JencoMart is a global retailer with over 10,000 stores in 16 countries.
The stores carry a range of goods, such as groceries, tires, and jewelry.
One of the company's core values is excellent customer service.
In addition, they recently introduced an environmental policy to reduce their carbon output by 50% over the next 5 years.
Company Background - JencoMart started as a general store in 1931, and has grown into one of the world's leading brands, known for great value and customer service.
Over time, the company transitioned from only physical stores to a stores and online hybrid model, with 25% of sales online.
Currently, JencoMart has little presence in Asia, but considers that market key for future growth.
Solution Concept - JencoMart wants to migrate several critical applications to the cloud but has not completed a technical review to determine their suitability for the cloud and the engineering required for migration.
They currently host all of these applications on infrastructure that is at its end of life and is no longer supported.
Existing Technical Environment - JencoMart hosts all of its applications in 4 data centers: 3 in North American and 1 in Europe; most applications are dual-homed.
JencoMart understands the dependencies and resource usage metrics of their on-premises architecture.
Application: Customer loyalty portal LAMP (Linux, Apache, MySQL and PHP) application served from the two JencoMart-owned U.S.
data centers.
Database -Oracle Database stores user profiles - 20 TB - Complex table structure - Well maintained, clean data - Strong backup strategyPostgreSQL database stores user credentials - Single-homed in US West - No redundancy - Backed up every 12 hours - 100% uptime service level agreement (SLA) - Authenticates all users Compute -30 machines in US West Coast, each machine has: - Twin, dual core CPUs - 32 GB of RAM - Twin 250 GB HDD (RAID 1)20 machines in US East Coast, each machine has: - Single, dual-core CPU - 24 GB of RAM - Twin 250 GB HDD (RAID 1) Storage -Access to shared 100 TB SAN in each locationTape backup every week Business Requirements -Optimize for capacity during peak periods and value during off-peak periodsGuarantee service availability and supportReduce on-premises footprint and associated financial and environmental impactMove to outsourcing model to avoid large upfront costs associated with infrastructure purchaseExpand services into Asia Technical Requirements -Assess key application for cloud suitabilityModify applications for the cloudMove applications to a new infrastructureLeverage managed services wherever feasibleSunset 20% of capacity in existing data centersDecrease latency in Asia CEO Statement - JencoMart will continue to develop personal relationships with our customers as more people access the web.
The future of our retail business is in the global market and the connection between online and in-store experiences.
As a large, global company, we also have a responsibility to the environment through green initiatives and policies.
CTO Statement - The challenges of operating data centers prevent focus on key technologies critical to our long-term success.
Migrating our data services to a public cloud infrastructure will allow us to focus on big data and machine learning to improve our service to customers.
CFO Statement - What service account key-management strategy should you recommend?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
Migrating data to Google Cloud Platform Let's say that you have some data processing that happens on another cloud provider and you want to transfer the processed data to Google Cloud Platform.
You can use a service account from the virtual machines on the external cloud to push the data to Google Cloud Platform.
To do this, you must create and download a service account key when you create the service account and then use that key from the external process to call the Cloud Platform APIs.
https://cloud.google.com/iam/docs/understanding-service-accounts#migrating_data_to_google_cloud_platformThe CFO's question relates to service account key-management strategy for the migration of critical applications to the cloud. A service account is a Google Cloud identity that is used to authenticate applications and processes running on behalf of an organization. Service account keys are used to authenticate service accounts for accessing resources in Google Cloud. The recommendation for service account key-management strategy will depend on the specific requirements of JencoMart's application and infrastructure environment.
Option A: Provision service account keys for the on-premises infrastructure and for the GCE virtual machines (VMs)
This option involves provisioning service account keys for both the on-premises infrastructure and the Google Compute Engine (GCE) VMs. It is not clear from the question whether JencoMart is planning to maintain a hybrid cloud model or migrate entirely to the cloud. However, this option seems to suggest that some applications will remain on-premises while others will be migrated to GCE.
Provisioning service account keys for both environments can be complex to manage and monitor, especially if JencoMart has multiple service accounts for different applications. Additionally, this approach could lead to security risks if the keys are not appropriately secured and managed. It may not be the best solution for JencoMart to maintain keys for on-premises infrastructure and cloud-based VMs simultaneously.
Option B: Authenticate the on-premises infrastructure with a user account and provision service account keys for the VMs
This option involves authenticating the on-premises infrastructure with a user account while provisioning service account keys for the GCE VMs. This approach may be useful if JencoMart decides to maintain some on-premises infrastructure while migrating some applications to GCE. However, it may not be a scalable solution as the organization grows, and there may be an increase in the number of service accounts.
Option C: Provision service account keys for the on-premises infrastructure and use Google Cloud Platform (GCP) managed keys for the VMs
This option involves provisioning service account keys for the on-premises infrastructure while using GCP-managed keys for GCE VMs. GCP provides a managed key service that simplifies key management for GCE VMs. It provides a secure and scalable way to manage keys for applications running in the cloud. With this approach, JencoMart can use the same key-management process for all its GCE VMs while also managing its on-premises infrastructure. This approach simplifies key management and enhances security. It may be the best solution for JencoMart to migrate critical applications to the cloud.
Option D: Deploy a custom authentication service on GCE/Google Kubernetes Engine (GKE) for the on-premises infrastructure and use GCP managed keys for the VMs.
This option involves deploying a custom authentication service on GCE or Google Kubernetes Engine (GKE) for the on-premises infrastructure while using GCP-managed keys for GCE VMs. It is the most complex option, and it may not be the best fit for JencoMart's requirements. It involves developing and deploying a custom authentication service, which requires additional resources and technical expertise.
In conclusion, Option C may be the best recommendation for JencoMart. Provisioning service account keys for the on-premises infrastructure while using GCP-managed keys for GCE VMs simplifies key management and enhances security. It allows JencoMart to manage its keys for all GCE VMs using the same process, regardless of the location. It is a scalable and secure approach that meets JencoMart's service account key-management requirements.