Upgrade to Pro — share decks privately, control downloads, hide ads and more …

GCP organizations explained

Lee Boonstra
October 25, 2018
Business
2
240

GCP organizations explained

Lee Boonstra

October 25, 2018
Tweet

More Decks by Lee Boonstra

See All by Lee Boonstra
Contact Center AI
savelee
0
180
Implementing a custom AI voice Assistant by streaming WebRTC to Dialogflow & Cloud Speech
savelee
3
1.9k
ML & Chatbots workshop
savelee
1
150
Bring your chatbots to production
savelee
0
74
Improve your customer care by building an AI platform with the use of Google Cloud
savelee
0
260
How to build & measure natural conversations for the Google Assistant
savelee
0
120
Contact Center AI
savelee
3
210
Digital Wednesday
savelee
2
110
The future of customer care
savelee
3
140

Other Decks in Business

See All in Business
アプリビジネスとプラットフォーム規制の最新動向20240411
kenjisugiura
1
190
goooods 株式会社 事業概要説明資料 / company deck
syo
3
7.3k
MYPLATE for office
myplate
0
120
20240401 新卒研修 - ピクシブにおける技術領域
harukasan
PRO
1
540
Nstock 採用資料 / We are hiring
nstock
21
160k
株式会社ミライロ 会社紹介資料
mirairohr
0
160
TUCUMCARI_ROADRUNNER LODGE
dona56
PRO
0
130
解説カンバン方式
pokotyamu
1
130
【DearOne】Dear Newest Member
hrm
1
2.3k
enechain company deck
enechain
PRO
3
69k
「強い」エンジニアと働く中で、新卒1年目・未経験プロダクトマネージャーが何に悩み、どこに自分の価値を見出したか
kassy1127
17
8.1k
Webinar ACENEL 23.04.2024 - Certificados Energéticos (CAE´s)
acenel
PRO
0
130

Featured

See All Featured
Atom: Resistance is Futile
akmur
260
25k
jQuery: Nuts, Bolts and Bling
dougneiner
59
7.2k
Automating Front-end Workflow
addyosmani
1357
200k
How GitHub Uses GitHub to Build GitHub
holman
468
290k
Designing Experiences People Love
moore
136
23k
Art, The Web, and Tiny UX
lynnandtonic
290
19k
Designing the Hi-DPI Web
ddemaree
276
33k
Bash Introduction
62gerente
605
210k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
21
1.9k
How to Ace a Technical Interview
jacobian
273
22k
Into the Great Unknown - MozCon
thekraken
14
1k
Thoughts on Productivity
jonyablonski
60
3.9k

Transcript

  1. Your organization wants to get started with Google Cloud? But

    where do you start? Lee Boonstra, Customer Engineer Google Cloud Twitter: @ladysign https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy#organizations 1

  2. Create a GCP account Account

  3. IT’s BOUND TO AN ORGANIZATION Account Org Also known as:

    org node or root node. With an Organization resource, projects belong to your organization instead of the employee who created the project. This means that the projects are no longer deleted when an employee leaves the company; instead they will follow the organization’s lifecycle on Google Cloud Platform. https://cloud.google.com/resource-manager/docs/creating-managing-organization https://cloud.google.com/resource-manager/docs/quickstart-organizations#create_a_billing_account

  4. AN ORGANIZATION CAN HAVE FOLDERS AN ADDITIONAL GROUPING MECHANISM Account

    Org Org Org Org Org TEAM X TEAM Y TEAM Z PRODUCT A An organization can have an hierarchical structure. We call this folders. For example In organization MyBank.com, there is a Know Your Customer Team, a team Fraude and a team Data Science. The Data Science team can have various sub folders, or projects for each product they analyze. https://cloud.google.com/resource-manager/docs/creating- managing-folders

  5. AN ORGANIZATION CAN HAVE FOLDERS AN ADDITIONAL GROUPING MECHANISM Account

    Org Org Org Org Org KYC FRAUDE DaTA ANALYTICS FRAUDE DETECTION PLATFORM

  6. CREATE A BILLING ACCOUNT Account Billing An organization can have

    an hierarchical structure. We call this folders. For example In organization MyBank.com, there is a Know Your Customer Team, a team Fraude and a team Data Science. The Data Science team can have various sub folders, or projects for each product they analyze. https://cloud.google.com/resource-manager/docs/creating- managing-folders

  7. OR MULTIPLE Account Billing Billing Billing Billing done by X

    Billing done by Y Billing done by Z You can have multiple billing accounts. For example you could create billing accounts for different teams. For example, the finance team pays the bills for project Know Your Customer, and Fraude. But since the data science team are external / freelancers, we create a separate billing account for them.

  8. PROJECTS ARE BOUND TO BILLING ACCOUNTS Account Billing Billing Billing

    Project Project Project Project PROJECT-1 PROJECT-2 PROJECT-TEST PROJECT-PROD Projects are bound to billing accounts And billing accounts can link multiple projects. Projects are -not- based on geography or zones. - But resources are. You can create projects for team members, for test and production environments. Or event multiple “projects”. Like: STOCKCALCULATOR-BANKA STOCKCALUCLATOR-BANKB Or maybe even, to create a DEV, TEST AND PROD project.

  9. CROSS PROJECT ACCESS IS POSSIBLE Account Billing Billing Billing Project

    Project Project Project StocksHistory DataScience Cross project access is possible. But you have to explicitly set it. For example, you have a Project StockHistory - the DataScience Project makes use of those resources.

  10. PROJECTS MANAGE RESOURCES Account Billing Billing Billing Project Project Project

    Project All resources belong to a project. Like DataProc, BigQuery, AppEngine,SpeechAPI...

  11. POWERFUL IAM Billing Billing Billing Project Project Project Project IAM

    IAM Org GCP has a powerful Identity and Access Management. This means, you can set rules on the organisation. On projects. And on resources. You can can assign permissions to an account, organizations, folders, and projects in a hierarchy.

  12. POWERFUL IAM Project Project Project Project IAM Org Org Org

    Org IAM IAM IAM Lower level settings take precedence over higher level settings. This gives you simple control to allow or deny access to anyone at any level. But note, a parent rule will always win. For example, when you give Owner rights to a project, and you set a restriction on a lower level, such as Storage Bucket Read Only access. The Project Owner rights will win, and you will have Read Write access in the storage bucket.

  13. POWERFUL IAM Project Project Project Project IAM Org Org Org

    Org IAM IAM IAM Owner Project Owner Instance Creator The Org Owner is the administrator of the organization, and can create projects and edit all project and change roles. A Project Owner has all rights on the project, and create instances. Where a person/service account with specific resource rights, can only maintain that particular resource.

  14. https://cloud.google.com/docs/enterprise/best-practices-for-enterprise-organizations For more information On how to setup GCP for

    your enterprise, check out these best practices: