GCP - Google Cloud Platform

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Heena is looking for a solution that offers proxy-based load balancers for TCP and SSL traffic, and SSL traffic, and need to use globally distributed infrastructure. Which service(s) should she use?

(Global) TCP Proxy and SSL Proxy

Webex: What is unique about the FW (firewall) rules with respect to VPC network "default"?

4 firewall rules are inabled by defalt

Path-Vector Routing Protocol

A protocol that uses dynamically updated paths or routing tables to transmit packets from one autonomous network to another.

GCP: Create and mage transfers how to

Find Object > Create Transfer Job > Select Source > Provide the S3 bucket link with Access ID ans secret keys > Select sink bucket > schedule periodic synchronization

What is Multi-Regional Storage?

For storing data frequently accessed. Geo-redundant. 99.95% SLA availability. Most costly per month ($0.026). EX: Streaming videos or gaming.

What is Regional Storage?

For storing data frequently accessed. Narrow geographic region. 99.9% SLA. 2nd most expensive ($0.02). EX: DataProc/Compute Engine Instances for analytics.

GCE: Are persistent disks stored with VMs?

No, they are separate. You are able to attach and reuse the disk even if you delete the VM instance. You can even resize the disks while the VM is running.

Cloud Firestore: Native mode

NoSQL document-oriented DB that provides autoscaling, high performance, real-time updates, offers mobile and web client libraries, mobile and web apps

Cloud Firestore

NoSQL serverless document oriented db. Cloud Datastore rebranding and backwards compatible with Cloud Datastore. Use Cases: Mobile Apps, IoT apps, Web apps, Real time and offline sync.

Cloud Firestore: Datastore

NoSQL, entity-based DB. Offline updates, Doesn't offer mobile and web client libraries, Server projects (server oriented architecture)

GCP Dev Tools: Cloud Code for IntelliJ

Debug production cloud apps inside IntelliJ

GKE: Why Containers

Decouple OS from application. They are Portable, Shareable, Fast Deploying , Resuable, Versioned, Isolated, Provide Introspection, Immutable.

GCP: Hybrid Connectivity

Dedicated link from on premises to the cloud for decreased overhead (Scenario ex. Data migration, Replication, Disaster Recovery, HPC) Ex: Dedicated Interconnect, Direct Peering, Carrier Peering, Partner Interconnect.

Cloud Armor

Defense against L3 - L7 layer DDoS attacks using Google's global edge infrastructure and DDoS defense expertise..

Webex: What is unique about Google Cloud - Networking perspective compared to other Cloud Providers AWS and Azure? (Interview Question)

Subnets can span multiple regions (global vpc).

Firebase Realtime database

cloud hosted, NoSQL database. It stores and syncs data in real time as JSON and is made available to clients all the time, even when the app is offline. It's used for applications such as chat message services and gaming services.

True or False: Cloud VPN supports only gateway-to-gateway scenario

True

When and instance is in stopped state you can...

the instance performs a normal shutdown. You can attach or detach volumes. A private image can be created from the instance. You can change the RAM disk and instance type.

GCE: Network

the network traffic that instance can access. GCP sets a default network.

Colocation

the practice of housing privately-owned servers and networking equipment in a third-party data center.

Designing a hybrid and multi-cloud strategy

1. Conduct an initial workload assessment. 2. Identify applicable patterns > candidate topologies 3. Prioritize your workloads. 4. Select an initial workload to put in the public cloud. 5. While selecting a workload to migrate, prepare on the Google cloud side. 6. Set up the GC organization projects and policies. 7. Implement the network topology.

Test VPN (A & B) and access it from the two instances in different projects

1. Create firewall rules > Add SSH with 0.0.0.0/0 as IP ranges > add "Allowed Protocols and ports" (APP) as tcp:22 > Add ICMP with different source ranges > Add APP as icmp 2. Create GCE Instances 3. Ping the instance (use ip addr and ping <addr>)

Border Gateway Protocol (BGP)

A core routing protocol that bases routing decisions on the network path and rules.

Load Balancing

A method of dividing work among the devices on a network.

4 Requirements to use VPN

A peer VPN gateway in other side of tunnel. Peer VPN gateway must have a static external IP address. Non conflicting CIDR ranges on both networks. A shared secret must be provided to peer VPN gateway.

Kubernetes Engine: Service

Abstraction that contains a logical set of pods. Enables loose coupling of the pods and a service exposes pod IPs.

GCP: Verify VPN connection

Add firewall rules (for SSH and ICMP traffic for ping)> Create instances (under that net & wall) > SSH & Ping into two projects

GCE: Network tags

Adding tag to the network is useful as the same tag can be used to apply firewall rules.

What is GKE?

Advanced Cluster management, Easy cluster creation, Load Balancing, Auto scaling, Auto upgrades, Auto repair, Logging, monitoring.

GCE: Subnetwork

An IPv4 address is assigned to the instance from subnetwork's range which they can use to communicate with other instances.

Hussain wants to write AJAX-enabled web applications on Google Cloud. Which service should he use?

App Engine standard environment because it allows website templates to include JavaScript and write AJAX-enabled web applications.

GCP Dev Tools: Cloud Tasks

Asynchronously execute, dispatch, and deliver distributed tasks

Why GCP?

Availability, Experience, Pricing & Hosting, Multiple Options, Ease of Use, Big Data.

GCE: Images can be customized from...

Available public images & the persistent disk.

Cloud IAM Best Practices: Service Accounts

Belong to app/VM. used by app to call Google API/service so users aren't involved. Enable authentication and authorization (specific IAM roles).

What protocol(s) is(are) used when Cloud Router is enabled in Google Cloud?

BGP

Infrastructure - Physical level

Backbone network, Data Centers, Point of Presence, Edge Caching

VM instance configuration

Based on: zone, OS and app software. Processor, memory and storage. Network and security.

Identity Platform & Firebase Authentication: compare & contrast

Both support client and admin sdks. Identity Platform offers. Use firebase naming conventions for backwards compatibility.

Microservices Architecture

Break a monolithic application into independent components. Migrating microservices on Cloud (Google Kubernetes Engine) Platform.

GCP Dev Tools: Gradle App Engine Plugin

Build your App Engine projects using Gradle

GAE: Traffic Splitting

Can split traffic based on criteria: IP Address (app receives request and the source IP addy hash guides traffic to the right app version), Cookie (If the user is mobile, this is better), and random.

CSP

Cloud Service Provider

GCP: Network Security

Cloud Armor, SSL Policies

Which of the Cloud options allows frequent access?

Cloud BigTable

How to use GKE?

Cloud Code > Code Repository > Cloud Build > Container Registry > GKE > Use API or GC Console or CLI to create the cluster

GCP Benefits: Event driven or Scheduling of admin tasks

Cloud Functions (FaaS)

Instance group: Industry best practices

Combination of persistent disks and managed groups. Make use of instance template with start-up scripts. Use start-up and shutdown scripts. Use multi-region and multi-zone deployments. Use appropriate scaling conditions such as CPU usage, network throughput etc. Use Managed instance groups.

GCP Benefits: Flexible Machine types

Combinations of Processor and Memory to pay for what you need. Pre-emptible Virtual machines suitable for batch jobs and fault-tolerant workloads.

Creating Unmanaged Instance Group

Compute > Instance Group > Pick Managed or Unmanaged > Create

Creating managed Instance Group

Compute > Instance Template (necessary for same config) > Create > Compute > Instance Group > Managed Instance Group > Create

VPN architecture: Compute Engine Network > Internet > Peer (Remote) Network

Compute Engine VPN gateway (via VPN static IP) > VPN tunnel > (via peer IP) Peer gateway

What is Dedicated Interconnect?

Configure connection between Google and your on premises router at a colocation facility (expensive) or BGP session configured over Cloud Router and On Premises Router. 10+Gb/s speed connection

Cloud Interconnect

Connects your on-premise with GCP with 10 Gbps or 100Gb/s physical pipe.

Cloud VPN

Connects your on-premises/public cloud network securely over the internet via IPsec VPN and requires a bandwidth up-to 3 Gbps

GCP best practices: Compute Engine regions

Consider criteria for which regions to use for your Compute Engine resources

GCP Dev Tools: Cloud Build

Continuously build, test, and deploy containers, Java archives, and more using the Google Cloud infrastructure.

GCP Dev Tools: Tekton

Create CI/CD-style pipelines using Kubernetes-native building blocks

GCP: Create instance under VPN

Create Instance > Name > Zone (where the VPC and VPN are) > Allow HTTP & HTTPS traffic > Expand Management, disk... > Networking > Select VPC network (where instance will be launched)

GCP: Create VPM tunnel

Create VPN (Project 2) Remote peer IP address (Project 1) > Preshared Key (IKE) > Remote Network IP (Project 1) > Local Network IP (Project 2)

Google Compute Engine

Create configurable VMs hosted on Google's infrastructure. Provides flexible and re-sizable compute capacity as a service. Highly scalable and reliable VMs. Minimizes infrastructure cost.

GCP Benefits: Provision and Run custom VMs

Custom Images in GCP helps in creating pre-configured and reusable machine images.

Traditional Environment

Data Center: Expensive, Time Consuming Setup, Maintenance, Resource over/under utilization

GKE: Security

Data Encryption, Google Certified Images, Private Clusters, Identity & Access Management. Trusted Networking: Global VPC, Global Load Balancing, Cloud Armor, Network Policy. Software supply chain security: Binary Authorization, Vulnerability Scanning, Managed Base Image.

What is Nearline Storage?

Data not frequently accessed (once a month). 99% SLA. Ex: Back-ups and serving long-tail multimedia content. low cost ($0.01) per GB per month. High retrieval cost.

What is Coldline Storage?

Data not frequently accessed (once a year). 99% SLA. Ex: disaster recovery/ archived. Least expensive ($0.007) per GB per month. High retrieval cost.

Rajini wants to configure a new version to receive traffic, after testing it on App Engine, is it possible?

Deploy your new version and include the --no promote flag in the "gcloud app deploy" command. Ex: gcloud app deploy --no-promote

GCP best practices: Designing robust systems

Design systems using Compute Engine that can withstand disruptions

GCP Dev Tools: Tools for Visual Studio

Develop ASP.NET apps in Visual Studio on Google Cloud

GCP Dev Tools: Tools for Eclipse

Develop apps in the Eclipse IDE for Google Cloud

Google Cloud Load Balancing: Benefits

Distribute to multiple regions. Meet High Availability Req. Auto-scaling. Cloud Content Delivery Network (CDN).

Find Cloud/GCP Solution: Network, storage, compute etc need scaling and resources made global

Establish global infrastructure for scalability/Google Compute Engine

Cloud Solution to Business Concern: Reliability and Quality

Easy to achieve and automate measures: performance, quality and reliability.

Cloud Functions: How to from Projects

Enable Cloud Functions Api (APIs & Services) > Cloud Functions > Create > Functions to Execute (Optionally)> Test Function >

GCP best practices: Designing for scale on App Engine standard environment

Ensure that your App Engine apps will scale to high loads

Google VPN (Virtual Private Network)

Establish a fine-grained access and permission control over project resources in GCP. Can securely connect to the services running in multiple projects without being exposed to the public.

GCP best practices: design patterns for exporting Cloud Logging

Explore best practices for common logging export scenarios

GCP Dev Tools: Cloud Code

Extend your IDE with tools to write, debug, and deploy Kubernetes applications

GCE: External IP

External IPs are used to communicate with internet or services in other networks of Static and Ephemeral types.

GAE: Flexible Environment Use Case

Flexible: Applications run on Docker containers. Instance Start up in minutes. Modifiable run time (use whatever language base). Compute resource usage pricing.

GCP best practices: Building containers

Follow recommendations for making containers easier to build and run in GKE

Cloud IAM Best Practices: List One

Follow the principle of least privilege. Rotate service account keys. Manager user-managed service account keys. Don't check in service accounts keys to source code.

FaaS

Function as a Service (Severless service):

Access Network Intelligence Center

GCP > Network > Network Intelligence > Topology

GCP: Cloud Armor Set-up

GCP > Networking > Network Security > Security policies > Create (Configure/Add Rules/Add to targets) >

GCP: Create a VPN

GCP > Networking > VPN > Create/Select one > Reserve static IP Address

GCP: Edit Bucket Item permissions (ACLs)

GCP > Storage > Storage > Bucket > item > right click

GCP: Create a Bucket

GCP > Storage > Storage > Create Bucket > Define Storage Class (Multi-Regional, Regional, Nearline, Coldline) > Create

GCP: Add URL to uploaded item in Cloud Storage

GCP > Storage > Storage > item > permissions > Entity (User) > Name (allUsers) > Access (Reader)

GCP: Dedicated Interconnect Set-up

GCP Console > Hybrid Connectivity > Interconnect > Set up Connect > Create > Verification > Finish Set-up > Attach VLAN (associate cloud router) > Configure (add a BGP session

GCE: SSH Keys

GCP creates a default key-pair for the instance, however if you wish to generate and apply for an instance you can define it here.

How does GKE work?

GKE Zonal Container Cluster> Zonal Control Plane: Resource Controller, Api server, Storage & Scheduler. Nodes: Kublet, Pod (containing containers). Connected GCP Services: (ex) VPC Networking, Persistent Disk, Load Balancer, Cloud Monitoring.

GCE: Machine Types

General Purpose: General Servers, Websites, and Databases. Compute Optimized: High Performance Computing, Gaming, Electronic Design Automation, and Single Threaded Apps. Memory Optimized: Large in-memory databases, and in-memory analytics.

GCP Dev Tools: Firebase Crashlytics

Get clear actionable insight into app issues

Stackdriver Logging

Get visibility into the policy and rule matched and the action taken by the rule for each incoming request. (See if the policy worked)

SSL Policies

Give you the ability to control the feature of SSL that your SSL proxy or HTTPS load balancer negotiates with clients (both SSL and TLS protocols).

When your backends are distributed across multiple regions, users need access to the same applications and content, and you want to provide access by using a single anycast IP address. Which load balancing would be the better option?

Global Load Balancing

Infrastructure - Abstract level

Global, Region, Zone

Different types of load balancing

Global: HTTP(S) LB, SSL Proxy, TCP Proxy. Regional: Network LB, Internal L4 LB, Internal HTTP(S) LB

GCP Benefits: Traffic splitting between older and newer version for A/B testing

Google App Engine (GAE)

GCP Benefits: No provisioning or management after deployment

Google App Engine (GAE) (PaaS)

Types of IAM members

Google account, Service account, Google group, G Suite domain, Cloud Identity domain

GCP Benefits: Security

Google grade security (15 yrs exp). Ensured by experts in info, app, and network security. Compliance and certifications on SSAE16/ ISAE 3402 Type II, ISO 27001, ISO 27017 etc.

