GCP - Google Cloud Platform
Heena is looking for a solution that offers proxy-based load balancers for TCP and SSL traffic, and SSL traffic, and need to use globally distributed infrastructure. Which service(s) should she use?
(Global) TCP Proxy and SSL Proxy
Webex: What is unique about the FW (firewall) rules with respect to VPC network "default"?
4 firewall rules are inabled by defalt
Path-Vector Routing Protocol
A protocol that uses dynamically updated paths or routing tables to transmit packets from one autonomous network to another.
GCP: Create and mage transfers how to
Find Object > Create Transfer Job > Select Source > Provide the S3 bucket link with Access ID ans secret keys > Select sink bucket > schedule periodic synchronization
What is Multi-Regional Storage?
For storing data frequently accessed. Geo-redundant. 99.95% SLA availability. Most costly per month ($0.026). EX: Streaming videos or gaming.
What is Regional Storage?
For storing data frequently accessed. Narrow geographic region. 99.9% SLA. 2nd most expensive ($0.02). EX: DataProc/Compute Engine Instances for analytics.
GCE: Are persistent disks stored with VMs?
No, they are separate. You are able to attach and reuse the disk even if you delete the VM instance. You can even resize the disks while the VM is running.
Cloud Firestore: Native mode
NoSQL document-oriented DB that provides autoscaling, high performance, real-time updates, offers mobile and web client libraries, mobile and web apps
Cloud Firestore
NoSQL serverless document oriented db. Cloud Datastore rebranding and backwards compatible with Cloud Datastore. Use Cases: Mobile Apps, IoT apps, Web apps, Real time and offline sync.
Cloud Firestore: Datastore
NoSQL, entity-based DB. Offline updates, Doesn't offer mobile and web client libraries, Server projects (server oriented architecture)
GCP Dev Tools: Cloud Code for IntelliJ
Debug production cloud apps inside IntelliJ
GKE: Why Containers
Decouple OS from application. They are Portable, Shareable, Fast Deploying , Resuable, Versioned, Isolated, Provide Introspection, Immutable.
GCP: Hybrid Connectivity
Dedicated link from on premises to the cloud for decreased overhead (Scenario ex. Data migration, Replication, Disaster Recovery, HPC) Ex: Dedicated Interconnect, Direct Peering, Carrier Peering, Partner Interconnect.
Cloud Armor
Defense against L3 - L7 layer DDoS attacks using Google's global edge infrastructure and DDoS defense expertise..
Webex: What is unique about Google Cloud - Networking perspective compared to other Cloud Providers AWS and Azure? (Interview Question)
Subnets can span multiple regions (global vpc).
Firebase Realtime database
cloud hosted, NoSQL database. It stores and syncs data in real time as JSON and is made available to clients all the time, even when the app is offline. It's used for applications such as chat message services and gaming services.
True or False: Cloud VPN supports only gateway-to-gateway scenario
True
When and instance is in stopped state you can...
the instance performs a normal shutdown. You can attach or detach volumes. A private image can be created from the instance. You can change the RAM disk and instance type.
GCE: Network
the network traffic that instance can access. GCP sets a default network.
Colocation
the practice of housing privately-owned servers and networking equipment in a third-party data center.
Designing a hybrid and multi-cloud strategy
1. Conduct an initial workload assessment. 2. Identify applicable patterns > candidate topologies 3. Prioritize your workloads. 4. Select an initial workload to put in the public cloud. 5. While selecting a workload to migrate, prepare on the Google cloud side. 6. Set up the GC organization projects and policies. 7. Implement the network topology.
Test VPN (A & B) and access it from the two instances in different projects
1. Create firewall rules > Add SSH with 0.0.0.0/0 as IP ranges > add "Allowed Protocols and ports" (APP) as tcp:22 > Add ICMP with different source ranges > Add APP as icmp 2. Create GCE Instances 3. Ping the instance (use ip addr and ping <addr>)
Border Gateway Protocol (BGP)
A core routing protocol that bases routing decisions on the network path and rules.
Load Balancing
A method of dividing work among the devices on a network.
4 Requirements to use VPN
A peer VPN gateway in other side of tunnel. Peer VPN gateway must have a static external IP address. Non conflicting CIDR ranges on both networks. A shared secret must be provided to peer VPN gateway.
Kubernetes Engine: Service
Abstraction that contains a logical set of pods. Enables loose coupling of the pods and a service exposes pod IPs.
GCP: Verify VPN connection
Add firewall rules (for SSH and ICMP traffic for ping)> Create instances (under that net & wall) > SSH & Ping into two projects
GCE: Network tags
Adding tag to the network is useful as the same tag can be used to apply firewall rules.
What is GKE?
Advanced Cluster management, Easy cluster creation, Load Balancing, Auto scaling, Auto upgrades, Auto repair, Logging, monitoring.
GCE: Subnetwork
An IPv4 address is assigned to the instance from subnetwork's range which they can use to communicate with other instances.
Hussain wants to write AJAX-enabled web applications on Google Cloud. Which service should he use?
App Engine standard environment because it allows website templates to include JavaScript and write AJAX-enabled web applications.
GCP Dev Tools: Cloud Tasks
Asynchronously execute, dispatch, and deliver distributed tasks
Why GCP?
Availability, Experience, Pricing & Hosting, Multiple Options, Ease of Use, Big Data.
GCE: Images can be customized from...
Available public images & the persistent disk.
Cloud IAM Best Practices: Service Accounts
Belong to app/VM. used by app to call Google API/service so users aren't involved. Enable authentication and authorization (specific IAM roles).
What protocol(s) is(are) used when Cloud Router is enabled in Google Cloud?
BGP
Infrastructure - Physical level
Backbone network, Data Centers, Point of Presence, Edge Caching
VM instance configuration
Based on: zone, OS and app software. Processor, memory and storage. Network and security.
Identity Platform & Firebase Authentication: compare & contrast
Both support client and admin sdks. Identity Platform offers. Use firebase naming conventions for backwards compatibility.
Microservices Architecture
Break a monolithic application into independent components. Migrating microservices on Cloud (Google Kubernetes Engine) Platform.
GCP Dev Tools: Gradle App Engine Plugin
Build your App Engine projects using Gradle
GAE: Traffic Splitting
Can split traffic based on criteria: IP Address (app receives request and the source IP addy hash guides traffic to the right app version), Cookie (If the user is mobile, this is better), and random.
CSP
Cloud Service Provider
GCP: Network Security
Cloud Armor, SSL Policies
Which of the Cloud options allows frequent access?
Cloud BigTable
How to use GKE?
Cloud Code > Code Repository > Cloud Build > Container Registry > GKE > Use API or GC Console or CLI to create the cluster
GCP Benefits: Event driven or Scheduling of admin tasks
Cloud Functions (FaaS)
Instance group: Industry best practices
Combination of persistent disks and managed groups. Make use of instance template with start-up scripts. Use start-up and shutdown scripts. Use multi-region and multi-zone deployments. Use appropriate scaling conditions such as CPU usage, network throughput etc. Use Managed instance groups.
GCP Benefits: Flexible Machine types
Combinations of Processor and Memory to pay for what you need. Pre-emptible Virtual machines suitable for batch jobs and fault-tolerant workloads.
Creating Unmanaged Instance Group
Compute > Instance Group > Pick Managed or Unmanaged > Create
Creating managed Instance Group
Compute > Instance Template (necessary for same config) > Create > Compute > Instance Group > Managed Instance Group > Create
VPN architecture: Compute Engine Network > Internet > Peer (Remote) Network
Compute Engine VPN gateway (via VPN static IP) > VPN tunnel > (via peer IP) Peer gateway
What is Dedicated Interconnect?
Configure connection between Google and your on premises router at a colocation facility (expensive) or BGP session configured over Cloud Router and On Premises Router. 10+Gb/s speed connection
Cloud Interconnect
Connects your on-premise with GCP with 10 Gbps or 100Gb/s physical pipe.
Cloud VPN
Connects your on-premises/public cloud network securely over the internet via IPsec VPN and requires a bandwidth up-to 3 Gbps
GCP best practices: Compute Engine regions
Consider criteria for which regions to use for your Compute Engine resources
GCP Dev Tools: Cloud Build
Continuously build, test, and deploy containers, Java archives, and more using the Google Cloud infrastructure.
GCP Dev Tools: Tekton
Create CI/CD-style pipelines using Kubernetes-native building blocks
GCP: Create instance under VPN
Create Instance > Name > Zone (where the VPC and VPN are) > Allow HTTP & HTTPS traffic > Expand Management, disk... > Networking > Select VPC network (where instance will be launched)
GCP: Create VPM tunnel
Create VPN (Project 2) Remote peer IP address (Project 1) > Preshared Key (IKE) > Remote Network IP (Project 1) > Local Network IP (Project 2)
Google Compute Engine
Create configurable VMs hosted on Google's infrastructure. Provides flexible and re-sizable compute capacity as a service. Highly scalable and reliable VMs. Minimizes infrastructure cost.
GCP Benefits: Provision and Run custom VMs
Custom Images in GCP helps in creating pre-configured and reusable machine images.
Traditional Environment
Data Center: Expensive, Time Consuming Setup, Maintenance, Resource over/under utilization
GKE: Security
Data Encryption, Google Certified Images, Private Clusters, Identity & Access Management. Trusted Networking: Global VPC, Global Load Balancing, Cloud Armor, Network Policy. Software supply chain security: Binary Authorization, Vulnerability Scanning, Managed Base Image.
What is Nearline Storage?
Data not frequently accessed (once a month). 99% SLA. Ex: Back-ups and serving long-tail multimedia content. low cost ($0.01) per GB per month. High retrieval cost.
