Upgrade to Pro — share decks privately, control downloads, hide ads and more …

GCP organizations explained

Lee Boonstra
October 25, 2018
Business
2
260

GCP organizations explained

Lee Boonstra

October 25, 2018
Tweet

More Decks by Lee Boonstra

See All by Lee Boonstra
Contact Center AI
savelee
0
200
Implementing a custom AI voice Assistant by streaming WebRTC to Dialogflow & Cloud Speech
savelee
3
2.2k
ML & Chatbots workshop
savelee
1
170
Bring your chatbots to production
savelee
0
90
Improve your customer care by building an AI platform with the use of Google Cloud
savelee
0
300
How to build & measure natural conversations for the Google Assistant
savelee
0
130
Contact Center AI
savelee
3
250
Digital Wednesday
savelee
2
120
The future of customer care
savelee
3
150

Other Decks in Business

See All in Business
直積は便利/direct_product_is_useful
florets1
3
250
アルプ株式会社/会社紹介資料
alpinc
0
150
Nealle Company Deck
nealle
5
91k
Manage-Up! A Guide for Product Builders to Understand and Influence Leadership
petra_wille
0
140
GLP_SustainabilityReport_2023
glp_jp
1
370
VISASQ: ABOUT US
eikohashiba
15
460k
LINEヤフー新卒採用 ビジネスコンサルタント職種説明資料
lycorp_recruit_jp
0
1.5k
株式会社kubellストレージ 会社説明資料
kubell_storage
2
190
株式会社ユビレジ_採用ピッチ資料 / Ubiregi_CompanyProfile
ubiregi_saiyo
0
6.2k
20241027.jjug_ccc_creditsaison.pdf
lalha
4
2.3k
PROLE株式会社 COMPANY DECK
prole
PRO
0
830
【エンジニア採用】BuySell Technologies会社説明資料
buyselltechnologies
1
51k

Featured

See All Featured
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
3
370
Embracing the Ebb and Flow
colly
84
4.4k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
4
290
Designing Experiences People Love
moore
138
23k
Building Better People: How to give real-time feedback that sticks.
wjessup
363
19k
Rails Girls Zürich Keynote
gr2m
93
13k
Building a Modern Day 
E-commerce SEO Strategy
aleyda
38
6.9k
4 Signs Your Business is Dying
shpigford
180
21k
A better future with KSS
kneath
238
17k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
48k
Become a Pro
speakerdeck
PRO
24
5k
Fontdeck: Realign not Redesign
paulrobertlloyd
81
5.2k

Transcript

  1. Your organization wants to get started with Google Cloud? But

    where do you start? Lee Boonstra, Customer Engineer Google Cloud Twitter: @ladysign https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy#organizations 1

  2. Create a GCP account Account

  3. IT’s BOUND TO AN ORGANIZATION Account Org Also known as:

    org node or root node. With an Organization resource, projects belong to your organization instead of the employee who created the project. This means that the projects are no longer deleted when an employee leaves the company; instead they will follow the organization’s lifecycle on Google Cloud Platform. https://cloud.google.com/resource-manager/docs/creating-managing-organization https://cloud.google.com/resource-manager/docs/quickstart-organizations#create_a_billing_account

  4. AN ORGANIZATION CAN HAVE FOLDERS AN ADDITIONAL GROUPING MECHANISM Account

    Org Org Org Org Org TEAM X TEAM Y TEAM Z PRODUCT A An organization can have an hierarchical structure. We call this folders. For example In organization MyBank.com, there is a Know Your Customer Team, a team Fraude and a team Data Science. The Data Science team can have various sub folders, or projects for each product they analyze. https://cloud.google.com/resource-manager/docs/creating- managing-folders

  5. AN ORGANIZATION CAN HAVE FOLDERS AN ADDITIONAL GROUPING MECHANISM Account

    Org Org Org Org Org KYC FRAUDE DaTA ANALYTICS FRAUDE DETECTION PLATFORM

  6. CREATE A BILLING ACCOUNT Account Billing An organization can have

    an hierarchical structure. We call this folders. For example In organization MyBank.com, there is a Know Your Customer Team, a team Fraude and a team Data Science. The Data Science team can have various sub folders, or projects for each product they analyze. https://cloud.google.com/resource-manager/docs/creating- managing-folders

  7. OR MULTIPLE Account Billing Billing Billing Billing done by X

    Billing done by Y Billing done by Z You can have multiple billing accounts. For example you could create billing accounts for different teams. For example, the finance team pays the bills for project Know Your Customer, and Fraude. But since the data science team are external / freelancers, we create a separate billing account for them.

  8. PROJECTS ARE BOUND TO BILLING ACCOUNTS Account Billing Billing Billing

    Project Project Project Project PROJECT-1 PROJECT-2 PROJECT-TEST PROJECT-PROD Projects are bound to billing accounts And billing accounts can link multiple projects. Projects are -not- based on geography or zones. - But resources are. You can create projects for team members, for test and production environments. Or event multiple “projects”. Like: STOCKCALCULATOR-BANKA STOCKCALUCLATOR-BANKB Or maybe even, to create a DEV, TEST AND PROD project.

  9. CROSS PROJECT ACCESS IS POSSIBLE Account Billing Billing Billing Project

    Project Project Project StocksHistory DataScience Cross project access is possible. But you have to explicitly set it. For example, you have a Project StockHistory - the DataScience Project makes use of those resources.

  10. PROJECTS MANAGE RESOURCES Account Billing Billing Billing Project Project Project

    Project All resources belong to a project. Like DataProc, BigQuery, AppEngine,SpeechAPI...

  11. POWERFUL IAM Billing Billing Billing Project Project Project Project IAM

    IAM Org GCP has a powerful Identity and Access Management. This means, you can set rules on the organisation. On projects. And on resources. You can can assign permissions to an account, organizations, folders, and projects in a hierarchy.

  12. POWERFUL IAM Project Project Project Project IAM Org Org Org

    Org IAM IAM IAM Lower level settings take precedence over higher level settings. This gives you simple control to allow or deny access to anyone at any level. But note, a parent rule will always win. For example, when you give Owner rights to a project, and you set a restriction on a lower level, such as Storage Bucket Read Only access. The Project Owner rights will win, and you will have Read Write access in the storage bucket.

  13. POWERFUL IAM Project Project Project Project IAM Org Org Org

    Org IAM IAM IAM Owner Project Owner Instance Creator The Org Owner is the administrator of the organization, and can create projects and edit all project and change roles. A Project Owner has all rights on the project, and create instances. Where a person/service account with specific resource rights, can only maintain that particular resource.

  14. https://cloud.google.com/docs/enterprise/best-practices-for-enterprise-organizations For more information On how to setup GCP for

    your enterprise, check out these best practices: