Examining Technical Processes for GCP

In your role as an architect, you'll be involved in numerous technical procedures, some of which were covered in earlier chapters, like continuous integration/continuous delivery (CI/CD) and post-mortem analysis. This chapter will delve deeper into these and other processes like software development lifecycle management, testing and validation, and business continuity and disaster recovery planning. Our aim is to present a comprehensive understanding of these technical processes, with an emphasis on their connection to business goals. For a more technical exploration, including the use of tools like Jenkins in CI/CD, please refer to the subsequent discussions.

Analyzing Technical Processes for GCP

Architects are involved in many different types of technical processes:

• Continuos Deployment
• Continuous Delivery
• Post-mortem Analysis
• Development Lifecycle Planning
• Testing
• Validation
• Business continuity
• Disaster Recovery(DR)

Architecting for Reliability

A reliable system is one people can get to now. Reliability is the probability a system can be reached and used without failure and Availability is a measure of how available a system is to be used within a given period of time.

Cloud Operations Suite

Architecting GCP Solutions for Security and Legal Compliance

Identity and Access Management

Identity and Access Management or IAM is a service which lets you specify which users can perform which actions in the cloud. IAM includes the following objects:

• Identities and Groups
• Resources
• Permissions
• Roles
• Policies

Architecting GCP Network Solutions

OSI Model Layers

1. Physical, the actual metal, wires, electrons and plastic ethernet plugs. You'll find wifi's radio frequency here because radio is physical phenomenon. In Quantum networking this layer are the entangled particles and the equipment uses to read and write to them plus the equipment used to connect to that. Voltage is sometimes the physical layer in Ethernet Over Power. With tin cans on a string, this layer is the cans, string and the vocal vibrations traveling through them.
2. Data Link, ARP, Mac Addresses, Collision avoidance. This is broken into two mini-layers, the first is media access control(MAC) and the second is Logical Link Control(LLC). The second acts as a negotiator between the MAC layer and the third 'Network' layer.
3. Network, this is where IP Addresses live. Keep in mind these network layers are the layers of a packet sent over the network. This is the base layer for packets. A packet is data encapsulated in a route with source and destination addresses.
4. Transport. The protocol that makes this process work known by all networking devices speak is Transmission Control Protocol(TCP) or User Datagram Protocol(UDP). The Protocol identifier stored in a packet lives in this layer.
5. Session, this layer manages handshakes. An SMTP connection timeout would exist on this layer. TLS handshakes happen here. An https packet is fully encrypted, so a request to a server asking for a url cannot be understood unless it is decrypted, then it can be seen. Inside layer 4 lives an encrypted layer 5 envelope in the case oF HTTPS connections. Layer 5 is the encrypted data, while layer 6 is the decrypted data.
6. Presentation, A GET / request is in this layer. Mappings of network resources to application resources in the OS kernel happen at layer 6.
7. Application, This is the later applications connect to in order to do networking. A webbrowser fetches web pages from this layer. This layer one might consider a data format. A TXT file vs a Json file. Mime types exist at this Layer. Layer 7 in the packet is the raw data unenveloped by network dressing that tells the network about it.

Architecting Storage Solutions in Google Cloud Storage

Object Storage

Object Storage is common to all cloud systems and has its roots way back in 2006 with Amazon S3 and Rackspace Files/OpenStack Swift and Google Cloud Storage in 2010. These systems are for storing files or documents as objects as opposed to a directory filesystem. Instead of hierarchical the particulate nature of object storage treats everything atomically. You can't seek and read parts of the file, you can't tail off of object storage. You can get, put, delete objects. Their organization depends on the system.

Architecting Compute Engine Solutions in GCP

Compute Engine Services

Each of these services have different use cases. You'll have to know how to select the right one for your requirements.

Service	Use Case	Fancy Buzzword
Compute Engine	If you need root access and are running multiple processes in the same operating system instance.	Infrastructure as a Service (IaaS)
App Engine	You need to run a nodeJS, Java, Ruby, C#, Go, Python or PHP application quickly with no configuration or management.	Platform as a service (PaaS)
Cloud Functions	You need to run a serverless routine.	Executions as a Service (EaaS)
Cloud Run	Run individual containers.	PaaS
Kubernetes Engine	Run several docker containers in group.	Containers as a Service (CaaS)
Anthos	Run containers in a hybrid or multi-cloud environment.	Hybrid CaaS

List of Site Reliability Engineering Practices

Penetration Testing

Container or virtual machine policy enforcement

Binary Authorization

Official Resources

• Load Balancing and Autoscaling Compute Engine
• Cluster Autoscaling Kubernetes Engine
• The Official Google Certified Professional Cloud Architect Exam
  Guide
• Exam FAQ
• Sample Questions
• GCP Documentation

Desiging Solutions for Technical Requirements

High Availability

High availability is a key characteristic of any reliable system, and is typically measured by what is known as the "99999" rule. This rule states that a system must be operational 99.9999% of the time in order to be considered highly available. This equates to a maximum downtime of just over 5 minutes per year. In order to achieve such a high level of availability, a system must be designed and implemented with care, and must be constantly monitored and maintained. Additionally, a high availability system must have a robust service-level agreement (SLA) in place in order to ensure that the system meets the required availability levels.

List of All Managed Google Cloud Platform(GCP) Services

Service	Type	Description
AutoML Tables	AI and Machine Learning	Machine learning models for structured data
Recommendations AI	AI and Machine Learning	Personalized recommendations
Natural Language AI	AI and Machine Learning	Entity recognition, sentiment analysis, language identification
Cloud Translation	AI and Machine Learning	Translate between two languages
Cloud Vision	AI and Machine Learning	Understand contents of images
Dialogflow Essentials	AI and Machine Learning	Development suite for voice to text
BigQuery	Analytics	Data warehousing and analytics
Batch	Compute	fully managed batch jobs at scale
VMware Engine(GCVE)	Compute	running VMware workloads on GCP
Cloud Datalab	Analytics	Interactive data analysis tool based on Jupyter Notebooks
Data Catalog	Analytics	Managed and scalable metadata management service
Dataproc	Analytics	Managed hadoop and Spark service
Dataproc Metastore	Analytics	Managed Apache Hive
Cloud Composer	Analytics	Data workflow orchestration service
Cloud Data Fusion	Analytics	Data integration and ETL tool
Data Catalog	Analytics	Metadata management service
Dataflow	Analytics	Steam and Batch processing
Cloud Spanner	Database	Global relational database
Cloud SQl	Database	Regional relational database
Cloud Deployment Manager	Development	Infrastructure-as-code service
Cloud Pub/Sub	Messaging	Messaging service
Bigtable	Storage	Wide column, NoSQL databases
Cloud Data Transfer	Storage	Bulk data transfer service
Cloud Memorystore	Storage	Managed chage service using Redis or memcached
Cloud Storage	Storage	Managed object storage
Cloud Filestore	Storage	Managed shared files via NFS or mount
Cloud DNS	Networking	Managed DNS with API for publishing changes
Cloud IDS	Networking	Intrusion Detection Systems
Cloud Armor Managed Protection Plus	Networking	DDos Protection with Cloud Armor's AI adaptive protection
Service Directory	Networking	Managed Service registry
Cloud Logging	Operations	Fully managed log aggregator
AI Platform Neural Architecture Search (NAS)	AI Platform	AI Search
AI Platform Training and Prediction	AI Platform	NAS training
Notebooks	AI Platform	JupyterLab environment
Apigee	API Management	API Gateway security and analysis
API Gateway	API Management	API Gateways
Payment Gateway	API Management	integration with real-time payment systems like UPI
Issuer Switch	API Management	user transactor deployment
Anthos Service Mesh	Hybrid/Multi-Cloud	devide up gke traffic into workloads and secure them with istio
BigQuery Omni	Analysis	Use BigQuery to query other clouds
BigQuery Data Transfer Service	Analysis	Migrate data to BigQuery
Database Migration Service	Storage	fully-managed migration service
Migrate to Virtual MachManaged Service for Microsoft Active Directory (AD) ines	Migration	migrate workloads at scale into Google Cloud Compute Engine
Cloud Data Loss Prevention	Security and Identity	discover, classify, and protect your most sensitive data
Cloud HSM	Security and Identity	Fully managed hardware security module
Managed Service for Microsoft Active Directory (AD)	Identity & Access	Managed Service for Microsoft Active Directory
Cloud Run	Serverless Computing	Run serverless containers
Cloud Scheduler	Serverless Computing	cron job scheduler
Cloud Tasks	Serverless Computing	distributed task orchestration
Eventarc	Serverless Computing	Event rules between gcp services
Workflows	Serverless Computing	reliably execute sequences of operations across APIs or services
IoT Core	Internet of Things	Collect, process, analyze and visualize data from Iot devices in real time
Cloud Healthcare	Healthcare and Life Sciences	send, receive, store, query, transform, and analyze healthcare and life sciences data
Game Servers	Media and Gaming	deploy and manage dedicated game servers across multiple Agones clusters