Professional Cloud Architect – Google Cloud Certification Guide E-Book

Professional Cloud Architect – Google Cloud Certification Guide

Copyright © 2020 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Commissioning Editor: Karan SadawanaAcquisition Editor:Rahul NairContent Development Editor:Ronn KurienSenior Editor: Rahul DsouzaTechnical Editor: Mohd Riyan KhanCopy Editor: Safis EditingProject Coordinator:Vaidehi SawantProofreader: Safis EditingIndexer:Priyanka DhadkeProduction Designer:Arvindkumar Gupta

First published: April 2020

Production reference: 2280420

Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK.

ISBN 978-1-83855-527-6

www.packt.com

Packt.com

Subscribe to our online digital library for full access to over 7,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website.

Why subscribe?

Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals

Improve your learning with Skill Plans built especially for you

Get a free eBook or video every month

Fully searchable for easy access to vital information

Copy and paste, print, and bookmark content

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.packt.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details.

At www.packt.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks. 

Foreword

In 2016, the year in which I obtained all of my Amazon Web Services certificates, I heard the news about Google launching a certification program. Believing that the future is multi-cloud, I wanted to learn Google Cloud Platform. After attending the Google Cloud Next conference in San Francisco, I decided to become a certified Google Cloud Architect. Whilst preparing for the certification, I found that there were no books on the topic, and online documentations were the only source available. Three years later, I finally had this book in my hands. I wish I’d had this book when I was starting my journey!

Having passed all 6 Google Cloud Profession exams and being an author myself, I understand what it takes to pass this professional level certification. Having all of your resources in one place is irreplaceable when preparing for the certification. By buying this book, you can seize the opportunity to have all you need at your fingertips.

If you are still wondering whether you should start your journey with the help of Brian and Konrad, do not hesitate. I can assure you that the Google Cloud Architect certification is becoming one of the hottest on the market. Once a niche platform, Google Cloud is now on a path to truly shine, and is thus attracting more and more companies. With Google Cloud’s focus on Machine Learning, Cloud Native applications development, and Data Processing services, the demand for certified specialists is growing by the day.

Don't wait any longer. Read this book, start using Google Cloud, and get certified.

A bright future is waiting for you!

Yujun LiangGoogle Certified Cloud Architect

Contributors

About the authors

Konrad Cłapa is a lead cloud automation architect working for Atos R&D. He has over 10 years' experience in the IT industry. He holds over 30 IT certifications and is officially the first in the world to pass all 10 Google Cloud Platform certifications. He is also listed among 20 individuals awarded with Google Cloud Certified Fellow title. Sharing knowledge has always been important to him, so he contributes to the community by acting as a leader for a local Google Cloud Developer group and an AWS user group in Poland.

Brian Gerrard is a technical engineer from Scotland with over 10 years' experience in the IT industry. Currently working for Atos, he holds the Google Certified Professional Architect certification, as well as all three AWS Certified Associate certifications. In addition to this, Brian has a number of advanced certifications in infrastructure and private cloud technologies, including two VMware Certified Implementation Expert certifications. Brian is a firm believer in lifelong learning, and you will regularly find him contributing to his local user groups. 

About the reviewers

Antonio Gulli has a passion for establishing and managing global technological talent for innovation and execution. His core expertise is in cloud computing, deep learning, and search engines. Currently, he serves as the Engineer Director for the Office of the CTO, Google Cloud. Previously, he served as the Google Warsaw site leader, doubling the size of the engineering site.

So far, Antonio has been lucky enough to gain professional experience in four countries in Europe and has managed teams in six countries in EMEA and the US. In Amsterdam, he was the vice president for Elsevier, a leading scientific publisher; in London, he was a site lead for Microsoft, working on Bing, Search; in Italy and the UK, he was the CTO, Europe and UK, for Ask.com and also worked in several co-funded start-ups, including one of the first web search companies in Europe.

Antonio has co-invented a number of technologies for searching, smart energy, and AI, with more than 20 patents issued/applied for. Additionally, he has published several books about coding and machine learning, which have been translated into Japanese and Chinese. Antonio speaks Spanish, English, and Italian, and he is currently learning Polish and French. Antonio is the proud father of two boys, Lorenzo, who's 18, and Leonardo, who's 13; and a little queen, Aurora, who's 9 years old.

Jaroslaw Gajewski holds a technical lead architect position at Atos. He is responsible for designing private and multi-cloud solutions for cloud-agnostic and cloud-native services. His technical knowledge is backed by multiple industry-standard certificates. He is already a Google Cloud Certified Professional and VMware, DELL, Microsoft, and AWS certified, and is also recognized by Atos as a senior expert in the cloud and automation domain. Being passionate about the cloud, outside work, he is an active community speaker and one of the Google Developer Group leads for GDG Bydgoszcz.

In his spare time, he loves spending time with his wife, two daughters, and one son; he enjoys board games and is constantly striving to further his knowledge.

Packt is searching for authors like you

If you're interested in becoming an author for Packt, please visit authors.packtpub.com and apply today. We have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea.

Table of Contents

Title Page

Copyright and Credits

Professional Cloud Architect – Google Cloud Certification Guide

Dedication

About Packt

Why subscribe?

Foreword

Contributors

About the authors

About the reviewers

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the color images

Conventions used

Get in touch

Reviews

Section 1: Introduction to GCP

GCP Cloud Architect Professional

The benefits of being a certified architect

Registering for the exam

What to expect from the exam

Some tips

Summary

Further reading

Getting Started with Google Cloud Platform

Introducing the cloud

Understanding GCP

GCP differentiators

GCP locations

Resource manager

Organizations

Folders

Projects

Resources scope

Global resources

Regional resources

Zonal resources

Managing projects

Granting permissions

Billing

Managing billing accounts

Assigning a project to a billing account

Exporting billing

Budgets and alerts

Billing account roles

Summary

Further reading

Google Cloud Platform Core Services

Computing and hosting services

Storage services

Networking services

Big data services

ML services

Identity services

Summary

Further reading

Section 2: Managing, Designing, and Planning a Cloud Solution Architecture

Working with Google Compute Engine

Deploying our first GCE instance

Deployment options

Region

Zone

Boot disk

Application images

Snapshots

Existing disks

Labels

Deletion protection

Metadata

Startup scripts

Preemptibilty

Availability policy

Automatic restart

Shielded VM

Deletion rule

Node affinity labels

GPUs and TPUs

Instance templates and instance groups

Setting the location

Port name mapping

Autoscaling 

Autohealing

Quotas and limits

IAM roles

Pricing

Summary

Further reading

Managing Kubernetes Clusters with Google Kubernetes Engine

An introduction to microservices 

Containers

Docker

Kubernetes

Kubernetes architecture

The master node

Worker nodes

Kubernetes objects

Pods

ReplicaSets

Deployments

Namespaces

Services 

Types of services

Google Kubernetes Engine

Node pools

Container-Optimized OS

Storage

GKE cluster management

Creating a GKE cluster

Advanced configuration

Networking

Security

Stackdriver

Additional features

Deploying our first application

Cluster second-day operations

Upgrading the cluster

Auto-upgrades

Auto-repair

Resizing the cluster

Autoscaling a cluster 

Rotating the master IP

IAM

Kubernetes role-based access control

Container Registry

Cloud Build

Quotas and limits

Pricing

Summary

Further reading

Exploring Google App Engine as a Compute Option

App Engine components

Choosing the right location

Working with App Engine

Environment types

App Engine Standard environment

Flexible environment

Deploying an App Engine application

Versions

Splitting traffic

Migrating traffic

Firewall rules

Settings

Custom domain

SSL certificates

Scaling

Cron jobs

Memcache

IAM

Quotas and limits

Pricing

Summary

Further reading

Running Serverless Functions with Google Cloud Functions

Main Cloud Functions characteristics

Use cases

Application backends

Real-time data processing systems

Smart applications

Runtime environments

Types of Cloud Functions

HTTP functions

Background functions

Events

Triggers

Other considerations

Cloud SQL connectivity

Connecting to internal resources in a VPC network

Environmental variables

Cold start

Local emulator

Deploying Cloud Functions

Deploying Cloud Functions with the Google Cloud Console

Deploying functions with the gcloud command 

Triggers

IAM

Quotas and limits

Pricing

Cloud Run 

Summary 

Further reading

Networking Options in GCP

Exploring GCP networking

Understanding Virtual Private Cloud

Connectivity

Cost

VPC Flow Logs

Cross-VPC connectivity

Shared VPC

VPC peering

Choosing between shared VPC and VPC peering

Load balancing

Global versus regional load balancing

External versus internal

Proxy versus load balancer

Load balancer types

Comparison

Choosing the right load balancer

NAT

NAT gateway

Cloud NAT

Hybrid connectivity

VPN

Interconnects

Peering

Choosing the right connectivity method

DNS

DNS resolution

Cloud DNS

DNSSEC

Firewall rules

Default rules

Implied rules

Always allowed traffic rules

Always denied rules

User-defined rules

Firewall logging

Private access

Summary

Further reading

Exploring Storage Options in GCP - Part 1

Choosing the right storage option

Data consistency

Understanding Cloud Storage

Bucket locations

Storage classes

Legacy storage classes

Data consistency

Cloud Storage FUSE

Creating and using a bucket

Versioning and lifecycle management

Versioning

Lifecycle management

Transferring data

Cloud Storage Transfer Service

Google Transfer Appliance

Understanding IAM

Quotas and limits

Pricing

Understanding Cloud Datastore

Data consistency

Creating and using Cloud Datastore

Datastore versus Firestore

IAM

Quotas and limits

Pricing

Understanding Cloud SQL

Data consistency

Creating and managing Cloud SQL

Read Replicas

Failover Replica

Backup and recovery

Migrating data

Instance cloning

IAM

Quotas and limits

Pricing

Summary

Further reading

Exploring Storage Options in GCP - Part 2

Cloud Spanner

Instances configuration

Node count

Replication

TrueTime

Data consistency

Creating a Cloud Spanner instance

IAM

Quotas and limits

Pricing

Bigtable

Bigtable configuration

Instances

Clusters

Nodes

Schema

Replication

Application profiles

Data consistency

Creating a Bigtable instance and table

IAM

Quotas and limits

Pricing

Summary

Further reading

Analyzing Big Data Options

End-to-end big data solution

Cloud Pub/Sub

Creating a topic and subscription

IAM

Quotas and limits

Pricing

Cloud Dataflow

IAM

Quotas and limits

Pricing

BigQuery

BigQuery features

Datasets

Tables

Using BigQuery

Importing and exporting data

Storage

IAM

Quotas and limits

Pricing

Dataproc

Architecture

IAM

Quotas and limits

Cloud IoT Core

IAM

Quotas and limits

Pricing

Additional considerations

Summary

Further reading

Putting Machine Learning to Work

An introduction to AI and ML

The seven steps of ML

Gathering and preparing the data 

Choosing a model

Training

Evaluation

Hyperparameter tuning

Prediction

Learning models

GCP ML options

TensorFlow

Cloud ML Engine

Using ML Engine

Interacting with ML Engine

ML Engine scale tiers

Cloud Tensor Processing Units (TPUs)

Submitting a training job

Deploying the model

Predictions

Submitting predictions

Pretrained ML models 

The Cloud Speech-to-Text API

The Cloud Text-To-Speech API

The Cloud Translation API 

The Cloud Natural Language API

The Cloud Vision API

The Google Cloud Video Intelligence API

Dialogflow

AutoML

Summary

Further reading

Section 3: Designing for Security and Compliance

Security and Compliance

Introduction to security

Cloud Identity

Resource Manager

Identity and Access Management (IAM)

Service accounts

Cloud Storage access management

Firewall rules and load balancers

Cloud Security Scanner

Monitoring and logging

Encryption

Data encryption keys versus key encryption keys

CMEKs versus CSEKs

Industry regulations

PCI compliance

Shared responsibility model

Data Loss Prevention (DLP)

Penetration testing in GCP

Additional security services

Cloud Identity-Aware Proxy (IAP)

Security Command Center (SCC)

Forseti

Cloud Armor

Summary

Further reading

Section 4: Managing Implementation

Google Cloud Management Options

Using APIs

Google Cloud Shell

The GCP SDK

gcloud

gsutil

bq

cbt

Cloud Deployment Manager

Pricing Calculator

Additional things to consider

Summary

Further reading

Section 5: Ensuring Solution and Operations Reliability

Monitoring Your Infrastructure

Technical requirements

Introduction to Stackdriver

Cost

Configuring Stackdriver

Stackdriver Monitoring

Groups

Dashboards

Alerting policies

Uptime checks

Monitoring agents

Stackdriver Logging

Logs Viewer

Basic log filtering

Advanced filtering

Exporting logs

Logging agent

Log-based metrics

Cloud audit logs

ACTIVITY

Retention

APM

Trace

Debugger

Profiler

Error Reporting

Summary

Further reading

Section 6: Exam Focus

Case Studies

Understanding how to approach exam case studies

What are they looking for in the case studies?

Company overview

Solution concept

Business requirements

Technical requirements

Executive summary

Forming a solution

The analytics platform

The backend platform

Summary of Mountkirk

Additional case studies

TerramEarth

Analysis

Dress4Win

Analysis

Summary

Further reading

Test Your Knowledge

Mock test 1

Mock test 2

Assessments

Answers to Mock Test 1

Answers to Mock Test 2

Other Books You May Enjoy

Leave a review - let other readers know what you think

Preface

Google Cloud Platform (GCP) is a leading cloud offering that has grown exponentially year on year. GCP offers an array of services that can be leveraged by various organizations in order to bring the best out of their infrastructure. This book is a complete guide to GCP and will teach you various methods of how to effectively utilize GCP services for your business needs. You will also become acquainted with the topics required to pass Google's Professional Cloud Architect certification exam.

Following the Professional Cloud Architect certification's official exam syllabus, first, you will be introduced to GCP. You will then be taught about the core services that GCP offers, such as computing, storage, and network. Additionally, you will learn methods of how to scale and automate your cloud infrastructure and make it compliant and secure. Finally, you will also learn how to process big data and embrace machine learning (ML) services.

By the end of this book, you will have all the information required to ace Google's Professional Cloud Architect exam and become an expert in GCP services.

Who this book is for

If you are a cloud architect, cloud engineer, administrator, or anyone who would like to learn different ways to implement Google Cloud services in your organization, as well as get yourself certified with the Professional Cloud Architect's certificate, then this is the book for you.

What this book covers

Chapter 1, GCP Cloud Architect Professional, discusses the benefits of becoming a certified architect, how to register for the exam, and what to expect when you are in the test center.

Chapter 2, Getting Started with Google Cloud Platform, covers the basics of GCP and how it positions itself on the market. You will learn about all the major GCP services that are available.

Chapter 3, Google Cloud Platform Core Services, examines the most important GCP services, including computing, storage, networking, big data, and machine learning. 

Chapter 4, Working with Google Compute Engine, examines how to create and run virtual machine instances on top of the Google Compute Engine (GCE) service.

Chapter 5, Managing Kubernetes Clusters with Google Kubernetes Engine, explains the basis of containers and microservices. It looks at running and managing Kubernetes clusters on the Google Kubernetes Engine (GKE) service.

Chapter 6,Exploring Google App Engine as a Compute Option, discusses how to define and run applications on Google App Engine.

Chapter 7,Running Serverless Functions with Google Cloud Functions, looks into running serverless functions on Google Cloud Functions.

Chapter 8, Networking Options in GCP, discusses Google's networking services. Understanding networking is key to successfully completing the architect exam. We will introduce you to concepts such as Virtual Private Cloud (VPC), before diving further into other concepts such as Virtual Private Network (VPN), networks, subnetworks, and routes.

Chapter 9, Exploring Storage Options in GCP – Part 1, considers different storage options. This will allow us to choose the right storage for a given use case. We will discuss object storage alongside relational and non-relational databases.

Chapter 10, Exploring Storage Options in GCP – Part 2, looks at storage options such as Cloud Spanner and Bigtable.

Chapter 11, Analyzing Big Data Options, discusses how big data is another key topic in the architect exam. Understanding what big data is, and what services GCP offers to handle the complexities of data analytics, will really help you in the test center when taking the exam. In this chapter, we will look at the various services that are available, and when we might choose one over the other.

Chapter 12, Putting Machine Learning to Work, examines machine learning in general as well as GCP-related services. This will allow us to understand the use cases and possible implementations of ML using Google Cloud.

Chapter 13, Security and Compliance, covers security, which is a feature of all GCP services. In this chapter, we will cover IAM in more detail than we have in previous chapters, to allow you to understand custom roles and service accounts. Additionally, we will look at Google's commitments to compliance; for example, through the Payment Card Industry (PCI) regulations.

Chapter 14, Google Cloud Management Options, shows you that there are a number of ways to manage your GCP infrastructure and its services. In this chapter, we will look at how to manage your GCP infrastructure and the key management options that are available, including Cloud Shell, SDK, and gcloud, and the steps that are needed to access or install these tools.

Chapter 15, Monitoring Your Infrastructure, looks at monitoring your infrastructure using Stackdriver.

Chapter 16,Case Studies, discusses how, in the exam, some questions may refer you to several case studies. You should be familiar with these case studies before you take the exam. These involve hypothetical business and solution concepts. In this chapter, we will cover how to find these case studies; additionally, we will also take a look at an example case study and analyze it in order to design an appropriate solution.

Chapter 17, Test your Knowledge, goes through exam tips and sample tests.

To get the most out of this book

As the practical examples throughout the book involve the use of GCP, a GCP free-tier account is required.

If you are using the digital version of this book, we advise you to type the code yourself. Doing so will help you avoid any potential errors related to the copying and pasting of code.

Download the color images

We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: https://static.packt-cdn.com/downloads/9781838555276_ColorImages.pdf.

Conventions used

There are a number of text conventions used throughout this book.

CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "It automaticallycreates one subnet per region with predefined IP ranges with the /20 mask from the 10.128.0.0/9 CIDR block."

A block of code is set as follows:

<INSTANCE_NAME>.c.<PROJECT_ID>.internal

When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:

resources:- name:

{{ properties["name"] }}

type: compute.v1.instance

Any command-line input or output is written as follows:

gcloud deployment-manager deployments create networking --config config.yaml

Bold: Indicates a new term, an important word, or words that you see on screen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "Navigate to Network Services and then Load Balancing."

Get in touch

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, mention the book title in the subject of your message and email us at [email protected].

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.

Piracy: If you come across any illegal copies of our works in any form on the internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Reviews

Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!

For more information about Packt, please visit packt.com.

Section 1: Introduction to GCP

This section will introduce you to the Google Cloud Platform (GCP) and outline the Professional Cloud Architect exam.

This section contains the following chapters:

Chapter 1

,

GCP Cloud Architect Professional

Chapter 2

,

Getting Started with Google Cloud Platform

Chapter 3

,

Google Cloud Platform Core Services

GCP Cloud Architect Professional

The shift to the cloud is not a new thing, and for many years, companies have been utilizing cost-effective solutions from public cloud vendors to move away from traditional on-premises architecture. The speed at which technology is moving now makes it increasingly difficult for companies managing their own infrastructure to get the most out of their IT systems.

While Amazon Web Services (AWS) and Microsoft Azure currently lead the race with enterprise-scale companies, Google Cloud Platform (GCP) is emerging as one of the most popular solutions among IT professionals, and interest is steadily increasing. It seems that Google is playing the long game very well. In Q3 2018, ex-CEO of Google Cloud, Diane Greene, estimated that only 10% of workloads are in the public cloud, showing the massive scope for market share still available. Furthermore, in Q4 2018, CEO of Google, Sundar Pichai, said that GCP was the fastest-growing major public cloud provider in the world. Given that companies are continuously moving to split cloud solutions, this means that IT cloud architects and engineers need to understand more than just the current top two providers.

This book, of course, will focus on Google technologies. Many of our readers may have experience of other public cloud vendors—for example, AWS or Microsoft Azure; however, we also cater to those who are new to the public cloud. The ultimate goal of this book is to help you to pass the Google Professional Cloud Architect exam. This book is suitable for both levels of experience. In this chapter, we will look at why you would take this exam, inform you about how to register for the exam, and brief you on what to expect from the exam.

We will cover the following topics in this chapter:

The benefits of being a certified architect

Registering for the exam

What to expect from the exam

Some tips

The benefits of being a certified architect

Studying for an exam can be a daunting prospect. Many hours need to be spent to achieve a certification, and it's not always an easy decision to dedicate a lot of personal time to achieve this goal. That said, if you currently work in the IT industry, you will know that the landscape has changed over several years. The public cloud is no longer something that worries companies, and more enterprises are shifting away from traditional on-premises solutions, meaning that the time you invest in learning new technologies will only be beneficial to your career.

But why take the exam? There are several reasons why you would take this exam, such as the following:

You have used GCP for some time and want to have an industry-recognized certification that reflects your current skillset

You want to achieve a new role or promotion and show that you can dedicate your own time to learning new skills that you don't get to use day to day

There is no better way to showcase your skills than having industry-led certifications

You want to get acquainted with modern stack development technologies

Whatever your reason for taking the exam, it is important to be realistic about your expectations.

Registering for the exam

The cost of the GCP Professional Architect exam is 200 USD, and it can be booked in several languages, such as English, Japanese, Spanish, and Portuguese. You can register for the exam by going through the following steps:

The first step is to visit the Google certification web page at 

https://cloud.google.com/certification/

.

You will see that there are many certification paths you can take. Click on the

REGISTER

link under 

Professional Cloud Architect

, as highlighted in the following screenshot:

Next, you will need a Webassessor account to book the exam. You can create a new account using the hyperlink in the

WELCOME

page:

Next, click on

REGISTER FOR AN EXAM

, as shown in the following screenshot:

Select your testing center, as shown in the following screenshot:

Next, select a date, as shown in the following screenshot:

Finally, review and click

Check Out

. Pay for the exam and you are ready to go. Submit the coupon or voucher code

if you have one:

Please bear in mind that you can change the selected date after the exam is booked up to 72 hours before the scheduled date at no extra cost. Note that a rescheduling fee will be charged for any changes made within 72 hours of your scheduled exam time.

What to expect from the exam

There are several resources that Google advises you to take advantage of to prepare for the exam. These consist of online training courses, instructor-led training, and practical labs. All of this information can be found on the cloud architect web page at https://cloud.google.com/certification/cloud-architect.

In addition, by visiting the exam guide web page at https://cloud.google.com/certification/guides/professional-cloud-architect/, you can see the expected subject knowledge of the exam applicants. The exam blueprint is critical for any exam, and GCP Architect is no different. You should review this guide and make sure you understand each section.

Like most exams, some real-life experience will also help you. The exam is created with cloud architects in mind who have experience with software development and multi-cloud/hybrid-cloud environments. That being said, there is no reason that you cannot pass this exam with the correct amount of study, even if you don't have practical, hands-on experience.

Google offers Qwiklabs that can be used to gain experience in the services offered. It is recommended that you sign up to these to familiarize yourself with the GCP layout and services. Qwiklabs can be paid for either through a monthly subscription, which will give you unlimited access to the labs, or by purchasing credits. Each lab will have a certain number of credits depending on the complexity of the lab. The typical cost of 10 credits is 10 USD. GCP Essentials gives a great introduction to GCP and can be found at https://google.qwiklabs.com/quests/23?utm_source=gcp&utm_medium=site&utm_campaign=certification. It takes around five hours to complete this lab.

Once you are prepared for the exam and have successfully scheduled it, you will need to visit one of the registered test centers. You will be expected to arrive around 15 minutes before the exam and take two forms of identification with you. All of this will be explained in your exam confirmation email. The exam itself will consist of multiple-choice questions that will require one or more answers to be selected. In addition to this, you will be quizzed on case studies of fictional companies. You will, however, have access to these case studies before the exam, and you can refer to them during the exam. In Chapter 16, Case Studies, we will go over these in more detail. There will be around 60 questions in the exam, and you will have two hours to complete them. You will receive only a pass or fail, with no indication of your score.

Some tips

In the exam, we recommend that you make use of the fact that you can mark questions for review and come back to them later. It is a personal preference, of course, but we suggest that you don't puzzle over a question for too long. You will have around two minutes per question to provide an answer. Some of the answers to the questions will jump straight out of the screen at you, and others will take you more time to determine the correct answer. If you are spending too long on a question, then mark it for review and move on, as it's important to get to the end of the test to ensure that the maximum number of marks are scored.

We also recommend booking the exam to give you an incentive. It is easy to procrastinate or worry too much that you are not fully prepared. This is a natural feeling, but having an end date in sight gives you focus and determination. We recommend that you print out the exam guide and work through these points to ensure that you have an understanding of each objective.

Additionally, two hours is a long time to be in the exam center. Ensure that you book the exam at a time of day that you are most alert, to give yourself the best chance of success.

Summary

In this chapter, we covered what to expect from the exam and how to actually register for the exam, as well as the benefits of being a GCP. Throughout this book, we will introduce you to the services that are needed for a successful outcome. This book's ultimate goal is to assist you in passing the exam; however, we encourage you to do more reading if you wish to deep dive into a particular topic or service that you encounter while reading this book.

In the next chapter, we will get started with the GCP.

Further reading

Read the following article for more information:

Google Cloud Certificate

:

https://cloud.google.com/certification

Getting Started with Google Cloud Platform

In this chapter, we will introduce the concept of cloud computing to better understand what Google Cloud Platform (GCP) is. We will take a look at GCP resources and their hierarchy. After that, we will create our first account and set up a project. The billing options will be discussed. We will see how to create a billing account and associate it with the project. Finally, we will take a look at how to export the billing information. It is important to have this introduction before we start talking about GCP services. This will both help you to pass the exam and to perform the basic setup of GCP for real-life scenarios before you can even use the services.

We will cover the following topics in this chapter:

Introducing the cloud

Understanding GCP

Understanding GCP infrastructure

Basic GCP configuration

Introducing the cloud

Before we jump into GCP, let's first learn what the cloud is:

It is true—there is no cloud: it's just someone else's computer. With the cloud, what we are actually doing is accessing resources and consuming services that are hosted on someone else's computer. If we want to be more precise, the cloud is a pool of computers.

Now, let's look at a more accurate and professional definition used by Google that comes from the United States National Institute of Standards and Technology (https://csrc.nist.gov/publications/detail/sp/800-145/final):

The five essential characteristics of the cloud are as follows:

On-demand self-service

: Services are provisioned automatically without manual provider intervention.

Broad network access

: Resources are available through the network.

Resource pooling

: Resources are pooled from a shared pool, giving the user a sense of location independence. For some of the resources, the location might be restricted.

Rapid elasticity

: Services can be elastically provisioned and deprovisioned with capacity being managed by the provider.

Measured service

: Resource usage is monitored and can be reported on.

The four deployment models are as follows:

Private cloud

: Used by specific organizations, but can be managed by third parties

Public cloud

: Used by the general public

Community cloud

: Used by specific communities

Hybrid cloud

: Composed of two or more different clouds

When we look at GCP, it fulfills all of the five characteristics and fits into the public cloud deployment model. In the next section, we will have a look at GCP itself.

Understanding GCP

Google has been developing its own tools to deliver services such as Gmail, YouTube, Google Drive, and Google+ for years. These tools have been converted into services that can be consumed by others. Consumers are given the amazing scalability that Google has to use for their own purposes. GCP lets you choose from computing, storage, networking, big data, and machine learning (ML) services to build your application on top of them. The number of services is growing constantly, and new announcements are made on an almost weekly basis. New services and features are released, first as alpha then as beta versions, and finally, are made available globally. The early releases are available even earlier for selected customers and partners. This allows the services to be tested by external parties even before the official release!

Google supports several service models, including the following:

Infrastructure as a Service

(

IaaS

)

Platform as a Service

(

PaaS

)

Container as a Service

(

CaaS

)

Function as a Service

(

FaaS

)

Managed services

As we can see, the range of services in GCP is very broad. Looking at the following diagram, we will analyze this range of services offered by GCP:

We can start from very simple IaaS, such as a traditional data center, and end up using functions as services and managed services. The choice of service depends on our requirements. To put it simply, if we need flexibility and control over our virtual machines (VMs), we would simply use Compute Engine. This service allows us to provision VM instances or simply lift and shift machines from our existing environment. The trade-off, however, that is you are responsible for managing all of the layers above the VM container. That includes the operating system, any middleware, and any applications on top of it.

When we move to the left of the diagram, the burden of maintaining the infrastructure is taken away from us. With Cloud Functions, all we really care about is the coding of a function in a language supported by GCP. Once it's done and published, we access it through the HTTP protocol.

Finally, as we move to managed services, we start to simply consume services that bring us particular business value without having to worry about any underlying parts. They can be used in Software as a Service (SaaS) models and consumed through APIs. An example of this Dataprep, which is a data service that allows you to clean up and prepare your data for further analysis. Another example is the pretrained ML model, Vision API. Developers can consume this service using the RESTful API to analyze images without having to write any code, except for the call itself.

Hopefully, now you understand that GCP is much more than just a hosting service. It provides you with sets of tools, services, and resources that will help you to develop and deliver your applications. The choice of the services you will use depends entirely on the set of requirements you have. If that feels overwhelming, don't worry. This book is written to help you to go through GCP step by step.

In Chapter 3, Google Cloud Platform Core Services, you will get an overview of the most important GCP services. In the following chapters, we will dive into each of them in more detail to get you prepared for the exam.

GCP differentiators

Every cloud provider has something that differentiates it from others. Each provider has its own strategy for how to deliver value to customers, and the same is true for GCP. Let's have a look at what the key GCP features are that make it stand out from the crowd:

Developer focused

: GCP was built with a focus on developers. If you look at the history of GCP, it started in 2008 with a preview release of App Engine, which is a fully serverless platform, allowing developers to run their applications written in languages such as Python, Java, and Go. It provides out-of-the-box load balancing and autoscaling. Developers just need to choose the platform they want to develop on and they can start coding. Also, if you look at

Stackdriver

(a GCP monitoring tool) itself, it provides several tools that can be directly integrated with an application. This allows the developer to use them to monitor and debug their application. Google makes it very clear that GCP was created for developers to help them with their challenges. Having achieved this goal, they are now aiming at large enterprises.

The Google Network

: The Google Network is something that differentiates GCP from other cloud providers. Google claims that around 40% of the world's internet traffic is carried by the Google Network, making it the largest network on the globe. This allows the 

Google Network

to provide responses with very low latency as close to the end user as possible.

Global scope

: GCP was developed with global availability in mind. You will see services such as load balancing available globally rather than regionally, unlike other providers. This allows the client to concentrate on development and embrace out-of-the-box high availability and elasticity.

ML

: GCP offers a great number of ML services for

both 

data scientists and regular developers who have limited knowledge of the topic. ML allows pretrained models to be used, as well as offering AutoML services. The latter allows you to train ML models without knowing how they are actually created. The portfolio of these services is growing very quickly. The key goal of Google is to enable enterprises with ML to make faster and smarter decisions.

Pricing

: The VM instances are priced per second with a minimum run time of one minute. This allows you to run the machines for short tests and not have to pay for a full hour of use.

Service-level agreement (SLA)

: GCP services provide monthly uptime percentage

Service-level objectives

(

SLOs

). If the SLO is not met, the customer is eligible for financial credits. Note that this percentage depends on the service and that alpha and beta features are not included with any SLA.

Security

: Google uses its 15 years of experience in running services such as Gmail in GCP. Your data is always encrypted with a choice of Google or customer-managed keys.

Carbon neutral

: This might not be the most important feature when it comes to functionality, but it is worth knowing. Google data centers are carbon neutral, meaning that 100% of the energy used to power them comes from renewable energy. This includes the GCP data centers.

GCP locations

As we have already mentioned, GCP has a global footprint that includes North America, South America, Europe, Asia, and Australia. The locations are further split into regions and zones.

It is your decision where your application should be located to provide low latency and high availability:

A region

is defined by Google as an independent geographic area that is divided into multiple zones. Locations within regions should have round-trip network latencies of under 1 ms in 95% of cases.

A zone 

is a deployment area for GCP resources. Note that a zone does not correspond to a single data center; it can consist of multiple buildings. Even though a zone provides a certain amount of fault protections, a zone is considered a 

single point of failure

(

SPOF

). Therefore, you should consider placing your application across multiple zones to provide fault tolerance.

Network edge locations

are

connections to GCP services located in a particular metropolitan area.

At the time of writing, GCP has the following:

22 regions

67 zones

140 network edge locations

These numbers are quickly growing and, while this book was being written, Google announced an additional two regions at the Google Cloud Next conference. For the most up-to-date information, refer to https://cloud.google.com/about/locations. The following map shows the current and future regions and zones across the globe:

The preceding map shows current regions in blue and planned regions in white. It should also be noted that not all services are available in each region. As an example, Cloud Functions, after being made available globally, was introduced only to a limited number of locations.

Resource manager

GCP consists of containers such as organizations, folders, and projects to hierarchically group your resources. This allows you to manage their configuration and access control. The resources can be managed programmatically using APIs. Google also provides tools such as Google Cloud Console and command-line utilities, which are wrappers around the API calls. Let's now have a look at the hierarchy presented in the following diagram and familiarize ourselves with each of the resources:

The preceding diagram shows the resource manager hierarchy. Starting from the top, we have an Organization that can be mapped to a company. Next, we have Folders that can represent a company's departments. Next, we have Projects, which further divide the actual company projects or environments, such as development and production. Finally, under Projects, we have GCP Resources. 

Organizations

At the top of the hierarchy, we have the organization. You need to note, however, that this is an optional resource and you can use GCP very well without it. The organization is only available to users of G Suite and Cloud Identity, which are products outside of GCP.

To provide some context, G Suite is a bundle of collaboration tools including Gmail, Google Drive, Hangouts, and Google Docs. Users use these tools, which are stored in the G Suite Domain.

Cloud Identity is an Identity-as-a-Service (IDaaS) offering. It similarly allows you to create a domain and to manage your users, applications, and device accounts from a single point. You can learn more about Cloud Identity in Chapter 13, Security and Compliance.

A single G Suite or Cloud Identity account can be associated only with a single organization. This implies that the organization is bound to one domain only. In both G Suite and Cloud Identity, there is a defined role of super administrators. When you create the organization, those users will have very high privileges in the organization and underlying resources. Make sure that this account is not used for day-to-day operations.

Instead, the super admin should assign the role of organization administrator to designated users. This role is further used to define IAM policies, resource hierarchy, and delegate permissions using IAM roles.

Folders

Folders are logical containers that can group projects or other folders. They can be used to assign IAM policies. Again, the use of folders is optional and is available only when an organization resource exists. The use case for using folders is to group projects that will use the same IAM policies.

Projects

Projects are the smallest logical containers that group resources. Every resource within GCP needs to belong to exactly one project. Each project is managed separately, and IAM roles can be assigned per project to control the access in a fine-grained way.

Projects have three identification attributes:

Project ID

: A globally unique immutable ID generated by Google

Project name

: A unique name provided

 by a user

Project number

: A globally unique number generated by Google

In most cases, you will use the project ID to identify your project. To manage resources within GCP, you will always need to identify which project they belong to by either project ID or project number. You can create multiple projects, but there is a quota that limits the number of projects per account. If you reach the quota, you will need to submit a request to extend it.

Resources scope

Now that we know the physical and logical separation of GCP resources, let's have a look at their scope. The resources can be either global, regional, or zonal. That indicates how accessible the resource is for other resources. For example, a global image can be used in any region to provision VMs. On the other hand, a VM that needs to belong to a particular subnet must reside in the same region for which the subnet was configured.

Even though the resources have a narrow scope, keep in mind that they still need to have unique names within the project, meaning you can't have two VMs with the same name within one project.

OK, let's have a look at the resources and their scope. You might not be fully familiar with the following resources, but don't worry: they will be explained in more detail in the coming chapters.

Global resources

Global resources are globally available within the same project and can be accessed from any zone. These include the following objects:

Addresses

: These are reserved external IP addresses and can be used by global load balancers.

Images

: These are either predefined or user customized. They can be used for provisioning VMs.

Snapshots

: Snapshots of a persistent disk allow the creation of new disks and VMs. Note that you can also expose a snapshot to a different project.

Instance templates

: These can be used for the creation of managed instance groups.

Virtual Private Cloud 

(

VPC

)

networks

: These are virtual networks that you can connect your workloads to.

Firewall

: These are, in fact, defined per VPC, but are accessible globally.

Routes

: Routes allow you to direct your network traffic and are assigned to VPCs, but are also considered global.

Regional resources

Regional resources are accessible by other resources only within the same region. These include the following objects:

Addresses

: Static, external IP addresses can only be used by instances that are in the same region.

Subnets

: These are associated with VPC networks and allow the assignment of IP addresses to VMs.

Regional managed instance groups

: These allow you to scale groups of instances. The scope can be set to either regions or zones.

Regional persistent disks

: These provide replicated, persistent storage to VM instances. They can

also 

be shared between projects for the creation of snapshots and images, but not disk attachments.

Zonal resources

Zonal resources are only accessible by other resources within the same zone. These include the following objects:

VM instances

: These reside in a particular zone.

Zonal persistent disks

: These provide persistent storage to VM instances. They can also

 be

shared as disks between projects for the creation of snapshots and images, but not disk attachments.

Machine types

: These define the hardware configuration for your VM instances and are defined for any particular zone.

Zonal managed instance groups

: These allow you to autoscale groups of instances. The scope can be set to either regions or zones.

Now that we understand the theory, let's have a look at how we create a project.

Managing projects

To create a new project, follow these steps:

Log in to the GCP console at

https://console.cloud.google.com

and click on the drop-down arrow next to the name of the project you are currently logged into. A

Select a project

window will pop up. Click on

NEW PROJECT

in the top-right corner:

Fill in the name and choose the billing account. You can attach the project to an organization or a folder. Choose the default billing account. In the following steps, we will show you how to create a new billing account and associate it with the project we are now creating. Click on the 

CREATE

button, as shown in the following screenshot:

The new project has been created. You can now manage it from the GCP console:

To start using the GCP services, click on the hamburger icon. A menu will pop up. You can access all GCP services from here, as shown in the following screenshot: