Jeffrey Mann, Andrew Frank, Brian Blau, Chris Silva, Mark Hung, Adam Woodyer, Matthew W. Cain, Steve Riley, Martin Reynolds, Whit Andrews, Alexander Linden, David Yockelson, Joe Mariano Google's size, market differentiation, rapid pace of innovation and ambitions can complicate fully understanding the vendor and its fit to current digital business needs. CIOs and IT leaders can use this report to explore in detail selected topics from the Gartner Vendor Rating. Key Findings ■ Two outcomes are apparent more than a year after the creation of the Alphabet-Google structure: Google is beginning to show increased momentum and has made significant investments in its enterprise offerings (most of its 2016 acquisitions were focused on this); and it is applying more discipline in Alphabet's "Other Bets." ■ Google is flourishing despite challenging external market factors: adverse publicity, competitors, government regulators and law enforcement. ■ Google values data, encourages bold investments in long-term horizons, pivots plans based on results in near real time, and reveres user-oriented engineering excellence. ■ Google is fully committed to 100% cloud-based and web-scale infrastructure, massive scaling, the maximum rate of change, and stream-lined business processes for itself and its customers. Recommendations CIOs and IT leaders managing vendor risk and performance should: ■ Plan for a long-term strategic relationship with Google based on an assumption that "what you see is what you get." Major vendor changes to core culture and fundamental operating principles in response to customer requests usually come slowly, if at all.
    [Show full text]
  • Google Cloud Platform: Healthcare Solutions Playbook
    Google Cloud Platform: Healthcare Solutions Playbook Cloud training, tools, and reference architectures for researchers - Prepared for the National Institutes of Health (NIH) STRIDES. Author(s):​ Adrienne Wilkins, Trenton Leslie Title:​ Technical Account Manager (TAM), Intern PROFESSIONAL SERVICES Contents Introduction 2 Learning 2 Data Management Solutions 4 Reference Architectures 5 Genomics and Secondary Analysis 5 Patient Monitoring 9 Variant Analysis 11 Healthcare API for Machine Learning and Analytics 14 Radiological Image Extraction 18 Appendix 21 Page 1 PROFESSIONAL SERVICES Introduction The National Institutes of Health (NIH) established The Science and Technology Research Infrastructure for Discovery, Experimentation, and Sustainability (STRIDES) initiative to provide biomedical researchers with access to advanced, cost-effective, cloud-based computational infrastructure, tools, and services. Through STRIDES, researchers can take advantage of emerging data management methodologies, technological expertise, computational platforms, and tools to support cutting-edge experimentation and innovation. NIH has partnered with Google Cloud to support the STRIDES initiative through cloud services. In support of STRIDES, we’ve developed sets of playbooks to help enable researchers to build healthcare and life sciences solutions on Google Cloud Platform (GCP). The goal of this playbook it to aid researchers in developing healthcare systems and workflows on GCP. This playbook will provide GCP architecture and solutions examples for implementing
    [Show full text]
  • Windows 10 Vs Google Chrome OS and Android Security Whitepaper
    Security: Windows 10 versus Chrome OS and Android 8 Security Feature and Functionality Comparison April 2018 THE DEVELOPMENT OF THIS WHITE PAPER WAS SPONSORED BY MICROSOFT. THE UNDERLYING RESEARCH AND ANALYSIS WERE EXECUTED INDEPENDENTLY BY PIQUE SOLUTIONS. 795 Folsom Street, 1st Floor | San Francisco, CA 94107 | Tel.: 415.685.3392 | www.piquesolutions.com Contents Executive Summary ..................................................................................................... 3 Introduction to Security ................................................................................................. 4 Assessment Methodology ............................................................................................ 7 Key Findings ................................................................................................................ 9 Feature and Functionality Comparison ....................................................................... 11 Identity and Authorization ..................................................................................................... 11 Authentication ....................................................................................................................... 11 Biometric Support .................................................................................................................. 12 Information Protection .......................................................................................................... 12 Protected Storage—DAR .......................................................................................................
    [Show full text]
  • Microsoft Licensing Guide for Google Cloud Platform (Gcp)
    MICROSOFT LICENSING GUIDE FOR GOOGLE CLOUD PLATFORM (GCP) This licensing guide is prepared and owned by SoftwareONE, and sponsored by Google. This licensing guide is provided for information purposes only. Please be aware that any licensing, or product information could be subject to change. This document is not intended to replace the Product Terms or other binding contractual documents. The customer is responsible for all reporting and license compliance obligations under their volume licensing agreement(s). Published: May 2020 © SoftwareONE. All Rights Reserved [2nd Edition] DISCLAIMER This document has been prepared by SoftwareONE and is sponsored by Google. This publication contains proprietary information that is protected by copyright. SoftwareONE reserves all rights thereto. SoftwareONE or Google shall not be liable for possible errors in this document. Liability for damages directly and indirectly associated with the supply or use of this document is excluded as far as legally permissible. This report must not be copied, reproduced, passed to third parties or used for engineering purposes without the express permission of SoftwareONE. ● This document is not intended to replace the Product Terms. ● This document is not intended to replace the Product Use Rights or Product List or Online Service Terms or other binding contractual documents. ● Please be aware that any licensing, or product information could be subject to change. ● All content confers no rights and is provided for information purposes only. ● Please be aware, my own emphasis may have been added to quotations and extracts from 3rd party sources. ● Information provided is not official guidance from Microsoft or its subsidiaries. ● All content is provided “as-is”.
    [Show full text]
  • Google Compute Engine – Computation in the Cloud
    Google Compute Engine – computation in the cloud Google Compute Engine lets you run large-scale computing workloads on the same infrastructure that runs Google Search, Gmail and Ads. You can launch virtual machines on-demand, manage network connectivity using a simple but ȵH[LEOHQHWZRUNLQJVROXWLRQDQGDFFHVVDYDULHW\RIGDWDVWRUDJHDOWHUQDWLYHV from your virtual machines. Google Compute Engine is in limited preview; please visit cloud.google.com to learn how to sign up. Google Compute Engine provides the following features: Google Compute Engine ȏ Full Virtual Machines Kernel-hosted virtual machines running either Ubuntu or CentOs. Launch 1, 2, 4, or 8 virtual core instances with 3.75GB of memory For more information, visit per virtual core. http://cloud.google.com/compute ȏ Flexible Storage*RRJOH&RPSXWH(QJLQHR΍HUVWKUHHGL΍HUHQWVWRUDJH options to meet your varying needs: ° Ephemeral disk A simple block device that is bound to the lifecycle of the virtual machine (VM). When you stop the VM, the data is lost. All data written to this device is encrypted to maintain strong data privacy. “ Until now, we haven’t had a way to work with ELJGDWDVHWVDVH΍HFWLYHO\DVZLWK*RRJOH ° Persistent disk A replicated, network-connected storage service that is Compute Engine. Having a tool that lets comparable to the latency and performance of local disks. Data written to UHVHDUFKHUVJHWDQVZHUVIDVWZLOOKDYHD this device is replicated to multiple physical disks in a Google data center. PDMRULPSDFWRQRXUZRUNȋ You can also create snapshots of your disks for backup/restore purposes, ȃ,O\D6KPXOHYLFKDVVRFLDWHSURIHVVRU DWWKH,QVWLWXWHIRU6\VWHPV%LRORJ\DQGD and can mount these devices in a mode that allows multiple virtual OHDGLQYHVWLJDWRUIRU7KH&DQFHU*HQRPH machines to read from a single device.
    [Show full text]
  • This Tutorial Describes How to Use Google Compute Engine's HTTP(S
    1/25/2020 Cross-Region Load Balancing using Microsoft IIS Backends This tutorial describes how to use Google Compute Engine's HTTP(S) load balancer service (/load-balancing/docs/https/) to distribute trac to Microsoft Internet Information Services (IIS) web servers (https://www.iis.net/) across different Compute Engine regions (/compute/docs/zones). You need to load balance trac for the site www.example.com. You want to ensure that incoming requests are routed to the closest region; however, you also want to ensure that in the event of a failure, or of instances in a region reaching capacity, the requests can fail over to a healthy instance in the next closest region. When you nish conguring this scenario, you will have an HTTP(S) load balancer that takes requests through a single global IP address. This IP address will be able to route each incoming request by connection type—that is, HTTP or HTTPS. For HTTPS requests, the load balancer will implement SSL/TLS encryption between the client sending the request and the load balancer. The following diagram illustrates the load balancer architecture: (/load-balancing/images/http-load-balancer-iis.svg) Cross-region load balancing diagram (click to enlarge) https://cloud.google.com/load-balancing/docs/tutorials/http-load-balancing-iis/ 1/13 1/25/2020 Cross-Region Load Balancing using Microsoft IIS Backends Note that the load balancer comprises several components for maximum congurability. For a description of what each component does, see the HTTP(S) Load Balancing overview (/load-balancing/docs/https/). tant: This tutorial uses several billable components, including: Compute Engine virtual machine instances Compute Engine persistent disks Windows Server 2012 machine images ost of running this tutorial will vary depending on run time, number of instances, disk size, and machine type.
    [Show full text]