CPA Flashcards
(26 cards)
The five essential characteristics of the cloud are:
On-demand self-service: Services are provisioned automatically without manual provider intervention, and you only pay for what is used.
Broad network access: Resources are available throughout the network.
Resource pooling: Resources are pooled from a shared pool, giving the user a sense of location independence. For some of the resources, the location might be restricted.
Rapid elasticity: Services can be elastically provisioned and de-provisioned with the capacity being managed by the provider.
Measured service: Resource usage is monitored and can be reported on.
The four cloud deployment models are:
Private cloud: This is used by specific organizations but can be managed by third parties.
Public cloud: This is used by the general public.
Community cloud: This is used by specific communities.
Hybrid cloud: This is composed of two or more different clouds.
GCP supports following service models
Infrastructure-as-a-Service (IaaS)
Platform-as-a-Service (PaaS)
Container-as-a-Service (CaaS)
Function-as-a-Service (FaaS)
Managed services
Regions
A region is defined by Google as an independent geographic area that is divided into multiple zones. Locations within regions should have round-trip network latencies of under 1 ms in 95% of cases.
Zones
A zone is a deployment area for GCP resources. Note that a zone does not correspond to a single data center; it can consist of multiple buildings. Even though a zone provides a certain amount of fault protection, a zone is considered a single point of failure (SPOF). Therefore, you should consider placing your application across multiple zones to provide fault tolerance.
Network edge locations
Network edge locations are connections to GCP services located in a particular metropolitan area.
Projects
Projects are the smallest logical containers that group resources. Every resource within GCP needs to belong to exactly one project. Each project is managed separately, and IAM roles can be assigned per project to control the access in a fine-grained way.
Project ID: This is a globally unique immutable ID generated by Google.
Project name: This is a unique name provided by a user.
Project number: This is a globally unique number generated by Google.
Resources’ scope
The resources can be either global, regional, or zonal. This indicates how accessible the resource is to other resources. For example, a global image can be used in any region to provision VMs. On the other hand, a VM that needs to belong to a particular subnet must reside in the same region for which the subnet was configured.
Global resources
Global resources are globally available within the same project and can be accessed from any zone. These include the following objects:
Addresses: These are reserved external IP addresses and can be used by global load balancers.
Images: These are either predefined or user-customized. They can be used to provision VMs.
Snapshots: Snapshots of a persistent disk allow the creation of new disks and VMs. Note that you can also expose a snapshot to a different project. Snapshots can also act as a backup for VMs.
Instance templates: These can be used for the creation of managed instance groups.
Virtual Private Cloud (VPC) networks: These are virtual networks that you can connect your workloads to.
Firewall: These are defined per VPC but are globally accessible.
Routes: Routes allow you to direct your network traffic and are assigned to VPCs, but they are also considered global.
Regional resources
Addresses: Static, external IP addresses can only be used by instances that are in the same region.
Subnets: These are associated with VPC networks and allow the assignment of IP addresses to VMs.
Regional managed instance groups: These allow you to scale groups of instances. The scope can be set to either regions or zones.
Regional persistent disks: These provide replicated, persistent storage to VM instances. They can also be shared between projects for the creation of snapshots and images, but not disk attachments.
Zonal resources
VM instances: These reside in a particular zone.
Zonal persistent disks: These provide persistent storage to VM instances. They can also be shared as disks between projects for the creation of snapshots and images, but not disk attachments.
Machine types: These define the hardware configuration for your VM instances and are defined for any particular zone.
Zonal managed instance groups: These allow you to autoscale groups of instances. The scope can be set to either regions or zones.
Billing
The smallest entity you are billed for is a single project.
You cannot split your bill inside the project.
The first billing account will be created upon the creation of your GCP account.
You can assign multiple projects to one billing account.
Billing Export
GCP allows you to export the billing information to a BigQuery dataset. This can be useful if you need to prepare reports or carry out an analysis of the cost of your cloud consumption.
After the data has been exported to BigQuery, you can perform queries on it. For example, you can check which service has generated the most costs:
This information is very useful when you wish to create all sorts of billing reports.
Budgets and alerts
we would also like to be informed, upfront, whether we are exceeding our budget.
Budgets and alerts can be set for each billing account or project. You can set up a specific threshold. Once the amount spent is higher than the defined threshold, billing administrators and billing account users will be notified. This will not stop the usage of any services, and charges will continue to apply for the running resources. By default, there are three alert thresholds: 50%, 90%, and 100%. Both the number of thresholds and their values can be modified
There are two types of notification targets: email and a Pub/Sub topic. If the mail channel is chosen, the billing administrators and users can be notified or a specific notification channel with an associated email address can be selected. If a Pub/Sub topic is selected, an already existing topic can be selected or a new topic can be created.
Exam Tip (Billing alerts and budgets)
If the alerts and budgets are attached to a billing account, and you have multiple projects attached to the alerts, this will count toward the total cost generated in all of those projects together. Remember the default thresholds for the alerts.
Billing account roles
you would want to have control over who has access to your billing and who can manage the payments. The following list shows the roles that can be used to control the billing:
Billing Account Creator: This is used for the initial billing setup, including signing up for GCP with a credit card.
Billing Account Administrator: This is the owner of the billing account. This role is allowed to link and unlink projects and manage other users’ roles for the billing account. This role can manage payment instruments, billing exports, and view cost information.
Billing Account User: In combination with the project creator role, the Billing Account User role is allowed to create new projects linked to the billing account on which the role has been granted.
Billing Account Viewer: This role allows access to view the billing information. It can be used by the finance team.
Billing Account Costs Manager: This role allows you to view and export the cost information of the billing account.
Project Billing Manager: This role enables the attachment of the project to a billing account without rights to resources.Exam Tip
Google Cloud Platform Core Services
Understanding computing and hosting services
Exploring storage services
Getting to know about networking services
Going through big data services
Understanding Machine Learning (ML) services
computing and hosting services
Infrastructure-as-a-Service (IaaS): Google Compute Engine (GCE)
Container-as-a-Service (CaaS): Google
Kubernetes Engine (GKE)
Platform-as-a-Service (PaaS): Google App Engine (GAE)
Function-as-a-Service (FaaS): Cloud Functions
GCE - Basic
GCE is an IaaS offering. It allows the most flexibility as it provides compute infrastructure to provision VM instances. This means that you have control of the virtualized hardware and operating system. Note, this can be limited to available machine types. You can use standard GCP images or your own custom image. You can control where your VMs and storage are located in terms of regions and zones. You have granular control over the network, including firewalls and load balancing. With the use of an instance group, you can autoscale your control and your capacity as needed. Compute Engine is suitable in most cases but might not be an optimal solution.
GKE - Basics
GKE is a CaaS offering. It allows you to create Kubernetes clusters on demand, which takes away all of the heavy lifting of installing the clusters yourself. It leverages Compute Engine for hosting the cluster nodes, but the customer does not need to bother with the infrastructure and can concentrate on writing the code. The provisioned cluster can be automatically updated and scaled. The GCP software-defined networks are integrated with GKE and allow users to create network objects, such as load balancers, on demand when the application is deployed. Several services integrate with GKE, such as Artifact Registry, which allows you to store and scan your container images.
App Engine is a PaaS offering. It allows you to concentrate on writing your code, while Google takes care of hosting, scaling, monitoring, and updates. It is targeted at developers who do not need to understand the complexity of the infrastructure.
GAE offers two types of environments, as follows:
Standard: With sets of common languages supported, including Python, Go, Java, Node.js, PHP, Ruby, and Go.
Flexible: Even more languages, with the possibility of creating a custom runtime. With a flexible environment, you lose some out-of-the-box integration, but you gain more flexibility.
Cloud Functions
Cloud Functions: Cloud Functions is a FaaS offering. It allows you to concentrate on writing your functions in one of the supported languages. It is ideal for executing simple tasks for data processing, mobile backends, and IoT. This service is completely serverless and all of the layers below it are managed by Google. The functions can be executed using an event trigger or HTTP endpoint.
Cloud Run - basics
Brings together the simplicity of FaaS and portability of CaaS. It allows you to develop and deploy self-scaling containerized applications on a fully managed serverless platform. It is compatible with Knative so you can move your workloads to any environment that can run Kubernetes in the cloud or on-premises.
Anthos - basics
Anthos is a modern application management platform that provides a consistent development and operations experience for cloud and on-premises environments. Anthos is not a compute option itself but allows you to run Google Kubernetes Engine and Cloud Run on Anthos in multi-cloud and hybrid environments.
