Can we use Stackdriver for Oracle database monitoring on bare metal solution in GCP?
My Scenario:
I want to install Oracle database on bare metal server. Google does say that all the Google Cloud's services can be used with the bare metal solution. If so, we can use stackdriver for the monitoring. Can you help with how to set that up?
As stated in doc, we can manage all our custom scripts in the bare metal solution,so stackdriver can be used for Oracle database monitoring on the bare metal solution in GCP.
To setup Google Cloud to work with your Bare Metal environment follow the below steps:
Create the VLAN Attachments for the Cloud Interconnect connection.
Specify Advertisements on an existing BGP session using the below command:
gcloud compute routers update-bgp-peer router-name \
--peer-name bgp-session-name --advertisement-mode custom
--set-advertisement-ranges 0.0.0.0/0
Create a firewall rule in your VPC network on Google Cloud.
Create a Jump Host VM instance on Google Cloud.
Login to a Bare Metal Solution server.
For Monitoring follow the steps:
Select a role for the GCP service account.
Configure GCP.
Complete the configuration.
Related
I have deployed a .Net core app on App Engine Flex. My App Engine Flex is configured as Auto Scaling. My app is using Memorystore Redis. I want each instance to have their own Redis Slave (Memorystore Redis will be master) so that each instance can read from their local Redis instance which will improve the performance of the app. I am using the reference from https://github.com/docker-library/redis/blob/ede954da6de61f1d6a8572db4cd7bdf1278a2815/4.0/Dockerfile
How can I install and run Redis Slave on an App Engine Flex?
Thanks,
Google offers some tutorials that could help you accomplish what you want. The following might provide you with the information you need:
Connecting to a Redis instance from an App Engine Flexible Environment application
Connect to Redis from Node.js on App Engine flexible environment
I also recommend checking the High availability documentation and the Overview of Cloud Memorystore for Redis documentation for more information about the proper Redis configuration for high availability with Memorystore.
Is there a way to deploy "internal facing" applications in Google App Engine. AWS offers this capability as explained here and so does Azure as explained here.
What is the GCP equivalent for this? It appears App Engine Flexible Environment could be the answer but I could not find a clear documentation on whether Flexible Environment is indeed the way to host intranet facing applications. Is there someone from GCP who can advise?
Update
I tested the solution recommended by Dan recently. Listed below are my observations:
App Engine Flex allows deploying to a VPC and this allows VPN scenarios. The VPN scenarios however is for connections (originating) from App Engine to GCP VPCs or to other networks outside GCP which can be on-prem or in another cloud.
Access (destined) to the app itself from a GCP or another network is always routed via the internet facing Public IPs. There is no option to access the app at a private IP at the moment.
If there's another update, I will update it here.
Update 28Oct2021
Google has now launched Serverless Network Endpoint Group(NEG)s. With this users can connect AppEngine, Cloud Run & Cloud Function endpoints to a LoadBalancer. However at the moment, you can only use Serverless NEGs with an external HTTP(S) load balancer. You cannot use serverless NEGs with regional external HTTP(S) load balancers or with any other load balancer types. Google documentation for Serverless NEGs is available here.
I'm not sure this meets your requirements, but it's possible to set up an App Engine Standard application (not certain about Flexible) such that it is only accessible to users logged into your G-Suite domain. This is the approach I've used for internal-facing applications in the past, but it only applies if your case involves an entity using G-Suite.
You can set this up under the App Engine application Settings, under Identity Aware Proxy.
In this scenario the application is still operating at a publicly accessible location, but only users logged into your G-Suite domain can access it.
It should be possible with the GAE flexible environment. From Advanced network configuration:
You can segment your Compute Engine network into subnetworks. This
allows you to enable VPN scenarios, such as accessing databases within
your corporate network.
To enable subnetworks for your App Engine application:
Create a custom subnet network.
Add the network name and subnetwork name to your app.yaml file, as specified above.
To establish a VPN, create a gateway and a tunnel for a custom subnet network.
The standard env GAE doesn't offer access to the networking layer to achieve such goal.
I created a VM instance in Googl Compute Engine and app in Google App Engine standard environment. I was planning to have my app in App Engine and my database server in Compute Engine. But, I can't connect between the both by internal IP. Is this possible? the app and db are in the same zone (us-east1) but the connection by IP don't work, only work with external IP. Apparently, the rules of firewall are correct.
As of April 9, 2019, you can use the serverless VPC
connector.
This will allow your App Engine application to connect to other internal resources in your VPC network on the Google Cloud Platform, such as Compute Engine VM instances, Cloud Memorystore instances, and any other resources with an internal IP address.
To create a connector:
$ gcloud services enable vpcaccess.googleapis.com
$ gcloud beta compute networks vpc-access connectors create CONNECTOR_NAME \
--network VPC_NETWORK --region REGION --range IP_RANGE
$ gcloud beta compute networks vpc-access connectors describe CONNECTOR_NAME --region REGION
Note: You can see which IP ranges are currently reserved in the Google Cloud Platform Console. You can choose any unused CIDR /28 IP range to use for your connector, for example, 10.8.0.0/28.
$ gcloud beta compute networks vpc-access connectors create my-vpc-connector \
--region=us-central1 --range=10.8.0.0/28
Create request issued for: [my-vpc-connector]
Waiting for operation [xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx] to complete...done.
Created connector [my-vpc-connector]
To connect your connector to a service add this to your service's app.yaml file:
vpc_access_connector:
name: "projects/PROJECT_ID/locations/REGION/connectors/CONNECTOR_NAME"
Deploy the service:
$ gcloud beta app deploy
Note: To use Serverless VPC Access, make sure you use gcloud beta to deploy your service. You can get access to beta commands by running gcloud components install beta.
After you deploy your service, it is able to send requests to Internal IP addresses or DNS Names in order to access resources in your VPC Networks. In case any trouble please allow about one hour or more to let the connectors are propagated completely in the GCP Global Networks.
For connecting through a private IP you need that the app and DB will be in the same network.
You can't achieve that with app engine standard, you need app engine flex for this (see here how to set the network of your app engine flex instances)
You will have to connect using the external IP address of the service running on your Compute Engine instance. App Engine standard environment is on a different network than the Compute Engine instances and don't have private IP access to each other currently. Switching to an application (or service of an application) on the flexible environment might work for you if the costs associated make sense.
goal: make my google cloud app ssl
used a prebuilt solution to launch an instance on google's compute engine. i need to upload ssl cert to accept credit cards & more or less do anything. i cannot find a ui or any way to ssl my app/domain with compute engine.
google's app engine has a ui to upload certs but no way to launch prebuilt solutions or transfer apps from compute engine.
also, of course, the domain is registered using google domains and the app is registered to google cloud platform under same account.
thanks -- matt
You can setup an HTTPS Load Balancer in front of your GCE instances and install an SSL certificate and key there.
https://cloud.google.com/compute/docs/load-balancing/http/
A solution which is built for Google Compute Engine likely won't work as-is on Google App Engine (App Etfite expects that you supply code written as a set of HTTP request handlers, but does not support background tasks, running your own database, etc). Since you're already fairly happy with the pre-built solution you installed, it probably makes more sense to customize that rather than replace your solution with one running on App Engine.
You have two options for getting SSL running:
You could use Layer 3 load-balancing, and install and configure the SSL certificates on your server hosts. For example, you could get a certificate from Let's Encrypt, and use their tool to install the cert if you're running nginx or apache. For other software, you'd need to install the cert manually. This is probably the most portable (to other clouds/local machine) solution, but requires that you secure your SSL certs and maintain that software.
You could create a SslCertificate resource and attach it a Layer-7 load balancer provided by Compute Engine (TargetHttpsProxy). To do this, you would set up HTTP load balancing after uploading your public and private certificate to Google. This solution can take advantage of Google's caching and scaling infrastructure and can support health checks to verify that your application is up, but the details will vary more across different service providers.
I went over a number of questions in Stackoverflow & on the web , which were very very useful. I had few questions on what I've read so far with regards to IaaS , PaaS & SaaS. However I have a lot of questions which may be very naive as I haven't seen any of these in action.
1) Is PaaS equivalent of a development environment where a software is developed / customized as opposed to IaaS which is an execution environment to run the developed the software (could be any env test or production)?
2) In case of PaaS , I saw apprenda as an example. As part of Apprenda , I saw .net , Java , IIS & SQL Server listed as part of platform. Does this mean that instead of having to install all these on my local machine or development box , I get to have a sort of remote machine where all the development tools are installed and I just have to go and program whatever I want to?
3) If I have not subscribed to IaaS for instance , how can I run the software developed using the platform that is exposed as a service?
4) I also read that PaaS can either be public or private (within company's firewall). If it is private , will the provider of PaaS basically set of up the platform for development on my company's infrastructure?
5) Can any website that provides be a capability to login be termed as SaaS? Eg: GMAIL , Yahoo Mail , Facebook etc.
6) Can Google Drive , Apple iCloud etc be termed as SaaS?
PAAS : Platform as a Service
You don't care about the underlying hardware or OS.
You only care about your code, the platform takes care of the rest
Scaling is done for you
You have to adhere to some restrictions imposed by the platform
Pay for what you use (more traffick, storage used -> higher bill)
examples are Google AppEngine, Heroku, AWS Elastic Beanstalk
IAAS : Infrasctructure as a Service
You rent infrastructure where you choose the amount of memory, CPU, disk size, OS, ...
You setup the runtime environment will full choice from NodeJs, Redis or LAMP stack or any flavor you can think of.
You are responsible for configuring the rented infrastructure for high availability and scaling out
More freedom but more configuration (devops)
Pay for what you allocate (You setup your machines and choose your infrastructure beforehand)
examples are Google Compute Engine, Amazon EC2
But the world isn't that black and white. PaaS and IaaS grow towards each other. For example AppEngine managed VMS give you more freedom in choosing your underlying OS while still in a PaaS environment. And Google Autoscaler or Kubernetes brings managing your infrastructure to a more declarative level.
Finally SaaS products are oriented towards non-technical end users. So Apple iCloud, Google Drive, Gmail, Yahoo webmail are examples of SaaS.
I try to provide simpler answer and mapping with Azure deployment model
SaaS: Software as a service.
It's simplest, easiest, fastest method to host your web app/service into cloud.
Your web will be deployed automatically into some VMs and autoscale when needed.
You don't need to care about the VMs. Cloud provider will maintain them.
SaaS in Azure: Azure App Services (or Web App/Websites).
PaaS: Plafform as a service.
Cloud provider will create the pre-configured VMs which install all prerequisites (Ex: Windows Server 2012 with .Net 4.5 and IIS installed). These VMs will autoload your sites/apps when it's completely spin-off.
PaaS almost identical to SaaS except it allows you can remote desktop connect to the VMs, do some configuration tasks on there such as run custom startup scripts...
PaaS in Azure: Azure Cloud Services. Azure provides 2 kind of preconfigured VMs. They are Web Roles if you need host the website and Worker Roles if you need run background process.
IaaS: Infrastructure as a service.
Cloud provider will provide you dedicated VMs so you have full control to do any customization you want (you can customize the OS to the services and software...). It just like the VMs on-premises.
It's suitable if your app need to do a lot of customizations on the hosting environments to run.
IaaS in Azure: Azure Virtual Machines
The NIST definition of Cloud Services in general is a great place to start when looking for answers.
It gives the 5 characteristics of Cloud Services:
Broad Network Access
On-demand Self Service
Resource Pooling
Rapid Elasticity
Measured service
And then talks about service models, which are SaaS, PaaS and IaaS.
Simply running your app in the cloud is not sufficient to say it's SaaS. So, it's not just apps being targeted at non-technical users, it's apps that cover those characteristics. A sub-point to resource pooling above is providing some sort of multi-tenanted capability when delivering the solution to users.
1) Is PaaS equivalent of a development environment where a software is developed / customized as opposed to IaaS which is an execution environment to run the developed the software (could be any env test or production)?
A PaaS solution does not have to be a development environment. It can provide the resource for some software being developed, without the developer needing to provision all the underlying facilities to enable the delivery of that resource. Eg, SQL Azure is a PaaS that lets developers have access to a relational DB service. The developer can write and invoke queries against it, without having to stand up SQL Server instances themselves.
2) In case of PaaS , I saw apprenda as an example. As part of Apprenda , I saw .net , Java , IIS & SQL Server listed as part of platform. Does this mean that instead of having to install all these on my local machine or development box , I get to have a sort of remote machine where all the development tools are installed and I just have to go and program whatever I want to?
It should mean that you have access to the remote resources that your development tools can connect to and manage. The server (say SQL server) is not the same as the tool you use to access it, say SQL Server Management studio.
3) If I have not subscribed to IaaS for instance , how can I run the software developed using the platform that is exposed as a service?
You can't.
4) I also read that PaaS can either be public or private (within company's firewall). If it is private , will the provider of PaaS basically set of up the platform for development on my company's infrastructure?
A private PaaS means that a company has setup private infrastructure to allow developers to use a resources that are part of the architecture of a solution that do not need to be managed by the developers themselves.
5) Can any website that provides be a capability to login be termed as SaaS? Eg: GMAIL , Yahoo Mail , Facebook etc.
No, not according to the NIST definition. Providing user login is not the same as enabling multi-tenancy. Simply put, if the app enables companies/teams with groups of users to use it, it's moving towards SaaS. So, think solutions like Slack, Gitter & Freshbooks.
6) Can Google Drive , Apple iCloud etc be termed as SaaS?
Google Drive as part of Google Apps for Business, yes.
Until you start seeing, "iCloud for business", no.