Table of Contents
This guide gives an introduction to Google Compute Engine with RightScale to administer cloud infrastructure with an integrated solution.
This guide favors the following audiences:
Google Compute Engine is a high performance IaaS and PaaS offering, built on the same infrastructure that powers Google’s global operations. Google Compute Engine provides consistent performance and networking. Scale efficiently to tens of thousands of cores while benefiting from encrypted data at rest and transit for local ephemeral drives as well as volumes.
RightScale is the leading cloud management platform, supporting a range of public and private clouds. RightScale has more than 50,000 users and has launched over 5 million servers including many of the largest production deployments and scaling events in public and private clouds.
RightScale provides complete lifecycle management for public and private cloud-based applications including provisioning, monitoring, configuration, automation, auditing, and governance. This enables efficient administration with a single view of multiple cloud accounts’ usage, resources, and role-based access controls. RightScale is a multi-cloud solution that enables users to migrate workloads to and from public and private clouds and construct hybrid and multi-data center environments for large organizations, distributed applications, and high availability. RightScale offers services including consultative support, business critical SLAs, onboarding services, and end-to-end engineering that advises Cloud’s cutting edge deployments.
RightScale Cloud Management is the bridge between your applications and your cloud infrastructure. RightScale's MultiCloud Platform provides a universal remote to conveniently access your public, private, and hybrid cloud resource pools from one Dashboard and API. The Configuration Framework provides intelligent cloud blueprints to configure and operate your servers in a dynamic and completely customizable fashion. The MultiCloud Marketplace™ provides a single location for cloud-ready components. The Automation Engine gives you the power to provision, monitor, scale, and manage entire server deployments efficiently and reliably. Governance Controls allow you to keep watch over access, security, auditing, reporting, and budgeting through a “single pane of glass” view.
Run high-performance and grid computing workloads using Google Compute Engine’s hardware, networking, and storage with consistently high performance.
Execute batch processing jobs like video transcoding and image rendering with Google Compute Engine’s enormous capacity and dedicated, inter-region networking.
Analyze mass data in the cloud using frameworks like Hadoop, spinning up and down thousands of instances on-demand.
The RightScale configuration framework — the ServerTemplate — is the key to efficient, automated provisioning and operations on Google Compute Engine and other public and private clouds. ServerTemplates are built from modular images, scripts, and variable inputs. ServerTemplates are dynamic, provisioning your servers at boot time using your chosen configuration and variable inputs. Dynamic configuration ensures that your servers are provisioned in context — they automatically register with the correct load balancers and databases, begin backups with the proper frequencies and storage locations, and much more.
The modular and dynamic aspects of ServerTemplates enable complete customization, from the inputs all the way down to the images. Each element of a ServerTemplate is version controlled, providing reproducible behavior across time and infrastructure, so that you design once and then consistently deploy multiple times on multiple clouds. ServerTemplates abstract cloud-specific differences, ensuring consistent multi-cloud configuration across public, private, and hybrid cloud resource pools.
The MultiCloud Marketplace offers ServerTemplates, scripts, and architectures published by RightScale, our partners, and our users. All of these pre-built configurations are fully customizable and provide a variety of solutions to get started. Swap scripts and recipes and change default inputs and alerts. ServerTemplates and components published by RightScale are rigorously tested, version controlled, and backed by our support.
The RightScale automation engine provides powerful tools to make cloud resources efficient and highly available:
Manage access and usage of cloud resources with a comprehensive set of RightScale governance controls:
RightScale has been a provider of leading services and support for public and private clouds since 2006. RightScale offers a range of services to help you succeed:
The first step is to sign up for Google Compute Engine. If you already have a Google Compute Engine account, you may sign in using your existing Google Compute Engine account or sign up here.
From your Google APIs Console, under "Services," request access for the "Google Compute Engine" service and make it active.
This service must stay active for Google Compute Engine use.
RightScale recommends that "Google Cloud Storage" service stays "ON" for RightScale with Google Compute Engine use.
From your Google APIs Console, under "Services," make "Google Cloud Storage" active.
To use Google cloud services, you must enable billing by providing valid credit card information. Under the "Billing" section, click Enable Billing and provide the required information.
Later, you will add the following information into the RightScale Dashboard to validate your account. RightScale requires this information to execute actions in GCE on your behalf.
Your unique Google Project ID (e.g. rightscale.com:example) is shown in the Overview area of your GCE console, which RightScale requires to add to your account.
Important! The Google username you signed in with to request access must match the username that's tied to the Google Project ID that you are adding to the RightScale account. Otherwise, you can add Google as a cloud to the RightScale account, but it will not be usable.
Once you allow access, you will see that the Google Compute Engine cloud is "enabled" under the Clouds tab in the Dashboard. All of your Google Compute Engine resources are now visible under the Clouds menu (Clouds > Google Compute Engine).
This introductory lab introduces some of the fundamental steps required for creating deployments and launching servers with RightScale with Google Compute Engine.
Your deployment is the container for your servers. A deployment consists of a cluster or group of Servers that work together and share common Input variables and cloud configurations.
Before launching servers, you must create a deployment. To create a deployment:
The next step is to import a ServerTemplate. A ServerTemplate includes one or more MultiCloud Images that define an operating system and the supporting applications for the server. It is a collection of RightScripts or Chef recipes that install select applications and define configuration settings and other attributes. ServerTemplates are available the RightScale MultiCloud Marketplace.
Once imported, the ServerTemplate and associated RightScripts are considered part of your "local" collection.
With your new ServerTemplate, add a server to your deployment:
Launch the server.
Check the events pane on the left for real time updates of your server's status.
The RightScale management platform offers options for managing and monitoring your servers after you launch them in Google Compute Engine. This section provides an overview of some of the available options.
Inputs are tools to easily customize and reuse scripts. Inputs are variables within a script that allow you to substitute specific, user-defined values for the input when an associated script runs on a server. A ServerTemplate's Inputs tab shows all of the inputs declared in any of its scripts (RightScripts or Chef Recipes) located under its Scripts tab.
You can use SSH to securely connect to servers in the cloud through the RightScale Dashboard. To connect to a server using SSH, go to your deployment > server name > SSH Console.
The Audit Entries tab shows a detailed, historical record for all server activity within a deployment. Audit entries are created for the vast majority of actions, such as launching and terminating instances, script execution, or performing database backups. These log files are beneficial for troubleshooting problems or tracking changes. To see an Audit Entry report, go to your deployment > Reports > Audit Entries.
The Monitoring tab (Manage > View Dashboard > Monitoring ) displays real-time graphical data for all servers in your deployment. By default, the 'cpu-overview' and 'interface if_packets-eth0' graphs display, which show you status of your server's resources and incoming/outgoing data (packet) traffic. View detailed graphs for individual servers as well, if those servers have monitoring enabled. Cluster Monitoring is also available and provides a simple and efficient means to browse through monitoring data for Deployments consisting of many Servers.
The Deployment Budget Estimate Widget is s built-in widget that provides a budgetary breakdown of all deployments in the account. By default, the built-in widgets display on the Overview tab of the Dashboard (Manage > View Dashboard > Overview).
If you complete the introductory lab and would like to see an example of some of the more advanced capabilities of RightScale + Google Compute Engine, go to the example configuration that demonstrates video transcoding.
After your deployment is up and running, RightScale provides a set of advanced management features to help you monitor and manage your Google Compute Engine cloud.
RightScale user management features allow you to control access to your Google Compute Engine cloud and add or remove users as needed. RightScale has several types of users that are defined by their roles. RightScale administrators can assign the different roles to users, depending on each user's needs. This level of control adds flexibility and lets users collaborate on projects in RightScale and in your Google Compute Engine cloud.
Governance and control refers to the ability to view all cloud activities from a single dashboard with comprehensive audits and logs while controlling user access, server security, resource usage, and budgeting.
You decide how to control access to your cloud resources and how to govern changes, processes, and workflows. Distribute control among deployments, accounts, or regions using a different administrator for each or centralize control and maintain it under one administrator, deployment, or account. Because you structure your administration of RightScale and Google Compute Engine in whatever way best serves your business needs, RightScale does not offer a step-by-step process for putting your governance and control systems in place. But for the purposes of this evaluation guide, the following example uses the enterprise account to demonstrate one method for using a centralized model.
Enterprise customers can create a 'master' enterprise account that acts as an umbrella account for all of its 'child' accounts. Use the master enterprise account to monitor the cloud related activity across all RightScale accounts in the enterprise. Each child account is essentially a separate RightScale account with its own credentials. Each enterprise can have up to four child accounts. If you require more than four child accounts, please contact firstname.lastname@example.org.
The user who is given the 'enterprise_manager' user role is responsible for managing all accounts of the enterprise.
In the preceding diagram, Michael is the Enterprise Manager. He maintains that role across all accounts in his enterprise. He has access to both master and child accounts. Regardless of which account he is logged into and viewing, he has access to the Enterprise view under Settings > Enterprise.
The Enterprise view is where he monitors and manages all activity within the Enterprise. He tracks current run-rates, adds/removes/modifies user roles, and invites users across all accounts.
One additional role is available to the enterprise.
enterprise_manager - Manages all accounts within the enterprise. Grants user role privileges across all accounts in the enterprise. Controls which child accounts have access to which sharing groups. The master enterprise account must have at least one 'enterprise_manager' user. An 'enterprise_manager' can also grant the same privileges to another user.
One of the core responsibilities of administrators is managing accounts, users, roles, and permissions. The terms 'accounts', 'user', and 'roles' are used in this evaluation guide. This section contains detailed descriptions of these terms and provides information about their appropriate usage/application.
Each user needs access to two types of accounts:
The following diagram shows three separate users. John set up the 'Site1.com' RightScale account and invited Ben (who has his own RightScale account) as a user of the 'Site1.com' RightScale account. Ben set up his own RightScale account, where he manages resources across multiple cloud providers. Greg is new to RightScale and has never set up his own RightScale account, however Ben invited him as a user of his 'Site2.com' RightScale account.
Keep in mind that a RightScale Account is separate from a Cloud Account. You may register multiple cloud accounts with a single RightScale account. However, you are responsible for paying for all cloud and cloud-related cloud usage costs. If you are a paying customer of RightScale, your cloud usage costs are separate charges from your RightScale Edition subscription fee.
RightScale users are identified by their email address. Each user can have access to multiple RightScale Accounts. Create your own RightScale Account or accept invitations as a user of other RightScale Accounts. To view information about your User settings across all of the RightScale accounts, go to Settings > User.
In the diagram below, John Doe is identified as 'email@example.com' in the RightScale platform. He currently has access to three RightScale Accounts and has different user role privileges in each of those accounts.
In the RightScale system, your email address is your username or unique identifier and is also used in audit entries, changelogs, and histories to identify which user performed a particular action(s) within a RightScale Account. Therefore, it's important that login credentials (email/password) are never shared or used by multiple users because it is not possible to track user actions in the Dashboard.
Users with 'admin' user role privileges can send RightScale account invitations to other users. In order to invite a user to a RightScale account, you must send the invitation to the email address that the user will use to log into the RightScale Dashboard.
To send a RightScale account invitation, go to Settings > Account Settings. Under the Invitations tab, click the Invite Users button. Click the Send Invitations button to send an email invitation to each user. (A copy of the email invitation is sent to the owner of the RightScale account.) Invitations are either temporary or permanent. Temporary invitations allow account admins to invite users to their account, but the invited user will be removed after a specified number of days.
Note: If you have a free RightScale account, you must grant each invited user 'admin' user role privileges.
The invitation link that users receive in email will expire in six days. If the user does not use the invitation to activate a RightScale account within that period, you must send a new invitation.
An invitation to a RightScale account sends an email from firstname.lastname@example.org. If the email is not in the recipient's inbox, check the spam folder or perform a keyword search for 'rightscale' in your email.
To accept the account invitation, click on the validation link in the email. Once you are logged into the Dashboard, click the Accept Invitation button.
If you are an 'admin' user of a RightScale account, use the various user roles to control the permissions of all invited users in order to manage their level of access and functionality. Only 'admin' users may send account invitations. You must specify a user's roles before sending an account invitation. Later, you may change user roles under the Settings > Account Settings > Users tab.
Note: Only an 'admin' user may revoke another user's 'admin' privileges.
It's important you never share the email/password that you use to log into the RightScale Dashboard. For example, if an account (e.g. 'Site1.com') has multiple users, each user should create a unique RightScale account. Later, the 'admin' user of the 'Site1.com' account can invite additional users to that account. This is the only way that you can have user accountability within an account. If you share the same email/password with multiple users, there is no way to determine who launched or terminated a server. It's important that each action can be attributed to a single user.
To view your own user role privileges across all of your accounts, go to Settings > User > Info. Remember, user roles are account-specific. The following is a list of available roles and a brief description of what each role can do in the RightScale Dashboard.
admin: Administrative control of the RightScale Account.
actor: Ability to manage all cloud related activity.
observer: Ability to view the RightScale account.
designer: Ability to create ServerTemplates, RightScripts, and Macros. Ability to view local object collections under the Design menu.
library: Ability to import objects from the MultiCloud Marketplace to your local view (collection). The ability to view the MultiCloud Marketplace requires the 'designer' role.
security_manager: Ability to create a cloud Security Group and modify an existing Security Group's port permissions. Ability to view and generate Infrastructure Audit Reports.
server_login: Ability to log into servers.
publisher: Ability to create sharing groups and share RightScale objects (ServerTemplates, RightScripts, and Macros) with other users.
enterprise_manager: (Enterprise only) Manages all accounts within the enterprise. Send account invitations and grant user role privileges across all accounts in the enterprise.
billing: By default all users of a RightScale account can view billing information. You will be able to see estimated cloud usage costs (Report > Usage Estimate) or the Deployments Budget Estimates under Manage > Deployments > View Dashboard.
Sometimes the word 'role' refers to a server's role or configuration. For example, when you launch an instance on a cloud infrastructure you are provisioning a "blank" piece of hardware that you can configure to fulfill a specific type of server role. Additionally, you can use different ServerTemplates to configure instances to fulfill certain roles such as dedicated load balancers, application servers, database servers, etc.
RightScale gives you a single pane of glass to manage your Google Compute Engine cloud which makes collaboration across teams and regions easy and effective. Instead of using multiple tools or systems to manage cloud assets, using the RightScale cloud management platform enables you to see everything in one place. You can manage public clouds, private clouds, and hybrid clouds across geographies and time zones under one platform.
RightScale offers reporting tools to help with cost tracking and usage monitoring. Some of these options include:
Security Assertion Markup Language (SAML) is an XML standard used to authenticate users from an Identity Provider (IdP) to a software provider. SAML allows a user to log on once to a site (an IdP) and have access granted to affiliated websites. In conjunction with our provisioning API, this functionality enables you to authenticate and synchronize with existing identity stores.
RightScale is enabling SAML 2.0-based Single Sign-On (SSO) functionality for Enterprise Plan customers who request this feature. This, combined with our provisioning API, allows for full identity federation including syncing with Active Directory. In addition, RightScale has tested this functionality with our partners Okta and PingIdentity so that you can use their (and similar) SaaS-based Identity Provider.
OAuth-compatible authentication and authorization supports a password-less Dashboard user that can login to the API and make authenticated requests. This feature is currently in public beta. Please contact support with any issues. To enable OAuth, navigate to Settings > Account Settings > API Credentials. Here you can obtain an API access token which allows you to make changes without logging in.
Using RightScale to manage your Google Compute Engine cloud gives you maximum control and flexibility by integrating all of your cloud management into one interface. Using Google Compute Engine with RightScale provides you the following benefits:
© 2006-2014 RightScale, Inc. All rights reserved.
RightScale is a registered trademark of RightScale, Inc. All other products and services may be trademarks or servicemarks of their respective owners.