georgejmclittle - Fotolia

8 native Google Cloud management tools admins should know

IT teams can use a range of native management and monitoring tools from Google to ensure their public cloud deployments are reliable and cost-effective.

Google offers many tools to manage its cloud services and resources. Administrators use these tools to handle a number of cloud infrastructure and application management tasks, from automated deployment to cost optimization.

The range of Google Cloud management tools includes Deployment Manager, Anthos, Access Transparency, Access Approval, Endpoints and operations suite. While these native tools help customers manage their Google Cloud environment, there are also many third-party management tools that work in conjunction with Google Cloud.

Here's a look at some native options.

Google Cloud Deployment Manager

Developers use scripts to automate mundane tasks and make implementations more efficient. Infrastructure as code (IaC) is the most comprehensive option for scripting. It creates an abstraction layer between applications and the underlying infrastructure to automate all operational tasks.

Google's IaC tool, Google Cloud Deployment Manager, deploys infrastructure with repeatable, declarative code. When configuring files, admins can use YAML syntax or they can write templates using either Jinja 2.10.x or Python 3.x.

At time of publication, Deployment Manager doesn't support all Google Cloud tools and services. But it does work with most of Google's compute, storage and database resources. Run the gcloud deployment-manager types list command in the Google Cloud command-line interface to see if Deployment Manager supports the resource you need to deploy.

Deployment Manager is free to use, though standard charges apply for any related services it deploys.

Google Cloud Anthos

Google Cloud Anthos is a cloud-agnostic container environment that uses Kubernetes for container orchestration and Istio service mesh for traffic management. It also works as a software stack to run on an organization's existing hardware or other cloud footprints, making it a good fit for hybrid and multi-cloud architectures.

At its core, Anthos is a container cluster regulated by Google Kubernetes Engine (GKE) and GKE On-Prem for hybrid architectures. Key features and capabilities include the following:

  • cluster logging and monitoring;
  • security alerts and automated policy management;
  • serverless computing;
  • automated migration of VMs to containers on GKE; and
  • configuration and cluster management, including for multi-cloud Kubernetes deployments.

Anthos has two options for pricing. In the pay-as-you-go method, customers are billed for Anthos-managed clusters as they use them. In the subscription-based method, they commit to use on a monthly period, and get a discounted price. A monthly subscription includes all Anthos deployments, at their respective rates.

Chart depicting the different prices of Anthos services as of May 2022
Billing rates of Anthos as of May 2022

Google Access Transparency and Access Approval

With Google Access Transparency, administrators can view Google's own services logs that reveal actions Google staff has taken related to customer workloads. Access Transparency shows customers what Google personnel did, while Access Approval allows customers to approve if and when Google personnel can access their data or configurations. Access Transparency displays the type and time of action taken, the affected resource and the reasons for the action.

This Google Cloud management tool works with more than 20 Google services, including Compute Engine, App Engine, Cloud Storage, Persistent Disk, Cloud Key Management Service and Cloud Identity and Access Management.

Customers can see Google's access logs via a monitoring API, Logs Explorer and other methods. They display alongside Cloud Audit Logs in the Google Cloud Console.

On top of monitoring any underlying maintenance that Google performs on the cloud platform, Access Transparency also helps admins with system audits. They can incorporate Access Transparency logs into existing event management and security tools to make systems audit-ready.

To get started with Google Access Transparency and Access Approval, an organization must have a Premium, Enterprise, Platinum or Gold customer support level.

Google Cloud Endpoints

This tool is an API management system. IT teams use it to monitor, secure, analyze and set usage quotas on APIs. Once an API is deployed to Endpoints, users can set up a developer portal, through the Cloud Endpoints Portal, to interact with the API and gain access to documentation.

Users have the following three options for how Endpoint manages APIs:

Choose an option based on the type of communications protocol used and where the API is hosted.

Endpoints' features include user authentication, logging, monitoring, automatic deployments and API key generation and validation. IT teams can use this Google cloud management tool to build and ship APIs more consistently and efficiently.

Endpoints pricing depends on the number of calls to the API. Endpoints is free for the first 2 million API calls per month per billing account. After that, it costs $1.50 for 1 billion or more and $3 for every 2 million to 1 billion API calls per month per billing period.

Google operations suite

Operations suite, formerly Stackdriver, is a suite of services to monitor, troubleshoot and enhance workload performance in Google Cloud.

Intended to improve overall cloud performance, it includes the following features:

  • log management
  • application performance monitoring
  • Prometheus monitoring as a managed service
  • custom data visualization
  • health check monitoring
  • latency management
  • application debugging
  • cost management
  • security management

Operations suite provides real-time log management and evaluation through Cloud Logging, which is a managed service. With the built-in observability of Cloud Monitoring, users gain access to uptime, performance and health information about the application.

Application Performance Management, on the other hand, includes tools to make apps more efficient through reduced costs and lower latency.

For Cloud Monitoring, monthly pricing starts at $0.2580 per MiB for metrics data. This is after the 150 MiB free allocation per billing account. Product features and Google Cloud metrics are no additional cost. For Cloud Logging, monthly pricing starts at $0.50 per GiB for log data. This is after the 50 GiB free allocation per project. Product features and Google Cloud audit logs are no additional cost.

Google Cloud Console Mobile App

Google Cloud users can manage services from their iOS or Android device with the Google Cloud Console app. Users can monitor workloads, make changes and respond to issues. It is free to Google Cloud Platform customers and offers a range of features, including the following:

  • alerts on production issues with applications;
  • incident management, including incident recording and assignment;
  • monitoring for Compute Engine logs from each instance. Users can also start and stop and SSH into instances;
  • error reporting;
  • billing alerts and real-time billing information;
  • customizable graphical dashboard. Options to display include CPU usage, requests per second, network usage, server errors and other metrics;
  • Cloud Storage monitoring and management, including the option to delete images and files;
  • App Engine management and monitoring, including rollbacks; and
  • Cloud SQL management and monitoring.

The Google Cloud Console Mobile App is free to use.

Config Connector and Config Controller

Config Connector enables admins to configure and manage Google Cloud resources using Kubernetes. This avoids the complexity of admins having to use a mix of different tools, APIs and configuration systems.

Config Connector simplifies operations to make Google Cloud Platform resources act as Kubernetes resources. An entire application with diverse resources can be managed in a singular space rather than via multiple platforms.  You can run Google resources via Kubernetes, taking advantage of the following:

  • Kubernetes' role-based access control;
  • visibility into resource behavior through Kubernetes events;
  • single source of configuration and desired state management; and
  • eventual consistency for loosely coupling dependencies.

Once you install Config Connector and create your first resource, the Config Connector custom resource definitions enable Kubernetes to manage Google cloud resources. Config Connector also works with Kubernetes Secrets to provide private data to resources.

Config Connector is a Kubernetes add-on available on GitHub and managed by the customer. Config Controller is an augmented version of Config Connector managed and hosted by Google. For Config Connector, users are charged based on the Google resources they create with the tool. Config Controller pricing varies based on whether the user has an Anthos license.

Cost Management

Cost Management offers tools to optimize and monitor your Google cloud costs. Features include the following:

  • recommendations to optimize cloud usage;
  • cost trend information and predictions;
  • resources to examine how spending takes place in the organization;
  • alerts related to reaching a budget threshold; and
  • financial management policies and authorizations.

By closely monitoring their costs, organizations can minimize the risk of overspending. With personalized financial recommendations based on usage, they can also understand how and where their money is being spent.

Cost Management is available for free to all Google cloud users. However, the tool does rely on other Google cloud services, and organizations will incur charges for those services, if used. For example, Cost Management can use Pub/Sub to send budgeting alerts.

Next Steps

What is Google Cloud Composer?

The benefits and limitations of Google Cloud Recommender

Deploy an app on Google Cloud Run with Terraform

Get started with Kubernetes Cloud Controller Manager

Dig Deeper on Cloud provider platforms and tools

Data Center