Architecture advice for Google Cloud Platform website solution

[John Davies]

Greetings everyone!

I would like some advice about the best architecture and approach to building an application on the Google Cloud Platform. This will be my first application on the Google Cloud and first "Cloud Native" application. I have a decade or two of development experience under my belt, but have not touched a line of code in ten years or so. This included C, Java, Perl,JavaScript, HTML, SQL. But I am unfamiliar with all the hip new frameworks and I obviously feel a bit rusty when it comes to programming now. I do still however work in IT so might still know a thing or two.

I have tried to read a fair bit about GPC but find there is not too much out there which shows how a whole solution would be put together - it is mainly individual bits.

A general description of the solution is as follows: The solution will allow a medical practitioner to survey a patient and generate and email a PDF report based on the answers.

Now for a more detailed description of the flow:

• A patient is sent an email with a link to a web form The patient goes to the web form and fills in some personal details e.g name, email address, location and free text fields etc and submits this form
• A medical practitioner can see the list of people who have submitted forms for the particular patients location
• The practitioner goes to a location and interviews the patient.
• The practitioner answers a bunch of 15 predefined questions (multi-choice) with the ability to add some extra text if needed.
• They might interview 20 patients, one after another
  
• Later that day, once the practitioner has returned to the office, they then are able to generate a PDF report for each patient automatically, which are based on the answers for each person and a whole bunch of predefined text and images
• They are able to review the PDF reports. Once they are happy, the reports are emailed automatically to the patient with the PDF attached
• Potentially as phase 2, the patient would login to the site and get to see their report in a webpage rather than a PDF

Medical Questions

• The medical questions asked should be configurable, so that the administrator can alter the questions and also the text which would be written on the report based on the answers. e.g. question is "What is your favourite Colour?" Answers are: Blue, Green, Red. On the report, it would say "Red is a great color as it is deep and strong"
• The following month, a new question might be added - "What is your favourite food?"

PDF Report

• The Report should be a PDF document
• It's look and feel should be very professional
• It will need to have the appropriate branding /styles
• The rough content would be:
• A introduction page which includes the patient name and patient details and some general text
• A page with results in a traffic light style depiction -.e.g. if you answered a question a particular way it might be Green with a description. If it was a negative answer then it might be orange or red colour with a different description.
• Several more pages of explanatory text
• The content will need to be modified by an end user as much as possible so a slight wording change would not result in the developer having to alter code

Usage

As my org is small, there will only be ~10-20 days a year when someone goes and does interviews. There might be months in a row when it is not used at all. There will be about 300 PDF reports made/year initially. So volumes for the initial solution are very small.

However, if people like it then we might offer it to other orgs to use so my preference is for the the solution to be multi-tenanted and able to be scaled up on demand. I know obviously then i will consume more resource and it will cost more and thats fine as it is for a good cause.

The idea is that this solution will reduce human effort from 1 hour down to 5 mins for each report so the savings in labour will easily pay for google resources and they will be able to help more people. If any other organisation uses the solution they should not know about anyone else (i.e. complete segregation)

Security

• The practitioners already have google accounts (G Suite) for would be ideal to reuse those accounts as the authentication mechanism
• Other organisations which use the solution may not have accounts - so would be interested to know what can be done for them.
• Should be protected with SSL/TLS - the whole lot

In my old world, I would have had a tomcat server with mysql and some spring or hibernate or something like that with some basic JavaScript on the front end. Being unaware of how to architect this for google cloud and the modern front end frameworks, my initial stab in the dark is:

Platform Components:

• Google Forms to capture the personal details (would doing this and then having my app have to read the data be easier than having to build the forms on app engine myself?)
• Google App engine - standard edition (seems to be good for applications which could go down to zero instances often - which will be mine)
• Cloud SQL - mqsql 2nd generation (have never used nosql database before - which would be better for this kind of app?) Can this go down to zero instances when not in use?
• Cloud Storage - to store the generated PDF's
• StackDriver for logging
• Cloud IAM to manage users and what they can do?
• Not sure what I would need to get a domain name and SSL up and running?

Language & frameworks

• I am drawn to using Go, even though I have never used it. Simply because it is newer and lots of people seem to like it and i would get to experience something more modern. That being said, do you think one of the other languages would be more suitable to build this app?

• Something like gopdf to generate PDF's

• I have seen a whole bunch of discussion around whether you need any web framework when using Go?

• And for the front end something like React?

Effort

• As all this is new to me, I am thinking 3 months in my spare time to learn and complete this... thoughts?

Any thoughts as to if I am on the right path or not? Any suggestions as to where I should read more to understand about how to solution for GPC? What would you do differently? Where could I go to get some basic mentoring as I go through this development (paid/unpaid)?

I am hoping that any answer/discussion around this would also help other people understand about how to create an entire solution in GPC.

Thanks!

John

[Gadi Levy]

Hello,

Some partial answers to your questions:

This sounds like a small app which can run solely on App Engine and its related services. You will only pay for hours of actual usage + storage.
I recommend you use the Cloud Datastore as your database, which is easy to use and integrate from within App Engine.

If your PDFs are smaller than 1MB (they probably will be if you don't embed images in them) you can save them directly as an entity property in the Datastore, which will save you the need to integrate with Cloud Storage.

A basic tier for logging and monitoring is provided automatically when you use App Engine - see the docs for your specific environment (GO).

Using Google accounts will also save you time and provide you built in added security, integration from within App Engine is very easy (Again, look at the docs for your specific chosen environment).

Google App Engine now provides automatically generated and maintained SSL certs from Let's Encrypt, so you only need to buy a domain for your app and then link it to your project. See this page for instructions.

Good luck with your project.

[George (Cloud Platform Support)]

Hello John, 

You may consider following a detailed tutorial and sample application in Go, offered as "Creating a Guestbook Application" in the standard environment documentation. A great part of your questions might very well get a practical, hands-on solution, and you will develop in any case a feeling for the opportunities offered by the cloud platform, more so than by simply reading related documents. 

For coding-related help, as well as practical app architecture directions, you may find help in forums such as stackoverflow, where programmers and software architects are active and ready to provide specialized advice. This group is meant more for general discussion about the app engine, and the voicing of opinions.

[Ani Hatzis]

Hello John,

this is a great post. Don't be too concerned about the "rusty" bit or first cloud project. There are many new things to learn, typically things that will make your life easier, but you will find a lot of your experience useful, too.

I have tried to read a fair bit about GPC but find there is not too much out there which shows how a whole solution would be put together - it is mainly individual bits.

It's the same as with non-cloud solutions, the "whole solution" is tailored to a specific use-case that probably isn't too useful for others.

As far as I can tell from your description you can put many different individual bits together to get your solution. It is much about your preferences. Of course, often one product is more suitable for a certain task than the other (technically or financially), but your choices seem to be reasonable.

As someone else already suggested, you should at least follow through with one of the tutorials that are available for GAE apps and maybe also a small Google Apps Script project (e.g. one that's bound to a Google Sheet).

For a quick walkthrough of GCP, I recommend to create a Google App Engine project, standard environment because those are very much "batteries-included" with little to no administration efforts, you have a free tier that's great for getting your feet wet, and as you mentioned it doesn't cost you if it isn't used for weeks or months. In Cloud Console you are offered interactive tutorials after creation that you can directly follow through in Cloud Shell, so you don't even need to setup a local workspace. Of course, Container Engine and Compute Engine are good compute options, too, they give you a lot more flexibility (beyond your requirements) but they also come with a lot more administrative overhead. From what I understand your post the trade-off wouldn't be worth it.

The reasoning behind my Google Apps Script suggestion, although it isn't a GCP product: you mentioned that your users already have Google accounts / Google Drive, you know JavaScript, your usage projections should be fine within their per-account limits, its server-less, and you normally pay by account per month. The other reason is that not only Google Forms could be used, but you also could build the reports in Google Docs, convert to PDF and send them per mail. Such things can be implemented rather easily in Apps Script, as long as you target Google users. Of course you can combine GCP products with G Suite products / Google Apps Script. If you want to scale significantly and extend the focus outside of Google Drive users however, you might be better off with adding GCP product to the front-end part of your architecture and not only relying on G Suite / Apps Script.

Regarding GCP, there are a few pages you probably have already read:

• Choosing a Computing Option
• Choosing an App Engine Environment
• Choosing a Storage Option

Regarding the products you have picked, your choices are very reasonable. Some notes though:

• Cloud SQL - mqsql 2nd generation (have never used nosql database before - which would be better for this kind of app?) Can this go down to zero instances when not in use?

In Cloud Datastore you don't have instances and I believe that the pricing could be more suitable to your needs. Also if you want admin users to modify questionaries on their own and you want to store the answers in a database (not just in Google Sheets), then you might be better off with Datastore. And Datastore supports namespaces for multi-tenancy apps. Given a good design (especially regarding small entity-groups, no joins, no monotonically increasing IDs) Datastore can scale and perform incredibly well. If you consider GAE Python Standard, Datastore is a perfect match because of the awesome NDB library which is only available in Python Standard. On the other hand, you already have SQL experience. And your solution probably will never get close to hitting the Cloud SQL limits anyway.

• Cloud IAM to manage users and what they can do?

Just to clarify... Cloud IAM is not a solution to manage users on application level, but for controlling access to your GCP resources. For example, you can manage which user can create new projects, change billing accounts, access a bucket in Cloud Storage, deploy a GAE app, etc. But you would need your own (or 3rd-party) solution to define and control access like "Patient X must not access answers provided by patient Y" or "Practitioner A must not access data of a patient unless certain requirements are met".

 

• Not sure what I would need to get a domain name and SSL up and running?

You can use custom domains with some of the products, the process is more or less the same (that is, you proof that you have control over the domain by modifying DNS records). For the Standard Environments, see Mapping Custom Domains. In GAE Standard there is also a new awesome feature in beta named "managed SSL certificate", see Securing Custom Domains with SSL. However, you can (and in flexible environment you should) upload your own SSL certificate. I wouldn't be surprised to see managed SSL certificates to be added to other GCP products in the future. However, be advised that currently you can expose Cloud Storage URLs under storage.googleapis.com or a custom domain, but SSL only works with storage.googleapis.com URLs.

• Should be protected with SSL/TLS - the whole lot

Although the platform security is covered, you'll need to take care also in your project (e.g. IAM) and on the application level. This also includes 3rd-party libraries. Many people also recommend to not implement your own authentication, but instead use one of the builtin features or something that is already proven. Google accounts are supported in GAE. In GAE Standard you can easily configure app.yaml so that all incoming traffic must be secure, in flex you must modify your code to check manually for HTTP traffic and redirect accordingly.

Wish you best of luck,

Ani

[John Davies]

Thanks all for your replies.  It is looking like the Cloud DataStore is the way to go.  I think the generation of the PDF is going to be the trickiest part so I will concentrate on that part first. From my initial investigations i'll need to think about the best library to generate the PDF in such a way that multipule templates could be used.  John