The authorization provided to applications hosted on a Compute Engine instance is limited by two separate configurations: the roles granted to the attached service account, and the access scopes that you set on the instance. Both of these configurations must allow access before the application running on the instance can access a resource. Don’t rely on default Service…

Lists accounts and shows which account is active. The active account is used by gcloud and other Google Cloud CLI tools to access Google Cloud Platform. While there is no limit on the number of accounts with stored credentials, there is only one active account.

There are nine types of load balancers, global or regional—the former to denote a load balancer with components (backends) in multiple regions and the latter with all components in a single region. Backend services are the means a load balancer uses to send incoming traffic to compute resources responsible for serving requests.The compute resources are…

A common use case is to inspect bidirectional traffic between two VPC networks by leveraging a group of network virtual appliances, that is, multi-NIC VMs. VPC networks named vpc-a and vpc-b, each with one subnet. Each backend VM has two network interfaces, one attached to each VPC network (nic0 attached to VPC vpc-a, nic1 attached…

A public zone hosts DNS records that are visible to the Internet, whereas a private zone hosts DNS records that are visible only inside your organization. Creating Forwarding Zones A forwarding zone overrides normal DNS resolution of the specified zones. Instead, queries for the specified zones are forwarded to the listed forwarding targets: –dns-name is…

Google Cloud Directory Sync (GCDS) is a free tool provided by Google, which is intended to automatically synchronize users, groups, domains, organizational units (OUs), and any other LDAP objects from your Microsoft Active Directory server (or OpenLDAP-compatible LDAP server) so that the data in Cloud Identity (or Google Workspace) matches the data in your LDAP…

Cloud Identity’s primary function is to manage identities. However, your organization may already use its own identity provider (IdP), for example, Azure Active Directory (Azure AD). From a user experience: In this scenario, it is important to mention the following: Exam Tip : Cloud Identity and Google Workspace are not limited to an IdP. They…

Similar to your data center’s DMZ (DeMilitarized Zone), each VPC network has a firewall that blocks by default all incoming traffic from outside a VPC network to all the instances (VMs) in your VPC. You can protect the perimeter of your VPC network by configuring firewall rules, which are a means to unambiguously control what…

Networking has traditionally been device-centric with IP addresses assigned to physical or virtual devices. This model does not always work well in the cloud. One of the advantages of using managed cloud services is that they abstract away from implementation details, like the type and number of servers supporting a service. For example, when you…

Picking the right database for your application is not easy. The choice depends on the use case: transactional processing, analytical processing, in-memory database, and so forth. We have three different relational database options: Cloud SQL: Provides managed MySQL, PostgreSQL, and SQL Server databases on Google Cloud. It reduces maintenance cost and automates database provisioning, storage…