Google Cloud Guidance Report
Site24x7's Google Cloud Guidance Report offers tailored insights to fine-tune your cloud resources and provides recommendations to optimize costs, improve fault tolerance and performance. Identify bottlenecks, optimize configurations, and ensure peak performance for your Google Cloud setup by implementing the recommendations provided in Guidance Report.
Where can I view the Guidance Report
You can view the Guidance report for Google Cloud by logging into Site24x7 and then navigating to Cloud in the left navigation pane > GCP > your monitor name > Guidance Report.
List of Google Cloud services covered under Guidance Report
- Cloud SQL
- Kubernetes Cluster
Cloud SQL
Enable Automated Backups
Severity:
High
Category:
Reliability
Baseline:
Automated backups ensure the protection of your valuable data by creating regular, scheduled backups of your Cloud SQL databases. In case of accidental data loss, database corruption, or other unforeseen issues, you can easily restore your data to the previous state.
Recommendation:
In the Backups section, check whether Automated Backups are enabled.
Enable Automatic Storage Increase
Severity:
Medium
Category:
Cost
Baseline:
If Automated Backups are enabled, whenever your resource nears the full capacity, storage limit will be increased (permanently).
Recommendation:
In the Edit Configurations section check whether the automatic storage increase is enabled under Storage settings.
Check for MySQL Major Version
Severity:
Medium
Category:
Performance
Baseline:
Ensure that your Google Cloud MySQL database instances are using the latest major version of MySQL database in order to receive the latest database features and benefit from enhanced performance and security.
Recommendation:
Upgrade the database version.
Check for PostgreSQL Major Version
Severity:
Medium
Category:
Performance
Baseline:
Ensure that your Google Cloud PostgreSQL database instances are using the latest major version of PostgreSQL database in order to receive the latest database features and benefit from enhanced performance and security.
Recommendation:
Upgrade the database version.
Kubernetes Cluster
Enable Integrity Monitoring for Cluster Nodes
Severity:
Medium
Category:
Security
Baseline:
In the Google Cloud console's Security section, check the Integrity monitoring feature status. Ensure that the Integrity Monitoring feature is enabled for your Google Kubernetes Engine (GKE) cluster nodes in order to monitor and automatically check the runtime boot integrity of your shielded cluster nodes using Google Cloud Monitoring service.
Recommendation:
Enable Integrity Monitoring for Cluster Nodes.
Restrict Network Access to GKE Clusters
Severity:
Medium
Category:
Security
Baseline:
Adding master authorized networks can provide network level protection and additional security benefits for your Google Kubernetes Engine (GKE) cluster. Authorized networks grant access to a specific set of trusted IP addresses, such as those that originate from a secure network.This can help protect access to your GKE cluster in case of a vulnerability in the cluster's authentication or authorization mechanism.
Recommendation:
Check the Master authorized networks attribute value. If the Master authorized networks value is set to Disabled, anyone on the Internet can perform network connections to the cluster control plane.
Configure Shielded GKE Cluster Nodes
Severity:
Medium
Category:
Security
Baseline:
Ensure that your Google Kubernetes Engine (GKE) cluster pool nodes are shielded in order to provide strong cryptographic identity.This limits the ability of an attacker to impersonate a node in your GKE cluster even if the attacker is able to extract the node credentials.
Recommendation:
Configure Shielded GKE Cluster Nodes. Check the Shielded GKE Nodes configuration attribute value.