Google Compute Engine

vs. “well-known competitor”

Alexander “surma” Surma
voxelbrain, GDG Berlin Golang
2013-07-01

GCP Services

Google has commited to unify their cloud products under the Google Cloud Platform brand.

GCP Name	AWS equivalent
Google App Engine	Elastic Beanstalk
Google Compute Engine	EC2
Cloud Storage	S3
BigQuery	DynamoDB
Cloud SQL	RDS

Google Compute Engine

“The Boring Stuff™”

Instance Types

Comparison is hard, especially for the high-profile types. Specs don’t match up exactly and Amazon have their own CPU metric (ECU: EC2 Compute Unit).
Bottom line: Prices are the same

Zones

	EC2	GCE
Europe West	✔	✔
US West/Central (2x)	✔	✔
US East	✔	✘
Asia Pacific (3x)	✔	✘
South America	✔	✘

UI

EC2

Networking

Features

Networking

1 private network
Multiple private networks can be created and instances can be assigned to one of them.
1 external IP (static/ephemeral)
External IPs have a fee when not in use.
Configurable firewall

Google Compute Engine

“The Interesting Stuff™”

Features

Snapshots

Created from disk image
Available globally

Features

Metadata

Powerful and simple mechanism to inject data (credentials, configuration, ressources etc.) into the machine’s userland.

Key-Value
Per-Project and Per-Instance
HTTP-Endpoint for retrieval

TOKEN=$(curl http://metadata/computeMetadata/v1beta1/project/attributes/dnsimpleToken)
ID=$(curl http://metadata/computeMetadata/v1beta1/instance/attributes/dnsimpleEntryId)
IP=$(curl http://metadata/.../instance/network-interfaces/0/access-configs/0/external-ip)
curl \
  -H 'X-DNSimple-Domain-Token: '$TOKEN \
  -X PUT \
  -d '{
    "record": {"name": "workstation", "content": "'$IP'"}
  }' \
  https://dnsimple.com/domains/haxigon.com/records/$ID

Example usage: sshKeys is automatically injected into authorized_keys

Features

Service Accounts

Service accounts are bogus users which have completed the OAuth flow and have been given the permissions of your choice.

Features

Service Accounts (cont'd)

curl http://metadata/computeMetadata/v1beta1/instance/service-accounts/default/token
{
  "access_token": "ya29.AHES6ZQYuCmaO_zInBy8xQgYpx-MVFbToxUy1_lmY5cfmg",
  "expires_in": 3599,
  "token_type": "Bearer"
}

curl \
  -H 'Authorization: Bearer ya29.AHES6ZQYuCmaO_zInBy8xQgYpx-MVFbToxUy1_lmY5cfmg' \
  https://www.googleapis.com/compute/v1beta15/projects/surma-workstation/zones/europe-west1-a/instances
{
 "id": "projects/surma-workstation/zones/europe-west1-a/instances",
 "items": [
  {
   "status": "RUNNING",
   "name": "workstation",
   "id": "2674708656722824331",
   "creationTimestamp": "2013-05-30T02:47:11.861-07:00",
...

Google Compute Engine

“The Painful Stuff™”

Pain Points

Images

Currently, there’s no Ubuntu. There used to be, but the images are shown as deleted. There’s Debian 6, Debian 7 and CentOS.

No PPAs
No possibility of community images or shared snapshots

Pain Points

Shutdown & SSH Keys

A reboot is reboot. A shutdown is a “Now go hang in VM limbo”. There are no powered-off instances, you have to destroy them (using the API) to stop billing.

On every reboot the SSH Host key is regenerated giving you:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

I patched my image.

Pain Points

Delegation

There doesn't seem to be a way to give other users administrative access to a machine or project.

Pain Points

Load Balancing

There's no off-the-shelf load-balancing.

Yet! The session at Google I/O shows a loadbalancing feature which is supposed to be shipped within a few months.

Google Compute Engine

Epilogue

What didn’t I talk about?

Command-line utility: gcutil

Links & Sources

GCE Pricing
ec2instances.info – Comprehensive list of EC2 instance types with pricing and specs (because Amazon can’t be bothered to give a proper one themselves)
Google I/O 2013 talk on GCP (Jump to demo part)
GDG Berlin Golang – http://gplus.to/gdgberlingolang

<Thank You!>

Questions?

emailasu@voxelbrain.com
g++AlexanderSurma
twittersurmair
githubsurma