Overview

This guide gives an introduction to Google Compute Engine with RightScale to administer cloud infrastructure with an integrated solution. This guide favors the following audiences:

  • New Google Compute Engine users and New RightScale users - If you are new to Google Compute Engine and RightScale, read the entire evaluation guide for the best context of this integrated solution.
  • New Google Compute Engine users but experienced RightScale users - If you are new to Google Compute Engine but have some experience with RightScale, feel free to skip the Introduction to RightScale and Register for a RightScale Account sections.

Introduction to Google Compute Engine

Google Compute Engine is a high performance IaaS and PaaS offering, built on the same infrastructure that powers Google’s global operations. Google Compute Engine provides consistent performance and networking. Scale efficiently to tens of thousands of cores while benefiting from encrypted data at rest and transit for local ephemeral drives as well as volumes.

Introduction to RightScale

RightScale is the leading cloud management platform, supporting a range of public and private clouds. RightScale has more than 50,000 users and has launched over 5 million servers including many of the largest production deployments and scaling events in public and private clouds.

RightScale provides complete lifecycle management for public and private cloud-based applications including provisioning, monitoring, configuration, automation, auditing, and governance. This enables efficient administration with a single view of multiple cloud accounts’ usage, resources, and role-based access controls. RightScale is a multi-cloud solution that enables users to migrate workloads to and from public and private clouds and construct hybrid and multi-data center environments for large organizations, distributed applications, and high availability. RightScale offers services including consultative support, business critical SLAs, onboarding services, and end-to-end engineering that advises Cloud’s cutting edge deployments.

Key RightScale Concepts

RightScale Cloud Management is the bridge between your applications and your cloud infrastructure. RightScale's MultiCloud Platform provides a universal remote to conveniently access your public, private, and hybrid cloud resource pools from one Dashboard and API. The Configuration Framework provides intelligent cloud blueprints to configure and operate your servers in a dynamic and completely customizable fashion. The MultiCloud Marketplace™ provides a single location for cloud-ready components. The Automation Engine gives you the power to provision, monitor, scale, and manage entire server deployments efficiently and reliably. Governance Controls allow you to keep watch over access, security, auditing, reporting, and budgeting through a “single pane of glass” view.

google-gce-architecture.png

Use Cases

  • High performance computing - Run high-performance and grid computing workloads using Google Compute Engine’s hardware, networking, and storage with consistently high performance.

  • Batch processing - Execute batch processing jobs like video transcoding and image rendering with Google Compute Engine’s enormous capacity and dedicated, inter-region networking.

  • Data processing - Analyze mass data in the cloud using frameworks like Hadoop, spinning up and down thousands of instances on-demand.

Configuration Framework

The RightScale configuration framework — the ServerTemplate — is the key to efficient, automated provisioning and operations on Google Compute Engine and other public and private clouds. ServerTemplates are built from modular images, scripts, and variable inputs. ServerTemplates are dynamic, provisioning your servers at boot time using your chosen configuration and variable inputs. Dynamic configuration ensures that your servers are provisioned in context — they automatically register with the correct load balancers and databases, begin backups with the proper frequencies and storage locations, and much more.

The modular and dynamic aspects of ServerTemplates enable complete customization, from the inputs all the way down to the images. Each element of a ServerTemplate is version controlled, providing reproducible behavior across time and infrastructure, so that you design once and then consistently deploy multiple times on multiple clouds. ServerTemplates abstract cloud-specific differences, ensuring consistent multi-cloud configuration across public, private, and hybrid cloud resource pools.

google-server-template-config.png

The MultiCloud Marketplace offers ServerTemplates, scripts, and architectures published by RightScale, our partners, and our users. All of these pre-built configurations are fully customizable and provide a variety of solutions to get started. Swap scripts and recipes and change default inputs and alerts. ServerTemplates and components published by RightScale are rigorously tested, version controlled, and backed by our support.

Automation Engine

The RightScale automation engine provides powerful tools to make cloud resources efficient and highly available:

  • Keep tabs on your resources with granular Server and Application Monitoring. View entire systems of hundreds of servers with Cluster Monitoring.
  • Link monitors to Alerts and Escalations that notify you of issues and automatically take action.
  • Scale resources up and down according to your needs with Auto-Scaling Arrays.
  • Stand up entire architectures using Deployment Orchestration. Perform Application and Database Automation with powerful tools such as tags and our customizable library of scripts.

Governance Controls

Manage access and usage of cloud resources with a comprehensive set of RightScale governance controls:

  • Control authentication, permissions, and credentials with the Access and Security Manager.
  • Create secure environments for multiple teams with Enterprise Manager and Federated Identity.
  • Resolve issues and trace events with Auditing.

Services & Support

RightScale has been a provider of leading services and support for public and private clouds since 2006. RightScale offers a range of services to help you succeed:

  • Do-it-yourself materials to white glove engineering.
  • Onboarding services provide you with invaluable assistance getting cloud projects up and running on time.
  • 24/7 support keeps your applications running.
  • Customizable training offers insights into using RightScale, cloud-based applications, and adopting cloud best practices.

Google Compute Engine Registration

Follow the instructions on this page to add your GCE Project to RightScale.

Introductory Exercise

This introductory exercise introduces some of the fundamental steps required for creating deployments and launching servers with RightScale with Google Compute Engine.

Create a Deployment

Your deployment is the container for your servers. A deployment consists of a cluster or group of Servers that work together and share common Input variables and cloud configurations. Before launching servers, you must create a deployment. To create a deployment:

  1. Go to Manage > Deployments.
  2. Click New and provide the following information:
  3. Nickname - User-defined name for the deployment.
  4. Description - A short, internal-only description of the deployment.

Import a ServerTemplate

The next step is to import a ServerTemplate. A ServerTemplate includes one or more MultiCloud Images that define an operating system and the supporting applications for the server. It is a collection of RightScripts or Chef recipes that install select applications and define configuration settings and other attributes. ServerTemplates are available the RightScale MultiCloud Marketplace.

  1. In the Dashboard, go to Design > MultiCloud Marketplace > ServerTemplates
  2. Find and select the Base ServerTemplate for Linux ServerTemplate.
  3. Click Import.

Once imported, the ServerTemplate and associated RightScripts are considered part of your local collection.

Add a Server

With your new ServerTemplate, add a server to your deployment:

  1. Go to your deployment ( Manage > Deployments > your deployment).
  2. Click Add Server to add a server and select your cloud from the Cloud drop down menu.
  3. Select your imported ServerTemplate from ServerTemplates in Your Account.
  4. Launch the server. Check the events pane on the left for real time updates of your server's status.

Explore Additional Features

  • Server Management and Monitoring - The RightScale management platform offers options for managing and monitoring your servers after you launch them in Google Compute Engine. This section provides an overview of some of the available options.
  • Inputs - Inputs are tools to easily customize and reuse scripts. Inputs are variables within a script that allow you to substitute specific, user-defined values for the input when an associated script runs on a server. A ServerTemplate's Inputs tab shows all of the inputs declared in any of its scripts (RightScripts or Chef Recipes) located under its Scripts tab.
  • SSH - You can use SSH to securely connect to servers in the cloud through the RightScale Dashboard. To connect to a server using SSH, go to your deployment > server name > SSH Console.
  • Audit Entries - The Audit Entries tab shows a detailed, historical record for all server activity within a deployment. Audit entries are created for the vast majority of actions, such as launching and terminating instances, script execution, or performing database backups. These log files are beneficial for troubleshooting problems or tracking changes. To see an Audit Entry report, go to your deployment > Reports > Audit Entries.
  • Deployment Budget Estimate Widget - The Deployment Budget Estimate Widget is s built-in widget that provides a budgetary breakdown of all deployments in the account. By default, the built-in widgets display on the Overview tab of the Dashboard ( Manage > View Dashboard > Overview ).
  • Monitoring - The Monitoring tab ( Manage > View Dashboard > Monitoring ) displays real-time graphical data for all servers in your deployment. By default, the 'cpu-overview' and 'interface if_packets-eth0' graphs display, which show you status of your server's resources and incoming/outgoing data (packet) traffic. View detailed graphs for individual servers as well, if those servers have monitoring enabled. Cluster Monitoring is also available and provides a simple and efficient means to browse through monitoring data for Deployments consisting of many Servers.

google-monitoring.gif

Advanced Configuration

If you complete the introductory lab and would like to see an example of some of the more advanced capabilities of RightScale + Google Compute Engine, go to the example configuration that demonstrates video transcoding.

Advanced Management Features

After your deployment is up and running, RightScale provides a set of advanced management features to help you monitor and manage your Google Compute Engine cloud.

User Management

RightScale user management features allow you to control access to your Google Compute Engine cloud and add or remove users as needed. RightScale has several types of users that are defined by their roles. RightScale administrators can assign the different roles to users, depending on each user's needs. This level of control adds flexibility and lets users collaborate on projects in RightScale and in your Google Compute Engine cloud.

Governance and Control

Governance and control refers to the ability to view all cloud activities from a single dashboard with comprehensive audits and logs while controlling user access, server security, resource usage, and budgeting.

You decide how to control access to your cloud resources and how to govern changes, processes, and workflows. Distribute control among deployments, accounts, or regions using a different administrator for each or centralize control and maintain it under one administrator, deployment, or account. Because you structure your administration of RightScale and Google Compute Engine in whatever way best serves your business needs, RightScale does not offer a step-by-step process for putting your governance and control systems in place. But for the purposes of this evaluation guide, the following example uses the organization to demonstrate one method for using a centralized model.

Centralized Control Example (Enterprise Account)

Every customer gets a RightScale organization that acts as an umbrella entity for all of its accounts. Use the organization to monitor the cloud related activity across all RightScale accounts. Each account is essentially a separate RightScale account with its own credentials. Each enterprise can have up to four child accounts. If you require more than four child accounts, please contact sales@rightscale.com.

The user who is given the 'enterprise_manager' user role is responsible for managing all accounts of the enterprise.

common-enterprise-overview.png

In the preceding diagram, Michael is the Enterprise Manager. He maintains that role across all accounts in his enterprise. He has access to both master and child accounts. Regardless of which account he is logged into and viewing, he has access to the Enterprise view under Settings > Organization.

The Enterprise view is where he monitors and manages all activity within the Enterprise. He tracks current run-rates, adds/removes/modifies user roles, and invites users across all accounts.

Enterprise User Roles

One additional role is available to the enterprise.

enterprise_manager - Manages all accounts within the enterprise. Grants user role privileges across all accounts in the enterprise. Controls which child accounts have access to which sharing groups. The master enterprise account must have at least one 'enterprise_manager' user. An 'enterprise_manager' can also grant the same privileges to another user.

Managing Permissions and Users

One of the core responsibilities of administrators is managing accounts, users, roles, and permissions. The terms 'accounts', 'user', and 'roles' are used in this evaluation guide. This section contains detailed descriptions of these terms and provides information about their appropriate usage/application.

Accounts

Each user needs access to two types of accounts:

  • RightScale Account - Create a RightScale Account to log in to the RightScale Dashboard and manage your Google Compute Engine cloud. Registration requires an email and password. To view information about your RightScale Account in the Dashboard, go to Settings > Account. Note: Unless otherwise specified, the word 'account' in the documentation refers to your RightScale Account.
  • Google Compute Engine - Before using the RightScale Dashboard to manage your server instances in Google Compute Engine, you must have valid Google Compute Engine credentials. Enter valid credentials into the Dashboard to launch and manage resources in your Google Compute Engine cloud through the RightScale Dashboard or API.

The following diagram shows three separate users. John set up the 'Site1.com' RightScale account and invited Ben (who has his own RightScale account) as a user of the 'Site1.com' RightScale account. Ben set up his own RightScale account, where he manages resources across multiple cloud providers. Greg is new to RightScale and has never set up his own RightScale account, however Ben invited him as a user of his 'Site2.com' RightScale account.

google-account-scenarios.png

Keep in mind that a RightScale Account is separate from a Cloud Account. You may register multiple cloud accounts with a single RightScale account. However, you are responsible for paying for all cloud and cloud-related cloud usage costs. If you are a paying customer of RightScale, your cloud usage costs are separate charges from your RightScale Edition subscription fee.

google-billing-model.png

User

RightScale users are identified by their email address. Each user can have access to multiple RightScale Accounts. Create your own RightScale Account or accept invitations as a user of other RightScale Accounts. To view information about your User settings across all of the RightScale accounts, go to Settings > User.

In the diagram below, John Doe is identified as 'john@mysite.com' in the RightScale platform. He currently has access to three RightScale Accounts and has different user role privileges in each of those accounts.

common-user-roles.png

In the RightScale system, your email address is your username or unique identifier and is also used in audit entries, changelogs, and histories to identify which user performed a particular action(s) within a RightScale Account. Therefore, it's important that login credentials (email/password) are never shared or used by multiple users because it is not possible to track user actions in the Dashboard.

Invite Users

Users with 'admin' user role privileges can send RightScale account invitations to other users. In order to invite a user to a RightScale account, you must send the invitation to the email address that the user will use to log into the RightScale Dashboard.

To send a RightScale account invitation, go to Settings > Account Settings. Under the Invitations tab, click the Invite Users button. Click the Send Invitations button to send an email invitation to each user. (A copy of the email invitation is sent to the owner of the RightScale account.) Invitations are either temporary or permanent. Temporary invitations allow account admins to invite users to their account, but the invited user will be removed after a specified number of days.

Note: If you have a free RightScale account, you must grant each invited user 'admin' user role privileges.

The invitation link that users receive in email will expire in six days. If the user does not use the invitation to activate a RightScale account within that period, you must send a new invitation.

Accept an Account Invitation

An invitation to a RightScale account sends an email from root@rightscale.com. If the email is not in the recipient's inbox, check the spam folder or perform a keyword search for 'rightscale' in your email.

To accept the account invitation, click on the validation link in the email. Once you are logged into the Dashboard, click the Accept Invitation button.

Managing your RightScale Account

If you are an 'admin' user of a RightScale account, use the various user roles to control the permissions of all invited users in order to manage their level of access and functionality. Only 'admin' users may send account invitations. You must specify a user's roles before sending an account invitation. Later, you may change user roles under the Settings > Account Settings > Users tab.

Note: Only an 'admin' user may revoke another user's 'admin' privileges.

It is important you never share the email/password that you use to log into the RightScale Dashboard. For example, if an account (e.g. 'Site1.com') has multiple users, each user should create a unique RightScale account. Later, the 'admin' user of the 'Site1.com' account can invite additional users to that account. This is the only way that you can have user accountability within an account. If you share the same email/password with multiple users, there is no way to determine who launched or terminated a server. It's important that each action can be attributed to a single user.

User Roles

To view your own user role privileges across all of your accounts, go to Settings > User > Info. Remember, user roles are account-specific. The following is a list of available roles and a brief description of what each role can do in the RightScale Dashboard.

  • admin: Administrative control of the RightScale Account.
  • actor: Ability to manage all cloud related activity.
  • observer: Ability to view the RightScale account.
  • designer: Ability to create ServerTemplates, RightScripts, and Macros. Ability to view local object collections under the Design menu.
  • library: Ability to import objects from the MultiCloud Marketplace to your local view (collection). The ability to view the MultiCloud Marketplace requires the 'designer' role.
  • security_manager: Ability to create a cloud Security Group and modify an existing Security Group's port permissions. Ability to view and generate Infrastructure Audit Reports.
  • server_login: Ability to log into servers.
  • publisher: Ability to create sharing groups and share RightScale objects (ServerTemplates, RightScripts, and Macros) with other users.
  • enterprise_manager: (Enterprise only) Manages all accounts within the enterprise. Send account invitations and grant user role privileges across all accounts in the enterprise.
  • ca_user: Ability to view billing information.

Server Roles

Sometimes the word 'role' refers to a server's role or configuration. For example, when you launch an instance on a cloud infrastructure you are provisioning a blank piece of hardware that you can configure to fulfill a specific type of server role. Additionally, you can use different ServerTemplates to configure instances to fulfill certain roles such as dedicated load balancers, application servers, database servers, etc.

google-server-roles.png

Collaboration

RightScale gives you a single pane of glass to manage your Google Compute Engine cloud which makes collaboration across teams and regions easy and effective. Instead of using multiple tools or systems to manage cloud assets, using the RightScale cloud management platform enables you to see everything in one place. You can manage public clouds, private clouds, and hybrid clouds across geographies and time zones under one platform.

SAML

Security Assertion Markup Language (SAML) is an XML standard used to authenticate users from an Identity Provider (IdP) to a software provider. SAML allows a user to log on once to a site (an IdP) and have access granted to affiliated websites. In conjunction with our provisioning API, this functionality enables you to authenticate and synchronize with existing identity stores.

RightScale is enabling SAML 2.0-based Single Sign-On (SSO) functionality for Enterprise Plan customers who request this feature. This, combined with our provisioning API, allows for full identity federation including syncing with Active Directory. In addition, RightScale has tested this functionality with our partners Okta and PingIdentity so that you can use their (and similar) SaaS-based Identity Provider.

OAuth

OAuth-compatible authentication and authorization supports a password-less Dashboard user that can login to the API and make authenticated requests. This feature is currently in public beta. Please contact support with any issues. To enable OAuth, navigate to Settings > Account Settings > API Credentials. Here you can obtain an API access token which allows you to make changes without logging in.

Conclusion

Using RightScale to manage your Google Compute Engine cloud gives you maximum control and flexibility by integrating all of your cloud management into one interface. Using Google Compute Engine with RightScale provides you the following benefits:

  • Manage your entire Google Compute Engine cloud infrastructure with a single, integrated solution using RightScale.
  • Use RightScale abstraction with customization so you can focus on your applications running in Google Compute Engine rather than on administration.
  • Automate deployment and management of cloud resources.
  • Build and manage your cloud by leveraging the expertise of both the RightScale and Google Compute Engine teams.
  • Provision and monitor your servers in the Internet-scale hosting environment provided by Google Compute Engine, using RightScale as a single pane of glass management interface.

Contact Information