Categories
Cloud GCP

GCP Associate Cloud Engineer (Week 4)

Interconnecting Networks

  • Cloud VPN
    • Securely connects on-premises network to GCP VPC network using an IPSec VPN tunnel
      • IPSec: IPsec is commonly used to secure VPNs. While a VPN creates a private network between a user’s computer and the VPN server, IPsec protocols implement a secure network that protects VPN data from outside access
    • Useful for low-volume data connections
    • 99.9% SLA
    • Supports:
      • Site-to-site VPN
      • Static & Dynamic routes (Cloud Router)
      • IKEv1 & IKEv2 ciphers (Internet Key Exchange)
  • Dynamic routes (Cloud Router)
    • BGP (Border Gateway Protocol)
  • Cloud Interconnect
    • Dedicated Interconnect provides direct physical connection between your on-premises network and GCP network
      • Requirement: A cross-connect between the google network and router in a common co-location facility to establish a BGP session (The two routers themselves cannot establish BGP session?)
    • Partner Interconnect provides connectivity through a supported service provider
  • Comparison
  • Peering
    • Peering is a method that allows two networks to connect and exchange traffic directly without having to pay a third party to carry traffic across the Internet
    • Direct Peering provides a direct connection between your business network and Google’s
      • Broad-reaching edge network locations
      • Exchange BGP routes
      • Reach all of Google’s services
      • Peering requirements
      • No SLA
    • Edge Points of Presence (PoPs)
      • Where google’s network connects to the rest of the internet
    • Carrier Peering provides connectivity through a supported partner
      • Carrier Peering partner
      • Reach all of Google’s services
      • Partner requirements
      • No SLA
  • Sharing VPC Networks
    • Shared VPC
      • Allows an organization to connect resources from multiple projects to a common VPC network
      • A host project
      • Communicate within Shared VPC using private IP, host project with external networks using public IP
    • VPC peering
      • Bi-directional peering, then communicate with private IP addresses even in different organizations
      • Decentralized or distributed approach to multi project networking

Load Balancing and Autoscaling

  • Managed Instance Groups
    • Deploy and manage identical VM instances based on template
    • Instance group can be resized
    • Manager ensures all instances are running
    • Typically used with autoscaler to offer autoscaling capabilities
      • Dynamically add/remove instances
      • Autoscaling policy:
        • CPU utilization
        • Load balancing capacity
        • Monitoring metrics
        • Queue-based workload
    • Can be single zone or regional
  • Health check
  • HTTP(S) Load Balancing
    • Layer 7 of OSI model
    • Global load balancing
    • Single anycast IP address
      • Anycast is a network addressing and routing methodology in which a single destination IP address is shared by devices in multiple locations
    • HTTP on port 80 or 8080, HTTPs on port 443
    • IPv4 & IPv6
    • Autoscaling, prewarming-free
    • URL maps, default closest (?)
  • Backend services
    • Health check
    • Session affinity (optional, default round robin algo ?)
    • Time out setting (30s default)
    • One or more backends
      • An instance group (managed or unmanaged)
      • A balancing mode (CPU utilization or RPS)
      • A capacity scaler
  • HTTP(S) load balancing
    • Target HTTP(S) proxy
    • One signed SSL certificate installed
    • Client SSL session terminates at the load balancer
    • Support the QUIC transport layer protocol
  • SSL certificates
    • Required for HTTP(S) load balancing
    • Up to 10 SSL certificates (per target proxy)
    • Create an SSL certificate resource
  • SSL Proxy Load Balancing
    • Global load balancing for encrypted, non-HTTP traffic
    • Terminates SSL session at load balancing layer
    • IPv4 or IPv6 clients
    • Benefits:
      • Intelligent routing
      • Certificate management
      • Security patching
      • SSL policies
  • TCP Proxy Load Balancing
    • Global load balancing for unencrypted, non-HTTP traffic
    • Terminates TCP sessions at load balancing layer
    • IPv4 or IPv6 clients
    • Benefits:
      • Intelligent routing
      • Security patching
  • Network load balancing
    • Regional, non-proxied load balancer
    • Forwarding rules (IP protocol data)
    • Traffic: UDP; TCP/SSL ports
    • Backends: Instance group; Target pool
      • Target pool resource defines a group of instances that receive incoming traffic from forwarding rules
  • Internal load balancing
    • Regional, private load balancing
      • VM instances in the same region
      • RFC 1918 IP addresses
    • TCP/UDP traffic
    • Reduced latency, simpler configuration
    • Software-defined, fully distributed load balancing
    • Supports 3-tier web services

Infrastructure Automation

  • Deployment Manager
    • An infrastructure deployment service that automates the creation and management of GCP resources
      • Repeatable deployment process (Template-driven)
      • Declarative language
      • Parallel deployment, use reference to indicate dependence
  • GCP Marketplace
    • Quickly deploy functional software packages that run on GCP
    • Single bill for GCP and third-party services
    • Manage solutions using Deployment Manager
    • Notifications when a security update is available
    • Direct access to partner support

Managed Services

  • BigQuery
    • Serverless, highly scalable and cost-effective cloud data warehouse
    • Fully managed
    • Petabyte scaleSQL interface
    • Very fast
    • Free usage tier
  • Cloud Dataflow
    • Serverless, fully managed data processing
    • Batch and stream processing with autoscale
    • Open source programming using Beam
    • Intelligently scale to millions of QPS
    • Extract, transform, and load (ETL) orchestration is a common mechanism for building big data pipelines
  • Cloud Dataprep
    • Visually explore, clean and prepare data for analysis and machine learning
    • Serverless, works at any scale
    • Suggestion ideal data transformation
    • Focus on data analysis
    • Integrated partner service operated b Trifacta
  • Cloud Dataproc
    • A service for running Apache Spark and Apache Hadoop clusters
    • Low cost (per-second, preemptible)
    • Super fast to start, scale and shut down
    • Integrated with GCP
    • Managed service
    • Simple and familiar

A leased line is a dedicated, fixed-bandwidth data connection.

Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently.

Infrastructure as code is the process of managing infrastructure in a file or files rather than manually configuring resources in a user interface.

Containers in the Cloud

  • Infrastructure as a Service allows you to share compute resources with other developers by virtualizing the hardware using virtual machines
  • Strong Consistency & Eventual consistency
    • Strong Consistency offers up-to-date data but at the cost of high latency
    • While Eventual consistency offers low latency but may reply to read requests with stale data since all nodes of the database may not have the updated data
  • cURL
    • curl is used in command lines or scripts to transfer data
    • The name stands for “Client URL”

Leave a comment