GCP system design considerations Pointers - vidyasekaran/GCP GitHub Wiki
https://cloud.google.com/architecture/framework/design-considerations
While designing our application in GCP we need to know features and services and ask design questions and consider recommendations provided by google.
Geographic zones and regions
-
Google Cloud services and resources can be zonal, regional, managed by Google across multiple regions, or global:
-
To deploy fault-tolerant applications with high availability, you deploy your applications across multiple zones in a single region, or in multiple zones in different regions, to help protect against expected and unexpected downtimes.
Design Questions - https://cloud.google.com/architecture/framework/design-considerations#design_questions
Recommendations - https://cloud.google.com/architecture/framework/design-considerations#recommendations
Resource management - https://cloud.google.com/architecture/framework/design-considerations#resource_management
Google Cloud provides resource containers such as organizations, folders, and projects that allow you to group and hierarchically organize Google Cloud resources. This hierarchical organization lets you manage common aspects of your resources, such as access control, configuration settings, and policies. Resource Manager provides programmatic access to the resource containers.
Design Questions - https://cloud.google.com/architecture/framework/design-considerations#design_questions_2
Recommendations - https://cloud.google.com/architecture/framework/design-considerations#recommendations_2
Identity and access management - https://cloud.google.com/architecture/framework/design-considerations#identity_and_access_management
Identity and access management is a cornerstone of your Google Cloud deployment because it provides the authorization controls to Google Cloud resources.
Authorization - https://cloud.google.com/architecture/framework/design-considerations#authorization
When an authenticated member attempts to access a resource, IAM checks the resource's IAM policy to determine whether the action is allowed. The entities and concepts involved in the authorization process are described below.
Resources - https://cloud.google.com/architecture/framework/design-considerations#resources_3
Permissions - https://cloud.google.com/architecture/framework/design-considerations#permissions
Roles - https://cloud.google.com/architecture/framework/design-considerations#roles
IAM policies - https://cloud.google.com/architecture/framework/design-considerations#iam_policies
You can grant roles to users by creating an IAM policy, which is a collection of statements that define who has what type of access. A policy is attached to a resource and is used to enforce access control whenever that resource is accessed. An IAM policy is represented by the IAM policy object.
Policy hierarchy - https://cloud.google.com/architecture/framework/design-considerations#policy_hierarchy
You can set an IAM policy at any level in the resource hierarchy: organization, folder, project, or the resource level. Resources inherit the policies of their parent resource. Set a policy at the organization level to have it automatically inherited by all its children folders and projects.
Design Questions - https://cloud.google.com/architecture/framework/design-considerations#design_questions_3
Recommendations - https://cloud.google.com/architecture/framework/design-considerations#recommendations_3
Key services - https://cloud.google.com/architecture/framework/design-considerations#key_services
**Cloud Identity - ** - https://cloud.google.com/identity
A unified identity, access, app, and endpoint management (IAM/EMM) platform.
Give users easy access to apps with single sign-on
Multi-factor authentication protects user and company data
Endpoint management enforces policies for personal and corporate devices
**Identity Platform- **
Identity Platform is a customer identity and access management (CIAM) platform that helps organizations add identity and access management functionality to their applications, protect user accounts, and scale with confidence on Google Cloud.
Compute
Most solutions use compute resources in some form, and the selection of compute for your application needs is critical. On Google Cloud, compute is offered as Compute Engine, App Engine, Google Kubernetes Engine (GKE), Cloud Functions, and Cloud Run. You should evaluate your application demands and then choose one of the following compute offerings.
Design questions - https://cloud.google.com/architecture/framework/design-considerations#design_questions_4 Recommendations - https://cloud.google.com/architecture/framework/design-considerations#recommendations_4
Networking - https://cloud.google.com/architecture/framework/design-considerations#networking
Google's private network connects our regional locations to more than 100 global network points of presence. Google Cloud uses software-defined networking and distributed systems technologies to host and deliver your services around the world as fast as possible. Google global VPC uses the Google-owned global high-speed network to link your applications across regions privately and reliably. When every millisecond of latency counts, Google ensures that your content is delivered with the highest throughput, thanks to innovations like BBR congestion control intelligence.
Networking design is another critical component, when done correctly, that helps you optimize for performance and secure how your application communicates with internal and external services. When you choose networking services, it's important to think a few steps ahead with respect to your application needs and how the applications will communicate with each other. Some components require global service, while some might need geo-locality to a specific region. Choose a deployment region close to your users for better performance.
Key services - https://cloud.google.com/architecture/framework/design-considerations#key_services_3
VPC, Cloud Load Balancing, Cloud CDN, Cloud DNS , Cloud Interconnect
Design questions - https://cloud.google.com/architecture/framework/design-considerations#design_questions_5
Recommendations - https://cloud.google.com/architecture/framework/design-considerations#recommendations_5
Storage - https://cloud.google.com/architecture/framework/design-considerations#storage
Most deployments need some form of storage for their data. Google Cloud services can be classified into blob storage or disk storage. Because storage is connected to other services over the network, also consider IOPS requirements while selecting your storage type. Cloud Storage is a regional or multi-regional resource. All Cloud Storage buckets have built-in **redundancy **to protect your data against equipment failure and to ensure data availability through datacenter maintenance events. Checksums are calculated for all Cloud Storage operations so Google can ensure that what you read is what you wrote. Persistent Disk is a zonal or regional resource, so you must take additional steps to snapshot, backup, or replicate your data for redundancy.
When considering Google Cloud storage options, look at Cloud Storage for blobs, Persistent Disk for block storage, **and Filestore for shared files. **
It's a best practice to determine your application performance needs and data requirements while you're choosing a storage type.
Design questions - https://cloud.google.com/architecture/framework/design-considerations#design_questions_6
Recommendations - https://cloud.google.com/architecture/framework/design-considerations#recommendations_6
Database
Design questions - https://cloud.google.com/architecture/framework/design-considerations#design_questions_7
Recommendations - https://cloud.google.com/architecture/framework/design-considerations#recommendations_7
Analytics
Most businesses want to analyze their data and glean insights from it. Google Cloud provides you with various managed tools that help you focus on writing your **ETL pipeline **while Google manages the underlying infrastructure for you. Depending on your business needs and what you want to achieve, Google Cloud offers the following services for ingesting, processing, transforming, analyzing, and viewing your data.