Cloud Architecting with GCP: A Learning Journey?—?Part2

This is part2 of a series that is intended to help you as a solutions architect to design reliable solutions on GCP. In part1, we have covered overview of cloud computing and GCP, key roles in cloud architectue, and the importance of GCP in the enterprise landscape. we have also covered some of the core services in GCP in categories: compute, storage, networking, and security. In this part in next parts we will go deeper in the compute caregory.

Choosing the right compute service in Google Cloud Platform (GCP) is crucial for designing scalable, efficient, and cost-effective solutions. GCP offers a variety of compute options, ranging from traditional virtual machines to fully managed serverless services. The choice depends on factors like flexibility, scalability, ease of management, and cost. This article explores the different compute options available in GCP and provides guidance on when to use each one.

To discuss all the compute servies in GCP, the article will be very long so we will discuss the Compute Engine (VMs) in this part and postpone the remaining compute services to the next part. These other parts will be Google Kubernetes Engine (GKE), Cloud Run, Cloud Run Functions, and App Engine.

Compute Engine

Compute Engine provides fully customizable virtual machines (VMs) running in Google’s data centers. It allows you to run workloads with full control over the operating system, configurations, and networking.

Use Cases:

• Running traditional applications that require full OS access.
• Migrating existing workloads from on-premises or other cloud providers (lift-and-shift).
• High-performance computing (HPC) and batch processing.
• Running databases, application servers, and other stateful services.

Use Compute Engine when you need full control over your infrastructure, require specific configurations, or are migrating existing workloads that run on VMs.

Compute Engine Machine Types:

Sole-tenant nodes

If you have workloads that require physical isolation from other workloads or virtual machines in order to meet compliance requirements, you want to consider sole-tenant nodes.

A sole-tenant node is a physical Compute Engine server that is dedicated to hosting VM instances only for your specific project.

A sole-tenant node has multiple VM instances, but they all belong to the same project. You can also fill the node with multiple smaller VM instances of varying sizes, including custom machine types and instances with extended memory.

Also, if you have existing operating system licenses, you can bring them to Compute Engine using sole-tenant nodes while minimizing the physical core usage with the in-place restart feature.

Shielded VMS

Shielded VMs offer verifiable integrity to your VM instances, so you can be confident that your instances haven’t been compromised by boot or kernel-level malware or rootkits. Shielded VMS is the first offering in the Shielded Cloud Initiative. The Shielded Cloud Initiative is meant to provide an even more secure foundation for all of Google Cloud by providing verifiable integrity and offering features, like vTPM shielding or sealing, that help prevent data exfiltration. In order to use the shielded VM features, you need to select a shielded image.

Confidential VMs

Confidential VMs are a breakthrough technology that allows you to encrypt data in use, while it’s been processed. Google Cloud’s approach to encrypt data in use is simple, easy-to-use deployment without making any code changes to applications or having to compromise performance. Google does not have access to the encryption keys.

Tensor Processing Unit

CPUs & GPUs can no longer scale to adequately reach the rapid demand for ML. To help overcome this challenge, in 2016 Google introduced the Tensor Processing Unit, or TPU. Cloud TPUs have been integrated across Google products, making this state-of-the-art hardware and supercomputing technology available to Google Cloud customers.

TPUs are Google’s custom-developed application-specific integrated circuits (ASICs) used to accelerate machine learning workloads. TPUs act as domain-specific hardware, as opposed to general-purpose hardware with CPUs and GPUs. TPUs are generally faster than current GPUs and CPUs for AI applications and machine learning. They are also significantly more energy-efficient.

Disk Options

Every VM comes with a single root persistent disk, because you’re choosing a base image to have that loaded on. This image is bootable in that you can attach it to a VM and boot from it, and it is durable in that it can survive if the VM terminates. To have a boot disk survive a VM deletion, disable the “Delete boot disk when instance is deleted” option in instance’s properties.

You can also perform snapshots of these disks, which are incremental backups. You can dynamically resize them, even while they are running and attached to a VM. You can also attach a disk in read-only mode to multiple VMs.

Disks can be zonal or regional. Zonal persistent disks offer efficient, reliable block storage. Regional persistent disks provide active-active disk replication across two zones in the same region. Regional persistent disks deliver durable storage that is synchronously replicated across zones and are a great option for high-performance databases and enterprise applications that also require high availability.