What is the best way to apply the principle of least privilege when granting access to Google Cloud Platform resources?

Grant restricted permissions at the at the top of the resource hierarchy. Then, for specific users, grant additional granular permissions as you go down the hierarchy.

GCP Cloud Storage Transfer Service: Data sources

HTTP/HTTPS location, Cloud storage bucket, Amazon Simple Storage Service (S3)

Kubernetes Engine: Replication Controller

Helps maintain high resiliency by managing the pods. Logical entity that creates and managing the pods. Can use a pod template and a replicas count variable. Commits health checks.

Cloud Solution to Business Concern: Scalability

Highly Scalable with low turn-around. No burden of resource scaling up or down.

Cloud Solution to Business Concern: Indeterminate Costs

Highly cost effective. Setup and maintenance is optimally mapped to budget restrictions.

GCP: Bucket Access Permission

IAM permissions grant bulk access to bucket objects. ACLs grant fine-grained control over objects. Signed URLs (query string authentication) grant time-limited access to bucket and objects. Signed Policy Document to specify upload characteristics to a bucket

Shared secret

IKE (Internet key exchange) is the protocol used to establish a shared secret used for VPN connection setup between two different network or regions.

IAM

Identity and Access Management

Harry wants to run an HTTP Cloud Function Which automatically re-deploys another HTTP Cloud Function stored on GitHub whenever a commit is pushed. How can he achieve this?

If you wish to deploy function source code from a source repository like GitHub, you can use Google Cloud Source Repositories to deploy functions directly from branches or tags in your inventory.

IaaS

Infrastructure as a Service: remote access to virtual cloud infrastructure. Control over OS choice on VM instances. Configure dev environment remotely. Ex: Elastic Compute Cloud (EC2) AWS.

GCP Benefits: Smarter infrastructure

Infrastructure is optimized with ML to provide a better environment for users

GCE: How to Deploy application

Install php and mysql on VM > Test the Apache and PHP > Deploy PHP app

GCP Benefits: Scale Infrastructure capacity automatically

Instance Groups in GCP helps to scale capacity through real time provisioning of virtual machines based on defined conditions.

Unmanaged Instance Groups

Instances are of dissimilar capacity. Can be added or removed. No AutoScaling, or support for rolling updates and instance templates.

GCE: Internal IP

Internal IP is automatically generated and assigned to an instance when created. It is unique to a virtual private network(VPN).

GCP Management Tools: Private Catalog (beta)

It helps in controlling internal enterprise solutions and to make them easily discoverable.

GCP Management Tools: Cloud APIs

It is used to manage Google Cloud resources programmatically.

GCP Management Tools: Cloud Shell

It is used to manage cloud resources using a command-line interface

GCP Management Tools: Cloud Console

It is used to manage cloud resources using a web-based console

GCP Management Tools: Cloud Deployment Manager

It is used to manage cloud resources using simple templates

GCP Management Tools: Cost management

It is used to monitor, control, and optimize your costs

Orbitera White-Label Marketplace

It will enable customers to find and purchase your solutions

Kubernetes Cluster High Level Architecture

Kubernetes master: Kube-controller-manager & etcd storage, Kube-apiserver, Kube-scheduler. Kubernetes Minions: kubelets, kube-proxies.

HTTP(S) Load Balancer

L7 Traffic, HTTP(S), Google Front End Servers

GCP best practices: Floating IP addresses

Learn alternatives to using floating IP addresses when migrating applications from on-premises to Compute Engine

GCP best practices: Enterprise Organization

Learn how to set up organizations, manage identities, configure networking, establish logging and more

GCP best practices: Optimizing application latency with load balancing

Learn how your choice of specific load balancer on Google Cloud affects end-to-end

Peering

Lets you connect to GCP either through direct mode or through carrier peering mode through which you can access GCP; saving the egress cloud spent

Hybrid Connectivity

Lets you connect your on-premises infrastructure with GCP. GCP Products: Cloud Interconnect, Cloud VPN, Peering.

GCP Benefits: Live Migration

Machines can be migrated (machine <> Google) even while running at loads up to 95%.

Cloud Functions is ideal for which use case?

Light-weight, event-driven, serverless, microservices

Traditional Environment Business Concerns

Limited Scalability. High Turnaround. Manual scaling impacts performance less effective. High maintenance overhead. Poor resource utilization.

GCP Benefits: General Parameters

Lower server, staff, and management costs. Faster response time for server set up. Decreased app failure rate and server downtime.

GCP Dev Tools: Cloud Source Repositories

Manage code and extend your Git workflow by connecting to Cloud Build, App Engine, Cloud Logging, Cloud Monitoring, Pub/Sub, and more

GCE: Use Cases

Migrate existing applications. Run windows apps bringing your own licenses or using the included license images.

What are the four storage classes?

Multi-Regional, Regional, Nearline, Coldline

GCP: Add SSH

Must add rule to firewall > Create Firewall rule > Name > Specify Network > Allow traffic on from all ports (0.0.0.0/0) > Specify tcp:22 (protocol & port)

GCP: Create VPN gateway

Name > Region > Create a static IP address (reserve)

GCP Dev Tools: Cloud Scheduler

Schedule batch jobs, big data jobs, and cloud infrastructure operations using a fully managed cron job service

What are the capabilities of Google Cloud Functions?

No servers to provision, manage, or upgrade. Automatically scale based on the load, Integrated monitoring, logging, and debugging capability.

GCP Benefits: Innovative pricing

No upfront cost. Pay-as-you-go. Sustained user discount(<= 30% for running much of billing month). Committed discount (<= 57%) for usage term of 1 or 3 years. Per second billing. No termination fees.

GCP best practices: Best practices for SQL Server

Optimize Compute Engine instances that run Microsoft SQL Server.

IAM Concepts: Hierarchy

Organization > [Folder]... >Project > Resource

Google App Engine

PaaS that fully manages the web applications at scale. App engine automatically handles the detail of capacity provisioning, monitoring and scaling on demand. users can select popular languages or import their own language container.

Which statement is true of persistent disks?

Persistent Disks are not physical disks, they are a virtual-networked service. Each persistent disk remains encrypted either with system-defined keys or with customer-supplied keys.

PaaS

Platform as a Service: Runtime, platform and Tools by CSP. No management effort. Less control over the infrastructure. Control over application code. Ex: Salesforce.com App Cloud, Google App Engine (GAE).

Cloud Armor

Pre-defined rules to protect against the web's most common attacks, Rich Rules Language, Visibility and monitoring, Logging, Preview mode, IP-based and geo-based access control

IAM Concepts: IAM Roles

Primitive: Viewer, Editor, Owner (Project Level) Predefined: Granular access to GCP resources. Custom: Allows a precise set of permissions (you have to manage the permissions).

What Cluster type do you use for High Availability?

Regional. Use Zonal when you need to rapidly create clusters and push upgrades.

GCP best practices: Transferring large datasets to Google Cloud

Review important considerations for planning and implementing a data transfer to Google Cloud

Kubernetes Engine

Run containerized applications (AI/ML, web apps, API, and backend), Open source cluster management system, Run apps in container cluster, Run Kubernetes on Google Cloud Infrastructure, Load-balancing, Node pools within cluster, Auto scale of cluster's node, auto-repair for node and Cloud Monitoring

GCP: Verify instance communication (via network)

SSH an instance (Instance 1) > use "ip addr" to get Remote IP Address > use "ping [Remote IP Address] to check connectivity (in Instance 2)

Managed Instance groups

Same instance template. AutoScaling and Load balancing. Zonal & Regional types.

What mechanism should you use to authenticate your applications when invoking Google APIs?

Service account

Create a Kubernetes Engine cluster

Set Default compute zone > Create a Kubernetes Engine cluster > Get authentication credentials > Deploying an application

Kubernetes Engine: Demonstration (Cluster Setup)

Set default compute zone > Create Kubernetes Engine Cluster > Get authentication credentials

Kubernetes Engine: Demonstration

Set default compute zone > Create Kubernetes Engine Cluster > Get authentication credentials > deploy application > Create Kubernetes service

Community Cloud Structure

Shared Infrastructure (according to guide). Collaborative effort. Multi-tenant. Community-driven governance.

Cloud Datastore

Shema-less, Fast and highly scalable, Fully managed, Integrated and secure (automatically encrypt and decrypt messages). Use Cases: integration point, User profiles and preferences, mobile games, Product catalogues, Recording transactions

Shielded VMs

Shielded VM's verifiable integrity is achieved through the use of Secure Boot, virtual trusted platform module or vTPM-enabled Measured Boot, and integrity monitoring

Private Cloud Structure

Single Tenant. Data location with CSP an on premise. Compliance & Regulatory requirements can change resource set up. Improved security.

SaaS

Software as a Service: App hosted on cloud platform for public use (browser access). No backend visibility. Subscription base. Ex: Microsoft 365, Google Apps.

GAE: Standard Environment Use Case

Standard: Applications run on Sand boxed environment. Suitable For sudden extreme spikes in traffic. Start up instances in seconds. Instance hour number pricing.

You can view the output from your console.log and console.error messages in which service?

Stackdriver Logging

GAE: Environments

Standard & Flexible

GCE: Static vs Ephemeral External IPs

Static: assigned to the project and remain attached to the stopped instance as well until released. Ephemeral: It remains attached to the VM until it is stopped or restarted.

GCP Dev Tools: Artifact Registry (beta)

Store, manage and secure container images and language packages

GCP Dev Tools: Container Registry

Store, manage and secure your Docker container images

Pull Subscription

Subscriber (uses cloud client libraries to retrieve messages) controls the rate of delivery. Enables batch delivery. When you need o process a large amount of data with high throughput.

handle message ordering for transactional data

Subscriber checks oldest unacknowledged message in Cloud Monitoring metrics.

Deployment Model: Hybrid Cloud

Suited: Cloud bursting, On demand, sensitive. Advantage: lowest TCO, High Performance, Rapid, High Customizable. Challenges: Portability, Migration Integration

Deployment Model: Private

Suited: Sensitive Data , Legal Compliance. Advantages: Security & control, Optimized Performance. Challenges: High cost of ownership, skillset

Deployment Model: Community Cloud

Suited: Universities, Hospitals. Advantages: Lowest TCO, Rapid Elasticity. Challenges: Complex IT governance, skill set

GCP Pricing Options

Sustained Use discount, Preemptible VM Instances, Per second Billing, Custom machine type

GCP Dev Tools: Firebase Test Lab

Test your mobile apps across a wide variety of devices and device configurations

Name some Cloud Vision API Capabilities.

The Vision API can categorize objects under labels and perform optical character recognition (OCR). The Vision API can detect landmarks, logos, faces, and explicit content.

the boot disk image

This image includes the boot loader, the operating system, the file system structure, any pre-configured software, and any other customizations.

Firebase Hosting

To host HTML JavaScript for websites

Firebase Remote config

To store key value pairs specified by the developers in order to change the behavioral properties of app without having to download an update of the app

Kubernete Traffic Flow

Traffic > Proxy > Service > Pods

GCP best practices: Using Cloud IAM and Cloud Billing in higher education

Understand important issues for setting up your institution's Google Cloud environment

GCP best practices: VM image management

Understand the best ways to create and manage Compute Engine VM.

Cloud IAM Best Practices: List Two

Use Cloud Audit Logging and export logs to Cloud Storage. Set organization-level IAM policies. Grant roles to a Google group when possible.

GCP Dev Tools: Tools for PowerShell

Use PowerShell to script, automate, and manage Windows workloads running on Google Cloud

GCP Benefits: Secure GCP resources within customizable network

Use Virtual Private Cloud(VPC) in GCP to create and manage all network resources centrally using fine-grained policies

Find Cloud/GCP Solution: Need effective high throughput and large data volume storage mechanisms

Use highly available and scalable cloud storage mechanism/Cloud Storage

Your company is planning to roll out a new version of their API. While they do, they need to ensure that the old version of API is also available till that time customers and testers try out the new API. So they want a mechanism to keep the same SSL and DNS records in place to serve both APIs. What should they do?

Use separate backend pools for each API path behind the load balancer

Kubernetes Engine: High Level Overview

User > Api > Kubernetes Cluster

GCP Benefits: Superior Load balancing capabilities

Uses Google services' load balancing platform. Easily scale from zero to 1 million requests/second, in seconds.

GKE: Why Kubernetes?

Way to orchestrate a large number of containers. Portable Extensible, Open Source Platform for managing containers.

GKE: Auto scaling

Work Loads: Horizontal Pod Autoscaler (HPA): More pods. Vertical Pod Autoscaler: Pod Size. Infrastructure: Cluster Autoscaler (CA): More Nodes. Node Auto-provisioning (NAP): Dynamically creating new node pools.

Rajesh wants to use the same deployment command for deploying multiple services of application on Google app Engine. How can He achieve this?

You can deploy multiple services, by either separately deploying each service's app.yaml or specifying multiple files with a single deploy command, as shown below

Region

a collection separate geographic area which has multiple isolated locations called zones

Cloud Pub/Sub processing and coupling

asynchronous (separate) loose coupling (don't need to be paired). used as a buffer for incoming data. Can fan out to multiple subscribers at once.

Identity Platform provides...

authentication as a service (with a federated login holding many common providers)

Cloud storage transfer service

can be used to quickly import online data into Google Cloud Storage. Data is transferred from online data source to data sink.

When is the static IP used in GCP?

configuring tunnel between two networks. Used when tunneling endpoints should be connected and configured in a static way.

Points of presence

data center locations delivering traffic faster to countries via the backbone.

IAM Concepts: Permissions

def: permissions represent what actions can be done on a resource. syntax: <service>.<resource>.<verb>

edge catching

edge caching platform on top of GCP network

Google Cloud Network Service Tiers (Cloud Atlas)

empowers customers to optimize their cloud network for performance or price (Premium & Standard)

GCP: Cloud load balancing

fully distributed, software-defined solution that balances user content to multiple backends to avoid congestion and ensure low latency.

Google Cloud Run

fully managed compute platform that automatically scales your stateless containers. It's serverless and only runs when there are requests.

Google Cloud Data transfer

highly scalable (can capture upto petabyte of data), secure (via encryption)

GCP: HTTP load balancing

incoming application requests can distributed across GCP instances. Instances can be included or removed from the load balancer. Provides a single end point for accessing the web application.

IOPS

input/output operations per second

GCP Dev Tools: Cloud SDK

install a command-line interface to script and manage Google Cloud products from your own computer

VPC

isolated private network within the Google cloud that provides network functionality for GCP resources. VPCs are configured under regions.

Tunnel

it is the interconnection of networks between VPCs and there can be 1:1, 1:n, n:n and n:1 connectivity. Tunnel can be established by sharing the remote network configuration details.

VPN gateway

it is the virtual gateway running in GCP. By attaching this, resources in VPC can get access to the network.

GCE: IP forwarding

it lets the instance route to the packets. You can set it on to enable forwarding.

A solution in cloud to auto provision instances based on pre-defined workload conditions

managed instance group

Instance groups

reduce management effort in managing multiple individual instances.

Define regions and zones in GCP

regions: geographical locations across the globe which are divided into zones (22 regions) zones: locations where data centers are built (2+ = region)

Google Environment friendly

100% Carbon neutral since 2007. Largest Private Investor in Wind & Solar energy, 50% less energy use than typical Data centers. First DC to receive ISO 14001 Cert

Subnet

A VPC network that's divided into subnetworks (called subnets). IP address ranges in CIDR notation and contained within a single region. firewall rules can help isolate portions of the subnet.

Anthos

A way to observe & manage (through monitoring & logging) policy enforcement, service management, container management, and infrastructure management.

Google Cloud Anthos

Anthos is an open hybrid and multi-cloud application platform allowing building, running securely, and modernization of applications; built on open source technoogies (kubernetes, Istio, and Knative) enabling consistency between on premise and cloud environments.

Reasons to use OAuth 2.0 to access resources on behalf of a user

App access user's BigQuery datasets. User authentication to create user projects.

Cloud IAM Best Practices: ADC

Application Default Credentials: checks for GOOGLE_APPLICATION_CREDENTIALS env var. Checks for default service accounts. Else error.

IAM Concepts: Policy

Attached to a resource and used to enforce access control. Consists of list bindings (bind a list of members to a role)

Hybrid Cloud Structure

Benefits of both private & public deployment models. Duplex (bock &forth between public & private). Control over sensitive assets private. Flexibility (can access public resources)

Cloud IAM Best Practices: External Keys

Can be used outside GCP but responsible for key rotation and security. Can be used to track API use for quota and billing (especially for non-backend server).

What Google API would you use to transcribe audio into text?

Cloud Speech API (Pre-Trained ML API)

What Google API would you use in an Expense Report application to extract text from images of receipts?

Cloud Vision API (Pre-Trained ML API)

Name the 4 Major components of the Google Cloud Platform.

Compute, Networking, Storage, and Database

IAP Precautions

Configure your firewall and load balancer against external traffic. Use signed headers or the App Engine standard environment Users API.

How do Social Media Platforms achieve?

Continuous Integration & Continuous Deployment. Microservices. DevOps. Global Deployment.

When a new employee joins your organization, HR needs to notify the security, facilities, and training teams so that those teams can perform their tasks related to new employees. You need to design an application architecture that notifies all teams promptly and reliably. Select the four steps that create the most effective design for this scenario.

Create a Cloud Pub/Sub topic called NewEmployee. Create an HRPublisher service that publishes messages to the NewEmployee topic. Create a separate subscription for security, facilities, and training. Create SecuritySubscriber, FacilitiesSubscriber, and TrainingSubscriber services that subscribe to messages in the NewEmployee topic.

Cloud IAM Best Practices: Creating a service account

Create the service account (via console) > Generate & download credentials file > set an env var. to provide credentials to app > authenticate in your code with default credentials.

VPN

Enables you to define a customizable network between

a persistent disk

Even though it's persistent, it's not physically attached to the machine. This separation of disk and compute allows the disk to survive if the VM terminates. You can also perform snapshots of these disks, which are incremental backups

Identify two ways of invoking Cloud Functions.

External systems can synchronously invoke functions as web hooks in response to events in those systems. Cloud Functions can also be triggered asynchronously in response to events in GCP services.

GCP: Create a VM

GCP Console > Compute Engine > VM Instances > Create Instance > Configure > Create (wait for green check) > Connect > SSH

What resources can you grant members access to using IAM?

GCP projects, Compute Engine instances, Cloud Storage buckets, Pub/Sub topics

How to make: VPC

GPC Console > Network > VPC network > Create VPC Network > Config > Create. You can also create Custom networks with subnets of specific ranges.

Why is Idempotency necessary?

Idempotency is important in APIs because a resource may be called multiple times if the network is interrupted. In this scenario, non-idempotent operations can cause significant unintended side-effects by creating additional resources or changing them unexpectedly.

IAP

Identity-Aware Proxy: Controls access to cloud applications (Google). Verifies user identity. Determines application access.

Cloud Benefits

Low initial investment & Pay for capacity used. User access management. Pay as you go. Easy deployment. Reliable, Scalable, Sustainable. Highly automated.

Preemptible VM

Lower Price (Up to 80%). May be terminated randomly. No charge if terminated in first minute. No live migrate; no auto restart.

Explain GCP Machine types

Machine types are categorized by: configurations ( storage, CPU, memory, network capacity, clock speed etc), families (nature of the data center workload), standard, high-memory, high-CPU, Shared-core machine types

Find Cloud/GCP Solution: Dedicated staffing for resource management need to be cut and resource monitoring dashboards for easy maintenance are to be implemented

Minimize assumptions on capacity planning and implement pay as you use model/ Google Cloud resources

Public Cloud Structure

Multitenant Infrastructure shared. Highly scalable. Resilient. No maintenance (done by service provider). Low cost.

Cloud Features

On demand self service. Anytime anywhere network access. Rapid elasticity(scalability). Location independent resource pooling. Measured service.

How are cloud services delivered?

Public: Service provider - over internet. Private: Enterprise - on/off premise. Community: Shared orgs - hosted outside. Hybrid: two or more of above.

Google Cloud Functions

Scalable pay-as-you-go FaaS to run your code with zero server management.

Find Cloud/GCP Solution: Instance connections need to be secure and less latency from endpoints

Secure connections are to be made with low latency for better user experience/ Cloud Virtual Network.

Push Subscription

Sends each message to the subscriber as a Http request to a pre-configured http endpoint. (push endpoint could be a load balancer or app engine app.) Can use Cloud Functions for serverless approach.

Your support database contains feeback data from customers. You want to analyze customer sentiment for the last quarter. What property and pre-trained machine learning API can you use to gauge customer sentiment?

Sentiment score and magnitude from Cloud Natural Language API

Deployment Model: Public

Suited: Variable Workload, Test & Dev. Advantages: Lowest TCO, fast deployment, rapid elasticity. Challenge: Data security, privacy

What are sustained use discounts?

That's correct! Sustained use discounts are automatic discounts that you get for running specific Compute Engine resources (vCPUs, memory, GPU devices) for a significant portion of the billing month. To take advantage of the full 30% discount, create your VM instances on the first day of the month, because discounts reset at the beginning of each month.

Sales data is published to a Cloud Pub/Sub topic called SalesTopic. The Finance application subscribes to the topic and begins receiving sales data messages. Later, the Inventory team creates another subscription to the topic to receive the Sales data as well. Howeverr, the Inventory team's data does not tally with the Finance team's data. What could the reason be?

The Inventory team's subscriber only receives messages that are published after the subscription was created.

Identify two ways to invoke the pre-trained machine learning APIs such as the Vision API or Natural Language API in your application?

Use the REST API. Use Cloud Client Libraries when available for production use.

Which statement is true of Virtual Machine Instances in Compute Engine?

VMs in Compute Engine are a collection of networked services. This includes disks (persistent disks) which are network-attached. In some cases the GCP VM behaves unlike hardware or other kinds of virtual machines, for example, when a multi-tenant virtual CPU ""bursts"", using excess capacity beyond the VM spec.

Your photo-sharing application requires user login. You don't want to build a custom user authentication system that stores usernames and passwords. What is the best way to authenticate your users?

You can leverage federated identity management by using Firebase authentication.

Your enterprise has an online expense reporting application. Employees must be able to access the application without having to log into the corporate VPN. How can you enable this type of access?

You can use Cloud Identity-Aware Proxy to provide application-level access.

Compute Engine is...

a computing and hosting service that lets you create and run virtual machines on Google infrastructure.

GCE: Root persistent disk

boot disk image contains a root file system and OS of two kinds Public image - default images accessed by all projects which are provided by Google. Custom image - user can create the image of existing root persistence disk for only in that specific project.

Define data center and backbone network with GCP

data center: environment friendly with cluster of efficient servers using for high end computational and backend storage. Backbone network: Google's global mesh network to interconnect data centers and deliver traffic

Cloud Pub/Sub: handling duplicate messages

ensure that messages contain identifying attributes that subscribers can use to perform idempotent operations

Cloud Pub/Sub

fully managed real-time messaging architecture. Delivers each message to every subscription at least once. Publisher > Topic > Subscription > Subscriber > Pull or push.

Peer VPN gateway

it is the gateway running in peer device to which connection needs to be established from cloud VPN. It refers to the other side of connection that can be a physical device running on your premises.

Cloud VPN gateway

it is the virtual component of VPN manage by GCP which allows communication between resources inside VPN and internet

examples of elimination dependencies on order

log info, online notification

Projects

the key organizer of infrastructure resources in GCP. A project associates objects and services with billing.


Ensembles d'études connexes

Chapter 3: Hereditary Influences on Health Promotion of the Child and Family

View Set

2. A pénzügyi intézményrendszer

View Set

CPT-113 Test 1, CPT-113 Test 2, CPT-113 Test 3, CPT-113 Test 4

View Set