What is Google Service Control?

Google Service Control is a Google Cloud Platform infrastructure service. It provides control plane functionality to managed services, such as logging, monitoring, and status checks. It is widely used by Google APIs and Google Cloud Endpoints. This page provides an overview of what it does and how it works.

Why use Service Control?

When you develop a cloud service, you typically start with the business requirements and the architecture design, then proceed with API definition and implementation. Before you put your service into production, you need to deal with many control plane issues:

  • How to control access to your service.
  • How to validate API keys.
  • How to send logging and monitoring data to both consumers and producers.
  • How to create and manage dashboards to visualize such data.
  • How to scale the control plane components with your service.

Service Control is a control plane provider that addresses these needs with high efficiency, high scalability, and high availability. It provides a simple public API that can be accessed from anywhere using JSON REST and gRPC clients, so when you move your service from on-premise to a cloud provider, or from one cloud provider to another, you don't need to change your control plane provider.

Services built using Google Cloud Endpoints already integrate with Service Control. Cloud Endpoints sends logging and monitoring data through Service Control for every request arriving at its proxy. If you need to report any additional logging and monitoring data for your Cloud Endpoints service, you can call the Service Control API directly from your service.

The Service Control API definition is open sourced and available on GitHub. By changing the DNS name, you can easily use alternative implementations of the Service Control API.

Architecture

Google Service Control works with a set of managed services and their operations (activities), checks whether an operation is allowed to proceed, and reports completed operations. Behind the scenes, it leverages other Google Cloud services, such as Google Service Management, Stackdriver Logging, and Stackdriver Monitoring, while hiding their complexity from service producers. It uses caching, batching, aggregation, and retries to deliver higher performance and availability than individual backend systems it encapsulates.

The overall architecture of a service that uses Google Service Control.
Figure 1: Using Google Service Control.

Managed services

A managed service is a network service managed by Google Service Management. Each managed service has a unique service name, such as example.googleapis.com, which must be a valid fully-qualified DNS name, as per RFC 1035.

For example:

  • Google Cloud Pub/Sub (pubsub.googleapis.com)
  • Google Cloud Vision (vision.googleapis.com)
  • Google Cloud Bigtable (bigtable.googleapis.com)
  • Google Cloud Datastore (datastore.googleapis.com)

Google Service Management manages the lifecycle of each service and its configuration, which is used to customize Google Service Control's behavior. Service configurations are also used by Google Cloud Platform Console for displaying APIs and their settings, enabling/disabling APIs, and more.

Operations

Google Service Control uses the generic concept of an operation to represent the activities of a managed service, such as API calls and resource usage. Each operation is associated with a managed service and a specific service consumer, and has a set of properties that describe the operation, such as the API method name and resource usage amount. For more information, see the Operation definition.

Check

The Service Control API provides the services.check method which determines whether an operation should be allowed to proceed for a managed service.

For example:

  • Check if the consumer is still active.
  • Check if the consumer has enabled the service.
  • Check if the API key is still valid.

By performing multiple checks within a single API call, it provides better performance, higher reliability, and reduced development cost to service producers compared to checking with multiple backend systems.

Report

The Service Control API provides the services.report method which reports completed operations for a managed service to various backend systems, such as Stackdriver Logging and Stackdriver Monitoring. The reported data can be seen in the Google Cloud Platform Console, and retrieved with appropriate APIs, such as the Stackdriver Logging and Stackdriver Monitoring APIs.

Next steps

  • Read our Getting Started guide to find out how to set up and use the Google Service Control API.