Skip to content Skip to site navigation

Guide to Stanford GCP Setup

Learn how to set up and manage your GCP project

Before you set up a GCP Project

What is GCP?

Google Cloud Platform (aka. GCP), offered by Google, is a suite of cloud computing services that run on the same infrastructure that Google uses internally for its end-user products, such as Google Search, Gmail and YouTube.

If you are new to cloud, Getting Started with Google Cloud Platform is a great place to go. For quick product reference, please leverage the GCP Product List Brief.If you have previously used AWS, please check out Google Cloud for AWS Professionals for a quick start. For more training and resources, please leverage the Learning GCP section of this page.

GCP Resource Hierarchy and Project

GCP Overview is designed to help you understand the overall landscape of Google Cloud Platform (GCP) and key terminologies such as regions, zones, projects, resources, etc. GCP Resource Hierarchy describes how cloud resources can be organized and managed using Resource Manager.

At Stanford, organization, folders, and billing are managed by UIT, and most of the time you will be working in the scope of projects. A GCP project can map to one or multiple projects in real life, you can provision resources such as Virtual Machine, storage, network, etc as needed within a project, click here for more details.

If you would like to request a folder for your group or lab, please submit your request via this ServiceNow request form.

How to manage your GCP Project

You can choose the school or department that will manage your project while filling the project creation request form. All projects need to follow Stanford minimum security guidelines for IaaS for day-to-day operation and management, most of them are already enforced during the provisioning process. If you have any questions around security, data risk classification, support agreement with another groups at Stanford, you may want to check out  University IT's Cardinal Cloud site.

Plan for compliance

Compliance requirements vary based on the types of data you will be using or storing in your GCP project. Stanford has authorized GCP for use with High Risk Data and Protected Health Information (PHI) ONLY when the GCP project is in compliance with the Minimum Security Standards for Infrastructure-as-a-Service (IaaS) and Containerized Solutions and the Administrative Guide Section 6.3.1: Information Security as well as other regulatory requirements. If you are using High Risk Data or PHI, you must complete a Data Risk Assessment and have one of the following groups manage your project:

Stanford Research Computing Center

UIT Technology Consulting Group (TCG)

Research IT-School of Medicine

From within GCP Compliance Resource Center, you can easily find cloud services that are HIPAA-Compliant, as well as guidelines on how to protect your PHI data in the cloud.

Familiarize Yourself with GCP cost estimation

In GCP, you only pay for what you use. A common practice is to first figure out how you want to run your application in Cloud, then use the GCP Price Calculator to understand estimated cost. Note that the university discount negotiated between Google and Stanford is not applied in this calculator. 

If you have any questions around architecturing in GCP or cost estimation for your project, please reach out to the Google Cloud account team via stanford-gcp@google.com for assistance. 

GCP project naming conventions

A naming convention is followed for GCP project names. When you fill the project creation form, it will automatically present a prefix for your project and you can choose the remainder of the project name.

Get PTA Approval

Before you place your request for a new GCP project, you MUST obtain authorization from a valid approver for each Stanford Project-Task-Award (PTA) you plan to use.

While we will not hold the provisioning of the project for PTA approval, the approver you select will be required to confirm their approval once the request is submitted.The PTA approver(s) must agree to accept all charges incurred until such time as the PTA approver terminates approval, the service has been cancelled, or the PTA has been removed from the service. Check valid approvers for a PTA you are planning to use prior to submitting your request.

Submit Your Project Creation Form

Now let’s set up your new GCP project via this project creation request form! Upon completion of the form, typically it takes 1-2 business days for project provisioning. Please continue with the next section to get started with your first GCP project!

Get Started with GCP

Access Your Project

Congratulations on your new GCP Project! Once your GCP project is created, you will receive a confirmation email. The email also provides you with a login link that takes you to your new GCP project using Single Sign-On (SSO).

Once you login to the GCP Cloud Console, you will be directed to the homepage of your projects. Click here if you want to perform a task via the console but don’t know where to start from.

How Your New Project is Configured

Individuals identified on the project request form as primary and alternate technical contacts will be granted Project Editor (roles/editor) and IAM Admin (roles/resourcemanager.projectIamAdmin) roles, so that both the Primary and Alternate Technical Contacts can create resources in the GCP project and grant IAM permissions to others.

GCP IAM Role

Project Editor

IAM Admin

Project Billing Manager

Role Description

View, create and update all resources within your project.

Grant IAM roles to others within your project.

 

IAM Role Mapping

Requestor

     

Primary Technical Contact

X

X

 

Alternate Technical Contact

X

X

 

Primary Billing Contact

   

X


If you are using PHI, most (but not all) GCP service offerings are HIPPA Compliant and covered under the Google Cloud - Stanford Business Associate Agreement (BAA). We recommend you follow Best Practices for Using Cloud IAM and Cloud Billing in Higher Education, and practice least privileges principal while running your project on GCP.

How your GCP Project is billed

You can view usage information on the Google Console in the Billing area.

If you want to view billing information for past months that have already been charged to PTA(s), you can use the UIT Billing Dashboard. You can find information in this quick guide about how to navigate this tool. If you need help you can reach out to the UIT Revenue Operations team.

If you want to view detailed breakdowns of each individual service, please contact the UIT GCP billing support team for billing export access in BigQuery.

Secure data in your GCP

You must adhere to the Minimum Security Standards for Infrastructure-as-a-Service (IaaS) and Containerized Solutions and the Administrative Guide Section 6.3.1: Information Security for all data used or stored in your GCP project.

GCP is suitable for Low, Moderate and High Risk Data and all GCP service offerings are available for use. There are plenty of native security products and capabilities available that help you secure your network, infrastructure, endpoint and data stored in GCP.

GCP is authorized for use with High Risk Data and PHI ONLY when the GCP project is in compliance with the Minimum Security Standards and any other regulatory requirements and a Data Risk Assessment is completed.

Let’s Work on Your Project

Here are top GCP products that have been heavily leveraged by Stanford so far, please feel free to reach out to the GCP account team if you have any questions.

Get Help with GCP

Migrate to GCP

If you currently have a GCP project running outside of Stanford Organization, and you want to leverage the special discount Google offered to Stanford, you could follow Migrating Projects into Organization for instructions.

If you are currently running on other clouds, please first review Stanford Cloud Account Management and this web page. Google account team could offer consultations around architecture, billing and products as needed. Please do not hesitate to contact.

Get Help with GCP

Areas of Support

Example Topics

Contact

Billing & Credit

Redeem GCP Teaching / Education Grant

UIT Hosting Services 

Redeem GCP Research Credit

Billing Export Access in BigQuery

Terra Billing Setup

Project Creation

Project Creation Form

Request a new Service

Data Risk Assessment

PTA Approval

GCP product, solutioning and pricing

Is it possible to use Cloud compute to process my research data on-prem?

Google Account Team

<stanford-gcp@google.com>

How should I architect my project in GCP?

How much does it cost to run my project on GCP?

How to run Jupyter Notebook in GCP?

Support ticket escalation

What products or services are available to help migrate my data to Cloud?

Support/ Feature enhancement request

Unable to create VM with GPU

GCP Technical Support

Make SCC available to project owners

Jupyter Notebook is not launching

Operations support and design reviews

Operational Rigor - how to transform and modernize  IT operations and cloud operating model to effectively use cloud and add value

GCP SCA, TBD

Platform Health - consistent POC and gateway into Google Cloud support and platform status information

Architectural Stability - How to architect and deploy solutions to meet performance and functional requirements


For GCP technical support, right now anyone in Stanford is qualified to set up development support. Premium support option for Stanford is underway and more updates will be available later this year.

If you are a current client or interested in support from the UIT Technology Consulting Group team (TCG): Technology Consulting Group.

Learning GCP and Get Certified

UIT Technology Training offers multiple online training solutions to learn about specific cloud computing environments, such as Cloud Academy and LinkedIn Learning. Cloud Academy requires the purchase of a monthly or annual license, and LinkedIn Learning is free for anyone with a full-service SUNet ID.

Here is a quick snap of complementary GCP Trainings:

  • On-demand Courses: Google offers on-demand courses via Coursera, the link above will take you to coursera directly. Stanford could leverage free EDU credits for Qwiklabs and search for courses using keywords. You can apply for training credit here if you haven’t yet.
  • Scheduled Class: You can choose from a roster of in person and virtual courses offered worldwide by authorized training partners. Training is offered in various depths and on a variety of popular topics. Most training lasts for one to multiple days.

You can also find thousands of recorded sessions via GCP Youtube channel. Cloud OnAir is a public channel that keeps rolling out sessions on hot topics such as new products, certifications, etc.

  • Certification: Certification is a great “badge” to show your ability to transform businesses and support your internal customer with Google Cloud technology. Certification paths and registration are available for all GCP certifications. Please feel free to ping Google Account Team if you have any questions about the certification.
  • Next ‘20 OnAir: Nine weeks of free digital events starting on July 14. Bringing the best of Google Cloud technology to you. Explore curated content on demand, keep up to date with what is happening.