How to Remove Get Genuine Office Banner?

Recently, when I open my Word or Excel files, a yellow banner will pop up warning me about a genuine Office problem. It locates above the content and right under the tools bar. The complete message is as below.

ACTION NEEDED
Your license isn’t genuine, and you may be a victim of software counterfeiting. Avoid interruption and keep your files safe with genuine Office today.
Get genuine Office

get genuine Office warning message

That banner doesn’t always appear. Once in a while, I can’t see it when I start an Office app. Yet, it may reappear while I’m working on the Office documents. Have you ever received this warning message or are you suffering from it now? Why does this happen? And how to get rid of this issue? just continue reading.

How to Remove Get Genuine Office Icon?

Many methods that MAY remove the genuine office banner from your Office software.

In Outlook 2016 and later, you should navigate to File > Office Account > Account Privacy > Manage Settings.

disable connected experience in Microsoft Word

Turn off this connected experience option will disable experiences that analyze your content, download online content, as well as other connected experiences like co-authoring and online file storage.

Solution 2. Stop OGAAddin.dll from Loading with Office App

OGAAddin.dll and OGAVerify.exe are a few files that has been installed by OGA Notifications. OGAAddin.dll enables OGA Notifications to install as an add-in to apps in Microsoft Office productivity suites to show not genuine warning to illegal or illegitimate copy of Office.

Therefore, by disabling the OGAAddin.dll from loading will remove the get genuine office message.

  1. Press Windows + R keys on the keyboard to open the Windows Run box.
  2. Input “regedit” and click OK to launch Registry Editior.
  3. Use “Ctrl + F” to search for OGAAddin.connect registry key.
  4. In the right section of Registry Editor will list the search result. Find and right-click on Load Behavior and select Modify.
  5. Alter the value data from 3 to 0.
  6. Repeat for each and every OGAAddin.connect found.

Doing this will make Windows thinks that OGA is installed. So, it won’t prompt uer to install OGA again. Or, you can directly remove the OGAAdmin from the Add-ins tab of the Options windows mentioned in Solution 1 or from file explorer (%SystemDrive%\Windows\System32 or %SystemDrive%\Windows\SysWow64).

Solution 3. Active Office with Genuine License

If you have purchased an Office product key before, make sure you have registered the Office app on your computer with it. If not or if you are not sure about the registration, just register current office again!

Solution 4. Install Genuine Office

Similarly, if you have ever bought a genuine Office but forget to install it on your machine and replace the installed unknown version, just uninstall your current problematic version of Office and install the genuine version.

Solution 5. Reinstall the Genuine Version of Office

If your current version of Microsoft Office is genuine and you still be noticed the get genuine Office error, you can try to reinstall your Office if you can still find the installation disc or USB.

Solution 6. Re-log into Microsoft Office

Sometimes, problems may occur if you haven’t touched your account for a long time and the official side can’t tell whether you are the legitimate user of the product. So, the get genuine Office banner might disappear after you log out and log in to your Microsoft account again.

Why the Get Genuine Office Notification Appears?

If you see a genuine Office error when you open an Office app, it is due to that Microsoft determines that the Office product that is installed on your computer is not legitimate and you may be a victim of software counterfeiting.

Risks of Counterfeit Software

Counterfeit programs are inherently dangerous and pose many risks.

Expose You to Malware or Virus Attacks

Counterfeit apps lack sufficient security measures, which leaves the door open for hackers. Therefore, it may cause serious bad effects to your work and business.

Cause Files Corruption and Data Loss

While using counterfeit software, you might lose crucial data both personal and business.

Prevent You from Receiving Critical Security Updates or Editing Your Files

Another negative effect that counterfeit tools may bring to you is the inability to receive critical security updates provided by Microsoft Office. Also, you may not be able to edit your files if you keep using counterfeit software.

Tip: To prevent data loss due to counterfeit Office, you can back up important data in advance with professional and reliable file backup software – MiniTool ShadowMaker.

Stay Safe with a Genuine Office License

If you have purchased a genuine Office before, make sure you have installed the genuine version or have activated your installed Office. If you haven’t yet got a genuine Office product, you can purchase a genuine Office from the Microsoft official website, Microsoft Store, a trusted reseller, or another credible source.

If you get your Microsoft Office from your company, school, or other organizations, just contact your IT admin and tell him about the “get genuine Office” popup. If your are the admin, you can learn something about Microsoft 365 or Office & Office 365 licensing options to get rid of the popup.

How to Tell Whether Your Office Is Genuine or Not?

There are several ways that can help you identify whether your Office software is genuine or not.

First of all, if your Office product is preinstalled on your computer when it comes out of the factory, it should be a genuine Office version.

If you buy Microsoft Office by yourself and then install it on the device, it depends. Generally, if you purchase Office from Microsoft’s official page, an authorized reseller, or a trusted retail store, your Office should also be genuine. If you are not sure about the authorization of your salesman or you just pick up the Office in a personal way, the product may be a counterfeit.

Secondly, you can configure out whether your Office is genuine or not by watching some physical signs listed below.

Retail Box Certificate of Authenticity (COA)

The COA label is pasted on the outside of the retail box. It explains what the product is, it’s country of intended use, as well as the country of origin. COA has a holographic and color-shifting feature.

Product Key Label

The product key label is a white or orange label and it locates next to the COA on an installation CD, DVD, or USB. Besides the barcode and product key, there is a small amount of print on the left edge and the top right corner.

When inspecting closely, maybe a magnifier is needed, the name “MICROSOFT” can be seen in green on the right side and in blue on the left side. The product key label contains a 25-character product key and it can’t be sold separately.

Hardware Appearance

Microsoft packaged software prior to Windows 10/11, such as Windows, Windows Server, and Office, on a CD/DVD that bears vibrant color and 3D effects on the inner hub of the disc when the disc is tilted.

In addition, optical security features can be seen from both sides of the disc, near the inner hole of the disc and along the outer edge. When the disc is flipped over, any text or numbers will be seen as a mirror image of the reverse side.

There is also an inner mirror band (IMB) hologram located on the inner part of the back (data) side of the DVD. It changes color as the disc is tilted. Within the IMB area, there is an indicator arrow with a point towards the outer edge of the disc. Also, there is a small corresponding indicator arrow on the thin outer mirror band (OMB), facing the much larger IMB version. Those 2 elements should be in direct alignment with each other.

On the thin OMB ring, there is an area that shows “Microsoft” changing to the word “Genuine” if you slightly tilt the disc from left to right.

In limited countries and regions worldwide, you may receive your Office 2016 backup software on a USB stick that includes vibrant color and 3D effects as the USB is tilted.

Note: The copper holographic material is embedded within the DVD/CD/USB and it is NOT a sticker. That is to say, if the hologram peels away, you are probably receiving a counterfeit.

Packaging

Poor-quality packaging is also a way for you to tell whether your product is genuine or not. If you see blurry words or images, poor-quality print, spelling errors, incorrect or improper logos/photos, etc., you are probably holding counterfeit software.

How to Remove the Get Office Ads in Windows 10/11?

Besides the get genuine Office warning in Office apps, you may also experience the get Office message while using the Win10 system. The advertisement are triggered by a specific app preinstalled with Windows 10/11. It aims to persuade you to download and install Office since Office isn’t included in Win10/11.

If you are annoying about the get Office ads and want to remove them, there are some fixes.

Fix 1. Uninstall the Get Office App

In the Start menu, find “Get Office” under All Apps, right-click on it, and select Uninstall. You can also try to uninstall that application in Windows Settings or Control Panel. Yet, the “Get Office” app may reinstall itself automatically after some time or after a new Windows update. Then, you have to uninstall it again.

Fix 2. Permanently Remove the Get Office Ads in Windows Settings

To permanently get rid of the Office advertising, you need to do some Windows settings. Move to Start > System > Notifications & actions, scroll down to find Get notifications from these senders, find the “Get Office” app in the list of apps, and tog it off.

Windows notifications and actions settings

Fix 3. Remove the Get Office Tile from Start Menu

You may also view “Try Office 365 for 1 month” or a similar title in your Windows 10/11 Start menu. Though it is the default settings, you can wipe it from the Start screen. Just right-click on the title and select Unpin from Start.

Finally

Have you removed get genuine Office icon finally? If not, maybe you should leave it alone or you can continue to search for further possible solutions online. If you have found other solutions that haven’t been mentioned in this article, please be kind to share them with others in below comment area. Thank you!

21+ Ways to Use Chat GPT for Content Creation

As a blogger or content creator, you know that producing high-quality and engaging content consistently is no easy feat. It can take hours of research, brainstorming, and editing to create a single piece of content that resonates with your audience. That’s where ChatGPT comes in. In this article, we’ll explore 25 ways that bloggers can utilize Chat GPT for content creation to streamline their efforts, save time and resources, and create high-quality and engaging content that resonates with their audience.

ChatGPT is an AI-powered language model that can assist content creators in generating various types of content, from social media captions and blog outlines to video scripts and ad copy.

So, let’s dive in and discover how ChatGPT can take your content creation to the next level.

21+ Ways to Use Chat GPT for Content Creation

Product Descriptions: Bloggers can use this tool to create compelling product descriptions for their own products, like books, digital goods, and other online programs and services they offer. Also, they can use it for affiliate or sponsored content. By inputting the product name or key features, ChatGPT can suggest different descriptions that highlight its benefits and features.

Website copy: It can assist bloggers in crafting website copy that is informative, engaging, and optimized for SEO. By inputting their target audience or brand values, ChatGPT can suggest different website copy that resonates with their audience and reflects their brand identity.

Interview questions: Bloggers can use this tool to generate interview questions for their podcast or blog interviews. By inputting the interviewee’s name or industry, ChatGPT can suggest different questions that encourage conversation and provide valuable insights.

Testimonials: ChatGPT can help bloggers create testimonials for their blog or website. By inputting their customer’s name or experience, it can suggest different testimonials that showcase the value of their products or services. Always check with the client or customer to have them approve the final copy before using the AI-generated testimonial.

Social media posts: It can be used to generate social media posts that are informative, engaging, and on-brand. By inputting their topic or keyword, ChatGPT can suggest different posts that encourage conversation and drive engagement.

Infographics: ChatGPT can assist bloggers in creating infographics that are visually appealing and informative. By inputting their topic or data points, it can suggest different designs and layouts that effectively convey their message.

Podcast scripts: It can generate podcast scripts that are informative, engaging, and organized. By inputting their topic or talking points, ChatGPT can suggest different sections or segments that encourage conversation and provide value to their listeners.

Video scripts: This tool can help bloggers create video scripts that are engaging, informative, and well-structured. By inputting their topic or key points, it can suggest different sections or segments that effectively convey their message.

Ad copy: Bloggers can utilize ChatGPT to create compelling ad copy for their sponsored content or advertising campaigns. By inputting their target audience or call-to-action, ChatGPT can suggest different ad copy that encourages clicks and conversions.

Newsletter content: It can assist bloggers in creating newsletter content that is informative, engaging, and valuable. By inputting their topic or key points, ChatGPT can suggest different sections or segments that provide insights or updates to their subscribers.

Content outlines: Bloggers can use ChatGPT to generate outlines for their blog posts, providing a framework for their writing and ensuring that they cover all necessary topics.

Generate headlines: ChatGPT can help bloggers generate catchy, attention-grabbing headlines for their blog posts, increasing the likelihood that readers will click through to read more.

Conduct research: It can assist bloggers in researching different topics or industries, providing additional insights and statistics to include in their blog posts.

Improve SEO: Bloggers can use ChatGPT to generate keywords and optimize their content for search engines, increasing the visibility of their blog posts.

Write summaries: ChatGPT can assist bloggers in summarizing long articles or reports, providing readers with a quick overview of the most important points.

Provide translations: Bloggers can use this tool to translate their blog posts into different languages, expanding their reach to a global audience.

Create personas: ChatGPT can help bloggers create detailed personas of their target audience, providing insights into their interests, pain points, and behaviors.

Create quizzes: Bloggers can use ChatGPT to create interactive quizzes that engage readers and provide valuable insights into their knowledge or preferences.

Email subject lines: This tool can assist bloggers in crafting catchy email subject lines that encourage readers to open and read their emails. Bloggers can input their email content or key topics, and ChatGPT can suggest subject lines that are attention-grabbing and personalized.

Blog outlines: Bloggers can use ChatGPT to generate outlines for their blog posts, providing a framework for their writing and ensuring that they cover all necessary topics. By inputting their main topic or keyword, ChatGPT can suggest different sections or subtopics to include in their blog post.

H2 subheader suggestions: ChatGPT can help bloggers come up with creative and engaging H2 subheaders for their blog posts. By inputting their blog post content or key topics, it can suggest subheaders that are informative and attention-grabbing.

Meta descriptions: Bloggers can use ChatGPT to generate meta descriptions that accurately summarize their blog post content and encourage readers to click through to their website. By inputting their blog post content or key topics, ChatGPT can suggest different meta descriptions that capture the essence of their content and highlight its value.

Overall, ChatGPT can be a powerful tool for bloggers to create various types of content, from social media captions and email subject lines to blog outlines and meta descriptions. By leveraging the power of AI, bloggers can save time and resources while creating engaging and valuable content that resonates with their audience.

 

How to play YouTube in the background on iPhone or iPad

YouTube is a great place to listen to music, but you’ll have noticed a big limitation when using it on your iPhone: the music stops when you turn off the screen or when you return to the home screen and open another app.

Being able to turn off the screen is pretty important and not just for saving battery power: it also stops the touchscreen working while the phone’s in your pocket and accidental taps which can skip to the next video.

Since you reading this, you already know that the YouTube app won’t let you turn off the screen while watching a video so you can listen to music in the background.

That’s because Google wants you to pay for YouTube Premium or YouTube Music Premium, both of which add this useful feature.

The easy answer, then, is to pay for YouTube Music or YouTube Premium and you’ll be able to play music with the screen off or while using another app.

But what if you don’t fancy shelling out for yet another monthly subscription? Well, good news: here are a couple of workarounds that will do the same job, but for free!

Method 1: Use a web browser

If you’ve already tried this in Safari or Google Chrome you may have concluded this workaround doesn’t work any more, but you’d be wrong.

You can use Firefox or Opera instead. Install one of these apps and browse to YouTube.

Be careful that you’re not redirected to the official YouTube app if it’s installed on your iPhone. If that happens, then type m.youtube.com into the address bar in Firefox or Opera and you should see the mobile site load.

If you want to listen to playlists you’ve already created, sign into your YouTube (Google) account by tapping the three vertical dots at the top-right corner and then tap Sign In.

1.Find something to listen to
How to play YouTube in background iPhone - 1


Search for the music or whatever you want to listen to and tap on the video. Wait for any adverts to finish and the video itself is playing.

2. Make the video full-screen
How to play YouTube in background iPhone - 2


Tap the full-screen icon (bottom-right of the video, arrowed) to hide the rest of the web page.

3.

Use control centre to continue playback

How to play YouTube in background iPhone - 3


Return to the home screen or switch to another app. Swipe down to access Control Center and press the play button in the music controls to resume playback.

The music should continue to play. You can either use another app while listening, or turn off your iPhone’s screen and save your battery power.

Method 2: Use an app

Search the App Store for an app which can play YouTube as a picture-in-picture (or floating window). One example is YubePiP, which was available and working well when we wrote this.

Simply install it – it’s free, but will nag you to upgrade to Pro – and you should find yourself on the YouTube sign-in screen. You don’t have to sign in – just choose your cookie preference and you can then use the search function to find the song you want to listen to.

As above, if you do sign in, you can play your usual playlists and find music you like.

Tap on the video, wait until any adverts have finished (or skip them, if you really don’t want to support the artist) and wait until the actual video is playing.

How to play YouTube in the background on iPhone - 4


Now tap the icon arrowed to put the video in a floating window.

How to play YouTube in the background on iPhone - 5


You can then swipe up to return to the home screen. The video will keep playing and you can drag the video to wherever it’s not in the way.

How to play YouTube in the background on iPhone - 6


You can even swipe it off the screen so it takes up virtually no space at all: you’ll see a small arrow that you can use like a pull tab to bring it back later. The sound will keep playing in the background.

How to play YouTube in the background on iPhone - 7


You can launch any other app you like, but you can also listen with the screen off as well.

Press the sleep/wake button to turn your iPhone off and the audio should continue to play. If it doesn’t, then press the power button again and tap the play button on the lock screen to restart the audio (you can also skip between songs in a playlist too).

Now when you turn off your iPhone or iPad, the audio will keep playing.

GCP Flowcharts (Cheatsheet for ACE and PCA GCP certification)

Please note that I have no association with any training companies or third parties linking through to this post. This post is freely available to help folks understand Google Cloud!

So it’s easy to find the one you want. This single post also allows me to maintain an up to date collection from one place.

Once I have more than 1 flowchart for a topic/ area I will create a new heading ,for now those singletons are under misc.

Attribution: All graphics & flowcharts apart from ones I drew myself & Sara’s cheerfully copied from the Google Cloud platform or blog site

Latest additions - May 2021: Authenticating service accounts & choosing private access options ( Security)

😀

Compute

Which compute option ?

Even with the increasing popularity of serverless options traditional Compute options are very much in demand. I know I know I’m using traditional and including App engine & Kubernetes but even k8s is 5 years old now ( at the time of writing June 2019) so I think I can get away with that :-) So choosing a traditional compute option flowchart is still very much valid

GCP has a continuum of compute options which can be graphically depicted as:

alt_text

It may be obvious at either end of the continuum which option you choose but the decision becomes less straigh tforward in the middle so flowchart to the rescue :

alt_text

The compute flowchart with accompanying words can be found here and a nice table comparing the compute options is here.

Which Serverless (compute) Option?

If you want access to compute power where you just want to write the code and not have to worry about the underlying infrastructure then the serverless options are for you. Basically GCP takes care of the servers that are actually lurking way underneath the abstraction for you as well as the provisioning ( scaling up & down ) .

alt_text

GKE by itself is not serverless as fits this description as you still have to define and configure way too much it’s not just a here’s my code and here you go through but it does provide the platform for a serverless platform as you can see in the flow chart. But the sharp eyed amongst you may have noticed that Apo Engine can be considered a serverless service although it’s also included in the what I call traditional compute option

The flow chart and words about GCP serverless options can be found here There’s also a product comparison table

Sizing & scoping GKE clusters to meet your use case

Determining the number of GKE ( Google kubernetes engine) clusters and the size of the clusters required for your workloads requires looking at a number of factors. The article Choose size and scope of Kubernetes engine discusses these factors. Alas it’s sadly lacking a flowchart so I’ve addressed that for you ( maybe at some point the article will include a flowchart ). I know it seems I have created 2 mini charts but then it was a post about sizng & scoping your GKE clusters !

alt_text

The words discussing the decision points are all in the article

Serverless Scaling Strategies

Write code, deploy it and the scaling will happen automagically for you thats the usp of “serverless” . That may be mostly true if your full stack auto scales but in a lot of cases that isn’t the case and suddenly you do need to start worrying about backend services such as a database for example that has rate and connection limits. To help you with architecting your serverless applications built with GCP so they scale effectively my colleague @ptone wrote about 6 strategies you can adopt here . And yes he included a flowchart for your delectation to help you figure out which strategy is the right one for your use case : alt_text

If after admiring that flowchart you want to dive deeper into rate limiting techniques using GCP there’s this

Storage and Data

What Storage type?

Data data data data data! ( Sung to the 60’s Batman theme music) . I struggle to think of any application where data isn’t a thing . The myriad ways you can store your data is probably after considering the security controls needed the most important decision you need to make. Google Cloud has your back with some useful tables (I love tables too) which can be found here and here’s a complementary flowchart to help you decide which storage option fits your use case

alt_text

How to select the appropriate way to transfer data sets to GCP for your use case

Transferring large data sets to GCP ( or indeed any cloud) means that you have to consider two initial questions How much data do you need to transfer? and how long have you got to get that data to GCP? In this case we are really focusing on getting large volumes of data to Cloud Storage. This then leads onto the other questions that you need to consider to allow you to determine what transfer method may meet your use case . How are you connected to GCP? How much bandwidth is actually available between your source and GCP? The article on Transferring big data sets to GCP discusses the information you need to determine the connectivity required and what methods to choose. It has a flowchart and the one below is a slightly modified version of the one found in the article.

alt_text

Choosing a Cloud Storage class for your use case

Cloud Storage (GCS) is a fantastic service which is suitable for a variety of use cases. The thing is it has different classes and each class is optimised to address different use cases. All the storage classes offer low latency (time to first byte typically tens of milliseconds) and high durability. You can use the same APiIs , lifecycle rules etc . Basically the classes differ by their availability, minimum storage durations, and charges for storage and access.

There are 4 classes that you need to care about .

Multi regional — geo redundant storage optimised for storing data that is frequently accessed (“hot” objects) for example web site serving and multi media streaming.

Regional — Data can be stored at lower cost, with the trade-off of data being stored in a specific regional location, instead of having redundancy distributed over a large geographic area. This is ideal for when you need the data to be close to the computing resources that process the data say for when using Dataproc.

Nearline — Nearline Storage is ideal for data you plan to read or modify on average once a month or less. Nearline Storage data stored in multi-regional locations is redundant across multiple regions, providing higher availability than Nearline Storage data stored in regional locations. This is great for backups . You should be carrying out regular DR fire drills at least once a month which includes recovering your data from your backups !

Coldline- a very low cost, highly durable storage service. It is the best choice for data that you plan to access at most once a year, due to its slightly lower availability, 90-day minimum storage duration, costs for data access, and higher per-operation costs. This is ideal for long term archiving use cases

Here’s a flow chart that helps you decide which storage class is appropriate for your use case when you don’t feel like reading too many words to figure out your choices ( which after all is what flowcharts are for ) .

alt_text

For an overview of the GCS storage classes see here

Data processing - Cloud Dataflow versus Cloud Dataproc

If you have lots of files that need processing you may already be familiar with the Hadoop /Spark ecoystem and you would probably use GCP’s Cloud Dataproc as the path of least resistance. But GCP also has a unified batch & stream service Cloud Dataflow which is their managed Apache beam . Cloud Dataflow is a service unlike Dataproc where you don’t need to worry about the compute so it’s a “serverless” service because GCP takes care of provisioning and managing the compute on your behalf. GCP have created a handy flowchart for you which can be found on both the Cloud Dataflow & Cloud Dataproc landing pages with more words than I have here.

alt_text

Security

How to manage encryption keys

GCP has a continuum of ways for you to manage your encryption keys graphically depicted as

alt_text

Yes I know that the continuum graphic alone is probably all you need but when the announcement for the KMS service was made they produced a flow chart and I Just had to include it here

alt_text

The words that go with the above can be found here and a nice table that compliments the flow chart can be found here at the Encryption at rest landing page . ( Everything you ever wanted to know about Encryption at rest on GCP and more !)

Which Authentication option ?

I was torn about keeping this one in this list but in the end I decided to keep it as it was still valid and the flowchart below it on using GCP’s Identity platform complemented rather than replaced it. This is one of my own flowcharts as at the time I wrote the original medium post GCP didn’t have one for this yet!! Then in Dec 2nd 2017: Neal Mueller responded to my hint about wanting a GCP flowchart for Authentication and it’s so much prettier than my version 😊 so I updated the flowchart below with the prettier version! Thanks Neal.

So just to make sure we are on the same page authentication identifies who you are ! This flowchart is focused on whether its identity — > application ( deployed on GCP) or identity — > direct access to GCP

alt_text

and as I haven’t written the words to go with this flowchart I’ve left you a few links instead:

Firebase Authentication

Service Accounts

GAE User authentication options

Cloud IoT using JSON Web Tokens

Cloud Identity

Need an identity mgt product?

How you manage your identities depends on the use case. Need to manage users who will have direct access to GCP resources versus users who need access to an application that you’re hosting on GCP? Different requirements and thus different solutions required. Here’s a flowchart to help you figure out out the right solution for your use case.

alt_text

I will get round to updating this flowchart one day to reflect the name change from CICP to identity platform . The words that go with the flowchart can be found here.

Securing your GKE end points

Arguably this flowchart could be catalogued under Compute but as it’s about securing end points under security it goes. The idea for this flowchart arose after my team had the discussion re what option would be appropriate for what use case when you want to secure your end points using GKE. So thanks team for the inspiration for this one

When a GKE operator wants to serve content from GKE and secure it they have a number of ways of addressing this depending on the use case as shown in this flow chart:

alt_text

APi’s exposed outside of your GKE cluster then use Apigee edge which provides a way to manage your API’ss acting as a proxy to them. It can provide services such as security e.g is that call to your API authorized.

If you are looking at service to service security within the cluster then Istio is the mesh for you

if you are wanting to authenticate access to your web apps it depends on whether they are internal users or external. For internal users then Cloud IAP is where you need to stop and have a look while for end users Identity platform is the stop you need.

You can also use Istio and Apigee together. Istio can secure the communication between services, provide observability, etc while Apigee can provide external authentication, quotas and overall API policy management.

There are nuances particularly with istio which and I quote my team mate James “the lines blur a bit when looking at Istio” but starting from here isn’t a bad place to start from

Authenticating service accounts

Depending on your use case the way you configure service accounts to authenticate to Google cloud to access resources differs

The article: Best practices for using and managing service accounts

Identifies four ways you can approach authentication to meet specific use cases.

Attached service accounts - you attach the service account to the underlying compute resource. By attaching the service account, you enable the application to obtain tokens for the service account and to use the tokens to access Google Cloud APIs and resources.

For kubernetes use workload identity - Create a dedicated service account for each Kubernetes pod that requires access to Google APIs or resources. This limits the scope of access to the pod level rather than the node. For each Kubernetes pod that requires access to Google APIs or resources you create a Kubernetes service account and attach it to the pod . Workload Identity is used to create a mapping between the service accounts and their corresponding Kubernetes service accounts.

Running your application on premises or another cloud no problem you can use Workload identity federation. Workload identity federation lets you create a one-way trust relationship between a Google Cloud project and an external identity provider. Once you’ve established the trust, applications can use credentials issued by the trusted identity provider to impersonate a service account. By using workload identity federation, you can let applications use the authentication mechanisms that the external environment provides ( e.g AD FS,AWS temporary credentials ) and you avoid having to store and manage service account keys.

There are always cases where you need to do the thing we really don’t want to do and in this case it’s having to download service account keys so as loathe as I am to mention this option due to the risks involved with downloading service account keys there are just some situations it cannot be avoided . If you must do this then I would suggest using Vault secrets engine to manage service account keys. And no entry here is complete without its flowchart:

alt_text

Choosing Private access options

Accessing Google APIs and services from non public routable IP addresses is a very common configuration requirement and as you would expect there are various ways to achieve this using Google Cloud. What configuration you use ultimately boils down to having to be concerned about three things

  • If your source is on premises or it’s a Google cloud resource
  • If you need to only access resources that are supported by VPC service controls
  • Is your Google cloud source serverless or not

If your source is on premises you need to connect to a Google cloud VPC network by using Cloud VPN or Cloud Interconnect . If you need to restrict access to only those services supported by VPC Service controls you need to configure DNS, firewall rules, and routes to use one of the Private Google Access-specific domains and VIPs

Use restricted.googleapis.com when you only need access to Google APIs and services that are supported by VPC Service Controls. See the list of supported services here .

Use private.googleapis.com if you need access to any google apis or service that is not restricted by you configuring VPC Service Controls.

By configuring private google access on the subnet of your Google cloud VPC network where you have VMs without external IP addresses the VMs can also use Private Google Access-specific domains and VIPs to access Google Cloud services and APIs

An alternative configuration for VMs without external IPs is to use a private service connect endpoint in your VPC network. There are some cool use cases that this can be used with from your on-premises network as well. For example you can use your own wide-area networking instead of Google’s, to control data movement by you managing which Cloud Interconnect attachment (VLAN) is used to send traffic to Google APIs.

If your serverless environment needs to access resources in your VPC network via internal IP addresses then use Serverless VPC access . This enables you to connect from Cloud Run, Cloud Functions or App Engine Standard directly to your VPC network.

Here’s the obligatory flowchart (I used Excalidraw)

alt_text

Networking

Which Network Tier?

GCP’s network even if I say so myself is fantastic but it’s recognised that not every use case needs to optimize for performance and cost may be the driver. So welcome to Network tiers.

alt_text

You can see the funky animated gif for the above image here

alt_text

The words that go with the above can be found here . There are some useful tables there too.

Choosing a Load balancer

Load balancing is great it allows you to treat a group of compute resources as a single entity providing an entry point that has in the case of GCP load balancing services a single anycast IP address. Combining GCP Load balancers with autoscaling you can scale the resources up and down according to metrics you configure. There are loads more cool features but you get the idea. So what type of load balancing service do you need? Layer 7, layer 4, global , regional? Maybe you need an internal load balancer well there’s a flowchart for helping you decide ( Okay you knew that was coming didn’t you? 😃)

alt_text

Here are the words to go with the flowchart. Once you have figured out what load balancing option is likely to address your needs have a look at the load balancing overview page as a first stop before diving in.

Choosing the floating IP address pattern that maps to your use case

Floating IP’s are a way to allow you to move an IP address from one server to another . Typically this pattern is usually required for HA deployments or for disaster recovery scenarios. For example where you have one active server or appliance such as databases with a non serving replica /hot standby . When you have to swap to the secondary server you point the floating IP to it. This negates the need to update clients to use an alternative IP to point to the alternative server. The article On best practices for floating IP addresses has a list of uses cases for on premises and provides a number of options for implementing the pattern for Compute engine instances and yes has a flowchart to help you choose the solution for your use case . Here’s the flow chart

alt_text

Options for connecting to other clouds from GCP

Whatever the reasons ( They range from having processing in one place and data somewhere else, to distributing processing across clouds, through to DR etc) people want to be able to connect to other clouds from GCP.

GCP have written a great article describing the various patterns that can be employed and yes they have a flowchart to help you decide which pattern is the right one for your use case which I share here for your delectation:

alt_text

The article with this flowchart and a walk through of the different patterns can be found here

Data Analytics

ML or SQL ?

Always wanted to know whether you really need to use ML or whether a SQL query will suffice well Sara Robinson tweeted this flow chart

alt_text

From https://twitter.com/SRobTweets/status/1053273512079699968

She then wrote some words to augment the flowchart here and then wrote some more words walking you through figuring out if ML is a good fit for your prediction task. A SQL query may be all you need. Use the right tool for the job . I love these two posts well I do get to look at the flowchart twice !

Running Juypter notebooks on Google cloud

Jupyter notebooks are used to create and share documents that contain live code, equations, visualizations and narrative text. Their use for data science use cases is ubiquitous. Depending on your use case you need to make a decision re exactly how you manage them on Google cloud to meet the balance between the controls administrators need to apply to meet the principles of least privilege by using a hub to manage user profiles centrally , yet allowing users of the notebooks to do their jobs without restrictive controls getting in the way as they see it!

It’s a delicate balancing act and then to add to that you need to figure out what product is suitable to run your notebooks on:

This all starts to feel confusing but by starting with the question of whether the users of the notebooks need to use spark you can quickly determine what configuration meets your use case.

The article Extending AI Platform Notebooks to Dataproc and Google Kubernetes Engine has a handy flow chart that basically starts with that question and a comprehensive walkthrough to help you figure out what is the right configuration for you to run Jupyter notebooks for your use case.

alt_text

Misc

Hybrid & multi-cloud logging & monitoring patterns

Hybrid and multi-cloud architectures are here to stay and looking at ways to manage those is key to not having to wipe the tears of ops/ sysadmin staff dealing with the operational overhead. It’s important to have a consistent logging and monitoring approach not only to give a single pane of glass but to simplify the admin of managing applications in two environments. This guide discusses architectural patterns for logging & monitoring in hybrid or multi cloud environments and it’s flow chart helps navigate your choices between a centralised logging approach no matter where your apps are deployed versus a segregated approach.

alt_text

What annotations(labels) should you use for which use case

GCP has a number of ways of annotating or labelling( this can get slightly over loaded hence the use of the word annotation) resources. Each annotation has different functionality and scope, they are not mutually exclusive and you will often use a combination of them to meet your requirements so I wrote a post with added flow chart to help you navigate which annotation(s) to use for what use case. Here’s the flow chart :

alt_text