We have a technical requirement, wherein we need to have two instances across different google project (but under same google account) to communicate with each other.
To illustrate, we have two google project X and Y under the same google account. We need all our VM instance on project X (of google account) to have a reliable communication(maybe over HTTP) with a known VM instance of project Y(of the same google account).
Because we programmatically scale up and scale down our VM instances of project X we cannot approach the solution of whitelisting IPs of VM instances of X on Project Y firewall. (under google networking rule)
We have been reading around VPN in google,(sure and easier solution to this could be a Proxy but because of our business constraints, we cannot explore that as possible options).
Google documentation says about VPN setup of two kind static and dynamic route.
But, because of our limited experience(never set the VPN before) on this we are not sure what is the ideal VPN setup(or there exist any other solution which we haven't encountered yet) for us.
Can some one please help with some pointer on the correct setup for above problem.
You can use VPN to connect your two projects. Both static or dyanmic will work. Dynamic requires you to set up Cloud Routers in both projects and some additional configuration and allows your network to automatically react if the VPN is down. However I don't think this is helpful for you as you don't have a fallback, so static VPN is probably the better choice for you.
You may also want to look at VPC Network Peering and Shared VPC. These allow instacnes in different projects to communicate without needing a VPN at all.
Related
I want to host some html files on Google Cloud and wondered, if this is possible to do, without adding a custom domain...
With for example Cloudflare or AWS, that's possible...
GCS objects can be loaded just fine from a web browser, with or without a domain. They follow either of these naming schemes:
https://storage.googleapis.com/YOUR_BUCKET_NAME/YOUR_OBJECT_NAME
https://YOUR_BUCKET_NAME.storage.googleapis.com/YOUR_OBJECT_NAME
If you simply need to serve resources via a web browser, this is quite sufficient.
If you need a bucket to represent an entire website, it'd be a good idea to use a custom domain. This enables a handful of nice, website-like features, such as defining default pages when none is specified as well as providing a customization 404 page.
You have three options (well, only two of them are really viable, but the last one can be useful in certain situations).
In order of ease to use and viability:
1) Google App Engine:
The default Google App Engine app is served out of *.appspot.com site, so if you create a project call "cutekittens", your site address will be cutekittens.appspot.com.
Furthermore, you can choose to do something simple like a static webpage, or you can host an entire webapp on Google App Engine. It's easy to use and very powerful. Google App Engine supports its own storage (Datastore), bigdata (Big Query), and MySQL (Cloud SQL) solutions and all of that can be served out of the default appspot.com site which acts the the front end.
2) Static Website on Google Cloud Storage. Google Cloud Storage is less powerful but should suffice if you just need a static website served. It uses "storage.googleapis.com/[BUCKET_NAME]/[OBJECT_NAME]", in which your object is probably an index.html.
3) Use a Google Compute Engine VM on static IP. This option is probably the MOST powerful, as you can do anything you want on your own VM. However this is also the less friendly usage since you will need the actual IP address to access the site and its resources.
What is the official and required process to perform our own independent vulnerability scans against virtual machines in the Google Compute Engine? These will be Penetration tests (our own) that will scan the public IP for open ports and report results back to us.
Microsoft Azure requires authorization and so does Amazon. Does Google?
No, Google does not need to be notified before you run a security scan on your Google Compute Engine projects. You will have to abide by Google Cloud Platform Acceptable Use Policy and the Terms of Service.
Please also be aware of Google's Vulnerability Rewards Program Rules.
By default all incoming traffic from an outside network is blocked. Each customer has the responsibility to create the appropriate rules to allow access to the GCE instances as he considers appropriate:
https://cloud.google.com/compute/docs/networking#firewalls
If you sign up for a trial you can perform that test over your own project. Overall security configuration is up to the owner of the project and does not reside on Google.
In regards to internal infrastructure Google has its own security teams working 24x 7 to assure it keeps on the vanguard in the best security practices. http://googleonlinesecurity.blogspot.ca/
I have seen several apps on the market that are allowing users to determine their current network connection speeds. How is this possible, and what might I use to be able to use this functionality? I am querying network types but I am not sure how to determine the current speed of the connections.
Besides the NetworkInformation class that gives you basic information about the connectivity (network available or not, wifi enabled or not) there is no API with the current SDK for determining network speed.
I guess the apps doing this simply create a web request to download some sample files hosted on their website and measure the time it takes, etc.
We're looking to host a private web service in a cloud based server, and are considering client certificates as the method of identifying and authenticating authorized nodes.
Long story short, it seems that there's no interface anywhere to import such certs into the GTV Chrome browser.
I've found menu-> settings-> advanced settings->Under the Hood -> Manage Certificates, but the only thing that seems to allow you to do is revoke trust on manufacturer provided certs.
Although requiring users to install certs by hand is suboptimal, it seems to me that it should at least be possible.
Have I missed how to do this?
Furthermore, is there an API for this? It might be better to have the users install an app that manages such issues, in addition to providing other services.
Unfortunately this is not something supported by the current generation of Google TVs. It is an edge case that would expose too much risk to the user and be a possible security hole if abused. Trust certificates can be installed by OEMs so it may be worth while to contact one of them.
Is there a technical reason, why a Google Drive application must be installed through the Chrome Web Store (which severely limits the number of potential users)?
The reason that installation is required is to give users the ability to access applications from within the Google Drive user interface. Without installation, users would have no starting point for most applications, as they would not be able to start at a specific file, and then choose an application.
That said, I realize it can be difficult to work with in early development. We (the Google Drive team) are evaluating if we should remove this requirement or not. I suspect we'll have a final answer/solution in the next few weeks.
Update: We have removed the installation requirement. Chrome Web Store installation is no longer required for an app to work with a user's Drive transparently, but it is still required to take advantage of Google Drive UI integrations.
To provide the create->xxx behaviour that makes a new application document from the drive interface, and to be able to open existing documents from links, there must be some kind of manifest registered with Google's systems and some kind of agreement from the user that an application can access your documents and work with specific file types. There's little way around this when you think about the effects of not doing this.
That said, there are two high level issues that make for compatibility problems.
As the poster says, the requirement to install in the chrome store
severely limits the number of potential users.
But why? Why do the majority of Chrome Web Store applications say that they only work on Chrome? Most of these are wrappers to web applications that work on a range of browsers, yet you click through a selection and most display "works on chrome", aka only installs on chrome.
Before we launched our application on chrome we found that someone had created "xxxxxxx launcher" in the store, that simply forwards to our web app page. We're still wondering why it only "works on chrome". I suspect that some default template for the web store has:
"container" : "CHROME",
in it, which is the configuration option to say chrome only. That said, I can't find one, so I'm very confused why this is. It would be healthier if people picked Chrome because it's the better browser (which it is in a number of regards), not because their choice is limited if they don't. People can always write to the application vendor and ask if this limitation is really necessary.
The second thought is that a standardised manifest format across cloud storage providers would mean a much higher take up in web app vendors. Although, it isn't hugely complex to integrate, for example, with Google Drive, the back-end and ironing out the the details took over a week in total. Multiply that lots of storage providers and you have you lose an engineer for 2 months + the maintenance afterwards. The more than is common across vendor integration, the more likely it is to happen.
And while I'm on it, a JavaScript widget for opening and saving (I know Google have opening) by each cloud storage provider would improve integration by web app vendors. We should be using one storage providers across multiple applications, not one web application across multiple storage providers, the file UI should be common to the storage provider.
In order to sync with the local file system, one would need to install a browser plug-in in order to bridge the Web with the local computer. By default, Web applications don't have file I/O permissions on the user's hard drive for security reasons. Browser extensions, on the other hand, do not suffer from this limitation as it's assumed that when you, the user, give an application permission to be installed on your computer, you give it permissions to access more resources on the local computer.
Considering the add-on architectures for different browsers are different, Google first decided to build this application for their platform first. You can also find Google Drive in the Android/Play marketplace, one of Google's other app marketplaces.
In the future, if Google Drive is successful, there may very well be add-ons created for Firefox and Internet Explorer, but this of course has yet to be done and depends on whether or not Google either releases the API's to the public or internally makes a decision to develop add-ons for other browsers as well.