Creating and Managing Projects in GCP Environment
What is the goal and primary motivation for DIT managing UMD GCP?
- The Research Technology team’s goal is to configure an organizational hierarchy, establish roles and permissions, enable basic security features, and document a billing process that will enable campus stakeholders to use GCP while allowing DIT to encourage an appropriate level of security and uniformity, and to ensure consistent implementations and support across projects.
- In general, project and resource access is determined based on roles, and will be configured such that only designated admins can create Billing Accounts and Projects (these are the basis of all resource usage in GCP).
How do I get a project created in the UMD GCP environment?
- All new projects created in Google Cloud require a submission of Google Cloud Platform Services Request found in the Service Catalog. DIT Research Computing Team will facilitate end-users through the project creation process once notified by automated service request.
- All Google Cloud Services currently require a project created, including Google Earth Engine and Service Accounts/OAuth Credentials. Only Google administrators have the ability to create projects in umd.edu domain.
Why is DIT contacting me about an existing GCP project?
- Once a project has been created, it will stay in the UMD GCP environment until it is removed. Even if there is no billing\ associated with it. It is in the best interest of the University and the end user to remove all inactive projects. Once you have completed your work within the GCP environment,your project should be deleted.
- DIT monitors projects on a regular basis. Inactive projects create risk related to data loss, inappropriate use of computing resources, and fraudulent charges. Projects inactive for 12 months.
How long can a project remain in the GCP environment?
- A Google Cloud Project can remain in the environment for as long as project funding via Google Credits or active customer Purchase Order is in place. A project is identified as inactive once no activity has been seen for 6 months and is slated for removal.
- It is recommended that the user deletes the project once they have completed work or no longer have funding to continue. For example, credits are all used or expired.
What happens to inactive projects?
- All projects that are inactive for 12 months or longer will be deleted from the UMD GCP environment. .
- DIT will notify the identified project owner via email that the project will be removed. No response to email automatically confirms permission to remove.
Can permissions be delegated to department IT to manage Google Cloud projects?
- DIT has developed a permissions delegation model in order to allow management of projects and billing.
This does not show up on the google cloud pricing calculator. Many of our end-users use Google Earth Engine. It is for us to understand if we can purchase resources beyond the free tier, and if it is part of the GCP contract.
- We are currently researching this service and will provide more details in the future.
- Purchase Orders should be created for any anticipated costs beyond the Free Tier.
There may be multiple projects on GCP associated with umd.edu email addresses. Do you need all of those migrated to campus agreement? Is there a similar requirement for terpmail.umd.edu email addresses?
- Projects associated with umd.edu should be migrated, moved, or deleted based on what type of project it is. (Unneeded, Personal, Student, Faculty, Staff).
- TERPmail is a separate domain and separate GCP that is currently out of scope.
Most of the existing GCP projects are using free tier provided through GCP. Do you require those to migrate as well?
- We will perform best efforts to migrate all existing Free Tier projects. The new implementation is assessing the current ability to create free tier projects without collaboration with department IT and Research Technology Services.
How does billing within GCP work?
- UMD utilizes the I2 Net+ Agreement for acceptable Terms and Conditions, and discounted pricing. UMD’s reseller is Burwood Group; a partner for GCP implementation, billing, and, potentially for support. Burwood works with Carahsoft to invoice UMD for Google Cloud usage. Burwood Group provides a custom billing portal integrated with our SSO to which Billing Admins will have access.
- Burwood handles the connection between the GCP Billing Account and the Purchase Order so that invoices can be sent to Accounts Payable with appropriate information.
Does GCP billing require quotes or use existing campus quotes similar to AWS?
- All projects require a purchase order initiated from an estimated quote generated from Burwood Group and implemented by your department Business manager.
- Purchase order creation is dependent on the practices by your college or unit business office. Historically, the following timelines for purchase orders have been observed.
- Purchase orders up to $5,000 generally take 1 week to get generated.
- Purchase orders over $5000 follow the guidelines of your unit and may require additional information along with the quote to get approved.
- All purchase orders over $25,000 must be approved by the university procurement department and will require extensive documentation about your proposed project for approval and generated.
- No department or personal credit cards can be used to use GCP.
- Each College (or smaller unit) can manage their own Billing and interface with Burwood Group (our reseller) through their billing portal. Research Computing will assist in setting your project(s) up in the billing portal and providing access if requested.
- A summary of your project(s) spending is emailed weekly to the primary contact for project