Upgrade to Pro — share decks privately, control downloads, hide ads and more …

GCP organizations explained

Lee Boonstra
October 25, 2018
Business
2
260

GCP organizations explained

Lee Boonstra

October 25, 2018
Tweet

More Decks by Lee Boonstra

See All by Lee Boonstra
Contact Center AI
savelee
0
210
Implementing a custom AI voice Assistant by streaming WebRTC to Dialogflow & Cloud Speech
savelee
3
2.2k
ML & Chatbots workshop
savelee
1
170
Bring your chatbots to production
savelee
0
93
Improve your customer care by building an AI platform with the use of Google Cloud
savelee
0
310
How to build & measure natural conversations for the Google Assistant
savelee
0
130
Contact Center AI
savelee
3
260
Digital Wednesday
savelee
2
120
The future of customer care
savelee
3
160

Other Decks in Business

See All in Business
急成⻑スタートアップで働くことで得られるもの / 株式会社IVRy(社内LT会)
miyashino
0
1.3k
株式会社CINC 会社案内/Company introduction
cinchr
6
45k
5 Things Every L&D Pro Should Steal From Marketing
trainlikeamarketer
0
430
株式会社Rehab for JAPAN会社概要
rehabrecruiting
4
67k
We Are PdE!! 〜高価値なプロダクトを作れるようになるための勉強会〜
leveragestech
1
560
建築計画概要書の電子閲覧
tokyo_metropolitan_gov_digital_hr
0
320
東京都ツキノワグマ目撃等情報マップ
tokyo_metropolitan_gov_digital_hr
0
300
M&A Cloud Advisory Partners 採用ピッチブック
macloud
1
13k
株式会社BFT 会社紹介資料|エンジニア&セールス職向け
bft_recruit
2
11k
【新卒向け】会社説明資料|ROBOTPAYMENT
robot_payment
1
340
VANISH STANDARD Company Deck
vstandard
PRO
3
22k
3次元データを用いた差分解析による工事発注への取組
tokyo_metropolitan_gov_digital_hr
0
410

Featured

See All Featured
A Philosophy of Restraint
colly
203
16k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
356
29k
Facilitating Awesome Meetings
lara
50
6.1k
A Modern Web Designer's Workflow
chriscoyier
693
190k
The MySQL Ecosystem @ GitHub 2015
samlambert
250
12k
Faster Mobile Websites
deanohume
305
30k
Documentation Writing (for coders)
carmenintech
65
4.4k
BBQ
matthewcrist
85
9.3k
Producing Creativity
orderedlist
PRO
341
39k
Build your cross-platform service in a week with App Engine
jlugia
229
18k
For a Future-Friendly Web
brad_frost
175
9.4k
Keith and Marios Guide to Fast Websites
keithpitt
409
22k

Transcript

  1. Your organization wants to get started with Google Cloud? But

    where do you start? Lee Boonstra, Customer Engineer Google Cloud Twitter: @ladysign https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy#organizations 1

  2. Create a GCP account Account

  3. IT’s BOUND TO AN ORGANIZATION Account Org Also known as:

    org node or root node. With an Organization resource, projects belong to your organization instead of the employee who created the project. This means that the projects are no longer deleted when an employee leaves the company; instead they will follow the organization’s lifecycle on Google Cloud Platform. https://cloud.google.com/resource-manager/docs/creating-managing-organization https://cloud.google.com/resource-manager/docs/quickstart-organizations#create_a_billing_account

  4. AN ORGANIZATION CAN HAVE FOLDERS AN ADDITIONAL GROUPING MECHANISM Account

    Org Org Org Org Org TEAM X TEAM Y TEAM Z PRODUCT A An organization can have an hierarchical structure. We call this folders. For example In organization MyBank.com, there is a Know Your Customer Team, a team Fraude and a team Data Science. The Data Science team can have various sub folders, or projects for each product they analyze. https://cloud.google.com/resource-manager/docs/creating- managing-folders

  5. AN ORGANIZATION CAN HAVE FOLDERS AN ADDITIONAL GROUPING MECHANISM Account

    Org Org Org Org Org KYC FRAUDE DaTA ANALYTICS FRAUDE DETECTION PLATFORM

  6. CREATE A BILLING ACCOUNT Account Billing An organization can have

    an hierarchical structure. We call this folders. For example In organization MyBank.com, there is a Know Your Customer Team, a team Fraude and a team Data Science. The Data Science team can have various sub folders, or projects for each product they analyze. https://cloud.google.com/resource-manager/docs/creating- managing-folders

  7. OR MULTIPLE Account Billing Billing Billing Billing done by X

    Billing done by Y Billing done by Z You can have multiple billing accounts. For example you could create billing accounts for different teams. For example, the finance team pays the bills for project Know Your Customer, and Fraude. But since the data science team are external / freelancers, we create a separate billing account for them.

  8. PROJECTS ARE BOUND TO BILLING ACCOUNTS Account Billing Billing Billing

    Project Project Project Project PROJECT-1 PROJECT-2 PROJECT-TEST PROJECT-PROD Projects are bound to billing accounts And billing accounts can link multiple projects. Projects are -not- based on geography or zones. - But resources are. You can create projects for team members, for test and production environments. Or event multiple “projects”. Like: STOCKCALCULATOR-BANKA STOCKCALUCLATOR-BANKB Or maybe even, to create a DEV, TEST AND PROD project.

  9. CROSS PROJECT ACCESS IS POSSIBLE Account Billing Billing Billing Project

    Project Project Project StocksHistory DataScience Cross project access is possible. But you have to explicitly set it. For example, you have a Project StockHistory - the DataScience Project makes use of those resources.

  10. PROJECTS MANAGE RESOURCES Account Billing Billing Billing Project Project Project

    Project All resources belong to a project. Like DataProc, BigQuery, AppEngine,SpeechAPI...

  11. POWERFUL IAM Billing Billing Billing Project Project Project Project IAM

    IAM Org GCP has a powerful Identity and Access Management. This means, you can set rules on the organisation. On projects. And on resources. You can can assign permissions to an account, organizations, folders, and projects in a hierarchy.

  12. POWERFUL IAM Project Project Project Project IAM Org Org Org

    Org IAM IAM IAM Lower level settings take precedence over higher level settings. This gives you simple control to allow or deny access to anyone at any level. But note, a parent rule will always win. For example, when you give Owner rights to a project, and you set a restriction on a lower level, such as Storage Bucket Read Only access. The Project Owner rights will win, and you will have Read Write access in the storage bucket.

  13. POWERFUL IAM Project Project Project Project IAM Org Org Org

    Org IAM IAM IAM Owner Project Owner Instance Creator The Org Owner is the administrator of the organization, and can create projects and edit all project and change roles. A Project Owner has all rights on the project, and create instances. Where a person/service account with specific resource rights, can only maintain that particular resource.

  14. https://cloud.google.com/docs/enterprise/best-practices-for-enterprise-organizations For more information On how to setup GCP for

    your enterprise, check out these best practices: