Professional Cloud Architect Google Cloud Certification Guide E-Book

Professional Cloud Architect – Google Cloud Certification Guide

Second Edition

Build a solid foundation in Google Cloud Platform to achieve the most lucrative IT certification

Konrad Cłapa

Brian Gerrard

BIRMINGHAM—MUMBAI

Professional Cloud Architect – Google Cloud Certification Guide

Second Edition

Copyright © 2022 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Group Product Manager: Rahul Nair

Publishing Product Manager: Rahul Nair

Senior Editor: Sangeeta Purkayastha

Content Development Editor: Nihar Kapadia

Technical Editor: Nithik Cheruvakodan

Copy Editor: Safis Editing

Project Coordinator: Shagun Saini

Proofreader: Safis Editing

Indexer: Hemangini Bari

Production Designer: Aparna Bhagat

Marketing Coordinator: Nimisha Dua and Sanjana Gupta

First published: October 2019

Second edition: January 2022

Production reference: 1101221

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham

B3 2PB, UK.

ISBN 978-1-80181-229-0

www.packt.com

To my wife and parents, for their constant support.

– Konrad Cłapa

To Linda, for her constant support and understanding.

– Brian Gerrard

Foreword

I came to know Konrad Cłapa on LinkedIn. We both have an interest in Google Cloud and have both become fully certified on Google Cloud. Then we met at Google Cloud Next '19, where Konrad invited me to co-author a book to teach people how to use Google Cloud – this book.

I had had a failed writing experience before and I knew it takes a lot of effort to write a book, so I didn't agree to co-author it, but I did write the foreword for the first edition of the book, published in 2019.

Those 2 years passed quickly and so many new services have been released on Google Cloud since then. Google Cloud Training and Certification released an upgraded version of the exam for Google Cloud Certified Professional Cloud Architect in March 2021. Even though my certification won't expire until September 2021, I took the beta exam and passed.

As expected, a lot of new content has been added to the exam, and new services such as Google Kubernetes Engine and Anthos are tested in the new exam. These changes made the first edition of the book irrelevant.

I am glad Konrad and Brian have spent time refreshing their book to reflect the changes in the exam syllabus. This will be the first book ever published on the topic since the new exam was released and it will provide much-needed guidance for people to learn about the most up-to-date services from Google in order to pass the exam and advance their careers.

A better job, a better life. I achieved so much more after I became certified on a number of cloud vendors. I encourage people to learn the cloud and plan for a better career. This book gives you what you need to pass one of the most sought-after certifications, and also the highest-paid certification, according to some sources online.

We didn't get a chance to meet again after Google Cloud Next '19. Google Cloud Next '20 and '21 were online only due to COVID-19. But we kept in touch on LinkedIn and I am aware that Konrad has become a Google Cloud Certified Fellow, the most prestigious certification from Google, and one of my own career goals. I am happy about his achievement.

Even though I don't know Brian Gerrard in person, since Konrad and Brian are colleagues and they co-authored the first edition of the book, we connected on LinkedIn. Brian has decade-long experience on VMware and he claimed to have many VMware-related certifications. Brian just moved to the public cloud in recent years. His transition from data center-centric technology to the public cloud is an inspiration for people facing the same dilemma – stop doubting the public cloud; rather, embrace it to further your career advancement. There are many similar success stories on LinkedIn for people to use as a reference and as inspiration for their own career moves. LinkedIn is a professional social media platform where you can connect with people with a common interest, learn from each other, and grow together to reach your own professional goals.

I feel honored to be given this opportunity again to write the foreword to this second edition. And I understand why Konrad wanted me to write it. For the past 5 years, I have inspired thousands of people to learn the cloud and find their purpose. I am the right person to introduce this book to you, which will help you learn Google Cloud and become certified. And great things will happen after becoming certified in Google Cloud.

Yujun Liang

Fully Certified on GCP

Cloud Certification King on LinkedIn

Contributors

About the authors

Konrad Cłapa is a Certified Google Trainer and Lead Cloud Architect working for Atos R&D. He has over 12 years' experience in the IT industry. He holds over 40 IT certification. This includes all 12/12 active Google Cloud Platform certifications making him the first in the world to achieve it. He is also listed among 40 individuals who hold Google Cloud Certified Fellow certificate. Sharing knowledge has always been important to him, so he contributes to the community by acting as a leader for a local Google Cloud Developer group. Funny fact about Konrad is that till now he never failed a GCP exam attempt including multiple beta exams that he has taken.

First of all, I would like to thank my lovely wife Kinga for the patience and understanding of my passion. It is difficult to be a wife of a geek. I would also like to thank my parents that always supported me in any decisions I have taken in my life. Last but not the least I thank Brian for being a fellow for multiple journeys and above all being a great friend!

Brian Gerrard is currently a DevOps Engineer from Scotland with over 15 years' experience in the IT industry. As well as holding the Google Certified Professional Architect and Google Certified Associate Engineer certifications , he is certified in Azure, AWS, Terraform and VMware. Brian is a firm believer in lifelong learning, and you will regularly find him contributing to his local user groups.

I would like to thank my wife and children for their support. Also, thanks to Konrad for constantly pushing the Google community to achieve more!

About the reviewers

Dr. Artem Nikulchenko is a chief software architect at Teamwork Commerce, a Google Cloud Platform Partner that specializes in the development of retail management systems. Artem spearheaded the usage of Google Cloud Platform in teamwork products from the very first publicly available version of the platform.

Artem has a Ph.D. in computer science and holds an associate professor position at National Technical University Kharkiv Polytechnic Institute. He teaches courses on databases, software architecture, and public clouds.

As a big fan of Google Cloud, Artem leads his local Google Developer Group and delivers talks about Google Cloud Platform at specialized conferences around the world.

Having worked with GCP for over 10 years, I still found this book very useful while preparing for my Google Cloud Architect certification exam. Then, I was invited to become a reviewer of that same book's newest edition. It's a great honor for me and I'd like to thank the authors, as well as Packt Publishing, for this exceptional opportunity.

Artur Zejfer has been working in the IT industry for more than 20 years, ranging across application support, database administration, automation, and architect roles. This has given him a broad base of skills and the ability to work with a diverse range of clients. He holds a master's degree in computer science and several industry-recognized certifications from Oracle, Google, The Open Group, and so on. He currently works for Atos R&D as a database architect focusing on automating daily operations. Artur has a passion for learning and information that he continues to pursue daily.

Above all the previously stated, he is a father, husband, son, brother, and friend.

I'd like to thank my wife, Kamila, and our son, Franek, for their daily support and patience. To my parents, siblings, relatives, friends, and mentors (you know who you are), thank you for guiding and supporting me.

Shouvik Basak is a solution architect at a leading Fortune 500 global IT services organization. He specializes in architecting cloud-based solutions and data center infrastructure technologies. In a career spanning more than 20 years in technology, he has worked extensively on public, private, and hybrid cloud delivery, traditional infrastructure, and operations, primarily for global enterprise customers. He has led multiple programs in the technology, service management, and integration areas and has worked hands-on in multiple technical roles.

To my mentors and friends, who have kept me motivated and curious and helped me navigate my journey and find joy in learning and doing what I do. I would also like to thank Packt Publishing for the opportunity to review this wonderful book.

Vijaykumar Jangamashetti (VJ) is a cloud solutions architect at Rackspace Technology, with a specialization in Google Cloud Platform, and is 7X Google Cloud Platform-certified. VJ is passionate about data and analytics and a strong customer advocate of educating on and promoting the power of data. As a Google Cloud Platform expert, VJ has led multiple efforts in strengthening alliance partnerships with Google Cloud through the achievement of MSP credentials, specialization awards, and expertise badges for the respective organizations he has worked in. With 15+ years of IT experience working with customers across the globe with multiple positions as an ETL architect, enterprise data architect, and cloud architect, he has built a strong reputation as a customer champion and a trusted advisor. He goes by the name @vijaykumarpj on LinkedIn and Twitter.

I'd like to thank my wife, Jyoti, and our daughter, Shriya, for their continued support and encouragement with everything that I do with great patience. I genuinely appreciate what you both have done for me and I love you both. I'd also like to thank my grandparents, parents, siblings, relatives, friends, colleagues, and mentors for helping me to be who I am today, and I greatly appreciate you all. Thanks to Packt for providing me with the opportunity to review this wonderful book.

Jarosław Gajewski holds the lead architect and distinguished expert positions in Atos. He is responsible for designing multi- and hybrid cloud solutions for cloud-agnostic and cloud-native services.

His technical knowledge and experience are backed by multiple industry-standard certificates. He is already part of an elite group of Google Cloud Certified Fellows. He holds the Google Cloud Certified Professional and other Google, VMware, Dell, Microsoft, and AWS certifications.

As someone who is passionate about the cloud, outside of his work, he is also an active community speaker and one of the Google Developer group leads for GDG Cloud Bydgoszcz.

In his free time, he loves to enjoy time with his wife, two daughters, and son, play board games, and constantly increase his knowledge.

I'd like to thank my wife Weronika for her patience and constant support.

Maciej Stopa is a multi-certified cloud solution architect experienced in Azure, Google Cloud Platform, AWS, Red Hat, IBM, Oracle, and VMware. With more than 17 years of experience in IT, he has gained deep on-premises, HPC, and distributed systems experience while working for a leading systems integrator in Poland. He transformed through virtualization and hybrid cloud, then architected a custom-tailored public cloud offering for the Polish market. After moving to Microsoft, he enjoyed working in a corporate environment, spending a couple of years as a cloud solution architect for enterprise customers. He now supports a multi-national organization called Digital and Cloud Services in Deutsche Telekom as a lead cloud solution architect, also leading an internal community of practice called Cloud Architect Ninjas.

I'd like to thank my beloved wife, Beata, and our children, Oliwia and Oskar, for their daily support, patience, and encouragement with everything that I do. I'd like to thank my parents, for giving me everything I needed to become who I am, my Mom, for her endless patience, and my Dad, for starting his IT journey living in a small Polish city by finishing offline snail-mailed courses almost 35 years ago! A spark that ignited my interests.

Dr. Nabil Hadj-Ahmed is a Google Cloud authorized trainer, a cloud architect, and a Google Cloud developer expert with over 20 years of experience working in real-world, challenging, enterprise, and demanding environments. Nabil facilitates Google Cloud training and brings a wealth of experience to enhance the learning experience of Google Cloud.

Nabil holds a Ph.D. and an MSc from Leeds Beckett University, where he also taught during his doctoral research. He also manages and speaks at Google Developer groups, organizing monthly meetup events and workshops focusing on Google technologies.

Pawel Piwowarek is a highly technical IT professional with a master's degree in computer science and over 18 years of industry experience designing, implementing, and supporting a wide range of IT solutions. He is an experienced technical leader and communicator who works with executives, managers, suppliers, and technical peers on large-scale projects with critical business impact. He maintains a keen interest in emerging and disruptive technologies and continuously adopts skillsets backed by relevant vendors' accreditations to match evolving business needs.

Table of Contents

Preface

Section 1: Introduction to GCP

Chapter 1: GCP Cloud Architect Professional

Understanding the benefits of being a certified architect

Registering for the exam

What to expect from the exam

Online proctored exams

Suggested hints and tips

Summary

Further reading

Chapter 2: Getting Started with Google Cloud Platform

Introducing the cloud

Understanding GCP

GCP differentiators

GCP locations

Resource manager

Summary

Further reading

Chapter 3: Google Cloud Platform Core Services

Understanding computing and hosting services

Exploring storage services

Getting to know about networking services

Going through big data services

Understanding machine learning services

Learning about identity services

Summary

Further reading

Section 2: Manage, Design, and Plan a Cloud Solution Architecture

Chapter 4: Working with Google Compute Engine

Deploying our first GCE instance

Deployment options

Region

Zone

Boot disk

Snapshots

Existing disks

Labels

Confidential VM service

Container

Deletion protection

Reservations

Metadata

Startup scripts

Preemptibility

Availability policy

Automatic restart

Shielded VM

Deletion rule

Node affinity labels

GPUs and TPUs

Instance templates and instance groups

Setting the location

Port name mapping

Autoscaling

Autohealing

Containers on Compute Engine

Running a simple Windows container on Compute Engine

A quick look at Google Cloud VMware Engine

Use cases

Quotas and limits

IAM roles

Pricing

Summary

Further reading

Chapter 5: Exploring Google App Engine as a Compute Option

App Engine components

Choosing the right location

Working with App Engine

Environment types

App Engine standard environment

Flexible environment

Deploying an App Engine application

Versions

Splitting traffic

Migrating traffic

Firewall rules

Settings

Custom domain

SSL certificates

Scaling

Cron jobs

Memcache

IAM

Quotas and limits

Pricing

Summary

Further reading

Chapter 6: Managing Kubernetes Clusters with Google Kubernetes Engine

An introduction to microservices

Containers

Kubernetes

Kubernetes architecture

Kubernetes objects

Google Kubernetes Engine

GKE Autopilot

Node pools

Container-Optimized OS (COS)

Storage

GKE cluster management

Creating a GKE cluster

IAM

Kubernetes role-based access control

Artifact Registry

Cloud Build

Best practices for building containers

Quotas and limits

Pricing

Summary

Further reading

Chapter 7: Deploying Cloud-Native Workloads with Cloud Run

Using Cloud Run

Cloud Run containers

Cloud Run triggers

Deploying to Cloud Run

Deploying a new revision

Mapping custom domains

IAM roles

Quotas and limits

Pricing

Summary

Further reading

Chapter 8: Managing Cloud-Native Workloads with Anthos

Anthos components

Anthos clusters

Anthos Connect Agent

Fleets (formerly environs)

Anthos cluster deployment options

Anthos clusters on VMware (GKE on-prem)

Anthos on AWS

Anthos on Azure

Anthos clusters on bare metal

Anthos Config Management

Service management with Anthos Service Mesh

Istio

Using Anthos Service Mesh

Summary of Anthos Service Mesh

Anthos Binary Authorization

Migrate for Anthos and GKE

Cloud Run for Anthos

Quotas and limits

Pricing

Summary

Further reading

Chapter 9: Running Serverless Functions with Google Cloud Functions

Main Cloud Functions characteristics

Use cases

Application backends

Real-time data processing systems

Smart applications

Runtime environments

Types of Cloud Functions

HTTP functions

Background functions

Events

Triggers

Other considerations

Cloud SQL connectivity

Connecting to internal resources in a VPC network

Environmental variables

Cold start

Local emulator

Deploying Cloud Functions

Deploying Cloud Functions with the Google Cloud Console

Deploying functions with the gcloud command

IAM

Quotas and limits

Pricing

Summary

Further reading

Chapter 10: Networking Options in GCP

Exploring GCP networking

Understanding Virtual Private Clouds

Connectivity

Cost

VPC Flow Logs

Cross-VPC connectivity

Load balancing

Global versus regional load balancing

External versus internal

Proxy versus load balancer

Load balancer types

Comparison

Choosing the right load balancer

NAT

NAT gateway

Cloud NAT

Hybrid connectivity

VPN

Interconnects

Peering

Choosing the right connectivity method

Network Connectivity Center

DNS

DNS resolution

Cloud DNS

DNSSEC

VPC firewall rules

Default rules

Implied rules

Always allowed traffic rules

Always denied rules

User-defined rules

Firewall logging

Hierarchical firewall policies

Private access options

Summary

Further reading

Chapter 11: Exploring Storage and Database Options in GCP – Part 1

Choosing the right storage option

Data consistency

Understanding Cloud Storage

Bucket locations

Storage classes

Data consistency

Cloud Storage FUSE

Creating and using a bucket

Versioning and life cycle management

Transferring data

Cloud Storage Transfer Service

Understanding IAM

Quotas and limits

Pricing

Understanding Cloud Firestore

Creating and using Cloud Datastore

Summary of Datastore mode versus Native mode

IAM

Quotas and limits

Pricing

Understanding Cloud SQL

Data consistency

Creating and managing Cloud SQL

Read replicas

High availability

Backup and recovery

Database migration service

Instance cloning

IAM

Quotas and limits

Pricing

Summary

Further reading

Chapter 12: Exploring Storage and Database Options in GCP – Part 2

Cloud Spanner

Instance configurations

Node count

Processing units

Replication

TrueTime

Data consistency

Encryption

Point-in-time recovery

Creating a Cloud Spanner instance

IAM

Quotas and limits

Pricing

Bigtable

Bigtable configuration

Data consistency

Planning capacity

Creating a Bigtable instance and table

IAM

Quotas and limits

Pricing

Summary

Further reading

Chapter 13: Analyzing Big Data Options

End-to-end big data solution

Cloud Pub/Sub

Creating a topic and a subscription

Pub/Sub Lite

IAM

Quotas and limits

Pricing

Cloud Dataflow

IAM

Quotas and limits

Pricing

BigQuery

BigQuery features

Using BigQuery

IAM

Quotas and limits

Pricing

Dataproc

Architecture

IAM

Quotas and limits

Cloud IoT Core

IAM

Quotas and limits

Pricing

Data Fusion

Core concepts

IAM

Quotas and limits

Pricing

Datastream API

Additional considerations

Summary

Further reading

Chapter 14: Putting Machine Learning to Work

An introduction to AI and ML

The seven steps of ML

Gathering and preparing the data

Choosing a model

Training

Evaluation

Hyperparameter tuning

Prediction

Learning models

GCP ML options

TensorFlow

Cloud Vertex AI

Using Vertex AI

Cloud TPUs

Pretrained ML models

The Cloud Speech-to-Text API

The Cloud Text-to-Speech API

The Cloud Translation API

The Cloud Natural Language API

The Cloud Vision API

The Cloud Video Intelligence API

Dialogflow

AutoML

Summary

Further reading

Section 3: Secure, Manage and Monitor a Google Cloud Solution

Chapter 15: Security and Compliance

Introduction to security

Shared responsibility model

Cloud Identity

Resource Manager

Identity and Access Management (IAM)

Service accounts

Cloud Storage access management

Organization Policy Service

Firewall rules and load balancers

Cloud Web Security Scanner

Monitoring and logging

Encryption

Data encryption keys versus key encryption keys

CMEKs versus CSEKs

Industry regulations

PCI compliance

Data loss prevention (DLP)

Penetration testing in GCP

CI/CD security overview

Identity-Aware Proxy (IAP)

TCP forwarding

Access Context Manger

Chronicle

Summary

Additional security services

Security Command Center (SCC)

Forseti

Cloud Armor

Secret Manager

Summary

Further reading

Chapter 16: Google Cloud Management Options

Using APIs to manage resources

Using Google Cloud Shell

The GCP SDK

gcloud

gsutil

bq

cbt

Exploring Cloud Deployment Manager

Terraform

Cloud Foundation Toolkit

Pricing Calculator

Additional things to consider

Summary

Further reading

Chapter 17: Monitoring Your Infrastructure

Technical requirements

Introduction to Google Cloud's operations suite

Cost

Configuring Google Cloud's operations suite

Cloud Monitoring

Groups

Dashboards

Alerting policies

Uptime checks

Monitoring agents

Cloud Logging

Legacy Logs Viewer

Logs Explorer

Exporting logs

Logging agent

Ops Agent

Log-based metrics

Cloud Audit Logs

Activity

Retention

Google Cloud's operations suite for GKE

GKE dashboard

APM

Trace

Debugger

Profiler

Error Reporting

Summary

Further reading

Section 4: Exam Focus

Chapter 18: Case Studies

Understanding how to approach the exam case studies

What are we looking for in the case studies?

Company overview

Solution concept

Existing technical environment

Business requirements

Technical requirements

Executive summary

Forming a solution

Summary of Mountkirk

Additional case studies

EHR Healthcare

TerramEarth

Helicopter Racing League

Summary

Further reading

Chapter 19: Test Your Knowledge

Mock test one

Mock test two

Mock test three

Mock test four

Answers to mock test one

Answers to mock test two

Answers to mock test three

Answers to mock test four

Why subscribe?

Other Books You May Enjoy

Preface

Google Cloud Platform (GCP) is a leading cloud offering that has grown exponentially year on year. GCP offers an array of services that can be leveraged by various organizations to bring the best out of their infrastructure. This book is a complete guide to GCP and will teach you various methods to effectively utilize GCP services for your business needs. You will also become acquainted with the topics required to pass Google's Professional Cloud Architect certification exam.

Following the Professional Cloud Architect certification's official exam syllabus, you will be introduced to GCP. You will then be taught about the core services that GCP offers, such as computing, storage, and network. Additionally, you will learn methods of how to scale and automate your cloud infrastructure and make it compliant and secure. Finally, you will also learn how to process big data and embrace machine learning services.

By the end of this book, you will have all the information required to ace Google's Professional Cloud Architect exam and become an expert in GCP services.

Who this book is for

If you are a cloud architect, cloud engineer, administrator, or anyone who would like to learn different ways to implement Google Cloud services in your organization, as well as get yourself certified with the Professional Cloud Architect's certificate, then this is the book for you.

What this book covers

Chapter 1, GCP Cloud Architect Professional, discusses the benefits of becoming a certified architect, how to register for the exam, and what to expect when you are in the test center.

Chapter 2, Getting Started with Google Cloud Platform, covers the basics of GCP and how it positions itself on the market. You will learn about all the major GCP services that are available.

Chapter 3, Google Cloud Platform Core Services, examines the most important GCP services, including computing, storage, networking, big data, and machine learning.

Chapter 4, Working with Google Compute Engine, examines how to create and run virtual machine instances on top of the Google Compute Engine (GCE) service.

Chapter 5, Exploring Google App Engine as a Compute Option, discusses how to define and run applications on Google App Engine.

Chapter 6, Managing Kubernetes Clusters with Google Kubernetes Engine, explains the basis of containers and microservices. It looks at running and managing Kubernetes clusters on the Google Kubernetes Engine (GKE) service.

Chapter 7, Deploying Cloud-Native Workloads with Cloud Run, discusses running cloud-native workloads in GCP with a serverless experience. Cloud Run does this without the need to understand complex Kubernetes resource definitions.

Chapter 8, Managing Cloud-Native Workloads with Anthos, introduces one of the newest and most exciting GCP products available. We will learn how we can run cloud-native workloads on Kubernetes anywhere. This includes not only all three major public cloud providers, but also on-premises. We will see how to keep the Anthos clusters in sync with predefined configuration and polices as well as how to control and observe traffic in a microservice architecture using Anthos Service Mesh.

Chapter 9, Running Serverless Functions with Google Cloud Functions, looks into running serverless functions on Google Cloud Functions.

Chapter 10, Networking Options in GCP, discusses Google's networking services. Understanding networking is key to completing the architect exam. We will introduce you to concepts such as Virtual Private Cloud (VPC) before diving further into other concepts such as Virtual Private Network (VPN), networks, subnetworks, and routes.

Chapter 11, Exploring Storage and Database Options in GCP – Part 1, considers different storage options. This will allow us to choose the right storage for a given use case. We will discuss object storage alongside relational and non-relational databases.

Chapter 12, Exploring Storage and Database Options in GCP – Part 2, looks at storage options such as Cloud Spanner and BigTable.

Chapter 13, Analyzing Big Data Options, discusses how big data is another key topic in the architect exam. Understanding what big data is, and what services GCP offers to handle the complexities of data analytics, will really help you in the test center when taking the exam. In this chapter, we will look at the various services that are available, and when we might choose one over the other.

Chapter 14, Putting Machine Learning to Work, examines Machine Learning (ML) in general as well as GCP-related services. This will allow us to understand the use cases and possible implementations of machine learning using Google Cloud.

Chapter 15, Security and Compliance, covers security, which is a feature of all GCP services. In this chapter, we will cover IAM in more detail than we have in previous chapters, to allow you to understand custom roles and service accounts. Additionally, we will look at Google's commitments to compliance through the Payment Card Industry (PCI) regulations.

Chapter 16, Google Cloud Management Options, shows you that there are several ways to manage your GCP infrastructure and its services. In this chapter, we will look at how to manage your GCP infrastructure and the key management options that are available, including Cloud Shell, SDK, and G-Cloud, and the steps that are needed to access or install these tools.

Chapter 17, Monitoring Your Infrastructure, looks at monitoring your infrastructure using Stackdriver.

Chapter 18, Case Studies, discusses how, in the exam, some questions may refer you to several case studies. You should be familiar with these case studies before you take the exam. These involve hypothetical business and solution concepts. In this chapter, we will cover how to find these case studies; additionally, we will also take a look at an example case study and analyze it in order to design an appropriate solution.

Chapter 19, Test Your Knowledge, goes through exam tips and sample tests.

To get the most out of this book

As the practical examples throughout the book involve the use of GCP, a GCP free-tier account is required.

Download the color images

We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: https://static.packt-cdn.com/downloads/9781801812290_ColorImages.pdf.

Conventions used

There are a number of text conventions used throughout this book.

Code in text: Indicates code words in the text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "Now, we need to update our configuration file. Let's save this and call it multi.yaml."

A block of code is set as follows:

apiVersion: apps/v1

kind: Deployment

metadata:

name: nginx-deployment

labels:

app: nginx

spec:

replicas: 3

Any command-line input or output is written as follows:

kubectl apply -f definition.yaml

Bold: Indicates a new term, an important word, or words that you see on screen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "Let's check out the Deployment Manager menu, where we can see that our deployments have been successful."

Tips or important notes

Appear like this.

Get in touch

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, mention the book title in the subject of your message and email us at [email protected].

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.

Piracy: If you come across any illegal copies of our works in any form on the internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Share Your Thoughts

Once you've read Professional Cloud Architect Google Cloud Certification Guide, we'd love to hear your thoughts! Please click here to go straight to the Amazon review page for this book and share your feedback.

Your review is important to us and the tech community and will help us make sure we're delivering excellent quality content.

Section 1: Introduction to GCP

This section will introduce us to Google Cloud Platform and outline the Professional Cloud Architect exam.

This part of the book comprises the following chapters:

Chapter 1: GCP Cloud Architect Professional

The shift to the cloud is not a new thing, and for many years, companies have been utilizing cost-effective solutions from public cloud vendors to move away from the traditional on-premises architecture. The speed at which technology is moving now makes it increasingly difficult for companies managing their own infrastructure to get the most out of their IT systems.

While Amazon Web Services (AWS) and Microsoft Azure currently lead the race with enterprise-scale companies, Google Cloud Platform (GCP) is one of the most popular solutions among IT professionals, and interest in it is steadily increasing. It seems that Google is playing the long game very well. In Q3 2018, ex-CEO of Google Cloud, Diane Greene, estimated that only 10% of workloads are in the public cloud, showing the massive scope for market share still available.

Given that companies are continuously moving to multi-cloud solutions to distribute their workloads or have more control over where and how their data is stored, this means that IT cloud architects and engineers need to understand more than just the current top two providers.

Furthermore, the 2020 global pandemic accelerated cloud adoption as companies shifted to home working, and collaboration tools such as Google Meet became vital in companies for maintaining stability. It also highlighted that legacy IT models proved a significant risk to businesses due to the delay in being able to scale when needed, for example.

This book, of course, will focus on Google technologies. Many of you may have experience with other public cloud vendors, such as AWS or Microsoft Azure, but we will also cater to those who are new to the public cloud. The goal of this book is to help you pass the Google Professional Cloud Architect exam. This book is suitable for both levels of experience. In this chapter, we will look at why you would take this exam, inform you about how to register for the exam, and brief you on what to expect from the exam.

We will cover the following topics in this chapter:

Understanding the benefits of being a certified architect

Studying for an exam can be a daunting prospect. Many hours need to be spent to achieve a certification, and it's not always an easy decision to dedicate a lot of personal time to achieve this goal. That said, if you currently work in the IT industry, you will know that the landscape has changed over several years. The public cloud is no longer something that worries companies, and more enterprises are shifting away from traditional on-premises solutions, meaning that the time you invest in learning new technologies will be beneficial to your career.

But why take the exam? There are several reasons why you would take this exam, such as the following:

Important Note

A Forbes article recently showed that the Google Cloud Certified Professional Cloud Architect is the highest-paid certification of 2019 and 2020. You can read it at https://www.forbes.com/sites/louiscolumbus/2020/02/10/15-top-paying-it-certifications-in-2020/?sh=390a9e48358e.

Whatever your reason for taking the exam, it is important to be realistic about your expectations.

Registering for the exam

The cost of the GCP Professional Architect exam is around 200 USD (this may change by the time you are reading this), and it can be booked in several languages, such as English, Japanese, Spanish, and Portuguese. In mid-2020, Google introduced the ability to take the exam remotely from your own home. The registration process is the same. You can register for the exam by going through the following steps:

Figure 1.1 – Select your preferred language

Figure 1.2 – The REGISTER FOR AN EXAM button

Figure 1.3 – Selecting Remote Proctored or Onsite Proctored

Figure 1.4 – Selecting a test center (if applicable)

Figure 1.5 – Selecting a date and time

Figure 1.6 – Confirming the purchase

Please bear in mind that you can change the selected date once the exam has been booked. Rescheduling exams up to 72 hours for onsite or 24 hours for remote can be done at no extra cost. Note that a rescheduling fee will be charged for any changes that are made inside these timeframes.

This section has shown us how to register for the exam. The main to recognize is that we now have the option to sit the exam at home. In the next section, we will look at what to expect from the exam.

What to expect from the exam

There are several resources that Google advises you to take advantage of to prepare for the exam. These consist of online training courses, instructor-led training, and practical labs. All of this information can be found on the cloud architect web page at https://cloud.google.com/certification/cloud-architect.

In addition, by visiting the exam guide web page at https://cloud.google.com/certification/guides/professional-cloud-architect/, you can see the expected subject knowledge of the exam applicants. The exam blueprint is critical for any exam, and GCP Architect is no different. You should review this guide and make sure you understand each section.

Like most exams, some real-life experience will also help you. The exam was created with cloud architects in mind who have experience with software development and multi-cloud/hybrid-cloud environments. That said, there is no reason why you cannot pass this exam with the correct amount of study and exposure to a GCP environment, even if you don't have practical, hands-on experience.

Google offers Qwiklabs, a self-study platform that can be used to gain experience in the services offered. It is recommended that you sign up to familiarize yourself with GCP's layout and services. Qwiklabs can be paid for either through a monthly subscription, which will give you unlimited access to the labs, or by purchasing credits. Each lab will cost a certain number of credits, depending on the complexity of the lab. The typical cost of 10 credits is 10 USD and there are discounts for bulk buys. GCP Essentials gives a great introduction to GCP that can be found at https://google.qwiklabs.com/quests/23?utm_source=gcp&utm_medium=site&utm_campaign=certification. It takes around 5 hours to complete this lab.

The exam itself will consist of multiple-choice questions that will require one or more answers to be selected. In addition to this, you will be quizzed on the case studies of fictional companies. However, you will have access to these case studies before the exam, and you can refer to them during the exam. In Chapter 18, Case Studies, we will go over these in more detail. There will be around 60 questions in the exam, and you will have 2 hours to complete them. You will receive an on-screen message stating only a pass or fail, with no indication of your score. Google believes that scored results are not meaningful for the examinee and can be misinterpreted. A confirmation email will also be delivered to your registered email address confirming the result.

Passing the exam will validate your skills for 2 years. Then, you are required to recertify by sitting the full and latest exam again. Should you be unsuccessful in your attempt, you must wait 14 days before you can retake. If you fail a second attempt, you must wait 60 days, while for a third failed attempt, you must wait 1 full year before you can retake the exam. A full fee is required for each attempt.

Online proctored exams

Due to the COVID-19 pandemic, as of early 2020, Google accelerated its program to deliver online proctored exams. In H2 of 2020, the Professional Data Engineer exam became the first Google exam to be offered online and the Professional Cloud Architect exam soon followed. There is no difference in terms of price, length, or the content of the exam compared to the traditional test center method. However, there are differences in the minutes leading up to your exam. You must download the Sentinel software and have full administrative control over your machine. If you are using a corporate machine, this may cause issues. There are also system requirements that must be met; for example, the OS must be Windows 8.1 or 10, or Mac OS X 10.13-11.1. Your web browser requires the latest version of Chrome, Firefox, or Safari. Additionally, a webcam is required. You are also required to have your face scanned for a biometrics profile and this must be populated before the exam.

When the time comes to sit your exam, you should be in a secure, quiet, and well-lit room. You will be required to show the surrounding room with your webcam. You will also require a mirror or your phone to show its screen if the webcam is integrated. There can be no other people in the room, nor is any food, drink, or other paper or writing instruments allowed. A full list of testing requirements can be found on the Google Cloud certification web page https://support.google.com/cloud-certification/answer/9907748?hl=en.

When you have completed the exam, you will be informed of your result, the same as you would in the test center, with a message stating only pass or fail.

After a few days, you will get confirmation that the results have been sent to Google for verification. In a week, you should get an official confirmation, along with a link to your certificate.

Suggested hints and tips

In the exam, we recommend that you make use of the fact that you can mark questions for review and come back to them later. It is a personal preference, of course, but we suggest that you don't puzzle over a question for too long. You will have around 2 minutes per question to provide an answer. Some of the answers to the questions will jump straight out of the screen at you, while others will take you more time to determine the correct answer. If you are spending too long on a question, then mark it for review and move on, as it's important to get to the end of the test to ensure that you have scored the maximum number of marks.

We also recommend booking the exam to give you an incentive. It is easy to procrastinate or worry too much that you are not fully prepared. This is a natural feeling but having an end date in sight gives you focus and determination. We recommend that you print out the exam guide and work through each point to ensure that you understand each objective.

Additionally, 2 hours is a long time. Ensure that you book the exam at a time of day when you are the most alert, to give yourself the best chance of success. With the option of the remote exam, it should become easier to find a slot that suits you, but you must be sure to find a space that is both private and quiet. Additionally, ensure you have a stable internet connection and enough laptop power if this is the type of device you are using. For some, attending a test center may still be the preferred option.

Summary

In this chapter, we covered what to expect from the exam and how to register for it, as well as the benefits of being a GCP Certified Architect. Throughout this book, we will introduce you to the services that are needed for a successful outcome. This book's ultimate goal is to assist you in passing the exam; however, we encourage you to do more reading, use Qwiklabs, or play around in the GCP console if you wish to deep dive into a particular topic or service that you encounter while reading this book.

In the next chapter, we will get started with GCP.

Further reading

Read the following article for more information regarding what was covered in this chapter:

Chapter 2: Getting Started with Google Cloud Platform

In this chapter, we will introduce the concept of cloud computing to better understand what Google Cloud Platform (GCP) is. We will take a look at GCP resources and their hierarchy. After that, we will create our first account and set up a project. Additionally, we will discuss the billing options that are available. We will examine how to create a billing account and associate it with the project. Finally, we will take a look at how to export the billing information. It is important to have this introduction before we start talking about GCP services. This will both help you to pass the exam and to implement the basic setup of GCP for real-life scenarios before you even begin using the services. We actively encourage you to set up your own free-tier Google Cloud account in order to acquire hands-on exposure and gain confidence.

In this chapter, we will cover the following topics :

Exam Tip

Having a good understanding of GCP resources is vital in order to pass the GCP Cloud Architect exam. Make sure that you go through this chapter carefully and attentively. Read it multiple times if required, and play around with the creation of projects and billing accounts using your free-tier account. Try exporting billing data to both files and BigQuery. You need to remember individual Identity and Access Management (IAM) roles for billing. Make sure that you have a good understanding of the scope of the services.

Introducing the cloud

Before we jump into GCP, first, let's learn what the cloud is, as per the following diagram:

Figure 2.1 – What the cloud is

It is true—there is no cloud: it's just someone else's computer. With the cloud, what we are actually doing is accessing resources and consuming services that are hosted on someone else's computer. If we want to be more precise, the cloud is a pool of computers.

Now, let's take a look at a more accurate and professional definition used by Google that comes from the United States National Institute of Standards and Technology (https://csrc.nist.gov/publications/detail/sp/800-145/final):

"Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (for example, networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models."

The five essential characteristics of the cloud are as follows:

The four deployment models are as follows:

When we look at GCP, it fulfills all of the five characteristics and fits into the public cloud deployment model. In the next section, we will take a look at GCP itself.

Understanding GCP

Google has been developing its own tools to deliver services such as Gmail, YouTube, and Google Workspace for years. These tools have been converted into services that can be consumed by others. Consumers are given the amazing scalability that Google must use for their own purposes. GCP allows you to choose from computing, storage, networking, big data, and Machine Learning (ML) services to build your application on top of them. The number of services is constantly growing, and new announcements are made on an almost weekly basis. New services and features are released, first, as alpha versions, then as beta versions, and finally, they are made globally available. The early releases are available even earlier for selected customers and partners. This allows the services to be tested by external parties even before their official release!

Google supports several service models, including the following:

As you can see, the range of services in GCP is very broad. Let's quickly analyze this range of services offered by GCP. We will start from very simple IaaS, such as a traditional data center, and end with using FaaS, where we can run code without the need to manage any server infrastructure. The choice of service depends on our requirements. Put simply, if we require flexibility and control over our Virtual Machines (VMs), we would use Compute Engine. This service allows us to provision VM instances or simply lift and shift machines from our existing environment. However, the trade-off is that you are responsible for managing all of the layers above the VM instance. That includes the operating system, any middleware, and any applications on top of it.

When we move away from IaaS toward PaaS, CaaS, or FaaS, the responsibility of maintaining the infrastructure is taken away from us. With Cloud Functions, all we really care about is the coding of a function in a language supported by GCP. Once it's done and published, we access it through the HTTP(S) protocol.

Finally, as we move to managed services, we simply start to consume services that bring us a particular business value without having to worry about any underlying parts. They can be used in Software-as-a-Service (SaaS) models and consumed through APIs. An example of this is Dataprep, which is a data service that allows you to clean up and prepare your data for further analysis. Another example is the pretrained ML model, Vision API. Developers can consume this service by using the RESTful API to analyze images without having to write any code, except for the call itself.

Hopefully, now you understand that GCP is much more than just a hosting service. It provides you with sets of tools, services, and resources that will help you to develop and deliver your applications. The choice of the services you will use depends entirely on the set of requirements you have. If that feels overwhelming, then don't worry. This book is written to help you to go through GCP step by step.

In Chapter 3, Google Cloud Platform Core Services, you will get an overview of the most important GCP services. In the following chapters, we will dive into each of them in more detail to get you prepared for the exam.

GCP differentiators

Every cloud provider has something that differentiates it from others. Each provider has its own strategy in terms of how to deliver value to customers, and the same is true for GCP. Let's take a look at what the key GCP features are that make it stand out from the crowd:

GCP locations

As we have already mentioned, GCP has a global footprint that includes North America, South America, Europe, Asia, and Australia. The locations are further split into regions and zones.

It is your decision where your application should be located to provide low latency and high availability:

At the time of writing, GCP has the following:

These numbers are growing rapidly, and, at the time of writing, Google has announced an additional two regions at the Google Cloud Next conference. For the most up-to-date information, please refer to https://cloud.google.com/about/locations. The following map shows the current and future regions and zones across the globe:

Figure 2.2 – GCP locations (Source: https://cloud.google.com/about/locations/)

The preceding map shows current regions in blue and planned regions in white. It should also be noted that not all services are available in each region. For example, Cloud Functions, after being made globally available, was only introduced in a limited number of locations.

Resource manager

GCP consists of containers such as organizations, folders, and projects to hierarchically group your resources. This allows you to manage their configuration and access control. The resources can be managed programmatically using APIs. Also, Google provides tools such as Google Cloud Console and command-line utilities, which are wrappers around the API calls. Now, let's take a look at the hierarchy presented in the following diagram and familiarize ourselves with each of the resources:

Figure 2.3 – The resource manager hierarchy (Source: https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy, License: https://creativecommons.org/licenses/by/4.0/legalcode)

The preceding diagram shows the resource manager hierarchy. Starting from the top, we have an Organization that can be mapped to a company. Next, we have Folders that can represent a company's departments. Next, we have Projects, which further divide the actual company projects or environments, such as development and production. Finally, underneath Projects, we have GCP Resources. We will take a look at each of these in the following sections.

Organizations

At the top of the hierarchy, we have the organization. However, note that this is an optional resource, and you can use GCP very well without it. The organization is only available to users of Google Workspace (formerly G-Suite) and Cloud Identity, which are products outside of GCP.

To provide some context, Google Workspace is a bundle of collaboration tools, including Gmail, Google Drive, Hangouts, and Google Docs. Users use these tools, which are stored in the Google Workspace domain.

Cloud Identity is an Identity-as-a-Service (IDaaS) offering. Similarly, it allows you to create a domain and to manage your users, applications, and device accounts from a single point. You can learn more about Cloud Identity in Chapter 15, Security and Compliance.

A single Google Workspace or Cloud Identity account can only be associated with a single organization. This implies that the organization is bound to one domain only. In both Google Workspace and Cloud Identity, there is a defined role of super administrators. When you create the organization, those users will have the highest privileges in the organization and underlying resources. Please ensure that this account is not used for day-to-day operations.

Instead, the super administrator should assign the role of organization administrator to designated users. This role is further used to define IAM policies, resource hierarchy, and delegate permissions using IAM roles.

Important Note

With the creation of a new organization, all users from the domain get project creator and Billing Account Creator IAM roles. This allows them to create new projects in that organization. Again, we will take a closer look at this in Chapter 15, Security and Compliance.

Folders

Folders are logical containers that can group projects or other folders. They can be used to assign IAM policies. Again, the use of folders is optional and is only available when an organization resource exists. The use case for using folders is to group projects that will use the same IAM policies.

Projects

Projects are the smallest logical containers that group resources. Every resource within GCP needs to belong to exactly one project. Each project is managed separately, and IAM roles can be assigned per project to control the access in a fine-grained way.

Projects have three identification attributes:

In most cases, you will use the project ID to identify your project. To manage resources within GCP, you will always need to identify which project they belong to by either the project ID or the project number. You can create multiple projects, but there is a quota that limits the number of projects per account. If you reach the quota, you will need to submit a request to extend it.

Resources' scope

Now that we know the physical and logical separation of GCP resources, let's take a look at their scope. The resources can be either global, regional, or zonal