GCP - Associate Cloud Engineer

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Compute Engine: Image

Public Images: Provided & maintained by Google or Open source communities or third party vendors Custom Images: Created by you for your projects

Compute Engine: Availability Policy

On host maintenance: What should happen during periodic infrastructure maintenance? - Migrate (default): Migrate VM instance to other hardware - Terminate: Stop the VM instance Automatic restart: Restart VM instances if they are terminated due to non-user-initiated reasons (maintenance event, hardware failure etc.)

Compute Engine: Usage Discounts

Sustained use discounts - Automatic discounts for running VM instances for significant portion of the billing month. No action required on your part! - Applicable for instances created by Google Kubernetes Engine and Compute Engine. - RESTRICTION: Does NOT apply on certain machine types (example: E2 and A2) - RESTRICTION: Does NOT apply to VMs created by App Engine flexible and Dataflow Committed use discounts - For workloads with predictable resource needs - Commit for 1 year or 3 years - Up to 70% discount based on machine type and GPUs - Applicable for instances created by Google Kubernetes Engine and Compute Engine. - RESTRICTION: Does NOT apply to VMs created by App Engine flexible and Dataflow

Cloud KMS

- Create and manage cryptographic keys (symmetric and asymmetric) - Control their use in your applications and GCP Services. - Provides an API to encrypt, decrypt, or sign data - Use existing cryptographic keys created on premises - Integrates with almost all GCP services that need data encryption: -- Google-managed key: No configuration required -- Customer-managed key: Use key from KMS -- Customer-supplied key: Provide your own key

Compute Engine: Features

- Create and manage lifecycle of Virtual Machine (VM) instances - Load balancing and auto scaling for multiple VM instances - Attach storage (& network storage) to your VM instances - Manage network connectivity and configuration for your VM instances

Compute Engine: Internal and External IP Addresses

- External (Public) IP addresses are Internet addressable. - Internal (Private) IP addresses are internal to a corporate network. - You CANNOT have two resources with same public (External) IP address. HOWEVER, two different corporate networks CAN have resources with same Internal (private) IP address - All VM instances are assigned at least one Internal IP address - Creation of External IP addresses can be enabled for VM instances. Remember that when you stop an VM instance, External IP address is lost.

RTO & RPO

- How do we measure how quickly we can recover from failure? -- RPO (Recovery Point Objective): Maximum acceptable period of data loss -- RTO (Recovery Time Objective): Maximum acceptable downtime - Achieving minimum RTO and RPO is expensive - Trade-off based on the criticality of the data

Compute Engine: Reducing Launch Time with Custom Image

- Installing OS patches and software at launch of VM instances increases boot up time. - Custom image can be created with the OS patches and required software pre-installed. -- Can be created from an instance, a persistent disk, a snapshot, another image or a file in Cloud storage. -- Can be shared across projects. -- (Recommendation) Deprecate old images (& specify replacement image) -- (Recommendation) Hardening an image - Customize images to your corporate security standards. - Prefer using custom image to startup script.

Google Kubernetes Engine (GKE)

- Managed Kubernetes service - Minimize operations with auto-repair (repair failed nodes) and auto-upgrade (use latest version of K8S always) features - Provides Pod and Cluster Autoscaling - Enable Cloud Logging and Cloud Monitoring with simple configuration - Uses Container-Optimized OS, a hardened OS built by Google - Provides support for Persistent disks and Local SSD

Compute Engine: Preemptible VM

- Short-lived cheaper (upto 80%) compute instances -- Can be stopped by GCP any time (preempted) within 24 hours -- Instances get 30 second warning (to save anything they want to save) - Use Preempt VM's if: -- Your applications are fault tolerant -- You are very cost sensitive -- Your workload is NOT immediate -- Example: Non immediate batch processing jobs - RESTRICTIONS: -- NOT always available -- NO SLA and CANNOT be migrated to regular VMs -- NO Automatic Restarts -- Free Tier credits not applicable

Compute Engine: Static IP Addresses

- Static IP can be switched to another VM instance in same project. - Static IP remains attached even if you stop the instance. You have to manually detach it. - Remember : You are billed for an Static IP when you are NOT using it! Make sure that you explicitly release an Static IP when you are not using it.

Compute Engine: Instance Templates

- Why do you need to specify all the VM instance details (Image, instance type etc) every time you launch an instance? >> How about creating a Instance template? >> Define machine type, image, labels, startup script and other properties - Used to create VM instances and managed instance groups. Provides a convenient way to create similar instances - CANNOT be updated. To make a change, copy an existing template and modify it

Identity management in cloud

- You have resources in the cloud (examples - a virtual server, a database etc) - You have identities (human and non-human) that need to access those resources and perform actions. For example: launch (stop, start or terminate) a virtual server - How do you identify users in the cloud? How do you configure resources they can access? How can you configure what actions to allow? - In GCP: Identity and Access Management (Cloud IAM) provides this service

Compute Engine: Live Migration

- Your running instance is migrated to another host in the same zone - Does NOT change any attributes or properties of the VM - SUPPORTED for instances with local SSDs - NOT SUPPORTED for GPUs and preemptible instances

Compute Engine: Bootstrapping

Bootstrapping: Install OS patches or software when an VM instance is launched. In VM, you can configure Startup script to bootstrap.

Cloud Load Balancing: SSL/TLS Termination/Offffloading

Client to Load Balancer: Over internet - HTTPS recommended Load Balancer to VM instance: Through Google internal network - HTTP is ok. HTTPS is preferred. SSL/TLS Termination/Offloading - Client to Load Balancer: HTTPS/TLS - Load Balancer to VM instance: HTTP/TCP

Cloud Functions: Concepts

Event: Upload object to cloud storage Trigger: Respond to event with a Function call - Trigger - Which function to trigger when an event happens? - Functions - Take event data and perform action? Events are triggered from - Cloud Storage - Cloud Pub/Sub - HTTP POST/GET/DELETE/PUT/OPTIONS - Firebase - Cloud Firestore - Stack driver logging

Encryption: Defence in Depth

First law of security: Defense in Depth. Typically, enterprises encrypt all data - Data on your hard disks - Data in your databases - Data on your file servers

Compute Engine: Machine Family

General Purpose (E2, N2, N2D, N1): Best price-performance ratio. For Web and application servers, Small-medium databases, Dev environments Memory Optimized (M2, M1): Ultra high memory workloads. For Large in-memory databases and In-memory analytics Compute Optimized (C2): Compute intensive workloads. For Gaming applications

Compute Engine: Instance Groups

Instance Group: Group of VM instances managed as a single entity. Manage group of similar VMs having similar lifecycle as ONE UNIT Managed: Identical VMs created using a template: - Auto scaling, auto healing and managed releases Unmanaged: Different configuration for VMs in same group: - Does NOT offer auto scaling, auto healing & other services - NOT Recommended unless you need different kinds of VMs Location can be Zonal or Regional. Regional gives you higher availability (RECOMMENDED)

Compute Engine: Managed Instance Groups (MIG)

Managed Instance Group - Identical VMs created using an instance template - Maintain certain number of instances. If an instance crashes, MIG launches another instance - Detect application failures using health checks (Self Healing) - Increase and decrease instances based on load (Auto Scaling) - Add Load Balancer to distribute load - Create instances in multiple zones (regional MIGs). Regional MIGs provide higher availability compared to zonal MIGs - Release new application versions without downtime -- Rolling updates: Release new version step by step (gradually). Update a percentage of instances to the new version at a time. -- Canary Deployment: Test new version with a group of instances before releasing it across all instances.


Ensembles d'études connexes

Module 4 HESI/ Saunders Psychosocial Alterations

View Set

Individual Protective Equipment C-11A08

View Set

Chapter 12- The Presidency - Test Study Guide

View Set

Florida laws and rules pertinent to insurance 18/8

View Set

Accidental health and sickness module 5

View Set

Cognitive Psychology (Chapter 3)

View Set

Unit 8: Nursing Care: Neurological Alterations

View Set

Peripheral Nerve and Spinal Cord Problems

View Set