CLOUD SERVICE PROVIDERS
Study of Cloud Service Providers - Google & Amazon
GOOGLE CLOUD SERVICES :
A ) Google Cloud Platform Resources :
GCP consists of a set of physical assets, such as computers and hard disk drives, and virtual resources, such as virtual machines (VMs), that are contained in Google's data centers around the globe.
Each data center location is in a region. Regions are available in Asia, Australia, Europe, North America, and South America.
Each region is a collection of zones, which are isolated from each other within the region.
Each zone is identified by a name that combines a letter identifier with the name of the region. For example, zone a in the East Asia region is named asia-east1-a.
This distribution of resources provides several benefits, including redundancy in case of failure and reduced latency by locating resources closer to clients.
This distribution also introduces some rules about how resources can be used together.
GCP consists of a set of physical assets, such as computers and hard disk drives, and virtual resources, such as virtual machines (VMs), that are contained in Google's data centers around the globe.
Each data center location is in a region. Regions are available in Asia, Australia, Europe, North America, and South America.
Each region is a collection of zones, which are isolated from each other within the region.
Each zone is identified by a name that combines a letter identifier with the name of the region. For example, zone a in the East Asia region is named asia-east1-a.
This distribution of resources provides several benefits, including redundancy in case of failure and reduced latency by locating resources closer to clients.
This distribution also introduces some rules about how resources can be used together.
B ) Google Cloud Platform Project :
Any GCP resources that you allocate and use must belong to a project. You can think of a project as the organizing entity for what you're building.
A project is made up of the settings, permissions, and other metadata that describe your applications.
Resources within a single project can work together easily, for example by communicating through an internal network, subject to the regions-and-zones rules. A project can't access another project's resources unless you use Shared VPC or VPC Network Peering.
Each Google Cloud Platform project has:
A project name, which you provide.
A project ID, which you can provide or GCP can provide for you.
A project number, which GCP provides.
Any GCP resources that you allocate and use must belong to a project. You can think of a project as the organizing entity for what you're building.
A project is made up of the settings, permissions, and other metadata that describe your applications.
Resources within a single project can work together easily, for example by communicating through an internal network, subject to the regions-and-zones rules. A project can't access another project's resources unless you use Shared VPC or VPC Network Peering.
Each Google Cloud Platform project has:
A project name, which you provide.
A project ID, which you can provide or GCP can provide for you.
A project number, which GCP provides.
C ) Types Of Services Provided By Google Cloud Platform
Computing and hosting :
Google Cloud gives you options for computing and hosting. You can choose to do the following:
Work in a serverless environment.
Use a managed application platform.
Leverage container technologies to gain lots of flexibility.
Build your own cloud-based infrastructure to have the most control and flexibility.
You can imagine a spectrum where, at one end, you have most of the responsibilities for resource management and, at the other end, Google has most of those responsibilities.
Storage :
Whatever your application, you'll probably need to store some media files, backups, or other file-like objects. Google Cloud provides a variety of storage services, including:
Consistent, scalable, large-capacity data storage in Cloud Storage. Cloud Storage comes in several flavors:
Standard Storage provides maximum availability.
Cloud Storage Nearline provides low-cost archival storage ideal for data accessed less than once a month.
Cloud Storage Coldline provides even lower-cost archival storage ideal for data accessed less than once a quarter.
Cloud Storage Archive provides the lowest-cost archival storage for backup and disaster recovery ideal for data you intend to access less than once a year.
Persistent disks on Compute Engine, for use as primary storage for your instances. Compute Engine offers both hard-disk-based persistent disks, called standard persistent disks, and solid-state persistent disks (SSD).
Fully managed NFS file servers in Filestore. You can use Filestore instances to store data from applications running on Compute Engine VM instances or GKE clusters.
Databases :
Google Cloud provides a variety of SQL and NoSQL database services:
A SQL database in Cloud SQL, which provides either MySQL or PostgreSQL databases.
A fully managed, mission-critial, relational database service in Cloud Spanner that offers transactional consistency at global scale, schemas, SQL querying, and automatic, synchronous replication for high availability.
Two options for NoSQL data storage: Firestore, for document-like data, and Cloud Bigtable, for tabular data.
You can also choose to set up your preferred database technology on Compute Engine by using persistent disks. For example, you can set up MongoDB for NoSQL document storage.
Networking :
While App Engine manages networking for you, and GKE uses the Kubernetes model, Compute Engine provides a set of networking services. These services help you to load-balance traffic across resources, create DNS records, and connect your existing network to Google's network.
Networks, firewalls, and routes
Virtual Private Cloud (VPC) provides a set of networking services that your VM instances use. Each instance can be attached to only one network. Every VPC project has a default network. You can create additional networks in your project, but networks cannot be shared between projects.
Firewall rules govern traffic coming into instances on a network. The default network has a default set of firewall rules, and you can create custom rules, too.
A route lets you implement more advanced networking functions in your instances, such as creating VPNs. A route specifies how packets leaving an instance should be directed. For example, a route might specify that packets destined for a particular network range should be handled by a gateway virtual machine instance that you configure and operate.
Big data :
Big data services enable you to process and query big data in the cloud to get fast answers to complicated questions.
Data analysis
BigQuery provides data analysis services. With BigQuery, you can:
Create custom schemas that organize your data into datasets and tables.
Load data from a variety of sources, including streaming data.
Use SQL-like commands to query massive datasets very quickly. BigQuery is designed and optimized for speed.
Use the web UI, command-line interface, or API.
Load, query, export, and copy data by using jobs.
Manage data and protect it by using permissions.
Machine learning :
AI Platform offers a variety of powerful machine learning (ML) services. You can choose to use APIs that provide pre-trained models optimized for specific applications, or build and train your own large-scale, sophisticated models using a managed TensorFlow framework.
Machine learning APIs
Google Cloud offers a variety of APIs that enable you to take advantage of Google's ML without creating and training your own models.
Video Intelligence API lets you use video analysis technology that provides label detection, explicit content detection, shot-change detection, and regionalization features.
Speech-to-Text lets you convert audio to text, recognizing over 110 languages and variants, to support your global user base. You can transcribe the text of users dictating to an application’s microphone, enable command-and-control through voice, or transcribe audio files, among other use cases.
Cloud Vision lets you easily integrate vision detection features, including image labeling, face and landmark detection, optical character recognition (OCR), and tagging of explicit content.
Cloud Natural Language API lets you add sentiment analysis, entity analysis, entity-sentiment analysis, content classification, and syntax analysis.
Cloud Translation lets you quickly translate source text into any of over a hundred supported languages. Language detection helps out in cases where the source language is not known.
Dialogflow lets you build conversational interfaces for websites, mobile applications, popular messaging platforms, and IoT devices. You can use it to build interfaces, such as chatbots, that are capable of natural and rich interactions with humans.
D ) Google App Engine :
Google App Engine is a Platform as a Service (PaaS) product that provides Web app
developers and enterprises with access to Google's scalable hosting and tier 1
Internet service.
The App Engine requires that apps be written in Java or Python, store data in
Google BigTable and use the Google query language.
Non-compliant applications require modification to use App Engine.
Google App Engine provides more infrastructure than other scalable hosting services
such as Amazon Elastic Compute Cloud (EC2).
The App Engine also eliminates some system administration and developmental tasks
to make it easier to write scalable applications.
Google App Engine is free up to a certain amount of resource usage.
Users exceeding the per-day or per-minute usage rates for CPU resources, storage,
number of API calls or requests and concurrent requests can pay for more of these
resources.
Google App Engine supports a number of programming languages
including Java, Python, Go and PHP.
Developers can design scalable applications that grow from one to millions of users
and every Google App Engine application has enough CPU, bandwidth and storage to
serve around 5 million monthly page views for free (additional resources can be
purchased).
Work in a serverless environment.
Use a managed application platform.
Leverage container technologies to gain lots of flexibility.
Build your own cloud-based infrastructure to have the most control and flexibility.
Consistent, scalable, large-capacity data storage in Cloud Storage. Cloud Storage comes in several flavors:
Standard Storage provides maximum availability.
Cloud Storage Nearline provides low-cost archival storage ideal for data accessed less than once a month.
Cloud Storage Coldline provides even lower-cost archival storage ideal for data accessed less than once a quarter.
