Google Cloud Platform — GCP
CUIT offers access to Infrastructure-as-a-Service (IaaS) services on Google Cloud Platform (GCP) via a simplified request form with automated project provisioning, as well as billing management with the ability to pay via an ARC chartstring.
Our central GCP offering supports the faculty and research computing community through the delivery of online services including servers, storage, computing power, and databases. We have established a relationship with Google in order to provide favorable terms along with a Business Associate Agreement (BAA) for our clients.
CUIT GCP Benefits
By using the CUIT-provided request intake form to create a project with Google, you will be included in CUIT's enterprise agreements with Google Platform Services, which provides the following benefits:
- Access to the full range of Google Cloud Platform Products
- Easy access: Use your Columbia UNI to access and log in to GCP
- Convenient payment: Use your departmental chartstring to pay for infrastructure services
- A more secure environment:
- CUIT baseline security standards are built-in from the beginning
- CUIT will perform ongoing monitoring to detect variations from this baseline and advise users with remediation advice as needed
- Enterprise agreements provide improved security, privacy and audit protections
- Free training opportunities, including an Introduction to Cloud Computing for Research, and High Performance Computing on Google Cloud Platform
- Columbia University has a Business Associate Agreement (BAA) in place for GCP. The BAA specifies improved terms and also covers requirements related to the use and disclosure of PHI, appropriate safeguards to protect PHI, individual rights, and administrative responsibilities. If you plan to use PHI, you must receive approval from CUIMC IT Security before storing any PHI data. Please contact firstname.lastname@example.org for more information.
GCP projects are available to faculty and researchers for teaching and learning and research purposes. GCP is not available to CUIMC personnel at this time, please contact CUIMC IT for updates regarding their GCP offering. University administrators and support staff with cloud services needs should visit CUIT Amazon Web Services.
GCP projects deployed in CUIT-managed environments are configured with CUIT-established baseline security configurations. In addition, on-going monitoring is performed to identify variations from the established baseline security configurations; if detected, alerts and proposed corrective actions are sent to the users on how to apply recommended security best practices / control settings for securing their GCP environment.
Project owners should review the GCP Security Controls documentation to better understand the controls that need to be implemented for their projects.
GCP pricing can be found directly on Google's website.
Please note that CUIT negotiated a 5% discount on pricing, which will be retained by CUIT as an offset to security controls and administrative costs.
A credit can only be applied to one billing ID, and once applied, it cannot be moved to a different billing ID. If a researcher has multiple projects and each project has their own billing ID, they will only be able to have one project using the credits applied to the specific billing ID.
If a researcher has several projects, all under a single billing ID, the credits would be used across all the projects on that billing ID.
Once you have submitted a ticket to request migration of your existing GCP project to CUIT’s central offering, CUIT will work to have your project migrated and charged back to the chartstring that you provide in your request. You will continue to access and use your GCP services as you normally do, and only the billing for your project will change. Please note you may receive a bill on your credit card for activity prior to migration.
Yes, a Columbia UNI is required in order to access the Columbia GCP system.
Yes, UNIs which will be accessing GCP are required to have "MFA All" enabled. The use of multifactor authentication (MFA) is a best practice for administrative access to cloud resources.