Computing Services
Compute Engine Live Migration
- Live migration keeps instances running even when a host system events occurs, such as a software or hardware update. Compute Engine live migrates your running instances to another host in the same zone rather than requiring your VMs to be rebooted and without interrupting any of your VMs. In addition, Reginal persistent disks are synchronously replicated across two zones in a region.
Set up a fault-tolerant MS Active Directory
- Setup 2 Compute Engine Windows VMs and install Primary and Secondary AD DC
- Use Cloud Identity federated with Azure Active Directory
- Use Cloud Identity federated with on-premise Active Directory
- Use the new Managed Service for Microsoft Active Directory
Cloud Tasks
An asynchronous task execution service that encodes and executes Tasks using Queues. It enables serverless execution for Systems operating in App Engine standard or flexible environments. With this service, it is possible to offload long-running and background activities, decouple services from one another and make your applications much more resilient to failures.
Cloud Functions
The 'retry on failure' option is aimed to automatically retry a background function until it completes successfully.
Cloud DLP (Data Loss Prevention)
Can identify where sensitive data is stored. then use tools to redact those sensitive identifiers. Uses more that 90 predefined detectors to identify patterns formats, and checksums, and de-identification techniques like masking. secure hashing, and tokenization to redact sensitive data, all without replicating customer data.
Kubernetes
- Can fit more containers/pods in the same VM
- You may create automation with Cloud Build such as when you commit your source.
- Container-native load balancing is more performance that Instance Group Load Balancing
- ISTIO provides a services abstraction for Pods, Jobs and VM-based applications. In a hybrid topology, it standardizes networking across environments. centralizes API management and decouples JWT validation from your code and creates a secure, zero-trust network across cloud providers.
- min_idle_instances property will allow you to set the number of idle instances that will be available for burst traffic in app.yaml.
Networking
VPC
Each new project starts with a default network. The default network is a global auto mode network with
- pre-populated firewall rules
- subnets, automatically created in each region
- predefined IP ranges of the subnets that do not overlap with IP ranges you would use for different purposes.
Shared VPC
Allows to configure and centrally manage one or move virtual networks across multiple projects in your Organization.
Cloud VPN Gateways
VPN Gateways are bound to a single region. a cross region VPN need two VPN Gateways.
Storage Services
Cloud Storage
- A
.botoconfiguration file is for supplying a customer-managed key to upload files using gsutil. - Object cannot be updated or appended. Objects are immutable, you cannot make incremental changes to objects. such as append operations or truncate operations. You may overwrite objects. so incremental updates can be achieved by rewriting an object with the desired updates.
- Clusting Partitioned Tables with Product Type and Sale Region you will gain in speed and spare money.
- the rules of thumb when deciding whether to use gsutil or Stroage Transfer Service
- when transferring data from an on-premises location, use gsutil
- when transferring data from another cloud storage provider, use Storage Transfer Service
Cloud Data Transfer Service
Useful for uploading large amounts of data.
Disk
Increase disk size take significant effect on IO performance than original configuration and higher memory configuration.
Logging
Stackdriver Profiler
A statistical, low-overhead profiler that continuously gathers CPU usage and memory-allocation information from your production applications. So, it meets our requirement because it helps to identify the parts of the application consuming the most resources and the performance characteristics of the code.