Guide to Stanford GCP Setup
Learn how to set up and manage your GCP project
Google Cloud Platform (GCP), is a suite of cloud computing services that run on the same infrastructure that Google uses internally for end-user products like Google Search, Gmail, YouTube, etc. It provides a reliable place to compute and store data and helps developers build, test, and deploy apps.
If you're new to cloud, check out the resources section to learn more.
Getting Started
Step 1: Compliance
Compliance requirements vary based on the types of data you will be using or storing in your GCP project.
GCP is suitable for Low, Moderate and High Risk Data and all GCP service offerings are available for use. There are plenty of native security products and capabilities available that help you secure your network, infrastructure, endpoint and data stored in GCP.
GCP is authorized for use with High Risk Data and Protected Health Information (PHI) ONLY when the GCP project is compliant with Stanford's Minimum Security Standards and Administrative Guide, as well as other regulatory requirements.
If you are using High Risk Data or PHI, you must complete a Data Risk Assessment and have one of the following groups manage your project:
- Stanford Research Computing Center
- UIT Technology Consulting Group (TCG)
- Research IT-School of Medicine
From within GCP's Compliance Resource Center, you can easily find cloud services that are HIPAA-Compliant, as well as guidelines on how to protect your PHI data in the cloud.
Step 2: Approval
Before you place your request for a new GCP project, you MUST obtain authorization from a valid approver for each Stanford Project-Task-Award (PTA) you plan to use.
Check valid approvers for a PTA you are planning to use prior to submitting your request. The approver you select will be required to confirm their approval once the request is submitted.
The PTA approver(s) must agree to accept all charges incurred until one of the following occurs:
- The PTA approver terminates approval
- The service has been cancelled
- The PTA has been removed from the service.
Step 3: Submit
Set up your new GCP project with the project creation request form. Upon completion of the form, it will take one to two business days for project provisioning.
Note: A naming convention is followed for GCP project names. When you fill the project creation form, it will automatically present a prefix for your project and you can choose the remainder of the project name.
Using GCP
Step 1: Access
Once your GCP project is created, you will receive a confirmation email. The email also provides you with a login link that takes you to your new GCP project using Single Sign-On (SSO).
Once you login to the GCP Cloud Console, you will be directed to the homepage of your projects. If you want to perform a task via the console, start here.
Step 2: Configuration
Individuals identified on the request form as primary and alternate technical contacts will be granted permissions as Project Editors and IAM Admins. Both can create resources in the GCP project and grant IAM permissions to others.
Step 3: Build
To begin building your project, consider using these top GCP products leveraged by Stanford. If you have any questions about these tools or would like to see sample solutions, reach out to the GCP account team.
- Google Compute Engine (GCE): Computing infrastructure in predefined or custom machine types with live migration support allows you to install your software as needed. You could elastically autoscale your application, adding GPU as needed, leverage preemptible VMs to save cost, and programmatically access it via Compute Engine APIs.
- Google App Engine (GAE): Fully managed serverless application platform for developing and hosting web applications at scale. Two flavors: App Engine Standard and App Engine Flex. Both support a variety of programming languages such as Python, Node.js, Go, etc.
- Google Cloud Storage (GCS): Globally unified, scalable, and highly durable object storage for developers and enterprises. GCS comes with different storage classes like regional/multi-regional, nearline, coldline, archive. GCS is usually the landing spot for many applications. Get started here.
- Cloud SQL: Fully managed relational database service for MySQL, PostgreSQL, and SQL Server. Please read the launch checklist before you start.
- BigQuery: Serverless, highly scalable, and cost-effective cloud data warehouses designed for business agility. BigQuery ML enables users to create and execute ML models in BigQuery by using standard SQL queries. It could also feed your ML model running on GCE or AI Platform Notebook. You may find BigQuery public datasets helpful.
- Dataflow: A managed service for executing a wide variety of data processing patterns. Get up to speed with these tutorials and samples.
- AI & ML: GCP offers a hosted repository AI Hub: a broad range of AI and ML building blocks that includes Vision AI, Video AI, natural language processing (NLP), translation, speech-to-text and vice versa, auto ML, and AI Platform to build/train your own models.
- Terra: A cloud-native platform for biomedical researchers to access data, run analysis tools, and collaborate. Terra leverages GCP for underlying infrastructure needs. A library of examples are available for you to learn and brainstorm your own solution.
Pricing and Billing
Cost
In GCP, you only pay for what you use.
First, figure out how you want to run your application in Cloud, then use the GCP Price Calculator to understand estimated cost. Note that the university discount negotiated between Google and Stanford is not applied in this calculator.
If you have any questions around architecting in GCP or cost estimation for your project, please reach out to the Google Cloud account team for assistance.
Billing
You can view usage information on the Google Console under the billing section.
If you want to view previous billing information already charged to your PTA(s), use the UIT Billing Dashboard. For questions, contact the UIT Revenue Operations team.
If you want to view detailed breakdowns of each individual service, please contact the UIT GCP billing support team for billing export access in BigQuery.
- Understanding Your Cloud Bill
- Stanford clients of AWS accounts, GCP projects,and Azure Cloud Services can expect to see a chargeback from UIT to their PTA afer 2 months of their initial cloud usage charge.
- Month A - Cloud provider charges for your usage. (Every 30-31 days)
- Month B - UIT receives invoice for Month A, and pays on your behalf.
- Month C - UIT issues a chargeback to your PTA for Month A invoice. (1st of each month)
- Tips for avoiding surprise charges
- Understand your cloud provider charges
- Charge amounts are pay as you go
- View AWS pricing calculator >> https://calculator.aws/#/
- View GCP pricing calculator >> https://cloud.google.com/products/calculator
- Check your billing console regularly
- Avoid overdraft of PTA by checking your usage and charge balance.
- Access your AWS Console >> https://awsconsole.stanford.edu/
- Access your Google Console >> https://console.cloud.google.com/
Click image to enlarge
Resources
Stanford Cloud Computing
Get to know Google Cloud Platform
- GCP Overview
- Getting Started with GCP
- GCP Product List Brief
- Google Cloud for AWS Professionals: transitioning from AWS to GCP
- GCP Resource Hierarchy: describes how cloud resources can be organized and managed using Resource Manager
- GCP Project Map: defining projects
- HIPAA Compliance in GCP
- Best Practices for Using Cloud IAM and Cloud Billing in Higher Education. See also Using IAM Securely.
Training
- Training solutions through UIT Technology Training
- Cloud Academy (requires the purchase of a monthly or annual license)
- LinkedIn Learning (free with a full-service SUNet ID)
- Complimentary on-demand courses through Google
- In-person and virtual classes through Google
- Pre-recorded sessions via GCP's YouTube channel
- Cloud OnAir: a public channel that provides sessions on hot topics such as new products, certifications, etc.
- Get your Google Cloud Certification with a variety of certification paths (contact the Google Account team to learn more)
FAQs
- How do I request a folder for my group or lab?
- Requests can be made through a Help request.
- I currently have a GCP project running outside of Stanford Organization. How do I leverage the special discount Google offered to Stanford?
- Follow these migration instructions from Google to get started.
- Where can I learn more about architecture, products, and billing?
- Email Stanford's Google account team for questions.
- Who is qualified to set up development support?
- For GCP technical support, right now anyone in Stanford is qualified to set up development support. A premium support option for Stanford is underway and more updates will be available later this year.
- Who do I contact for billing and credit?
- To redeem GCP/Education grant, GCP research credit, set up Terra billing or export billing access in BigQuery, contact UIT Hosting Services.
- How do I request project creation help (help with the creation form, complete a data risk assessment, get PTA approval)?
- Requests for these services can be made with a Help request ticket.
- Is it possible to use Cloud compute to process my research data on-prem?
- Contact Stanford's Google account team.
- How should I architect my project in GCP?
- Contact Stanford's Google account team.
- How much does it cost to run my project on GCP?
- Contact Stanford's Google account team.
- How do I run Jupyter Notebook in GCP?
- Contact Stanford's Google account team.
- What products or services are available to help migrate my data to Cloud?
- Contact Stanford's Google account team.
- How do I escalate a support ticket?
- Contact Stanford's Google account team.
- What if I have a support/feature enhancement request?
- Contact GCP Technical Support for issues such as: unable to create VM with GPU, make SCC available to project owners, Jupyter Notebook not launching.
- Who do I turn to for operations support and design reviews?
- Questions regarding Operational Rigor (how to transform and modernize IT operations and cloud operating model to effectively use cloud and add value), Platform Health (consistent POC and gateway into Google Cloud support and platform status information), or Architectural Stability (how to architect and deploy solutions to meet performance and functional requirements) should be directed to GCP Technical Support.
