Google Cloud Platform Fundamentals for AWS Professionals — Week 1

Bekah Lundy
10 min readAug 8, 2020

--

I am taking a course for the next nine weeks and want to have my notes jotted down somewhere. I’ll update this week by week and go over the topics I learned about and any additional research I did. It’s always nice to have your notes well written and in one spot — so here it is!

Week 2 notes — Getting Started with Google Cloud Platform

Week 3 notes — Virtual Machines in the Cloud

Week 4 notes — Storage in the Cloud

Key Concepts in week one:

  • To be able to define the components of Google’s network infrastructure, including points of presence, data centers, regions, and zones.
  • Compare Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) and Software-as-a-service (SaaS)

Introduction

GCP offers four kinds of services: Compute, Storage, Big Data, and Machine Learning.

What is cloud computing?

Cloud computing is a way of using IT that has 5 important traits.

  • first, you get computing resources on demand and self-service. There is a simple interface where you can get processing power, storage, and network, all without the need of human intervention
  • second, you can access these resources over the net anywhere you want
  • third, the provider of the resources has a large pool of them & can easily allocate them to customers out of that pool. This allows the provider to get economies of scale by buying in bulk & passing the savings to the customers (customers don’t have to know or care about the actual location of the resources)
  • fourth, the resources are elastic. If you need more, you can do so, if you need to scale back, you can do so
  • lastly, customers pay for only what they use or receive as they go. Stop using = stop paying

This is the definition of Cloud

How did we get here?

If we take a look back, we know that the first wave of this trend towards cloud computing was colocation. IT shops have been doing this for decades. Colocation is renting space in shared facilities, rather than building coslty capital intensive data centers. This freed up capital for more flexible use.

Then, IT departments need for efficiency drove them to virtualization. A virtualized data center matches the parts of a physical data center. Servers, disks, etc. Virtualization lets us all use resources more efficiently and just like colocation, it lets us be more flexible too. With virtualization you still buy, house, and maintain the infrastructure. This means that you are still responsible for guessing how much hardware you need and when, and setting it all up and keeping it running. About a decade ago Google realized that it’s business couldn't’ move fast enough with the confines of the virtualization model, so they switched to container based architecture. In this internal cloud, services automatically provision and configure the infrastructure that is used to run applications.

Review — Cloud Computing Services

Does a cloud computing service let you scale your resource use up and down?Yes! This is one of the benefits to cloud computing services

To get resources from a cloud computing provider, is working with a person at the provider required?
No! Again, one of the benefits of using cloud computing services

GCP computing architectures

Virtualized data centers brought us Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS).

IaaS provides us with raw compute, storage, and organized networks similar to data centers. Here you pay for what you allocate.

PaaS provides us with bind application code that we write to libraries, giving us access to the infrastructure that our application needs. Here you pay for what you use.

Both of these methods are a lot better than the old way of doing things — simply guessing what you will need. GCP offers many services where we will not need to worry about resource provisioning at all.

GCP regions and zones

How GCP is organized:

  • A zone is a deployment area for Google Cloud Platform Resources. Example: when you launch a viral machine in GCP using Compute Engine. It runs in the zone that you specify. People often think of zones as a Data Center, it’s not completely accurate, a zone does now always correspond to a single physical building
  • Zones are grouped into regions, independent geographical areas, and you choose what resigns your GCP resources are in.
  • All zones have fast network connectivity among them (under five milliseconds)

You can think of a zone as a single failure domain within a region — as part of building an application with fewer failures, you can spread your resources across multiple zones in a region. This will help protect against unexpected failures.

Environmental responsibility

The virtual world is built on physical infrastructure. Servers use tons of energy. All existing data centers use about 2 percent of all the worlds electricity, so Google works to make data centers run as efficiently as possible. (google cares about environmental stuff and wants its customers to know that)

How GCP differs from AWS: Regions and Zones

Google and AWS both use regions as a way to provide Cloud services to customers.

A difference is that Google also uses zones to provide data centers — availability zones — as a way to provide high availability.

Both have points of presence locations to help cache content closer to end users.

However, both use points of presence in different ways.

GCP uses points of presence to provide Google Cloud CDN and to deliver bolt in edge caching for services such as app engine and cloud storage.

AWS uses points of presence to provide content delivery network service, like Amazon Cloudfront.

In summary, both GCP and AWS use the term region to define a cluster of data centers and services that are pretty close to each other. Google Cloud uses points of presence to deliver built-in edge-caching for multiple services such as App Engine and Cloud Storage. AWS delivers edge-caching in a similar way.

Open APIs

GCP does not mean you are locked in. There is opportunity to run your applications elsewhere. GCP services are compatible with open source products.

Review — GCP Regions and Zones

Why might a GCP customer use resources in several zones within a region?
For improved fault tolerance. As part of building a fault-tolerant application, you can spread your resources across multiple zones in a region.

Why might a GCP customer use resources in several regions around the world?
To bring their applications closer to users around the world, and for improved fault tolerance

Multi Layered Security

Ways that google works to keep their customer data safe. This is copied from Google themself:

  • Both the server boards and the networking equipment in Google data centers are custom designed by Google. Google also designs custom chips, including a hardware security chip called Titan that’s currently being deployed on both servers and peripherals.
  • Google server machines use cryptographic signatures to make sure they are booting the correct software
  • Google designs and builds its own data centers which incorporate multiple layers of physical security protections. (access to these data centers is limited to only a very small fraction of Google employees)
  • Google’s infrastructure provides cryptographic privacy and integrity for remote procedure called data-on-the-network, which is how Google services communicate with each other.
  • The infrastructure automatically encrypts our PC traffic in transit between data centers. Google Central Identity Service, which usually manifests to end users as the Google log-in page, goes beyond asking for a simple username and password. It also intelligently challenges users for additional information based on risk factors such as whether they have logged inform the same device or a similar location in the past.
  • Users can also use second factors when signing in.
  • Google also enables hardware encryption support in hard drives and SSDs.
  • Inside Google’s infrastructure, machine intelligence and rules warn of possible incidents. Google conducts Red Team exercises, simulated attacks to improve the effectiveness of its responses. Google aggressively limits and actively monitors the activities of employees who have been granted administrative access to the infrastructure.
  • To guard against phishing attacks against Google employees, employee accounts require use of U2F compatible security keys.
  • To help ensure that code is as secure as possible Google stores its source code centrally and requires two-party review of new code.
  • Google also gives its developers libraries that keep them from introducing certain classes
  • Google also runs a vulnerability rewards program, where we pay anyone who is able to discover and inform them of bugs in our infrastructure or applications.

Billing

It’s easy to not accidentally run up a big GCP bill. You can be notified when costs approach your budget limit, create alerts, and thoroughly customize how you want to track your billing needs. You can also use Reports, a visual tool in the GCP console to help monitor your spending.

Review - End of Module 1: The basics Quiz

What are some of the fundamental characteristics of cloud computing?
- Resources are available from anywhere over the network
- Customers pay only for what they user or reserve
- Customers can scale their resource use up and down
- Computing resources available on-demand and self-service

What is a fundamental characteristic of devices in a virtualized data center?
They are manageable separately from the underlying hardware.

What type of cloud computing service lets you bind your application code to libraries that give access to the infrastructure your application needs?
Platform as a Service

What type of cloud computing service provides raw compute, storage, and network, organized in ways that are familiar from physical data centers?
Infrastructure as a Service

What is true about the zones within a region?
The zones within a region have fast network connectivity among them.

What kind of customer benefits most from billing by the second for cloud resources such as virtual machines?
Customers who create and run many virtual machines

End of module 1: additional notes & research

I wanted to get a fuller understanding of IaaS vs PaaS vs SaaS, so I found a wonderful article to help explain it. All of my information is from this article here, just rewritten in my own notes.

IaaS, PaaS, & SaaS

Cloud computing is when hardware (servers & storage) and software are delivered over the internet. This is great for scalability, cost effectiveness, immediate availability, performance, and security

There are three major types of cloud services —

Software as a Service (SaaS)

Platform as a Service (PaaS)

Infrastructure as a Service (IaaS)

Let’s compare these to transportation

On-premesis solution is like owning a car. You are responsible for all maintenance, and when you want to upgrade you need to buy the new car.

IaaS is like leasing a car. You choose the car you want, and drive it wherever you want. But this car isn’t yours. When you need an upgrade you just lease a new car.

PasS is like taking a taxi. You don’t drive the car, just tell the driver where to go and relax in the back seat.

SaaS is like taking a bus. Buses have assigned routes and you can share the ride with others

Software as a Service (SaaS)

Using a cloud based web applications

An example would be gmail — a cloud based saas service.

Usually available with a pay as you go pricing model. All software and hardware are provided and managed by the vendor, so we don’t need to install or configure anything. The application is ready to go as soon as you “login”.

Perfect for: end users

When to use
- Personal purposes (gmail, google docs)
- Business (trello, salesforce)

Why?
You have access to these applications everywhere, can be used from any device, automatic software updates, low cost, simple adoption

Cons:
- no control over the hardware that handles your data
- only the vendor can manage the parameters of the software you are using

Platform as a Service (Paas)

Cloud platforms that provide runtime environments for developing, testing, and managing applications.

An example would be Heroku

Developers can deploy applications, simple or complex, without needing infrastructure like servers, databases, operating tools, etc. Available with pay as you go model as well

Perfect for: software devs

When to use
- for software devs (testing, developing, managing apps)

Why?
Reduced development time, support for different programming languages, easy collaboration, high capabilities already built out for you

Cons:
- no control over the virtual machine that is processing your data
- less flexible that Iaas, ex. you can’t create and delete several virtual machines at a time

Infrastructure as a Service (IaaS)

Cloud service that provides basic computing infrastructure: servers, storage, networking resources. A virtual data center.

Can be used for hosting websites, analyzing big data. Clients can install and use whatever sort of operating system or tools they like on the infrastructure. Examples are AWS and GCP. Also pay for what you use

Perfect for: IT admins

When to use
- Website or application hosting (AWS)
- virtual data centers
- data analysis

Why?
No expenses on hardware infrastructure (Iaas provides servers, storage, networking resources), scalability, security & reliability (normally kept protected in data centers).

Cons:
- more expensive than SaaS or Saas, since it’s leasing hardware infrastructure
- All issues related to management of a virtual machine is your responsibility

Overall you can see:
Iaas gives you the most control but also requires extensive expertise to manage. jSass allows you to use cloud based apps without needing to manage the underlying infrastructure.

Article these notes were from — > IaaS vs PaaS vs SaaS by Gleb B

That’s it! Those are my notes on Module 1 of the GCP course. I will be adding notes for each module and can then link them below.

--

--