Resource Management

Resource Manager

Organization

• Created when using G Suite or Use Google Cloud Identity
• Fixed ID but can change the name

Organization Policy

• Centralized constraints on all resources created in Organization

Hierarchy

Function-oriented

Environment-oriented

Labels

• Can use with Data Studio to visualize the cost by category

Cloud Identity

Authentication Options

• Google authentication (No SSO)
• Single sign-on (SSO): Google auth + Cloud Identity as Identity Provider
• Single sign-on (SSO): External Identity Provider

Password Sync

• G Suite Password Sync (GSPS) is not Password Sync
• Synchronizes user passwords from Active Directory to Cloud Identity as they are changed (in real-time)
• Password Sync intercepts the raw password and applies a salted SHA512 hash
• Encrypted via TLS, the salted hash is sent to Cloud Identity using the Directory API

Google Cloud Directory Sync (GCDS)

• One-way synchronization
• Only synchronizes deltas for the fastest possible provisioning
• Configure which users account to sync

Managed Service for Microsoft AD

• Synchronized forest pattern
• Sync accounts
• Keeps a trust boundary clear between on-premises and cloud

Billing

Billing Account

• pays for project resources
• A billing account is linked to one or more projects
• A project that didn't link with a billing account can use only free resources
• Charged automatically or invoiced every month or at a threshold limit
• Subaccounts can be used for separate billing for projects
• Types
  • Self-Serve: Billed directly to Credit Card or Bank Account
  • Invoiced: Generate invoices (Used by large enterprises)

Budgets & Alerts

Billing export

• Export to BigQuery
• Can use Data Studio to visualize data
• File export to CSV and JSON is deprecated

Reports

• Visual tool for monitor expenditure based on a project or services

Quotas

• Project quotas prevent runaway consumption in case of error or malicious attack
• Prevent billing spikes or surprises
• Forces sizing consideration and periodic review
• Default
  • 15 VPC networks/project
  • 24 CPUs region/project
• Type of quotas
  • Rate
    • GKE API: 1000 requests per 100 seconds
  • Allocation
    • 5 networks per project
• Can change by requesting Google Cloud support