Google Cloud Platform Services Summary
Last modified: February 12, 2024
The complete list of services that form Google Cloud Platform is shown below. While Google offers many other services and APIs, only the services below are covered by the Google Cloud Platform terms of service, service level agreements (if applicable), and support offerings. Offerings identified below as Software or Premium Software are not Services under the Google Cloud Platform Terms of Service and the Cloud Data Processing Addendum.
Services marked in *asterisks* are not available for resale under the Google Cloud Partner Advantage program, unless specifically authorized in writing by Google.
Compute
App Engine: App Engine enables you to build and host applications on the same systems that power Google applications. App Engine offers fast development and deployment; simple administration, with no need to worry about hardware, patches or backups; and effortless scalability.
Batch: Batch is a fully-managed service that allows you to create batch jobs at scale. The service dynamically provisions certain Google Cloud resources, schedules your batch job on the resources, manages the queue for the job, and executes the job. Batch is natively integrated with Google Cloud services for storage, logging, monitoring, and more.
Compute Engine: Compute Engine offers scalable and flexible virtual machine computing capabilities in the cloud, with options to utilize certain CPUs, GPUs, or Cloud TPUs. You can use Compute Engine to solve large-scale processing and analytic problems on Google's computing, storage, and networking infrastructure.
Google Cloud VMware Engine (GCVE): GCVE is a managed VMware-as-a-Service that is specifically designed for running VMware workloads on Google Cloud Platform. GCVE enables customers to run VMware virtual machines natively in a dedicated, private, software-defined data center.
Workload Manager: Workload Manager is a rule-based validation service for evaluating workloads running on Google Cloud. If enabled, Workload Manager scans application workloads to detect deviations from standards, rules, and best practices that improve system quality, reliability, and performance.
Storage
Backup for GKE: Backup for GKE enables data protection for workloads running in Google Kubernetes Engine clusters.
Cloud Storage: Cloud Storage is a RESTful service for storing and accessing your data on Google's infrastructure. The service combines the performance and scalability of Google's cloud with advanced security and sharing capabilities.
Persistent Disk: Persistent Disk is a durable and high performance block storage service for Google Cloud Platform. Persistent Disk provides SSD and HDD storage that can be attached to instances running in either Compute Engine or Google Kubernetes Engine.
Cloud Filestore: Cloud Filestore is a scalable and highly available shared file service fully-managed by Google. Cloud Filestore provides persistent storage ideal for shared workloads. It is best suited for enterprise applications requiring persistent, durable, shared storage which is accessed by NFS or requires a POSIX compliant file system.
*Cloud Storage for Firebase: Cloud Storage for Firebase adds customizable Google security (via Firebase Security Rules for Cloud Storage) to file uploads and downloads for your Firebase apps, as well as robust uploads and downloads regardless of network quality through the Firebase SDK. Cloud Storage for Firebase is backed by Cloud Storage, a service for storing and accessing your data on Google's infrastructure.
NetApp Volumes: NetApp Volumes is a fully-managed file service powered by NetApp, based on ONTAP, that enables high-performance storage with SMB, NFS, and Multi-protocol file support for file sharing, business applications, and enterprise workloads.
Databases
AlloyDB: AlloyDB is a fully-managed, PostgreSQL-compatible database for demanding transactional and analytical workloads. It is designed to provide enterprise-grade performance and availability while maintaining compatibility with open-source PostgreSQL.
Cloud Bigtable: Cloud Bigtable is a fast, fully-managed, highly-scalable NoSQL database service. It is designed for the collection and retention of data from 1TB to hundreds of PB.
Datastore: Datastore is a fully-managed, schemaless, non-relational datastore. It provides a rich set of query capabilities, supports atomic transactions, and automatically scales up and down in response to load. It can scale to support an application with 1,000 users or 10 million users with no code changes.
Firestore: Firestore is a NoSQL document database for storing, syncing, and querying data for mobile and web apps. Its client libraries provide live synchronization and offline support, while its security features and integrations with Firebase and Google Cloud Platform accelerate building serverless apps.
Memorystore: Memorystore, which includes Memorystore for Redis and Memorystore for Memcached, provides a fully-managed in-memory data store service that allows customers to deploy distributed caches that provide sub-millisecond data access.
Cloud Spanner: Cloud Spanner is a fully-managed, mission-critical relational database service. It is designed to provide a scalable online transaction processing (OLTP) database with high availability and strong consistency at global scale.
Cloud SQL: Cloud SQL is a web service that allows you to create, configure, and use relational databases that live in Google's cloud. It is a fully-managed service that maintains, manages, and administers your databases, allowing you to focus on your applications and services.
Networking
Cloud CDN: Cloud CDN uses Google's globally distributed edge points of presence to cache HTTP(S) load balanced content close to your users.
Cloud DNS: Cloud DNS is a high performance, resilient, global, fully-managed DNS service that provides a RESTful API to publish and manage DNS records for your applications and services.
Cloud Firewall: Cloud Firewall is a fully distributed, cloud-native firewall service that evaluates incoming and outgoing traffic on a network, according to user-defined firewall rules in the policy.
Cloud IDS (Cloud Intrusion Detection System): Cloud IDS is a managed service that aids in detecting certain malware, spyware, command-and-control attacks, and other network-based threats.
Cloud Interconnect: Cloud Interconnect offers enterprise-grade connections to Google Cloud Platform using Google Services for Dedicated Interconnect, Partner Interconnect and Cloud VPN. This solution allows you to directly connect your on-premises network to your Virtual Private Cloud.
Cloud Load Balancing: Cloud Load Balancing provides scaling, high availability, and traffic management for your internet-facing and private applications.
Cloud NAT (Network Address Translation): Cloud NAT enables instances in a private network to communicate with the internet.
Cloud Router: Cloud Router enables dynamic Border Gateway Protocol (BGP) route updates between your VPC network and your non-Google network.
Cloud VPN: Cloud VPN allows you to connect to your Virtual Private Cloud (VPC) network from your existing network, such as your on-premises network, another VPC network, or another cloud provider's network, through an IPsec connection using (i) Classic VPN, which supports dynamic (BGP) routing or static routing (route-based or policy-based), or (ii) HA (high-availability) VPN, which supports dynamic routing with a simplified redundancy setup, separate failure domains for the gateway interfaces, and a higher service level objective.
Google Cloud Armor: Google Cloud Armor offers a policy framework and rules language for customizing access to internet-facing applications and deploying defenses against denial of service attacks as well as targeted application attacks. Components of Google Cloud Armor include: L3/L4 volumetric DDos Protection, preconfigured web-application firewall (WAF) rules, and custom rules language.
Google Cloud Armor Managed Protection Plus: Google Cloud Armor Managed Protection Plus is a managed application protection service subscription that bundles Google Cloud Armor WAF and DDoS Protection with additional services and capabilities including DDoS response support, DDoS bill protection, and Google Cloud Armor Adaptive Protection, which is Google's machine-learning based solution to protect internet-facing endpoints from network and application-based attacks.
Media CDN: Media CDN is a content delivery network that leverages Google's global edge cache nodes to deliver exceptional caching efficiency and end user experiences.
Network Connectivity Center: Network Connectivity Center is a hub-and-spoke model for network connectivity management in Google Cloud that facilitates connecting a customer's resources to its cloud network.
Network Intelligence Center: Network Intelligence Center is Google Cloud's comprehensive network monitoring, verification, and optimization platform across the Google Cloud, multi-cloud, and on-prem environments.
Network Service Tiers: Network Service Tiers enable you to select different quality networks (tiers) for outbound traffic to the internet: the Standard Tier primarily utilizes third party transit providers while the Premium Tier leverages Google's private backbone and peering surface for outbound data transfer.
Service Directory: Service Directory is a managed service that offers customers a single place to publish, discover and connect their services in a consistent way, regardless of their environment. Service Directory supports services in Google Cloud, multi-cloud, and on-prem environments and can scale up to thousands of services and endpoints for a single project.
Spectrum Access System: Spectrum Access System enables you to access the Citizens Broadband Radio Service (CBRS) in the United States, the 3.5 GHz band that is available for shared commercial use. You can use Spectrum Access System to register your CBRS devices, manage your CBRS deployments, and access a non-production test environment (if offered).
Telecom Network Automation: Telecom Network Automation is Google Cloud's implementation of open source Nephio that delivers simple, carrier grade, cloud-native automation to support the creation of intent driven networks.
Traffic Director: Traffic Director is Google Cloud Platform's traffic management service for open service meshes.
Virtual Private Cloud: Virtual Private Cloud provides a private network topology with IP allocation, routing, and network firewall policies to create a secure environment for your deployments.
Operations
Cloud Logging: Cloud Logging is a fully-managed service that performs at scale and can ingest application and system log data, as well as custom log data from thousands of VMs and containers. Cloud Logging allows you to analyze and export selected logs to long-term storage in real time.
-
Cloud Error Reporting: Cloud Error Reporting analyzes and aggregates the errors in your cloud applications and notifies you when new errors are detected.
Cloud Monitoring: Cloud Monitoring provides visibility into the performance, uptime, and overall health of cloud-powered applications. Cloud Monitoring collects metrics, events, and metadata from certain Services, hosted uptime probes, application instrumentation, alert management, notifications and a variety of common application components.
Cloud Profiler: Cloud Profiler provides continuous profiling of resource consumption in your production applications, helping you identify and eliminate potential performance issues.
Cloud Trace: Cloud Trace provides latency sampling and reporting for App Engine, including per-URL statistics and latency distributions.
Google Cloud Backup and DR: Google Cloud Backup and DR is a managed backup and disaster recovery service for centralized protection of workloads in Google Cloud.
Developer Tools
Artifact Registry: Artifact Registry is a service for managing container images and packages. It is integrated with Google Cloud tooling and runtimes and comes with support for native artifact protocols. This makes it simple to integrate it with your CI/CD tooling to set up automated pipelines.
Assured Open Source Software (AOSS): AOSS is a service that enables enterprise and public sector users of open source software to easily incorporate into their own developer workflows the same scanned, analyzed and fuzz-tested open source software packages that Google uses.
Cloud Build: Cloud Build is a service that executes your builds on Google Cloud Platform infrastructure. Cloud Build can import source code from Cloud Storage, Cloud Source Repositories, GitHub, or Bitbucket; execute a build to your specifications; and produce artifacts such as Docker containers or Java archives.
Cloud Deploy: Cloud Deploy is a service for managing and performing application continuous delivery to Google Kubernetes Engine. It allows for process specification and control of application delivery.
Cloud Source Repositories: Cloud Source Repositories provides Git version control to support collaborative development of any application or service, including those that run on App Engine and Compute Engine.
Cloud Workstations: Cloud Workstations provides fully-managed and customizable development environments with enhanced security. It enables administrators to easily provision, scale, manage, and secure development environments, while providing developers with fast development environments via browser or local integrated development environment (IDE).
Container Registry: Container Registry is a private Docker image storage system on Google Cloud Platform. The registry can be accessed through an HTTPS endpoint, so you can pull images from your machine, whether it's a Compute Engine instance or your own hardware.
*Firebase Test Lab: Firebase Test Lab lets you test your mobile app using your test code or automatically on a wide variety of devices and device configurations hosted in a Google data center, with test results made available in the Firebase console.
Secure Source Manager: Secure Source Manager is a fully-managed service that provides a Git-based source code management system.
Test Lab: Test Lab enables you to test mobile applications using physical and virtual devices in the cloud. It runs instrumentation tests and script-less robotic tests on a matrix of device configurations, and reports detailed results to help improve the quality of your mobile app.
Data Analytics
BigQuery: BigQuery is a fully-managed data analysis service that enables businesses to analyze Big Data. It features highly scalable data storage that accommodates up to hundreds of terabytes, the ability to perform ad hoc queries on multi-terabyte datasets, and the ability to share data insights via the web.
Cloud Composer: Cloud Composer is a managed workflow orchestration service that can be used to author, schedule, and monitor pipelines that span across clouds and on-premises data centers. Cloud Composer allows you to use Apache Airflow without the hassle of creating and managing complex Airflow infrastructure.
Cloud Data Fusion: Cloud Data Fusion is a fully-managed, cloud native, enterprise data integration service for quickly building and managing data pipelines. Cloud Data Fusion provides a graphical interface to help increase time efficiency and reduce complexity and allows business users, developers, and data scientists to easily and reliably build scalable data integration solutions to cleanse, prepare, blend, transfer, and transform data without having to wrestle with infrastructure.
Cloud Life Sciences (formerly Google Genomics): Cloud Life Sciences provides services and tools for managing, processing, and transforming life sciences data.
Data Catalog: Data Catalog is a fully-managed and scalable metadata management service that empowers organizations to quickly discover, manage, and understand their data in Google Cloud. It offers a central data catalog across certain Google Cloud Services that allows organizations to have a unified view of their data assets.
Dataform: Dataform provides an end-to-end experience for data analysts to develop, test, version control, and schedule complex SQL workflows.
Dataplex: Dataplex is an intelligent data fabric that helps customers unify distributed data and automate management and governance across that data to power analytics at scale.
Dataflow: Dataflow is a fully-managed service for strongly consistent, parallel data-processing pipelines. It provides an SDK for Java with composable primitives for building data-processing pipelines for batch or continuous processing. This service manages the life cycle of Compute Engine resources of the processing pipeline(s). It also provides a monitoring user interface for understanding pipeline health.
Dataproc: Dataproc is a fast, easy to use, managed Spark and Hadoop service for distributed data processing. It provides management, integration, and development tools for unlocking the power of rich open source data processing tools. With Dataproc, you can create Spark/Hadoop clusters sized for your workloads precisely when you need them. Dataproc comes in several flavors, including a serverless configuration for Spark clusters that simplifies usage and administration.
Dataproc Metastore: Dataproc Metastore provides a fully-managed metastore service that simplifies technical metadata management and is based on a fully-featured Apache Hive metastore. Dataproc Metastore can be used as a metadata storage service component for data lakes built on open source processing frameworks like Apache Hadoop, Apache Spark, Apache Hive, Presto, and others.
Datastream: Datastream is a serverless change data capture (CDC) and replication service that enables data synchronization across heterogeneous databases, storage systems, and applications with minimal latency.
Google Earth Engine: Google Earth Engine is a platform for global-scale analysis and visualization of geospatial datasets. Google Earth Engine can be used with custom datasets, or with any of the publicly available satellite imagery hosted (and ingested on a regular basis) by Earth Engine Data Catalog.
Looker (Google Cloud core): Looker (Google Cloud core) is a business intelligence and embedded analytics solution hosted on Google infrastructure. With Looker (Google Cloud core), customers can build semantic models using various data sources, develop customized insights from the models, and share those insights for collaboration via dashboards and other services.
*Looker Studio: Looker Studio is a data visualization and business intelligence product. It enables customers to connect to their data stored in other systems, create reports and dashboards using that data, and share them throughout their organization. It is available only where Customer has selected Cloud terms for Looker Studio in the Admin Console.
- Looker Studio Pro: Looker Studio Pro is a paid edition of Looker Studio that adds enterprise governance, team management features, and other features listed at https://cloud.google.com/looker-studio/ or a successor URL. Unlike Looker Studio, Looker Studio Pro is eligible for partner resale.
Pub/Sub: Pub/Sub is designed to provide reliable, many-to-many, asynchronous messaging between applications. Publisher applications can send messages to a "topic" and other applications can subscribe to that topic to receive the messages. By decoupling senders and receivers, Pub/Sub allows developers to communicate between independently written applications.
AI/ML Services
AI Solutions
Agent Assist: Agent Assist is an LLM-powered AI solution that increases human agent productivity and enhances customer service by offering real-time assistance.
Anti Money Laundering AI (AML AI): AML AI enhances financial institutions' legacy transaction monitoring systems with an AI-powered risk score to improve financial crime risk detection.
Contact Center AI (CCAI): CCAI uses AI to improve the customer experience in contact centers. It includes Agent Assist, Dialogflow Essentials, Dialogflow Customer Experience Edition (CX), Insights, Speech-to-Text, Text-to-Speech, and Speaker ID.
Contact Center AI Insights: Contact Center AI Insights helps customers extract value from their contact center data by identifying sentiment and topics and highlighting key insights in the data.
Contact Center AI (CCAI) Platform: CCAI Platform is a contact-center-as-a-service (CCaaS) platform leveraging CCAI. It integrates directly with CRMs and queues and routes customer interactions across voice and digital channels to resource pools, including human agents.
Dialogflow Essentials(ES): Dialogflow ES is a development suite for voice and text conversational apps that can connect to customer applications and telephony and digital platforms.
Dialogflow Customer Experience Edition (CX): Dialogflow CX is a development suite for creating conversational AI applications including chatbots and voicebots. It includes a visual bot building platform, collaboration and versioning tools, bot modularization tools, and advanced IVR feature support.
Vertex AI Search for Industry: Vertex AI Search for Industry enable customers in retail, media, and other verticals to deliver Google-quality search results and recommendations.
Vertex AI Search for Retail
- *Recommendations AI: Recommendations AI enables customers to build a personalized recommendation system using ML models.
- *Recommendation Engine API: Recommendation engine API is the Version 1 API of Recommendations AI.
- *Retail Search: Retail Search, powered by Google's Retail API, allows retailers to leverage Google's search capabilities on their retail websites and applications.
Document AI: Document AI is a unified console for document processing that lets you quickly access all document processing models and tools. Customers can use Document AI's pre-trained models for document extraction, including OCR, Form Parser and specialized models.
- Document Workbench: Document Workbench allows you to build a custom classification, extraction or splitting model.
- *Human-in-the-Loop AI: Human-in-the-Loop AI uses Document AI to provide workflow tools for human verification of data extracted from documents.
- Document AI Warehouse: Document AI Warehouse is a highly-scalable, fully managed data management and governance platform that integrates with enterprise document workflows to store, search, and organize documents and their metadata.
*Talent Solution: Talent Solution offers access to Google's machine learning, enabling company career sites, job boards, ATS, staffing agencies, and other recruitment technology platforms to improve the talent acquisition experience.
Translation Hub: Translation Hub is a fully-managed document translation solution for organizations seeking to empower their employees to translate documents on demand into many different languages.
Pre-Trained APIs
Cloud Natural Language API: Cloud Natural Language API analyzes text to identify entities, sentiment, languages, and syntax.
Cloud Translation API: Cloud Translation API automatically translates text from one language to another language.
Cloud Vision: Cloud Vision classifies images into categories, detects individual objects and faces, and finds and reads printed words.
Media Translation API: Media Translation API is a gRPC API that automatically translates audio from one language to another language (e.g., French to English) and supports streaming real time.
*Speaker ID: Speaker ID allows customers to enroll user voice prints and later verify users against a previously enrolled voice print.
Speech On Device: Speech On Device deploys speech-to-text and text-to-speech services locally on embedded hardware and operating systems.
Speech-to-Text: Speech-to-Text converts audio to text by applying neural network models.
Text-to-Speech: Text-to-Speech synthesizes human-like speech based on input text in a variety of voices and languages.
Timeseries Insights API: Timeseries Insights API enables large-scale time series forecasting and anomaly detection in real time.
Video Intelligence API: Video Intelligence API analyzes videos to extract metadata, add annotations, and identify entities in a video.
Visual Inspection AI: Visual Inspection AI automatically detects, classifies, and localizes abnormalities found in images to improve production quality and develop analytics.
AI Platform/Vertex AI
AI Platform Data Labeling: AI Platform Data Labeling helps developers label data and centrally manage labels for training and evaluating machine learning models.
AI Platform Training and Prediction: AI Platform Training and Prediction enables customers to easily train and deploy machine learning models.
AutoML: AutoML enables customers to leverage Google's transfer learning and Neural Architecture Search to build custom models using a variety of data types. AutoML Services include AutoML Natural Language, AutoML Tables, AutoML Translation, AutoML Video, and AutoML Vision.
Vertex AI Platform: Vertex AI Platform is a service for managing the AI and machine learning development lifecycle. Customers can (i) store and manage datasets, labels, features, and models; (ii) build pipelines to train and evaluate models and run experiments using Google Cloud algorithms or custom training code; (iii) deploy models for online or batch use cases; (iv) manage data science workflows using Colab Enterprise and Vertex AI Workbench (also known as Notebooks); and (v) create business optimization plans with Vertex Decision Optimization.
Vertex AI Neural Architecture Search (NAS): Vertex AI NAS leverages Google's neural architecture search technology to generate, evaluate, and train model architectures for a customer's application.
Vertex AI Vision: Vertex AI Vision is a service that allows you to easily build, deploy, and manage computer vision applications with a fully managed, end-to-end application development environment.
Generative AI Services
*Duet AI in Google Cloud: Duet AI in Google Cloud provides AI-powered end user assistance with a wide range of Google Cloud products.
Vertex AI Search: Allows customers to leverage foundational models and search and recommendation technologies to create multimodal semantic search and question-answering experiences.
Vertex AI Conversation: Allows customers to leverage foundational models and conversational AI to create multimodal chat or voice agents.
Generative AI on Vertex AI: Generative AI on Vertex AI includes features for generative AI use cases, including large language, text-to-image, and image-to-text models that are available in Model Garden and Generative AI Studio.
Generative AI Services also includes any generative AI features of a Service.
API Management
Apigee and Apigee Edge: Apigee and Apigee Edge are full-lifecycle API management platforms that let customers design, secure, analyze, and scale APIs, giving them visibility and control.
- Apigee: Apigee is available as Apigee X, a fully-managed service, and as Apigee hybrid, a hybrid model that's partially hosted and managed by the customer.
- Apigee Edge: Apigee Edge is available as a fully-managed service and as Apigee Private Cloud, a customer-hosted Premium Software solution.
API Gateway: API Gateway is a fully-managed service that helps you develop, deploy, and secure your APIs running on Google Cloud Platform.
Application Integration: Application Integration is an Integration-Platform-as-a-Service (iPaaS) that offers a comprehensive set of integration tools to connect and manage the multitude of applications and data required to support various business operations. Application Integration provides a unified drag and drop integration designer interface, triggers that help invoke an integration, configurable tasks and numerous connectors that allow connectivity to business applications, technologies, and other data sources using the native protocols of each target application.
Cloud Endpoints: Cloud Endpoints is a tool that helps you to develop, deploy, secure and monitor your APIs running on Google Cloud Platform.
Integration Connectors: Integration Connectors is a platform that allows customers to connect to business applications, technologies and other data sources using native protocols of each target application. The connectivity established through these connectors helps manage access to various data sources which can be used with other services like Application Integration through a consistent, standard interface.
Container Services
Google Kubernetes Engine: Google Kubernetes Engine, powered by the open source container scheduler Kubernetes, enables you to run containers on Google Cloud Platform. Kubernetes Engine takes care of provisioning and maintaining the underlying virtual machine cluster, scaling your application, and operational logistics such as logging, monitoring, and cluster health management. Services include:
- GKE Enterprise: GKE Enterprise is a solution designed for building and managing modern applications running across hybrid cloud environments.
- Config Sync: Config Sync is a solution for enabling consistent configuration across multiple Kubernetes clusters, with your configuration stored as a single source of truth under version control and automatically applied to your clusters.
- Policy Controller: Policy Controller is a policy management solution that enables the application and enforcement of programmable policies for your Kubernetes clusters. These policies act as "guardrails" and can help with best practices, security, and compliance management of your clusters and fleet.
- Identity Service: Identity Service is an authentication service that lets customers bring existing identity solutions for authentication to multiple environments. Users can log in to and access their clusters from the command line or from the Google Cloud console, all using their existing identity providers.
- GKE Enterprise Integration with Google Cloud Platform Services: Google Cloud Platform services and components may be used in connection with GKE Enterprise deployments, including Google Kubernetes Engine (GKE), Cloud Logging, Cloud Monitoring, Traffic Director, and Google Cloud Platform Marketplace.
- GKE Enterprise Premium Software: GKE Enterprise includes the software components listed below as Premium Software.
- Service Mesh: Service Mesh is a managed service mesh service that includes (i) a managed certificate authority that issues cryptographic certificates that identify customer workloads within the Service Mesh for mutual authentication, and (ii) telemetry for customers to manage and monitor their services. Customers receive details showing an inventory of services, can understand their service dependencies, and receive metrics for monitoring their services. For clarity this service does not include Service Mesh -- Software (see below regarding Premium Software).
- GKE Autopilot: GKE Autopilot is a mode of operation in GKE in which Google manages cluster configuration, including nodes, scaling, security, and other preconfigured settings. Autopilot clusters are optimized to run most production workloads, and provision compute resources based on Kubernetes manifests. The streamlined configuration follows GKE best practices and recommendations for cluster and workload setup, scalability, and security.
- Connect: Connect is a service that enables both users and Google-hosted components to interact with clusters through a connection to the in-cluster Connect software agent.
- GKE Hub: GKE Hub is centralized control-plane that enables a user to register clusters running in a variety of environments, including Google's cloud, on premises in customer datacenters, or other third party clouds. GKE Hub provides a way for customers to centrally manage features and services on customer-registered clusters.
Google-Managed Multi-Cloud Services
*BigQuery Omni: BigQuery Omni is a Google-managed multi-cloud analytics solution that enables analysts to access and analyze data stored on other supported public clouds from a singular BigQuery control-plane on GCP.
Bare Metal
Bare Metal Solution: Bare Metal Solution allows you to operate and manage dedicated bare metal hardware (servers and attached storage) in Google's subprocessors' data centers to run specialized workloads with low latency.
Migration
BigQuery Data Transfer Service: BigQuery Data Transfer Service automates data movement from SaaS applications to BigQuery on a scheduled, managed basis. With the BigQuery Data Transfer Service, you can transfer data to BigQuery from SaaS applications including Google Ads, Campaign Manager, Google Ad Manager, and YouTube.
BigQuery Migration Service: BigQuery Migration Service is a solution for migrating your existing data warehouse to BigQuery. It includes tools, such as batch and interactive SQL translators, that can help with each phase of migration from assessment and planning to execution and verification.
Database Migration Service: Database Migration Service is a fully-managed migration service that makes it simple to perform high fidelity, minimal-downtime migrations at scale. You can use Database Migration Service to migrate from your on-premises environments, Compute Engine, and other clouds to certain Google Cloud-managed databases with minimal downtime.
Google Distributed Cloud Edge Appliance Service: Google Distributed Cloud Edge Appliance Service allows you to run private Google Kubernetes Engine clusters on ruggedized hardware deployed on customer premises. You can use Google Distributed Cloud Edge Appliance Service to offload sensor data for storage, low latency processing, and ML/AI inference in bandwidth-limited locations.
Migration Center: Migration Center provides tools, best practices and data-driven prescriptive guidance designed to accelerate the end-to-end cloud migration journey through business case development, environment discovery, workload mapping, migration planning, financial analysis, foundation setup and migration execution.
Migrate to Virtual Machines: Migrate to Virtual Machines is a fully-managed migration service that enables you to migrate workloads at scale into Google Cloud Compute Engine with minimal down time by utilizing replication-based migration technology.
Storage Transfer Service: Storage Transfer Service enables you to import large amounts of online data into Cloud Storage, quickly and cost-effectively. With Storage Transfer Service, you can transfer data from locations reachable by the general internet (e.g., HTTP/HTTPS), including Amazon Simple Storage Service (Amazon S3), as well as transfer data between Google Cloud products (e.g., between two Cloud Storage buckets). You can also use Storage Transfer Service to move data between private data center storage (e.g., NFS) and Google Cloud products (e.g., transfer from NFS to Cloud Storage).
Transfer Appliance: Transfer Appliance is a solution that uses hardware appliances and software to transfer large amounts of data quickly and cost-effectively into Google Cloud Platform.
Security and Identity
Security
Access Transparency: Access Transparency captures near real-time logs of manual, targeted accesses by Google administrators, and serves them to customers via their Cloud Logging account.
Assured Workloads: Assured Workloads provides functionality to create security controls that are enforced on your cloud environment. These security controls can assist with your compliance requirements (for example, FedRAMP Moderate).
Binary Authorization: Binary Authorization helps customers ensure that only signed and explicitly-authorized workload artifacts are deployed to their production environments. It offers tools for customers to formalize and codify secure supply chain policies for their organizations.
Certificate Authority Service: Certificate Authority Service is a cloud-hosted certificate issuance service that lets customers issue and manage certificates for their cloud or on-premises workloads. Certificate Authority Service can be used to create certificate authorities using Cloud KMS keys to issue, revoke, and renew subordinate and end-entity certificates.
Certificate Manager: Certificate Manager provides a central place for customers to control where certificates are used and how to obtain certificates, and to see the state of the certificates.
Cloud Asset Inventory: Cloud Asset Inventory is an inventory of cloud assets with history. It enables users to export cloud resource metadata at a given timestamp or cloud resource metadata history within a time window.
Cloud External Key Manager (Cloud EKM): Cloud EKM lets you encrypt data in Google Cloud Platform with encryption keys that are stored and managed in a third-party key management system deployed outside Google's infrastructure.
Cloud HSM: Cloud HSM (Hardware Security Module) is a cloud-hosted key management service that lets you protect encryption keys and perform cryptographic operations within a managed HSM service. You can generate, use, rotate, and destroy various symmetric and asymmetric keys.
Cloud Key Management Service: Cloud Key Management Service is a cloud-hosted key management service that lets you manage cryptographic keys for your cloud services the same way you do on premises. You can generate, use, rotate, and destroy AES256, RSA 2048, RSA 3072, RSA 4096, EC P256, and EC P384 cryptographic keys.
Event Threat Detection: Event Threat Detection helps detect threats in log data. Threat findings are written to Security Command Center and optionally to Cloud Logging.
Key Access Justifications (KAJ): KAJ provides a justification for every request sent through Cloud EKM for an encryption key that permits data to change state from at-rest to in-use.
Risk Manager: Risk Manager allows customers to scan their cloud environments and generate reports around their compliance with industry-standard security best practices, including CIS benchmarks. Customers then have the ability to share these reports with insurance providers and brokers.
Security Command Center: Security Command Center is Google Cloud's centralized vulnerability and threat reporting service. Security Command Center provides asset inventory and discovery and allows you to identify misconfigurations, vulnerabilities and threats, helping you to mitigate and remediate risks.
Sensitive Data Protection (including Cloud Data Loss Prevention or DLP): Sensitive Data Protection is a fully-managed service enabling customers to discover, classify, de-identify, and protect sensitive data, such as personally identifiable information.
VPC Service Controls: VPC Service Controls provide administrators the ability to configure security perimeters around resources of API based cloud services (such as Cloud Storage, BigQuery, Bigtable) and limit access to authorized VPC networks, thereby mitigating data exfiltration risks.
Secret Manager: Secret Manager provides a secure and convenient method for storing API keys, passwords, certificates, and other sensitive data.
Web Security Scanner: Web Security Scanner is a web application security scanner that enables developers to easily check for a subset of common web application vulnerabilities in websites built on App Engine and Compute Engine.
Identity & Access
Access Approval: Access Approval allows customers to approve eligible manual, targeted accesses by Google administrators to their data or workloads before those accesses happen.
Access Context Manager: Access Context Manager allows Google Cloud organization administrators to define fine-grained, attribute based access control for projects, apps and resources.
BeyondCorp Enterprise: BeyondCorp Enterprise is a solution designed to enable zero-trust application access to enterprise users and protect enterprises from data leakage, malware and phishing attacks. BeyondCorp Enterprise is an integrated platform incorporating cloud-based services and software components, including:
- On-premises Connector, which forwards Identity-Aware Proxy traffic from Google Cloud Platform to applications and VMs deployed in non-Google Cloud Platform environments.
- BCE app connector, which provides secure access to private applications in non-Google cloud environments using a remote agent installed on a customer-owned virtual machine.
- Endpoint Verification, which allows administrators to build an inventory of devices and set the security posture of the devices.
- Threat and Data Protection Services, which are a set of security services that work by aggregating threat intelligence and are designed to protect enterprise users from malware transfers, phishing, malicious site visits, and sensitive data leakage.
- BeyondCorp Enterprise Integration with Chrome Browser Cloud Management, which enables malware, phishing, and data leakage protection for managed Chrome browsers.
- Other features listed at https://cloud.google.com/beyondcorp-enterprise/pricing or a successor URL.
Cloud Identity Services: Cloud Identity Services are the services and editions as described at: https://cloud.google.com/terms/identity/user-features.html or such other URL as Google may provide.
Firebase App Check: Firebase App Check provides a service that can help protect access to your APIs with platform specific attestation that helps verify app identity and device integrity.
*Firebase Authentication: Firebase Authentication provides a service as part of the Firebase platform to authenticate and manage users in your applications. It supports authentication using email & password, phone number and popular federated identity providers like Google and Facebook.
Google Cloud Identity-Aware Proxy: Google Cloud Identity-Aware Proxy is a tool that helps control access, based on a user's identity and group membership, to applications running on Google Cloud Platform.
Identity & Access Management (IAM): IAM provides administrators the ability to manage cloud resources centrally by controlling who can take what action on specific resources.
Identity Platform: Identity Platform provides you with functionality and tools to manage your users' identities and access to your applications. Identity Platform supports authentication and management of users with a variety of methods, including email & password, phone number, and popular federated identity providers like Google and Facebook.
Managed Service for Microsoft Active Directory (AD): Managed Service for Microsoft Active Directory is a Google Cloud service running Microsoft AD that enables you to deploy, configure and manage cloud-based AD-dependent workloads and applications. It is a fully-managed service that is highly available, applies network firewall rules, and keeps AD servers updated with Operating System patches.
Resource Manager API: Resource Manager API allows you to programmatically manage Google Cloud Platform container resources (such as Organizations and Projects), that allow you to group and hierarchically organize other Google Cloud Platform resources. This hierarchical organization lets you easily manage common aspects of your resources such as access control and configuration settings.
Google Distributed Cloud
Google Distributed Cloud Edge: Google Distributed Cloud Edge allows you to run private Google Kubernetes Engine clusters on dedicated hardware, which is provided and maintained by Google on Customer premises.This solution also provides you with a VPN connection to Google Cloud Platform, allowing you to interact with other GCP Services or other applications running in your Virtual Private Cloud.
Sovereign Controls by Partners
Sovereign Controls by Partners: Sovereign Controls by Partners are solutions comprising a suite of Services offered by Google that are complemented by a set of services, offered by, and under separate terms of service with, third party partners (“Sovereign Controls Partners”), which together create additional security controls for certain Services, while also allowing the relevant Sovereign Controls Partner to provide additional security measures for those Services, as further described at: https://cloud.google.com/terms/in-scope-sovereign-cloud.
User Protection Services
reCAPTCHA Enterprise: reCAPTCHA Enterprise helps detect fraudulent activity on websites.
Web Risk API: Web Risk API is a Google Cloud service that lets client applications check URLs against Google's constantly updated lists of unsafe web resources.
Serverless Computing
Cloud Run: Cloud Run (fully-managed) lets you run stateless containers on a fully-managed environment.
Cloud Functions: Cloud Functions is a lightweight, event-based, asynchronous compute solution that allows you to create small, single-purpose functions that respond to cloud events without the need to manage a server or a runtime environment.
*Cloud Functions for Firebase: Cloud Functions for Firebase lets you write code that responds to events and invokes functionality exposed by other Firebase features, once you deploy JavaScript code in a hosted, private, and scalable Node.js environment that requires no maintenance.
Cloud Scheduler: Cloud Scheduler is a fully-managed enterprise-grade cron job scheduler. It allows you to schedule virtually any job, including batch, big data jobs, cloud infrastructure operations, and more. You can automate everything, including retries in case of failure to reduce manual toil and intervention. Cloud Scheduler even acts as a single pane of glass, allowing you to manage all your automation tasks from one place.
Cloud Tasks: Cloud Tasks is a fully-managed service that allows you to manage the execution, dispatch, and delivery of a large number of distributed tasks. Using Cloud Tasks, you can perform work asynchronously outside of a user or service-to-service request. Cloud Tasks provides all the benefits of a distributed task queue such as task offloading wherein heavyweight, background and long running processes can be dispatched to a task queue, loose coupling between microservices allowing them to scale independently, and enhanced system reliability as tasks are persisted in storage and retried automatically, making your infrastructure resilient to intermittent failures.
Eventarc: Eventarc is a fully-managed service for eventing on Google Cloud Platform. Eventarc connects various Google Cloud services together, allowing source services (e.g., Cloud Storage) to emit events that are delivered to target services (e.g., Cloud Run or Cloud Functions).
Workflows: Workflows is a fully-managed service for reliably executing sequences of operations across microservices, Google Cloud services, and HTTP-based APIs.
Internet of Things (IoT)
IoT Core: IoT Core is a fully-managed service that allows you to easily and securely connect, manage, and ingest data from internet connected devices. It permits utilization of other Google Cloud services for collecting, processing, analyzing, and visualizing IoT data in real time. IoT Core will be discontinued and is not accepting new customers.
Management Tools
Google Cloud App: Google Cloud app is a native mobile app that enables customers to manage key Google Cloud services. It provides monitoring, alerting, and the ability to take actions on resources.
Cloud Deployment Manager: Cloud Deployment Manager is a hosted configuration tool which allows developers and administrators to provision and manage their infrastructure on Google Cloud Platform. It uses a declarative model which allows users to define or change the resources necessary to run their applications and will then provision and manage those resources.
Cloud Shell: Cloud Shell is a tool that provides command-line access to cloud resources directly from your browser. You can use Cloud Shell to run experiments, execute Cloud SDK commands, manage projects and resources, and do lightweight software development via the built-in web editor.
Recommenders: Recommenders automatically analyze your usage patterns to provide recommendations and insights across services to help you use Google Cloud Platform in a more secure, cost-effective, and efficient manner.
Service Infrastructure: Service Infrastructure is a foundational platform for creating, managing, securing, and consuming APIs and services. It includes:
- Service Management API, which lets service producers manage their APIs and services;
- Service Consumer Management API, which lets service producers manage their relationships with their service consumers; and
- Service Control API, which lets managed services integrate with Service Infrastructure for admission control and telemetry reporting functionality.
- Service Usage API, which lets service consumers manage their usage of APIs and services.
Healthcare and Life Sciences
Cloud Healthcare: Cloud Healthcare is a fully-managed service to send, receive, store, query, transform, and analyze healthcare and life sciences data and enable advanced insights and operational workflows using highly scalable and compliance-focused infrastructure.
*Healthcare Data Engine (HDE): HDE is a solution that enables (1) harmonization of healthcare data to the Fast Healthcare Interoperability Resources (“FHIR”) standard and (2) streaming of healthcare data to an analytic environment.
Media and Gaming
Live Stream API: Live Stream API is a cloud-based live encoder that processes high-quality contribution feeds for 24x7 live linear or live events and prepares the streams for digital distribution. It compresses the video and audio elementary streams with the latest video codecs and packages the streams in standardized container formats to reach all IP connected devices.
Transcoder API: Transcoder API can batch convert media files into optimized formats to enable streaming across web, mobile, and living room devices. It provides fast, easy to use, large-scale processing of advanced codecs while utilizing Google's storage, networking, and delivery infrastructure.
Video Stitcher API: Video Stitcher API enables users to dynamically insert content or ads using server-side video insertion technology. Video and ads are conditioned into a single stream for video on demand (VOD) or live streams to deliver flexible and target personalization at scale.
Google Cloud Platform Premium Software
Below is a list of available software components subject to the Google Cloud Platform Service Specific Terms as Premium Software.
GKE Enterprise: GKE Enterprise includes the following Premium Software components:
- GKE Enterprise core software: GKE Enterprise core software enables you to run containers on Kubernetes and can be deployed on premises in your own data center (Google Distributed Cloud Virtual), as well as in both private and public clouds.
- Service Mesh - Software: Service Mesh - Software is a suite of tools to run a reliable service mesh on GKE Enterprise, to help you monitor, manage and secure traffic between the services deployed on GKE Enterprise.
- Identity Service - Software: Identity Service - Software may be downloaded and installed in supported cluster types and environments to let administrators set up authentication with their preferred Identity providers for one or more GKE Enterprise clusters.
- Connect Software: Connect Software may be downloaded and installed in clusters to enable connectivity between the customer-registered cluster and Google Cloud.
- Cloud Logging and Cloud Monitoring for GKE Enterprise: Cloud Logging and Cloud Monitoring can be deployed in a range of hybrid cloud environments to enable centralized log storage, log analysis, metrics capture, metrics trending, customized alerting, and application debug tracing.
*Apigee hybrid runtime: Apigee hybrid runtime enables you to run the Apigee runtime plane in containers on Kubernetes within your data center.
*Apigee Private Cloud: Apigee Private Cloud enables you to host and run Apigee entirely within your data center.
Cloud Vision OCR On-Prem: Cloud Vision OCR On-Prem enables you to run Cloud Vision OCR models within your data center and across multiple cloud environments.
Speech-to-Text On-Prem: Speech-to-Text On-Prem enables you to run Cloud Speech-to-Text models within your data center and across multiple cloud environments.
Telecom Subscriber Insights: Telecom Subscriber Insights is designed to help Communication Service Providers (CSPs) securely extract insights using their own existing data sources. Telecom Subscriber Insights leverages AI models that ingest and analyze data to provide CSPs with recommended subscriber engagement actions.
Google Cloud Platform Software
Below is a non-exclusive list of available software components subject to the Google Cloud Platform Service Specific Terms as Software.
- ABAP SDK for Google Cloud enables native, bi-directional integration between SAP applications and Google Cloud.
- AlloyDB Omni is a downloadable version of AlloyDB that customers can run in their own datacenters, in any cloud, and on developer laptops. It is a PostgreSQL-compatible database with many of the performance and manageability enhancements implemented in AlloyDB in Google Cloud.
- BigQuery Connector for SAP replicates, in connection with SAP Landscape Transformation Replication Server, SAP NetWeaver-based application data changes in near real-time and directly into BigQuery.
- Config Connector is a Kubernetes add-on that allows you to manage your Google Cloud resources through Kubernetes configuration files.
- Deep Learning VM and Container: Deep Learning VM and Container provides virtual machine and Docker images with AI frameworks that can be customized and used with Google Kubernetes Engine (GKE), Vertex AI, Cloud Run, Compute Engine, Kubernetes, and Docker Swarm.
- Google Cloud SDK: Google Cloud SDK is a set of tools to manage resources and applications hosted on Google Cloud Platform. It includes the Google Cloud Command Line Interface (CLI), Cloud Client Libraries for programmatic access to Google Cloud Platform services, the gsutil, kubectl, and bq command line tools, and various service and data emulators for local platform development. The Google Cloud SDK provides the primary programmatic interfaces to Google Cloud Platform.
- Kf enables you to migrate and run applications from the open-source Cloud Foundry platform into containers in Google Kubernetes Engine.
- Migrate to Containers enables you to migrate and run applications from virtual machines on-premise or other clouds into containers in Google Kubernetes Engine and Cloud Run, while producing container and data artifacts for integration with modern CI/CD and Google Cloud services. Migrated container images and artifacts are portable for use across a variety of Google Kubernetes Engine and Cloud Run hybrid configurations as listed in the applicable software documentation. With Migrate to Containers, the need for application rewrite is minimized.
- Migrate for Compute Engine v4.X enables you to validate, run, and migrate applications from on-premise or other clouds into Compute Engine while minimizing downtime and application rewrite.