Upgrade to Pro — share decks privately, control downloads, hide ads and more …

GCP organizations explained

Lee Boonstra
October 25, 2018
Business
2
180

GCP organizations explained

Lee Boonstra

October 25, 2018
Tweet

More Decks by Lee Boonstra

See All by Lee Boonstra
Contact Center AI
savelee
0
120
Implementing a custom AI voice Assistant by streaming WebRTC to Dialogflow & Cloud Speech
savelee
3
1.6k
ML & Chatbots workshop
savelee
1
130
Bring your chatbots to production
savelee
0
66
Improve your customer care by building an AI platform with the use of Google Cloud
savelee
0
160
How to build & measure natural conversations for the Google Assistant
savelee
0
89
Contact Center AI
savelee
3
150
Digital Wednesday
savelee
2
80
The future of customer care
savelee
3
120

Other Decks in Business

See All in Business
ハルモニアMission紹介資料
harmonia_inc
0
1.2k
データプロバイダ側から見たSnowflake Marketplace
toshikunifuji
0
140
KURAND Company Profile
kurand
2
41k
New Era of Computing - ChatGPT がもたらした新時代
dahatake
10
8.2k
ファブリカコミュニケーションズ_2023年3月期 決算説明資料
fabrica_com
0
820
太田博三
otanet
0
240
エンジニア向け会社説明資料
staffrecruiter
0
140
採用ピッチ資料
beglobal_document
0
120
株式会社エビリー_会社紹介資料_ビジネス
eviryr_recruit
0
580
アシスト 会社紹介資料
ashisuto_career
0
17k
LIBERANOVA Inc. 会社紹介
ln0721
0
310
コミューン株式会社説明資料
commmune
3
120k

Featured

See All Featured
Debugging Ruby Performance
tmm1
68
11k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
25
5.3k
StorybookのUI Testing Handbookを読んだ
zakiyama
9
3.5k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
35
9.6k
Put a Button on it: Removing Barriers to Going Fast.
kastner
56
2.6k
Building Flexible Design Systems
yeseniaperezcruz
315
35k
Art Directing for the Web. Five minutes with CSS Template Areas
malarkey
197
11k
Ruby is Unlike a Banana
tanoku
93
9.7k
What’s in a name? Adding method to the madness
productmarketing
PRO
14
2.1k
The Illustrated Children's Guide to Kubernetes
chrisshort
26
44k
A designer walks into a library…
pauljervisheath
199
17k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
500
130k

Transcript

  1. Your organization wants to get
    started with Google Cloud? But
    where do you start?
    Lee Boonstra, Customer Engineer Google Cloud
    Twitter: @ladysign
    https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy#organizations
    1

    View Slide

  2. Create a GCP account
    Account

    View Slide

  3. IT’s BOUND TO AN
    ORGANIZATION Account Org
    Also known as:
    org node
    or root node.
    With an Organization resource, projects belong to your organization instead of the employee who created the
    project. This means that the projects are no longer deleted when an employee leaves the company; instead they
    will follow the organization’s lifecycle on Google Cloud Platform.
    https://cloud.google.com/resource-manager/docs/creating-managing-organization
    https://cloud.google.com/resource-manager/docs/quickstart-organizations#create_a_billing_account

    View Slide

  4. AN ORGANIZATION CAN
    HAVE FOLDERS
    AN ADDITIONAL GROUPING MECHANISM
    Account Org
    Org Org Org
    Org
    TEAM X TEAM Y TEAM Z
    PRODUCT A
    An organization can have an hierarchical structure. We call
    this folders. For example In organization MyBank.com,
    there is a Know Your Customer Team, a team Fraude and a
    team Data Science. The Data Science team can have
    various sub folders, or projects for each product they
    analyze.
    https://cloud.google.com/resource-manager/docs/creating-
    managing-folders

    View Slide

  5. AN ORGANIZATION CAN
    HAVE FOLDERS
    AN ADDITIONAL GROUPING MECHANISM
    Account Org
    Org Org Org
    Org
    KYC FRAUDE DaTA ANALYTICS
    FRAUDE DETECTION PLATFORM

    View Slide

  6. CREATE A BILLING ACCOUNT
    Account
    Billing
    An organization can have an hierarchical structure. We call
    this folders. For example In organization MyBank.com,
    there is a Know Your Customer Team, a team Fraude and a
    team Data Science. The Data Science team can have various
    sub folders, or projects for each product they analyze.
    https://cloud.google.com/resource-manager/docs/creating-
    managing-folders

    View Slide

  7. OR MULTIPLE
    Account
    Billing Billing Billing
    Billing done by X Billing done by Y Billing done by Z
    You can have multiple billing accounts.
    For example you could create billing accounts for different
    teams. For example, the finance team pays the bills for
    project Know Your Customer, and Fraude. But since the data
    science team are external / freelancers, we create a
    separate billing account for them.

    View Slide

  8. PROJECTS ARE BOUND
    TO BILLING
    ACCOUNTS
    Account
    Billing Billing Billing
    Project Project Project Project
    PROJECT-1 PROJECT-2 PROJECT-TEST PROJECT-PROD
    Projects are bound to billing accounts
    And billing accounts can link multiple
    projects.
    Projects are -not- based on geography or
    zones. - But resources are.
    You can create projects for team
    members, for test and production
    environments. Or event multiple
    “projects”.
    Like:
    STOCKCALCULATOR-BANKA
    STOCKCALUCLATOR-BANKB
    Or maybe even, to create a DEV, TEST
    AND PROD project.

    View Slide

  9. CROSS PROJECT ACCESS
    IS POSSIBLE Account
    Billing Billing Billing
    Project Project Project Project
    StocksHistory DataScience
    Cross project access is possible. But you
    have to explicitly set it.
    For example, you have a Project
    StockHistory - the DataScience Project
    makes use of those resources.

    View Slide

  10. PROJECTS MANAGE
    RESOURCES Account
    Billing Billing Billing
    Project Project Project Project
    All resources belong to a project.
    Like DataProc, BigQuery,
    AppEngine,SpeechAPI...

    View Slide

  11. POWERFUL IAM
    Billing Billing Billing
    Project Project Project Project
    IAM
    IAM
    Org
    GCP has a powerful Identity and Access
    Management.
    This means, you can set rules on the
    organisation. On projects. And on resources.
    You can can assign permissions to an
    account, organizations, folders, and projects
    in a hierarchy.

    View Slide

  12. POWERFUL IAM
    Project Project Project Project
    IAM
    Org
    Org Org Org
    IAM
    IAM
    IAM
    Lower level settings take precedence over
    higher level settings. This gives you simple
    control to allow or deny access to anyone at
    any level.
    But note, a parent rule will always win. For
    example, when you give Owner rights to a
    project, and you set a restriction on a lower
    level, such as Storage Bucket Read Only
    access. The Project Owner rights will win,
    and you will have Read Write access in the
    storage bucket.

    View Slide

  13. POWERFUL IAM
    Project Project Project Project
    IAM
    Org
    Org Org Org
    IAM
    IAM
    IAM
    Owner
    Project
    Owner
    Instance
    Creator
    The Org Owner is the
    administrator of the
    organization, and can
    create projects and edit all
    project and change roles.
    A Project Owner has all
    rights on the project, and
    create instances.
    Where a person/service
    account with specific
    resource rights, can only
    maintain that particular
    resource.

    View Slide

  14. https://cloud.google.com/docs/enterprise/best-practices-for-enterprise-organizations
    For more information
    On how to setup GCP for your
    enterprise, check out these best
    practices:

    View Slide