Book Image

Google Cloud Certified Professional Cloud Network Engineer Guide

By : Maurizio Ipsale, Mirko Gilioli
Book Image

Google Cloud Certified Professional Cloud Network Engineer Guide

By: Maurizio Ipsale, Mirko Gilioli

Overview of this book

Google Cloud, the public cloud platform from Google, has a variety of networking options, which are instrumental in managing a networking architecture. This book will give you hands-on experience of implementing and securing networks in Google Cloud Platform (GCP). You will understand the basics of Google Cloud infrastructure and learn to design, plan, and prototype a network on GCP. After implementing a Virtual Private Cloud (VPC), you will configure network services and implement hybrid connectivity. Later, the book focuses on security, which forms an important aspect of a network. You will also get to grips with network security and learn to manage and monitor network operations in GCP. Finally, you will learn to optimize network resources and delve into advanced networking. The book also helps you to reinforce your knowledge with the help of mock tests featuring exam-like questions. By the end of this book, you will have gained a complete understanding of networking in Google Cloud and learned everything you need to pass the certification exam.

Related Content you might be interested in

Current Title:

Small book image
Google Cloud Certified Professional Cloud Network Engineer Guide
Maurizio Ipsale | Mirko Gilioli
Jan, 2022 | 406 pages
Small book image
Google Cloud Associate Cloud Engineer Certification and Implementation Guide
Wojciech Marusiak | Agnieszka Koziorowska
Sep, 2023 | 606 pages
Small book image
Google Cloud Platform Administration
Ranjit Singh Thakurratan
Sep, 2018 | 230 pages
Small book image
Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide
Prashant Kulkarni | Ankush Chowdhary
Aug, 2023 | 496 pages
Table of Contents (14 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Share Your Thoughts
1
Section 1: Network Infrastructure
Section 1: Network Infrastructure
Free Chapter
2
Chapter 1: Google Cloud Platform Infrastructure
Chapter 1: Google Cloud Platform Infrastructure
Introducing cloud computing and virtualization
Introducing GCP
Getting started with GCP
Understanding virtual machines in the cloud
Exploring containers in the cloud
Summary
Further reading
3
Chapter 2: Designing, Planning, and Prototyping a GCP Network
Chapter 2: Designing, Planning, and Prototyping a GCP Network
Technical requirements
Designing the overall network architecture
Designing a VPC
Designing a hybrid network
Designing a container IP addressing plan for GKE
Summary
4
Chapter 3: Implementing a GCP Virtual Private Cloud (VPC)
Chapter 3: Implementing a GCP Virtual Private Cloud (VPC)
Technical requirements
Configuring VPC networks
Configuring and managing firewall rules
5
Section 2: Network Services and Security
Section 2: Network Services and Security
6
Chapter 4: Configuring Network Services in GCP
Chapter 4: Configuring Network Services in GCP
Configuring load balancing
Configuring Cloud Content Delivery Network (CDN)
Summary
7
Chapter 5: Implementing Hybrid Connectivity in GCP
Chapter 5: Implementing Hybrid Connectivity in GCP
Technical requirements
Configuring Interconnect
Configuring a site-to-site IPsec VPN
Diving into Cloud Router
Summary
8
Chapter 6: Implementing Network Security
Chapter 6: Implementing Network Security
Configuring Identity and Access Management (IAM)
Configuring Cloud Armor security policies
Configuring a third-party software device (NGFW) insertion into VPC using multiple NICs
Summary
9
Section 3: Network Operations, Management, and Monitoring
Section 3: Network Operations, Management, and Monitoring
10
Chapter 7: Managing and Monitoring Network Operations
Chapter 7: Managing and Monitoring Network Operations
Logging and monitoring with GCP operations
11
Chapter 8: Advanced Networking in Google Cloud Platform
Chapter 8: Advanced Networking in Google Cloud Platform
Google Cloud Traffic Director
Understanding Istio and the service mesh
Configuring the Google Cloud Service Directory
Understanding Service Directory and features
Configuring Service Directory and DNS
Building hub and spoke networks with Network Connectivity Center
Summary
12
Chapter 9: Professional Cloud Network Engineer Certification Preparation
Chapter 9: Professional Cloud Network Engineer Certification Preparation
Why subscribe?
13
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts

Introducing cloud computing and virtualization

This section introduces the concepts of cloud computing and virtualization, which are fundamental to understanding how GCP works. We will go through the basic elements of cloud computing and virtualization that are required to dive into the chapter.

What is cloud computing?

Whether you are a fresh entry to the cloud or not, we can consider cloud computing a model that enables ubiquitous, on-demand network access to a shared pool of configurable computing resources. These resources can be servers, storage, networks, applications, and services. A great advantage that cloud computing brings to users is that you can rapidly provision and de-provision computing resources with minimal management effort.

Cloud computing models can be oriented to private customers like you or to enterprises or public organizations. Many popular internet services have been introduced over the years. Think about Dropbox, Google Photos, Apple iCloud, and so on, which let you store your files or images in a private space that can be accessed anywhere, anytime. Additionally, Amazon Web Services, Microsoft Azure, and Google Cloud brought services to the market cloud to help enterprises and organizations scale their IT infrastructures and applications globally.

The cloud computing model is based on several important pillars:

  • Data center: This refers to a large building with independent power and cooling systems that hosts a large number of servers, storage, and networking devices.
  • Virtualization: This is an enabling technology that allows physical resources to be shared across multiple users privately.
  • Programmability: Every cloud resource (compute, storage, network, and so on) is software-driven. This means that there is no human interaction to request, deploy, or release a resource-enabling self-service model.
  • Global network: This refers to the global private physical network that interconnects all the data centers around the world.

Consumers can rent these services from cloud providers on-demand in a self-service manner. This model allows cloud users to pay only for the resources they reserve and consume, thus reducing Capital Expenditure (CAPEX) and time-to-market.

More specifically, cloud computing is built on five fundamental attributes:

  • On-demand self-service: Cloud users can request cloud computing services with a self-service model when they need them. This can be achieved with automated processes without any human interaction.
  • Broadband network access: Cloud users can access their resources anytime, anywhere, through a broadband connection. This lets cloud users interact with remote resources as if they were on-premises.
  • Resource pooling: Cloud users can access a wide, almost infinite pool of resources without worrying about its size and location.
  • Rapid elasticity: Cloud users can rapidly scale their resources elastically based on their actual workload needs. This allows cloud users to increase resource utilization and reduce costs.
  • PAYG (Pay As You Go) model: Cloud users only pay for what they reserve or use. This allows them to greatly reduce CAPEX, increase agility, and reduce time-to-market.

There are three distinct kinds of cloud services that a user can choose from:

  • Infrastructure as a Service (IaaS): Cloud users can rent the entire IT infrastructure, including virtual machines, storage, network, and the operating system. With this type of service, the user has full access to and control over the virtual infrastructure and is responsible for it. The cloud provider is responsible for the physical architecture and virtualization infrastructure.
  • Platform as a Service (PaaS): This type of service is ideal for developers who want an on-demand environment for developing, testing, and delivering applications. Here, developers can quickly deploy their applications without worrying about the underlying infrastructure. There is no need to manage servers, storage, and networking (which is the responsibility of the cloud provider) since the focus is on the application.
  • Software as a Service (SaaS): Cloud providers can lease applications to users, who can use them without worrying about managing any software or hardware platforms.

The following diagram shows a comparison between these three cloud services:

Figure 1.1 – A comparison of the IaaS, PaaS, and SaaS services

Figure 1.1 – A comparison of the IaaS, PaaS, and SaaS services

Your cloud infrastructure can be deployed in two ways:

  • On-premises: This deployment refers to resources that are deployed on a private data center that belong to a single organization.
  • On a public cloud: This deployment refers to resources that are deployed in third-party data centers owned by the cloud provider. These resources will be running in a virtual private space in a multi-tenant scenario or sole-tenant scenario (https://cloud.google.com/compute/docs/nodes/sole-tenant-nodes) with dedicated hardware.

It is quite common that cloud users need to interconnect services that are running on-premises and services that have been deployed on the public cloud. Thus, it is particularly important to create hybrid cloud services that span both private and public cloud infrastructure. GCP offers many services to build public cloud infrastructure and interconnect them to those running on-premises.

Now that you have learned what cloud computing is, let's introduce virtualization.

What is virtualization?

Sometimes, in the Information Technology (IT) industry, there is the need to abstract hardware components into software components. Virtualization is the technology that does this. Today, virtualization is used on servers to abstract hardware components (CPU, RAM, and disk) to virtual systems that require them to run. These virtual systems are commonly referred to as virtual machines and the software that abstracts the hardware components is called a hypervisor. By using virtualization, IT administrators can consolidate their physical assets in multiple virtual machines running on one or few physical servers. Hypervisors lets you have multiple virtual machines with different requirements in terms of the hardware and operating system. Moreover, the hypervisor isolates operating systems and their running applications from the underlying physical hardware. They run independently of each other.

The following diagram shows the architecture for virtualization:

Figure 1.2 – Virtualization architecture

Figure 1.2 – Virtualization architecture

As we can see, the hypervisor virtualizes the hardware and provides each operating system with an abstraction of it. The operating systems can only see the virtualized hardware that has been provisioned in the hypervisor. This allows you to maximize the hardware resource utilization and permits you to have different operating systems and their applications on the same physical server.

Virtualization brings several benefits compared to physical devices:

  • Partitioning: Virtualization allows you to partition virtual resources (vCPU, vRAM, and vDISK) to give to the virtual machine. This improves physical resource utilization.
  • Isolation: Virtual machines are isolated from each other, thus improving security. Moreover, they can run operating systems and applications that can't exist on the same physical server.
  • Encapsulation: Virtual machines can be backed up, duplicated, and migrated to other virtualized servers.

Now that we have introduced cloud computing and virtualization, let's introduce GCP.

Previous Section
End of Section 2
Next Section