- A
- abstractions, Kubernetes clusters, 86–88
- acceptance testing, 190
- access controls, 40, 272–273
- ACID (atomicity, consistency, isolation, durability)
- atomicity, 114
- consistency, 114
- durability, 115
- isolation, 114–115
- AES128 encryption, 163
- AES256 encryption, 163
- agile methodologies, 246–247
- AI (artificial intelligence), 75
- alerts, Cloud Operations Suite, 183, 186
- ALTS (Application Layer Transport Security), 164
- AMD Epyc processor, confidential VMs, 78
- analytical databases, 117–120
- Anthos, 75, 90–91
- Anthos Clusters, fleet, 91
- Anthos Config Management, 92–93
- Google Cloud Deployment, 93
- Anthos Multi Cluster Ingress, 92
- Anthos Service Mesh, 91–92
- migration, 265
- Apache Airflow DAG, 97
- Apache Spark, 46
- API best practices
- collections, 248
- custom methods, 248
- resources, 248–249
- REST APIs, HTTP methods, 248
- security, 249–251
- standard methods, 248–249
- App Engine, 8, 79
- Cloud Pub/Sub and, 82
- Disable Source Code Download, 162
- high availability, 55
- PaaS (platform-as-a-service) and, 74
- runtime generation, 80
- Task Queues, 82
- use cases, 81–82
- App Engine Cron Service, 81
- App Engine Flexible, 8
- containers, 81
- Go, 80
- Java 8, 80
- .NET, 81
- Node.js, 81
- PHP 5/7, 81
- Python 2.7, 81
- Python 3.6, 81
- Ruby, 81
- runtimes, 81
- App Engine Standard, 80
- application availability, 60–61
- application design, cost considerations, 27–33
- application development methodologies
- agile methodologies, 246–247
- spiral methodologies, 245–246
- waterfall, 244–245
- Application Layer (OSI Model), 132
- architecture design debt, 248
- archival storage, 111
- ASICs (application-specific integrated circuits), 94
- asynchronous calls, 99–100
- atomicity (ACID), 114
- auditing, 167
- Cloud Audit Logs, 168
- Cloud Logging Agent, 167
- authentication, 250
- authorization, 250
- AutoML tables, 29
- autoscaling, 4, 62
- availability, 10, 41, 66
- high availability, 52
- App Engine, 55
- case studies, 55–56, 59–60
- Cloud Functions, 55
- Compute Engine, 54–55
- Kubernetes Engine, 55
- storage, 56–59
- managed services, 67
- redundancy and, 66–67
- SLAs (service-level agreements) and, 52–53
- B
- backup storage, 111
- balanced persistent disk, 76
- batch loading, BigQuery, 119
- batch processing
- Cloud Dataproc, 96
- hybrid-cloud networking and, 138
- BGP (Border Gateway Protocol), 135
- BigQuery, 3, 29, 117–119
- BigQuery Storage Write API, 119
- Bigtable, 29
- binding, 158
- blameless culture, 215
- block storage, persistent disks, 76
- Blue/Green deployment, 192
- boot images, 76
- Borg, 118
- business continuity planning, 217–218
- business processes
- change management
- methodologies, 232–233
- reasons for change, 231–232
- cost management, 235–236
- customer success management, 234–235
- stakeholder management
- influences, 228–229
- interests, 228–229
- portfolios, 230
- programs, 230
- projects, 229–230
- stages, 230–231
- team skill management, 233–234
- business requirements
- analyzing, 3–7
- Capex (capital expenditure), 6–7
- compliance, 7
- data management, 36–37
- development, accelerating, 4
- digital transformation, 7
- EHR Healthcare case study, 25–26
- governance, 7
- Helicopter Racing League case study, 26
- incident recovery, 5–6
- KPI (key performance indicator), 7
- line of business, 7
- Mountkirk Games case study, 26–27
- operating budget, 7
- operational expenses, 3–4, 7
- Opex (operational expenditures), 7
- product strategy, 24–27
- SLAs (service-level agreements), 7
- SLIs (service-level indicators), 7
- SLOs (service-level objectives), 5, 7
- systems integration
- EHR Healthcare, 33–34
- Helicopter Racing League, 34
- Mountkirk Games, 34–35
- TerramEarth, 35
- TerramEarth case study, 27
- business use cases, 24–25
- BYOL (bring your own license), 270
- sole-tenant nodes and, 76
- C
- caches, 32
- Cloud Memorystore, 121–122
- in-memory, 99
- caching, high availability, 59
- canary deployment, 191–192
- canary updates, 79
- Capacitor, 118
- Capex (capital expenditure), 3, 6–7
- capital expenditures, 3
- case studies, 11
- EHR Healthcare, 12–13, 59
- Helicopter Racing League, 13–14, 55, 59
- Mountkirk Games, 14–15, 55
- TerramEarth, 15–16, 55, 59
- CD (continuous delivery)
- deployment, 191–192
- QA (quality assurance), 189
- testing, 189–191
- CDAP, Cloud Data Fusion and, 96
- CEL (Common Expression Language), 160
- change management
- methodologies, 232–233
- Plan-Do-Study-Act, 233
- reasons for change, 231–232
- chaos engineering tools, 198, 214
- CI (continuous integration), 192–193
- CI/CD (Continuous Integration/Continuous Delivery)
- building blocks, 212–213
- business drivers, 211–212
- business-critical software, 212
- safety critical software systems, 212
- secret managers, 213
- security-critical software, 212
- version control, 212
- CIDR (Classless Inter-Domain Routing) blocks, 9, 133, 147
- Circuit Breaker pattern, upstream throttling and, 195
- client processes, stateful systems, 98
- Cloud Armor, 135
- Cloud Audit Logs, 168
- Cloud Bigtable, 120
- Cloud CDN, 145
- Cloud Composer, 29, 97
- Cloud Data Fusion, 29, 96–97
- Cloud Data Transfer, 30
- Cloud Dataflow, 96
- Cloud Datalab, 29
- Cloud Dataproc, 96
- Cloud Datastore, 121
- Cloud Deployment Manager, 29
- Cloud DNS, 145
- Cloud EKM (External Key Manager), 166
- Cloud Filestore, 57, 121
- access controls, 113
- Filestore Basic, 112
- Filestore Enterprise, 112, 113
- Filestore High Scale, 112, 113
- instances, 112
- service tiers, 112–113
- VPC Network Peering, 113
- Cloud Functions, 8, 75
- backgroud processes, 83
- code repository, 83
- events, 82–83
- Firebase databases, 83
- functions, 82–83
- high availability, 55
- images, 83
- triggers, 82–83
- Cloud HSM, 165
- Cloud IAM Conditions, 160
- Cloud Interconnect service
- Dedicated Interconnect, 140
- hybrid-cloud networking and, 140
- Partner Interconnect, 140
- Cloud KMS, 165
- Cloud Logging, 5, 187
- Cloud Logging Agent, 167
- Cloud Memorystore, 30, 59, 99
- Memchached, 122
- Redis and, 121–122
- Cloud Monitoring, 5
- alerting, 186
- dashboards, 185
- logging and, 187
- metrics, 183
- time series, 184
- Cloud Natural Language API, 29
- Cloud Operations Suite
- Cloud Pub/Sub, 29
- App Engine and, 82
- pull subscriptions, 95
- push subscriptions, 95
- Cloud Router, 135
- Cloud Run, 8, 79
- Allowed Binary Authorization Policies, 162
- containers, stateless, 84
- Cloud Source Repository, 193
- Cloud Spanner, 29, 117
- Cloud SQL, 29, 115
- MySQL and, 116
- PostgreSQL and, 116
- Restrict Public IP Access on Cloud SQL Instances, 162
- SQL Server and, 116
- Cloud Storage, 30, 57, 109, 166
- Coldline storage, 111
- DRA (Durable Reduced Availability), 111
- dual-region storage, 111
- Enforce Public Access Prevention, 162
- FUSE (Filesystem in Userspace), 110
- geo-redundant storage, 111
- lifecycle management, 122–123
- multiregion storage, 111
- namespaces, bucket names, 109
- Nearline storage, 111
- Premium network tier, 111
- Standard network tier, 111
- standard storage, 111
- use cases, 111–112
- Cloud TPU, 94
- Cloud Translation, 29
- Cloud Vision, 29
- Cloud VPN, hybrid-cloud networking and, 140
- Cloud Workflows, 96
- CloudSQL, 32
- Coldline storage, 111
- Colossus, 118
- communication plans, 231
- complete deployment, 191
- compliance, 7, 38–39, 44
- Compute Engine, 8, 67
- containers, 79, 81
- high availability
- hardware redundancy, 54
- load balancing, 55
- managed instance groups, 54–55
- migration, 54
- reginal instances, 55
- instance groups
- canary updates, 79
- instance templates, 78
- MIGs (managed instance groups), 78
- rolling updates, 79
- unmanaged instance groups, 78
- Kubernetes clusters, 79
- migration, 265
- permissions, 156
- Shielded VMS, 162
- stateful applications and, 79
- VMs (virtual machines)
- machine types, 75–76
- service accounts, 75–76
- compute requirements, 8
- compute resources, 74. See also compute services
- compute services. See also specific services
- App Engine, 8
- App Engine Flexible, 8
- Cloud Functions, 8
- Cloud Run, 8
- Compute Engine, 8
- Kubernetes Engine, 8
- confidential VMs, 78
- confidentiality, 40
- consistency (ACID), 114
- constraints, 162
- Resource Location Restrictions, 162
- containers
- App Engine Flexible, 81
- Cloud Run, 84
- Compute Engine, 79, 81
- GKE (Google Kubernetes Engine), 75
- Kubernetes container orchestration, 84–85
- continuous delivery, 4
- continuous integration, 4
- COPPA (Children's Online Privacy Protection Act), 6, 38, 173
- cost considerations, 46
- TCO (total cost of ownership), 28
- cost management, 235
- cost-benefit analysis, 208
- COTS (commercial off-the-shelf software), 207
- cross-region replica, 116
- cryptographic keys, 165
- customer success management, 234
- customer-managed encryption keys, 166
- customer-supplied keys, 165
- D
- DAGs (directed acyclic graphs), 97
- data and system migration. See migration
- data at rest, 39
- Data Catalog, 29
- data flows, 94–95
- Cloud Dataflow, 96
- Cloud Workflows, 96
- data in transit/motion, 39
- data integrity
- access controls, 40
- regulations, 39
- data lifecycle management
- caches, 32
- CloudSQL, 32
- Firestore, 32
- memorystore, 32
- object storage, 32
- time-series databases, 32
- Data Link Layer (OSI Model), 132
- data management, 44
- processing, 37
- storage time, 36
- data migration
- governance and, 268
- object storage, 268–269
- relational data, 269
- data retention, 122–123
- data security
- Cloud Storage, 166
- encryption
- AES128, 163
- AES256, 163
- DEK (data encryption key), 163
- encryption at rest, 163–164
- encryption in transit, 164
- KEK (key encryption key), 163
- key management
- Cloud EKM (External Key Manager), 166
- Cloud HSM, 165
- Cloud KMS, 165
- customer-managed encryption keys, 166
- customer-supplied keys, 165
- default encryption, 164–165
- data sets, archived, 68
- data transfer, 132
- data warehouses, 48
- databases, 48
- analytical, 117–120
- Cloud Spanner, 117
- Cloud SQL, 115–116
- distributed systems, 99
- managed databases, 58–59
- NoSQL, 8–9
- Cloud Bigtable, 120
- Cloud Datastore, 121
- Cloud Firestore, 121
- relational, 114–115
- self-managed databases, 58
- data-driven testing, 251
- Dataflow, 29
- Dataproc, 29
- datasets, BigQuery, 118–119
- DDoS (distributed denial-of-service) attacks, 135
- decryption, 132
- Dedicated Interconnect, 60, 141
- defense in depth, 39, 170
- DEK (data encryption key), 163
- delivery, continuous, 4
- deployment, 87
- Blue/Green deployment, 192
- canary deployment, 191–192
- complete deployment, 191
- rolling deployment, 191
- Deployment Manager, 97
- design
- application, 27–33
- hybrid-cloud networking, 138–139
- security
- defense in depth, 170
- least privilege, 169–170
- SoD (security of duties), 168–169
- software
- detailed design, 209
- development and testing, 209–210
- documentation, 210
- high-level design, 208–209
- maintenance, 210–211
- ORM (Object Relations Mapper), 210
- UX (user experience), 210
- developer documentation, 210
- development and operations
- API best practices
- resources, 248–249
- security, 249–251
- standard methods, 248–249
- application development methodologies
- agile methodologies, 246–247
- spiral methodologies, 245–246
- waterfall, 244–245
- data and system migration, 253–255
- Google Cloud interaction, 256–257
- technical debt, 247–248
- testing frameworks
- automated tools, 252–253
- models, 251–252
- DevOps
- managed services, 3
- release management, 188–193
- Dialogflow Essentials, 29
- digital transformation, 7, 232
- direct peering, hybrid-cloud networking and, 140
- disaster plan, 218
- disaster recovery (DR), 218–219
- distributed systems, client processes, 98
- division of labor, 189
- DNS (domain name services), 9
- documentation
- developer documentation, 210
- operations documentation, 210
- runbook, 210
- user documentation, 210
- documents, Cloud Datastore, 121
- DRA (Durable Reduced Availability), 32, 111
- Dremel, 118
- dual-region storage, 111
- durability, 10
- durability (ACID), 115
- E
- Editor role, 157
- EHR Healthcare, 12–13
- business requirements, 25–26
- regulations and, 46
- systems integration, 33–34
- encryption, 132
- AES128, 163
- AES256, 163
- cryptographic keys, 165
- DEK (data encryption key), 163
- encryption at rest, 163–164
- encryption in transit, 164
- Google Front End, 164
- KEK (key encryption key), 163
- TLS (Transport Layer Security), 164
- environment debt, 248
- Envoy proxy, 86
- ETL (extraction, transformation, and load), Cloud Data Fusion and, 96
- events, Cloud Functions, 82–83
- exam objectives, 2–3
- expenses, operational, reducing, 3–4
- F
- false alerts, 186
- filesystems, 110
- Firestore, 32
- firewalls, 9
- Cloud Armor, 135
- RDP (Remote Desktop Protocol), 134
- rules, 9, 146
- attributes, 135
- default-allow-icmp, 134
- default-allow-internal, 134
- default-allow-rdp, 134
- default-allow-ssh, 134
- WAF (web application firewall), 135
- functional technical requirements, 8–10
- FUSE (Filesystem in Userspace), 110
- G
- garbage collection, 187
- gated egress and ingress topology, 139
- gated egress topology, 139
- gated ingress topology, 139
- gcs mount point, 110
- GDPR (General Data Protection Regulation), 6, 38, 172
- geo-redundant storage, 111
- GitHub, 193
- GKE (Google Kubernetes Engine), 84–85
- clusters, 55
- abstractions, 86–88
- infrastructure, 85–86
- types, 88–89
- workload, 86–88
- containers, 75
- Ingress Controller, 87
- Kubernetes cluster management, 84–85
- Kubernetes container orchestration, 84–85
- networking
- load balancing, 90
- service networking, 89–90
- node affinity, 87
- node labels, 87
- node pools, 87
- nodeSelector, 87
- PersistentVolumes, 87
- pod specification, 87
- pods, 86–87
- use cases, 90
- GLBA (Gram-Leach-Bliley Act), 38
- global load balancing
- HTTP(S) load balancer, 144
- SSL Proxy load balancer, 144
- TCP Proxy Load Balancing, 145
- Google Cloud, emulators, 257
- Google Cloud Build, 193
- Google Cloud Deployment, Anthos Config Management, 93
- Google Cloud interaction, 256–257
- Google Cloud Key Management Service, 76
- Google Cloud Professional Architect exam, 2
- Google Cloud SDK, 256
- Google Cloud Shell, 256
- Google Front End, 164
- governance, 7
- Grafana, 188
- GUIDs (globally unique identifiers), 109
- H
- handover topology, 139
- HBase API, Cloud Bigtable, 120
- headers, 250
- Helicopter Racing League, 13–14
- business requirements, 26
- systems integration, 34
- high availability
- App Engine, 55
- application availability, 60–61
- case studies, 55–56, 59–60
- Cloud Functions, 55
- Compute Engine, 54–55
- Kubernetes Engine, 55
- network availability, 60
- storage, 56–60
- high-level objectives, 24
- HIPAA (Health Insurance Portability and Accountability Act), 6, 38
- HIPAA/HITECH, 171–172
- HTTP(S) load balancer, 144
- hybrid testing, 252
- hybrid-cloud networking, 138, 147
- design, 138–139
- implementing, 139
- Cloud Interconnect service, 140
- Cloud VPN, 140
- direct peering, 141
- multicloud network, 138
- reliability, 139
- I
- IaC (infrastructure-as-code), migration and, 265
- IAM (Identity and Access Management), 154, 174
- best practices, 160–161
- Cloud IAM Conditions, 160
- Cloud Identity, 155
- G Suite domains, 154
- Google accounts, 155
- Google Groups, 155
- IAP (Identity-Aware Proxy), 161
- identities, 154–155
- members, 154–155
- permissions, 156
- policies, 158–159
- resources, 155–156
- roles, 156
- basic roles, 157–158
- custom, 158
- predefined, 157
- primitive roles, 157–158
- Workload Identity Federation, 161
- IAM Disable Cross-Project Service Account Usage, 162
- IAM roles
- BigQuery, 118–119
- Cloud Filestore, 113
- IAP (Identity-Aware Proxy), 161
- IETF (Internet Engineering Tasks Force), 134
- incident management, 198
- incident recovery, 3, 5–6, 68
- information security, 39–41
- in-memory cache, 99
- instance groups
- canary updates, 79
- instance templates, 78
- MIGs (managed instance groups), 78
- rolling updates, 79
- unmanaged instance groups, 78
- instance templates, 78
- instances
- boot images, 76
- Cloud Filestore, 112
- volatile instances, 99
- integration, continuous, 4
- integration testing, 190, 197
- integrity monitoring, shielded VMs, 77
- Internal TCP/UDP load balancer, 143–144
- IOPS (IO operations per second), 64
- IP addressing, 9
- CIDR (Classless Inter-Domain Routing) notation, 133
- IETF (Internet Engineering Tasks Force), 134
- IPv4, 133
- IPv6, 133
- NAT (network address translation), 134
- private, 134
- public, 134
- subnet masks, 133
- IP protocol, 132
- isolation (ACID), 114–115
- ITIL (Information Technology Infrastructure Library), 173–174
- ITIL Enterprise, 216–217
- J
- Java, App Engine Standard, 80
- Java 8, App Engine Flexible, 80
- Jenkins, 193
- Jupiter, 118
- JWT (JSON Web Tokens), 250
- K
- K8s. See GKE (Google Kubernetes Engine)
- KEK (key encryption key), 163
- key management
- Cloud EKM (External Key Manager), 166
- Cloud HSM, 165
- Cloud KMS, 165
- customer-managed encryption keys, 166
- customer-supplied keys, 165
- default encryption, 164–165
- keyword-driven testing, 252
- KPIs (key performance indicators), 7, 43, 44
- migration and, 46
- operations KPI, 42
- project KPIs, 41–42
- ROI (return on investment), 42
- Kubernetes clusters, 79
- Kubernetes Engine, 8, 55, 67, 79. See GKE (Google Kubernetes Engine)
- GKE clusters, 55
- node pools, 63
- pods, 63
- L
- latency, 45
- least privilege, 169–170
- lifecycle management, 122–123
- lift and shift, 4
- line of business, 7
- LLC (Logical Link Control), 132
- load balancing, 147
- GKE, 90
- global
- HTTP(S) load balancer, 144
- SSL Proxy load balancer, 144
- TCP Proxy Load Balancing, 145
- regional
- Internal TCP/UDP load balancer, 143–144
- Network TCP/UDP load balancer, 143
- load testing, 190–191
- LoadBalancer (GKE), 89
- Log Analytics, 187
- logging, Cloud Logging, 187
- M
- MAC (Media Access Control), 132
- managed databases, 58–59
- managed services, 3, 28–30, 43, 49
- availability and, 67
- DRA (Durable Reduced Availability), 32
- Premium Tier networking, 31
- Pub/Sub, 31–32
- Pub/Sub Lite, 31–32
- reduced levels, 30–32
- scalability and, 67
- Standard Tier networking, 31
- VM (virtual machine), preemptible VMs, 30–31
- marketing and sales, 234
- Memchached, Cloud Memorystore, 122
- memorystore, 32
- meshed topology, 139
- metered model of migration, 270
- methodologies, 244
- microservice architecture, 4, 49
- Migrate for Anthos, 265
- Migrate for Compute Engine, 265
- migration, 253–255
- assessment phase, 265
- cloud migrations, 253
- cloud services integration, 264–266
- data migration, 268–269
- Database Migration Service, 255
- deployment phase, 265
- Google Transfer Service, 254, 255
- gsutil, 255
- KPIs and, 46
- lift and shift, 4
- management planning, 271–273
- network planning, 271–273
- planning phase, 265
- replatforming, 253–254
- repurchasing, 254
- retaining, 254
- retirement, 254
- rip and replace, 4
- software license mapping, 269–270
- systems migration, 266–269
- third-party vendors, 255
- transfers, 254
- MIGs (managed instance groups), 78
- canary updates, 79
- instance templates, 78
- rolling updates, 79
- unmanaged instance groups, 78
- mirrored topology, 139
- ML (machine learning), 75
- model-based testing, 252
- modularity-driven testing, 251–252
- monitoring
- Cloud Operations Suite, 183–185
- Prometheus, 188
- monolithic applications, microservice architecture, 4
- Mountkirk Games, 14–15
- business requirements, 26–27
- systems integration, 34–35
- multicloud network, 138
- multiregion storage, 111
- MySQL, Cloud SQL and, 116
- N
- namespaces, Cloud Storage, 109
- NAT (network address translation), 134
- Nearline storage, 111
- .NET, App Engine Flexible, 81
- network availability
- Dedicated Interconnect, 60
- Partner Interconnect, 60
- Premium Network Tier, 60
- redundant network connections, 60
- Standard Network Tier, 60
- network latency, 123–124
- Network Layer (OSI Model), 132
- Network TCP/UDP load balancer, 143
- networking. See also VPCs (virtual private clouds)
- access controls, 272–273
- Cloud CDN, 145
- Cloud DNS, 145
- Compute Instance Admin, 272
- connectivity, 273
- data transfer, 132
- decryption, 132
- encryption, 132
- firewall rules, 134–135
- firewalls
- Cloud Armor, 135
- WAF (web application firewall), 135
- GKE
- load balancing, 90
- service networking, 89–90
- hybrid-cloud networking, 138, 147
- design, 138–139
- implementing, 139–141
- multicloud network, 138
- IP addressing
- CIDR (Classless Inter-Domain Routing) notation, 133
- IPv4, 133
- IPv6, 133
- private, 134
- public, 134
- subnet masks, 133
- IP protocol, 132
- LLC (Logical Link Control), 132
- load balancing, 147
- global, 144–145
- regional, 143–144
- MAC (Media Access Control), 132
- Network Admin, 272
- Network Viewer, 272
- OSI model, 132
- peering, VPCs and, 137–138
- Premium Tier, 31
- Private Google Access, 142
- Private Google Access for On-premises Hosts, 142
- Private Service Access, 142
- Private Service Connect for Google APIs, 141
- Private Service Connect for Google APIs with Consumer HTTP(S), 142
- Private Service Connect for Published Services, 142
- requirements
- VPCs (virtual private clouds), 9
- VPNs (virtual private networks), 9
- scalability, 64
- scaling, 273
- Security Admin, 272
- Serverless VPC Access, 142
- Service Directory, 145
- service-centric, 141–142, 147
- Standard Tier, 31
- TCP (Transmission Control Protocol), 132
- TLS (Transport Layer Security), 132
- topologies
- gated egress, 139
- gated egress and ingress, 139
- gated ingress, 139
- handover, 139
- meshed, 139
- mirrored, 139
- UDP (User Datagram Protocol), 132
- VPCs (virtual private clouds), 271–272
- network peering, 137–138
- shared, 137
- subnets, 136
- VPNs (virtual private networks), 271–272
- Node.js
- App Engine Flexible, 81
- App Engine Standard, 80
- NodePort ServiceType (GKE), 89
- nonfunctional requirements, 10
- availability, 10
- durability, 10
- observability, 10
- reliability, 10
- scalability, 10
- NoSQL databases, 8–9
- Cloud Bigtable, 120
- Cloud Datastore, 121
- Cloud Firestore, 121
- notifications, Cloud Monitoring, 186
- O
- object storage, 32
- observability, 10
- operating budget, 7
- operational expenses, 7
- operations documentation, 210
- operations KPI, 42
- Opex (operational expenditures), 7
- OSI (Open Systems Interconnection) Network model
- Layer 1 (Physical), 132
- Layer 2 (Data Link), 132
- Layer 3 (Network), 132
- Layer 4 (Transport), 132
- Layer 5 (Session), 132
- Layer 6 (Presentation), 132
- Layer 7 (Application), 132
- OWASP (Open Web Application Security Project), 135
- Owner role, 157
- P
- PaaS (platform-as-a-service)
- App Engine and, 74
- App Engine Standard, 80
- Partner Interconnect, 60, 141
- pay-as-you-go model of migration, 270
- payload, 250
- PCI (Payment Card Industry Data Standard), 6
- PCI DSS (Payment Card Industry Data Security Standard), 38
- PDs (persistent disks), 57
- penetration testing, 167
- permissions, 174
- persistent disks
- balanced persistent disk, 76
- block storage, 76
- SDD persistent disk, 76
- standard persistent disk, 76
- PersistentVolumes (GKE), 87
- PHP, App Engine Standard, 80
- PHP 5/7, App Engine Flexible, 81
- Physical Layer (OSI Model), 132
- pipelines, 94–95
- Plan-Do-Study-Act methodology, 233
- pods
- TPUs (Tensor Processing Units), 94
- points of presence, 124
- policies
- bindings, 158
- Cloud Monitoring, 186
- portfolios, 230
- POSIX, Cloud Filestore, 113
- PostgreSQL, Cloud SQL and, 116
- post-mortem analysis, 198
- incident post-mortems
- blameless culture, 215
- major incidents, 215
- minor incidents, 214–215
- timeline of events, 215
- project post-mortems, 215–216
- preemptible VMs, 3–4, 30–31, 77
- Preium network tier, 111
- Premium Network Tier, 60
- Premium Tier networking, 31
- preprocessing scripts, 45
- Presentation Layer (OSI Model), 132
- principle of least privilege, 39
- privacy regulations, 38–39
- Private Google Access, 142
- Private Google Access for On-premises Hosts, 142
- private IP addressing, 134
- Private Service Access, 142
- Private Service Connect for Google APIs, 141
- Private Service Connect for Google APIs with Consumer HTTP(S), 142
- Private Service Connect for Published Services, 142
- product strategy, business requirements, 24–27
- professional services, 234
- programs, 230
- project KPIs, 41–42
- projects, 229–230
- Prometheus, 188
- public IP addressing, 134
- Pub/Sub, 31–32
- Pub/Sub Lite, 4, 31–32
- pull subscriptions, Cloud Pub/Sub, 95
- push subscriptions, Cloud Pub/Sub, 95
- Python, App Engine Standard, 80
- Python 2.7, App Engine Flexible, 81
- Python 3.6, App Engine Flexible, 81
- Q
- QUIC (Quick UDP Internet Connections), 164
- R
- RDP (Remote Desktop Protocol), 134
- read replicas, 116
- Recommendations AI, 29
- recommenders, VMs, 78
- recovery. See also incident recovery
- recovery plan, 218
- Redis, Cloud Memorystore and, 121–122
- redundancy, availability, 66–67
- redundant network connections, 60
- regional load balancing
- Internal TCP/UDP load balancer, 143–144
- Network TCP/UDP load balancer, 143
- regression testing, 197
- regulations, 44
- compliance, 3, 6–7
- COPPA (Children's Online Privacy Protection Act), 6, 38, 173
- data integrity, 39
- EHR system and, 46
- GDPR (General Data Protection Regulation), 6, 38, 172
- GLBA (Gram-Leach-Bliley Act), 38
- HIPAA (Health Insurance Portability and Accountability Act), 6, 38
- HIPAA/HITECH, 171–172
- PCI (Payment Card Industry Data Standard), 6
- PCI DSS (Payment Card Industry Data Security Standard), 38
- privacy, 38–39
- SOX (Sarbanes-Oxley Act), 6, 38, 172–173
- relational data, migration and, 269
- relational databases
- ACID (atomicity, consistency, isolation, durability)
- atomicity, 114
- consistency, 114
- durability, 115
- isolation, 114–115
- release management, 188
- CD (continuous delivery)
- deployment, 191–192
- QA (quality assurance), 189
- testing, 189–191
- CI (continuous integration), 192–193
- reliability, 10, 66, 182
- Cloud Operations Suite, 182
- engineering, 65–66
- hybrid-cloud networking, 139
- measuring, 65
- release management, 188–189
- CD (continuous delivery), 189–192
- CI (continuous integration), 192–193
- systems reliability
- cascading failures, 196–197
- incident management, 198
- overload and, 193–194
- post-mortem analysis, 198
- quality of service, degrading, 194–195
- testing, 197–198
- upstream throttling, 195
- reliability stress testing, 197–198
- ReplicaSet, 87
- Resource Location Restrictions, 162
- RESTful APIs, integration testing, 190
- rip and replace, 4
- ROI (return on investment), 42, 43, 208
- roles, 156, 174
- basic roles
- Editor role, 157
- Owner role, 157
- Viewer role, 157
- custom roles, 158
- identities, 156–157
- predefined, 157
- primitive roles, 157–158
- rolling deployment, 191
- rolling updates, 79
- routers, 132
- RTO (recovery time objectives), 218
- Ruby
- App Engine Flexible, 81
- App Engine Standard, 80
- runbook, 210
- S
- SaaS (software as a service), VPC network peering and, 137–138
- scalability, 10, 66
- App Engine, 61
- autoscale, 61, 62
- Cloud Function, 61
- Compute Engine, 62–63
- Kubernetes, 61
- Kubernetes Engine, 63–64
- managed services, 67
- network design, 64
- NoSQL databases, 61
- regional persistent disks, 64
- relational databases, 61
- scaling down, 62
- scaling in, 62
- scaling out, 62
- scaling up, 62
- stabilization period, 62
- storage resources, 64
- trailing time window, 63
- unmanaged instance groups, 62
- vertical scaling, 248
- VMs, 61, 62
- Secret Manager, 213
- secure boot, shielded VMs, 77
- Secure Encrypted Virtualization, 78
- security, 44. See also information security
- API
- authentication, 250
- authorization, 250
- resource limiting, 250–251
- auditing, 167–168
- data changes, 46
- ITIL (Information Technology Infrastructure Library), 173–174
- penetration testing, 167
- security design
- defense in depth, 170
- least privilege, 169–170
- SoD (security of duties), 168–169
- self-managed databases, 58
- Serverless VPC Access, 142
- service accounts, VMs, 76
- Service Directory, 145
- service networking (GKE), 89–90
- service-centric networking, 147
- Private Google Access, 142
- Private Google Access for On-premises Hosts, 142
- Private Service Access, 142
- Private Service Connect for Google APIs, 141
- Private Service Connect for Google APIs with Consumer HTTP(S), 142
- Private Service Connect for Published Services, 142
- Serverless VPC Access, 142
- service-level objectives, 3
- Session Layer (OSI Model), 132
- Shared VPC, 137
- shielded VMs, 77
- signature, 250
- Simian Army, 198
- SLAs (service-level agreements), 7
- SLIs (service-level indicators), 5, 7
- SLOs (service-level objectives), 5, 7
- SoD (security of duties), 168–169
- software development
- analysis, 206–207
- cost-benefit analysis, 208
- COTS (commercial off-the-shelf software), 207
- options, 207–208
- ROI (return on investment), 208
- scoping, 207
- business requirements and, 3
- design
- detailed design, 209
- development and testing, 209–210
- documentation, 210
- high-level design, 208–209
- maintenance, 210–211
- ORM (Object Relations Mapper), 210
- UX (user experience), 210
- documentation, 210
- maintenance, 210–211
- software license mapping, 269–270
- sole-tenancy, VMs, 76–77
- SOX (Sarbanes-Oxley Act), 6, 38, 172–173
- spiral methodologies, 245–246
- spot VMs, 77
- Spot VMs, 31
- SQL Server, Cloud SQL and, 116
- SSD persistent disk, 76
- SSL Proxy load balancer, 144
- SSL/TLS traffic, SSL Proxy load balancer, 144
- Stackdriver, 183
- stakeholder management
- communication plans, 231
- influences, 228–229
- interests, 228–229
- portfolios, 230
- programs, 230
- projects, 229–230
- stages, 230–231
- stakeholders, 228
- Standard network tier, 111
- Standard Network Tier, 60
- standard persistent disk, 76
- standard storage, 111
- Standard Tier networking, 31
- state, distributed systems
- client processes, 98
- Cloud Memorystore, 99
- databases, 99
- in-memory cache, 99
- persistent, 98–99
- volatile instances, 98–99
- storage
- archival, 111
- backup, 111
- high availability
- availability versus durability, 57
- caching, 59
- case studies, 59–60
- Cloud Filestore, 57
- Cloud Storage, 57
- databases, 58–59
- PDs (persistent disks), 57
- scalability, 63
- service overview, 108
- streaming data, BigQuery, 119
- subnets, 9
- VPCs (virtual private clouds), 136, 147
- synchronous calls, 99–100
- system testing, 197
- systems integration
- EHR Healthcare, 33–34
- Helicopter Racing League, 34
- Mountkirk Games, 34–35
- TerramEarth, 35
- systems reliability
- cascading failures, 196–197
- incident management, 198
- overload and, 193–194
- post-mortem analysis, 198
- quality of service, degrading, 194–195
- testing
- integration tests, 197
- regression tests, 197
- reliability stress tests, 197–198
- system tests, 197
- unit tests, 197
- T
- tablets, Bigtable, 120
- target pool, 143
- TCO (total cost of ownership), 28, 43
- TCP (Transmission Control Protocol), 132
- TCP Proxy Load Balancing, 145
- team skill management, 233–234
- technical debt, 247–248
- technical processes
- business continuity planning, 217–218
- CI/CD
- building blocks, 212–213
- business drivers, 211–212
- disaster recovery, 218–219
- ITIL Enterprise, 216–217
- post-mortem analysis
- incident post-mortems, 214–215
- project post-mortems, 215–216
- software development
- analysis, 206–208
- design, 208–210
- documentation, 210
- maintenance, 210–211
- technical requirements, functional requirements, 8–10
- Terraform, 97
- TerramEarth, systems integration, 35
- TerramEarth case study, 15–16
- business requirements, 27
- test-driven development, 252
- testing
- acceptance testing, 190
- chaos engineering tools, 198
- integration testing, 190
- integration tests, 197
- load testing, 190–191
- regression testing, 197
- reliability stress tests, 197–198
- system tests, 197
- unit testing, 190
- unit tests, 197
- testing frameworks
- automated tools, 252–253
- data-driven testing, 251
- hybrid testing, 252
- keyword-driven testing, 252
- model-based testing, 252
- models, 251–252
- modularity-driven testing, 251–252
- test-driven development, 252
- thrashing, 196–197
- time-series databases, 32, 45
- TLS (Transport Layer Security), 132, 164
- topologies
- gated egress, 139
- gated egress and ingress, 139
- gated ingress, 139
- handover, 139
- meshed, 139
- mirrored, 139
- TPUs (Tensor Processing Units), 94
- trailing time window, 63
- training and support, 234
- Transport Layer (OSI Model), 132
- tripping the circuit breaker, 195
- trust boundaries, 160
- U
- UDP (User Datagram Protocol), 132
- unit testing, 190, 197
- unmanaged instance groups, 78
- use cases, business use cases, 24–27
- user documentation, 210
- V
- version control, 212
- Vertext AI, 94
- vertical scaling, 248
- Viewer role, 157
- virtualization, Secure Encrypted Virtualization, 78
- visualization, Grafana, 188
- VMs (virtual machines)
- confidential, 78
- persistent disks, 76
- preemptible VMs, 3–4, 30–31, 77
- recommenders, 78
- scalability, 62
- service accounts, 76
- shielded, 77
- sole-tenancy, 76–77
- spot VMs, 77
- Spot VMs, 31
- volatile instances, 99
- VPCs (virtual private clouds), 9, 146, 271–272
- network peering, 137–138
- Network Peering, Cloud Filestore, 113
- peering, 9
- shared, 137, 146
- subnets, 136, 147
- VPNs (virtual private networks), 9, 271–272
- vTPM (virtual trusted platform module), shielded VMs, 77
- W–Z
- WAF (web application firewall), 135
- waterfall methodologies, 244–245
- Workload Identity Federation, 161
..................Content has been hidden....................
You can't read the all page of ebook, please click
here login for view all page.