Professional Cloud Architect – Google Cloud Certification Guide: A Handy Guide to Designing, Developing, and Managing Enterprise-grade GCP Cloud Solutions
Table of Contents:
Preface 1
Section 1: Section 1: Introduction to GCP
Chapter 1: GCP Cloud Architect Professional 7
The benefits of being a certified architect 8
Registering for the exam 9
What to expect from the exam 14
Some tips 15
Summary 15
Further reading 15
Chapter 2: Getting Started with Google Cloud Platform 16
Introducing the cloud 17
Understanding GCP 18
GCP differentiators 20
GCP locations 21
Resource manager 23
Organizations 24
Folders 25
Projects 25
Resources scope 25
Global resources 26
Regional resources 26
Zonal resources 27
Managing projects 27
Granting permissions 30
Billing 31
Managing billing accounts 32
Assigning a project to a billing account 35
Exporting billing 37
Budgets and alerts 39
Billing account roles 40
Summary 41
Further reading 41
Chapter 3: Google Cloud Platform Core Services 42
Computing and hosting services 43
Storage services 45
Networking services 47
Big data services 49
ML services 50
Identity services 51
Summary 52
Further reading 52
Section 2: Section 2: Managing, Designing, and Planning a
Cloud Solution Architecture
Chapter 4: Working with Google Compute Engine 54
Code in Action 54
Deploying our first GCE instance 55
Deployment options 60
Region 61
Zone 61
Boot disk 62
Application images 63
Snapshots 63
Existing disks 65
Management | Labels 67
Management | Deletion protection 67
Management | Metadata 67
Management | Startup scripts 68
Management | Preemptibilty 69
Management | Availability policy 70
Management | Automatic restart 70
Security | Shielded VM 71
Disks | Deletion rule 71
Sole tenancy | Node affinity labels 72
GPUs and TPUs 75
Instance templates and instance groups 77
Setting the location 79
Port name mapping 80
Autoscaling 80
Autohealing 85
Quotas and limits 86
IAM roles 87
Pricing 88
Summary 90
Further reading 90
Chapter 5: Managing Kubernetes Clusters with Google Kubernetes
Engine 91
An introduction to microservices 92
Containers 93
Docker 94
Kubernetes 94
Kubernetes architecture 94
The master node 95
Worker nodes 96
Kubernetes objects 97
Pods 99
Replica sets 99
Deployments 100
Namespaces 101
Services 102
Types of services 103
Google Kubernetes Engine 107
Node pools 108
Container-Optimized OS 109
Storage 109
GKE cluster management 111
Creating a GKE cluster 111
Advanced configuration 116
Networking 118
Security 120
Stackdriver 121
Additional features 121
Deploying our first application 124
Cluster second-day operations 129
Upgrading the cluster 129
Auto-upgrades 130
Auto-repair 130
Resizing the cluster 131
Autoscaling a cluster 131
Rotating the master IP 132
IAM 132
Kubernetes role-based access control 133
Container Registry 133
Cloud Build 134
Quotas and limits 135
Pricing 135
Summary 135
Further reading 136
Chapter 6: Exploring Google App Engine as a Compute Option 137
Code in Action 138
App Engine components 138
Choosing the right location 139
Working with App Engine 140
Environment types 141
App Engine Standard environment 141
Flexible environment 141
Deploying an App Engine application 142
Versions 148
Splitting traffic 149
Migrating traffic 150
Firewall rules 151
Settings 152
Custom domain 152
SSL certificates 153
Scaling 153
Cron jobs 154
Memcache 155
IAM 156
Quotas and limits 157
Pricing 157
Summary 157
Further reading 158
Chapter 7: Running Serverless Functions with Google Cloud
Functions 159
Main Cloud Functions characteristics 160
Use cases 161
Application backends 161
Real-time data processing systems 161
Smart applications 162
Runtime environments 162
Types of Cloud Functions 163
HTTP functions 163
Background functions 164
Events 164
Triggers 165
Other considerations 165
Cloud SQL connectivity 165
Connecting to internal resources in a VPC network 165
Environmental variables 166
Cold start 166
Local emulator 166
Deploying Cloud Functions 166
Deploying Cloud Functions with the Google Cloud Console 167
Deploying functions with the gcloud command 172
Triggers 173
IAM 174
Quotas and limits 174
Pricing 175
Cloud Run 175
Summary 175
Further reading 176
Chapter 8: Networking Options in GCP 177
Exploring GCP networking 178
Understanding Virtual Private Cloud 179
Connectivity 181
Cost 182
VPC Flow Logs 183
Cross-VPC connectivity 183
Shared VPC 184
VPC peering 185
Choosing between shared VPC and VPC peering 186
Load balancing 186
Global versus regional load balancing 188
External versus internal 188
Proxy versus load balancer 188
Load balancer types 189
Comparison 190
Choosing the right load balancer 190
NAT 192
NAT gateway 192
Cloud NAT 193
Hybrid connectivity 193
VPN 193
Interconnects 194
Peering 194
Choosing the right connectivity method 194
DNS 196
DNS resolution 196
Cloud DNS 196
DNSSEC 197
Firewall rules 197
Default rules 198
Implied rules 199
Always allowed traffic rules 199
Always denied rules 200
User-defined rules 200
Firewall logging 200
Private access 201
Summary 201
Further reading 202
Chapter 9: Exploring Storage Options in GCP – Part 1 203
Code in Action 204
Choosing the right storage option 204
Data consistency 206
Understanding Cloud Storage 206
Storage classes 208
Data consistency 210
Cloud Storage FUSE 210
Creating and using a bucket 211
Versioning and lifecycle management 214
Versioning 215
Lifecycle management 216
Transferring data 219
Cloud Storage Transfer Service 220
Google Transfer Appliance 220
Understanding IAM 221
Quotas and limits 221
Pricing 222
Understanding Cloud Datastore 222
Data consistency 224
Creating and using Cloud Datastore 224
Datastore versus Firestore 229
IAM 230
Quotas and limits 230
Pricing 231
Understanding Cloud SQL 231
Data consistency 235
Creating and managing Cloud SQL 236
Read Replicas 241
Failover Replica 244
Backup and recovery 246
Migrating data 248
Instance cloning 248
IAM 249
Quotas and limits 250
Pricing 251
Summary 251
Further reading 252
Chapter 10: Exploring Storage Options in GCP – Part 2 253
Cloud Spanner 253
Instances configuration 254
Node count 255
Replication 255
TrueTime 256
Data consistency 256
Creating a Cloud Spanner instance 256
IAM 260
Quotas and limits 261
Pricing 262
Bigtable 262
Bigtable configuration 264
Instances 264
Clusters 265
Nodes 265
Schema 265
Replication 266
Application profiles 266
Data consistency 268
Creating a Bigtable instance and table 268
IAM 271
Quotas and limits 272
Pricing 272
Summary 273
Further reading 273
Chapter 11: Analyzing Big Data Options 274
End-to-end big data solution 274
Cloud Pub/Sub 275
Creating a topic and subscription 277
IAM 280
Quotas and limits 281
Pricing 281
Cloud Dataflow 281
IAM 285
Quotas and limits 286
Pricing 286
BigQuery 286
BigQuery features 286
Datasets 287
Tables 288
Using BigQuery 289
Importing and exporting data 293
Storage 295
IAM 296
Quotas and limits 297
Pricing 297
Dataproc 297
Architecture 298
IAM 300
Quotas and limits 300
Cloud IoT Core 301
IAM 302
Quotas and limits 302
Pricing 303
Additional considerations 303
Summary 304
Further reading 305
Chapter 12: Putting Machine Learning to Work 306
An introduction to AI and ML 307
The seven steps of ML 307
Gathering and preparing the data 308
Choosing a model 309
Training 309
Evaluation 310
Hyperparameter tuning 311
Prediction 311
Learning models 311
GCP ML options 313
TensorFlow 313
Cloud ML Engine 315
Using ML Engine 315
Interacting with ML Engine 316
ML Engine scale tiers 316
Cloud Tensor Processing Units (TPUs) 317
Submitting a training job 318
Deploying the model 319
Predictions 319
Submitting predictions 320
Pretrained ML models 320
The Cloud Speech-to-Text API 321
The Cloud Text-To-Speech API 321
The Cloud Translation API 321
The Cloud Natural Language API 321
The Cloud Vision API 326
The Google Cloud Video Intelligence API 330
Dialogflow 331
AutoML 332
Summary 334
Further reading 334
Section 3: Section 3: Designing for Security and Compliance
Chapter 13: Security and Compliance 336
Code in Action 336
Introduction to security 337
Cloud Identity 338
Resource Manager 341
Identity and Access Management (IAM) 343
Service accounts 349
Cloud Storage access management 353
Firewall rules and load balancers 354
Cloud Security Scanner 356
Monitoring and logging 358
Encryption 359
Data encryption keys versus key encryption keys 359
CMEKs versus CSEKs 359
Industry regulations 363
PCI compliance 363
Shared responsibility model 364
Data Loss Prevention (DLP) 365
Penetration testing in GCP 365
Additional security services 365
Cloud Identity-Aware Proxy (IAP) 365
Security Command Center (SCC) 366
Forseti 367
Cloud Armor 367
Summary 369
Further reading 369
Section 4: Section 4: Managing Implementation
Chapter 14: Google Cloud Management Options 371
Code in Action 372
Using APIs 372
Google Cloud Shell 376
The GCP SDK 378
gcloud 378
gsutil 381
bq 383
cbt 386
Cloud Deployment Manager 387
Pricing Calculator 399
Additional things to consider 401
Summary 402
Further reading 403
Section 5: Section 5: Ensuring Solution and Operations
Reliability
Chapter 15: Monitoring Your Infrastructure 405
Technical requirements 406
Introduction to Stackdriver 406
Cost 408
Configuring Stackdriver 408
Stackdriver Monitoring 411
Groups 412
Dashboards 413
Alerting policies 414
Uptime checks 416
Monitoring agents 417
Stackdriver Logging 417
Logs Viewer 418
Basic log filtering 418
Advanced filtering 420
Exporting logs 421
Logging agent 422
Log-based metrics 422
Cloud audit logs 423
ACTIVITY 425
Retention 426
APM 427
Trace 427
Debugger 427
Profiler 428
Error Reporting 428
Summary 429
Further reading 430
Section 6: Section 6: Exam Focus
Chapter 16: Case Studies 432
Understanding how to approach exam case studies 432
What are they looking for in the case studies? 433
Company overview 434
Solution concept 435
Business requirements 435
Technical requirements 436
Executive summary 437
Forming a solution 437
The analytics platform 438
The backend platform 439
Summary of Mountkirk 440
Additional case studies 440
TerramEarth 441
Analysis 444
Dress4Win 444
Analysis 448
Summary 448
Further reading 449
Chapter 17: Test Your Knowledge 450
Mock test 1 450
Mock test 2 455
Assessments 461
Other Books You May Enjoy 469
Index 472