What is Coldline Storage?
Data not frequently accessed (once a year). 99% SLA. Ex: disaster recovery/ archived. Least expensive ($0.007) per GB per month. High retrieval cost.
Rajini wants to configure a new version to receive traffic, after testing it on App Engine, is it possible?
Deploy your new version and include the --no promote flag in the "gcloud app deploy" command. Ex: gcloud app deploy --no-promote
GCP best practices: Designing robust systems
Design systems using Compute Engine that can withstand disruptions
GCP Dev Tools: Tools for Visual Studio
Develop ASP.NET apps in Visual Studio on Google Cloud
GCP Dev Tools: Tools for Eclipse
Develop apps in the Eclipse IDE for Google Cloud
Google Cloud Load Balancing: Benefits
Distribute to multiple regions. Meet High Availability Req. Auto-scaling. Cloud Content Delivery Network (CDN).
Find Cloud/GCP Solution: Network, storage, compute etc need scaling and resources made global
Establish global infrastructure for scalability/Google Compute Engine
Cloud Solution to Business Concern: Reliability and Quality
Easy to achieve and automate measures: performance, quality and reliability.
Cloud Functions: How to from Projects
Enable Cloud Functions Api (APIs & Services) > Cloud Functions > Create > Functions to Execute (Optionally)> Test Function >
GCP best practices: Designing for scale on App Engine standard environment
Ensure that your App Engine apps will scale to high loads
Google VPN (Virtual Private Network)
Establish a fine-grained access and permission control over project resources in GCP. Can securely connect to the services running in multiple projects without being exposed to the public.
GCP best practices: design patterns for exporting Cloud Logging
Explore best practices for common logging export scenarios
GCP Dev Tools: Cloud Code
Extend your IDE with tools to write, debug, and deploy Kubernetes applications
GCE: External IP
External IPs are used to communicate with internet or services in other networks of Static and Ephemeral types.
GAE: Flexible Environment Use Case
Flexible: Applications run on Docker containers. Instance Start up in minutes. Modifiable run time (use whatever language base). Compute resource usage pricing.
GCP best practices: Building containers
Follow recommendations for making containers easier to build and run in GKE
Cloud IAM Best Practices: List One
Follow the principle of least privilege. Rotate service account keys. Manager user-managed service account keys. Don't check in service accounts keys to source code.
FaaS
Function as a Service (Severless service):
Access Network Intelligence Center
GCP > Network > Network Intelligence > Topology
GCP: Cloud Armor Set-up
GCP > Networking > Network Security > Security policies > Create (Configure/Add Rules/Add to targets) >
GCP: Create a VPN
GCP > Networking > VPN > Create/Select one > Reserve static IP Address
GCP: Edit Bucket Item permissions (ACLs)
GCP > Storage > Storage > Bucket > item > right click
GCP: Create a Bucket
GCP > Storage > Storage > Create Bucket > Define Storage Class (Multi-Regional, Regional, Nearline, Coldline) > Create
GCP: Add URL to uploaded item in Cloud Storage
GCP > Storage > Storage > item > permissions > Entity (User) > Name (allUsers) > Access (Reader)
GCP: Dedicated Interconnect Set-up
GCP Console > Hybrid Connectivity > Interconnect > Set up Connect > Create > Verification > Finish Set-up > Attach VLAN (associate cloud router) > Configure (add a BGP session
GCE: SSH Keys
GCP creates a default key-pair for the instance, however if you wish to generate and apply for an instance you can define it here.
How does GKE work?
GKE Zonal Container Cluster> Zonal Control Plane: Resource Controller, Api server, Storage & Scheduler. Nodes: Kublet, Pod (containing containers). Connected GCP Services: (ex) VPC Networking, Persistent Disk, Load Balancer, Cloud Monitoring.
GCE: Machine Types
General Purpose: General Servers, Websites, and Databases. Compute Optimized: High Performance Computing, Gaming, Electronic Design Automation, and Single Threaded Apps. Memory Optimized: Large in-memory databases, and in-memory analytics.
GCP Dev Tools: Firebase Crashlytics
Get clear actionable insight into app issues
Stackdriver Logging
Get visibility into the policy and rule matched and the action taken by the rule for each incoming request. (See if the policy worked)
SSL Policies
Give you the ability to control the feature of SSL that your SSL proxy or HTTPS load balancer negotiates with clients (both SSL and TLS protocols).
When your backends are distributed across multiple regions, users need access to the same applications and content, and you want to provide access by using a single anycast IP address. Which load balancing would be the better option?
Global Load Balancing
Infrastructure - Abstract level
Global, Region, Zone
Different types of load balancing
Global: HTTP(S) LB, SSL Proxy, TCP Proxy. Regional: Network LB, Internal L4 LB, Internal HTTP(S) LB
GCP Benefits: Traffic splitting between older and newer version for A/B testing
Google App Engine (GAE)
GCP Benefits: No provisioning or management after deployment
Google App Engine (GAE) (PaaS)
Types of IAM members
Google account, Service account, Google group, G Suite domain, Cloud Identity domain
GCP Benefits: Security
Google grade security (15 yrs exp). Ensured by experts in info, app, and network security. Compliance and certifications on SSAE16/ ISAE 3402 Type II, ISO 27001, ISO 27017 etc.
What is the best way to apply the principle of least privilege when granting access to Google Cloud Platform resources?
Grant restricted permissions at the at the top of the resource hierarchy. Then, for specific users, grant additional granular permissions as you go down the hierarchy.
GCP Cloud Storage Transfer Service: Data sources
HTTP/HTTPS location, Cloud storage bucket, Amazon Simple Storage Service (S3)
Kubernetes Engine: Replication Controller
Helps maintain high resiliency by managing the pods. Logical entity that creates and managing the pods. Can use a pod template and a replicas count variable. Commits health checks.
Cloud Solution to Business Concern: Scalability
Highly Scalable with low turn-around. No burden of resource scaling up or down.
Cloud Solution to Business Concern: Indeterminate Costs
Highly cost effective. Setup and maintenance is optimally mapped to budget restrictions.
GCP: Bucket Access Permission
IAM permissions grant bulk access to bucket objects. ACLs grant fine-grained control over objects. Signed URLs (query string authentication) grant time-limited access to bucket and objects. Signed Policy Document to specify upload characteristics to a bucket
Shared secret
IKE (Internet key exchange) is the protocol used to establish a shared secret used for VPN connection setup between two different network or regions.
IAM
Identity and Access Management
Harry wants to run an HTTP Cloud Function Which automatically re-deploys another HTTP Cloud Function stored on GitHub whenever a commit is pushed. How can he achieve this?
If you wish to deploy function source code from a source repository like GitHub, you can use Google Cloud Source Repositories to deploy functions directly from branches or tags in your inventory.
IaaS
Infrastructure as a Service: remote access to virtual cloud infrastructure. Control over OS choice on VM instances. Configure dev environment remotely. Ex: Elastic Compute Cloud (EC2) AWS.
GCP Benefits: Smarter infrastructure
Infrastructure is optimized with ML to provide a better environment for users
GCE: How to Deploy application
Install php and mysql on VM > Test the Apache and PHP > Deploy PHP app
GCP Benefits: Scale Infrastructure capacity automatically
Instance Groups in GCP helps to scale capacity through real time provisioning of virtual machines based on defined conditions.
Unmanaged Instance Groups
Instances are of dissimilar capacity. Can be added or removed. No AutoScaling, or support for rolling updates and instance templates.
GCE: Internal IP
Internal IP is automatically generated and assigned to an instance when created. It is unique to a virtual private network(VPN).
GCP Management Tools: Private Catalog (beta)
It helps in controlling internal enterprise solutions and to make them easily discoverable.
GCP Management Tools: Cloud APIs
It is used to manage Google Cloud resources programmatically.
GCP Management Tools: Cloud Shell
It is used to manage cloud resources using a command-line interface
GCP Management Tools: Cloud Console
It is used to manage cloud resources using a web-based console
GCP Management Tools: Cloud Deployment Manager
It is used to manage cloud resources using simple templates
GCP Management Tools: Cost management
It is used to monitor, control, and optimize your costs
Orbitera White-Label Marketplace
It will enable customers to find and purchase your solutions
Kubernetes Cluster High Level Architecture
Kubernetes master: Kube-controller-manager & etcd storage, Kube-apiserver, Kube-scheduler. Kubernetes Minions: kubelets, kube-proxies.
HTTP(S) Load Balancer
L7 Traffic, HTTP(S), Google Front End Servers
GCP best practices: Floating IP addresses
Learn alternatives to using floating IP addresses when migrating applications from on-premises to Compute Engine
GCP best practices: Enterprise Organization
Learn how to set up organizations, manage identities, configure networking, establish logging and more
GCP best practices: Optimizing application latency with load balancing
Learn how your choice of specific load balancer on Google Cloud affects end-to-end
Peering
Lets you connect to GCP either through direct mode or through carrier peering mode through which you can access GCP; saving the egress cloud spent
Hybrid Connectivity
Lets you connect your on-premises infrastructure with GCP. GCP Products: Cloud Interconnect, Cloud VPN, Peering.
GCP Benefits: Live Migration
Machines can be migrated (machine <> Google) even while running at loads up to 95%.
Cloud Functions is ideal for which use case?
Light-weight, event-driven, serverless, microservices
Traditional Environment Business Concerns
Limited Scalability. High Turnaround. Manual scaling impacts performance less effective. High maintenance overhead. Poor resource utilization.
GCP Benefits: General Parameters
Lower server, staff, and management costs. Faster response time for server set up. Decreased app failure rate and server downtime.
GCP Dev Tools: Cloud Source Repositories
Manage code and extend your Git workflow by connecting to Cloud Build, App Engine, Cloud Logging, Cloud Monitoring, Pub/Sub, and more
GCE: Use Cases
Migrate existing applications. Run windows apps bringing your own licenses or using the included license images.
What are the four storage classes?
Multi-Regional, Regional, Nearline, Coldline
GCP: Add SSH
Must add rule to firewall > Create Firewall rule > Name > Specify Network > Allow traffic on from all ports (0.0.0.0/0) > Specify tcp:22 (protocol & port)
GCP: Create VPN gateway
Name > Region > Create a static IP address (reserve)
GCP Dev Tools: Cloud Scheduler
Schedule batch jobs, big data jobs, and cloud infrastructure operations using a fully managed cron job service
What are the capabilities of Google Cloud Functions?
No servers to provision, manage, or upgrade. Automatically scale based on the load, Integrated monitoring, logging, and debugging capability.
GCP Benefits: Innovative pricing
No upfront cost. Pay-as-you-go. Sustained user discount(<= 30% for running much of billing month). Committed discount (<= 57%) for usage term of 1 or 3 years. Per second billing. No termination fees.
GCP best practices: Best practices for SQL Server
Optimize Compute Engine instances that run Microsoft SQL Server.
IAM Concepts: Hierarchy
Organization > [Folder]... >Project > Resource
Google App Engine
PaaS that fully manages the web applications at scale. App engine automatically handles the detail of capacity provisioning, monitoring and scaling on demand. users can select popular languages or import their own language container.
Which statement is true of persistent disks?
Persistent Disks are not physical disks, they are a virtual-networked service. Each persistent disk remains encrypted either with system-defined keys or with customer-supplied keys.
PaaS
Platform as a Service: Runtime, platform and Tools by CSP. No management effort. Less control over the infrastructure. Control over application code. Ex: Salesforce.com App Cloud, Google App Engine (GAE).
Cloud Armor
Pre-defined rules to protect against the web's most common attacks, Rich Rules Language, Visibility and monitoring, Logging, Preview mode, IP-based and geo-based access control
IAM Concepts: IAM Roles
Primitive: Viewer, Editor, Owner (Project Level) Predefined: Granular access to GCP resources. Custom: Allows a precise set of permissions (you have to manage the permissions).
What Cluster type do you use for High Availability?
Regional. Use Zonal when you need to rapidly create clusters and push upgrades.
GCP best practices: Transferring large datasets to Google Cloud
Review important considerations for planning and implementing a data transfer to Google Cloud
Kubernetes Engine
Run containerized applications (AI/ML, web apps, API, and backend), Open source cluster management system, Run apps in container cluster, Run Kubernetes on Google Cloud Infrastructure, Load-balancing, Node pools within cluster, Auto scale of cluster's node, auto-repair for node and Cloud Monitoring
GCP: Verify instance communication (via network)
SSH an instance (Instance 1) > use "ip addr" to get Remote IP Address > use "ping [Remote IP Address] to check connectivity (in Instance 2)
Managed Instance groups
Same instance template. AutoScaling and Load balancing. Zonal & Regional types.
What mechanism should you use to authenticate your applications when invoking Google APIs?
Service account
Create a Kubernetes Engine cluster
Set Default compute zone > Create a Kubernetes Engine cluster > Get authentication credentials > Deploying an application
Kubernetes Engine: Demonstration (Cluster Setup)
Set default compute zone > Create Kubernetes Engine Cluster > Get authentication credentials
Kubernetes Engine: Demonstration
Set default compute zone > Create Kubernetes Engine Cluster > Get authentication credentials > deploy application > Create Kubernetes service
Community Cloud Structure
Shared Infrastructure (according to guide). Collaborative effort. Multi-tenant. Community-driven governance.
Cloud Datastore
Shema-less, Fast and highly scalable, Fully managed, Integrated and secure (automatically encrypt and decrypt messages). Use Cases: integration point, User profiles and preferences, mobile games, Product catalogues, Recording transactions
Shielded VMs
Shielded VM's verifiable integrity is achieved through the use of Secure Boot, virtual trusted platform module or vTPM-enabled Measured Boot, and integrity monitoring
Private Cloud Structure
Single Tenant. Data location with CSP an on premise. Compliance & Regulatory requirements can change resource set up. Improved security.
SaaS
Software as a Service: App hosted on cloud platform for public use (browser access). No backend visibility. Subscription base. Ex: Microsoft 365, Google Apps.
GAE: Standard Environment Use Case
Standard: Applications run on Sand boxed environment. Suitable For sudden extreme spikes in traffic. Start up instances in seconds. Instance hour number pricing.
You can view the output from your console.log and console.error messages in which service?
Stackdriver Logging
GAE: Environments
Standard & Flexible
GCE: Static vs Ephemeral External IPs
Static: assigned to the project and remain attached to the stopped instance as well until released. Ephemeral: It remains attached to the VM until it is stopped or restarted.
GCP Dev Tools: Artifact Registry (beta)
Store, manage and secure container images and language packages
GCP Dev Tools: Container Registry
Store, manage and secure your Docker container images
Pull Subscription
Subscriber (uses cloud client libraries to retrieve messages) controls the rate of delivery. Enables batch delivery. When you need o process a large amount of data with high throughput.
handle message ordering for transactional data
Subscriber checks oldest unacknowledged message in Cloud Monitoring metrics.
Deployment Model: Hybrid Cloud
Suited: Cloud bursting, On demand, sensitive. Advantage: lowest TCO, High Performance, Rapid, High Customizable. Challenges: Portability, Migration Integration
Deployment Model: Private
Suited: Sensitive Data , Legal Compliance. Advantages: Security & control, Optimized Performance. Challenges: High cost of ownership, skillset
Deployment Model: Community Cloud
Suited: Universities, Hospitals. Advantages: Lowest TCO, Rapid Elasticity. Challenges: Complex IT governance, skill set
GCP Pricing Options
Sustained Use discount, Preemptible VM Instances, Per second Billing, Custom machine type
GCP Dev Tools: Firebase Test Lab
Test your mobile apps across a wide variety of devices and device configurations
Name some Cloud Vision API Capabilities.
The Vision API can categorize objects under labels and perform optical character recognition (OCR). The Vision API can detect landmarks, logos, faces, and explicit content.
the boot disk image
This image includes the boot loader, the operating system, the file system structure, any pre-configured software, and any other customizations.
Firebase Hosting
To host HTML JavaScript for websites
Firebase Remote config
To store key value pairs specified by the developers in order to change the behavioral properties of app without having to download an update of the app
Kubernete Traffic Flow
Traffic > Proxy > Service > Pods
GCP best practices: Using Cloud IAM and Cloud Billing in higher education
Understand important issues for setting up your institution's Google Cloud environment
GCP best practices: VM image management
Understand the best ways to create and manage Compute Engine VM.
Cloud IAM Best Practices: List Two
Use Cloud Audit Logging and export logs to Cloud Storage. Set organization-level IAM policies. Grant roles to a Google group when possible.
GCP Dev Tools: Tools for PowerShell
Use PowerShell to script, automate, and manage Windows workloads running on Google Cloud
GCP Benefits: Secure GCP resources within customizable network
Use Virtual Private Cloud(VPC) in GCP to create and manage all network resources centrally using fine-grained policies
Find Cloud/GCP Solution: Need effective high throughput and large data volume storage mechanisms
Use highly available and scalable cloud storage mechanism/Cloud Storage
Your company is planning to roll out a new version of their API. While they do, they need to ensure that the old version of API is also available till that time customers and testers try out the new API. So they want a mechanism to keep the same SSL and DNS records in place to serve both APIs. What should they do?
Use separate backend pools for each API path behind the load balancer
Kubernetes Engine: High Level Overview
User > Api > Kubernetes Cluster
GCP Benefits: Superior Load balancing capabilities
Uses Google services' load balancing platform. Easily scale from zero to 1 million requests/second, in seconds.
GKE: Why Kubernetes?
Way to orchestrate a large number of containers. Portable Extensible, Open Source Platform for managing containers.
GKE: Auto scaling
Work Loads: Horizontal Pod Autoscaler (HPA): More pods. Vertical Pod Autoscaler: Pod Size. Infrastructure: Cluster Autoscaler (CA): More Nodes. Node Auto-provisioning (NAP): Dynamically creating new node pools.
Rajesh wants to use the same deployment command for deploying multiple services of application on Google app Engine. How can He achieve this?
You can deploy multiple services, by either separately deploying each service's app.yaml or specifying multiple files with a single deploy command, as shown below
Region
a collection separate geographic area which has multiple isolated locations called zones
Cloud Pub/Sub processing and coupling
asynchronous (separate) loose coupling (don't need to be paired). used as a buffer for incoming data. Can fan out to multiple subscribers at once.
Identity Platform provides...
authentication as a service (with a federated login holding many common providers)
Cloud storage transfer service
can be used to quickly import online data into Google Cloud Storage. Data is transferred from online data source to data sink.
When is the static IP used in GCP?
configuring tunnel between two networks. Used when tunneling endpoints should be connected and configured in a static way.
Points of presence
data center locations delivering traffic faster to countries via the backbone.
IAM Concepts: Permissions
def: permissions represent what actions can be done on a resource. syntax: <service>.<resource>.<verb>
edge catching
edge caching platform on top of GCP network
Google Cloud Network Service Tiers (Cloud Atlas)
empowers customers to optimize their cloud network for performance or price (Premium & Standard)
GCP: Cloud load balancing
fully distributed, software-defined solution that balances user content to multiple backends to avoid congestion and ensure low latency.
Google Cloud Run
fully managed compute platform that automatically scales your stateless containers. It's serverless and only runs when there are requests.
Google Cloud Data transfer
highly scalable (can capture upto petabyte of data), secure (via encryption)
GCP: HTTP load balancing
incoming application requests can distributed across GCP instances. Instances can be included or removed from the load balancer. Provides a single end point for accessing the web application.
IOPS
input/output operations per second
GCP Dev Tools: Cloud SDK
install a command-line interface to script and manage Google Cloud products from your own computer
VPC
isolated private network within the Google cloud that provides network functionality for GCP resources. VPCs are configured under regions.
Tunnel
it is the interconnection of networks between VPCs and there can be 1:1, 1:n, n:n and n:1 connectivity. Tunnel can be established by sharing the remote network configuration details.
VPN gateway
it is the virtual gateway running in GCP. By attaching this, resources in VPC can get access to the network.
GCE: IP forwarding
it lets the instance route to the packets. You can set it on to enable forwarding.
A solution in cloud to auto provision instances based on pre-defined workload conditions
managed instance group
Instance groups
reduce management effort in managing multiple individual instances.
Define regions and zones in GCP
regions: geographical locations across the globe which are divided into zones (22 regions) zones: locations where data centers are built (2+ = region)
Google Environment friendly
100% Carbon neutral since 2007. Largest Private Investor in Wind & Solar energy, 50% less energy use than typical Data centers. First DC to receive ISO 14001 Cert
Subnet
A VPC network that's divided into subnetworks (called subnets). IP address ranges in CIDR notation and contained within a single region. firewall rules can help isolate portions of the subnet.
Anthos
A way to observe & manage (through monitoring & logging) policy enforcement, service management, container management, and infrastructure management.
Google Cloud Anthos
Anthos is an open hybrid and multi-cloud application platform allowing building, running securely, and modernization of applications; built on open source technoogies (kubernetes, Istio, and Knative) enabling consistency between on premise and cloud environments.
Reasons to use OAuth 2.0 to access resources on behalf of a user
App access user's BigQuery datasets. User authentication to create user projects.
Cloud IAM Best Practices: ADC
Application Default Credentials: checks for GOOGLE_APPLICATION_CREDENTIALS env var. Checks for default service accounts. Else error.
IAM Concepts: Policy
Attached to a resource and used to enforce access control. Consists of list bindings (bind a list of members to a role)
Hybrid Cloud Structure
Benefits of both private & public deployment models. Duplex (bock &forth between public & private). Control over sensitive assets private. Flexibility (can access public resources)
Cloud IAM Best Practices: External Keys
Can be used outside GCP but responsible for key rotation and security. Can be used to track API use for quota and billing (especially for non-backend server).
What Google API would you use to transcribe audio into text?
Cloud Speech API (Pre-Trained ML API)
What Google API would you use in an Expense Report application to extract text from images of receipts?
Cloud Vision API (Pre-Trained ML API)
Name the 4 Major components of the Google Cloud Platform.
Compute, Networking, Storage, and Database
IAP Precautions
Configure your firewall and load balancer against external traffic. Use signed headers or the App Engine standard environment Users API.
How do Social Media Platforms achieve?
Continuous Integration & Continuous Deployment. Microservices. DevOps. Global Deployment.
When a new employee joins your organization, HR needs to notify the security, facilities, and training teams so that those teams can perform their tasks related to new employees. You need to design an application architecture that notifies all teams promptly and reliably. Select the four steps that create the most effective design for this scenario.
Create a Cloud Pub/Sub topic called NewEmployee. Create an HRPublisher service that publishes messages to the NewEmployee topic. Create a separate subscription for security, facilities, and training. Create SecuritySubscriber, FacilitiesSubscriber, and TrainingSubscriber services that subscribe to messages in the NewEmployee topic.
Cloud IAM Best Practices: Creating a service account
Create the service account (via console) > Generate & download credentials file > set an env var. to provide credentials to app > authenticate in your code with default credentials.
VPN
Enables you to define a customizable network between
a persistent disk
Even though it's persistent, it's not physically attached to the machine. This separation of disk and compute allows the disk to survive if the VM terminates. You can also perform snapshots of these disks, which are incremental backups
Identify two ways of invoking Cloud Functions.
External systems can synchronously invoke functions as web hooks in response to events in those systems. Cloud Functions can also be triggered asynchronously in response to events in GCP services.
GCP: Create a VM
GCP Console > Compute Engine > VM Instances > Create Instance > Configure > Create (wait for green check) > Connect > SSH
What resources can you grant members access to using IAM?
GCP projects, Compute Engine instances, Cloud Storage buckets, Pub/Sub topics
How to make: VPC
GPC Console > Network > VPC network > Create VPC Network > Config > Create. You can also create Custom networks with subnets of specific ranges.
Why is Idempotency necessary?
Idempotency is important in APIs because a resource may be called multiple times if the network is interrupted. In this scenario, non-idempotent operations can cause significant unintended side-effects by creating additional resources or changing them unexpectedly.
IAP
Identity-Aware Proxy: Controls access to cloud applications (Google). Verifies user identity. Determines application access.
Cloud Benefits
Low initial investment & Pay for capacity used. User access management. Pay as you go. Easy deployment. Reliable, Scalable, Sustainable. Highly automated.
Preemptible VM
Lower Price (Up to 80%). May be terminated randomly. No charge if terminated in first minute. No live migrate; no auto restart.
Explain GCP Machine types
Machine types are categorized by: configurations ( storage, CPU, memory, network capacity, clock speed etc), families (nature of the data center workload), standard, high-memory, high-CPU, Shared-core machine types
Find Cloud/GCP Solution: Dedicated staffing for resource management need to be cut and resource monitoring dashboards for easy maintenance are to be implemented
Minimize assumptions on capacity planning and implement pay as you use model/ Google Cloud resources
Public Cloud Structure
Multitenant Infrastructure shared. Highly scalable. Resilient. No maintenance (done by service provider). Low cost.
Cloud Features
On demand self service. Anytime anywhere network access. Rapid elasticity(scalability). Location independent resource pooling. Measured service.
How are cloud services delivered?
Public: Service provider - over internet. Private: Enterprise - on/off premise. Community: Shared orgs - hosted outside. Hybrid: two or more of above.
Google Cloud Functions
Scalable pay-as-you-go FaaS to run your code with zero server management.
Find Cloud/GCP Solution: Instance connections need to be secure and less latency from endpoints
Secure connections are to be made with low latency for better user experience/ Cloud Virtual Network.
Push Subscription
Sends each message to the subscriber as a Http request to a pre-configured http endpoint. (push endpoint could be a load balancer or app engine app.) Can use Cloud Functions for serverless approach.
Your support database contains feeback data from customers. You want to analyze customer sentiment for the last quarter. What property and pre-trained machine learning API can you use to gauge customer sentiment?
Sentiment score and magnitude from Cloud Natural Language API
Deployment Model: Public
Suited: Variable Workload, Test & Dev. Advantages: Lowest TCO, fast deployment, rapid elasticity. Challenge: Data security, privacy
What are sustained use discounts?
That's correct! Sustained use discounts are automatic discounts that you get for running specific Compute Engine resources (vCPUs, memory, GPU devices) for a significant portion of the billing month. To take advantage of the full 30% discount, create your VM instances on the first day of the month, because discounts reset at the beginning of each month.
Sales data is published to a Cloud Pub/Sub topic called SalesTopic. The Finance application subscribes to the topic and begins receiving sales data messages. Later, the Inventory team creates another subscription to the topic to receive the Sales data as well. Howeverr, the Inventory team's data does not tally with the Finance team's data. What could the reason be?
The Inventory team's subscriber only receives messages that are published after the subscription was created.
Identify two ways to invoke the pre-trained machine learning APIs such as the Vision API or Natural Language API in your application?
Use the REST API. Use Cloud Client Libraries when available for production use.
Which statement is true of Virtual Machine Instances in Compute Engine?
VMs in Compute Engine are a collection of networked services. This includes disks (persistent disks) which are network-attached. In some cases the GCP VM behaves unlike hardware or other kinds of virtual machines, for example, when a multi-tenant virtual CPU ""bursts"", using excess capacity beyond the VM spec.
Your photo-sharing application requires user login. You don't want to build a custom user authentication system that stores usernames and passwords. What is the best way to authenticate your users?
You can leverage federated identity management by using Firebase authentication.
Your enterprise has an online expense reporting application. Employees must be able to access the application without having to log into the corporate VPN. How can you enable this type of access?
You can use Cloud Identity-Aware Proxy to provide application-level access.
Compute Engine is...
a computing and hosting service that lets you create and run virtual machines on Google infrastructure.
GCE: Root persistent disk
boot disk image contains a root file system and OS of two kinds Public image - default images accessed by all projects which are provided by Google. Custom image - user can create the image of existing root persistence disk for only in that specific project.
Define data center and backbone network with GCP
data center: environment friendly with cluster of efficient servers using for high end computational and backend storage. Backbone network: Google's global mesh network to interconnect data centers and deliver traffic
Cloud Pub/Sub: handling duplicate messages
ensure that messages contain identifying attributes that subscribers can use to perform idempotent operations
Cloud Pub/Sub
fully managed real-time messaging architecture. Delivers each message to every subscription at least once. Publisher > Topic > Subscription > Subscriber > Pull or push.
Peer VPN gateway
it is the gateway running in peer device to which connection needs to be established from cloud VPN. It refers to the other side of connection that can be a physical device running on your premises.
Cloud VPN gateway
it is the virtual component of VPN manage by GCP which allows communication between resources inside VPN and internet
examples of elimination dependencies on order
log info, online notification
Projects
the key organizer of infrastructure resources in GCP. A project associates objects and services with billing.