Google Cloud Associate Cloud Engineer Certification and Implementation Guide E-Book

Google Cloud Associate Cloud Engineer Certification and Implementation Guide

Master the deployment, management, and monitoring of Google Cloud solutions

Agnieszka Koziorowska

Wojciech Marusiak

BIRMINGHAM—MUMBAI

Google Cloud Associate Cloud Engineer Certification and Implementation Guide

Copyright © 2023 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Group Product Manager: Preet Ahuja

Publishing Product Manager: Preet Ahuja

Content Development Editor: Sujata Tripathi

Technical Editor: Rajat Sharma

Copy Editor: Safis Editing

Project Coordinator: Prajakta Naik

Proofreader: Safis Editing

Indexer: Tejal Daruwale Soni

Production Designer: Prashant Ghare

Marketing Coordinator: Rohan Dobhal

First published: September 2023

Production reference: 1010923

Published by Packt Publishing Ltd.

Grosvenor House

11 St Paul’s Square

Birmingham

B3 1RB

ISBN 978-1-80323-271-3

www.packtpub.com

I am dedicating this book to the loving memory of my dad, Janusz Baum (1959-2022), who was a beloved electrical engineering teacher with a unique talent for explaining complicated concepts in a way his students could easily understand. Writing this book has given me solace by channeling my grief into something he always valued: sharing knowledge with others. I have come to appreciate just how difficult yet fulfilling it can be.

– Agnieszka

This book is dedicated to my beloved daughters – Emilia and Liliana, who will forever be the most important parts of my life, and to my wonderful wife, Ewelina. Without her support and encouragement, this book would have never existed.

I love you all.

– Wojciech

Contributors

About the authors

Agnieszka Koziorowska is an experienced systems engineer who has been in the IT industry for 15 years. She is dedicated to supporting enterprise customers in the EMEA region with their transition to the cloud and hybrid cloud infrastructure by designing and architecting solutions that meet both business and technical requirements. Agnieszka is highly skilled in AWS, Google Cloud, and VMware solutions and holds certifications as a specialist in all three platforms. She believes that although it can be challenging for individuals to keep up with ever-evolving technological advancements, by sharing our knowledge and expertise with one another, we can come up with innovative ideas and solutions that will greatly benefit the IT industry as a whole.

I want to say thank you to the people in the tech industry who helped me transition from an infrastructure engineer to a cloud architect. Your support meant a lot to me and helped me reach my goals.

Wojciech Marusiak, with over 16 years of experience in the IT industry, is a seasoned and innovative IT professional with a proven track record of success. Leveraging extensive work experience in large and complex enterprise environments, Wojciech brings valuable knowledge to help customers and businesses achieve their goals with precision, professionalism, and cost-effectiveness. Holding leading certifications from AWS, Alibaba Cloud, Google Cloud, VMware, and Microsoft, Wojciech is dedicated to continuous learning and sharing knowledge, staying abreast of the latest industry trends and developments.

About the reviewers

Marcelo Marques is a cloud engineer with over 10 years of experience in the technology industry. He specializes in cloud computing and has a wealth of knowledge and experience with large organizations in the technology, financial, manufacturing, and public sectors. Marcelo is driven by knowledge and is always looking to learn and grow. He has all the GCP certifications and is also pursuing knowledge of other cloud providers such as AWS and Azure. He is passionate about cloud computing and is always looking for new ways to use it to solve complex problems.

I would like to thank everyone who helped me in some way along my journey. I will mention a few names, but that doesn’t mean they are the only ones. Anderson “Vaka” Leite, Katuchi Iseki, Patrick Lynch, Tiago Algodas, Adelson Smania, and Leonardo Morales, thank you for all your support and help. As I always say, we keep rising.

Mona Mona currently works as an Artificial Intelligence/Machine Learning (AI/ML) specialist at Google Public Sector. She was a senior AI/ML specialist solutions architect at Amazon before joining Google. She earned her master’s in computer information systems from Georgia State University. She is a published author of the books Natural Language Processing with AWS AI Services and Google Cloud Certified Professional Machine Learning Study Guide. She has authored 19 blogs on AI/ML and cloud technology and was co-author of a research paper on CORD19 Neural Search, which won an award for Best Research Paper at the prestigious Association for the Advancement of Artificial Intelligence (AAAI) conference.

Table of Contents

Preface

Part 1: Overview of Google Cloud Platform and Associate Cloud Engineer Certification

1

Associate Cloud Engineer Certification Essentials

What you will learn

Exam registration

Account creation

Onsite exam

Online exam

Retake policy

Available languages

Certification tips

Additional certification resources

Summary

2

Google Cloud Platform Fundamentals

Why Google Cloud Platform?

Google 1 billion users experience

The history of Google Cloud

Google Cloud today

What makes Google Cloud different?

