Transcript for:
Google Cloud Digital Leader Study Guide

hey this is Andrew Brown your Cloud instructor at exam Pro bringing you another complete study course and this time it's the Google Cloud digital leader made available to you here on free code Camp so this course is designed to help you pass and Achieve Google issued certification and the way we're going to do that is by going through lots of lecture content follow alongs and using my cheat sheets on the day of the exam so you pass and you can take that certification and put it on your resume or LinkedIn so you can get that Cloud job or promotion you've been looking for just a bit about me I was previously the CTO of multiple edtech companies with 15 years industry experience five years specializing in the cloud I'm an AWS Community hero I publish many free Cloud certification courses just like this one and I love Star Trek and coconut water I just want to take a moment here to thank viewers like you because you make these free courses possible if you're looking for more ways of supporting more free courses just like this one the best ways to to buy the extra study material at exampro.co and in particular for this certification it's gcp hyphen CDL there you can get study notes flash cards quizlets downloadable lectures which are the slides to all the lecture videos downloadable cheat sheets which by the way are free if you just go sign up practice exams you can also ask questions and get learning support if you want to keep up to date with new courses I'm working on the best ways to follow me on Twitter at Andrew Brown and you I'd love to hear if you've passed your exam or what you'd like to see next so there you go [Music] hey this is Andrew Brown from exam Pro and we are at the start of our journey asking the most important question first which is what is the Google Cloud digital leader so the digital leader is a fundamental or a foundational Cloud certification that introduces you to the Core Concepts of cloud and Google cloud in particular so the certification will demonstrate a person can Define and understand digital transformation Cloud Concepts core services such as compute storage databases and networking security and cost management for fundamental certifications they like to always put a bit of emphasis on security and cost management and for the digital leader there's a lot of talk about digital transformation which is a industry term but Google uses it quite frequently not in the exam questions themselves but something we'll have to understand the certification has no known course code so I'll be calling it the gcp CDL this is the first certification you should obtain in your Learning Journey and I'll show you in the next slide uh why that is this is an easy course to pass however it is more challenging than other fundamental certifications so we'll spend quite a bit of time just describing it compared to other fundamental certifications so here is the gcp roadmap as you can see there aren't a lot of certifications for gcp which is a good thing because it's very focused however it's a bit laid out differently in the in the fact that they have professional certifications and these are not necessarily difficult so when you see a professional certification for AWS you know it's really hard but some of these or most of these are like the difficulty of an AWS associate which is a bit odd then they have an associate tier where they only have a single certification and then we have the New Foundation certification the one we're looking at today the cloud digital leader I've also divided this here we have the professional and I these are also professional certifications here but I kind of treat these as Specialties and that's what this line indicates okay so uh in terms of your learning path you should start with the cloud digital leader and especially for gcp just because of the way they write the questions it's so different from the other providers I strongly recommend that you get comfortable with the cloud digital leader very common to go for the cloud engineer and after that the cloud architect the cloud architect is like the solutions architect associate of gcp uh I mean it's harder than the uh the solution architect associate but it's not hard overall and it's not as uh code heavy or technology heavy it's More Concept heavy from there you can move on to the cloud developer or the devops just depends on your specialty and then in the Specialties it's up to you what you want to do collaboration engineer is a very unusually named certification this one in particular is it's like Administration so like it's uh you know setting up your organization and and networking it's a very odd name for a certification um but they have it there if it was me if it was me going into the Specialties I'd either go for the cloud security engineer data engineer or machine learning engineer Cloud networking I don't know how useful that is neither is the collaborator okay so how long should I study to pass the gcp CDL so if you're new to gcp you're looking at 25 hours of study this is longer than what I generally recommend for study times for fundamentals but because the exams are more difficult we'll talk about in a moment that's why it's higher if you've already passed the certified AWS certified Cloud partitioner or the Azure fundamentals you're looking at a 15 hour study time um you know there is a lot of transferable information but again it's the fact that their exam questions are uh more difficult if you've passed either the solutions architect associate or the Azure administrator you're looking at a very short study time you'll be able to knock this out in a few days okay so my recommended study time is one to two hours for 14 days uh generally with the AZ 900 or the certified Cloud petitioner I would say just book it by the end of the week for this one you need a little bit of extra time so if you want to book the exam to have confidence and make sure you're going to commit to your studies I'd say book it 10 days 11 days or even 14 days in advance okay so how does it compare against the AWS Cloud partitioner and the AZ 900 so the we'll use the cloud practitioner as the Baseline for our fundamental certifications because it was one of the earliest ones it's also one of the like the best written ones okay then we have our Azure fundamentals the AZ 900 and then the Google digital leader so Baseline is going to be one right and so the clf c01 is the easiest fundamental certification still is today as straightforward services and straightforward questions well-ridden questions and that's what makes it so easy to pass and to grasp Cloud fundamental knowledge for the Azure fundamentals this is the AZ 900 it's a bit harder than the certified Cloud practitioner just because azure's services are a little bit more muddled Azure likes to or Microsoft likes to meet everyone's demands and so they really tack on a lot of stuff but that adds to a lot of confusion whereas AWS is very isolate Services the questions are slightly more difficult just the way they word them and so let's say it's 1.5 times harder when we're looking at the Google cloud or the cloud digital leader it's three times harder than the cloud practitioner and I believe that this was actually by Design because I think that a lot of people think that while because of the cloud practitioners very easy that it doesn't hold a lot of value so gcp does not decided to just make this harder I don't really agree with that approach but that's what they did now the services in gcp are probably the easiest to learn out of all the providers they're very very straightforward but the questions are presented in a business-like scenario so it's a lot like the solutions architect associate exam and that makes it a lot harder to um to study for because you'll have to spend more time with practice exams okay and there are some Services where you'd expect additional knowledge so one example would be cloud storage or you have to actually know the the tiers of cloud storage it's something that you wouldn't see like AWS with S3 you wouldn't have to know that and so there's those kind of stuff another thing is they just have a lot of tricky questions or poorly worded questions I'd say out of the three they have the worst written exam questions uh now to say that doesn't mean you shouldn't go get the cloud digital leader I have this course here for a reason I believe there's a lot of value here but you just have to understand that you know there's trade-offs depending on what you do with all these things okay so uh where are you going to take this exam well you can take it in person or in an online from the convenience of your own home with other providers you usually use PSI and Pearson VUE but Google uses Criterion and actually the exam experience was really good I liked it out of every single um online Proctor system I've ever used Criterion is great I don't know if they're switching over to proctoru they were using it for the G Suite certification um prior and so I don't know if they're going to switch providers it's I'm not really I've read it at one place they said they were but now they're not so I don't know but anyway if you are going to use Criterion it's pretty easy to use uh if you've never heard the term proctored it just means that there's somebody or there's a supervisor monitoring you right so even if you take it online what they'll do is they'll ask you to like uh at the start of the call to say Okay show us under your desk all four walls make sure you're not cheating right so they're there to monitor you okay and a proctor is technically also in person but a lot of times we say Proctor exams we're referring to the online exams so what does it take to pass the example you got to watch the lecture videos memorize key information you're going to need to do Hands-On labs and follow along within your own gcp account now this is the thing um if you read the if you read the requirements for gcp they say you don't have to do any follow alongs and that is a hundred percent total lie so uh it's just like there's no way there's no way you'd pass without doing follow along so I put in some follow-ons to help you cement that knowledge in this course okay uh do paid online practice exams normally for fundamental certifications you can get away with not doing them so like the AZ 900 or the certified Cloud petitioner it's that easy but in this case you absolutely 100 percent need practice exam questions because just the way they word them they're so hard and I'm going to tell you right now I'm the only provider that I know of that actually have these questions because um you know I took the exam the day it came out and I was the first to make sure I had a lot of questions okay so this again this is harder this is very hard to pass without practice exam questions so um you know go on the platform sign up and help support more free courses but if you do pass without using uh practice exams I'd love to hear uh like uh to you and like how much extra time you had to study okay for the content outline here's another Oddity that they don't do is they don't break down each of the domains usually you'll have a percentage here saying like Okay you're gonna get 20 of questions of this so we know where to focus our time but Google doesn't do that so we'll just read through the domains here so setting up a Cloud solution environment planning and configuring a Cloud solution deploying and implementing a Cloud solution ensuring successful operation of a Cloud solution configuring access and security and the distribution of these domains are not known we do not know what they are however on the marketing website they said the following they said well general knowledge General Google Cloud knowledge and Google Cloud product services this is what the breakdown is this is not very helpful because I mean we need to know what these are right because this is what they're testing us on there's a huge breakdown for this but I mean like I guess you kind of get the idea so um do I think this is reflective yeah sure I guess so um in terms of grading you just have to get a 70 to pass it is uh scaled like most other Courses mean that it's not always uh exactly 70 to pass but generally that's what it's going to be in terms of the type of questions you'll get 60 of them so you can afford to get 18 wrong there's no penalty for wrong questions the formatted questions are multiple choice and multiple answer I think I only saw one multiple answer like out of the whole course so it was mostly multiple choice which is great but again the questions are the the actual body of the questions is the hard part okay for the duration you get 1.5 hours you get additional time a lot of other providers give you only an hour so I really appreciate they gave me extra time I cleared it within 30 minutes but I imagine that if you know if this is your first time you'll need that full time make sure you utilize all of the time when you're taking that core uh when you're taking the exam you're gonna get 1.5 minutes per questions other providers that only give you one minute per question so this exam time is 90 minutes the C time is 120 Minutes see time refers to the amount of time that you should allocate for the exam so that includes time to review instructions Show online Proctor your workspace read and accept the NDA complete the exam provide feedback at the end of the exam uh and so you do want if you're taking it online you have to show up early okay and be ready make sure your laptop is plugged in this is actually valid for three years which is great um AWS used to have them for two years I think they extended the CCP to three years Azure is they're just good forever but I like this thing where it's just three years but there you go so that is um the introduction here and what we'll do is we'll go take a look at the actual exam guide so I can just kind of talk through some of the things there like what I thought actually showed up on the exam as opposed to uh didn't okay [Music] hey it's Andrew Brown from exam Pro and we are taking a look at the official exam guide on the Google Cloud website now it's a bit different than other providers which will give you a downloadable PDF but that's not what Google does they just make it inline HTML but before we do that we're just going to look at the exam overview so here you can see where I grab those General percentages it's a hundred dollar registration fee uh 90 minutes this is going to vary based on your region probably but I mean I assume it's always showed up in USD dollars they do have some recommended resources um which you can click through like these here and they are terrible and they are not relevant to the exam and I actually went through every single one of these because I thought that I might be missing out on some information I'm going to tell you waste of time don't do it um I mean like if you wanted to kind of get like indoctrined into the way Google thinks about their products sure but I did not like them whatsoever they're all available like via quick Labs there's probably Coursera courses but the reason I make this course is because I don't want you have to pay for something to get access to that and that's the whole reason here um now there actually are there are really good Resources by Google cloud or developer Advocates and that's stuff that I do recommend but this stuff absolutely not but let's make our way over to the exam guide okay and here it is it's a pretty darn long and so we'll just work our way down here and I'll just say like what I saw on the exam and what I didn't okay so at the top here we have defined basic Cloud technology so uh know the difference between traditional infrastructure or public private Cloud yeah I think I saw one or two questions on that where you had to choose between private or public Cloud Define Cloud infrastructure ownership so that's the I don't know what that means I assume that just means the shared responsibility model the share responsibility model did not show up on my exam and neither on my uh support Engineers so you know that wasn't uh very useful information essentially essential characteristics of cloud computing again uh I think actually I did see one it was uh like multi it was my only multi-select one so yeah I suppose you'd have to know that um Google doesn't have like a official definition of characters of cloud computing like Azure and AWS does so I kind of just provided one that was between the two of AWS and Azure okay another difference between uh past infrastructure service software service definitely saw questions on that describe the trade-offs between levels of management uh flexibility when comparing cloud services didn't see any questions on that to find the trade-offs between costs versus responsibility didn't see any questions on that either appropriate implementation alignment with given budget resources so there they might be talking about like different kinds of built-in Cloud reports or using budget alarms so that was definitely on the exam so you'd want to know that capex and Opex total cost of operations okay so AWS calls it total cost of um ownership I guess operations is what Google calls it never saw that in their documentation by the way but I included it because I assumed you know you need to know it they don't ask that there they might have had a I think they had like a example of a capex so there was one for that recognize the relationship between the two summarize the cost differences between cloud and on-premise environments not necessarily a direct question to it but a lot of questions revolve around migration or uh you know the difference between on-premise and Cloud so not necessarily call out to those questions but part of a lot of questions okay recognize uh your or general Google Cloud knowledge recognize how Google Cloud meets compliance requirements locating current cloud Google Cloud compliance requirements um nope never never had a question on that familiar with compliance report manager never had a question on that recognize the main elements of Google Cloud resource hierarchy uh yeah they actually had quite a few questions on this and these ones are hard you know I don't even know why they put this in at the fundamental level just seems too hard but I I cover this in the course for sure describe controlling and optimizing Google Cloud costs so Billy models so that's the different bill built-in models or reports Define a consumption based use model so this is all like about billing like sustainable you like sustained billing and on demand and whether you use something that is um uh like you're using reserved compute things like that describe Google Cloud's geographical segmentation strategy this is what I was surprised about the most is that there was no Global infrastructure questions on my exam whatsoever and I always give a lot of attention to Global infrastructure and networking because those are some of the hardest Concepts to understand the fundamental level but they didn't have any questions whatsoever they just focused a lot more on resource hierarchies and migration Define Google Cloud Support options uh never ever saw a single question on support like hey what do you get if you get Enterprise no questions nothing on slas either describe the benefits of Google Cloud VMS Google so compute engine VMware engine bare metal didn't have any questions on that custom versus standard sizing um nope free premium and Custom Service options attached storages preemptable VMS of course you need to know what uh preemptable VMS are but like this stuff not really like there's no questions around bare metal identify and evaluate container-based compute options so Define the function of a container registry distinguish between VMS containers Google kubernetes engine no not really I think I might have had one question about containers I like to use cloud run identify and evaluate serverless compute options to find the function and use of app engine yes I had a few questions on app engine between the distinction of standard versus flexible so you need to know those two different plans nothing on cloud functions Define rational rational for versioning with serverless compute auctions didn't have a question on that cost and performance trade-offs to scale to zero um no no questions to that identify and evaluate multiple data management offerings so describe the difference between Google Cloud's relational non-relational database uh yeah I had quite a few questions on that so uh I saw all four of these options presented to me during questions describe Google Cloud's database offering and how they compare commercials offering nothing on that distinguish between mlai offerings I I think they had like one question about ML and it was just like what would you use to do vision and it was like Vision API you know that was it okay uh moving data around between pipelines uh yeah there was a lot of questions about migration so you know you had to know clearly the difference between these offerings here apply use case to a high level Google Cloud architecture so software development lifecycle never mentioned in the exams describe Google Cloud platform visibility alert offerings like that's just like billing alarms budget alarms whatever they call them describe solutions for migrating workloads lots of stuff on this lots of stuff on Migrate for anthos migrate to compute engine something you need to know down through networking no networking in the in the exam whatsoever never ever I don't even cover this in the course I don't think sd-wan but it was not on the exam and I would not expect this on a fundamental certification just makes no sense describe the best connectivity option between networking security requirements um so you should know like interconnect and then establishing secure connections via VIA VPN so those are pretty standard private Google access um yeah so that's just making sure that you have an instance that doesn't go out to the internet Define identity and access features considering included so Cloud identity uh Google Cloud directory sync I am so all of those so yeah um that gives you kind of an idea um you know I would say this is not very reflective of the actual exam you know what I mean like I'd say like you know 60 70 of the stuff I saw um and I think maybe it's just that uh it's still early days and so if you're watching this from a year from now from I publish it maybe they've made more questions but I was just thinking that they just don't have a very large question bank because when I had my support Engineers take it they're getting pretty much the same stuff as I was where there was like why wasn't there any Global infrastructure stuff so you know um I was very thorough in this course because I just did not know what I was going to get and there was nobody else before me that made this course uh so I just covered everything just in case so if you're watching this from a year or two from now you should be in very good shape because I was very thorough okay foreign [Music] hey this is Andrew Brown from exam Pro and what I want to show you here is an additional resource that I think is going to help you pass the Google Cloud digital leader and so I'm here on the cloudgirl.dev and this website is by Priyanka she's a Google developer advocate so she knows her stuff but what I find that's really useful is she makes all these great sketches that help visualize a lot of the core services so you know I'm not doing tons of visualizations in the course uh and I'm just giving you just the need to know information but if you check these out it might help you cement the information a bit better and of course there's a lot of accompanying uh videos to these sketches here so if you go to the cloud Girls YouTube there's a lot of great videos here so strongly recommend that if you feel that you you feel that there's a deficit whether it's a compute engine or gke or whatever just to go check out these additional resources okay foreign hey this is Andrew Brown from exam Pro and we are at the start of our journey for the cloud digital leader Google Cloud certification asking the most important question first which is what is cloud computing so cloud computing uh per definition is the practice of using a network of remote servers hosted on the internet to store manage and process data rather than a local server or personal computer and the way I like to think of it is that if you're on premise you own the servers you hire the IT people you pay the rent and the real estate you take all the risks but when you're using a cloud provider someone else owns the servers someone else hires the IT people someone else pays or rents the real estate and you're only responsible for configuring cloud services and code and someone else takes care of the rest okay [Music] so to truly understand cloud computing we have to understand how we got to Cloud hosting and the way to do that is we're going to walk through uh how servers changed over time and uh the benefits and drawbacks to these different types of servers so the First on our list here is a dedicated server this was a physical machine that you would go out to a store and you'd purchase and you'd put it in your office you'd have to set up the networking install everything even installed the operating system and the great thing about these things is that you would get full control over your server and so theoretically you would have the highest level of security possible I say it's theoretical because of course with cloud computing you have all these additional services that monitor and do things for you but this was again the earliest option out there and so they're still in use we still have dedicated servers today but you know it just made it very inaccessible for most people to be able to run web apps or Etc then we had virtual private servers so we're still using one physical machine but now what we've done is we've isolated a virtually isolated our application using something called virtual machines basically into sub machines and that allows us to run multiple workloads because if you have different machines with or sorry different apps with different requirements by virtualizing the machine we're now able to meet the needs of each application and so that was the evolution there going from there we had shared hosting this became very popular in the early 2000s if you've ever used GoDaddy or HostGator you've used shared hosting the idea is you'd have one physical machine and instead of virtually isolating each customer or tenant from each other you just had a folder on the machine and you could have hundreds and hundreds of businesses on a single machine and the way the system worked is that you know you had limits in place but also there was an expectation that there just would be a lot of people that would be under utilizing the physical machine and so there'd just be a few people that might over utilize it and so it'd work out to be very cheap but you know because it's not full virtualization you don't have full access to the OS and things like that so it was very limited and there is also the chance that some other customer could end up over utilizing the machine and that could impact your workload all right so then came along Cloud hosting and this is where instead of having a single machine you had multiple machines and they would have virtualization right and so the idea is that now you could have a lot more customers on the exact same machine and it's highly distributed so you don't have to worry about One customer over using a single machine and you basically get the best of all worlds so it's flexible scalable it's really secure it's really cost effective it's highly configurable and that's basically the reason why Cloud hosting or cloud computing is so uh popular today [Music] so before we talk about Google Cloud we need to ask ourselves what is Google so Google is an American multinational technology corporation headquartered in Mountain View California and its claim to fame was in 1996 when they invented the Google search engine and so uh the reason why this is such a big deal was that prior to Google and really it didn't really take off until 2000 because I remember when this thing came out where we saw Mass adoption but it was just that other search engines at the time like Alta Vista hotbot all the ones out there just couldn't do a very good job of finding things but Google was smart that they would actually look at the contents of web pages they would cache them and that's how they would determine whether to serve you content another very impressive thing that they did was they didn't use high-end machines that didn't have the money but they had the money to buy up a bunch of low end machines and that created new technology to distribute compute and storage across those machines and that technology is now open source and it's called Hadoop and we'll talk about it later in the course but that is something that was very impressive as well so the name Google is actually a play on the word Google it's just a different spelling and that word precisely means 10 to the power of 100 and so if you represent it out in this way the idea was that you had a one followed by a lot of zeros and so I guess this is Google saying hey we are a data driven company we work with a lot of data and that's true they do Google is also an initialism for Global organization of oriented group language of Earth you can tell that they came up with the word Google and then they just decided to try to make it uh into something make it to something so I know that doesn't make a whole lot of sense so that's just you know they're having fun I guess back then another thing we need to understand is what is a cloud service provider so a cloud service provider commonly abbreviated to CSP is it company which provides multiple cloud services and those cloud services can be chained together to create Cloud architectures so here is a technical architecture for gcp and this is actually a web application and this is a pretty standard one so you might run your web app on a compute engine which is where your virtual machine is you might have assets and things you need to store into cloud storage so this is like your files and stuff you need a database so maybe you need a postgres data base like Cloud SQL you might have a CDN that sits in front of your web app just to Cache commonly occurring Pages then you need a mechanism to actually deploy the application so maybe you want to set all this up deploy multiple apps the same structure so you can use cloud deployment manager and maybe you have a really fun uh or a very useful way of doing customer support by having a conversational AI like dialogflow so there are lots of applications out there so this combination can get very uh very variant but this is a pretty common example okay so now the question is what is the Google Cloud platform well this is what Google calls their uh their because they are a CSP so this is what they call uh their platform and it's commonly referred to as the gcp and also it's Google Cloud so I don't know why but they don't use the word like in their logos they don't use the word platform but everyone knows it as Google Cloud platform and we all call it gcp and the first service they came out with was app engine all the way back in 2008 I don't remember them calling it Google Cloud at the time I think it was just they wanted a way for people to be able to deploy applications really easily uh so I'm a little bit fuzzy about that there but now you know when we look retroactively back you can say Okay app engine was the first service they ever released then there's also Google workspace and you're probably familiar with this uh because everyone got their Gmail over 10 years ago and so Google workspace it's just a rebranding of G suite and so it's a bundled offering of SAS products for team communication collaboration for an organization so there you got Google Calendar Gmail Google meet Google Drive Google Sheets Google Docs Google slides and you know this course isn't really about Google workspace or the G Suite but you know it does overlap because when we talk about identity getting access to your Google Cloud console things like that it can tie into Google workspace and so that's why I mentioning it here and you're going to see it mentioned a few times in this course okay [Music] so let's talk about the benefits or the advantages of cloud computing no matter what cloud service provider you're using you need to know these and they're generally six to seven points and in particular for Google Cloud they don't ask you these questions on the fundamental exam like they're not going to say can you tell me three of the six but uh they do matter you need to know them because uh contextually they help you understand how to answer other questions okay and so Google doesn't really have a list like like Azure native will actually have a page and they'll say exactly what they are and so I just had to repurpose these uh from Azure here just to so that you can understand what they are okay so the first one is that cloud computing is cost effective you pay for what you consume there's no upfront cost so the idea here is that you have on-demand pricing or pay as you go so when we're talking about AWS likes to call it on demand and Azure likes to call it pay as you go and and so that's just two different ways of saying it but the idea here is you have thousands of customers sharing the cost of resources remember when we looked at um Cloud hosting and we saw that there was more than one customer on the same machine that's how we're talking about it being cost effective because you don't have to pay for the entire machine another benefit is that cloud computing allows you to go Global within minutes okay so the idea is you if you want to launch a workload in Canada in the US in the UK wherever they have a region you just choose that region and you can launch that that's a huge Advantage than having a server in-house whereas the larger on premise on-premises they might only have two data centers in the US and that's just not sufficient okay then we're talking about security the cloud provider takes care of the physical security and a lot of their services by default are designed to be secure so they're less likely to have issues right they're gonna they're gonna try to enforce best practices and try to lean you towards something that is uh going to be better for your benefit fit and you have granular access to control anything you want so this is something you might not have if you were self-hosting but you can say I only want this particular user in my Google console to only be able to launch instances they can't shut them down maybe they can only choose a particular size and so that level of granular control really does make it a lot more secure okay then you have reliability so a lot of services will have the ability to back up they will have they might have built-in Disaster Recovery or make it easy to strategize for Disaster Recovery you could have data replication and fault tolerance so that is something that is just a lot more better than uh than on-premise okay there's scalability so the idea is that when you need more resources you don't have to go out and buy a machine you just press a button and now you have additional additional compute and if you're not using it even like two minutes later if you say I don't need this anymore you just shut it down and so you only have to pay for the duration that it runs and the idea is you can scale up very quickly uh so you know the the Your Capacity is very fitting to that then there's a concept of elastic and so scale scalable means you have the ability to add or remove machines or or compute or storage but elastic means that you can also automate that so the idea is that imagine you have a web app and a week goes by and you know the weekend's coming up it's Black Friday so you know there's going to be a lot of sales and so you might not be around to provision enough machines you might not know how many machines to provision for that event but uh with uh the cloud you can automate it so it'll just say okay you have a lot more capacity now we'll just do it for you we'll spin it up to meet whatever that demand is and when people stop using it we'll we'll scale down the machines for you we'll just get rid of them for you okay and the last Point here is that the cloud is always current so the idea is you have all this underlying hardware and it has to be patched it has to be upgraded there's always new technologies coming out and that stuff is being swapped out all the time by the cloud provider and they're experts at it right whereas if you bought a physical machine you're going to hold on to it for like 10 years but they might be switching out machines every year okay so you're going to have uh you know the Best in Class Hardware underlying okay or access to things okay foreign [Music] hey this is Andrew Brown from exam Pro and we're going to take a quick look at the four main categories of cloud services that you'll find on a cloud service provider so a cloud provider can have hundreds of cloud services that are grouped into various types of services and the four most common types I like to call these the four core is and specifically for infrastructures of service and we'll talk about IAS in the next video but we have compute so imagine having a virtual computer that can run applications programs in code then you have storage so imagine having a virtual hard drive that can store files you have networking so imagine a virtual Network being able to Define internet connections or network isolations and you have databases so imagine a virtual database for storing reporting data or a database for general purpose web application so those are the four core and we're going to give them some additional attention this course around the Google Cloud offering because we're going to see them in the exam and that's usually what these fundamental certifications are testing you on okay and so for Google they have 60 plus cloud services they have fewer than the other ones but for them it's less about having a lot of services and just having very high quality services so it's by Design you know so when you see like Azure has 200 uh it's it's a little bit too much for CCP is like okay we're just going to make sure that these services are multi-purpose you don't have to have as many as these other ones okay and I just want to say that the term cloud computing can be used to refer to all categories even though it has compute in the name so you'll say and I said this I didn't say it up there but you know you might say cloud computing but you really mean everything right it doesn't matter what it is everything is cloud computing okay foreign [Music] just looking at the categories of cloud computing now let's take a look at the types of cloud computing and so we have this pyramid on the left hand side and the idea is that each type is reliant on the technology beneath it okay and so the one at the top is called software as a service also known as SAS and it is a product that is run and managed by the cloud service provider so you don't worry about how the service is maintained it just works remains available the key word here is software so imagine just using any old software but it's over the cloud on the internet so Salesforce Gmail Office 365 you could even consider Facebook or Twitter software as a service okay and these are specifically for customers the next layer is platform as a service uh also known as pass and this focuses on the deployment and management of your apps so you don't worry about provisioning configuring or understanding the hardware OS you can just upload your code and it will do the rest okay and so here we would have things like elastic Beanstalk on AWS Heroku or Google app engine and this is the original logo and I always love this logo so I use it whenever I can but the idea is that if you have a web application you just want to deploy it and just focus on your code that's what a pass is and this is specifically for developers and then on the bottom we have infrastructure as a service iaas there's no easy way to say say this as one word but this is the basic building blocks of cloud it provides access to networking features computers and data storage space so you do not worry about the IT staff the data center and the hardware and for this we have Microsoft Azure AWS for Google cloud and this is specifically for admins and basically when we talk about a cloud service provider one of the key components or characteristics of a closet service provider is that they have an infrastructure as a service offering if they don't have that we don't usually call them a cloud service provider we just call them a cloud platform and Google Cloud originally was a cloud platform you didn't have iaas offerings and so that's probably where the origin of the name comes from okay foreign [Music] hey this is Andrew Brown from exam Pro and we are looking at the Shared responsibility model and this is a simple visualization that helps you determine what the customer is responsible for and what Google is responsible for related to the Google Cloud platform and every cloud service provider has one of these models they vary generally the categories are different they just break them down slightly different but generally they're all the same so we're going to spend a little bit extra time with the shared responsibility model just because it does show up on the exam and it's a very important concept so I just want to make sure that you know it crystal clear and from all angles okay so generally these things are broken down into different categories so we have infrastructure as a service platform as a service software as a service the types of cloud computing and then we have along the side a bunch of categories of responsibilities and this again these are Google specific ones so you have content access policies usage deployment web app security identity operations access and authentication network security guest OS us data and its content audit logging networking storage and encryption Hardware kernel IPC it's an inter protocol something something it doesn't matter but it's just something the level the boot hardware and so the idea is that you have things that are Google responsible and things that you're responsible for so for a software it's a service and notice how much blue there is you have the least responsibility which is great because then you can just focus on fewer things but remember SAS is something like Microsoft Word so imagine what you could put in Microsoft Word you'd write your article right that's the content you might share it with somebody and you're just using the platform so that's SAS then you have platform as a service remember this is like something like app engine where you have your web application you built it Ruby on Rails larvarell next.js whatever you want you deploy it you upload your code so that's the content itself and you you have to choose how you want to deploy it and you're responsible for the security of that application because you're the one who built it right um so there's that there's infrastructure as a service this is the basic building blocks the idea here is you can launch a virtual machine and so if you do that then you are responsible for the guest OS so you're actually adjusting OS layer stuff and then everything under uh underneath is um is Google's responsibility so the customer is responsible for the data and the configuration of access controls that reside in gcp the customer is responsible for the configuration of cloud services and granting access via permissions notice I keep using the word configuration I highlighted in red this is to help you remember if you can configure it you're responsible for it Google is generally responsible for the underlying infrastructure so it's the hardware this is a concept from AWS I wish all of them would use it but the idea is there's in the cloud and of the cloud so in the cloud is talking about you the customer if you can configure or store it the customer then you are responsible for it and of the cloud is if you cannot configure it then Google is generally the one that is going to be responsible for it okay [Music] so now that we've looked at the Google's shared responsibility model let's take uh something like compute and compare it across different types of cloud computing so we can understand and practice uh you know what we would be responsible for or not responsible for so we have infrastructure as a service platform as a service software as a service and notice we have another one here called function as a service you don't usually see these in the shared responsibility model and it is a type of cloud computing but it's kind of a bit of a hybrid okay so it's kind of an edge case and it's going to just help us understand some of the caveats and how these models are a little bit flawed okay so starting at the the bare bottom where we have the most responsibility is with bare metal and so bare metal um just means that uh it's a physical machine and you're basically responsible for everything else you just want the the cloud service provider to take care of the hardware for you so you have control over the host the host operating system so literally what's going to be installed on the uh at the lowest level and so at this level that means you can control the hypervisor if you want to install some type of different kind of virtualization or have no virtualization all it's all up to you and so you are the most responsible this layer then you have VMS virtual machines and so this would be compute engine I wrote compute engine here because I'm not really sure what the offering is for bare metal bare metal is expensive so that's just why okay but for uh virtual machines uh here the idea is you're responsible for the guest OS configuration level that's the OS that is running when you have um you know a sub machine running on top of the hypervisor you can also install a container runtime and so when you think of and technically uh technically this is a little bit of an odd one because for Google you can actually check box on and say I want this virtual machine to have containerization so technically technically this would be Google's responsibility but if you wanted to you could install your own container runtime okay and so uh here we see Google is responsible for the hypervisor and the physical machine all right looking at containers and we have a few different options here but we'll talk about Google kubernetes engine gke and the idea here is that you are not worrying about the OS anymore you're configuring your containers and you're worried about the deployment of the containers and the storage of your containers so Google's taking care of the the OS if there's a hypervisor a hypervisor and if there's a and the container runtime so they're doing a lot of stuff there and so you're getting less and less responsibility then you have platform as a service so this would be a managed platform like app engine and so here you're just uploading your code you're say you have some configuration of the environment you have to choose the type of deployment strategy you want you have to configure any Associated services but Google is going to be responsible for the server the OS the networking the storage the security a lot more stuff okay then you have software as a service there's not a lot of SAS products on Google Cloud but like we'll just pull it from the Google workspace or G Suite like Google Docs and so here you're just worried about the contents of the documents the management of files the configuration of sharing access controls and Google is just responsible for the server the OS Network the Storage security uh deployments other like more more stuff than platform of service then you have function as a service and this one's a bit of an oddball because uh here it is this serverless compute okay Cloud function is a serverless but you upload your code sounds a lot like platform as a service but you don't have to worry about deployments about scaling anything else it takes care of everything so deployment container runtime networking Storage security physical machine uh you know every everything okay there's another service I don't have it on here but it's called um it's called Uh Cloud run and that is a serverless container and so that's where you have it and it's it's technically containers it's technically server serverless so it kind of like fits fits in the middle so I'm just saying that there's some variation there the exam is not going to be that hard to figure out what these are but I just want you to know that there is some caveats or variations to this stuff okay it's not clear cut as you might think it is just to give a better visual here we'll just go across bare metal dedicated host virtual machines container functions we didn't cover this I just didn't have room but there was sole tenant node because when you have a virtual machine right a virtual machine can either be single tenant or multi-tenant and so what that means is that when it's multi-tenant and that's the whole advantage of cloud is that you have the same you have multiple customers using the same physical machine but you're virtually isolated using having your own virtual machines but if you wanted to have the entire physical machine you could have a sole tenant node so you're the only person on that physical machine with those virtual machines and so that's something that's in between Bare Metal and virtual machine okay so just looking at the responsibility of the customer level of control like look at code here so code you're responsible across the board for app containers it's up to the containers it functions you you're not responsible for it for the run time you have control over that in containers right if you want to run Ruby you can just make a ruby Docker file and upload it now you can run Ruby code you know if they didn't support it for the operating system you have control the guest OS here for virtual machines for the dedicated hosts it's still guest OS and then at the bare metal it's Hardware OS for virtualization if you want to change out the type of hypervisor or virtualization method only bare metal is going to let you do that so hopefully that gives you a very clear picture of the shared responsive model in action and for different types of categories it's going to be completely different okay [Music] so let's take a look at an alternate way of viewing the shared responsibility model and this is the way AWS and Azure does it and the reason I want to show it to you is because it's a lot more uh encompassing of everything that the cloud can offer you whereas the Google shared responsibility model is really focused on the application so you can really tell their developers right but it's important for you to understand the full scope so we have the customer and we have gcp so gcp is responsible for the hardware and the global infrastructure so the regions right uh you know like the everything that it has to do with regions uh the zones and zones is a collection of data centers within a region and the fault domains fault domains is a logical isolation isolation of uh Hardware that's within a Data Center and then there's the physical security of the data center they're responsible for that as well right then you have software so this breaks down to the core4 so you got your compute your storage your database and your networking now on to the customer side there's the configuration of managed services or third-party software so that could be platforms applications IAM IM is a big one that's a huge huge component for customer responsibility configuration configuration of virtual infrastructure and systems so operating systems the network firewall so I notice you see networking down below so we're talking about the actual like routers and switching things like this and up here this is like Cloud networking okay this is like I want to create a VPC and I want to have these subnets in it and I want to use these Cloud networking services but you're not really dealing with lower level software like setting up the the switch or the router or things like that okay then you have security configuration of data so uh you know whether to use client-side data encryption whether you are whether you're using server-side encryption whether you turned it on what type of encryption you want to use protecting the network traffic so whether you're monitoring it and put any other kinds of controls to say okay who's allowed to see what and your customer data that's a big one okay so yeah this is basically the AWS and Azure way of looking or sorry I said Azure but it's more like AWS and Oracle Azure actually has their own way it's actually looks a lot more like this and so there's they do on-premise they put on-premise in the mix infrastructure as a service platforms service and software as a service and so they just break it down to here and these are going to look very very very similar to the Googles one so you have applications data runtime middleware OS virtualization server storage networking how menus are one two three four five six seven eight nine these almost almost match up to the OSI layer that's the uh like the layers like the application layer the networking layer things like that and so that's basically how Azure kind of does it but it just helps you to see the names in a different way so you can see there's still data there's no mention of like access controls but it's just assumed that if you have an application you're responsible for it you know things like that okay so hopefully that gives you a really clear understanding of the shared responsibility model [Music] hey this is Andrew Brown from exam Pro and we are looking at the cloud computing deployment models this one's an important one it will show up in your exam so you want to know the difference starting the top here we have public cloud and this is where everything is built on the cloud service provider this is also known as being Cloud native so the idea here and I know this is an AWS example and we're doing gcp just didn't have time to make the new uh the new graphic here but the idea is that you have a virtual machine and a database that's sitting within subnets within a VPC both AWS and Google call their vpcs the same thing so that makes it easy here and everything's contained within the cloud series provider there's no cloud services outside the cloud service provider okay then you have private Cloud this is where everything is built on the company's data center this is also known as on-premise because it's on the premises uh where your office is and so here you would use something like openstack to have private a private Cloud so openstack I believe it's by Rackspace and the idea here is that it gives you a a lot of the benefits where like imagine you want to distribute a virtual machine across many machines you want to have granular permissions like IAM and things like that that's what private cloud is going to do for you then you got hybrid and hybrid cloud is where you are using both private and public cloud and you're connecting them right you're off offloading some of your private Cloud compute storage stuff to the public cloud and that's happening via some kind of hybrid connection okay and then we have cross Cloud also known as multi-cloud a lot of people will call it hybrid Cloud it's not hybrid Cloud hybrid cloud is when you have a private cloud and a public Cloud connected a cross-cloud is when you are using multiple multiple csps and the the workload is spread across them a really good example here is something like Azure Arc or for Google's offering they call there's anthos so the idea is that you have a control plane that will control compute across multiple customers providers in on-premise environments multi-cloud multiple Cloud providers or multi-cloud is just when you use multiple providers but you don't necessarily use data across them okay but Google is going to just treat multi-cloud and cross-cloud as the same terminology all right to try to just kind of give this more of um uh like a business use case or who's using these things we talk about uh for uh Cloud this is or public Cloud we're fully utilizing cloud computing this is where we're using cloud and on-premise and this is where we're deploying on premise using virtualization it's sometimes known as private Cloud okay so who's using cloud like public Cloud we're looking at startups SAS offerings new projects and companies so think of Basecamp Dropbox Squarespace for hybrid we have Banks fintech Investment Management large professional service providers Legacy on premise there's reasons why they're hybrid they have to keep certain data on on premise for regulatory reasons or it could be because of um just because they've had they have so much infrastructure it's just too hard to move everything away or they have customers that are concerned about the cloud or the public Cloud when we're talking about the public sector like government or hospitals with super sensitive data or very very large Enterprises with crazy regulation like insurance companies they might want to have a hundred percent private Cloud they're starting to adopt a hybrid model so uh we're seeing less and less of this but you know like hospitals AIG which is insurance company or the government of Canada okay [Music] Andrew Brown from exam Pro and we are looking at the total cost of ownership also known as TCO to really understand what it is that uh you know we are paying for when we're using on premise and what we're paying for or not have to pay for when we're using gcp these break down to capex and Opex notice here at the top we're going to talk about that in the next slide here now Google Cloud doesn't actually ever mention TCO even though it's pretty common across all the other clusters providers but it does tie back to capex and OPEC so we're going to cover it anyway and it's good to know this okay so to understand the TCO concept I have these icebergs to really make sure or to sell you that these are icebergs I put some penguins and a whale on it for your for you the idea is that we have things that are above the surface and these are things that we generally think about and then the things below the surface under the water are the things that we're not thinking about that really helps us factor in the total cost of ownership so we're looking at things that are obvious people think about well well you know for on-premise we just have to pay for our software license fees right if you have um Microsoft servers you pay for those licenses and then on gcp well you just pay subscription fees so maybe you're not paying for the licenses but now you're just paying for uh using the services uh On Demand right and so they might look at and say well you know the costs aren't they look pretty comparable but then when you get below the surface we talk about because remember on premise you you have control you have those physical machines there right so there's the implementation the configuration the training the physical security the hardware the IT personnel the maintenance there's a lot of cost in um actually having those physical machines and all the stuff around them where as uh in the cloud service provider uh you are worried about the implementation the configuration training like how to use cloud services but you're not worried about all that other physical stuff and the idea here is that you can save up to 75 shifting over to a cloud service provider GCB doesn't have an example of a cost saving example but AWS does and they showed like 75 is going to be the same for all the csps and the idea now is all this stuff in the red here is now the cloud service provider's responsibility you don't have to worry about it so let's talk about Capital versus operational expenditures so Capital expenditures known as capex and operational expenditures known as Opex right and so on the capex side this is where you're spending money up front on physical uh infrastructure and deducting that expense from your tax bill over time so that's where a lot of people go well you know I can get this machine and then write it off uh year after year and I guess that sounds okay but you're going to save way more money way way more money than getting that that small tax benefit but let's talk about what are capex expenses so you have server server costs of the computers the storage costs are like hard drives Network costs routers cable switches backup and archive costs Disaster Recovery costs data center costs so rent cooling physical security the technical Personnel so with capital expenses you have to guess up front what you're going to plan on spending right because you're gonna do once you have those you're gonna hold on to them for a period of time right for operational expenditures the cost associated associated with the on-premise data center has now shifted to the service provider so you only have to worry about non-physical costs so this is leasing software and customizing features training employees and customer services paying for cloud support your billing is based on cloud metrics so compute usage storage usage and with operational expenses you can try a product or service without having to invest in the equipment so you can spend a lot more time in things that matter to grow your business and you don't have to immediately commit to a bunch of stuff you have a lot of flexibility there okay so that's the huge difference [Music] hey this is Andrew Brown from exam Pro and we are looking at Cloud architecture terminology so these are very important Concepts when uh utilizing the cloud uh though Google will not ask you directly on their certification uh to describe these Concepts or to to to pick them out of a lineup of terms okay however they are still going to play into questions so we generally need to know what these things are so let's go through the Quick List here and then we'll do a bit of a deeper dive on each of these ones okay so first we have availability your ability to ensure a service remains available this is known as highly available ha you have scalability your ability to rapidly grow unimpeded you have elasticity your ability to shrink and grow to meet the demand and this has to do with the automation of it you have fault tolerance your ability to prevent a failure you have Disaster Recovery your ability to recover from a failure failure also known as being highly durable so Dr so looking first in more detail here High availability this is your ability for your service to remain available by ensuring there is no single point of failure or to ensure a certain level of performance so I got a bunch of text here but I have a Graphic that makes this really clear the idea here is that we have a load balancer and and for Googles it's called Google Cloud load balancing and the idea is that we have compute and we distribute it so it's separate virtual machines but they are in three uh different zones and the idea is that if you were to lose one or two zones you would still have a running service because the load balancer would detect that these ones are unhealthy and reroute the traffic to the remaining server okay and that helps us be be highly available then you have the idea idea of being highly scalable so your ability to increase your capacity based on the increasing demand of traffic memory and computing power okay so you have vertical scaling this is where you are scaling up you are increasing the size of the single machine right so maybe you are increasing the amount of storage the amount of compute things like that resizing the machine then you have horizontal scaling so you're you're just adding additional servers of the same size and then you're Distributing the workload across those machines okay you have high elasticity so your ability to automatically increase or decrease Your Capacity based on the current demands of traffic memory and computing power sounds very similar to the last slide but the key difference is that it's automated and you also have the ability to decrease okay so the idea here is that you have the constant of horizontal scaling where you can scale out but you can also scale in so scaling out is when you add more servers and scaling in is when you remove servers okay and generally generally speaking when we're doing uh uh things that are elastic it's usually of the same size there is an exception where you can have containers I think it's like mesos or whatever they allow you to have mix and match of different kind of containers but generally it's the same size containers okay or virtual machines I should say so vertical scale is generally hard for traditional architecture so you're not going to see the concept of elasticity with vertical scaling it's with horizontal scaling okay the way we can do um horizontal scaling or elastic automatic scaling is with managed instance groups with Google so this is automatically increasing or decreasing the response uh to a demand or a defined schedule next we have fault tolerance so your ability to uh for your service to ensure there is no single point of failure or preventing the chance of failure so I'm just going to lay out all this stuff here and so it sounds very similar to high availability but the idea is that it's all about preventing chance of failure so the idea is that imagine or I guess it's kind of the response of failure so the idea here is that let's imagine you have a database and the primary database for whatever reason fails okay and so the idea is that your Cloud DNS which is at the like your domain level what it can do is say Okay fail over to the secondary instance so you have a redundant application running you're syncing that data over it's a standby service the idea is that it's ready to take over when the first one fails okay so whether something happens we can fault over to it I know it gets confusing with high availability we have high durability your ability to recover from a disaster and to prevent the loss of data so solutions that recover from a disaster is known as Disaster Recovery how do you back up your data how fast can you restore that backup does your backup still work how do you ensure your current live data is not corrupt so there you go that is our terminologies okay [Music] hey this is Andrew Brown from exam Pro and we are looking at the evolution of computing your cloud service provider has all of these offerings and the idea is that you need to choose the one that meets your use case a lot of times this all has to come around the utilization of space that's what we're trying to illustrate here in this section here and the trade-offs of why you might want to use some of these offerings okay for dedicated we're talking about a a physically a physical server wholly utilized by a single customer that's considered single tenant and for Google Cloud we're talking about single node clusters and bare metal machines where you have control of the virtualization so you can install any kind of hypervisor or virtualization you want in the system the trade-off here though is that you have to guess up front what your capacity is going to be and you're never going to 100 utilize that machine because it's going to have to be a bit under in case the utilization goes up that's you choosing the CPUs and the memories you're going to end up overpaying because you're you'll have under under utilized server it's not going to be easy to vertically scale it's not like you can just say resize it because the machine you have is what you have right you can't add more I mean I suppose they can insert more memory for you but that's a manual migration so it's very difficult and replacing the server is also very difficult okay so you're limited by the host operating system it's not virtualized so whatever is on there is on there and that's what your apps are going to have access to if you decide to run more than one app which is not a good practice for these kind of machines you're going to end up with a resource sharing we're one machine might utilize more than the others technically with a dedicated machine you have a guarantee of security privacy and full utility of the underlying resources I put an asterisk there because yes it's more secure but be uh but it's up to you to make sure that it's more secure so you have that's up to your skills of security right whereas if you had a virtual machine or anything above that there's more responsibility on the cloud service provider to just provide a secure machine and they can do a better job than you so why would you use a dedicated machine well maybe you're doing high performance Computing where you need these machines like very close together and you have to choose what kind of virtualization you need to have okay so then we're looking at virtual machines the idea here is you can run a machine within a machine the way that works is we have a hypervisor this is a software layer that lets you run the virtual machines and the idea here is now it's a multi-tenant you can share the cost of multiple customers you're paying for a fraction of the server you'll still end up overpaying for the other virtual machine because a virtual machine is just like you have to still say how many vcpus how much memory and your app is you know you don't want an app that uses 100 right you want to use exactly the amount you need but you can see here you know there's still going to be some under utilization uh you are limited by the guest operating system not but now it's virtualized so at least it's very easy to uh possibly migrate away if you choose to run more than one app on a virtual machine it can still run into resource sharing conflicts it's easier to export or import images for migration it's easier to vertically or horizontally scale okay and virtual machines are the most common and popular offering for compute because people are just very comfortable with those then you have containers and the idea is you have a virtual machine running these things called containers the way they do that is similar to a hypervisor but instead you have like here is a Docker demon so it's just a um a container a software layer okay to run those containers there's different kinds Docker is the most popular and the great thing is you can maximize the uh the the capacity because you can easily add new containers resizes containers use up the rest of the space it's a lot more flexible okay your containers will share the same underlying OS but they are more efficient than multiple VMS multiple apps can run side by side without being limited by the same OS requirements and not cause conflicts during resource sharing so containers are really good but you know the trade-off is there are a lot more work to maintain then you have functions functions go even step further and the idea is that you uh the the containers where we where we talked about that's a lot of work to maintain now the Clusters provider is taking care of those containers generally sometimes not it depends if it's serverless or not but the idea is that you don't even think about this is called serverless compute but you don't even think about uh the OS or anything you just know that what your runtime is you run Ruby or python or node and you just upload your code and you just say I want this to be able to run uh for this long and use this amount of memory okay you're only responsible for your code and data nothing else it's very cost effective you only pay for the time the code is running and VMS only run when there is code to be executed but because of that there is this concept of cold starts and this is where the virtual machine has to spin up and so sometimes requests can be a bit slow so there's a bit of trade-off there but functions or serverless compute is generally one of the best offerings as of today but more most people are still getting kind of comfortable with that Paradigm okay [Music] this is Andrew Brown from exam Pro and we are taking a look at Global infrastructure so what is global infrastructure well it refers to the global presence of data centers networking and Cloud resources available to the customer and so just kind of some of the stats that Google cloud has they have 25 regions 76 zones 144 Network Edge locations operating in 200 plus countries so just an idea like here is an example of the exterior of a Google Data Center and this is an interior so we're going to go and dive deep on all these Cloud infrastructure Concepts starting now [Music] hey this is Andrew Brown from exam Pro and we are looking at regions for Global infrastructure so regions are independent Geographic areas that consist of zones and gcp has 25 regions so here we have a map and you're going to notice that some are blue and some are white white ones indicate that they are planning to have regions there in the future in the next three years and I think most of most of not all of their regions always have three zones in them so that's pretty good on them so for the Americas we've got Oregon Los Angeles Salt Lake City Las Vegas Iowa South Carolina North Virginia Montreal Sao Paulo for Europe we have London Belgium Netherlands Zurich Frankfurt Finland Warsaw in Asia Pacific we have Mumbai Singapore Jakarta Hong Kong Taiwan Tokyo Osaka Sydney and Seoul okay so there's quite a few of them uh I mean like a lot of people are used to running in U.S West or U.S east I'm always running in the Canada region because that's where I'm from so it's there but yeah when you actually want to go user region it's as simple as choosing it so if I'm launching a virtual machine with compute instance their compute engine you're just going to choose the region you want to go in okay [Music] this is Andrew Brown from exam Pro and we are looking at Google Cloud's Global infrastructure Edge Network and so Edge networking is the practice of having compute and data storage resources as close as possible to the end user in order to deliver the lowest latency and to save bandwidth and so we're talking about Edge networking we're always talking about points of presence pop or pops and this is an intermediate location between a gcp region and the end user and this location could be even in a third-party data center or it might just be described as a collection of Hardware so maybe it's not even a data center at all and so here is the big old graphic that um that Google has for us and if you see all those wires that's basically it's just showing how things are interconnected the actual Global Network between these pops and actually there's three types of um of Pops or things we want to look at for Edge networking at networking devices or things and this graphic will change for all three this one is I think for Edge pops so just understand that it's not represented of all these three types but the first is Edge pop so a location where a user can quickly enter so Ingress the gcp network for Accelerated access to Cloud resources then you have a CDN and this is a location to serve so egress leave to lead the network for cash websites files assets so they load very fast for the end user then you have Cloud media Edge this is a location specialized for the delivery of media such as video content and so there you go [Music] hey this is Andrew Brown from exam Pro and we are looking at zones for Google Cloud's Global infrastructure so a zone is a physical location made up of one or more data center and a data center is secure is a secured building that contains hundreds of thousands of computers and so this is an example of the interior of a Data Center and of course you probably wouldn't want to have a dog in there unless it's a guard dog protecting those machines okay so a region will generally contain three zones and I actually think Google is very good about that they always have three zones but other providers will try to get a foothold into new regions and so they might only launch with a single zone offering but I think gcp is good in this regard the reason we make mention of that is because when we're talking about high availability the only way to get that is when you have at least three zones that's the standard okay data centers within a region will be isolated from each other so different buildings but they will be close enough to provide low latency and we'll talk about the the interlatency the interzonealange agency coming in this section here so common practice to run at least three zones to remain available in case a one or two data centers fail okay so the way you choose zones within Google cloud is after you've chosen your region you just choose your Zone and sometimes you're choosing more than one zone okay so it's that simple [Music] hey this is Andrew Brown from exam Pro and we are looking at resource scoping for Google Cloud's Global infrastructure so we were just talking about zones and I was saying that you can uh when you launch a resource sometimes you choose a single zone or multiple zones and that comes into resource scoping okay so I just want to talk a little bit more or reiterate on zones one more time so a zone is a deployment area for Google Cloud resources within a region Zone should be considered a single failure domain within a region and deploy redundant resources in multiple zones multi-zones for fault tolerance and high availability okay so let's now talk about product or resource scoping so the idea is you can launch a resource in a single zone in a single region so this is a zonal resource you have Regional resources this is where a resource resides in multiple zones in a single region you have multi-regional resource so resources reside across multiple specific zones you have a global Service this is where resources reside globally and regions and zones are abstracted away very common with serverless Services okay and then you have internal Services these are foundational Services used by many other services you don't interact with these Services directly they're managed by Google such as spanner Colossus Borg and chubby okay so the reason I bring this up is that you know I saw a question or two on the exam and they were using this terminology and so you know it just helps you to kind of frame that question better if you know resource scoping okay [Music] Andrew Brown from exam Pro and we are looking at data residency for Google Cloud's Global infrastructure so what is data residency well it's the physical or geographic location of where an organization or Cloud resources reside and the reason we care about this is so that we can do or have compliance boundaries these are Regulatory Compliance so they're legal requirements by government or organization that describes where data and Cloud resources are allowed to reside so you know if you're working with the Canadian government and say we're only going to use your software as long as the data resides within Canadian data centers that is the idea behind the stuff so when you're trying to run these kind of workloads and you need to meet compliance boundaries strictly defining the data residency of the data and Cloud resources and gcp you can use something called assured workloads so this is a feature that allows you to apply very security controls to an environment so it's not just for data residency but that that's its primary feature so data residency personal data access controls based on attributes person uh Personnel support case ownership controls based on attributes encryption so in order to apply data residency you're going to use an organizational policy called a resource location restriction and choose the allowed region or multiple regions well to show up in the exam probably not but you know it's good to get you kind of exposed to Global or organizational policies because those kind of do show up on the exam okay foreign hey this is Andrew Brown from exam Pro and we are looking at Cloud interconnect for Global infrastructure technically this is hybrid hybrid services and so you have this in the hybrid section but I like to put it in global infrastructure because it's just something that has to do with data centers and connecting things so that's why I always kind of front load it in this section here so Cloud interconnect provides direct physical connections between your on-premise network and Google's Network and so Cloud interconnect enables you to transfer large amounts of data between networks which can be more cost effective than purchasing additional bandwidth over uh public internet so it's a direct physical connection so fiber optics running from data center to Data Center okay and there are two offerings we have dedicated and partnered so for dedicated this is a direct physical connection between the on-premise network and Google's Network through a co-location facility we'll talk about co-location what that means here in a moment then you have a partner interconnect this is a direct physical connection between the on-premise network and Google's Network through a trusted third-party data center or provider okay so on the dedicated side this is between 10 to 200 gigabytes per second and for partner it's between 50 megabytes per second and 10 gigabytes per second the reason you would be using a partner one is maybe because you just can't do dedicated based on your location so you have to work through partner or maybe it's more cost effective or you know or it doesn't meet your needs so it's just going to be dependent on that kind of stuff but generally the reason people are going with partners because they just can't get the dedicated one so what is a co-location facility so a co-location or Carrier hotel is a data center where equipment space and bandwidth are available for rental to retail customers so the idea is that it's a rent like a rental data center right and Google Google uh is like is uh there's ones that they're cool with using and so those it's like you have a bit more direct control over it so you know it just depends on what you want to do okay foreign hey this is Andrew Brown from exam Pro and we are looking at Google Cloud for government and so the first thing I want to answer is what is public sector so public sectors include public goods and governmental services such as military law enforcement infrastructure public trans transit public education Health Care the and the government itself so Google Cloud can be utilized by the public sector organization's developing Cloud workloads for the public sector and the way Google achieves this is by meeting Regulatory Compliance programs along with specific governance and security controls so some compliance programs that would be used in public sector would be HIPAA for for health fedramp for dealing with the US the criminal justice information service it's like working with the FBI and we got Phipps 140 hyphen 2 and we do cover all these again in the course so don't worry about having to memorize the second uh let's just mention fedramp so this stands for federal risk and authorization management program wraps of fed wrap it's a US government-wide program that provides a standardized approach to security assessments authorization and continuous monitoring for cloud products and services so what is govcloud because this is something you hear a lot with cloud service providers so a CSP generally will offer an isolated region to run fed ramp workloads and gov Cloud offering in practice can result in degraded service offerings lower service availability and higher operational costs so GC gcp has an alternate to offering gov Cloud where fedramp workloads are authorized in gcp's usual region data centers and this game mitigates the disadvantages of gov Cloud offering so gcp regions will be authorized for either a high or moderate Baseline and so you know that was the thing was I was looking up gcp and I'm like where's the gov Cloud I couldn't find it and so they just have a a different way of going about it and supposedly they say that it is better I don't know all the details about it but that was what I could drum up will the show up in the exam probably not I didn't really to see anything for public sector on the exam but from fundamental information you should absolutely know this okay [Music] this is Andrew Brown from exam Pro and we are looking at latencies for Google Cloud's Global infrastructure so what is latency well latency is the time delay between two physical systems and what is lag well lag is the noticeable delay between the actions of input and the reactions of the server sent back to the client all right and you probably if you play video games you know what game lag is so it's basically the same thing okay it's just between servers instead of Game servers all right we have inter-regional latency so this is latency between two regions and then we have enter zonal latency this is latency between zones residing in a single region and I just want to generally give you an idea of the the latency in milliseconds this isn't going to be exact because I honestly couldn't find something definitive by Google and there are benchmarks out there and they vary because it's going to be between regions and different zones but I want to kind of give you kind of a bit of a de facto way of understanding generally what they'll be and so I would imagine that between two zones or sorry two regions you could see the worst case of 500 milliseconds so that's in the triple digit and then when we're talking about interzone latency maybe 10 50 milliseconds so double digit milliseconds Okay the reason this is important is because I saw a question on the exam and it actually asked about 10 milliseconds and it was talking about a high availability and if you're new if you knew that um that it's in the double digit between intersonal stuff you wouldn't have chose multi-region you would only choose a single region with um multiple zones okay so don't get hung up on so much the exact number but just understand triple digit double digit for these two okay foreign hey this is Andrew Brown from exam Pro and we are taking a look at Innovation waves actually known as chondra T waves that's a Russian name so I'm sorry if I pronounced it incorrectly but they are hypothesized cycle-like phenomenons in the global World economy the phenomenon is closely connected with technology life cycles so the idea here is that we have these waves that uh irreversibly change the society on a global uh scale and generally we underpin these for particular technological advancements okay so here we have the steam engine and cotton we have Railway Railway and steel we have electrical engineering and chemistry Innovations here we have petrochemicals and Automobiles we have information technology and the idea here is that Google is suggesting that uh the the wave that we're in right now includes Cloud technology as one of the larger factors when we look at one of these waves in a greater detail there is a common pattern to the wave that changes the supply and demand and so they say there's an expansion of boom a recession and a depression and if you can detect that pattern that's how you know that something is going on okay and so if we are in um if Cloud technology is the case here then we're definitely in an expansion phase right now uh and it's we might be in a boom it's hard to say um but uh yeah so there you go [Music] hey this is Andrew Brown from exam Pro and we are looking at the concept of a burning platform so the term is used when a company abandons old technology for new technology with the uncertainty of success and can be motivated by fear that the organization's future survival hinges on its digital transformation so this idea is comes back to the oil industry where you would have a platform and oil would catch fire and so the only way to survive would be to abandon or jump off the platform and so this term this term is not so popular today but Google seems to still be using it but the idea is that uh you know it's just you have to take a leap of faith into this stuff if you want to keep up okay foreign hey this is Andrew Brown from exam Pro and we are looking at the evolution of computing power so computing power is the throughput measured at which a computer can complete a computational task and Google has a variety of offerings for the Innovations in this particular field the one that we're all most common with are CPUs so this is just like what's in your computer your laptop when we're talking about cloud computing the one that we commonly see are Xeon CPU processors because they're very very uh good processors and so the offering here at any cloud service provider would be via virtual machines and so for Google their virtual machines are offered via compute engine then we're looking at tensor Computing so Google created their own machine learning deep learning framework called tensorflow and it has a new type of data structure called a tensor that is specifically optimized for you know neural networks and the idea here is that Google decided to create a piece of hardware that is specifically designed for their tensor data structure and so that's what they have which is this TPU thing and for this particular use case is 50 times faster than a traditional CPU all right and this is really for the space of neural Nets if you want to have this offering on uh Google Cloud you'd be using the cloud TPU okay and the last one here is quantum Computing and so Quantum Computing is interesting because it has the potential to be a hundred million times faster it is uh we're literally using parallel parallel uh a universe or Dimension uh using things like quantum entanglement very advanced concepts in order to perform uh insane amount of computation but this field is very early days and so being able to apply it is not very easy but that doesn't mean that you can't play around with it Google has an offering AWS has an offering for this but in particular Google has been producing uh different Hardware so the first had foxtail in 2016 then Bristol cone in 2017 and I think the latest one they have is uh Sycamore in 2018 all right and so this is all accessible via the Google Quantum AI all right foreign hey this is Andrew Brown from exam Pro and we are looking at the concept of digital transformation and this is the adoption of digital technology to transform services or businesses through replacing non-digital or manual processes with digital processes like going paperless or replacing older digital technology with newer digital technology so that means you previously are using on premise and you're moving into a hybrid architecture or using uh Cloud native technology all right and so uh this you could describe is that Google has their own Google digital transformation framework or concept based off of Google 7 solution pillars so we have infrastructure modernization business application platform portfolio application modernization database and Storage Solutions smart analytics artificial intelligence and security so in terms of the actual exam they're not going to ask you what are the Seven Pillars or what digital transformation is but you know the exam is all um uh business use case scenario so there are some tidbits in here which might help you with some of the questions and that's why we're going to go through all the pillars okay [Music] hey this is Andrew Brown from exam Pro and we are taking a look here at Google Cloud's solution pillars and there's seven in total here and there's a lot of text so let's work our way through it so the first is infrastructure modernization so replacing Legacy hardware and software systems with Cloud Solutions allows organizations to adopt hybrid architectures and have more infrastructure Mobility choosing a mix of best cloud service provider offerings for their organizational's use case so in this case if we're talking about hybrid architectures one service that we could utilize would be anthos and this allows you to manage compute from both on-premise and public cloud in a single unified interface moving on to business applications platform portfolio so the backbone of csps are built on top of robust well-documented apis standardized across all offered cloud services organizations can focus on the configuration interconnections of various systems instead of having to build their own systems so what are they talking about here we're talking about Cloud SDK a cloud API Cloud CLI and the Google Cloud documentation for number three we have application modernization so building web applications on top of cloud services allows organizations to globally deliver and rapidly iterate faster than ever before csps offer automated deployment pipelines AI powered code reviews easy staging and testing of new features the ability to test in production rollback changes apps are more durable and can remain available when facing catastrophic Regional failure so one thing that makes it really easy to build up very robust web apps is if you're able to migrate your web app over to app engine because it just takes care of a lot of the stuff for you and all you got to do is upload your code and do some configuration make some choices but more or less it makes it very highly durable available and scalable then you have database and Storage Solutions so most companies can tolerate losing application code you can always write you can always write losing data is not something you can recover over cloud service providers have guaranteed slas of data durability as well as the ability to easily migrate and secure your data so in this case if we're looking at cloud storage which is on you know the storage or file side side of the the scenario here it can store files and documents as objects and its availability is 99.5 percent uh and they have an it's SLA backed okay and the way they do that is that they're replicating your data across multiple zones so if a Zone fails it'll just recover cover files from another Zone it does that automatically for you for number five we have Smart analytics so when you store data on cloud service providers you can tap into big data and business intelligence Cloud offerings assisted by AI to help you analyze your data so for Google there's looker and this is data exploration Discovery business intelligence platform acquired by Google and it is now part of gcp uh then you have artificial intelligence so AI deep learning ml or specialized domains that uh traditionally required scarce and expensive subject matter experts cloud is commoditizing uh commoditizing simplifying AI knowledge while driving costs lower for adoption so there's a lot of tools here that Google has but the the primary ones is vertex AI this is a unified platform for AIML deep learning automl they have their own deep learning framework they've developed it's really easy to use this is my uh most uh favorite framework and this is the one I always use then we have security so cloud services by default have strong mechanisms built in for security governance compliance csps are continually developing new and Innovative security offerings not just at a service per service level but to analyze recommend and remediate at the project and organization level you can easily and quickly audit and apply security controls to become compliant in a fraction of time then on an on-premise solution and so things you get uh when you're working the cloud IAM I I mean if you're using private Cloud I suppose you'd get that with openstack but I am so role-based access controls and user management one that I really like that Google has is beyond Corp it's a zero trust model framework then there's the security Command Center so it's a centralized it centralizes visibility control for security and stuff for misconfigurations but there's a lot more there but this is just to kind of help you ground each of these pillars into something practical okay [Music] hey this is Andrew Brown from exam Pro and we are looking at what the Google Cloud console is and this is a portal that is a web-based unified console that provides an alternative to the command line tools it allows you to build manage and monitor everything from simple web apps to complex cloud deployments and so this is generally the main way you're going to be interacting uh with Google Cloud because it's the easiest way to do it so the idea is that you have this hamburger menu you can drop down and see all the possible Services you can also search for them you can organize different projects here and switch between them and in the background here what you can see me doing is I'm actually trying to launch a new compute engine virtual machine instance you can also get notifications and things like that but basically everything you want to do is via the console okay [Music] hey this is Andrew Brown from exam Pro and we are taking a look here at Cloud SDK so SDK stands for software development kit and it is a collection of software development Tools in one installable package so you can use the cloud SDK to pragmatically create modify delete or interact with Google Cloud resources and the SDK is offered in a variety of programming languages so we got Java python node.js Ruby which is my favorite go.net PHP and so here is an example of us using the SDK with Ruby code so we've installed the the the package as a ruby Jam that's how we did it and we're accessing a bigquery and we're just iterating out that table okay foreign hey this is Andrew Brown from exam Pro and we are taking a look at Cloud CLI so CLI stands for command line interface and what it allows you to do is process commands to a computer program in the form of lines of text and operating systems Implement a commandlet interface in a shell or a terminal that's how you're going to interact with one and so this is what it looks like to use the CLI so once it's installed what you'll do is write gcloud and then whatever it is that you want to do so in this case we are you want to work with a compute engine so we write compute for SSH ssh into our instance and so it's just as simple as that okay [Music] hey this is Andrew Brown from exam Pro and we're taking a look here at Cloud shell and this is a free online environment with a command line access for managing your infrastructure in an online code editor for cloud development so the idea here is these are the two interfaces uh they're very pretty similar but the idea is you'll press this little button here it will launch generally a shell and if you want to switch over to the editor you just press that and here you can see this is basically a bash terminal and this one here is a vs code environments there you go [Music] hey this is Andrew Brown from exam Pro and we're looking at projects and folders for Google Cloud so a project in Google cloud is a logical grouping of resources and a cloud resource must belong to a project so up in your navigation you're going to see the project you're currently on you can drop that down change to another project or quickly and easily create additional projects a project is made up of settings permissions and other metadata a project can't access another Project's resources unless you use share VPC or VPC Network pairing resources within a single project can work together easily for example by communicating through internal Network subject to the regions and Zone rules each Google Cloud project has the following a project name which you provide a project ID which you can provide or Google Cloud can provide for you a project number which Google Cloud provides as you work with Google Cloud you'll use these identifiers in certain command lines and API calls so each project at D is unique across Google Cloud once you have created a project you can delete the project but its IDs can never be used again when billing is enabled each project is associated with one billing account multiple projects can have their resources usage build to the same account a project serves as a namespace this means that every resource within each project must have a unique name but you can usually reuse resource names if they're if they're in separated projects then there's the concept of folder so folders allow you to logically group multiple projects that share common IAM permissions folders are commonly used to isolate projects for different departments or for different environments we'll see more of this when we cover resource hierarchies okay foreign hey this is Andrew Brown from exam Pro and we're looking at the Google Cloud adoption framework also known as gcaf and this is a white paper that can determine an organization's Readiness to adopt Google Cloud as well as providing steps to fill in knowledge gaps and develop new competencies okay so to really understand the Google Cloud adoption framework we need to know what is a white paper so it is a report or guide that informs readers concisely about a complex issue it is intended to help readers understand an issue solve a problem or make a decision and white papers are generally PDF format but they could also be in HTML format as well so white papers are common among all the cloud service providers and they're almost always an essential to study at the fundamentals level and so for the Google Cloud digital leader I recommend going through the cloud adoption framework which is what we're going to do here okay so the gcap is composed of four themes through maturity phases the cloud maturity scale epics and programs so let's get into it [Music] this is Andrew Brown from exam Pro and we are looking at themes for the Google Cloud adoption framework so themes are just four different areas that your company needs to excel in in order to be successful with their Cloud adoption so starting at the first here we have learn the quality and scale of the learning programs you have in place to upskill your technical teams your ability to augment your IT staff with experienced Partners so who's engaged how widespread is an engagement how concerted is the effort how effective are the results number two here is lead so the extent to which it teams are supported by a mandate from leadership to migrate to Cloud the degree to which the teams themselves are cross-functional collaborative and self-motivated so how are teams structured have they got executive sponsorship how are Cloud projects budgeted governed and assessed the third theme Here is scale so the extent to which you use cloud native services that reduce operational overhead and automate manual processes and policies so how are cloud-based Services provisioned how is capacity for work workloads allocated it how are applications up updates manage and for the fourth one here we have secure so the capabilities to protect your services from unauthorized and inappropriate access with a multi-layered identity Centric security model dependent also on the advanced maturity of the other three themes okay so what controls are in place what technologies used what strategies govern uh everything as a whole okay [Music] hey this is Andrew Brown from exam Pro and we are looking at phases for the Google Cloud adoption framework and this is all about the maturity of the organization because depending on where you are is going to determine the type of action or advice here based on the phase okay so for tactical this is short-term goals which is individual workloads are in place but there is no coherent plan the focus is on reducing the cost of discrete systems getting to the cloud with minimal disruption the wins are quick but there is no provision for scale so really they're just trying to utilize anything and it's not there's no real plan in place okay for strategic this is where you are in the midterm of maturity so a broader Vision governs individual workloads which are designed and developed with an eye to Future needs and scale have begun to embrace change people and processes are not now involved in the adoption strategy it teams are both efficient and effective increasing the value of harnessing the cloud for your business operations then we have a transfer uh transfer transformative or transformationals there we go and so this is like long-term goals so Cloud operations are functioning smoothly so you're in the cloud now but you're focusing on integrating the data and insights working in the cloud so existing data is transparently shared new data is collected and analyzed predictive and prescriptive analytics via machine learning is used people in processes are being transformed which further supports technological changes it is no longer a cost center but has become instead a partner to the business [Music] hey this is Andrew Brown from exam Pro and we are looking at the cloud maturity scale for the Google Cloud adoption framework and so this is a matrix made up of the themes and phases that we just reviewed and it will help your organization pinpoint their exact adoption position so uh on the horizontal scale we have learn lead scale and secure to determine our adoption themes and then on our vertical scale we have tactical strategic and transform transformational for organizations maturity so where it intersects with learn and tactical the idea here is that you are self-taught and you are reliant on third parties for strategic learn these are organized training with third-party assisted for learn and transformational it's peer learning and sharing with third-party staff augmentation so just to kind of make sense because I know these are kind of abbreviated so it doesn't make a whole lot of sense but the idea is that if you are learning and you are in the short term phase that you're probably going to be self-taught in this right okay okay and then if you're strategic you're going to be you're going to have organized training because you are bringing people and processes in as we saw in the as we were describing the maturity phases and then for transformational we have peer learning and sharing because we're now established in the cloud but we're just trying to collect data make things a lot better okay for lead uh lead for tactical looks like it's teams by function and you have a heroic project manager basically anytime you want to adopt Cloud no matter if it's Google or other ones you need somebody and your team that's going to act as the hero or the Evangelist for that adoption uh for the adoption of the cloud and you've got to find that person to carry you through all the stages okay so for lead and strategic we have new cross-functional functional Cloud team so this is where you actually have a specialized team in your organization because you're now in the cloud right and so that's going to help support the workloads and move further and then uh down for transformational lead you have cross-functional feature teams great uh autonomy so the idea is you don't just have a single team but you have multiple teams that are feature specific so maybe you have data data team you have a devops team and the idea is that you also want to make sure they have the control to do what they need to do in their own space right that means in Google Cloud they're going to have their own folder her and they can self-govern all their projects in there they're not they can do their Shadow I.T and they don't have to access centralize it to do stuff for scale and tactical so change is slow and risk is Ops heavy because basically everything is still in the old uh the old on-premise system right so that makes sense for scale and strategic templates ensure good governance without manual review so you know you just want to make sure that you have infrastructure as code is in place and you're putting governing rules in the midterm for transformational scale all changes constant low risk and quickly fixed so you're really in good shape for scale here uh you know you're just scale is going to be really easy right so whereas this you're doing a lot of automation still to try to get your scale for secure fear of public internet trust and private Network that's of course why people are on premise because they're really afraid to be in the public cloud or or uh on third parties in general so that is something you're going to have to fight with at that stage for strategic you have Central identity hybrid Network you know so that could be using the Beyond Corp which is the zero trust model or you could be doing Federation between uh your Azure active directory on-prem into uh like with Cloud identity using like uh Google syncing directory service then the last one here is secure and transformational Trust only the right people device and services this is what they're talking about they're talking about the zero trust model here so that really is where Beyond Corp would come into play for the Google Cloud adoption framework okay [Music] hey this is Andrew Brown from exam Pro and we are looking at epics for the Google Cloud adoption framework so when you've determined where your organization is in the adoption process using that cloud maturity scale then you need to Define epics and epics are work streams to scope and structure Cloud adoption epics are defined so they do not overlap they are aligned to manageable groups of stakeholders they can be further further broken down into individual user stories if you've ever done Agile development epics and user stories are pretty darn common and you can definitely use them in jira so if you if you line these things up that's what you might want to do so we have this Venn diagram where we have three areas we've got people processes and textures broad categories of different kinds of epics everything within this Venn diagram is going to be epics okay so under people we have behaviors people people's operation communication right under process we have cost control Incident Management instrumentation for Tech we have Resource Management networking and then we have these places where the intersects so we have external experience upskilling sponsorship teamwork architecture infrastructure is code CI CD identity and access data management all right so if you're limited for time and resources focus on the epics in the colored segments and since these align with learn lead at scale and secure that's what these are when you're seeing those four okay just to help that make a little bit more sense uh there's programs and these are a logical grouping of epics that correlate to themes to allow you to focus on specific adoption efforts so the idea is that you have learned which is for training programs change management so that would be lead Cloud operation models with scale a secure account setup which is secure and the idea is like okay well there's these epics how do I know how to write them out or do user stories I would imagine that that's where you would work with Google or the Google partner Network to find somebody that actually knows how to go and implement this stuff because I did find that the documentation was a bit lacking for this but I imagine that there are people out there that have a good idea how to actually utilize this framework okay [Music] hey this is Andrew Brown from exam Pro and we're looking at Tams which stands for technical account manager and no matter if you're using Google Cloud Azure AWS they all have Tams this is a human resource assigned to work with your organization when paying for Google Cloud's premium support So Tam can assist with Google Cloud adoption framework by performing a high level assessment of your organization's Cloud maturity tell you how to prioritize your training change management programs partner relationships Cloud operating models secure account configuration so the idea here is that you know if you don't know how to apply the Google Cloud adoption framework you want to get a tam because they're really going to help you connect you to people that do know how to do it or give you a bit of a Kickstart into that process okay [Music] hey this is Andrew Brown from exam Pro and we are looking at the