GCP Certification-let’s sail together.Structured Plan with sections: Networking Products.

Hi All,

Get to know the Google Cloud certifications in 1 minute | Google Cloud Blog

I here by present you a structured plan with sections as a reference for Cloud aspirants who are planning for Solutions Architect Certification.

Get the basics covered:

1. Introduction to Cloud Computing
2. Overview of different Cloud Platforms (AWS/Azure/GCP) — A good comparison Compare AWS and Azure services to Google Cloud
3. Overview of Google Cloud Platform and its available products

Get a feel of Google Cloud products: Product Cheat sheet

1. Networking Products
2. Computing Products
3. Storage Products
4. Containers
5. Developer Tools
6. Security and Identity Products

…..many more, but this should be good to get you started and keep adding through your journey.

Before getting hands-on get acquainted with

1. Google Cloud Console
2. Google Cloud shell — Command Line tool is the primary CLI tool to create and manage Google Cloud resources
3. Google Cloud Storage — gsutil to access it
4. bq command-line tool — Python-based command-line tool for BigQuery.
5. Regions and zones and Global Locations

* — — — — — — — — NETWORKING Start — — — — — — — — *

Time to Deep Dive : — —

Virtual Networks — Especially if you are not from networking background then take your time to digest these concepts. Its very important to get your base strong.

GCP’s hybrid connectivity products are Cloud VPN, Cloud Interconnect, and Peering.

Cloud VPN — securely connects your on-premises network to your GCP VPC network through an IPsec VPN tunnel. Traffic traveling between the two networks is encrypted by one VPN gateway, then decrypted by the other VPN gateway. This protects your data as it travels over the public internet, and that’s why Cloud VPN is useful for low-volume data connections.

Cloud VPN maximum transmission unit (MTU) , for your on-premises VPN gateway cannot be greater than 1460 bytes. This is because of the encryption and encapsulation of packets.

Cloud Router can manage routes for a Cloud VPN tunnel using Border Gateway Protocol, or BGP. This routing method allows for routes to be updated and exchanged without changing the tunnel configuration.

To automatically propagate network configuration changes, the VPN tunnel uses Cloud Router to establish a BGP session between the VPC and the on-premises VPN gateway, which must support BGP. The new subnets are then seamlessly advertised between networks. This means that instances in the new subnets can start sending and receiving traffic immediately.

In addition to Classic VPN, Google Cloud also offers a second type of Cloud VPN gateway, HA VPN.

HA VPN is a high availability Cloud VPN solution that lets you securely connect your on-premises network to your Virtual Private Cloud (VPC) network through an IPsec VPN connection in a single region. HA VPN provides an SLA of 99.99% service availability.

* — — — — — — — — NETWORKING continues — — — —— — — — *

1. Cloud Interconnect

a. Dedicated Interconnect — Provides Direct physical connection between your on-premises network and Google’s network.
b. Partner Interconnect — Provides connectivity between your on-premises and VPC networks through a supported service provider.

Other connection Types:

1. Direct Peering overview
2. Carrier Peering overview
3. CDN Interconnect overview

* — — — — — — — — NETWORKING continues — — — — — — — — *

Private access options for services

1. Private Service Connect — Connect to Google APIs and services using an endpoint in your VPC network. Google Cloud and on-premises resources don’t need an external IP addresses.
2. Private Google Access — Use this option to connect to Google APIs and services without giving your Google Cloud resources external IP addresses.
3. Private Google Access for on-premises hosts — Use this option to connect to Google APIs and services through a VPC network. This method doesn’t require your on-premises hosts to have external IP addresses.
4. Private services access — Use this option to connect to specific Google and third-party services without assigning external IP addresses to your Google Cloud and Google or third-party resources.
5. Serverless VPC Access — Use this option to connect from a serverless environment (Cloud Run, App Engineer with standard env and Cloud Functions) on Google Cloud directly to resources in a VPC network using internal IP addresses.

* — — — — — — — — NETWORKING continues — — — — — — — — *

Cloud Load Balancing overview — Another important and tough topic.

Cloud Load Balancing is a fully distributed, software-defined, managed service.

The internal load balancer uses Andromeda, which is GCP’s software-defined network virtualization stack, and the network load balancer uses Maglev, which is a large, distributed software system.

1. Internal HTTP(S) Load Balancing overview
2. External TCP/UDP Network Load Balancing overview
3. Internal TCP/UDP Load Balancing overview
4. SSL Proxy Load Balancing overview
5. TCP Proxy Load Balancing overview

Here is one of the best training courses to acquire Load Balancing knowledge -

Leveraging Load Balancing Options on the GCP pluralsight.com

Network endpoint groups — (NEG) is a configuration object that specifies a group of backend endpoints or services.

There are four types of NEGs:

1. Zonal
2. Internet
3. Serverless
4. Hybrid connectivity

* — — — — — — — — NETWORKING continues — — — — — — — — *

Cloud CDN — uses Google’s global edge network to serve content closer to users, which accelerates your websites and applications.

Cloud CDN works with external HTTP(S) Load Balancing to deliver content to your users. The external HTTP(S) load balancer provides the frontend IP addresses and ports that receive requests and the backends that respond to the requests.

Cloud CDN content can be sourced from various types of backends:

• Instance groups
• Zonal network endpoint groups (NEGs)
• Serverless NEGs: One or more App Engine, Cloud Run, or Cloud Functions services
• Internet NEGs for external backends
• Buckets in Cloud Storage

Cloud Armor — helps you protect your Google Cloud deployments from multiple types of threats, including distributed denial-of-service (DDoS) attacks and application attacks like cross-site scripting (XSS) and SQL injection (SQLi).

Cloud NAT — lets certain resources without external IP addresses create outbound connections to the internet.

Ref — How Google Cloud NAT works? and NAT Explained — Network Address Translation

Cloud NAT provides outgoing connectivity for the following resources:

• Compute Engine virtual machine (VM) instances without external IP addresses
• Private Google Kubernetes Engine (GKE) clusters
• Cloud Run instances through Serverless VPC Access
• Cloud Functions instances through Serverless VPC Access
• App Engine standard environment instances through Serverless VPC Access

* — — — — — — — — NETWORKING continues — — — — — — — — *

VPC overview

1. Shared VPC overview — Shared VPC allows an organization to connect resources from multiple projects to a common Virtual Private Cloud (VPC) network, so that they can communicate with each other securely and efficiently using internal IPs from that network.
2. VPC Network Peering overview — VPC Network Peering enables you to connect VPC networks so that workloads in different VPC networks can communicate internally. Traffic stays within Google’s network and doesn’t traverse the public internet.

* — — — — — — — — NETWORKING continues — — — — — — — — *

Network Service Tiers — Network Service Tiers overview

Premium Tier delivers traffic from external systems to Google Cloud resources by using Google’s low latency, highly reliable global network. This network consists of an extensive private fiber network with over 100 points of presence (PoPs) around the globe. This network is designed to tolerate multiple failures and disruptions while still delivering traffic.

Standard Tier delivers traffic from external systems to Google Cloud resources by routing it over the internet. It leverages the double redundancy of Google’s network only up to the point where Google’s data center connects to a peering PoP. Packets that leave Google’s network are delivered using the public internet and are subject to the reliability of intervening transit providers and ISPs. Standard Tier provides network quality and reliability comparable to that of other cloud providers.

* — — — — — — — — — NETWORKING End — —— — — — — — — *

FYI — Google Cloud Platform Service Level Agreements

Way to go…..let’s sail together.

* — — — — — — — — — — — Questions — — — — — — — —— — *

To make it exciting I would list some questions here, would encourage you to answer in the comments section: -

Answer : Will share in my next story “Structured plan with Computing products“

Q1. Your organization has a 3-tier web application deployed in the same Google Cloud Virtual Private Cloud (VPC). Each tier (web, API, and database) scales independently of the others. Network traffic should flow through the web to the API tier, and then on to the database tier. Traffic should not flow between the web and the database tier. How should you configure the network with minimal steps?
A. Add each tier to a different subnetwork.
B. Set up software-based firewalls on individual VMs.
C. Add tags to each tier and set up routes to allow the desired traffic flow.
D. Add tags to each tier and set up firewall rules to allow the desired traffic flow.
Q2. What are the three types of networks offered in Google Cloud?
A. IPv4 unicast network, IPv4 multicast network, IPv6 network
B. Default network, auto network, and custom network.
C. Gigabit network, 10 gigabit network, and 100 gigabit network
D. Zonal, regional, and global
Q3. When you connect two VPC networks using Google Cloud VPN, at least one of the networks needs to be a(n) _____ network.
A.Minimum
B.Custom
C.Auto
Base
Q4. Which of the following statements about expanding a CIDR block subnet in Google Cloud Platform is false?
A.You cannot shrink the primary IP range of a subnet.
B.By setting the mask prefix length to a larger number, you make more addresses available on the subnet itself.
C.If you need to expand the range of an automatically created subnet within an auto mode network, the broadest subnet mask or prefix that you can use is /16.
D.You cannot undo the expansion of the primary IP range of a subnet.
Q5. Your organization's development team has requested access to Bigtable and BigQuery for a project hosted in Google Cloud VM instances. These services do not require the VMs to have external IP addresses and they will not need one.
As the VPC network admin, what would be the best solution for configuring private API access for the services?
A.Enable Private Google Access for subnet containing the Cloud VMs.
B.Enable Serverless VPC Access for the subnet containing the Cloud VMs.
C.Enable Private Services Access for subnet containing the Cloud VMs.
D.Enable the API for the desired services in the Cloud VM, and ensure that each user has access to enable the API. Then create an API key.

* — — — — — — —— — — Questions End— — — —— — — — — — *