Choosing the right cloud solution

On-premises

Infrastructure as a service

Platform as a service

Software as a service

An overview of the core services offered by Google Cloud

Storage services

Networking services

Security and identity services

AI and ML services

Management interfaces and command-line tools

Google Cloud console

Cloud Shell

The gcloud CLI

Cloud APIs

Config Connector

Google Cloud Deployment Manager

Terraform

Service Catalog

Mobile applications

Summary

Questions

Answers

Part 2: Configuring and Implementing Google Cloud

3

Planning and Managing GCP Resources

Planning Google Cloud resources

Google Cloud setup checklist

Google Cloud’s best practices

Google Cloud blueprints

Planning compute resources

Planning database resources

Planning data storage options

Conclusion

Billing and budgets

Free trial

Google Cloud Free Tier

Billing

API management

Enabling an API

Quota management

Quota increase

Summary

Questions

Answers

4

Implementing Compute Solutions – Google Compute Engine

Computing options

GCE

GCE machine families

Creating GCE

GCE management

GCE storage

The GCE network

MIGs

Cloud logging and monitoring agents

Summary

Questions

Answers

5

Implementing Compute Solutions – Google Kubernetes Engine (Part 1)

GKE

Traditional versus virtualized versus container deployment

Traditional deployment

Virtualized deployment

Container deployment

GKE architecture

Kubernetes components

Google Kubernetes components

Storage in GKE

GKE Standard

GKE Autopilot

GKE management interfaces

Cloud Console

Cloud Shell

Cloud SDK

kubectl

Cluster management access configuration

GKE Standard deployment

Cloud Console

Command line

GKE Autopilot deployment

Cloud Console

Command line

Working with applications

Artifact Registry

Deploying applications

Deployment

ReplicaSet

StatefulSets

DaemonSet

Summary

Questions

Answers

6

Implementing Compute Solutions – Google Kubernetes Engine (Part 2)

Cluster operations

Viewing cluster resources

Adding clusters

Modifying clusters

Removing clusters

Node pool operations

Viewing node pools

Adding node pools

Modifying node pools

Deleting node pools

Pod management

Pod lifecycle

Pod deployment

Viewing Pods

Adding Pods

Modifying Pods

Removing Pods

Service management

Types of services

Viewing services

Adding services

Modifying services

Removing services

GKE logging and monitoring

Summary

Questions

Answers

7

Implementing Compute Solutions – Cloud Run, Cloud Functions, and Infrastructure as Code

Cloud Run

Cloud Run architecture

Cloud Run application deployment

Cloud Run application revisions

Cloud Run traffic management

Cloud Run Traffic autoscaling

Cloud Functions

Cloud Functions overview

Events and triggers

Cloud Functions versions

Google Cloud Functions example

Infrastructure as Code

Config Connector in Google Kubernetes Engine

Terraform

Cloud Foundation Toolkit

Marketplace solutions

Marketplace solution deployment

Summary

Questions

Answers

8

Configuring and Implementing Data Storage Solutions

Google’s object storage – Cloud Storage

Location types

Storage classes

Data lifecycle

Working with buckets and objects

Creating a bucket in practice

Block storage – local and persistent disks

File storage – Cloud Filestore

Creating a file share in practice

Databases

Relational databases

Non-relational databases (NoSQL)

Warehouse and analytics – BigQuery

In-memory datastore – Memorystore

Summary

Questions

Answers

9

Configuring and Implementing Networking Components

Virtual Private Cloud

Networking for Compute Engine VMs

Shared VPCs

VPC network peering

Hybrid networking

Cloud Router

High availability VPN

Interconnect

Securing cloud networks with firewall rules

Cloud DNS

Creating a zone in practice

DNS forwarding for hybrid environments

Network load balancing

Global external HTTP(S) load balancer

Global external TCP/SSL proxies

External network TCP/UDP load balancers

Internal TCP/UDP load balancing

Selecting a load balancer

Summary

Questions

Answers

Part 3: Data Analytics, Security, Operations, and Cost Estimation in Google Cloud

10

Data Processing Services in Google Cloud

Data processing services overview

Pub/Sub

Dataproc

Dataflow

Initializing and loading data into data products

Pub/Sub and Dataflow

Dataproc

Using Google Cloud APIs

Summary

Questions

Answers

11

Monitoring, Logging, and Estimating Costs in GCP

Cloud Monitoring

Creating Cloud Monitoring alerts based on resource metrics

Creating and ingesting Cloud Monitoring custom metrics

Custom metrics ingestion

Cloud Logging

Viewing and filtering logs in Cloud Logging

Viewing specific log message details in Cloud Logging

Configuring log routers

Configuring log sinks to export logs to external systems

Diagnostics

Using cloud diagnostics to research an application issue

Viewing Google Cloud status

Estimating costs with the Google Cloud Pricing Calculator

Summary

Questions

Answers

12

Implementing Identity and Security in Google Cloud

Creating a Cloud Identity

Users and groups

Identity and Access Management (IAM)

Building a resource hierarchy

IAM roles

IAM policies

Organization policies

Managing service accounts

Creating and granting permissions

Attaching service accounts to resources

Impersonating a service account

Short-lived service account credentials

Using Cloud Audit Logs

Summary

Questions

Answers

Mock Test 1

Questions

Answers

Mock Test 2

Questions

Answers

Index

Other Books You May Enjoy

Preface

Welcome to Google Cloud Associate Cloud Engineer Certification and Implementation Guide. This book is designed to help you prepare for the Google Cloud Associate Cloud Engineer (ACE) certification exam and teach you how to implement Google Cloud solutions in real life.

We both took the ACE exam, and we found it to be very hands-on and practical. There were a few theoretical questions, and all of the questions required us to have hands-on experience with Google Cloud. This made the exam very challenging, but it was also very rewarding.

We hope that you find this book helpful in your preparation for the ACE exam. We also hope that you find the knowledge that you learn in this book to be rewarding and useful in your work with Google Cloud.

We also know that you might be at the very beginning of your cloud journey or very experienced with the cloud. Therefore, we start with an overview of the technology and service first and then move on to practical implementation. This should give you confidence and experience with Google Cloud and prepare you well to face the ACE exam.

We hope you will enjoy reading the book as much as we enjoyed writing it for you while exploring and having fun with Google Cloud services.

You can connect with us, as well as other like-minded professionals, on this Slack channel – bit.ly/ace-gcp-book-slack.

Who this book is for

Google Cloud Platform Associate Cloud Engineer Certification and Implementation Guide is intended for individuals preparing for the ACE certification. It can be used by IT system administrators, DevOps personnel, or cloud architects as it covers all Google Cloud Platform topics. The book is ideal for those who want to start working with Google Cloud, gain practical knowledge, and pass the certification.

This guide is a great opportunity for those who are looking for their first technical certification in Google Cloud. It’s a comprehensive guide that covers all Google Cloud Platform topics and daily activities. With this book, individuals can gain practical knowledge, get started with Google Cloud, and successfully pass the certification exam.

What this book covers

Chapter 1, Associate Cloud Engineer Certification Essentials, will help you gain a deep comprehension of the ACE certification and what is involved in the exam. We will provide you with essential details, including exam objectives, registration procedures, and useful insights for obtaining certification.

Chapter 2, Google Cloud Platform Fundamentals, discusses Google Cloud’s market position, core services, unique solutions, management interfaces, and command-line tools. Additionally, we will explain the advantages of using public cloud computing over traditional on-premises solutions.

Chapter 3, Planning and Managing GCP Resources, provides an overview of Google’s Cloud Computing Services, including how to plan your resource hierarchy, manage users, assign roles and identities, and utilize organizational policies. You will also learn about billing and how to create and manage budgets. Finally, the chapter concludes with a discussion on API management.

Chapter 4, Implementing Compute Solutions, aims to provide a comprehensive understanding of Google’s computing options and guide readers on when to use specific services. By giving an overview of compute solutions, we hope to equip readers with the necessary skills to implement them using different deployment options such as the Google Cloud console, command-line tools, and Infrastructure as Code.

Chapter 5, Implementing Compute Solutions – Google Kubernetes Engine – Part 1, aims to help you understand the containerized compute deployment option – Google Kubernetes Engine. We will delve into the architecture of Kubernetes and Google Kubernetes Engine, explore various application deployment methods, and discuss the different types of deployment available on Google Kubernetes Engine

Chapter 6, Implementing Compute Solutions – Google Kubernetes Engine – Part 2, provides an understanding of different operational tasks in Google Kubernetes Engine, such as managing clusters and node pools, as well as the Pod life cycle. Additionally, we will explore how to deploy applications on Google Kubernetes Engine and how users can access them via the available networking services.

Chapter 7, Implementing Compute Solutions – Cloud Run, Cloud Functions, and Infrastructure as Code, discusses the remaining part of Google’s Cloud Computing services. Our focus will be on Google Cloud Run and Google Cloud Functions, their distinct features, and the appropriate scenarios for their usage. We will also guide you on deploying these options using the web interface or command-line tools. Additionally, we’ll provide insights on Infrastructure as Code and how to leverage available solutions on the Google Cloud Marketplace.

Chapter 8, Configuring and Implementing Storage Solutions, discusses the various ways to store data in Google Cloud. Google Cloud offers fully managed storage and database services that cater to different application requirements. Each section will focus on a different storage type, its features, security measures, and availability. We will also examine the use cases for each category. It is important to design a storage and database strategy for cloud workloads to ensure that every application performs well, is resilient, and has a quick response time.

Chapter 9, Configuring and Implementing Networking Components, explains why it is important to understand how Google Cloud’s network services portfolio can be utilized to construct dependable and secure architectures. In this chapter, we will guide you on how to configure network services for your workloads in Google Cloud. We’ll cover important topics such as Virtual Private Cloud (VPC), connecting to VPC from an on-premises location, securing VPC with firewall services, the DNS service in Google Cloud, and which network load balancers to choose for different workload types.

Chapter 10, Data Processing Services in Google Cloud, talks about data processing in today’s world where data is as valuable as oil. However, it is often scattered and difficult to understand. In this chapter, readers will learn how to use Google Cloud Data Analytics products to efficiently extract and manipulate data. This knowledge and skills will help them derive meaningful insights from it.

Chapter 11, Monitoring, Logging, and Estimating Cost, discusses the Google Cloud Operations Suite, which offers various tools such as Cloud Monitoring for monitoring the health of your applications and Google Cloud services, Cloud Logging for real-time log management, and diagnostic tools to enhance your service’s performance while reducing costs and latency. Furthermore, we will also go over cost estimation in Google Cloud.

Chapter 12, Implementing Identity and Security in Google Cloud, aims to give you a better understanding of identity and access in Google Cloud. Our focus here is on preventing unauthorized access and keeping track of user actions on Google Cloud resources to enhance security. In this chapter, we’ll cover key areas such as establishing a Cloud Identity for an organization, granting access to Google Cloud resources, handling service accounts, and utilizing Cloud Audit Logs for security and compliance purposes.

Mock Test 1

Mock Test 2

To get the most out of this book

To fully maximize the benefits of this book and engage with its content effectively, there are a few key requirements that users should have. The primary essentials are a web browser and a supported operating system. Here’s what you need:

By having a compatible web browser and supported operating system at your disposal, you will be well equipped to navigate through the various concepts, tools, and resources presented in this book, enabling you to make the most out of your learning experience.

Software/hardware covered in the book

Operating system requirements

Google Cloud SDK

Windows, macOS, or Linux

Download the example code files

You can view the answer explanations for the mock tests on the GitHub repository of this book at https://github.com/PacktPublishing/Google-Cloud-Associate-Cloud-Engineer-Certification-and-Implementation-Guide. If there’s an update to the material, it will be updated in the GitHub repository.

We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!

Conventions used

There are a number of text conventions used throughout this book.

Code in text: Indicates code words in text, resource name, folder names, filenames, file extensions, pathnames, dummy URLs, or user input.

Here is an example: “As described in the Kubernetes components section, we interact with clusters using a YAML file called kubeconfig in the $HOME/.kube/config directory.”

A block of code is set as follows:

When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:

Any command-line input or output is written as follows:

Bold: Indicates a new term, an important word, or words that you see onscreen. For instance, words in menus or dialog boxes appear in bold. Here is an example: “ You can check your Google Cloud expenditure and remaining days in Billing Account Overview.”

Tips or important notes

Appear like this.

Get in touch

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, email us at [email protected] and mention the book title in the subject of your message.

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata and fill in the form.

Piracy: If you come across any illegal copies of our works in any form on the internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Share Your Thoughts

Once you’ve read Google Cloud Associate Cloud Engineer Certification and Implementation Guide, we’d love to hear your thoughts! Please click here to go straight to the Amazon review page for this book and share your feedback.

Your review is important to us and the tech community and will help us make sure we’re delivering excellent quality content.

Download a free PDF copy of this book

Thanks for purchasing this book!

Do you like to read on the go but are unable to carry your print books everywhere? Is your eBook purchase not compatible with the device of your choice?

Don’t worry, now with every Packt book you get a DRM-free PDF version of that book at no cost.

Read anywhere, any place, on any device. Search, copy, and paste code from your favorite technical books directly into your application.

The perks don’t stop there, you can get exclusive access to discounts, newsletters, and great free content in your inbox daily

Follow these simple steps to get the benefits:

https://packt.link/free-ebook/978-1-80323-271-3

Part 1:Overview of Google Cloud Platform and Associate Cloud Engineer Certification

The first part of the book is dedicated to the Associate Cloud Engineer certification itself. In the upcoming chapters, we will focus on the exam details and registration process. We will then cover the Google Cloud Platform fundamentals, its building blocks, its position in the market, and how Google Cloud compares to on-premises data centers.

This part of the book comprises the following chapters:

1

Associate Cloud Engineer Certification Essentials

This book’s first chapter will focus on the Associate Cloud Engineer Certification exam. We will focus on the registration process, resources outside of the book, passing the exam, and additional certification resources.

There are many places outside of the book to learn about Google Cloud. Some of them are more useful than others based on our experience, so we will share them with you here.

In this chapter, we’re going to cover the following main topics:

What you will learn

Google Cloud has a comprehensive portfolio of certifications. On the https://cloud.google.com/certification website, Associate Cloud Engineer (ACE) is one of the first certifications suited for people who would like to validate their knowledge and skills of Google Cloud. This chapter will guide you through the registration process, provide helpful certification resources, and offer certification tips.

Exam registration

Google Cloud uses an external company, Kryterion, to proctor exams. Using the https://webassessor.com/googlecloud website, we will create an account required to take an exam. Kryterion allows taking the Associate Cloud Engineer exam onsite and online.

Account creation

Regardless of where and how the exam will be taken, account creation is necessary. To register, you will require just an email address.

Once you are ready to create an account, visit https://www.webassessor.com/wa.do?page=createAccount&branding=GOOGLE and provide all the necessary details.

Onsite exam

During an onsite exam, the candidate needs to present two different forms of identification. At least one of the documents must be a government-issued ID with a photograph.

The following documents can be used as primary identification:

The following documents can be used as secondary identification:

Those requirements might change over time, so it is essential to double-check the provider’s website before the exam.

To find the nearest test center, you can use this link: https://www.kryteriononline.com/locate-test-center.

Online exam

For those who prefer an online certification, Kryterion allows them to do this. One of the main requirements is to install software that Kryterion secures. We have a critical hint from our online exam taking. Please use your personal laptop and not a business one. The main reason is that some additional security software might be installed on many business laptops, and you might not be able to run Kryterion software at all.

Before the exam, installing the software and testing whether it will run is recommended. This allows you to save some time and reduce stress.

System readiness check

A system readiness checker can be found at the following link: https://www.kryteriononline.com/systemcheck/. It tests your operating system, microphone, webcam, and Internet speed. Once everything is checked, it informs you about possible problems.

Figure 1.1 – Kryterion System Readiness Check

Once the test is performed and you click Next, you will see the web page displaying a Congratulations! message:

Figure 1.2 – Successful pass of the system readiness check

This confirms that your device is ready to be used during the exam, and you shouldn’t face any issues.

If your test wasn’t successful, or you faced some issues, you can check the minimum system requirements, which can help you narrow down the issue.

System requirements

Your computer needs to fulfill the following requirements before you run Sentinel Secure, the Kryterion software:

System Requirements for OLP Exams

Windows

Mac

Hardware

Minimum 50 MB available space

Minimum 50 MB available space

Screen Resolution

1024 x 768 or greater

1024 x 768 or greater

Webcam and Mic

Internal or external USB

Internal or external USB

Internet Access

Recommended minimum of 1.0 Mbps upload / 1.0 Mbps download (ping must be below 200 ms)

Recommended minimum of 1.0 Mbps upload / 1.0 Mbps download (ping must be below 200 ms)

Operating System

Windows 8.1 or 10

(Touch screens require the use of a mouse and keyboard)

OS X

10.13 High Sierra

10.14 Mojave

10.15 Catalina

11.1 Big Sur

Browser

The latest version of Google Chrome or Firefox

The latest version of Safari, Google Chrome, or Firefox

Additional Considerations

Local Administrator rights

You must disable all software that might interfere with your online proctored exam. This includes, but is not limited to, pop-up blockers, antivirus software, firewalls, VMware/Bootcamp, Skype, Photobooth, and TeamViewer.

On Windows 10 systems, you can disable active applications in the Task Manager | Startup tab. Right-click the item and select Disable from the local menu.

Local Administrator rights

You must disable all software that might interfere with your online proctored exam. This includes, but is not limited to, pop-up blockers, antivirus software, firewalls, VMware/Bootcamp, Skype, Photobooth, and TeamViewer.

Chromebooks are not supported at this time.

Table 1.1

The requirements mentioned in the preceding table can be found here: https://www.webassessor.com/wa.do?page=certInfo&branding=GOOGLECLOUD&tabs=13#OLPSysReqs.

Installation process

Kryterion provides a detailed installation guide for Windows and macOS operating systems which can be found here: https://kryterion.force.com/support/s/article/Installing-Sentinel-Secure?language=en_US.

Test-taker checklist

Once you have checked and prepared your computer, review the following requirements about the place in which you will take the exam and its surroundings, as follows:

As you see, those requirements are quite strict and must be adhered to. Otherwise, your exam might be stopped and graded as failed.

Retake policy

Google clearly states what happens if you do not pass the exam (if you read this book carefully, you most certainly won’t fail), and it is valid across all Google Cloud exams.

After the first failure, you must wait 14 days; after the second failure, you must wait 60 days, and 365 days after the third failure before retaking the exam.

The retake policy is valid for both onsite and online Google Cloud exams.

Available languages

As of writing this book, the Associate Cloud Engineer certification is only available in English.

In the next section, we’ll look at some helpful tips to follow while taking the exam.

Certification tips

In our professional career, we have cleared a lot of certification exams, and so, we have some useful tips that may come in handy for you. We are listing some essential certification tips as follows:

We are sure that these tips will help you to get the best possible certification score.

Additional certification resources

Apart from this book, we recommend several resources that might help you prepare better. Some of them are free, and some of them must be paid for:

Summary

In this chapter, we covered how to create an account to register for the exam. We covered onsite and online exam requirements. In addition to that, we shared some certification tips and provided you with some extra certification resources.

In the next chapter, we will focus on Google Cloud itself, its position in the market, its core, and its unique services. We will briefly list some public cloud benefits compared to on-premises.

2

Google Cloud Platform Fundamentals

This second chapter will focus on Google Cloud Platform fundamentals. We will describe all the core layers of Google Cloud, how they relate to each other, and their core components. We will find out the benefits of each Google Cloud layer and learn when to use them. We are going to cover the following main topics:

Why Google Cloud Platform?

Google and Google Cloud are well-known and established parts of the leading company Alphabet. You must have used Google’s products such as Gmail, YouTube, or the Google search engine at some point in time. But have you ever used Google Cloud Platform? You might be asking yourself the following questions:

We asked ourselves these questions as well, not only before studying for the certification but to also think about whether or not it is worth spending the time to be a Google Cloud expert.

Google 1 billion users experience

We mentioned Gmail, YouTube, and the Google search engine, Google Chrome, as some of the products that Google invented and that are used daily around the world. You might ask yourself why.

Google as a technological company faced tremendous growth and many challenges along the road. During this growth, Google engineers and Google products evolved, fixed many problems never tackled by anyone else, and constantly improved their products.

In 2004, Google invented the MapReduce programming model, which was inspired by Apache MapReduce and the Hadoop Distributed File System (HDFS) filesystem. The Bigtable NoSQL database in 2006 inspired Apache HBase and Cassandra, as some of the best-known open source projects that were modeled after Bigtable. The Borg cluster controller in 2015, with the Omega scheduler, was announced in 2016, which became the open source project well known as Kubernetes.

To learn more about Google Cloud and its contribution to open source projects, you can visit the following link: https://cloud.google.com/open-cloud.

The history of Google Cloud

Monday, April 7, 2008, was the day when Google announced the preview release of Google App Engine, and this date is considered the beginning of Google Cloud. App Engine was a tool used to easily run their web applications on Google-grade infrastructure. Service became generally available in November 2011.

Google Cloud today

At the time of writing in April 2023, Google Cloud is currently available in 37 regions, with a total of 112 separate zones and 176 network edge locations, and it operates in 200+ countries and territories.

By the time you read this book, Google Cloud will have expanded into other regions. You can visit the following URL to check where it operates at a given time: https://cloud.google.com/about/locations

As a global cloud provider, Google Cloud ensures to locate the resources closest to its users and their businesses. Google Cloud is heavily investing in its global presence and its expansion plans into new regions confirm this. At the time of writing, Google Cloud offers at a minimum the following products at launch:

Other Google Cloud products will continue to evolve based on the demand from customers.

In the following figure (the original image can be found here: https://cloud.google.com/images/locations/regions.png), we can see Google Cloud’s global presence, including the existing and planned regions for 2023. It is worth mentioning that Google Cloud splits each region into three separate zones:

Figure 2.1 – Google Cloud regions across the world

Regions are just part of the Google Cloud presence. All regions are connected with each other via global networks and Content Delivery Network (CDN) points of presence.

Figure 2.2 – Google Cloud Edge points of presence across the world

To view current Google Cloud locations, visit the website https://cloud.google.com/about/locations.

What makes Google Cloud different?

There is no right answer to this question because every customer and business is different and has different requirements. We have gathered differentiators that might be the most common ones. Let’s have a look at them:

Recently, Google Cloud released carbon footprint tools, which allow customers to choose virtual machines (VMs) with low CO2 emissions, resulting in a lower carbon footprint.

In the following figure, we have an excellent example of this commitment. When creating a GCE VM, users can choose the Google Cloud region with the lowest CO2 consumption:

Figure 2.3 – The creation of the VM with a selection of regions with a low CO2 footprint

Google provides cloud sustainability reports at the following website: https://cloud.google.com/sustainability

This website is a great resource for anyone who would like to learn more about what Google did in the past to work toward carbon neutrality, and how Google wants all their data centers to be carbon free by 2030.

Choosing the right cloud solution

To have a better understanding of which cloud solution might suit your requirements, we have created a diagram with an overview of services and their corresponding customer and provider responsibilities:

Figure 2.4 – An on-premises versus IaaS versus PaaS versus SaaS comparison

Let’s dig into the four different types of resource consumption with varied usage and responsibilities.

On-premises

On-premises service usage is the classical deployment and management of resources. The whole responsibility lies with the data center or service owner at all layers – the OS, storage, data, and applications. You must ensure service availability, provision resources, and manage them. In addition, you are responsible for any maintenance activities, and you must plan well in advance, for not only the purchase but also the capacity of the infrastructure.

Infrastructure as a service

Now, we move to the Infrastructure as a Service (IaaS) cloud consumption model where the cloud provider is responsible for hardware – the servers, storage, networking, security, availability, cooling, electricity, and infrastructure capacity. By offloading this to the cloud provider, customers have already gained some advantages in comparison with on-premises services. Customers can focus on delivering the applications and managing resources while still having full access to the OS, applications, and data.

Some of Google Cloud’s IaaS services are as follows:

The preceding list is not comprehensive and we will discuss IaaS services in further detail in upcoming chapters.

Platform as a service

The layer above IaaS is Platform as a Service (PaaS). Customers who are using the PaaS model benefit from all services that are included in the IaaS model. However, in contrast to IaaS, they no longer need to patch OSs or update SQL databases.

What they need to take care of is planning the deployment type (whether using a single database or a replicated one), in which region to deploy Cloud SQL, and how to design their database schema. The cloud provider takes care of patching, building the database, and making it highly available. On-premises deployments of such a service might take a massive amount of time, consume countless hours, involve many teams, and most importantly, consume a huge amount of funds.

Some of Google Cloud’s PaaS services are as follows:

The preceding list is not comprehensive and we will discuss the PaaS service in further detail in upcoming chapters.

Software as a service

The final cloud consumption model is Software as a Service (SaaS). It is a way of delivering without installing and maintaining any software, and there is no need to patch OSs or applications. We focus solely on software consumption and usage. One great analogy of SaaS is by thinking of a bank that takes care of simply providing access to us as customers. How a bank is doing it is irrelevant to us – we simply consume bank services.

If we go back to cloud services, IaaS and PaaS are managed by a cloud provider, and we simply focus on consuming services or applications.

Some of Google Cloud’s SaaS services are as follows:

The preceding list is not comprehensive and we will discuss SaaS in further detail in upcoming chapters.

We have covered all the types of cloud services consumption and compared them to traditional on-premises service consumption. Each type of cloud consumption has different layers and responsibilities divided between cloud users and cloud providers. This will allow you to choose the best solution based on your requirements and needs.

An overview of the core services offered by Google Cloud

Google Cloud offers more than 100 products to their customers. It is very hard to list all these products and it doesn’t bring much value to our Associate Cloud Engineer certification journey. Therefore, we have decided to list the core services from computing, storage, networking, security, and AI and ML.

A full list of Google Cloud products can be accessed by visiting the following web page: https://cloud.google.com/products

Compute services

We start with a list of core compute services:

The preceding list is very comprehensive and not all products are relevant to the Associate Cloud Engineer certification.

Storage services

We have listed the core storage services that complement compute services from Google Cloud as follows. Very often, both services are used together, but some products such as Cloud Storage can be consumed separately:

The most popular storage services are Cloud Storage and Persistent Disk. We will focus on them in the upcoming chapters of the book.

Networking services

Another set of services that are used daily in Google Cloud are networking services, from Cloud CDN or DNS to a core service, which is VPC:

Network services from Google Cloud are unique in the market and are one of its key differentiators.

Security and identity services

Security and identity services are another set of services from Google Cloud that are crucial to every customer. The most important ones are listed as follows:

Google Cloud offers a comprehensive set of services with a core focus on security based on many years of experience and its customers’ requirements.

AI and ML services

We’ll finish detailing the core services by listing AI and ML services. This list includes the newly released Vertex AI platform, which combines many AI capabilities into one product:

Google Cloud is well known for its advanced and best-on-the-market AI and ML products. Although Associate Cloud Engineer focuses more on computing, storage, networking, and security, it is still worth mentioning the best products on the market.

Management interfaces and command-line tools

There is no one right or wrong way to use Google Cloud services. Every customer or company has a different way of using Google Cloud and all of them are good. Developers use the cloud via API calls or code execution and security officers might simply use the Google Cloud console from the browser.

In the following sections, we’ve described all the interfaces that can be used to manage and use Google Cloud.

Google Cloud console

For most users, the Google Cloud console will be the primary tool that they use to interact with Google Cloud. It uses a modern interface, with the possibility to customize the dashboard, allowing users to pin services and organize them for ease of use. The following figure shows a typical Google Cloud console. The Cloud console can be configured according to your requirements and what you want to see there. To do it, use the drag-and-drop functionality on the widgets:

Figure 2.5 – The Google Cloud console main screen

Typically, it can be accessed from computers as well as mobile devices.

Cloud Shell

Cloud Shell is a Linux shell provided for every Google Cloud user. It has a set of pre-installed development tools such as the gcloud CLI, kubectl, Terraform, and Git. Users can access it directly from the browser and it provides 5 GB of Persistent Disk storage.

Figure 2.6 – The Cloud Shell main screen

Cloud Shell is the ideal solution for users who don’t want to use a locally configured command-line interface or who want to always use the same pre-configured terminal, which is ready in afew seconds.

The gcloud CLI

The gcloud CLI is a set of command-line tools for managing Google Cloud resources. With the gcloud CLI, you can perform all the actions that can be done in the browser-based Google Cloud console. The gcloud CLI can be installed on many OSs, including the following:

In Figure 2.7, you will find the Google Cloud SDK installed on Windows. Although it might look different on your OS, the functionality is the same:

igure 2.7 – The gcloud CLI installed on Windows 10

To review the installation instructions, visit the following link: https://cloud.google.com/sdk/docs/install-sdk#installing_the_latest_version.

Cloud APIs

Cloud APIs allow users to interact with Google Cloud directly from your code. Cloud APIs provide a similar functionality to Cloud SDKs and the Google Cloud console. Integrating Cloud APIs with REST calls or client libraries is possible in many popular programming languages. For example, GCE can be accessed from client libraries written in C#, Go, Java, Node.js, PHP, Python, and Ruby.

The following is a JSON-formatted example of a GCE API with an IP address:

igure 2.8 – A sample representation of an IP address resource in the JSON-formatted GCE API

Google Cloud API resources can have different descriptions and use many different values.

Config Connector

For those who are familiar with Kubernetes and would like to manage Google Cloud resources the Kubernetes way, Google Cloud offers the Config Connector tool. It is very similar to managing Kubernetes resources in the YAML format. Config Connector provides a collection of Kubernetes CustomResourceDefinitions (CRDs) and controllers, which eventually reconcile your environment with your desired state:

igure 2.9 – A sample configuration file in YAML format in Config Connector

The preceding figure shows the Config Connector configuration file that is required for its initial usage.

Google Cloud Deployment Manager

Google Cloud Deployment Manager is a deployment service that allows automation and Google Cloud resource management. It uses the concept of a configuration file with YAML-based syntax that can import one or more template files used during the deployment. Templates can be written in Jinja or Python.

Figure 2.10 – A sample configuration file in YAML format in Deployment Manager

You can visit the Google Cloud GitHub repository to find more examples in Jinja and Python: https://github.com/GoogleCloudPlatform/deploymentmanager-samples

Deployment Manager can only be used to deploy Google Cloud resources.

Terraform

Terraform is an Infrastructureas Code (IaC) software tool created by HashiCorp. Terraform use its own declarative language, HashiCorp Configuration Language (HCL), or JSON.

Terraform abstracts underlying resources with its own programming language and allows users to focus on deployment, rather than learning each deployment target-specific language. In simple words, if you learn how to use HCL, you no longer need to learn how to deploy specific cloud provider features and you use the necessary Terraform provider. The following is a sample code part written in HCL, which describes a Cloud SQL instance deployment:

Figure 2.11 – Terraform sample configuration code describing a Cloud SQL instance deployment

Similar to Cloud APIs, Terraform’s IaC approach allows for the use of software-deployment-like techniques with infrastructure.

Service Catalog

Service Catalog is a product intended for cloud administrators who manage Google Cloud organizations where control distribution, internal compliance, and solution discoverability are needed.

It allows us to curate available products in Service Catalog and allows easy resource visibility and deployment at the organization, folder, and project levels. It is a go-to tool for ensuring internal compliance and governance.

The following figure shows the creation of a link-based solution:

Figure 2.12 – A sample configuration of Service Catalog

Once a solution is created, it will appear in the Solutions table.

Mobile applications

Google Cloud offers mobile applications for both Android and iOS, which give users the ability to monitor and make changes to Google Cloud resources. You can manage resources such as projects, billing, an App Engine app, or GCE VMs.

You can use the following features:

With all the features provided in the mobile application, you can view your most important resources from your smartphone as well.

The following figure shows multiple sections that can be viewed in the application, such as the dashboard, resources overview, billing, and monitoring:

Figure 2.13 – An overview of the mobile application

Mobile applications can be installed on Android or iOS, allowing simplified cloud management on the go.

Summary

This chapter focused on bringing Google Cloud closer to us. We learned how and when Google Cloud started its business, and we tried to understand what makes it different within the market. Later on, our focus was on choosing the right cloud solution. We learned about the different types of services and when to use them. We then listed the essential Google Cloud services necessary to ace the exam and core services within IaaS, PaaS, and SaaS solutions.

At the end of this chapter, we learned different ways to interact with Google Cloud.

In the next chapter, we will learn how to plan and manage Google Cloud resources.

Questions

Answer the following questions to test your knowledge of this chapter:

Answers

The answers to the preceding questions are provided here:

1D, 2C, 3B, 4B, 5A, 6D, 7B, 8C, 9D, 10D

Part 2:Configuring and Implementing Google Cloud

The second part of the book focuses on understanding, planning, and managing Google Cloud resources. We will learn how the most popular Google Cloud services work, the benefits they offer customers, and how to implement solutions using them, such as Google Compute Engine, Google Kubernetes Engine, Cloud Run, Cloud Functions, and Infrastructure as Code. We will also gain a deep understanding of the storage and networking solutions, as they are all interconnected and cannot function independently.

This part of the book comprises the following chapters: