Index

  • A
  • abstractions, Kubernetes clusters, 86–88
  • acceptance testing, 190
  • access controls, 40, 272–273
    • Cloud Filestore, 113
  • ACID (atomicity, consistency, isolation, durability)
    • atomicity, 114
    • consistency, 114
    • durability, 115
    • isolation, 114–115
  • AES128 encryption, 163
  • AES256 encryption, 163
  • agile methodologies, 246–247
  • AI (artificial intelligence), 75
    • Vertex AI, 94
  • alerts, Cloud Operations Suite, 183, 186
  • ALTS (Application Layer Transport Security), 164
  • AMD Epyc processor, confidential VMs, 78
  • analytical databases, 117–120
  • Anthos, 75, 90–91
    • Anthos Clusters, fleet, 91
    • Anthos Config Management, 92–93
      • Google Cloud Deployment, 93
    • Anthos Multi Cluster Ingress, 92
    • Anthos Service Mesh, 91–92
    • migration, 265
  • Apache Airflow DAG, 97
  • Apache Spark, 46
  • API best practices
    • collections, 248
    • custom methods, 248
    • resources, 248–249
    • REST APIs, HTTP methods, 248
    • security, 249–251
    • standard methods, 248–249
  • App Engine, 8, 79
    • Cloud Pub/Sub and, 82
    • Disable Source Code Download, 162
    • high availability, 55
    • PaaS (platform-as-a-service) and, 74
    • runtime generation, 80
    • Task Queues, 82
    • use cases, 81–82
  • App Engine Cron Service, 81
  • App Engine Flexible, 8
    • containers, 81
    • Go, 80
    • Java 8, 80
    • .NET, 81
    • Node.js, 81
    • PHP 5/7, 81
    • Python 2.7, 81
    • Python 3.6, 81
    • Ruby, 81
    • runtimes, 81
  • App Engine Standard, 80
  • application availability, 60–61
  • application design, cost considerations, 27–33
  • application development methodologies
    • agile methodologies, 246–247
    • spiral methodologies, 245–246
    • waterfall, 244–245
  • Application Layer (OSI Model), 132
  • architecture design debt, 248
  • archival storage, 111
  • ASICs (application-specific integrated circuits), 94
  • asynchronous calls, 99–100
  • atomicity (ACID), 114
  • auditing, 167
    • Cloud Audit Logs, 168
    • Cloud Logging Agent, 167
  • authentication, 250
  • authorization, 250
  • AutoML tables, 29
  • autoscaling, 4, 62
  • availability, 10, 41, 66
    • high availability, 52
      • App Engine, 55
      • case studies, 55–56, 59–60
      • Cloud Functions, 55
      • Compute Engine, 54–55
      • Kubernetes Engine, 55
      • storage, 56–59
    • managed services, 67
    • redundancy and, 66–67
    • SLAs (service-level agreements) and, 52–53
  • B
  • backup storage, 111
  • balanced persistent disk, 76
  • batch loading, BigQuery, 119
  • batch processing
    • Cloud Dataproc, 96
    • hybrid-cloud networking and, 138
  • BGP (Border Gateway Protocol), 135
  • BigQuery, 3, 29, 117–119
  • BigQuery Storage Write API, 119
  • Bigtable, 29
  • binding, 158
  • blameless culture, 215
  • block storage, persistent disks, 76
  • Blue/Green deployment, 192
  • boot images, 76
  • Borg, 118
  • business continuity planning, 217–218
  • business processes
    • change management
      • methodologies, 232–233
      • reasons for change, 231–232
    • cost management, 235–236
    • customer success management, 234–235
    • stakeholder management
      • influences, 228–229
      • interests, 228–229
      • portfolios, 230
      • programs, 230
      • projects, 229–230
      • stages, 230–231
    • team skill management, 233–234
  • business requirements
    • analyzing, 3–7
    • Capex (capital expenditure), 6–7
    • compliance, 7
    • data management, 36–37
    • development, accelerating, 4
    • digital transformation, 7
    • EHR Healthcare case study, 25–26
    • governance, 7
    • Helicopter Racing League case study, 26
    • incident recovery, 5–6
    • KPI (key performance indicator), 7
    • line of business, 7
    • Mountkirk Games case study, 26–27
    • operating budget, 7
    • operational expenses, 3–4, 7
    • Opex (operational expenditures), 7
    • product strategy, 24–27
    • SLAs (service-level agreements), 7
    • SLIs (service-level indicators), 7
    • SLOs (service-level objectives), 5, 7
    • systems integration
      • EHR Healthcare, 33–34
      • Helicopter Racing League, 34
      • Mountkirk Games, 34–35
      • TerramEarth, 35
    • TerramEarth case study, 27
  • business use cases, 24–25
  • BYOL (bring your own license), 270
    • sole-tenant nodes and, 76
  • C
  • caches, 32
    • Cloud Memorystore, 121–122
    • in-memory, 99
  • caching, high availability, 59
  • canary deployment, 191–192
  • canary updates, 79
  • Capacitor, 118
  • Capex (capital expenditure), 3, 6–7
  • capital expenditures, 3
  • case studies, 11
    • EHR Healthcare, 12–13, 59
    • Helicopter Racing League, 13–14, 55, 59
    • Mountkirk Games, 14–15, 55
    • TerramEarth, 15–16, 55, 59
  • CD (continuous delivery)
    • deployment, 191–192
    • QA (quality assurance), 189
    • testing, 189–191
  • CDAP, Cloud Data Fusion and, 96
  • CEL (Common Expression Language), 160
  • change management
    • methodologies, 232–233
    • Plan-Do-Study-Act, 233
    • reasons for change, 231–232
  • chaos engineering tools, 198, 214
  • CI (continuous integration), 192–193
  • CI/CD (Continuous Integration/Continuous Delivery)
    • building blocks, 212–213
    • business drivers, 211–212
    • business-critical software, 212
    • safety critical software systems, 212
    • secret managers, 213
    • security-critical software, 212
    • version control, 212
  • CIDR (Classless Inter-Domain Routing) blocks, 9, 133, 147
  • Circuit Breaker pattern, upstream throttling and, 195
  • client processes, stateful systems, 98
  • Cloud Armor, 135
  • Cloud Audit Logs, 168
  • Cloud Bigtable, 120
  • Cloud CDN, 145
  • Cloud Composer, 29, 97
  • Cloud Data Fusion, 29, 96–97
  • Cloud Data Transfer, 30
  • Cloud Dataflow, 96
    • BigQuery and, 119
  • Cloud Datalab, 29
  • Cloud Dataproc, 96
  • Cloud Datastore, 121
  • Cloud Deployment Manager, 29
  • Cloud DNS, 145
  • Cloud EKM (External Key Manager), 166
  • Cloud Filestore, 57, 121
    • access controls, 113
    • Filestore Basic, 112
    • Filestore Enterprise, 112, 113
    • Filestore High Scale, 112, 113
    • instances, 112
    • service tiers, 112–113
    • VPC Network Peering, 113
  • Cloud Functions, 8, 75
    • backgroud processes, 83
    • code repository, 83
    • events, 82–83
    • Firebase databases, 83
    • functions, 82–83
    • high availability, 55
    • images, 83
    • triggers, 82–83
  • Cloud HSM, 165
  • Cloud IAM Conditions, 160
  • Cloud Interconnect service
    • Dedicated Interconnect, 140
    • hybrid-cloud networking and, 140
    • Partner Interconnect, 140
  • Cloud KMS, 165
  • Cloud Logging, 5, 187
  • Cloud Logging Agent, 167
  • Cloud Memorystore, 30, 59, 99
    • Memchached, 122
    • Redis and, 121–122
  • Cloud Monitoring, 5
    • alerting, 186
    • dashboards, 185
    • logging and, 187
    • metrics, 183
    • time series, 184
  • Cloud Natural Language API, 29
  • Cloud Operations Suite
  • Cloud Pub/Sub, 29
    • App Engine and, 82
    • pull subscriptions, 95
    • push subscriptions, 95
  • Cloud Router, 135
  • Cloud Run, 8, 79
    • Allowed Binary Authorization Policies, 162
    • containers, stateless, 84
  • Cloud Source Repository, 193
  • Cloud Spanner, 29, 117
  • Cloud SQL, 29, 115
    • MySQL and, 116
    • PostgreSQL and, 116
    • Restrict Public IP Access on Cloud SQL Instances, 162
    • SQL Server and, 116
  • Cloud Storage, 30, 57, 109, 166
    • Coldline storage, 111
    • DRA (Durable Reduced Availability), 111
    • dual-region storage, 111
    • Enforce Public Access Prevention, 162
    • FUSE (Filesystem in Userspace), 110
    • geo-redundant storage, 111
    • lifecycle management, 122–123
    • multiregion storage, 111
    • namespaces, bucket names, 109
    • Nearline storage, 111
    • Premium network tier, 111
    • Standard network tier, 111
    • standard storage, 111
    • use cases, 111–112
  • Cloud TPU, 94
  • Cloud Translation, 29
  • Cloud Vision, 29
  • Cloud VPN, hybrid-cloud networking and, 140
  • Cloud Workflows, 96
  • CloudSQL, 32
  • Coldline storage, 111
  • Colossus, 118
  • communication plans, 231
  • complete deployment, 191
  • compliance, 7, 38–39, 44
  • Compute Engine, 8, 67
    • containers, 79, 81
    • high availability
      • hardware redundancy, 54
      • load balancing, 55
      • managed instance groups, 54–55
      • migration, 54
      • reginal instances, 55
    • instance groups
      • canary updates, 79
      • instance templates, 78
      • MIGs (managed instance groups), 78
      • rolling updates, 79
      • unmanaged instance groups, 78
    • Kubernetes clusters, 79
    • migration, 265
    • permissions, 156
    • Shielded VMS, 162
    • stateful applications and, 79
    • VMs (virtual machines)
      • machine types, 75–76
      • service accounts, 75–76
  • compute requirements, 8
  • compute resources, 74. See also compute services
  • compute services. See also specific services
    • App Engine, 8
    • App Engine Flexible, 8
    • Cloud Functions, 8
    • Cloud Run, 8
    • Compute Engine, 8
    • Kubernetes Engine, 8
  • confidential VMs, 78
  • confidentiality, 40
  • consistency (ACID), 114
  • constraints, 162
    • Resource Location Restrictions, 162
  • containers
    • App Engine Flexible, 81
    • Cloud Run, 84
    • Compute Engine, 79, 81
    • GKE (Google Kubernetes Engine), 75
      • Kubernetes container orchestration, 84–85
  • continuous delivery, 4
  • continuous integration, 4
  • COPPA (Children's Online Privacy Protection Act), 6, 38, 173
  • cost considerations, 46
    • TCO (total cost of ownership), 28
  • cost management, 235
  • cost-benefit analysis, 208
  • COTS (commercial off-the-shelf software), 207
  • cross-region replica, 116
  • cryptographic keys, 165
  • customer success management, 234
  • customer-managed encryption keys, 166
  • customer-supplied keys, 165
  • D
  • DAGs (directed acyclic graphs), 97
    • Apache Airflow DAG, 97
  • data and system migration. See migration
  • data at rest, 39
  • Data Catalog, 29
  • data flows, 94–95
    • Cloud Dataflow, 96
    • Cloud Workflows, 96
  • data in transit/motion, 39
  • data integrity
    • access controls, 40
    • regulations, 39
  • data lifecycle management
    • caches, 32
    • CloudSQL, 32
    • Firestore, 32
    • memorystore, 32
    • object storage, 32
    • time-series databases, 32
  • Data Link Layer (OSI Model), 132
  • data management, 44
    • processing, 37
    • storage time, 36
  • data migration
    • governance and, 268
    • object storage, 268–269
    • relational data, 269
  • data retention, 122–123
  • data security
    • Cloud Storage, 166
    • encryption
      • AES128, 163
      • AES256, 163
      • DEK (data encryption key), 163
      • encryption at rest, 163–164
      • encryption in transit, 164
      • KEK (key encryption key), 163
    • key management
      • Cloud EKM (External Key Manager), 166
      • Cloud HSM, 165
      • Cloud KMS, 165
      • customer-managed encryption keys, 166
      • customer-supplied keys, 165
      • default encryption, 164–165
  • data sets, archived, 68
  • data transfer, 132
  • data warehouses, 48
  • databases, 48
    • analytical, 117–120
    • Cloud Spanner, 117
    • Cloud SQL, 115–116
    • distributed systems, 99
    • managed databases, 58–59
    • NoSQL, 8–9
      • Cloud Bigtable, 120
      • Cloud Datastore, 121
      • Cloud Firestore, 121
    • relational, 114–115
    • self-managed databases, 58
  • data-driven testing, 251
  • Dataflow, 29
  • Dataproc, 29
  • datasets, BigQuery, 118–119
  • DDoS (distributed denial-of-service) attacks, 135
  • decryption, 132
  • Dedicated Interconnect, 60, 141
  • defense in depth, 39, 170
  • DEK (data encryption key), 163
  • delivery, continuous, 4
  • deployment, 87
    • Blue/Green deployment, 192
    • canary deployment, 191–192
    • complete deployment, 191
    • rolling deployment, 191
  • Deployment Manager, 97
  • design
    • application, 27–33
    • hybrid-cloud networking, 138–139
    • security
      • defense in depth, 170
      • least privilege, 169–170
      • SoD (security of duties), 168–169
    • software
      • detailed design, 209
      • development and testing, 209–210
      • documentation, 210
      • high-level design, 208–209
      • maintenance, 210–211
      • ORM (Object Relations Mapper), 210
      • UX (user experience), 210
  • developer documentation, 210
  • development and operations
    • API best practices
      • resources, 248–249
      • security, 249–251
      • standard methods, 248–249
    • application development methodologies
      • agile methodologies, 246–247
      • spiral methodologies, 245–246
      • waterfall, 244–245
    • data and system migration, 253–255
    • Google Cloud interaction, 256–257
    • technical debt, 247–248
    • testing frameworks
      • automated tools, 252–253
      • models, 251–252
  • DevOps
    • managed services, 3
    • release management, 188–193
  • Dialogflow Essentials, 29
  • digital transformation, 7, 232
  • direct peering, hybrid-cloud networking and, 140
  • disaster plan, 218
  • disaster recovery (DR), 218–219
  • distributed systems, client processes, 98
  • division of labor, 189
  • DNS (domain name services), 9
    • naming conventions, 109
  • documentation
    • developer documentation, 210
    • operations documentation, 210
    • runbook, 210
    • user documentation, 210
  • documents, Cloud Datastore, 121
  • DRA (Durable Reduced Availability), 32, 111
  • Dremel, 118
  • dual-region storage, 111
  • durability, 10
  • durability (ACID), 115
  • E
  • Editor role, 157
  • EHR Healthcare, 12–13
    • business requirements, 25–26
    • regulations and, 46
    • systems integration, 33–34
  • encryption, 132
    • AES128, 163
    • AES256, 163
    • cryptographic keys, 165
    • DEK (data encryption key), 163
    • encryption at rest, 163–164
    • encryption in transit, 164
    • Google Front End, 164
    • KEK (key encryption key), 163
    • TLS (Transport Layer Security), 164
  • environment debt, 248
  • Envoy proxy, 86
  • ETL (extraction, transformation, and load), Cloud Data Fusion and, 96
  • events, Cloud Functions, 82–83
  • exam objectives, 2–3
  • expenses, operational, reducing, 3–4
  • F
  • false alerts, 186
  • filesystems, 110
  • Firestore, 32
  • firewalls, 9
    • Cloud Armor, 135
    • RDP (Remote Desktop Protocol), 134
    • rules, 9, 146
      • attributes, 135
      • default-allow-icmp, 134
      • default-allow-internal, 134
      • default-allow-rdp, 134
      • default-allow-ssh, 134
    • WAF (web application firewall), 135
  • functional technical requirements, 8–10
  • FUSE (Filesystem in Userspace), 110
  • G
  • garbage collection, 187
  • gated egress and ingress topology, 139
  • gated egress topology, 139
  • gated ingress topology, 139
  • gcs mount point, 110
  • GDPR (General Data Protection Regulation), 6, 38, 172
  • geo-redundant storage, 111
  • GitHub, 193
  • GKE (Google Kubernetes Engine), 84–85
    • clusters, 55
      • abstractions, 86–88
      • infrastructure, 85–86
      • types, 88–89
      • workload, 86–88
    • containers, 75
    • Ingress Controller, 87
    • Kubernetes cluster management, 84–85
    • Kubernetes container orchestration, 84–85
    • networking
      • load balancing, 90
      • service networking, 89–90
    • node affinity, 87
    • node labels, 87
    • node pools, 87
    • nodeSelector, 87
    • PersistentVolumes, 87
    • pod specification, 87
    • pods, 86–87
    • use cases, 90
  • GLBA (Gram-Leach-Bliley Act), 38
  • global load balancing
    • HTTP(S) load balancer, 144
    • SSL Proxy load balancer, 144
    • TCP Proxy Load Balancing, 145
  • Google Cloud, emulators, 257
  • Google Cloud Build, 193
  • Google Cloud Deployment, Anthos Config Management, 93
  • Google Cloud interaction, 256–257
  • Google Cloud Key Management Service, 76
  • Google Cloud Professional Architect exam, 2
    • exam objectives, 2–3
  • Google Cloud SDK, 256
  • Google Cloud Shell, 256
  • Google Front End, 164
  • governance, 7
  • Grafana, 188
  • GUIDs (globally unique identifiers), 109
  • H
  • handover topology, 139
  • HBase API, Cloud Bigtable, 120
  • headers, 250
  • Helicopter Racing League, 13–14
    • business requirements, 26
    • systems integration, 34
  • high availability
    • App Engine, 55
    • application availability, 60–61
    • case studies, 55–56, 59–60
    • Cloud Functions, 55
    • Compute Engine, 54–55
    • Kubernetes Engine, 55
    • network availability, 60
    • storage, 56–60
  • high-level objectives, 24
  • HIPAA (Health Insurance Portability and Accountability Act), 6, 38
  • HIPAA/HITECH, 171–172
  • HTTP(S) load balancer, 144
  • hybrid testing, 252
  • hybrid-cloud networking, 138, 147
    • design, 138–139
    • implementing, 139
      • Cloud Interconnect service, 140
      • Cloud VPN, 140
      • direct peering, 141
    • multicloud network, 138
    • reliability, 139
  • I
  • IaC (infrastructure-as-code), migration and, 265
  • IAM (Identity and Access Management), 154, 174
    • best practices, 160–161
    • Cloud IAM Conditions, 160
    • Cloud Identity, 155
    • G Suite domains, 154
    • Google accounts, 155
    • Google Groups, 155
    • IAP (Identity-Aware Proxy), 161
    • identities, 154–155
    • members, 154–155
    • permissions, 156
    • policies, 158–159
    • resources, 155–156
      • hierarchy, 159
    • roles, 156
      • basic roles, 157–158
      • custom, 158
      • predefined, 157
      • primitive roles, 157–158
    • Workload Identity Federation, 161
  • IAM Disable Cross-Project Service Account Usage, 162
  • IAM roles
    • BigQuery, 118–119
    • Cloud Filestore, 113
  • IAP (Identity-Aware Proxy), 161
  • IETF (Internet Engineering Tasks Force), 134
  • incident management, 198
  • incident recovery, 3, 5–6, 68
  • information security, 39–41
  • in-memory cache, 99
  • instance groups
    • canary updates, 79
    • instance templates, 78
    • MIGs (managed instance groups), 78
    • rolling updates, 79
    • unmanaged instance groups, 78
  • instance templates, 78
  • instances
    • boot images, 76
    • Cloud Filestore, 112
    • volatile instances, 99
  • integration, continuous, 4
  • integration testing, 190, 197
  • integrity monitoring, shielded VMs, 77
  • Internal TCP/UDP load balancer, 143–144
  • IOPS (IO operations per second), 64
  • IP addressing, 9
    • CIDR (Classless Inter-Domain Routing) notation, 133
    • IETF (Internet Engineering Tasks Force), 134
    • IPv4, 133
    • IPv6, 133
    • NAT (network address translation), 134
    • private, 134
    • public, 134
    • subnet masks, 133
  • IP protocol, 132
  • isolation (ACID), 114–115
  • ITIL (Information Technology Infrastructure Library), 173–174
  • ITIL Enterprise, 216–217
  • J
  • Java, App Engine Standard, 80
  • Java 8, App Engine Flexible, 80
  • Jenkins, 193
  • Jupiter, 118
  • JWT (JSON Web Tokens), 250
  • K
  • K8s. See GKE (Google Kubernetes Engine)
  • KEK (key encryption key), 163
  • key management
    • Cloud EKM (External Key Manager), 166
    • Cloud HSM, 165
    • Cloud KMS, 165
    • customer-managed encryption keys, 166
    • customer-supplied keys, 165
    • default encryption, 164–165
  • keyword-driven testing, 252
  • KPIs (key performance indicators), 7, 43, 44
    • migration and, 46
    • operations KPI, 42
    • project KPIs, 41–42
    • ROI (return on investment), 42
  • Kubernetes clusters, 79
  • Kubernetes Engine, 8, 55, 67, 79. See GKE (Google Kubernetes Engine)
    • deployment, 63
      • canary deployment, 63
    • GKE clusters, 55
    • node pools, 63
    • pods, 63
      • services, 63
  • L
  • latency, 45
    • network latency, 123–124
  • least privilege, 169–170
  • lifecycle management, 122–123
  • lift and shift, 4
  • line of business, 7
  • LLC (Logical Link Control), 132
  • load balancing, 147
    • GKE, 90
    • global
      • HTTP(S) load balancer, 144
      • SSL Proxy load balancer, 144
      • TCP Proxy Load Balancing, 145
    • regional
      • Internal TCP/UDP load balancer, 143–144
      • Network TCP/UDP load balancer, 143
  • load testing, 190–191
  • LoadBalancer (GKE), 89
  • Log Analytics, 187
  • logging, Cloud Logging, 187
  • M
  • MAC (Media Access Control), 132
  • managed databases, 58–59
  • managed services, 3, 28–30, 43, 49
    • availability and, 67
    • DRA (Durable Reduced Availability), 32
    • Premium Tier networking, 31
    • Pub/Sub, 31–32
    • Pub/Sub Lite, 31–32
    • reduced levels, 30–32
    • scalability and, 67
    • Standard Tier networking, 31
    • VM (virtual machine), preemptible VMs, 30–31
  • marketing and sales, 234
  • Memchached, Cloud Memorystore, 122
  • memorystore, 32
  • meshed topology, 139
  • metered model of migration, 270
  • methodologies, 244
  • microservice architecture, 4, 49
  • Migrate for Anthos, 265
  • Migrate for Compute Engine, 265
  • migration, 253–255
    • assessment phase, 265
    • cloud migrations, 253
    • cloud services integration, 264–266
    • data migration, 268–269
    • Database Migration Service, 255
    • deployment phase, 265
    • Google Transfer Service, 254, 255
    • gsutil, 255
    • KPIs and, 46
    • lift and shift, 4
    • management planning, 271–273
    • network planning, 271–273
    • planning phase, 265
    • replatforming, 253–254
    • repurchasing, 254
    • retaining, 254
    • retirement, 254
    • rip and replace, 4
    • software license mapping, 269–270
    • systems migration, 266–269
    • third-party vendors, 255
    • transfers, 254
  • MIGs (managed instance groups), 78
    • canary updates, 79
    • instance templates, 78
    • rolling updates, 79
    • unmanaged instance groups, 78
  • mirrored topology, 139
  • ML (machine learning), 75
    • Cloud Dataproc, 96
  • model-based testing, 252
  • modularity-driven testing, 251–252
  • monitoring
    • Cloud Operations Suite, 183–185
    • Prometheus, 188
  • monolithic applications, microservice architecture, 4
  • Mountkirk Games, 14–15
    • business requirements, 26–27
    • systems integration, 34–35
  • multicloud network, 138
  • multiregion storage, 111
  • MySQL, Cloud SQL and, 116
  • N
  • namespaces, Cloud Storage, 109
  • NAT (network address translation), 134
  • Nearline storage, 111
  • .NET, App Engine Flexible, 81
  • network availability
    • Dedicated Interconnect, 60
    • Partner Interconnect, 60
    • Premium Network Tier, 60
    • redundant network connections, 60
    • Standard Network Tier, 60
  • network latency, 123–124
  • Network Layer (OSI Model), 132
  • Network TCP/UDP load balancer, 143
  • networking. See also VPCs (virtual private clouds)
    • access controls, 272–273
    • Cloud CDN, 145
    • Cloud DNS, 145
    • Compute Instance Admin, 272
    • connectivity, 273
    • data transfer, 132
    • decryption, 132
    • encryption, 132
    • firewall rules, 134–135
    • firewalls
      • Cloud Armor, 135
      • WAF (web application firewall), 135
    • GKE
      • load balancing, 90
      • service networking, 89–90
    • hybrid-cloud networking, 138, 147
      • design, 138–139
      • implementing, 139–141
      • multicloud network, 138
    • IP addressing
      • CIDR (Classless Inter-Domain Routing) notation, 133
      • IPv4, 133
      • IPv6, 133
      • private, 134
      • public, 134
      • subnet masks, 133
    • IP protocol, 132
    • LLC (Logical Link Control), 132
    • load balancing, 147
      • global, 144–145
      • regional, 143–144
    • MAC (Media Access Control), 132
    • Network Admin, 272
    • Network Viewer, 272
    • OSI model, 132
    • peering, VPCs and, 137–138
    • Premium Tier, 31
    • Private Google Access, 142
    • Private Google Access for On-premises Hosts, 142
    • Private Service Access, 142
    • Private Service Connect for Google APIs, 141
    • Private Service Connect for Google APIs with Consumer HTTP(S), 142
    • Private Service Connect for Published Services, 142
    • requirements
      • VPCs (virtual private clouds), 9
      • VPNs (virtual private networks), 9
    • routers, 132
      • Cloud Router, 135
    • scalability, 64
    • scaling, 273
    • Security Admin, 272
    • Serverless VPC Access, 142
    • Service Directory, 145
    • service-centric, 141–142, 147
    • Standard Tier, 31
    • TCP (Transmission Control Protocol), 132
    • TLS (Transport Layer Security), 132
    • topologies
      • gated egress, 139
      • gated egress and ingress, 139
      • gated ingress, 139
      • handover, 139
      • meshed, 139
      • mirrored, 139
    • UDP (User Datagram Protocol), 132
    • VPCs (virtual private clouds), 271–272
      • network peering, 137–138
      • shared, 137
      • subnets, 136
    • VPNs (virtual private networks), 271–272
  • Node.js
    • App Engine Flexible, 81
    • App Engine Standard, 80
  • NodePort ServiceType (GKE), 89
  • nonfunctional requirements, 10
    • availability, 10
    • durability, 10
    • observability, 10
    • reliability, 10
    • scalability, 10
  • NoSQL databases, 8–9
    • Cloud Bigtable, 120
    • Cloud Datastore, 121
    • Cloud Firestore, 121
  • notifications, Cloud Monitoring, 186
  • O
  • object storage, 32
    • migration and, 268–269
  • observability, 10
  • operating budget, 7
  • operational expenses, 7
    • reducing, 3–4
  • operations documentation, 210
  • operations KPI, 42
  • Opex (operational expenditures), 7
  • OSI (Open Systems Interconnection) Network model
    • Layer 1 (Physical), 132
    • Layer 2 (Data Link), 132
    • Layer 3 (Network), 132
    • Layer 4 (Transport), 132
    • Layer 5 (Session), 132
    • Layer 6 (Presentation), 132
    • Layer 7 (Application), 132
  • OWASP (Open Web Application Security Project), 135
  • Owner role, 157
  • P
  • PaaS (platform-as-a-service)
    • App Engine and, 74
    • App Engine Standard, 80
  • Partner Interconnect, 60, 141
  • pay-as-you-go model of migration, 270
  • payload, 250
  • PCI (Payment Card Industry Data Standard), 6
  • PCI DSS (Payment Card Industry Data Security Standard), 38
  • PDs (persistent disks), 57
  • penetration testing, 167
  • permissions, 174
    • Compute Engine, 156
  • persistent disks
    • balanced persistent disk, 76
    • block storage, 76
    • SDD persistent disk, 76
    • standard persistent disk, 76
  • PersistentVolumes (GKE), 87
  • PHP, App Engine Standard, 80
  • PHP 5/7, App Engine Flexible, 81
  • Physical Layer (OSI Model), 132
  • pipelines, 94–95
  • Plan-Do-Study-Act methodology, 233
  • pods
    • GKE, 86–87
      • specifications, 87
    • TPUs (Tensor Processing Units), 94
  • points of presence, 124
  • policies
    • bindings, 158
    • Cloud Monitoring, 186
  • portfolios, 230
  • POSIX, Cloud Filestore, 113
  • PostgreSQL, Cloud SQL and, 116
  • post-mortem analysis, 198
    • incident post-mortems
      • blameless culture, 215
      • major incidents, 215
      • minor incidents, 214–215
      • timeline of events, 215
    • project post-mortems, 215–216
  • preemptible VMs, 3–4, 30–31, 77
  • Preium network tier, 111
  • Premium Network Tier, 60
  • Premium Tier networking, 31
  • preprocessing scripts, 45
  • Presentation Layer (OSI Model), 132
  • principle of least privilege, 39
  • privacy regulations, 38–39
  • Private Google Access, 142
  • Private Google Access for On-premises Hosts, 142
  • private IP addressing, 134
  • Private Service Access, 142
  • Private Service Connect for Google APIs, 141
  • Private Service Connect for Google APIs with Consumer HTTP(S), 142
  • Private Service Connect for Published Services, 142
  • product strategy, business requirements, 24–27
  • professional services, 234
  • programs, 230
  • project KPIs, 41–42
  • projects, 229–230
  • Prometheus, 188
  • public IP addressing, 134
  • Pub/Sub, 31–32
  • Pub/Sub Lite, 4, 31–32
  • pull subscriptions, Cloud Pub/Sub, 95
  • push subscriptions, Cloud Pub/Sub, 95
  • Python, App Engine Standard, 80
  • Python 2.7, App Engine Flexible, 81
  • Python 3.6, App Engine Flexible, 81
  • Q
  • QUIC (Quick UDP Internet Connections), 164
  • R
  • RDP (Remote Desktop Protocol), 134
  • read replicas, 116
  • Recommendations AI, 29
  • recommenders, VMs, 78
  • recovery. See also incident recovery
  • recovery plan, 218
  • Redis, Cloud Memorystore and, 121–122
  • redundancy, availability, 66–67
  • redundant network connections, 60
  • regional load balancing
    • Internal TCP/UDP load balancer, 143–144
    • Network TCP/UDP load balancer, 143
  • regression testing, 197
  • regulations, 44
    • compliance, 3, 6–7
    • COPPA (Children's Online Privacy Protection Act), 6, 38, 173
    • data integrity, 39
    • EHR system and, 46
    • GDPR (General Data Protection Regulation), 6, 38, 172
    • GLBA (Gram-Leach-Bliley Act), 38
    • HIPAA (Health Insurance Portability and Accountability Act), 6, 38
    • HIPAA/HITECH, 171–172
    • PCI (Payment Card Industry Data Standard), 6
    • PCI DSS (Payment Card Industry Data Security Standard), 38
    • privacy, 38–39
    • SOX (Sarbanes-Oxley Act), 6, 38, 172–173
  • relational data, migration and, 269
  • relational databases
    • ACID (atomicity, consistency, isolation, durability)
      • atomicity, 114
      • consistency, 114
      • durability, 115
      • isolation, 114–115
    • selecting, 119
  • release management, 188
    • CD (continuous delivery)
      • deployment, 191–192
      • QA (quality assurance), 189
      • testing, 189–191
    • CI (continuous integration), 192–193
  • reliability, 10, 66, 182
    • engineering, 65–66
    • hybrid-cloud networking, 139
    • measuring, 65
    • release management, 188–189
      • CD (continuous delivery), 189–192
      • CI (continuous integration), 192–193
    • systems reliability
      • cascading failures, 196–197
      • incident management, 198
      • overload and, 193–194
      • post-mortem analysis, 198
      • quality of service, degrading, 194–195
      • testing, 197–198
      • upstream throttling, 195
  • reliability stress testing, 197–198
  • ReplicaSet, 87
  • Resource Location Restrictions, 162
  • RESTful APIs, integration testing, 190
  • rip and replace, 4
  • ROI (return on investment), 42, 43, 208
  • roles, 156, 174
    • basic roles
      • Editor role, 157
      • Owner role, 157
      • Viewer role, 157
    • custom roles, 158
    • identities, 156–157
    • predefined, 157
    • primitive roles, 157–158
  • rolling deployment, 191
  • rolling updates, 79
  • routers, 132
    • Cloud Router, 135
  • RTO (recovery time objectives), 218
  • Ruby
    • App Engine Flexible, 81
    • App Engine Standard, 80
  • runbook, 210
  • S
  • SaaS (software as a service), VPC network peering and, 137–138
  • scalability, 10, 66
    • App Engine, 61
    • autoscale, 61, 62
    • Cloud Function, 61
    • Compute Engine, 62–63
    • Kubernetes, 61
    • Kubernetes Engine, 63–64
    • managed services, 67
    • network design, 64
    • NoSQL databases, 61
    • regional persistent disks, 64
    • relational databases, 61
    • scaling down, 62
    • scaling in, 62
    • scaling out, 62
    • scaling up, 62
    • stabilization period, 62
    • storage resources, 64
    • trailing time window, 63
    • unmanaged instance groups, 62
    • vertical scaling, 248
    • VMs, 61, 62
  • Secret Manager, 213
  • secure boot, shielded VMs, 77
  • Secure Encrypted Virtualization, 78
  • security, 44. See also information security
    • API
      • authentication, 250
      • authorization, 250
      • resource limiting, 250–251
    • auditing, 167–168
    • data changes, 46
    • ITIL (Information Technology Infrastructure Library), 173–174
    • penetration testing, 167
  • security design
    • defense in depth, 170
    • least privilege, 169–170
    • SoD (security of duties), 168–169
  • self-managed databases, 58
  • Serverless VPC Access, 142
  • service accounts, VMs, 76
  • Service Directory, 145
  • service networking (GKE), 89–90
  • service-centric networking, 147
    • Private Google Access, 142
    • Private Google Access for On-premises Hosts, 142
    • Private Service Access, 142
    • Private Service Connect for Google APIs, 141
    • Private Service Connect for Google APIs with Consumer HTTP(S), 142
    • Private Service Connect for Published Services, 142
    • Serverless VPC Access, 142
  • service-level objectives, 3
  • Session Layer (OSI Model), 132
  • Shared VPC, 137
  • shielded VMs, 77
  • signature, 250
  • Simian Army, 198
  • SLAs (service-level agreements), 7
    • availability and, 52–53
  • SLIs (service-level indicators), 5, 7
  • SLOs (service-level objectives), 5, 7
  • SoD (security of duties), 168–169
  • software development
    • analysis, 206–207
      • cost-benefit analysis, 208
      • COTS (commercial off-the-shelf software), 207
      • options, 207–208
      • ROI (return on investment), 208
      • scoping, 207
    • business requirements and, 3
    • design
      • detailed design, 209
      • development and testing, 209–210
      • documentation, 210
      • high-level design, 208–209
      • maintenance, 210–211
      • ORM (Object Relations Mapper), 210
      • UX (user experience), 210
    • documentation, 210
    • maintenance, 210–211
  • software license mapping, 269–270
  • sole-tenancy, VMs, 76–77
  • SOX (Sarbanes-Oxley Act), 6, 38, 172–173
  • spiral methodologies, 245–246
  • spot VMs, 77
  • Spot VMs, 31
  • SQL Server, Cloud SQL and, 116
  • SSD persistent disk, 76
  • SSL Proxy load balancer, 144
  • SSL/TLS traffic, SSL Proxy load balancer, 144
  • Stackdriver, 183
  • stakeholder management
    • communication plans, 231
    • influences, 228–229
    • interests, 228–229
    • portfolios, 230
    • programs, 230
    • projects, 229–230
    • stages, 230–231
  • stakeholders, 228
  • Standard network tier, 111
  • Standard Network Tier, 60
  • standard persistent disk, 76
  • standard storage, 111
  • Standard Tier networking, 31
  • state, distributed systems
    • client processes, 98
    • Cloud Memorystore, 99
    • databases, 99
    • in-memory cache, 99
    • persistent, 98–99
    • volatile instances, 98–99
  • storage
    • archival, 111
    • backup, 111
    • high availability
      • availability versus durability, 57
      • caching, 59
      • case studies, 59–60
      • Cloud Filestore, 57
      • Cloud Storage, 57
      • databases, 58–59
      • PDs (persistent disks), 57
    • requirements, 8–9
      • NoSQL databases, 8–9
    • scalability, 63
    • service overview, 108
  • streaming data, BigQuery, 119
  • subnets, 9
    • VPCs (virtual private clouds), 136, 147
  • synchronous calls, 99–100
  • system testing, 197
  • systems integration
    • EHR Healthcare, 33–34
    • Helicopter Racing League, 34
    • Mountkirk Games, 34–35
    • TerramEarth, 35
  • systems reliability
    • cascading failures, 196–197
    • incident management, 198
    • overload and, 193–194
      • shedding load, 194
    • post-mortem analysis, 198
    • quality of service, degrading, 194–195
    • testing
      • integration tests, 197
      • regression tests, 197
      • reliability stress tests, 197–198
      • system tests, 197
      • unit tests, 197
    • upstream throttling, 195
  • T
  • tablets, Bigtable, 120
  • target pool, 143
  • TCO (total cost of ownership), 28, 43
  • TCP (Transmission Control Protocol), 132
  • TCP Proxy Load Balancing, 145
  • team skill management, 233–234
  • technical debt, 247–248
  • technical processes
    • business continuity planning, 217–218
    • CI/CD
      • building blocks, 212–213
      • business drivers, 211–212
    • disaster recovery, 218–219
    • ITIL Enterprise, 216–217
    • post-mortem analysis
      • incident post-mortems, 214–215
      • project post-mortems, 215–216
    • software development
      • analysis, 206–208
      • design, 208–210
      • documentation, 210
      • maintenance, 210–211
    • troubleshooting, 213–216
  • technical requirements, functional requirements, 8–10
  • Terraform, 97
  • TerramEarth, systems integration, 35
  • TerramEarth case study, 15–16
    • business requirements, 27
  • test-driven development, 252
  • testing
    • acceptance testing, 190
    • chaos engineering tools, 198
    • integration testing, 190
    • integration tests, 197
    • load testing, 190–191
    • regression testing, 197
    • reliability stress tests, 197–198
    • system tests, 197
    • unit testing, 190
    • unit tests, 197
  • testing frameworks
    • automated tools, 252–253
    • data-driven testing, 251
    • hybrid testing, 252
    • keyword-driven testing, 252
    • model-based testing, 252
    • models, 251–252
    • modularity-driven testing, 251–252
    • test-driven development, 252
  • thrashing, 196–197
  • time-series databases, 32, 45
  • TLS (Transport Layer Security), 132, 164
  • topologies
    • gated egress, 139
    • gated egress and ingress, 139
    • gated ingress, 139
    • handover, 139
    • meshed, 139
    • mirrored, 139
  • TPUs (Tensor Processing Units), 94
    • pods, 94
  • trailing time window, 63
  • training and support, 234
  • Transport Layer (OSI Model), 132
  • tripping the circuit breaker, 195
  • trust boundaries, 160
  • U
  • UDP (User Datagram Protocol), 132
  • unit testing, 190, 197
  • unmanaged instance groups, 78
  • use cases, business use cases, 24–27
  • user documentation, 210
  • V
  • version control, 212
  • Vertext AI, 94
  • vertical scaling, 248
  • Viewer role, 157
  • virtualization, Secure Encrypted Virtualization, 78
  • visualization, Grafana, 188
  • VMs (virtual machines)
    • confidential, 78
    • persistent disks, 76
    • preemptible VMs, 3–4, 30–31, 77
    • recommenders, 78
    • scalability, 62
    • service accounts, 76
    • shielded, 77
    • sole-tenancy, 76–77
    • spot VMs, 77
    • Spot VMs, 31
  • volatile instances, 99
  • VPCs (virtual private clouds), 9, 146, 271–272
    • network peering, 137–138
    • Network Peering, Cloud Filestore, 113
    • peering, 9
    • shared, 137, 146
    • subnets, 136, 147
  • VPNs (virtual private networks), 9, 271–272
  • vTPM (virtual trusted platform module), shielded VMs, 77
  • W–Z
  • WAF (web application firewall), 135
  • waterfall methodologies, 244–245
  • Workload Identity Federation, 161
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset