Table of Contents
Cloud computing models offer multiple types of services such as IaaS, PaaS, SaaS and so on. IaaS or infrastructure as a service provides computing services to cloud services consumers. It eliminates the need for procuring, maintaining or upgrading costly physical infrastructure which is managed by cloud providers and cloud consumers use cloud as virtual server resources.
Today we look more in detail about Google compute Engine offering, its benefits , and authentication methods used by Google cloud compute engine and son on.
Understanding Google Compute Engine
Google compute engine is Google’s Infrastructure-as-a-service virtual machine offering. It lets customers use virtual machines in the cloud as server resources for computing instead of acquiring and managing server hardware. Google compute engine service offers virtual machines running on Google data centres connected on worldwide fibre network. Compute engine enables scaling from single instance to global, load balancing and other features.
Applications of Google Compute Engine (GCE)
- Virtual machine migration to compute engine – it has tools to fast track the migration process from on premises to cloud to Google cloud platform. Users can have their applications running seamlessly and data migrates transparently in the background.
- Data processing of Genomics data – computationally intensive Genomics data processing could be easily facilitated by compute engine. Users can process large data sets.
- BYOL or bring your own license images – compute engine help to run Windows apps in Google cloud platform by bringing their licenses to platform as either license included images or sole tenant images.
Benefits of Compute Engine
- Ease of integration with other cloud services such as Google AL/ML and data analytics
- Computation supported globally as per requirements
- You gain infinite value as prevention costs only for executing compute with sustained use discounts, and profit via implementing devoted use discounts
- Confidential VMs which enable users to encode delicate data into cloud during its processing
Google API – Authentication Methods
There are various techniques for authentication of Google compute engine API as under:
- OAuth 2.0
- Through client library
- With an entrance token (gsutil authentication)
We will look more in detail about each of the techniques.
OAuth 2.0
OAuth 2.0 is used for authentication and authorization. You need to follow below steps to achieve the access.
- Step 1: Visit Google API console to obtain OAuth 2.0 credentials such as client ID and client secret which are known to Google and your application.
- Step 2: Obtain access token from Google authorization server. A JavaScript application can request an access token using a browser redirect to Google. After logging into google account the user is asked if they are willing to grant one or more permission that application is requesting. (User consent). If user grants at least one permission the authorization server will send an access token and a list of scope of access granted to that token
- Step 3: Examine scope of access granted by user compare the scope included in access token to the scope required to access application features and functionality.
- Step 4: Send access token to an API – Token is sent to Google API in an HTTP authorization request header. Access tokens are valid only for the set of operations and resources described in scope of token request.
- Step 5: Refresh Access token – Access tokens have limited lifetime. Refresh tokens may be needed if an application needs access to Google API beyond the lifetime of access token.
Client Library Authentication
The Google Cloud Client Library is configured to access Google Cloud Platform services and authenticate (OAuth 2.0) automatically on your behalf.
Authentication using an entrance token (gsutil authentication)
With gsutil installed from the Cloud SDK, you should authenticate with service account credentials.
Use an existing service account or create a new one, and download the associated private key. However, you can only download the private key data for a service account key when the key is first created. Use gcloud auth activate-service-account to authenticate with the service account:
gcloud auth activate-service-account –key-file KEY_FILE
Where KEY_FILE is the name of the file that contains your service account credentials. gcloud auth uses the cloud-platform scope when getting an access token.