July 2022

Saturday, July 30, 2022

Google Cloud - Q&A

What is critical outcome of API Management? - Measuring and tracking business performance.
Who provides highest level of security? Titan Security Keys
4 key benefits to manage cloud costs? Visibility, Accountability, Control and Intelligent recommendations.
What is Chronicle? Its is a service built on top of Google Cloud Infrastructure, to ingest data (logs etc) and scan for threats.
Types of support? Basic, Standard, Enhanced and Premium.
What is

DataProc - Hadoop/Spark
DataFlow - Streaming Data
DataPrep - wrangle data based on tabular/interactive or visual structure
DataPlex - Unified Data Management

Three components of Google Clouds defence-in-depth data security design? Sharding, encryption key, key encryption key
What is

Cloud Profiler - Analyze application performance (CPU)
Cloud Debugger - Monitor Performance
Cloud trace - Optimize code
Cloud Monitoring - monitor the performance of the entire cloud infra.
Cloud Vision API - identify images/text etc in a document

What is BYOIP? - Bring your own IP.
Build a new application on cloud while keeping old application On-Premise. What is this pattern called? - Invent in Brownfield. [Greenfield implies something completely new]
Minimize payment for traffic from Google cloud to Internet? use Cloud VPN.
Your org uses Active Directory to authenticate users. Google account access must be removed when their AD account is terminated. ---- Use single sign on in the Google domain
Migrating on Premise to Google Cloud. Functions owned by the cloud provider? - Infra arch and Hardware Maintenance
Which product provides consistent platform for multi-cloud application deployments and extends other Google Cloud services to your environment? - Anthos
Your organization needs to restrict access to a Cloud Storage bucket. Only employees who are based in Canada should be allowed to view the contents.What is the most effective and efficient way to satisfy this requirement? - Configure Armor to allow access to only IP from Canada
Google Cloud managed solutions to automate your build, testing, and deployment process? - Cloud Build
Google Cloud to privately and securely access your large volume of on-premises data, and you also want to minimize latency? - Google Edge network
2 hour SLA - Enhanced support model
Plug-and-play AI components which can easily build ML services -AI Hub
Recommendations AI delivers highly personalized product recommendations at scale.
Document AI uses AI to unlock insights from documents.
Cloud Talent Solution uses AI with job search and talent acquisition capabilities.
Preview, Early Access, Alpha, and Beta do not have any SLA commitments.
Which of the following NIST Cloud characteristics uses the business model of shared resources in a cloud environment? - Multi-Tenancy
What are the network requirements for Private Google Access?

Because Private Google Access is enabled on a per-subnet basis, you must use a VPC network. Legacy networks are not supported because they don't support subnets.
- Private Google Access does not automatically enable any API. You must separately enable the Google APIs you need to use via the APIs & services page in the Google Cloud Console.
If you use the private.googleapis.com or the restricted.googleapis.com domain names, you'll need to create DNS records to direct traffic to the IP addresses associated with those domains.
Your network must have appropriate routes for the destination IP ranges used by Google APIs and services. These routes must use the default internet gateway next hop. If you use the private.googleapis.com or the restricted.googleapis.com domain names, you only need one route (per domain). Otherwise, you'll need to create multiple routes.
Egress firewalls must permit traffic to the IP address ranges used by Google APIs and services. The implied allow egress firewall rule satisfies this requirement. For other ways to meet the firewall requirement.

manage a bunch of API keys for external services that are accessed by different applications, which are used by a few teams - Store the information in Secret Manager is a secure and convenient storage system for API keys, passwords, certificates, and other sensitive data. Secret Manager provides a central place and single source of truth to manage access, and audit secrets across Google Cloud.
Which Google Cloud product gives you a consistent platform for multi-cloud application deployments and extends other Google Cloud services to your environment? - Anthos
Bigtable is the best suited for time series data. It also has high read-write throughput and ability to scale globally.
VM instances that only have internal IP addresses (no external IP addresses) can use Private Google Access. They can reach the external IP addresses of Google APIs and services.
Google offers Firebase, In terms of Firebase Console, any particular message that has to be delivered to a customer at a certain degree of change in behavior can be managed through _________________ >> notification composer
Google Clouds WebApp and API Protection (WAAP) protects the application from BOTS.
You are working with a user to set up an application in a new VPC behind a firewall and it is noticed that the user is concerned about data egress. Therefore, to provide assistance you want to configure the fewest open egress ports >>> Setup a low priority rule (65534) that blocks all egress. Create a high priority rule (1000) that allows only specific port.
Container Registry is only multi-regional but Artifact Registry supports multi regional or regional repositories

Thursday, July 28, 2022

Google Cloud - Costs

One of the most important factor to decide on moving to cloud is Cost savings apart from the flexibility provided by Cloud.

How are costs broken down in Google Cloud?

Fixed Price Models and Consumption based Models.

Consumption based Models implies billing for the resources being used/consumed.

e.g. Cloud storage Billed for the amount of storage

Fixed Price Models implies billing fixed irrespective of the usage.

e.g. VM Instance, GKE Cluster (till you delete)

Costs are based on:

Data transfer (ingress and egress)

Ingress is mostly free
Egress to same zone with Google cloud using internal IP is free
Egress from one region to another region in Google Cloud is not free

Capacity (memory/CPU etc)
Invocations
Time (VM running)
Region wise price difference

Billing account gives you an overview of the total costs (forecasted as well).

On the left hand side menu, you will see multiple options

Reports will give you reports (as expected) and trends per project or services (timeline as well).

Cost Table More details and can download an invoice for a specific month.

Cost Breakdown gives details of the base usage cost and adjustments, credits and taxes.

Commitment is the summary of the committed use discounts by commitment type.

e.g put a commitment of a VM for 3 months etc.

Budget and alerts helps you to avoid surprises by creating a budget and an alert mechanism when the costs are going over board than the set budget (alert levels 50%, 90% or 100% via email or message).

Tuesday, July 26, 2022

Google Cloud - Miscellaneous - Part 3

Building apps for Android/iOS?

Use FireBase

Google Cloud mobile platform
Server less
Backend DB is Firestore (No SQL DB)
Authentication
Monitoring
Check out firebase.google.com

Container Registry and Artifact Registry

To store docker images
Container Registry uses Google Cloud Storage buckets to store images

Cannot store jar/zip etc. Only container images only similar to Docker Hub

Artifact Registry is an evolution of Container Registry

Can store jar, zip, container images etc
Create repositories for different formats like docker, npm, python etc
Does not store in Google Cloud Storage buckets but in repositories
Repositories can be multi-region
Automatically encrypted

Security related services?

KMS

Key management service
Create and manage cryptographic keys
For encrypting and decrypting data

Secret Manager

To manage DB passwords
Manage API Keys

Cloud Data Loss Prevention

Mask data like credit card numbers, passwords, credentials
Provides API

Cloud Armor

SQL Injection prevention
DDos Attack prevention
Cross site scripting (XSS) prevention

Web Security Scanner

Identifies vulnerability by running security tests

Binary Authorization

Ensures only trusted containers are deployed

Container Threat Detection

Checks for threats at runtime to containers

Cloud DLP

Find sensitive data in your cloud storage buckets

Google Cloud - Machine Learning (ML) intro

Pre Built models are provided in Google Cloud as APIs.

Speech to Text API
Text to Speech API
Translation API
Natural Language API - Derive insights from unstructured texts
Image based insights - Cloud vision API (Detect faces/objects etc)

Custom Models

AutoML

Build custom models easily
AutoML Vision (Images)
AutoML Video (Streaming data)
AutoML tables (Model from tables)

Vertex AI

Build and Deploy (MLOps)

Tensor Processing Units (TPUs) for running faster ML workloads

Google Cloud - Miscellaneous (Part 2) - BigData related

Cloud DataProc:

Managed Spark and Hadoop service used for batch processing for AI or ML.
Spark, HIVE, Hadoop, Pig etc are all supported
Uses VMs
Multi cluster mode where we can have multiple masters (upto 3)
For simple data pipelines without clusters one can use DataFlow.

Server less hence no clusters management

For ETL (Extract/Transform/Load) we can use

Data Prep for simple clean and load (intelligent service)
Data Flow - Little more complex pipelines
Data Proc - For very complex processing

To visualize data in BigQuery - use data studio or Looker
Visualize your data pipelines - Cloud Data Fusion

For Streaming data?

Cloud Pub/Sub > Data Flow > BigQuery or BigTable

For IOT?

Cloud IOT Core > Cloud Pub/Sub > Data Flow > BigQuery or BigTable or Data Store

For Complex Big Data solutions (Data Lake)?

Data Ingestion

Cloud Pub/Sub + Data Flow

Processing and Analytics

BigQuery (SQL) or Data Proc (Hadoop cluster)

Data Mining

Data Prep

REST API Management

APIGEE

API Management Platform
For Cloud/On-Premise or Hybrid
Provides Cloud Endpoints as well

API Gateway

Simpler than APIGEE and newer
Relatively simple to setup than APIGEE

Tuesday, July 19, 2022

Google Cloud - Miscellaneous

Just categorizing some miscellaneous stuff under one post.

BILLING ACCOUNT:

Billing account contains the payment details.
Every project is associated to one billing account.
A billing account can have multiple projects.
An organization can have multiple billing accounts.

Types of Billing accounts:

Self Served - Billed directly to credit card or Bank account
Invoiced - Invoice generated

Hierarchy:

Please don't get confused with projects and organization etc mentioned above.

The Hierarchy in Google Cloud is

Organization > Folder > Projects

Recommended to create different projects per environment (one for Dev and one for Prod)
Recommended to create different Folder for different departments in an organization

Budget and Alerts

We looked at creating a billing service.
How do we get alerts to avoid surprises?

Setup a Billing Account Budget

Configure Alerts (set up thresholds - 50% 90% and 100%)
Emails are sent to admins

Export the data to BigQuery or Cloud Storage

Types of Cloud Configurations:

Public

Hosted in cloud
No CAPEX, pay as per needs/usage
Upgrades/installations owned by Google
Shared with multiple enterprises (tenants)

Private

Host in your data center
High CAPEX
Quick scale is an issue (unless bought and kept leading to low utilization)
Upgrades to infrastructure leads to more CAPEX
Advantage

Complete control
High level of security

Hybrid

Mix of public and private cloud
On Premise application interacting with DB or another application on the cloud
Cloud VPN

Use Cloud VPN to connect on premise network to GCP.
Uses IPSec VPN Tunnel
Traffic goes through Internet (public) and hence encryption is needed

Encryption using IEX (Internet Exchange) protocol.

Two Types of Cloud VPN:

HA VPN

High availability
99.99% service availability
Two external IPs
Static routing not supported. Only dynamic routing.

Classic VPN

Static and dynamic routing supported
One external IP
99.99% service availability

Suitable for low Bandwidth needs.

Cloud interconnect

High Speed
Physical connection between On premise and GCP
High availability
High Throughput
Types

Dedicated Interconnect

10 Gbps or 100 Gbps.

Partner Interconnect

50 Mbps to 10 Gbps

Traffic goes through a private network.

DIRECT PEERING

Using network peering, connect to google network.
This is NOT a GCP service and hence NOT RECOMMENDED.

Some things to remember:

Cloud Data Flow:

Provides unified streaming and batch data processing thats server less, fast and cost effective.
Helps to create a streaming pipeline

e.g. storage > database (using data flow batch data load)

Based on an open source framework called "Apache Beam"
Server less
Auto scales

For a CI/CD pipeline

Store code in a private github called "Cloud source repositories"
Store Docker images in "Container Registry"
Jenkins for CI
Cloud Build to build jars/docker images etc
Spinnaker is a multi cloud continuous delivery.

Cloud Monitoring for alerts and metrics
Cloud Debugger for real time debugging
Cloud Logging is for centralized logging
Error Reporting provides real time exception monitoring
Cloud Deployment Manager is Infrastructure as Code service
Cloud Audit Logs for Audit Logging
To trace requests across various micro services, use Cloud Trace.

After tracing if we want to run profiler on a specific micro service to debug slowness etc we can use Cloud Profiler.

What is Pub/Sub?

Pub/Sub stands for Publisher and Subscriber.
Imagine service A calls service B which does some action
e.g Service A calls a logging service B which inserts logs into a DB
Direct calls to service B could be an issue if load is high or service B fails
Use a pub/sub

Service A inserts requests into a topic
Service A is the publisher
Service B picks from Topic
Service B is subscriber
No impact if Service B goes down
Scale service B if too many requests into a Topic
No loss of requests if service B goes down (can pick up when up)

Pub/Sub is

Fully managed asynchronous service
Helps to make applications highly available and scalable
Low cost (pay per use) - # of messages
Both push and pull message deliveries is supported
Creating a topic is a pre-requisite.
Make requests to pubsub.googleapis.com
Subscribers to provide a web hook endpoint if push notifications needed

Google Cloud - Identity and Access Management

Google Cloud - Identity and Access Management (IAM)

We have resources in the cloud

VMs
Databases

These resources are accessed by

Applications
Services
People logging in via console
These are known as identities

IAM allows

Identities access to resources
Configure actions permission (e.g. start a VM, delete a VM etc)

There are two main parts

Authentication

Is this the right user/identity

Authorization

Does this user/identity have correct access to a resource and
Does this user/identity have the correct access to perform an action on a resource.

In Google Cloud IAM, we create

ROLES which are a set of permissions

Basic/Primitive role - Permissions like owner, editor, viewer

Owner - Able to edit, manage roles/permissions and billing
Editor - View and Edit
Viewer - Read only view
NOT RECOMMENDED for production.

PreDefined Roles

Pre defined and managed by Google Cloud
Different roles for different purposes
Storage Object Admin, Storage Object Viewer etc

CUSTOM ROLES

Ability to create custom roles

POLICY to bind the role to a member/user

What if we want to an application to access cloud storage?

SERVICE ACCOUNTS

We can create service accounts which can be used by applications
These accounts do not have any password but have a public/private RSA key
Can't use them to login via browsers
Types of Service accounts?

Default

Created by default when a service is created.
Editor role by default
Not recommended since it has Editor role by default.

User Managed

Create your own service account
Grant it access via Role

Google Managed

These are Google's internal accounts.

Let's talk a bit about best practices.

For IAM Roles, look at the principle of least privileges, implies give the least possible privilege for a role.

e.g do not give admin access where only edit+view is sufficient. Similarly, give only view access if that suffices the role.

Don't use a common service account between different applications. Create separate service accounts with different roles assigned.

Monday, July 18, 2022

Databases in Google Cloud

We all know about different types of Databases. Just highlighting them to start off the topic.

Relational DB:

Fixed table schema and relations (primary and foreign key)
Strong transactional capability

Update all table data in one transaction and commit
Failure of one, implies rollback in all.

Since its strong in transactions, Relational DB is preferred for OLTP (Online transaction processing) systems like banking.

Lots of transactions (large number of users and small transactions per user)

Data is stored in row storage
In Google Cloud we have

Cloud SQL

Supports MySQL, SQL server and PostgreSQL
Regional Database
Multi zone for High availability
Can't create Global Cloud SQL DB
Data upto a few TB
Fully managed (replication, patch management, DB management etc)
Public IP provided to connect to the DB
Cloud shell option also provided in console (gcloud sql command)

Enable Cloud SQL Admin API as a pre-requisite

Cloud Spanner

Unlimited scale
Horizontal scaling
High availability
Global applications (Globally consistent)
Fully managed
Multi region
Option to add compute capacity when being configured

1 node = 1000 processing units
Compute cost is the hourly cost charge for nodes or processing units.
Storage cost is separate and billed per GB per month
Min 100 processing units or 1 node

Can be used for Analytics as well (OLAP - Online Analytics Processing)

Used to analyze huge amount of data
Reporting, data warehouse
Uses columnar storage (not row) [High compression]

Since data is stored via columns, it can be distributed
Queries can run over multiple nodes (efficient execution for complex queries)

GCP Managed service is BigQuery

NO SQL DB: (Not only SQL)

Flexible schema
Scales horizontally
Highly scalable
High performance
GCP managed No SQL service:

Cloud Firestore (Data store)

Serverless
Document DB
Can run SQL like queries
Used for high transactions
Mobile and web applications
Small to medium DB (few TB)

BigTable

Scalable
Wide column DB
Not serverless
Data size > 10TB
Does not support multi row transaction. Supports only single row.

Not to be used for transactional applications

In Memory Database

Faster to retrieve data since data is not on the disk
Low latency (microseconds)
Persistent data stored in memory
Use for caching or session management
GCP service is Managed Store

Sunday, July 17, 2022

Google Cloud - Storage

Let's talk a bit about storage in GCP.

Hard disks for VMs is persistent and is block storage. In GCP we call is persistent storage. (block storage)

As mentioned, this is similar to a hard drive of a computer.
Only one block storage per VM. A block storage will map to one VM
However, one VM can have different block storages.
To avoid confusion on the above statements, look at the picture below

Direct Attached storage is like a hard disk and Storage Area Network is like a pool of storage devices connected via a high speed network.
GCP provides two options

Persistent Disks

Connected to a block storage via high speed network.
Zonal - Data replicated in one zone
Regional - Data replicated in multiple zones
Logical to use Regional option for durability.
By default a 10GB boot disk (persistent) is attached to a VM when we create a VM.

Local SSDs

Local block storage.
Faster
High performance

File store is for file storage and sharing between multiple VMs.

Pretty logical, use file storages to store and share files across VMs.

Cloud storage in GCP is the object storage.

Create a container (bucket in GCP) to store objects (use console)

Bucket name has to be unique (globally)
Location type

Region (low latency)
Dual region (2 regions) [High availability and low latency across 2 regions]
Multi region (multiple regions) [High availability]

Storage class

Standard

Short term
Frequently accessed

Near line

Backups
Data accessed less than one time a month
Min storage duration is 1 month (30 days)

Cold line

Disaster recovery
Data accessed less than once a quarter
Min storage duration is 90 days

Archive

Long term data preservation (backup)
Data accessed less than once a year
Min storage duration is 365 days.

Inexpensive
Auto scales (as you add storage)
Stored as key-value pair
Access control at object level
REST API available to access and modify stored objects
Command line also available (gsutil command)

Now logically one can store any type of data in the object storage.

But some of these can be less frequently accessed (e.g backup files)
Object storage helps to optimize costs based on access needs.

I have data on premise. How do I transfer to Google cloud?

Options:

Online transfer:

Transfer to Google cloud storage via APIs or CLI (gsutil) [< 1TB]
Good for smaller sized transfer (not for peta byte sized data)

Storage Transfer:

Peta byte sized data
Setup a recurring repeating schedule
Can be an incremental transfer as well.
Fault tolerant - starts from where it failed.
Use when

> 1TB of data
Transferring from different cloud

Transfer Appliance is physical data transfer.

Size > 20TB
Request an appliance.
Upload data to the appliance (e.g USB type appliance)
Ship the appliance
Google uploads to storage.
Data is encrypted in the appliance
Two appliance devices

TA40 (for upto 40 TB)
TA300 (for upto 300 TB)

Monday, July 11, 2022

Google Cloud Platform - Compute Services

Google App Engine (GAE):

A managed service provided by GCP. Easiest way to deploy your application.

GAE helps in auto scaling, load balancing as well as health check monitoring.

In simplest terms, GAE provided end to end application management.

A very important feature provided by GAE is traffic management (splitting) between different application versions.

Please don't be confused between GAE and Compute Engine. GAE comes under PaaS and Compute Engine under IaaS. Have a look at the diagram below (taken from google cloud via Internet) which depicts the responsibility of the owner from IaaS, PaaS and SaaS.

With Compute Engine, being IaaS, one has more flexibility but comes with more responsibility.

In GAE, being PaaS, there is less responsibility but less flexibility. It's Server-less.

Google Kubernetes Engine (GKE)

GKE is a very popular open source container orchestration tool. Its a managed service offered by GCP.

Provides cluster management for the VMs that one wants to deploy.
All these VMs can be of different types.
GKE provides all of the below

Auto scaling
Health check and self heal (replace)

Auto repair and auto upgrade

Load balance
Support for SSD disks (local)
Support for persistent disks
Zero downtime deployments
Cloud Logging
Cloud Monitoring

Uses container optimized OS (from Google)

Steps:

Create a new project (optional) or use an existing project
Connect to the project using Cloud shell [gcloud config set project <Project ID>]
In the console, go to "Kubernetes Engine" and enable the APIs.
In the console, go to "Kubernetes Engine" and create "Kubernetes cluster"

Cluster options

Standard - User takes ownership of the cluster
Auto Pilot - As the name suggests, GKE will take ownership of the cluster.

Alternatively use cloud shell to create cluster [gcloud container clusters create]

Connect to the cluster using Cloud shell [gcloud container clusters get-credentials <clustername> --zone <selected zone> --project <project ID>

Get the above command from the cluster console

Deploy microservice

kubectl create deployment <deployment name> --image <image name>
kubectl get deployment (to see deployment details)
To access this deployment, expose it externally

kubectl expose deployment <deployment name> --type=LoadBalancer --port=<port#>
Kubernetes service gets created from the above command
To view the service

kubectl get services
You can see the cluster IP, External IP, Type and Name

Once you have the external ID, you can connect to it

curl IP_address:port#
Use the above IP to access via browser with the micro service name

Scaling the deployment

While connected to the cloud shell and the cluster

kubectl scale deployment <deployment name> --replicas=n
As mentioned in 6.2, use kubectl get deployment to get details and see if it's scaled.
These instances are called as "pod"

kubectl get pods to see details

If we need to scale to a higher value, we need to first scale up the # of nodes in the cluster

gcloud container clusters resize <cluster name> --node-pool <node pool name> --num-nodes=x --zone=<zone name>

Get the node pool name from the console (go to cluster and node)
Get the zone name from the console (go to cluster)

The same applies when we want to reduce the # of nodes

But why not auto-scale?

kubectl autoscale deployment <deployment name> --max=mx_n --cpu-percent=X
To see this, we need to find if the pods were autoscaled horizontally

kubectl get hpa

But shouldn't we auto scale cluster as well?

gcloud container clusters update <cluster name> --enable-autoscaling --min-nodes=min_x --max-nodes=max_x

All good? Lets also learn how to delele?

Delete microservice? kubectl delete service <microservice-name>
Delete deployment? kubectl delete deployment <deployment name>
Delete cluster? gcloud containers clusters delete <cluster name> --zone <zone name>

But, I have a container to deploy? Is that possible?

Yes, of course. Use Google Cloud Run (GCR)

Google Cloud Run is "Container to production in seconds"

Pre-req: A container image or a repository from where new versions of containers can be picked.

We get options to choose from:

Charge for CPU usage only when a request is processed (invocation)
Charge for entire lifecycle of the container instance

Auto scaling configuration option is provided.
Authentication option is also provided

GCR is built on top of KNative.

It's a server less platform for applications based on containers (No Infra management).

Monday, July 4, 2022

Google Cloud - Basics + Introduction to Compute Engine

Let's start from the basics.

Why should one move to the cloud?

The answer is simple:

Low Latency
High Availability
Go Global in minutes

What does the above imply?

If you application is deployed on a server, it has high latency (if accessed from all over the world) and has low availability (if there is a crash).

Cloud provides an option for users to deploy their applications over virtual servers which can be deployed over various region (and hence high availability) + accessible (low latency).

Google cloud has 24 regions (as we write) and 73 zones spread over 17 countries.

What is a Region? What is a Zone?

Region is like a data center in a location. Zones are within a Region. For Google Cloud, each region has a minimum of 3 zones.

Zone

High Availability + Fault Tolerance within a region.
Each zone has 1 or more cluster

Cluster is a physical hardware (within a DC)

Zones are connected to each other via low latency links.

How to deploy applications on Google Cloud?

Deploy Applications on VMs.

Deploy Multiple VMs using Instance Groups
Add a Load balancer

To deploy VMs, we use the Google Compute Engine.

We use the Compute Engine to:

Create and manage the lifecycle of VMs

Lifecycle implies create, start, stop, run and delete

For multiple VMs, deploy a Load Balancer
For multiple VMs, configure Auto Scaling.
Attaching Storage to a VM
Attaching Network connectivity like IP address (static) and configurations of VMs (like the HW etc)

See below pics on how to start a VM (for beginners).

Configuring/Creating a VM:

Note that every VM has:

An internal IP (which is fixed and never changes)
An external IP

Used to access from external network
This IP is ephemeral (implies once we restart the VM, the IP changes)

How can then one access the VM if IP keeps changing?

Use a static IP. (Its a permanent external IP)

Note: Static IP is charged even when not in use.

Isn't creating VMs manually very tedious?

Yes!! Especially if you want to create large # of VMs.

Thus, one can use

Startup scripts

Scripts to be run on startup.

Instance template

As the name suggests, it's a template which will have all the configurations one needs in a VM.
Note: One cannot update an instance. You would need to create a copy and edit/modify.
You can then launch VMs using an Instance Template.

Custom Image with OS packages and softwares installed

Every time we create a VM instance, OS patches and softwares need to be installed.
This issue is eliminated by using a Custom Image (which has the OS and SW pre-installed)
Create an instance template to use a custom image.

Pre-emptible VMs:

If your application:

Does not need VMs immediately (batch jobs)
Are Fault Tolerant (can be restarted anytime)

one can opt for pre-emptive VMs. These are similar to On-Spot VMs in AWS.

Very very cost effective.

They can be shut down at any time by giving a 30 sec warning by Google Cloud.

Note: They cannot be restarted.

They are used to save costs and for applications where there is no immediate need for a VM.

But what if cost is not the important criteria but one has constraints like No shared Host for a VM?

We all know that on a single host in the cloud, if we have multiple VMs hosted, these VMs could belong to different folks. Such shared hosts reduce costs. However, there may be a requirement to use a dedicated host. Note that the default config is shared.

What is a dedicated host?

A host where all the deployed VMs belong to a certain company/individual etc.

How is this achieved?

By creating VMs on dedicated host (with Sole Tenant Nodes)

Read the definition of sole tenant nodes in the picture below (taken from the console)

But what if we do not like the VM machine types being offered? What if my requirements are different (read: higher) and of course when budget is not an issue.
There is an option for customized machine types where you can choose the memory, GBU and vCPUs.

Only valid for E2, N2 and N1 machine types.

Billing is based on per vCPU and memory provisioned. (hourly charges)

We discussed about creating VMs and machine types etc.

We also know that we can create a group of VM instances by using an Instance group.

Instance Groups are classified as "Managed" and "UnManaged"

Managed Instance Groups (MIG) manage similar instances of VMs (identical using templates). Auto scaling, Automatic removal and replacement of VM due to its health etc are some of the features for MIG.

Note -

. Instance template is mandatory and create instance groups using it.

. Default auto scaling used is CPU Utilization (60%)

UnManaged Instance Group as the name suggests, manages different configuration of VMs and the features like auto scaling etc are not available.

We now have multiple VM instances created using an instance templated and part of an instance group (managed). We also have an auto scaling + health policy in place. What are we missing? Traffic handling aka Load Balancer (Global > distributes load across VMs in different regions).

Go to Network Services > Load Balancing.

Load Balancing options: