How Identity and Access Management works in Google Compute Engine

Although no system is ever 100 percent protected, the ability for differentiating between typical network traffic as well as potentially harmful malware is considered crucial and provides the focus of this associate-level certification path. Also, if you wish to acquire this certification, you should gain the Google Professional Cloud Architect Dumps, which are being offered at the ExamClubs.

Google Cloud Platform is gaining?momentum, and it seems that Google is warming up to compete with Amazon Web Services. During the last quarter, Google has invested heavily on new services and features for both Google?App Engine and?Google Compute Engine. Like any other cloud computing platform, also for Google one of the key components is the?Identity and Access Management (IAM). This tool is fundamental to assign the right permission to users, groups and entire departments that could use a cloud computing platform like Google Cloud Platform or AWS.

The current IAM model for?Google Compute Engine

Google Cloud IAM is currently tied up with the Google account of the user.

If you want to grant access to any user (member), you need to invite the user with his Gmail ID only. As of now, you can grant only 3 high-level permissions to access the resources:
Is owner –?is a Cloud Platform Administrator user, he has full control on the Projects, Permissions, and Cloud Resources
Can edit –?is a Cloud Power User, he has full control only on the Cloud Resources
Can view –?is a Read-Only user, he has read-only permissions on all the cloud resources

Problems with the current version of IAM in Google Compute Engine

If you want to grant any of the above permission for any user, the user will have the complete access on all the Compute Engine resources like VM Instances, Disks, Networks, Load balancing, Routes, Firewalls and etc. There is no granular level of permissions to allow/deny access to the resources. This will put the customer workloads exposed to high risks?with?respect to privacy, security,?and availability.

If I want to create a user with some administrator privileges to allow only creation of VMs, Creation of Disks and Snapshots but deny the Firewalls access, termination/deletion of any other resources, right now I don’t have any way to do it.

How to improve IAM in Google Compute Engine

The process of becoming a networker isn’t considered for the faint-hearted. It requires lots of hard work and nice and trustworthy Google Professional Data Engineer Dumps, like that offered at the ExamClubs, to clear this grueling exam.

ccnp exam

I spent the last three quarters working with Google Compute Engine and I came up with a list of features that would be great and would add a lot of value to Google Compute Engine:

  • Google should remove the?Google Mail?ID dependency to?add?new members (users), this is forcing the users to have a?Google?account to use the GCE. And it should allow the enterprise mail accounts to add users to Google Cloud Projects.
  • Add service-level permissions to allow/deny the resources access like access to only VM Instances, Disks, and Snapshots or only access to the Networks and?Load balancing, etc.
  • Add resource-level permissions to allow/deny the actions on resources like create, terminate, modify, stop, delete, view?and etc.
  • Add an option to choose the more than one permission for users to access/deny the resource permissions like launching VM Instances, Creation of Disks and Snapshots and Networks View but no terminate/delete permissions. Same way like for Networks, Firewalls, Routes and etc.
  • Enable the MFA (Multi-Factor Authentication) feature on the Google Cloud Platform user management level rather than leaving it to the user choice.

All of them are improvements that Google will likely release in the next months, but in the meantime, you should consider them before moving your applications and workloads to the Google Cloud Platform.

If you wish to have all the perks of being certified with the exam, you should checkout the Google Associate Cloud Engineer Dumps offered in the ExamClubs’s Bootcamp Program.