Cloud Operations

Architecture

For an overview of how to design a state of the art multi-account security logging platform in GCP:

• Marco Lancini Security Logging in Cloud Environments - GCP

Cloud Operations

General Info

• Cloud Operations Suite consists of multi-cloud monitoring and management products that aggregate metrics, logs, and events
• A Workspace is the root entity that holds monitoring and configuration information
  • A special project (the "Hosting" project) contains monitoring, configurations, dashboards, uptime checks, etc
  • The Operations workspace acquires the name of the hosting account project.

Products

Cloud Monitoring

General Info

• Enables to monitor platform/system/application metrics
• Ingest data into Cloud Logging and you can create different metrics, custom events, monitor for specific metadata changes
• Built-in monitoring for
  • App Engine flexible
  • App Engine Standard
  • GKE
  • Istio
• Cloud Monitoring Agent
  • For other services without Cloud Monitoring built in (e.g., GCE)

Cloud Logging

General Info

• Manage and analyze log data
• Built-in for
  • App Engine Flexible
  • App Engine Standard
  • GKE
  • Istio
  • Cloud Functions
  • Dataflow
• Cloud Logging Agent
  • For GCE
  • Based on fluentd
• Exporting logs
  • Cloud Storage
  • Pub/Sub
  • BigQuery