Google Certified Associate Cloud Engineer - Guide

Google Certified Associate Cloud Engineer + Introduction to Google Cloud Platform + Kubernetes Deep Dive

1. How do i properly set up my Google Cloud Platform (GCP) account and projects?
2. How do i set up and use the various GCP services?
3. How do i build a GCP system i have designed?
4. How can i get certified as a GCP Associate Cloud Engineer?

Course structure

1. Certification/GCP Overview
2. GCP Account Setup (Hand-on)
3. GCP Services (Hands-on)
4. Breadth & Exam Prep

Key takeaways

1. Usable and configured GCP account
2. Good solid understanding of how to use all the key GCP services
3. What you need to know to get certified as an Associate Cloud Engineer

Prerequisites

1. No Prerequisite
2. Credit card for GCP account
3. Computer

Consideration

1. Similar certification system as AWS
2. Learn about Mental Models (Learn how to learn required)
3. No AWS experience required (Not for GCP)

Exam guide

1. To a person wanting to pass the exam
2. To a person working in a field as cloud Engineer

An associate Cloud Engineer 'deploys applications', 'monitors operations of multiple projects', and 'maintains enterprise solutions to ensure that they meet target performance metrics'. This individual has experience working with 'public cloud and on-premises solutions'. They are 'able to use Google Cloud Console and the command-line' tasks to 'maintain one or more deployed solutions' that 'leverage Google-managed or self-managed services on Google Cloud'.

Exam section

1. Setting up a cloud solution environment.
  1.1 Setting up cloud projects and accounts.
    1.2 Managing billing configuration.
    1.3 Installing and configuring the command line interface (CLI)
2. Planning and configuring a cloud solution .
    2.1 Planning and estimating GCP product use using the Pricing Calculator.
    2.2 Planning and configuring compute resources.
    2.3 Planning and configuring data storage options
  2.4 Planning and configuring network resources
3. Deploying and implementing a cloud solution.
    3.1 Deploying and implementing Compute Engine resources
    3.2 Deploying and implementing Kubernetes Engine resources
    3.3 Deploying and implementing App Engine and Cloud Functions resources
    3.4 Deploying and implementing data solutions
    3.5 Deploying and implementing network resources.
    3.6 Deploying a solution using Cloud Launcher.
    3.7 Deploying a Application using Deployment Manager.
4. Ensuring successful operation of a cloud solution.
    4.1 Managing Compute Engine resources.
    4.2 Managing Kubernetes Engine resources
    4.3 Managing App Engine resources
  4.4 Managing network resources
  4.5 Monitoring and logging
5. Configuring access and security.
    5.1 Managing Identity and Access Management (IAM)
    5.2 Managing service accounts
    5.3 Viewing audit logs for project and managing services.

Google Innovation

1. Google is all about Big Data: Huge scale
2. Google hires very smart people (Googlers)
3. Lots of internal innovation
4. Published many whitepapers
  Eg: MapReduce, Google File System, Colossus
5. Released some things as open source .
    Eg: Kubernetes (from Borg)
6. Commercialized some things in GCP
    Eg: BigTable, Spanner, GCS (Built on colossus), BigQuery (from Dremel)

GCP Design Principles

1. Global 2. Secure 3. Huge scale 4. For developers

Global System

1. GCP is intrinsically global (Services are generally built serve work wide customers)
2. AWS is intrinsically region-scoped.
3. Regional Model Simplifies data sovereignty.
4. Global model Easier to handle latency and failures in a global way. Could be more sensitive to multi-region/global failure modes. (Due to service failures, not underlying hardware issues)

Physical Infrastructure

1. vCPU
2. Physical server
3. Rack
4. Data center (building)
5. Zone 6. Region
7. Multi-Region
8. Private global network
9. Point of Presence (PoPs) - Network edges and CDN locations
10. Global system

Global Regions

1. Multi Region
    1. Europe
    2. Asia
    3. US (or North America)
2. Non- Multi regions (Currently only having one region each)
    1. South America
  2. Australia

Network Ingress and Egress

1. Normal network: Routes via Internet to edge location closest to destination
2. Google: Routes so traffic enters from Internet at edges closest to source
    1. Enables very interesting scenarios
    2. Single global IP address can load balance worldwide
    3. Sidesteps many DNS issues
3. Can now opt for "normal" network routing to reduce price (and functionality)

Pricing

1. Provisioned - "Make sure you're ready to handle X"
2. Usage - "Handle whatever I use, and charge me for that"
3. Network traffic
    1. Free on the way in (ingress)
    2. Charged on the way out (egress), by GBs used
    3. Egress to GCP services sometimes free
  1. Depends on the destination service
  2. Depends on the location on that service.

Security

1. Separation of duties and physical security
2. Absolutely everything always encrypted at rest
3. Strong key and identity management
4. Network encryption
    1. All control info encrypted
    2. All WAN traffic to be encrypted automatically
    3. Moving towards encrypting all local traffic within data centers
5. Distrust the network, anyway (Having layers of security)
    1. BeyondCorp (This shift access control from the network parameter to individual devices and users)

Scale and Automation

1. Scalability must be unbounded
2. Devs don't want to answer pages

Resource Quotas (Soft Limits)

1. Scope
    1. Regional
    2. Global
2. Changes
    1. Automatic
    2. By request
        1. Response in 24-48 h
        2. May be refused
        3. Query-able (gcloud compute project-info describe --project myprojectid)

Organization

1. Projects are similar to AWS accounts
2. Projects own resources
3. Resources can be shared with other projects
4. Projects can be grouped and controlled in a hierarchy

Google Clod Developer's Cheat Sheet

Some that you can refer to remind yourself to get a very basic idea about something where you don't have time to research.

Compute Products

1. Compute Engine (Virtual Machines, Disks, Network)

Do virtually work with a computer. Rent for seconds. Have a huge job? can spin up dozen / hundreds / thousands of compute engine instances at the same time to get the job done faster.

2. Cloud Function (Event driven serverless function)

Build finer grind than compute engine. (this is by 10th of a second) It manages all the scalling for you automatically. This is Google Cloud's function as service product. (FaaS, like AWS Lambda) Key building block of a serverless system. With this instead of running server programms set around to client to connect to them, in cloud function you setup an event, and google will run the code you given it, every time when that event happened. If no events happening you don't need to pay anything. If bunch of such event happened same time, google will run your code in parallel.

3. Kubernetes Engine (Managed Kubernetes/Containers)

Can help leave some of the management burden, otherwise have to deal with compute engine. GKE will install run and manage Kubernetes for you on clusters of compute engine instances. It also reaches out to the networking world, and create things like cloud loadbalancers which helps reduce even further minor tasks that you would have to do.

Storage Products

1. Cloud Storage (Object Storage and Serving)

A serverless product. Most pure service at its core. Incredibly reliable.

2. Nearline (Archival Occasional Access Storage) 3. Coldline (Archival Rare Access Storage)

Priced and optimised storage for less frequest data access parents (perfect for backup)

4. Persistent Disk (VM-attached Disks)

Its a special kind of storage Its blocked storage, works like a harddrive does. (usually cloud storage product is object storage) Can only connect to compute engine instances.

5. Cloud filestore (Managed NFS Server)

Between cloud storage and persistent disk, its file based. (Nither Object based nor Block based) Being a managed NFS server its bit more flexible to connect to the persistent disk and may work better with certain kind of application than the object based cloud storage.

AI and Machine Learning Products

1. Cloud TPU (Tensorflow Processing Unit) (Specialized Harware for ML)

Kind of a compute engine instance This one is purpose build for tensorflow processing.(instead of a general purpose processing)

2. Cloud Natural Language (Text Parsing Analysis)

3. Cloud Speech to text (Convert Audio to Text)

Convert speech to text

4. Cloud Text to Speech (Convert Text to Audio)

5. Cloud Machine Learning Engine (Managed Platform for ML)

Which run tensorflow for you

6. Cloud Deep Learning VM Image (Preconfigured VMs for deep learning)

Preconfigured virtual machine for deep learning so you run that image in a compute engine instance.

7. Cloud AutoML Natural Language (Custom classification models)

where the basic machine learning models are setup but you can train them on your organization's own set of data. for text documents

8. Cloud AutoML Translate (Custom domain-specific translation)

where the basic machine learning models are setup but you can train them on your organization's own set of data. for translations

9. Cloud AutoML Vision (Custom image classification models)

where the basic machine learning models are setup but you can train them on your organization's own set of data. for Images.

Database Products

1. Cloud SQL (Managed MySQL and PostgreSQL)

Instead of having to manage the compute engine instances and perstence disk yourself (Installing MySQL upgrading it and applying patch, all that good stuffs), google does for you. Also manage things like read replicas.

2. Cloud Spanner (Horizontally Scalable Relational DB)

Seriosly massive scale.

3. Cloud Firestore (Strongly-consistent Serverless Document DB)

Buildt in web socket connction for updates.

4. Cloud Datastore (Horizontally Scalable Document DB)

Pay for what you use, you don't have to provision and manage certain capacity. Cloud Spanner is the only enterprise-grade, globally-distributed, and strongly consistent database service built for the cloud specifically to combine the benefits of relational database structure with non-relational horizontal scale. This combination delivers high-performance transactions and strong consistency across rows, regions, and contents with an industry-leading 99.999% availability SLA, no planned downtime, and enterprise-grade security. Cloud Spanner revolutionizes databse administration and management and makes application development more efficient.

5. Cloud Bigtable (Petabyte-scale, low-latency nonrelational)

for predictable and high volume data

Data and Analytics products

1. Cloud Dataflow (Stream/batch data processing)

Processes large amount of data. Newer and better than Dataproc. Key technology behind this is Google released Apache beam.

2. Cloud Dataproc (Managed Spark and Hadoop)

Helpfull to move already runing Hadoop into google cloud. This is for processing large amount of data and it uses compute engine under the hood. (Just like kubernetes engine does)

3. Google Genomics (Managed Genomics Platform)

Useful if you are using kind of genomic information. Google Genomics helps the life science community organize the world's genomic information and make it accessible and useful. Big genomic data is here today, with petabytes rapidly growing towards exabytes. Through the extensions to Google Cloud Platform, you can apply the same technologies that power Googl Search and Maps to securely store, process, explore and share large, complex datasets.

4. Cloud Pub/Sub (Global Real-time Messaging)

Probably more flexible product in Google cloud. Helpful to connect almost anything to almost anything else. You create topics, one part of the system publish message to that topic and another part of the system subscribe the message form the topic.

5. Google BigQuery (Data Warehouse/Analtics)

Crown jewell in google cloud. Its serverless Pay only for use. Scale up automatically. Can store tons of data in bigquery, still get incredibly fast response.

Networking

1. Virtual Private Cloud (Software Defined Networking)

Umbrella of software defined networking. Most of the other networking services rely on this.

2. Dedicated Interconnect (Dedicated private network connection)

Toconnect VPC to external data center.

3. Cloud NAT (Network Address Translation Service)

For network address translation to connect out from VPC

4. Cloud Load Balancing (Multi-region Load Distribution)

5. Network Service Tires (Price vs Performance Tiering)

6. Cloud Armour (DDoS Protection and WAF)

Cloud Armour delivers defense at scale against infrastructure and application Distributed Denial of Service (DDoS) attacks using Google's global infrastructure and security systems.

7. Cloud CDN (Content Delivery Network)

8. Cloud DNS (Programmable DNS Serving)

Managing Tools Products

1. Stackdriver Monitoring (Infrastructure and Application Monitoring)

Whatch whats going on in your system

2. Stackdriver Logging (Centralized Logging)

Centralized location of logging of your system. All the different part of the system, that can be Microservices or Multiple instances or completely different part of your system they can all log into one central place.

Identity and Security Products

1. Cloud Identity (Manage Users, Devices and Apps)

2. Cloud IAM (Resource Access Control)

Resource access control Ties everyting together from security perspective

3. Cloud HSM (Hardware Security Module Service)

Used to manage encryption keys and certificates.

4. Cloud Data Loss Prevention API (Classify, Redact Sesitive Data)

A machine learning service that can classify and redact sensitive data from what you are pointed out. Free Tier Account

Cloud Shell and Editor

Google cloud Shell provides you with command-line access to your cloud resources directly from your browser. You can easily manage your projects and resources without having to install the Google Cloud SDK or other tools on your system. With Cloud Shell, the Cloud SDK gcloud command-line tool and other utilities you need are always available, up to date and fully authenticated when you need them.

HELP

https://www.linkedin.com/pulse/how-i-passed-2-gcp-certifications-just-3-months-kishore-kumar-behera/
https://cloud.google.com/docs/tutorials
https://cloud.google.com/free/
https://www.coursera.org/specializations/gcp-architecture