Encryption: By default, Compute Engine encrypts all data at rest. Google Cloud handles and manages this encryption for you without any additional actions on your part. However, if you wanted to control and manage this encryption yourself, you can either use Cloud Key Management Service to create and manage key encryption keys (which is known as customer-managed encryption keys) or create and manage your own key encryption keys (known as customer-supplied encryption keys).

Metadata Server: Every VM instance stores its metadata on a metadata server. The metadata server is particularly useful in combination with startup and shutdown scripts, because you can use the metadata server to programmatically get unique information about an instance, without additional authorization.

Snapshots

Snapshots can be used to backup critical data into a durable storage solution to meet application, availability, and recovery requirements. These snapshots are stored in Cloud Storage (we will discuss this is a later article). Snapshots can also be used to migrate data between zones.

If you want to improve disk performance, you could use a snapshot to transfer data from a standard HDD persistent disk to a SSD persistent disk.

Snapshots are available only to persistent disks and not to local SSDs. Snapshots are incremental and automatically compressed, so you can create regular snapshots on a persistent disk. You can grow disks in size, you can never shrink them.

Disk Types

· pd-standard: Standard persistent disks are backed by standard hard disk drives and are suitable for large data processing workloads that primarily use sequential I/Os.

· pd-ssd: Performance SSD persistent disks are backed by solid-state drives and are suitable for enterprise applications and high-performance databases that require lower latency and more IOPS than standard persistent disks provide.

· pd-balanced: Balanced persistent disks are also backed by solid-state drives. They are an alternative to SSD persistent disks that balance performance and cost. These disks have the same maximum IOPS as SSD persistent disks and lower IOPS per gigabyte.

· pd-extreme (zonal only): Extreme persistent disks are zonal persistent disks also backed by solid-state drives.

Local SSDs

Local SSDs are different from persistent disks in that they are physically attached to the virtual machine. Therefore, these disks are ephemeral but provide very high IOPS. You can attach up to 24 local SSD partitions per instance. Data on these disks will survive a reset but not a VM stop or terminate, because these disks can’t be reattached to a different VM.

RAM disk

You also have the option of using a RAM disk. You can simply use tmpfs if you want to store data in memory. This will be the fastest type of performance available if you need small data structures.

Key Features:

You can live migrate your virtual machine to another host in the same zone instead of requiring your instance to be rebooted. During host maintenance, the VM is set for live migration. However, you can have the VM terminated instead of migrated.

You cannot change the machine type, the CPU platform, or the zone. Normally the boot disk defaults to being deleted automatically when the instance is deleted. But sometimes you will want to override this behavior. You cannot convert a non-preemptible instance into a preemptible one. This choice must be made at VM creation.

Most software packages in Cloud Marketplace are available at no additional charge beyond the normal usage fees for Google Cloud resources. Some Cloud Marketplace images charge usage fees.

Compute Engine Usage Discounts

Compute Engine bills by the second with a one-minute minimum, and sustained-use discounts start to apply automatically to virtual machines the longer they run.

Compute Engine also offers committed-use discounts. This means that for stable and predictable workloads, a specific amount of vCPUs and memory can be purchased for up to a 57% discount off of normal prices in return for committing to a usage term of one year or three years.

There are Preemptible and Spot VMs. A Preemptible or Spot VM is different from an ordinary Compute Engine VM in only one respect: Compute Engine has permission to terminate a job if its resources are needed elsewhere. Spot VMs differ from Preemptible VMs by offering more features. For example, preemptible VMs can only run for up to 24 hours at a time, but Spot VMs do not have a maximum runtime. However, the pricing is, currently the same for both.

Conclusion

Choosing the right compute service depends on your specific use case, scalability needs, and operational preferences. By understanding these options, solutions architects can design efficient and cost-effective systems on GCP. Use Compute Engine when you need full control over your infrastructure, require specific configurations, or are migrating existing workloads that run on VMs.

You can also read this article on Medium:

https://medium.com/@hamdyahmed1984/cloud-architecting-with-gcp-a-learning-journey-part2-8707f2d1c00b