Note: This is a continuation of my post on exploring Google Cloud Platform. There is also a mirror of it on my personal blog.
Compute Engine is one of the more important services for me. While I'd love to have all my stuff on managed services like Lambda/Cloud Functions, it's not possible. The fundamentals of GCE are pretty similar to EC2, but there's a few interesting features that would be interesting to see EC2 adopt (if ever).
Pros:
- The GCE console supports SSHing to an instance within your browser. There's also automatic auto SSH key adding, something which had annoyed people (me) using EC2. You can still have a master SSH keypair, but you can also add keypairs for individual users.
- Linux OSes (Debian, CentOS, etc) are natively supported, not "support for Amazon Linux, and maybe other distros". This is pretty much required for some of the stuff that GCE is offering. The auto-key pair adding? Done by a daemon waiting for instructions. Said daemon has been added to the OS for you.
- Custom machines types (mix and match memory and CPU cores). I'd love to see EC2 adopt this, but it's not going to happen any time soon.
- Sustained usage discounts: No reserved instances required for discounts
- Premptible instances have a 24 hour limit, unlike EC2's spot block of max 6 hours. Having a fixed price means you don't have to worry about bill shock. Tradeoff is that there's no spot instance equivalent, where if your bid is high enough, the instance will practically never be terminated.
- Live migration for maintenance events! It's coming to EC2 (it's in the Xen mainline), just a question of when.
Cons:
- No security groups equivalent
- Firewall rules applied to the entire VPC, or specific labelled instances (I suppose you could bludgeon this into security groups).
- No comparison graphing. Are they depending on external providers (ie Datadog) like they do for sending email? (Yes, the creators of GMail recommend using another party to send email...)
- The bandwidth out prices. Google might have a super awesome network, with private backhaul to endpoints that are close... but that is more expensive than AWS.
Also, it's subjective, but I find that the GCE console UI is a lot cleaner than EC2's.
Top comments (1)
You say "No security groups equivalent", but you fail to specify what exactly is missing.
AWS security groups seem to me to be a giant mess and GCP firewalling with instance tags and such is a much clearer and easier to use system that can still do everything that AWS security groups can as far as I can tell.
You can specify what can communicate with what VERY strictly based on CIDR masks and network tags.