Cloud Storage Archive provides the lowest-cost archival storage for backup and disaster recovery ideal for data you intend to access less than once a year.
Persistent disks on Compute Engine, for use as primary storage for your instances. Compute Engine offers both hard-disk-based persistent disks, called standard persistent disks, and solid-state persistent disks (SSD).
Fully managed NFS file servers in Filestore. You can use Filestore instances to store data from applications running on Compute Engine VM instances or GKE clusters.
A SQL database in Cloud SQL, which provides either MySQL or PostgreSQL databases.
A fully managed, mission-critial, relational database service in Cloud Spanner that offers transactional consistency at global scale, schemas, SQL querying, and automatic, synchronous replication for high availability.
Two options for NoSQL data storage: Firestore, for document-like data, and Cloud Bigtable, for tabular data.
Create custom schemas that organize your data into datasets and tables.
Load data from a variety of sources, including streaming data.
Use SQL-like commands to query massive datasets very quickly. BigQuery is designed and optimized for speed.
Use the web UI, command-line interface, or API.
Load, query, export, and copy data by using jobs.
Manage data and protect it by using permissions.
Video Intelligence API lets you use video analysis technology that provides label detection, explicit content detection, shot-change detection, and regionalization features.
Speech-to-Text lets you convert audio to text, recognizing over 110 languages and variants, to support your global user base. You can transcribe the text of users dictating to an application’s microphone, enable command-and-control through voice, or transcribe audio files, among other use cases.
Cloud Vision lets you easily integrate vision detection features, including image labeling, face and landmark detection, optical character recognition (OCR), and tagging of explicit content.
Cloud Natural Language API lets you add sentiment analysis, entity analysis, entity-sentiment analysis, content classification, and syntax analysis.
Cloud Translation lets you quickly translate source text into any of over a hundred supported languages. Language detection helps out in cases where the source language is not known.
Dialogflow lets you build conversational interfaces for websites, mobile applications, popular messaging platforms, and IoT devices. You can use it to build interfaces, such as chatbots, that are capable of natural and rich interactions with humans.
Google App Engine is a Platform as a Service (PaaS) product that provides Web app
The App Engine requires that apps be written in Java or Python, store data in
Non-compliant applications require modification to use App Engine.
Google App Engine provides more infrastructure than other scalable hosting services
The App Engine also eliminates some system administration and developmental tasks
Google App Engine is free up to a certain amount of resource usage.
Users exceeding the per-day or per-minute usage rates for CPU resources, storage,
Google App Engine supports a number of programming languages
Developers can design scalable applications that grow from one to millions of users
AMAZON CLOUD SERVICES :
A ) Amazon Cloud Services Resources :
Security in the cloud is similar to security in your on-premises data centers — only without the costs of maintaining facilities and hardware.
In the cloud, you don’t have to manage physical servers or storage devices. Instead, you use software-based security tools to monitor and protect the flow of information into and of out of your cloud resources.
For this reason, cloud security is a Shared Responsibility between the customer and AWS, where customers are responsible for “security in the cloud” and AWS is responsible for “security of the cloud.”
The AWS cloud allows you to scale and innovate while maintaining a secure environment.
As an AWS customer, you will benefit from data centers and network architecture designed to meet the requirements of the most security-sensitive organizations.
AWS infrastructure is custom-built for the cloud and is monitored 24x7 to help protect the confidentiality, integrity, and availability of our customers’ data.
Security in the cloud is similar to security in your on-premises data centers — only without the costs of maintaining facilities and hardware.
In the cloud, you don’t have to manage physical servers or storage devices. Instead, you use software-based security tools to monitor and protect the flow of information into and of out of your cloud resources.
For this reason, cloud security is a Shared Responsibility between the customer and AWS, where customers are responsible for “security in the cloud” and AWS is responsible for “security of the cloud.”
The AWS cloud allows you to scale and innovate while maintaining a secure environment.
As an AWS customer, you will benefit from data centers and network architecture designed to meet the requirements of the most security-sensitive organizations.
AWS infrastructure is custom-built for the cloud and is monitored 24x7 to help protect the confidentiality, integrity, and availability of our customers’ data.
B ) Popular Services:
Amazon EC2 :
Amazon EC2 Auto Scaling helps you ensure that you have the correct number of Amazon EC2 instances available to handle the load for your application. You create collections of EC2 instances, called Auto Scaling groups.
You can specify the minimum number of instances in each Auto Scaling group, and Amazon EC2 Auto Scaling ensures that your group never goes below this size.
You can specify the maximum number of instances in each Auto Scaling group, and Amazon EC2 Auto Scaling ensures that your group never goes above this size.
If you specify the desired capacity, either when you create the group or at any time thereafter, Amazon EC2 Auto Scaling ensures that your group has this many instances.
If you specify scaling policies, then Amazon EC2 Auto Scaling can launch or terminate instances as demand on your application increases or decreases.
For example, the following Auto Scaling group has a minimum size of one instance, a desired capacity of two instances, and a maximum size of four instances. The scaling policies that you define adjust the number of instances, within your minimum and maximum number of instances, based on the criteria that you specify.
Amazon EC2 Auto Scaling helps you ensure that you have the correct number of Amazon EC2 instances available to handle the load for your application. You create collections of EC2 instances, called Auto Scaling groups.
You can specify the minimum number of instances in each Auto Scaling group, and Amazon EC2 Auto Scaling ensures that your group never goes below this size.
You can specify the maximum number of instances in each Auto Scaling group, and Amazon EC2 Auto Scaling ensures that your group never goes above this size.
If you specify the desired capacity, either when you create the group or at any time thereafter, Amazon EC2 Auto Scaling ensures that your group has this many instances.
If you specify scaling policies, then Amazon EC2 Auto Scaling can launch or terminate instances as demand on your application increases or decreases.
For example, the following Auto Scaling group has a minimum size of one instance, a desired capacity of two instances, and a maximum size of four instances. The scaling policies that you define adjust the number of instances, within your minimum and maximum number of instances, based on the criteria that you specify.
Amazon CloudFront :
Amazon CloudFront is a web service that speeds up distribution of your static and dynamic web content, such as .html, .css, .js, and image files, to your users. CloudFront delivers your content through a worldwide network of data centers called edge locations. When a user requests content that you're serving with CloudFront, the user is routed to the edge location that provides the lowest latency (time delay), so that content is delivered with the best possible performance.
If the content is already in the edge location with the lowest latency, CloudFront delivers it immediately.
If the content is not in that edge location, CloudFront retrieves it from an origin that you've defined—such as an Amazon S3 bucket, a MediaPackage channel, or an HTTP server (for example, a web server) that you have identified as the source for the definitive version of your content.
If the content is already in the edge location with the lowest latency, CloudFront delivers it immediately.
If the content is not in that edge location, CloudFront retrieves it from an origin that you've defined—such as an Amazon S3 bucket, a MediaPackage channel, or an HTTP server (for example, a web server) that you have identified as the source for the definitive version of your content.
Amazon Simple Storage Service :
Amazon Simple Storage Service (Amazon S3) is storage for the internet. You can use Amazon S3 to store and retrieve any amount of data at any time, from anywhere on the web. You can accomplish these tasks using the AWS Management Console, which is a simple and intuitive web interface.
Steps to use the AWS Management Console to complete the following tasks:
Sign Up for Amazon S3
Create a Bucket
Add an Object to a Bucket
View an Object
Move an Object
Delete an Object and Bucket
AWS Identity and Access Management
AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.
When you first create an AWS account, you begin with a single sign-in identity that has complete access to all AWS services and resources in the account.
This identity is called the AWS account root user and is accessed by signing in with the email address and password that you used to create the account.
We strongly recommend that you do not use the root user for your everyday tasks, even the administrative ones.
Instead, adhere to the best practice of using the root user only to create your first IAM user.
Then securely lock away the root user credentials and use them to perform only a few account and service management tasks.
Amazon Web Service Command Line Interface
The AWS Command Line Interface (AWS CLI) is an open source tool that enables you to interact with AWS services using commands in your command-line shell.
The AWS CLI is available in two versions:
Version 1.x – The generally available version of the AWS CLI that is suitable for use in production environments.
Version 2.x – A preview version of the AWS CLI that is intended for testing and evaluation. This version does include some "breaking" changes that might require you to change your scripts so that they continue to operate as you expect.
With minimal configuration, the AWS CLI enables you to start running commands that implement functionality equivalent to that provided by the browser-based AWS Management Console from the command prompt in your favorite terminal program:
Linux shells – Use common shell programs such as bash.zsh, and tcsh to run commands in Linux or MacOS.
Windows command line – On Windows, run commands at the Windows command prompt or in PowerShell.
Remotely – Run commands on Amazon Elastic Compute Cloud (Amazon EC2) instances through a remote terminal program such as PuTTY or SSH, or with AWS Systems Manager.
Amazon RDS ( Relational Database Services )
Amazon RDS takes over many of the difficult or tedious management tasks of a relational database:
When you buy a server, you get CPU, memory, storage, and IOPS, all bundled together. With Amazon RDS, these are split apart so that you can scale them independently. If you need more CPU, less IOPS, or more storage, you can easily allocate them.
Amazon RDS manages backups, software patching, automatic failure detection, and recovery.
To deliver a managed service experience, Amazon RDS doesn't provide shell access to DB instances. It also restricts access to certain system procedures and tables that require advanced privileges.
You can have automated backups performed when you need them, or manually create your own backup snapshot. You can use these backups to restore a database. The Amazon RDS restore process works reliably and efficiently.
You can get high availability with a primary instance and a synchronous secondary instance that you can fail over to when problems occur. You can also use MySQL, MariaDB, or PostgreSQL Read Replicas to increase read scaling.
You can use the database products you are already familiar with: MySQL, MariaDB, PostgreSQL, Oracle, Microsoft SQL Server.
In addition to the security in your database package, you can help control who can access your RDS databases by using AWS Identity and Access Management (IAM) to define users and permissions. You can also help protect your databases by putting them in a virtual private cloud.
Sign Up for Amazon S3
Create a Bucket
Add an Object to a Bucket
View an Object
Move an Object
Delete an Object and Bucket
AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.
When you first create an AWS account, you begin with a single sign-in identity that has complete access to all AWS services and resources in the account.
This identity is called the AWS account root user and is accessed by signing in with the email address and password that you used to create the account.
We strongly recommend that you do not use the root user for your everyday tasks, even the administrative ones.
Instead, adhere to the best practice of using the root user only to create your first IAM user.
Then securely lock away the root user credentials and use them to perform only a few account and service management tasks.
Version 1.x – The generally available version of the AWS CLI that is suitable for use in production environments.
Version 2.x – A preview version of the AWS CLI that is intended for testing and evaluation. This version does include some "breaking" changes that might require you to change your scripts so that they continue to operate as you expect.
Linux shells – Use common shell programs such as bash.zsh, and tcsh to run commands in Linux or MacOS.
Windows command line – On Windows, run commands at the Windows command prompt or in PowerShell.
Remotely – Run commands on Amazon Elastic Compute Cloud (Amazon EC2) instances through a remote terminal program such as PuTTY or SSH, or with AWS Systems Manager.
When you buy a server, you get CPU, memory, storage, and IOPS, all bundled together. With Amazon RDS, these are split apart so that you can scale them independently. If you need more CPU, less IOPS, or more storage, you can easily allocate them.
Amazon RDS manages backups, software patching, automatic failure detection, and recovery.
To deliver a managed service experience, Amazon RDS doesn't provide shell access to DB instances. It also restricts access to certain system procedures and tables that require advanced privileges.
You can have automated backups performed when you need them, or manually create your own backup snapshot. You can use these backups to restore a database. The Amazon RDS restore process works reliably and efficiently.
You can get high availability with a primary instance and a synchronous secondary instance that you can fail over to when problems occur. You can also use MySQL, MariaDB, or PostgreSQL Read Replicas to increase read scaling.
You can use the database products you are already familiar with: MySQL, MariaDB, PostgreSQL, Oracle, Microsoft SQL Server.
In addition to the security in your database package, you can help control who can access your RDS databases by using AWS Identity and Access Management (IAM) to define users and permissions. You can also help protect your databases by putting them in a virtual private cloud.
Comments
Post a Comment