cloud maturity assessment tool this is a guided form to assess your organizations against the Google Cloud's adoption framework along its four themes learn lead scale and secure so it's a simple multiple choice form and once you're done you'll get an email with your maturity phase so it's going to say okay for learning you're strategic right that's where you are it'll give you some additional information on how you compare it against the average uh is this tool that useful no not really it's not that hard to assess where you are but you know it is a good starting point if you're just not sure just to kind of get you warmed up to this framework okay foreign hey this is Andrew Brown from exam Pro and we are looking at compute for Google Cloud platform and so there's a variety of services so let's get to it the first being compute engine and this one is for virtual machines or VMS and this is generally the primary or traditional type of compute you are going to utilize on a cloud service provider then there is bare metal so bare metal is where you have full control of the hardware so you can install any kind of hypervisor you want it on it or virtualization it's going to allow you to have very low latency on Google Cloud then we have iPad gym which is a platform as a service build and deploy apps on a fully managed highly scalable platform without having to manage the underlying infrastructure we're going to spend a little bit more time on app engine because the exam definitely pops up with a few questions that talk about its different core offerings we have Cloud gpus so add gpus to your workloads for machine learning scientific Computing and 3D visualization you have Google kubernetes engine also known as gke so reliably efficiently and securely deploy and scale containerized applications on kubernetes we have sole tenant nodes and this is known as dedicated virtual machines and all the other different providers so the reason you'd want to use these is you need to be compliance you have your own licenses you need to keep these instances physically separated with dedicated Hardware because maybe you know you're not allowed to run it with as a multi-tenant so there's all sorts of reasons for that you have Cloud functions these are functions as a service so you can create serverless single purpose functions that respond to the events I guess I could have put cloud run on this as well which is serverless containers but we have a container section so it's not a big deal we'll get to that some kind of auxiliary services that are used that are important to know or compute would be Google Cloud VM engine or VMware engine so migrate and run your VM workloads natively on Google Cloud you have migrate for compute engine so migrate servers and VMS from on-premise or another Cloud to compute engine this was formerly known as velostrata preemptable VMS so deploy affordable short-lived compute instances suitable for batch jobs and fault tolerant workloads we're going to cover that again when we go to our pricing section shielded VM so deploy hardened virtual machines on Google Cloud [Music] hey this is Andrew Brown from exam Pro and we are taking a deeper look here at app engine so app engine is a platform as a service for your applications you can quickly deploy and scale web applications without having to worry about the underlying infrastructure and a great way of thinking of this is if you know Heroku it's basically the Heroku of gcp so the idea here is you can use your favorite programming language whether it's node.js Java Ruby C sharp go python or PHP you can also bring your own language runtime and you do that by creating a custom Docker container so there is all our familiar logos just to kind of put home as to what you can use it has powerful application Diagnostics you have Cloud monitoring Cloud logging to monitor the health of your performance Cloud debugger and air reporting to diagnose and fix bugs quickly application versioning so easily create a development test staging and production environments traffic splitting so route income incoming requests to different app versions A to B tests and do incremental feature rollouts you have application security so defining access rules with app engine firewall and you can leverage manage SSL TLS certification certificates by default so the idea is that you have all this infrastructure and this is not even the full list but all this stuff around your application uh that you would generally have to do yourself but they do it all for you okay now there are two types of environments that you can launch with app engine you got flexible and standard it's very very very important that you know the difference for the exam because they will have scenarios where you have to pick one or the other okay so you can simultaneously see use both environments for your application so it's not you'd have to use one or the other it just depends on what kind of workloads you're running an app engine is well suited to applications that are designed using microservice architecture so splitting it down the line let's talk about standard and then we'll talk about flexible so standard I would describe as being serverless compute so it starts in seconds it's going to run in a sandbox meaning that there's a like you don't have uh like you're not deploying a container it's just you're uploading your code okay it's designed for Rapid scaling so it can handle uh sudden spikes of traffic it supports specific language versions uh but it's not a custom runtime so if you've ever deployed a serverless function where you're just like choose Ruby that's the language you get of a particular version okay you're not going to get that much flexibility around that it can scale to zero instances so that's another characteristic of serverless compute its pricing is based on hours it cannot you cannot use SSH to debug it which is very common for serverless apps there are no background processes when we're looking at flexible these are fully managed containers so it starts in minutes runs with Docker containers on a compute engine VM so that's what it's doing underneath it's designed for predictable and consistent traffic it supports generally any language version or you can run a custom runtime must have at least one instance running the pricing is based on vcpus memory and disk you can SSH to debug it and you can have background processes so just understand those two and you'll be good for the exam okay [Music] hey this is Andrew bathroom exam Pro and we are taking a look at containers for Google Cloud platforms so containers are a type of compute but there's so much going on here with Google that it deserves its own page so we have Google kubernetes engine so gke which is reliably efficiently and securely deploys and scales containerize applications on kubernetes you have Cloud build so continuously build test and deploy containers using the cloud Google Cloud infrastructure you have artifact registry so store managed and secure container images and language packages you have container registry so store manage and secure your Docker containers images these sound really similar and that's because this version this is actually the second version of container registry so both of them exist but generally it's recommended always to use artifact registry okay you're not going to probably see that like them lined up against each other but just so you know the benefits always towards artifact industry over container registry okay if you want to use a virtual machine like a compute engine you can pretty much just check box it on and now you have a container optimized OS so it's really easy to use containers even with compute engine which is nice you have Cloud run which is a stateless container fully managed environments and you can also use it with anthos so this one and I really should have highlighted this in yellow here but stainless containers is something you want to remember for your exam they also have containers for the AI platform deep learning so this is when you'd be using vertex AI you might need to have a bunch of tooling around that and then there's also the Google marketplace for kubernetes application so you can so if you're using kubernetes and you just need something that's already pre-built and you're willing to pay there's just some free stuff in there you can go there and get them okay foreign hey this is Andrew Brown from exam Pro and we are looking at kubernetes which is an open source container orchestration system for automating deployment scaling and management of containers it's originally created by Google and now maintained by the cloud native Computing Foundation also known as cncf what's interesting is this Foundation also has their own certifications like the certified kubernetes administrator and the certified kubernetes developers so don't be surprised if you see me making courses for that in the future kubernetes is commonly called K8 the idea here is that the 8 represents the remaining letters so u b e r n e t the advantage of kubernetes over something like Docker and you've probably heard of Docker for containers before but it has the ability to run containers distributed across multiple VMS that's what kubernetes can do that Docker cannot do on its own a unique component of kubernetes are pods a pod is a group of one or more containers with shared storage network resources and other shared settings that is kind of the special kind of infrastructure or architecture that kubernetes has kubernetes is is ideal for micro service architectures where companies have tens to hundreds I really should have highlighted that in red for you tens to hundreds of services they need to manage if you don't have an I didn't say containers I said Services because that could be there's even more containers than uh tens to hundreds you know what I mean there could be thousands but the idea here is that kubernetes does add a lot of management layer to it but the idea here is that uh you know when you have a lot of services it is the best choice okay [Music] hey this is Andrew Brown from exam Pro and we are looking at databases for the Google Cloud platform and the First on our list is bigquery and this one is a big deal because not only is it a data warehouse It's a serverless data warehouse and the reason why that is important is because traditionally uh data warehouses are extremely expensive but this one because it's serverless that means it can scale to zero and uh it's uh you know only when you're using it do you pay for it okay and so that is a very unique Cloud offering Azure says they have kind of a serverless data warehouse it's totally not true the only one that has it is Google and so it's a big deal okay and it's definitely going to show up more in this course and it will absolutely be on the exam okay so um it can store terabytes or petabytes of data using nosql it is a wide column database service and it also has built-in ml which will visit later on okay then there's Cloud spanner this is a fully managed relational database this is not postgres this is not MySQL it is a proprietary relational database designed by Google for scale it has your SQL so you'd have to do a tiny bit of translation if you already have an existing database but the idea is that if you want something that scales like crazy then this is the service for you if you're using relational databases you've got Cloud bigtable this is a no SQL key value store it is a fully managed nosql database for large analytic analytics and operational workloads so that's there we have Cloud SQL and this is a relational database service so if you're using MySQL postgres SQL Server it's just a managed service to host them there then you have fire storage the nosql document database it adds a nosql document database to mobile and web apps it can get kind of confusing because there's another service called Firebase which we cover in this course and it has Firebase firestore but it's the same underlying service okay this one is very similar to mongodb it's not mongodb it's a proprietary service by Google but one of its key features is that it has a real-time component to store and sync data in real time and that is a very big deal and that particular note there you want to remember because that will show up on the exam if someone's asking for a database and there's a real-time component it's going to be firestore okay you got memory story this is not going to show up an exam but it's an in-memory database to achieve Extreme Performance using a managed in-memory data store service so think of redis that is basically what this is and then last on our list here we have database migration service DMS this is a serverless easily minimal downtime migration to Cloud SQL okay [Music] hey this is Andrew Brown from exam Pro and we are taking a look at databases so a database is a data store that stores semi-structured and structured data and a database is more complex data store because it requires using formal design and modeling techniques databases can be generally categorized as either a relational database so structured data that strongly represents tabular data such as tables rows and columns that means it could either be row oriented or column oriented or non-relational databases semi-structured data that may or may not distantly resemble tabular data and so the way these things work is you'll generally have a specialized language to query in such as SQL a specialized modeling strategy to optimize retrieval for different use cases more fine-tuned control over the transformation of the data into useful data structures of reports and normally when we just say database we're generally referring to relational row oriented data stores so I think MySQL postgres msql okay [Music] hey this is Andrew Brown from exam Pro and we're looking at the concept of a data warehouse so a it's basically a relational data store or database designed for analytical workloads which is generally column oriented okay so companies will have terabytes or millions of rows of data and they need a fast way to be able to produce analytical reports data warehouses generally perform aggregation so aggregation is grouping data so like finding a total of average data warehouses are optimized around columns since they need to quickly aggregate column data and so data warehouses are generally designed to be hot hot means that they can return queries very fast even though they have vast amounts of data data warehouses are infrequently accessed meaning that they aren't intended for real-time reporting but maybe once or twice a day or once a week to generate business generate business or user reports a data warehouse needs to consume data from a relational database on a regular basis so that's all we're kind of seeing over here where imagine that this is our data warehouse and we want to generate a report the idea is that we're either ingesting data from SQL or if we're ingesting data from a non-uh tabular like structure we have to use ETL so to transform the data into the format that we want okay [Music] hey this is Andrew Brown from exam Pro and we are looking at a key value store so key value databases or data stores is a type of non-relational database nosql that uses a simple key Value method to store data and the way I like to describe them is that they're dumb and fast and they generally lack features like relationships indexes aggregation transactions you name it they don't have it but what they do have is speed okay so a key and Value store is a is a unique key alongside a value and the idea here is that a simple key and Value Store will interpret this data resembling something that looks like a dictionary so an associative array or a hash and so when we look at it kind of like a table it can resemble tabular data but it does not have consistent columns per row hence it's called schema list because it doesn't follow a particular scheme due to the simple design they can scale well beyond a relational database and key value stores are generally the ones that are the most scalable but the idea is that because of the simplicity of these things usually you are you know like these are really great for like leaderboards where the data is exactly stored the way you want to see it okay so if you have to do joins or data manipulation then these are not going to be of your ideal but the data is exactly as you needed to see it then they work really well okay [Music] hey this is Andrew Brown from exam Pro and we are looking at document stores so a document store or document database is a nosql database that stores documents as its primary data structure so a document could be XML but it's more commonly Json or json-like documents are a sub class of key value stores the the main difference is that they can store nested dictionaries nested hashes okay the cut the components of a document store compares to relational databases the easiest way to explain it so where you would have tables they call them collections where you'd have rows that call them documents where you have columns they call them Fields indexes are the same and you do have some ability to do joining via embedding and linking so you know you can leverage that tabular data to kind of think about how document stores are but fundamentally they're not tabular data okay [Music] hey this is Andrew Brown from exam Pro and we are looking at serverless services for Google Cloud platforms so what is serverless well serverless architecture or fully managed services that automatically scale are highly available durable secure by default abstracts away the underlying infrastructure and are built based on the execution of your business task so the idea here is you pay for the value you don't pay for idle servers and serverless can scale to zero meaning when not in use the services don't generally cost anything so let's look at Cloud functions this is functions as a service when we're talking about serverless on any CSP this is what people look at first is what is the serverless functions okay and so you choose a runtime upload single function code so they're not full web apps just parts of code and they're intended to be short-lived and everything else is taken care of for you you have Cloud run this is for serverless containers so run stateless containers on a fully managed environment or via anthos you have app engine platform as a service so build and deploy apps using traditional web Frameworks and all the underlying infrastructures taken care for you platform as a service is not always serverless but app engine specifically has a serverless offering which is the standard version you have event Arc and this is a serverless event bus so you build event driven solutions by asynchronously delivering events from Google services SAS and your own apps used for application integration AWS is one is called eventbridge so it's the same thing there so the idea is it's application integration for Google services and other third parties okay you have K native this is serverless K8 containers deploy managed serverless Cloud native applications for kubernetes you have workflows this is a serverless state machine so orchestrate and automate Google cloud and HTTP based API services with serverless workflows you got bigquery serverless data warehouse understand your data using a fully managed highly scalable data warehouse with built-in ml then you have cloud storage this is serverless storage so it's an object store and the idea is that this stuff is highly available it's distributed across multiple data centers you just upload files you don't think about anything like about the disks or anything else okay [Music] hey this is Andrew Brown from exam Pro and we're looking at storage for Google Cloud platforms so we've got cloud storage persistent disk and file store uh there is cloud source for Firebase that's not going to show up on your exam but let's dive into these three uh really quickly of both their architecture and why they would be used in certain circumstances so for persistent disk the idea here is that it's using blocks as a means of storage so it has a virtual disk and it stores things just like you would on a regular disk the idea here is that you have direct access to the operating system and it supports only a single right volume all right we'll talk about the use cases at the end of going through these three architectures then we have file store which is a file share so the file is stored with the data and metadata we have multiple connections via the network share supports multiple reads but for rights they're going to get locked when someone's writing okay then you have uh cloud storage which is for object or blob storage so data is stored as objects so so there's metadata a unique ID it scales with limited next to no upper limit in terms of the storage it supports multiple reads and writes so there are no locks in place so what would you use these things for well the first one the idea is that you would if you had a virtual machine and use a volume you could attach a block storage this is just basically a virtual hard drive so you could have a VM with multiple block storage or virtual hard disks but the thing is is that that virtual distance only being used by one operating system at the time the single VM okay so if you needed to have a a virtual hard disk that could be accessed by multiple virtual machines that's where you're going to be using a file share and that's what file store is or you could also just have users connect to it because it's using this NFS and SMB protocol and these are ways where you could easily Mount the drive to your Windows computer or to a virtual machine okay and so then last we have is um uh cloud storage which is an object serverless storage the idea here is that you can just upload files you don't have to choose the size of the drive the type of the drive you don't have to worry about backing up the drive or the redundancy of the drive it just works right and there's no concept of a drive it's just there's a bucket and you put everything in it the only drawback here it's not intended for high iopso input outputs reads and writes like it's pretty darn fast but the idea is that you know if you uh you know it's not going to be used as the primary drive of a virtual machine right it's going to be for accessing files okay so hopefully those three categories are clear [Music] hey this is Andrew Brown from exam Pro and we are taking a look at cloud storage so cloud storage is a serverless object storage service you do not have to worry about the underlying disks right sizing availability durability the file system underneath you only pay based on the storage so the address storage and the downloads so actually accessing your requesting files files are called objects and folders are called buckets it has unlimited storage with no minimal object size probably there is an upper limit most serverless object storages do have a particular limit but theoretically it's unlimited storage worldwide accessibility and worldwide storage locations low latency so time to First byte typically 10 milliseconds has a high durability so it has nine nines of annual durability when I say 99s it's because it's 99 and Then followed by nine nines okay it has Geo redundancy if the data is stored in multi-region or dual region it has a uniform experience with cloud storage features security tool and apis and I want to cover available storage classes because these do show up on the exam this isn't something that other fundamental certifications would go this deep on but Google really wants you to know better in detail of their core services so for available storage classes we have standard and so here this is for frequent values so if you're building a web application or just general use you're going to be going with standard storage now this is the least a cost effective solution it's not expensive but there's ways to save okay you have nearline storage this is one you're going to be accessing on average a file once a month or less right it's going to be cheaper than standard storage but the key thing is once a month or less then you have cold Line storage this has a higher access cost than nearline store but a lower at Rec at rest cost so that's kind of just a bit of a trade-off there you have archive storage this actually has no SLA um availability it's zero availability uh SLA because it's just it's offline right so a very slow retrieval very cost effective rarely or never intended to be accessed you're using these to store like um uh you know like reports or accounting information that you have an obligation to store for seven years that's when you'd be using that notice that there's this number here it says 0 30 90 365. this is the minimum storage duration it's the minimum days a file needs to remain in a storage before deleting if deleted prematurely a charge will occur so the idea is they want you to hold on to them for a particular time uh to effectively use them right because if you delete them sooner than it doesn't make sense for for you or for Google Cloud but yeah I just want to emphasize that available storage classes will be on the exam and they showed up more than once for me so definitely know the difference okay [Music] hey this is Andrew Brown from exam Pro and we are looking at networking for the Google Cloud platform so the most important service to talk about is virtual private Cloud VPC it is a logically isolated section of the Google Cloud Network where you can launch Google Cloud resources and the idea is you know once you have your slice of the network the amount of resources you can launch is based on how many available IP addresses and that's determined by cider range so cider range or cider notation is a a format that looks kind of like an IP address it has this forward slash thing on the end here and that is what's determining how many available IP addresses are if you have 65 000 that means you can launch pretty much 65 000 virtual machines you don't ever just launch something into a VPC you'll launch it into a a subnet of a VPC a subnet is a subdivision of the virtual private cloud and the way that works is that you would actually have to choose a cider range as well that side of range is going to be smaller than the the the VPC one interestingly enough the larger the number is the smaller the IP range is that's just how the math works you don't need it for to need to know for the exam but I like to cover this stuff anyway because it's fundamental information we have public subnets and private subnets public subnets can reach the internet private subnets can't reach the internet now there is no a hard rule about that like there's no constraint that is just like you don't say create a private subnet you just create a subnet and if you don't want uh you if you want to treat it as a private submit just don't give them any external or public IP addresses so here I have a little diagram I made here for you just to kind of explain some of the components this is not an exhaustive one networking has so many features here um it just got too complicated so we just have a very simple example here so here we have our VPC a VPC has to be launched within a region so here it is in US West one we have a public and private subnet these would be launch in particular zones that's how you get multi-zone so you create a subnet across a one subnet per zone so you have three zones and that way you'd be highly available we have uh compute engines these are virtual machines running here so if we wanted a virtual machine in our public subnet to reach the internet it has to have an external IP address it would also communicate through internet gateway in Google Cloud you don't have to create an internet gateway like AWS it's just there there's already a route set for it so that's really nice you don't have to think about that for a private subnet if it has to go out to the internet not internet coming in you'd have to use a network address translation so cloudnat that's pretty standard across all the cloud service providers if you're trying to get traffic into a virtual machine studying a private subnet that is where you'd need some kind of hybrid connection so a cloud VPN or Cloud interconnect you'd probably be using both of these in combination that's usually how it goes or just the cloud VPN but but that basically establishes a private connection to this VPC and it's it's private subnet and that way you could just treat it as the same network the way you're going to protect your your resources is via a firewall rules firewall rules are at the instance level and they're also stateful so you can say allow or deny which is when you again if you're in AWS it's totally different right you have um you have uh different controls for that okay but yeah that's generally the main components there okay foreign hey this is Andrew Brown from exam Pro and we are looking at more networking services for the Google Cloud platform now these are just basically auxiliary services not all of them you really need to know in detail for the exam but you should know them in general uh because and they can kind of help you out so let's go through them all so we have Cloud armor this helps protect against DDOS and web attacks we're going to cover that later again this one could show up on your exam Cloud load balancing is just a load balancer a high performance load balancer we have Cloud CDN so this is a Content distribution Network it caches your data globally so that you know your websites load fast stuff like that cloud Nats provision applications without public IP addresses allows web apps to communicate in private subnets out to the internet to download things like packages or software updates things like that cloud DNS publish and manage your domain names using uh Google's reliable resistant low latency DNS service traffic director it is a global load balancer this is this has to do with like service mesh enough Cloud interconnect so connect your infrastructure to Google Cloud on on your terms from anywhere Cloud VPN securely extend your on-premise network to Google's Network through ipsec VPN tunnel that's how you get a secure connection from your uh on premise to your your network Google Cloud Network Cloud router dynamically changed routes between your Google Cloud virtual VPC Network and your on-premise networks using BPG so that's just a component you need to do a hybrid connection and then we have some auxiliary services like very auxiliary services for just kind of like monitoring things like that so Network Intelligence Center a single console for comprehensive network monitoring verification optimization Network Telemetry traffic track Network flows for monitoring forensics real-time uh security analysis expense optimization network service tiers optimize your network for performance or cost so for your exam um you know Cloud VPN Cloud interconnect Cloud armor and that's about it okay now they talk about they say like they're supposed to be things like uh sd-wan and and service mesh I never saw those on the exam so these are the real Three that you need to know but these are all the other things that are involved okay [Music] Andrew Brown from exam Pro and we still got one part left with networking these are just kind of like features of VPC that um I just want you to know they're not core to any questions on the exam but they might show up as choices and so it'll help you eliminate them as the wrong answer okay so we have private Google Cloud this allows your instances to reach Google apis and services using an internal IP rather than a public IP address so uh you know sometimes services are publicly accessible uh maybe like firestore or something like that or bigquery as the idea is you want them to stay in the network right because you're paying outbound or egress costs or you're concerned about security and so having private Google Cloud turned on is a good idea that doesn't necessarily mean that your subnets a private subnet because you turn this on it just means that when it communicates with Google services it's going to use a private IP address for shared vpcs this is a way of sharing subnets with their projects so connect resources from multiple projects to a common VPC this sounds like VPC c network peering it's more like a convenience feature where you're not doing it the networking level it's more at the project level so it confuses me a bit but you know I get it there's VPC networking peering so private connect to VPC networks which can reduce latency costs and increase security so VPC peering is common in all cloud service providers uh yeah just joining those vpcs together serverless VPC access allowed Cloud functions Cloud run Services app engine standard environments apps to access resources in a VPC network using those private IP addresses I wonder if you have to have private Google Cloud turned on for that but it sounds like the other way so private Google cloud is like my machine connecting with other Google cloud services and serverless VPC accesses just services that are generally public facing where you access them over public IP address access things via the private Network okay [Music] hey this is Andrew Brown from exam Pro and we are looking at internal services for the Google Cloud platform so these are services that you generally cannot use and they're and they're designed to be uh supportive of all the underlying infrastructure for many Google cloud services I just want to get you exposed to these because they might show up as twice as as distractors on your exam and you might see them in the documentation with no context and so you just might wonder what these things are so that's why we're going to cover them and the first one actually is an exception where you can use this service but it's spanner and so spanner without the word cloud is the internal service globally consistent scalable relational database and then Google made this available to us as Cloud spanner then you have Borg it's a cluster management manager that runs hundreds of or thousands of jobs from many thousands of different applications across a number of clusters each with up to tens of thousands of machines Borg I think is inspired by Star Trek right the Borg we have chubby a distributed lock manager dlm as a service that temporarily prevents files and records from being used by another user or operation on a virtual machine and then you have Colossus cluster level file system successor to the Google file system GFS provides the underlying infrastructure for the Google Cloud Storage service from firestore to Cloud SQL to to uh to firestore again I suppose and to cloud storage I guess I was trying to write something else there but that's okay but there we go [Music] hey this is Andrew Brown from exam Pro and we're looking at what is apogee so apogee Corporation was an API management and Predictive Analytics software provider before it's merger into Google Cloud so apogee is a founding member of the open API initiative so that's what we're talking about open API 3.0 specification originally known as the Swagger specification so open API specification is an open source standard for writing declarative structure of an application program interface API and can either be written in either Json or yaml format so here it is uh but what what they're talking about here is that there's things called API gateways and API gateways is a hosted version of an API and that and if you're familiar with apis the idea is you can Define endpoints you can say I want a route to users and it's a get and the idea is I want to send it to somewhere I want to send it to this Lambda to this virtual machine or whatever okay okay csps will have fully managed API Services known as API Gateway these API graduates generally support open API standards so you can quickly import or export apis so like on AWS you can use open API 3.0 or Swagger which is 2.0 same thing with gcp same thing with Azure they all have these things okay but in particular Google has apogee okay and so their apogee Services were blended into Google Cloud platform okay [Music] hey this is Andrew Brown from exam Pro and we are looking at API management so API management is where you have API gateways uh that are basically hosted API endpoints that access Google Cloud resources we got a couple of options here we have the apogee API platform this is an API Gateway develop secure deploy monitor apis everywhere expensive but has many features then you have Cloud endpoints this is also an API Gateway develop deploy manage apis of Google Cloud cheap and simple good Integrations with app engines and other services I don't know if Cloud endpoint came before apogee but I mean I can understand why there's two offerings here you know they acquired a company that had an API Gateway and then they just wanted a cheaper one that's more like serverless kind of offering on the right hand side so but we'll look at what apigee does because it does a ton so we have API analytics we have API monetization where you can actually people pay to access particular resources via the API apogee sends so ad intelligent Behavior detection to protect guys from Attack apogee hybrids a manage API on premise on Google cloud or in a hybrid environment so you can use your apis outside of Google Cloud which is cool Cloud Healthcare API help secure apis that a power actionable Healthcare insights I think that last one is on the apogee side for cloud endpoints now doesn't sound like it does much but it has one really cool thing which is a developer portal so the idea is that once you've created your API you can press a button and it takes about 10 minutes what I'll do is it'll spin up a a website or web app that allows you to explore the API and that's really useful if you're just like looking for documentation or you want to interact with the API for the developers on your team and I really like that feature so there you go [Music] hey this is Andrew Brown from exam Pro and we are looking at data analytics services for the Google Cloud platform so the number one here is bigquery understand your data using fully managed highly scalable data warehouse with built-in machine learning you've got Cloud composer create schedule Monitor and manage workflows using a fully managed orchestration service built on top of Apache airflow you've got data flow develop real-time batch and stream data processing pipelines it is using Apache beam in this case cloud data Fusion so quickly build and manage data pipelines using fully managed code-free data Integrations with a graphical interface you have data prep by trifacta so explore clean and prepare data for analysis dataproc perform batch processing querying streaming using a manage Apache Spock Hadoop service you've got Google data Studio tell great stories to support Better Business decisions Pub sub ingest event streams from anywhere at scale data catalog discover and understand your data using a fully managed scalable data Discovery and metadata managed service Cloud Life Sciences process analyze and annotate genomic and biomedical data at scale using containerized workflows for the exam you want to know the difference between data flow and data proc because these will come up like side by side and choices and they seem very similar because they do the same thing actually these three all do the same thing they're etls they take data and they they do batch Transformations on them or streaming on them but this one here dataproc is when you want to use Hadoop it is it is uh then you have data flow and this one is more of a fully managed service and then cloud data Fusion this is where you actually have a graphical user interface and it's code free all right so you know if you understand the difference between those three services you're going to get yourself some extra points there on the exam other than bigquery nothing else really showed up here just those three okay [Music] hey this is Andrew Brown from exam Pro we're looking at dataproc versus dataflow versus cloud data Fusion because I said these three are important to know the difference between so dataproc is for open source pipelines that can use Apache spark Apache Hadoop service it's for batch processing querying streaming uh you know when I say ETL or elt this is just batch processing okay and so one of the things hey this is Andrew Brown from exam Pro and we are going to make sure we know the difference between dataproc dataflow and cloud data Fusion because they're going to show up on the exam and they can get confusing okay so dataproc is for open source pipelines Apache spark Apache Hadoop so it can do uh batch processing querying and streaming and so the real Focus here is really on spark because spark is known to be the fastest tool I think it's like 50 times faster 100 times faster than standard Hadoop jobs and just overall super super fast extremely popular so you know that is the reason why you'd go with dataproc because you're using Apache a spark or Hadoop the downside here is there's more management to be involved here some of it's abstracted away but not all of it then you have data flow this is a fully managed pipeline for batching and streaming okay it's powered by Apache beam which is technically open source but that is not an open source tool for actually doing the batching and stuff it's to manage the pipeline okay so if you need a fully managed service that's what you're going to use then you have cloud data Fusion this is a a way of visually building pipelines it's no code Enterprise solution for building etel pipelines via drag and drop interface I don't think you can use this for streaming it has 150 plus pre-configured connectors and Transformations so you just drag and drop stuff you just run it and as it's consumed that's what it does if you're using Azure this is the same thing thing is similar to Azure data Factory or AWS this is similar as glue okay um you know again I don't think it does streaming but I think that cloud data Fusion probably would have the highest price point for best performance you would be using dataproc for the least amount of headaches but still doing things pragmatically you'd be using data flow okay so those are the three and remember them okay [Music] hey this is Andrew Brown from exam Pro and we are looking at developer tools now these aren't really going to show up on the exam or if they are we've already covered them the most important ones but I just wanted to go over these just so that you had a full scope just for your own knowledge of things that are here I couldn't even be bothered to even pull out icons for this one but let's get through it here because I think that you know you might be able to take something away from this that you might use in your own development workflow okay so you have artifact registry so this is restoring containers you have the cloud SDK we covered that earlier this is a package to interface with the command line interface or chromatically write code in your code you have container registry this is the older form of storing containers recommended to use artifact registry nowadays you have a code or Cloud code man that's a hard one to say extend your IDE with tools to write debug deploy kubernetes application so it's just um probably I think you install that with Visual Studio code but it's just stuff around burnettis Cloud builds so we looked at this in our in our container section this is for running containers for build environments Cloud Source repositories so manage code and extend your git workflow by connecting Cloud build app engine stuff like that it's just a way of connecting uh git repos to various Services Cloud scheduler scheduled batch jobs big data jobs Cloud infrastructure operations using a fully managed Cron job service if you use database that's cloudwatch right Cloud tasks asynchronously execute dispatch delivered distributed tasks when you're working with Cloud functions you're going to be working with Cloud tasks Cloud code for IntelliJ so debug production Cloud apps inside IntelliJ okay tools for Powershell so you can work with Powershell with Google they got tools for visual studio code Eclipse app engine plugins a maven app engine plug-in so it's all for Java there the Gradle and the maven Firebase test lab so test your mobile apps from a variety of devices and device configurations that one I'm interested in checking out Firebase crash analytics but these are all within Firebase so that's the only issue there so get a clear actionable insights into your app issues techton so create CID style pipelines using kubernetes native building blocks workflows orchestrate and automate Cloud Google Cloud HTTP Based Services that's a serverless state machine event Arc uh build event driven solutions by asynchronously delivering events from Google services that is just a service event bus so a lot of these we've already covered but just just wanted to show you some of these tools because maybe you use one of these Ides and you just want oh okay I'm gonna go check this out I use Eclipse that'd be cool you know [Music] hey this is Andrew Brown from exam Pro and we're looking at hybrid and multi-cloud services for Google Cloud now it seems like we're reiterating over the same Services again and again in different ways and that is on purpose because I want you to know these services so you can remember them for the exam so let's get to it the first is antho so modernize existing apps build web apps build high in hybrid and multi-cloud environments when enabling consistency between on-premise and Cloud environments remember anthos allows you to extend your control plane to not only other multi or other cloud service providers but also on-premise can do compute and kubernetes you have anthos deployed on VMware so modernize existing apps and build new apps on your VM environments they're never going to ask you to do a VMware deployed on uh or anthos deployed on VMware but VMware can show up on the exam so you should know what that is anthos gke so that's Google kubernetes engine so deploy managing scale containerize applications on kubernetes is powered by Google Cloud this is this is just showing you that anthos handles Google kubernetes environment ethos config management automate policy and security at scale for your hybrid kubernetes deployments you have Cloud run for antho so easily leverage and the benefits of combining kubernetes and serverless apogee API management deploy secure and monitor apis everywhere remember you can use apogee in hybrid or multi multi-cloud okay so that is one of its advantages the Google Cloud Marketplace for anthos easily deploy containerized apps with features of pre-built deployment templates and Consolidated billing migrate for anthos so if you're trying to move servers onto Google Cloud this is going to be specifically for containers I've seen this questions on the exam where you have to choose between my grade for anthos and migrate for compute engine and so if it's a virtual machine you're using compute engine if it's containers you're using migrate for anthos okay there's operation so aggregate metrics logs and events from your infrastructure to get signals at the speed of analysis that's under compute engine you have traffic director this is a global load balancing across clusters and config sophisticated traffic control policies for open service mesh what you really need to know is anthos because anthos is what's going to show up on the exam okay [Music] hey this is Andrew Brown from exam Pro and we are looking at Internet of Things So internet things are physical objects embedded with sensors software and other technologies that stream data to cloud services or other Edge devices an edge device is a device that is an entry point to a service provider Network so uh Google has exactly one offering for iot's and that's iot core securely connect and manage iot devices using a fully managed service if you're wondering what kind of things would be iots maybe you'd have something like a smart plant Health sensor video security this is a the ring device by Amazon where when people press the button to record you have conversational AI so a home assistant you know like Alexa Google home temperature control with Nest there's these iot kits this is the AWS one but Core 2 is pretty much a standard one for iot gets to start learning how to use iot and of course drones so there you go [Music] hey this is Andrew Brown from exam Pro and we are looking at Cloud deployment manager so to understand this we need to know what infrastructure as code is so IEC is the process of managing and provisioning cloud services through machine readable definition files so yaml or Json files rather than manual configuration when you want to have governance in your Cloud you want to use IAC because it it means that it will exactly Define what there is uh and that is a really great way to keep track of exact configuration okay so for Googles it's called Cloud deployment manager so that is their IAC service you write them as yaml files and you deploy them via the cloud CLI I was a bit surprised to see that they didn't have like an upload and so I was a bit confused as to how they go do this if you search for IC for Google Cloud you'll see terraform a lot which is a third-party provider for some reason they just kind of like bury their own uh IAC solution but it does exist and I don't believe there's a Json format just the gamble files but there you go [Music] hey this is Andrew Brown from exam Pro and we are looking at media and gaming services for Google Cloud what's interesting on the actual exam they'll use a gaming company as the business use case so many times but they never give you the choice of an actual gaming specific service which is a bit of a shame to me but they actually have a service called Game servers and delivers seamless multiplayer gaming experience to a global player base what this actually is it's an open source game management server called agnos that runs on kubernetes and I guess the idea here is that you're able to create Realms so if you're ever making a massively multiplayer game the idea is you can set up different regions and the idea is that uh you know like it's just gonna work really easy where players come in and say okay I'm in the U.S region or I'm in Europe and I want to connect there things like that they all have open queue so manage complex media rendering tasks using open source render manager then they have transcoder ai so convert video files and package them for Optimum delivery to web mobile connected TV that'd be for video on demand kind of stuff okay [Music] hey this is Andrew Brown from example and we are looking at the operations Suite which is just a collection of operation or monitoring services for Google Cloud so allows you to monitor log trace and profile your apps and services so the main one here is cloud monitoring provides visibility into the performance availability and overall health of the cloud powered applications you got service level monitoring so Define and measure availability performance at other service levels for cloud-powered applications for cloud logging or reporting you have Cloud logging so store search analyze Monitor and alert on log data and events from Google cloud and AWS error reporting identify and understand application errors then you have APM so you have Cloud Trace fine performance uh bottlenecks and production Cloud debugger investor investigate code behavior and production and Cloud profilers to continuously gather performance information using low impact CPUs and heat profiling Services is this stuff going to show up in the exam probably not you should just know Cloud monitoring here okay [Music] hey this is Andrew Brown from exam Pro we're going to look at a couple other products that Google has probably not going to show up an exam but you should know about them anyway one thing you can do is you can utilize Google Maps platform within the gcp so if you want to create interactive maps and interact with that API you can do that the other part is Chrome Enterprise so this is a chrome management policy to meet product productivity and security needs we might cover it in the security section it's I think you can use it alongside Beyond Corp uh but which is their zero trust model framework but yeah those are just two kind of loose ends I just wanted to throw in the course okay [Music] hey this is Andrew Brown from exam Pro and we are looking at Firebase so this is Google's fully managed platform for rapidly developing and deploying web and mobile apps really it's a platform as a service utilizing serverless technology Firebase offers the following services and features so uh Cloud firestore machine learning cloud functions authentication hosting cloud storage real-time database crash of Linux performance monitoring test lab app distribution Google analytics in-app messaging predictions A to B testing Cloud messaging remote config Dynamic links so Firebase is basically an alternative to using Google Cloud directly for users who want to focus on building and deploying their applications in a highly opinion framework if you ever heard of AWS amplify it's based that's the AWS uh competitor for this the only thing that I find like this service is great but I find that it's very hard to migrate off of Firebase onto Google Cloud but the idea is that you know if you just you don't really want to learn all the the infrastructure as the service stuff and you just want all the this convenience around you this thing is really great okay [Music] hey this is Andrew Brown from exam Pro and we're looking at migration services for Google Cloud the First on our list here is the database migration service and this is when you're migrating open source relational databases into Cloud SQL didn't see this one on the exam which is kind of a surprise because I think that would be kind of an essential one it might show up in the future maybe I just didn't get any questions for that we got bigquery data transfer service this is when you're importing data into bigquery again another one I did not see on the exam then we have migrate for compute engine and migrate for anthos these are two you want to remember when you want to import from your on-prem into or migrate on-prem into your Google Cloud you're going to be using compute engine for VMS and for anthos you're going to be using containers you've got to remember the difference between these two because they will show up in a lineup for sure another one and this time it's for storage not compute but you have cloud storage transfer service so this is when you're migrating just general storage like data it could be from S3 it could be from RAM and then there's also transfer Appliance this is where you are transferring storage but you have so much data like terabytes of data that you need a physical drive to ship the data so these two I'm giving you extra emphasis here these two and these two are going to show up in a lineup on the exam for sure so know the difference between them okay [Music] hey this is Andrew Brown from exam Pro and we are looking at the types of migration for Google cloud and they Define three and the idea here this is a migration from on-premise to the cloud Okay so we've got a spectrum here the stuff that's easiest is going to be the left the stuff that's going to be the hardest is going to be the right so we have lift and shift improve and move and rip and replace so quick summaries of these three types of migration before we dive a little bit deeper into each of them for lift and shift there's little to no enough modification we're taking the least advantage of the cloud but it's going to be the fastest migration strategy for improve and move we refactor your existing app take advantage of the most of the cloud offerings slow migration process ribbon replace we're rebuilding from scratch we're taking advantage of the maximum value of the cloud offerings but it can take the longest amount of time so those are the three let's just reiterate them on with a little bit more text here to reinforce what they are okay so for lift and shift move workloads from a source environment to a Target environment with with minor or no modifications or refactoring this is going to be ideal when a workload can operate as is in the Target environment little or no business need to change for considerations you this requires the least amount of time because the amount of refactoring is kept to a minimum the team can continue to use the same set of tools and skills they were using before doesn't take full advantage of the cloud platform features such as horizontal scaling fine grain permissions highly managed services for move and improve we modernize the workload while migrating to take advantage of cloud native capabilities so this is ideal when your architecture or infrastructure of an app isn't supported in the Target environment a major update to the workload is necessary some considerations here is it takes longer than a lift and shift migration it must be refactored in order for the app to migrate there's extra time and effort as part of the life cycle of the app and it requires that you learn new skills the last one here is rip and replace so decommission an existing app and completely redesign and rewrite it as a cloud native app this is ideal when the current APP isn't meeting your goals you want to remove Legacy technical debt some considerations here is that it requires the most amount of time to develop and you it requires the most amount of time to learn okay [Music] hey this is Andrew Brown from exam Pro and we are looking at migration path and the reason I want to go through this stuff is not because they're going to ask questions on the exam but it's going to help you contextualize a lot of the business use case scenarios because you know this isn't like a normal fundamental certification they just make it a lot harder so you need that contextual knowledge okay so there are four phases of your migration there's assess plan deploy and optimize this is going to be text heavy but we'll work our way through it and you'll leave with some knowledge okay so for assess perform a thorough assessment and discovery of your existing environment in order to understand your app and environment inventory identify app dependencies and requirements perform total cost of ownership calculations and established app benchmarks we got plans to create the basic Cloud infrastructure for your workloads to live in and plan how you will move apps this planning includes identity management organization project structure networking sorting your apps and developing our prioritized migration strategy we got deployed so design and Implement execute compute a deployment process to move your workloads to Google Cloud you might also have to refine your Cloud infrastructure to deal with the needs optimize begin to take advantage of cloud native Technologies and capabilities to expand your business potential to things such as performance scalability Disaster Recovery cost training as well as opening the doors to machine learning AI Integrations for your app so we'll spend more time right now into each of these four phases just to kind of cement this knowledge okay phase one is is the assessment phase you gather information about the workloads you want to migrate and their current runtime environment so you're going to take an inventory build a list of your machines Hardware specifications operating systems and licenses you'll have catalog apps so build a catalog Matrix to help you organize apps into categories based on the complexity and risk in moving to Google Cloud I don't think we show it in here but the idea is if you want to see it they have an example in the Google Cloud documentation educate your organization about Google Cloud so train and certify your software Network Engineers on how the cloud works and what Google Cloud products use maybe you could use this course to do that experiment and design proof of Concepts so choose a POC and implement it calculate the toss the total cost of ownership TCO so compare your costs on Google cloud with the costs you have today use the Google Calculator choose which workloads to migrate first so identify apps with features that make them likely to be for movers all right and starting with a less complex app lowers your initial risk because later you can apply your team's new knowledge to Heart harder migration apps phase two so in the plan phase you provision and configure the uh the cloud infrastructure and services that will support your workloads on Google Cloud so establish user and service identities so for Google accounts an account that usually belongs to an individual user that interacts with Google cloud service accounts an account that usually belongs to an app or a service rather a user Google Groups a name collection of Google accounts Google workspace domains a virtual group of all the group accounts that have been created in your organization group workspace accounts it's good to know what all these things are because you know there is overlap in the course for these okay Cloud identity domains these domains are like Google workspaces but they don't have access to Google workspace applications this is one you just need and we cover Cloud identity but this is just when you need um access to Google Cloud but not to um you know the g65 or the the G Suite okay so design your resource organization so organize your resources using uh the Google resource hierarchy organizations are the root of a resource hierarchy and represent a real organization such as a company folders are an additional layer of isolation between projects that can be seen as sub organizations projects are base level organization entities and must be used to access other Google Cloud resources hierarchy architectures we have environment oriented function oriented granular access oriented we cover these in its own section because that's how important it is this one super super important for this course is understanding the stuff you'll see exam questions around resource hierarchies okay to find groups and roles for resource access so set up groups and roles to Grant the necessary access to resources design your network topology and establish connectivity so set up the network topology a connectivity from your existing environment to Google Cloud this could be be a cloud VPN peering so VPC peering Cloud interconnect okay and those three well at least the two Cloud VPN and Cloud energy are going to show up on the exam for phase three this is the deploy phase Implement a deployment process and refine it during the uh the migration so you have fully manual deploys lets you quickly experiment with the platform and tools but it is error prone and often not documented and repeatable configuration management tools abbreviated to CM so configure an environment in an automated repeatable controlled way run remote commands on VMS that check the state and remediate of an instance to the desired configuration State you have config container orchestration so consider using kubernetes so you don't have to worry about the underlying infrastructure in the deployment logic so you could use Google kubernetes engine for that deployment automation so automate the deployment process by implementing continuous integration and continuous delivery pipeline you have infrastructure as code write a script that defines resources to be created or updated in a single deployment action share and stand up entire workflows and environments easily IC tools here is Google deployment manager or hashicorp terraform and terraform is just it's an IAC but it works across all cloud service providers and it's really important to know all these different type of deploy types at the fundamental levels that can really help you on the exam okay phase four of the optimize phase start optimizing your target environment so build and train your team train your development and operations team to take full advantage of new Cloud environments monitor everything monitoring is the key to ensure that everything in your environment is working as expected Prometheus Google Cloud logging Google Cloud monitoring automate everything so manual operations are exposed to a high error risk and are also time consuming automation leads to cost and time saving savings and reduces risk so we're looking at Google Cloud composer which is using Apache airflow spin maker they're not going to ask those on the exam a codify everything so by implementing processes such as infrastructure as code policy as code make environments fully Audible and repeatable use managed Services instead of self-managed ones Cloud SQL automl gke app engine optimized for performance and scalability so horizontal scaling vertical scaling and you want to reduce the cost so take advantage of sustained use discounts Suds committed used contracts which sometimes are committed committed use discounts so cud so don't get too hung up on the word contract there flat rate pricing such as bigquery which I think is the only service that does that kind of flat rate pricing okay so there you go [Music] hey this is Andrew Brown from exam Pro and we are looking at migrate for compute engine and it enables you to migrate lift and shift of your virtual machines with minor automatic modifications from your Source environment to the Google compute engine the reason we're giving this a little bit more detail is because on the exam I just saw some more questions that are kind of around the feature set of compute engine uh and so I just didn't want you get tripped up on the exam okay so continuously replicates this data from the source to VMS to Google Cloud no downtime on the source via transfer quickly clone and test a migrated VM so after it's migrated you can use test clones and make sure everything's working fine if not you can roll back I'm highlighting this one in particular because I saw it on the exam easily perform all migration tasks with Google Cloud console so just understand there's no downtime with this thing it continuously replicates and you can use test clones all right [Music] hey this is Andrew Brown from exam Pro and we are looking at anthos for Google cloud and I know I've mentioned anthos so many times but it is in the exam so that's why I want to uh show it to you from different angles so anthos is a modern application management platform used for managing hybrid architectures that span from Google Cloud to other AWS or on-premise data centers running VMware anthos is a single control plane to manage kubernetes compute in hybrid scenarios core components of anthos would be infrastructure containers cluster management it has a managed service mesh this is great for seeing where your resources are and trying to be able to Define slos service level objects to give guarantees to your customers multi-cluster management configuration management migration service management it's serverless secure software supply chain logging monitoring and it has a Marketplace so it is a pretty darn robust system if you're building service based architecture applications anthos is a great enabler for this with microservices but there you go [Music] hey this is Andrew Brown from exam Pro and we're looking at migrate for anthos and Google kubernetes engine normally they'll just be migrate for anthos but we just extend it with the full name here so you understand what the utility of anthos is which is for migration of containers to gke so when migrate for antos you can migrate your VMS from your supported Source platforms to Google kubernetes engine anthos anthos clusters on VMware anthos clusters on AWS so you can bring them in from a lot of different places you use auto-generated container artifacts including container images Docker files deployment yamls and persistent data volumes to deploy migrator workloads and integrate with services such as antho service mesh anthos configuration management stackdriver Cloud build for maintenance using cicd pipelines microanthus is offered at no charge and no answer subscriptions required when migrating to gke charges for other gcp services may still apply okay so the big takeaway is that you use this for migrating containers to gke and there's no cost to doing that and you don't need a subscription okay [Music] hey this is Andrew Brown from exam Pro and we are looking at storage transfer service which allows you to quickly import online data into cloud storage set up a repeating schedule for transferring data as well as transfer data within cloud storage from one bucket to another it's going to enable you to move or backup data to a cloud storage bucket either from other cloud storage providers or from your on-premise storage move data from one cloud storage bucket to another so that it is available to different groups of users and applications periodically move data as part of data processing pipeline or analytical workflow you can schedule one-time transfer operations or re recurring transfer operations delete existing objects in the destination bucket if they don't have a corresponding object in the source delete data source objects after transferring them schedule periodic schedule synchronization from a data source to data sync with Advanced filters based on file creation dates file names and the times of day you prefer to import data so what I want you to understand here is that you can use it for cross region application so because you can move it on a schedule from bucket to bucket that you can get data from other cloud storage providers like AWS or you can get it from on premise okay [Music] hey this is Andrew Brown from exam Pro and we are looking at transfer Appliance and this is a hardware Appliance you can use to securely migrate large volumes of data so migrate hundreds of terabytes up to one petabyte comes in two configurations so 100 terabytes and forty eighty terabytes imagine when they say a petabyte you just have multiple multiples of these drives that you would ship so the one on the left here would be the 480 terabyte the one on the right is the 100 terabyte you can mount transfer Appliance as an NFS volume making it easy to drag and drop files or R sync from your current Nas to the Appliance one you want to use transfer Appliance your data has to be greater than 10 terabytes that's generally when you want to do it or it would take more than a week to upload your data over the network you want to remember these last two they will absolutely help you on the exam for just features in general if they're tamper resistant so they cannot be easily open apply tamper evident tags to the shipping case they're ruggedized that means like they're just they have like an exterior case that makes them so they they're not damaged you know trusted platform module TPM chip is installed on these so they're immutable root file system and software components that haven't been tampered with it has Hardware at a testation so they validate the appliance before you can connect connect it to your device and copy data to it for other features when you're in transit it has a AES 256 encryption customer managed encryption Keys nist 888 compliant data Erasure okay for performance features all SL drives are SSD so there's no moving Parts it's very fast iops multiple network connectivity options here we got 10 gigabytes per second 40 gigabytes per second it's scalability with multiple app appliances so use multiple appliances to increase the transfer speed that's where I imagine you'd get up to a petabyte of data a globally distributed processing so ships quickly to and from the data center to Google Cloud minimal software so use common software already on your Linux or Mac or Windows system okay [Music] hey this is Andrew Brown from exam Pro and we're looking at Ai and ml services and the most important one here is vertex AI so this is Google Cloud's unified ml platform for building ml Solutions end to end and so a lot of the stuff you're going to be doing uh when it's ml or deep learning is going to be with vertex okay so let's just kind of Define what a ml pipeline looks like so we have data Readiness feature engineering training hyper parameter tuning model serving understanding Edge so that would be like deploying to the edge like on mobile devices model monitoring and Model Management and so we're just going to break it down here into three sections and so before we get into the actual functionality of machine learning Services we need some way to actually run these models so there's Specialized or trained or run or infer but they have specialized virtual machines and containers so that's part of the deep learning environment these will be a compute that already has pre-installed on them uh the like Python and tensorflow and they might be optimized for gpus things like that now that we have our compute we need a an actual environment to build these in and the golden standard across the board for no matter what platform you're on is Jupiter notebooks and every single platform just like gcp they'll just call them like vertex notebooks but really they're Jupiter notebooks okay so now that we have an environment or a developer environment we can work on and we have our compute let's talk about the services throughout this pipeline so starting the left hand side we have data labeling this is a service that the idea is that if you want to train a supervised machine learning model it needs to have labeled data because it's going to use that to learn so the idea is that you can input uh data and then get people to help you label it okay you have data sets that is just a curation of your data that's going to be ingested into the um uh the pipeline or into the ml model or prepared for feature engineering feature store is you extracting out key data and making it uh machine readable for the ml model you have experiments this is when you are trying different iterations of the ml model so you need to remember like parameters and configurations and the history about them you have ai accelerators this is just um I think this is fractional this is fractional GPU this idea is that if you have a a virtual machine and the GPS are too expensive you can just have fractional gpus visor optimization this is a a closed closed Source service that does optimizations on your models I imagine it's for hyper tuning so we have training so that's where you are just training your model so you do like a a container or a virtual machine to do that then there's actually the prediction so that's to doing inference explainable AI so the idea is there's this big there's this big concern about the ethics or responsible ability of AI and so if you can see how it works then you can detect for bias or other unfair unfair things we have hybrid AI so I imagine that is just being able to take a model and deploy it on a phone or low end devices like on the edge closer to the the people for model model we have continuous monitoring you want to watch for things like drift or degradation because if you have a a machine learning model it can like it can get worse at predictions over time and it sounds very unusual but it's something that can happen so you want to watch out for that kind of stuff and for Model Management we can collect a bunch of metadata and I imagine that would be just for like we'd have um a model catalog like a place to store our models for easier deployment and then we want to automate this entire thing so we have pipelines this is called ml Ops it's the automation of the end-to-end pipeline for building training inferring uh you know deploying a model then we have Auto ML and so this is basically automates a bunch of this away it's kind of like your platform is a service for machine learning so this can do it for vision for video for language for translation for for tables the idea is you just upload your data and then it pretty much does the rest for you it will actually run a bunch of experiments and you'll just choose which is the best one so it really makes it easy if you don't know what you're doing okay [Music] hey this is Andrew Brown from exam Pro and we are looking at tensorflow so tensorflow is a low-level deep learning machine learning framework created by the Google brain team and tensorflow is written in Python C plus plus Cuda and there are apis that allow you to use various other languages and so tensorflow is all based around this idea of a tense or so a tensor is a multi-dimensional array and so they call it ts.tensor in their their stuff and it's similar to a numpy ND array of objects and so TF dot tensors can reside in accelerator memory like a GPU so they're basically a new type of data structure that's just very specialized for machine learning and Google actually has created their own Hardware called a tensor Processing Unit specifically optimized for tensorflow and the tensor data structure the way you write tensorflow is in Python an example of an ml model in tensorflow is here on the left hand side technically this is kiris kiris is a high level abstraction of of tensorflow and so it can get a bit confusing initially the difference in cruise and tensorflow but they're essentially the same thing because Keras is packaged with tensorflow for the Google Cloud platform they specifically offer tensorflow enterprise so they accelerate and scale ML workloads on the cloud with compatibility tested and optimized tensorflow along with Enterprise ready services and support okay [Music] this is Andrew Brown from exam Pro and we are talking about vertex AI again and the reason why is I just want you to understand the history of it like how it came about to avoid some confusion in the Google Cloud console so vertex AI is the unification of AI platform and the addition of automl to offer an end-to-end solution for all your custom ML and DL needs so AI platform is technically uh deprecated you can still use it but it's not recommended to uh to use the platform they're always suggesting you to migrate over to vertex AI but the idea here is you would be able to prepare supervised training training with data labeling notebooks to write in document building ml models a model registry to hold all your trained models pipelines for setting up automated CI CD to rapidly deploy new changes also known as ml Ops and the other component to vertex AI is automl so easily trained high quality custom ml models you just upload your data choose what you want to predict and it does the rest okay uh and I actually had a bit of hard time finding the service I was typing like automl uh but really there's a thing uh in there which is called tables and so you could build and deploy machine learning models on structured data so you just like you'd upload the the or actually be a data sets to upload a data set and from there you say Okay I want to analyze this tabular data okay through automl [Music] hey this is Andrew Brown from exam Pro and we are looking at ML and DL environments so we're talking about the compute and the notebooks okay so to predict train tune predict for machine learning models you need to use compute optimized and specialize for ML ntl tasks so an ml compute solution will be pre-packaged with specific ml Frameworks data science libraries and you'll have to make the choice between a CPU or utilizing gpus CPUs are great for classical machine learning so supervise unsupervised learning things that are math based like uh or statistics based algorithms gpus are really well suited for deep learning they're very powerful but they're also really really expensive so you got to really decide whether you really want to use gpus or not you have deep learning images and you have deep learning containers so here I'm launching up a notebook instance so a notebook instance has to utilize some kind of compute and so I believe this is a VM here that we're launching and it has a tensorflow Enterprise as the pre-packaged ml framework it probably has data science libraries along with it and here it is using gpus so we have Nvidia Tesla T4 and of course there's CPUs alongside gpus but you know just use the gpus on their own there's also Cloud GPU so this adds gpus to your workloads for machine learning scientific Computing and 3D visualization why do you need this well this is fractional gpus because gpus are so expensive sometimes people just need a little bit of gpus and that's where this service kind of fulfills that cost-effective gap for notebooks it's a web-based application for authoring documents that combine Live code narrative text equations visualizations a notebook makes it easy to code all the steps in ml solution while intermixing documentation it makes it easy to rerun segments of code for a fast and iterative developer experience vertex AI notebooks are powered by Jupiter Labs IDE so Jupiter is the industry standard for interactive notebooks for building ml models or for data analysis if you're already in the data sphere you know what this is if you don't you should go out there and learn it very useful so that is the IDE and then this is the Jupiter notebook okay so yeah there you go [Music] hey this is Andrew Brown from exam Pro and we are looking at the AI Services offering for Google Cloud platform so AI is when machines mimic human behavior or can perform human tasks and AI leverages ML and DL and generally AI refers to fully managed ml SAS offerings I don't know why Google decided to call vertex AI with AI in it because it's really just for ML and and deep learning anytime we just say hi people just think fully managed Services okay but these are the fully managed services that Google offers they're not part of vertex AI so they're just outside of it but let's take a look here so we have Vision AI it derives insights from images text and more and custom or pre-trained models video AI enabled powerful content Discovery engaging video experiences natural language API so derive insights from unstructured text recommendations AI so provide a catalog of Records will make suggest recommendations to users translation so dynamically translate between languages document AI natural language processing to train and simulate human review of documents Talent solution the capability to create update read update delete job postings this one is such an oddball you know I think I looked at it before but I don't fully understand it for the exam uh you know they will they might give you a lineup of vision or video AI okay so if you know what these generally do it's not really that hard to figure out here so we don't have to go very deep on these AI Services okay [Music] this is Andrew Brown from exam Pro and we are looking at conversational Ai and this is technology that can participate in conversations with humans so chat Bots voice assistants interactive voice recognition systems of ivrs use cases here would be online customer support accessibility HR processes Healthcare Internet of Things computer software mostly we're seeing it as the first one there online customer support So Google has really good a conversational Ai and they have a few different offerings here so we have agent assist Empower human agents with continuous support during calls by identifying intent and providing real time and step-by-step assistance you've got dialogflow so build engaging voice and text-based conversational interfaces and they have more than one offering here so they have dialogue CX so it provides an advanced agent type suitable for large or very large agents a dialog flow es so provides the standard agent type suitable for small and simple agents just some auxiliary Services here we have text to speech so convert text to Natural sounding speech using ML and speech to text to convert speech to text using power of ml I suppose the last two there should have been in our AI service lineup but we got through it will you see this stuff on the exam probably not but you should know it because it's one of Google's greatest strengths and I'm really surprised that didn't have it in the exam [Music] this is Andrew Brown from exam Pro and we are looking at identity and access services and also Security Services for the Google Cloud platform so the top here we have identity and access management so IEM this establishes find great identity and access management for Google Cloud resources we've got Cloud identity so easily manage user identities devices and applications from One console identity platform add Google grade identity access management to your apps Beyond Corp Enterprise a zero trust solution that enables secure access with integrated threat and data protection identity aware proxy that's always usable Beyond Corp so use identity and context to guard access to your applications and VMS manage service for Microsoft active directory active directory so this is just if you need active directory and you want it hosted on Google you can do it that way resource manager this is a hierarchical managed resources on Google Cloud security key enforcement so enforce the use of security keys to help prevent count takeovers tighten security keys to defend against account takeovers from phishing attacks these are security keys made by Google not going to show up an example they look really cool they're supposed to be really good so you check them out before we move on to the next slide I just want to give some Focus here you want to know what IAM is you want to know what cloud identity is you want to know what Beyond Corp identity aware proxy is you definitely want to know what managed service for Microsoft active directory is these are the ones that are going to show up on the exam okay move it on to security so access transparency get visibility over your cloud provider through near real-time logs binary authorization so deploy only trusted containers on kubernetes engines Cloud asset inventory so view Monitor and analyze Google cloud and anthos assets across projects and services Cloud audit logs gain visibility into who did what where when all that stuff on Google cloud cloud data loss prevention sometimes I write protection in there but it's prevention discover and redact sensitive data Cloud HSM protect cryptographic keys with a fully managed Hardware security module service Cloud Key Management Service manage encryption keys on the cloud this one is the multi-tenant this one is the single tenant okay security Command Center so understand your security and data attack service shielded VM so deploy hardened virtual machines on Google Cloud VPC service controls protect sensitive data in Google cloud services using security perimeters incident response management improve your incident and medium time to mitigate I'm just going to erase the ink here for a second the ones you should be focused on for this exam is cloud data loss prevention and security Command Center that's why I give them the icons here so they stand out okay so there you go [Music] hey this is Andrew Brown from exam Pro and we are looking at user protection services and this is like stuff that would be offered via Android or via the Chrome browser right so um you know not core to Google Cloud but you should know these things anyway so you've got phishing protection so help protect your users from phishing sites recaptcha Enterprise so help protect your websites from fraudulent activity spam and abuse web risk so detect malicious URLs on your website and in client apps but I thought this one was the most interesting is that if you want this I'm not a robot thing you can get that in Google Cloud okay and put it on within your apps okay [Music] hey this is Andrew Brown from exam Pro and we are looking at secure by Design infrastructure for Google cloud and this isn't exactly going to show up an exam but the idea here is it's going to help you understand to what level Google takes its security seriousness okay so we have operational device security so develop and deploy infrastructure software using rigorous security practices operation teams detect and respond to threats to infrastructure from both inside and external actors 24 7 365 okay internet communication Communications over internet to public cloud service are encrypted in transit network and infrastructure have multiple layers of protection to defend our customers against denials of service attacks for identity identities and users and services are strongly authenticated access to sensitive data is protected by Advanced tools like phishing resistant security Keys storage services so data stored in the infrastructure is automatically encrypted at rest and distributed for availability reliability guards against unauthorized access and service interruptions service deployment any application that runs on our info structures deployed with security in mind we don't assume any trust between services and we we use multiple mechanisms to establish and maintain trust infrastructure was designed to be multi-tenant from the start Hardware infrastructure from the physical premises to the purpose built servers networking equipment and customer security chips to our Custom Security chips to the low-level software stack running on every machine our entire Hardware infrastructure is Google controlled secured and hardened data centers so Google data centers features layered security with custom design electronic access cards alarms vehicle access barriers perimeter fencing metal detectors Biometrics laser beams okay laser beam intrusion detection their monitor 24 7 by high resolution cameras that can detect and track Intruders only approved employees with specific roles may enter continuous availability infrastructure underpins how Google Cloud delivers services that meet our high standards for performance resilience availability correctness security design operation and delivery all play a role in making service continuously available so hopefully that makes you confident in Google's security practices but there you go hey this is Andrew Brown from exam Pro and we are looking at compliance report manager this provides you with easy on-demand access to critical compliance resources at no additional cost really this is just downloadable PDFs that prove that gcp is compliant with various compliance and security standards so you don't have to log in to access this you just go to the compliance reports manager and it's not even in Google Cloud it's in the marketing websites and you just checkbox what you want and then you can go ahead and download that and read through it and see that they're being compliant okay [Music] hey this is Andrew Brown from exam Pro and we are going to look at a bunch of different compliance programs that Google is meeting not the most exhaustive list but the most popular and these will be the most popular with other cloud service providers and they're good to know okay so we'll work our way through here the first here we have is the iso and IEX uh or IEC these are commonly used together because one is international standards for software another one is like when you're using physical uh or physical devices like Hardware okay so we have control implementation guidance enhanced focus on cloud security protection of personal data in the cloud uh so we're talking about personally identify information Privacy Information Management System framework so outlines controls and processes to manage data privacy and protect uh pii I know ctOS are always going for the 2701 but the numbers are there to useful to remember so 27001 27017 27018 27701 and I do actually have these memorized because I that's how frequently they come up we have systems and organization control sock and there's three layers of socks sock one sock two sock three so sock one 18 standard and standards and report on the effectiveness of internal controls at a service organization relevant to clients internal control over their financial reporting I'm not hearing people going after sock one but they're always going for sock two evaluates internal controls policies procedures that directly relate to security of a system at an organization stock 3 a report based on trust service criterias that can be freely distributed yet here 2701 a bunch and sock 2 a bunch okay PCI DSS so payment card industry data security standard a set of security standards designed to ensure all companies that accept process store and transmit credit card information maintain a secure environment you got fips so federal information processing standard 140 hyphen two so us and Canadian government standard that specifies the security requirements for cryptographic modules to protect sensitive information this one's one you're going to want to remember when you're using a clusters provider that stores cryptographic Keys they're going to be fips 142 and it's either going to be for multi-10 or single tenant I think if you're doing like a cloud HSM which is a single tenant it's going to have fips 140 hyphen 3 okay which is better it's more more strong okay we got the personal health information protection act so pH IPA I'm in Ontario so this one's pretty relevant to me but it's just an example of one that's outside the standard HIPAA one okay we have HIPAA so health insurance portability accountability act this is a U.S federal law that regulates patient protected health information we have CSA so this is an independent third-party assessment of a cloud provider security posture uh we have uh fedramp so Federal risk and authorization Management program we spent more time with this earlier on in the course so U.S government standard size approach to security authorizations for cloud service offering so how the government works with the cloud criminal justice uh Information Services so cjis any U.S state or local agency that wants to access FBI's cjis databases required to adhere to the cjis security policy then we have the general data protections regulation gdpr so a European Privacy Law imposes new rules on government companies governments agencies non-profits other organizations that offer good secure services to people in the European Union or collect and analyze data tied to the EU residents you want to know gdpr you want to know fedramp okay so there you go foreign hey this is Andrew Brown from exam Pro and we're going to look at privacy and transparency for Google and this is more just to communicate uh the practices they do for these things okay not necessarily going to show up your exam but something you should know at the fundamental level when you're convincing the executives why to use Google Cloud okay so Google Cloud Enterprise privacy commitments describe how we protect the privacy of Google Cloud platform and Google workspace customers so you control your data customer data is your data not Google's we only process your data according to your agreements we never use your data for targeting so we do not process your customer data to create ads profiles or improve Google ad products which it kind of feels a bit um I feel like Google's probably done it in the past but they don't do it anymore at least we are transparent about our data collection and use we're committed to transparency compliance with regulations like gdpr and privacy best practices we never sell customer data or service data we never sell customer the third parties security privacy our primary design tier for all of our products prioritizing the privacy of our customer means protecting the data you trust us with we build the strongest security Technologies into our products Google provides resources on privacy regulations such as LG ped gdpr CCPA the Australian Privacy Act my number act p-i-p-e-d-a and a bunch more for transparency Google has trust principles you own your data not Google Google does not sell customer data third parties Google Cloud does not use customer data for advertising all customer data isn't encrypted by default we guard against Insider access to your data we never give any government entity backdoor access our privacy practices are audited against International standards so there you go [Music] hey this is Andrew Brown from exam Pro and we are looking at Cloud armor and to understand the service we need to know what a distributed denial of service attack is a DDOS attack so a malicious attempt to disrupt normal traffic by flooding a website with large amounts of fake traffic so you got an attacker one site and a victim on the other side and the internet sits between them so what the attacker does is they use a bunch of remote machines and they issue commands to those machines and tell those machines hey go produce a bunch of spoofed data and send it over the internet and it's going to go towards the victim now the great thing is if when you're using a cloud service provider you're within their Network they generally have built-in DDOS protection now what's unusual with gcp is They Don't Really call that out very clearly but I'm sure that they have some layer of built-in DDOS protection but the service that provides you know more robust DDOS protection is going to be Cloud armor now Cloud armor is a bit different from other cloud service providers in that it does DDOS protection and it's also a web application firewall these are usually separated as two different services and other providers gcp decided to roll it into one some of its feature sets are IP based and geo-based access controls support for hybrid and multi-cloud deployments adaptive protection detect and mitigate attacks against your Cloud load balancing workloads predefined WAFF rules to mitigate oauth's top 10 risks named IPL lists Rich rule language for web application firewalls visibility and monitoring and Cloud armor has two tiers you got the standard so pay as you go and manage Protection Plus starting at three thousand dollars a month pretty standard to see those two tier prices for DDOS protection not that standard to see these two tools rolled into one but that's just how they do it okay [Music] hey this is Andrew Brown from exam Pro and we are looking at private Cloud which allows you to package Google Cloud resources into service offerings that can be made available and discoverable in a catalog internally to your organization to quickly deploy governed stacks and workloads so this is what the catalog would look like the idea is that you would build different kinds of products within this catalog or workloads whatever you want to call them stacks and the idea here is uh you would apply permissions to say who in your organization is allowed to launch them and so this is a great way to stay compliant because you have these workloads that you uh your uh your developers or your engineers have made sure that are safe to be used within your organization and then it allows your departments to just um procure resources they need uh okay so there you go [Music] this is Andrew Brown from exam Pro and we are looking at security Command Center and this is a centralized security and risk management platform for your Google Cloud resources so there's a lot that you can do in here I don't know if you can make it out but you got threat detectors VM patching cryptographic Keys binary authorization security standards you might notice these terms as we're listing through them very very quickly so there's a lot of stuff that lives within this Command Center that you can do three things I want to highlight that could be relevant to your exam is asset Discovery and inventory so inventory and historical information about your Google Cloud resources threat detection so audits your Cloud resources for security vulnerabilities threat prevention fixed security misconfigurations with single click remediation if the exam is asking you which service has a holistic view or everything in one place to do stuff for security this is the service okay [Music] hey this is Andrew Brown from exam Pro and we're looking at Google cloud data loss prevention so dlps detect and protect sensitive information within gcp's storage repositories so we're looking at personally identifiable information so pii so any data that can be used to identify a specific individual really great example here is of McLovin from a movie from 10 years ago he has a fake ID here but it gets the point we're talking about uh you know driver's licenses government IDs passports email address mailing address birthdays any of that kind of personal identifiable information then there is protected Health informations phis this is very similar except we're talking about the identity health information about a patient some of its features of DLP here it provides tools to classify mass tokenize and transfer sensitive data support for structured and unstructured data create dashboards and audit reports automate tagging remediation policy-based findings connect DLP results into the security Command Center data catalog or export to your own security information and event management system Sim or governance tool schedule inspection jobs directly in the console UI over 120 built-in information types so info types and info types Define what sensitive information can be scanned so there you go [Music] hey this is Andrew Brown from exam Pro and we are looking at beyondcorp for the Google Cloud so the zero trust model operates on the principle of trust no one verify everything and so the idea here is malicious actors are being able to bypass conventional access controls demonstrating traditional security measures are no longer sufficient so beyondcorp is Google's implementation of the zero trust model and it's going to allow us to do things such as single sign-on Access Control policies access proxies user-based authentication device based authentication authorization and by shifting access controls from the network perimeter to individual users beyondcorp enables secure work from virtually any location without the need of a traditional VPN so the principles here for Beyond Corp are access to Services must not be determined by the network from which you connect access to Services is granted based on contextual factors from the user and their device access to Services must be authenticated authorized and encrypted okay so a zero trust model puts identity as the primary security parameter because remember we shift that over to the users away from traditional firewalls to be protected Beyond Corp is just itself is just a collection of identity access and Security Services to meet the zero trust model requirements okay so that's where it gets confusing because there's Beyond Corp Enterprise which actually is a service and beyondcorp is more of a conceptual idea of these uh identity access and Security Services okay so the idea is that we have apps and data so web apps virtual machines SAS applications infrastructure apis we're trying to restrict control access to these things to mitigate security risks right and so on the left hand side we have um user trust and device trust right then this is where we're going to be looking at their identity and their behavior for devices it's identity and the posture posture being the conditions and in which the environment they're in right so the idea is that they're going to come into the Google Network through a global front front end and this is where we're going to get context location and time so that could be extracting information like the IP the location the region the session age the time the device type things like that we're going to pass that through a rules engine and then from there we have an enforcement point where it makes further decisions before it acts as our apps and data so this is generally the idea of a zero trust model okay and this is kind of the rough outline of where beyondcorp is going to be the idea here is that we now incorporate services so here we're using Cloud identity this is for endpoint verification this is just Google's front end this isn't a service in particular this is just the Google Network okay then you have access contacts manager and then for enforcement points we have Cloud IAP Cloud IAM Cloud identity VPC service controls I've highlighted the three in yellow because to me that's really what beyondcorp is it's adding those three components into it but but basically Beyond Corp is the collection of all these Services working in this model okay [Music] hey this is Andrew Brown from exam Pro and we're going to be looking at a few Services here that our identity but I put them in the security section to kind of group them close to Beyond Corp uh so the first is access context manager so access content manager allows Google Cloud organizations admins to Define find grade attribute based access controls for projects and resources in Google Cloud so access context manager keeps mobile forces you uh forces that are utilizing bring your own devices secure okay so you create an access policy and to determine what level of access based on attributes such as device type operating system IP address user identity and so the idea here is if it's a little bit hard to see but the idea here is that you're going to name it so I say high axis level and then I can say Okay I want to restrict to this IP range in this region you can even have device policies and additional information you'll get that output and that's the way you'll have to control it now at high or access level doesn't do much on its own we have to mix that in with a VPC service control so that's what we'll look at next [Music] hey this is Andrew Brown from exam Pro and we are looking at VPC service controls and these allow you to create a service parameter and service parameters function like a firewall for gcp apis so the idea here is you can go here and say okay this parameter is going to be just for these projects and just for these particular services and then you can even apply access levels that's where access levels come into play and you have Ingress policies and and egress policies now I just want to point out that I kept on saying the word access policies and uh Google really makes it think that you create these by yourself but they actually are automatically created for you when you create an access level service parameter or the IAP is turned on they cannot be directly managed by the customer so confusing in the documentation and I was looking for everywhere for this but I guess they're just kind of like there um but that's your Net's not going to find access controls okay [Music] hey it's Andrew Brown from exam Pro and we are looking at Cloud identity aware proxy IAP so IEP lets you establish a central authorization layer for applications accessed by https so you can use an application Level Access Control model instead of relying on a network level firewall so you can Define access policy essentially and apply them to all of your applications and resources using IAP when you want to enforce Access Control policies for applications and resources so the idea here is that you go in there they have for HBS SSH and TCP resources and so um it's only for a particular services for app engine compute engine https load balancer but what you'll do is you'll go on and say I want to enforce IAP for this particular thing and then you can open up this menu and say okay I'm going to add these people with this role for this particular service so there you go [Music] hey this is Andrew Brown from exam Pro and we are looking at Beyond Corp Enterprise and this is a zero trust model platform uh the idea here is that you can enable it and through the Chrome browser Cloud management you can protect against threats such as malware and phishing for your Chrome users as they download and upload files uh Beyond Corp Enterprise is built into the Chrome browser with no agent required and so you might get some visuals like this saying like Okay who's at risk for which users what domains some summaries of things like that so beyond Corp Enterprise does identity and context aware access controls policies based on user identity device health contextual factors integrated threat data protection prevent data loss stop common threats real-time alerts detailed reporting support your environment Cloud on-premise hybrid access saps apps web apps Cloud resources wherever easy adoption with our agentless approach non-disruptive overlays to your existing architecture no need to install additional agents talking about Chrome right rely on Google Cloud's Global infrastructure scale reliability security of Google's networks 144 Edge locations and over 200 countries and territories so there you go that's beyond Corp Enterprise but don't get mixed up with beyondcorp which is just a collection of services this is a whole different Beast okay [Music] hey this is Andrew Brown from exam prep and we are looking at the concept of a directory service so a directory service Maps the names of network resources to the network addresses and our directory service is shared information infrastructure for locating managing administrating and organizing resources such as volumes folders files printers users groups devices telephone numbers and other objects a directory service is a critical component of a networking operating system and a directory server also known as a name server is a server which provides a directory service each resource on the network is considered an object by the directory server information about our particular resource is stored as a collection of attributes associated with that resource or object so very well known directory Services would be a DNS so domain name service this is the directory service for the internet so you don't know it but you're using it right now there's Microsoft active directory this is basically the industry standard for uh most or almost all organizations in the world underneath you have Azure active directory also known as Azure ID this is a managed service on the Azure Cloud there's Apache directory server Oracle has their own there's open uh ldap Cloud identity which is Google's identity as a service provider and then you have jump Cloud which is a one that is kind of an agnostic one where you can connect a bunch of directories to it okay so there you go [Music] hey this is Andrew Brown from exam Pro and we are looking at Cloud identity and this is identity as a service by Google Cloud that centrally manages users and groups so you get a bunch of stuff in here like user lifecycle management account security single sign-on Cloud directory device management reporting analytics App Management accessible through apis does a bunch of stuff and the idea here is to Confederate things between Google Cloud active directory Azure ID and many more directory Services you can manage access and compliance across all your all users in your domain you can create a cloud identity account for each of your users and groups then you can use identity access management so I am to manage access to Google Cloud resources for cloud identity account if you want to give someone access to your Google Cloud without having a Google workspace account so not having a Gmail and the g Suite this is what this is what you would do is use cloud identity so that it could just get access to just Google Cloud so there are two versions of cloud identity we have free and premium and there is a lot of features here but let's just run through it so you get the idea or the the scope of what cloud identity can do so it can handle device management and the free version we have basic mobile management directory or device inventory basic password passcode enforcement remote account wipe uh Android Apple iOS in the premium you get Advanced Mobile management Advanced passcode enforcement security policies application management Network management Remote device wipe reporting application auditing company-owned devices mobile audit MDM rules so that would be mobile device management rules okay for directories you have in the free basic directory management organizational units and groups and they're unlimited that's pretty standard in all directory Services admin managed groups groups for business Google Cloud directory sync which will give closer attention to later on admin roles and privileges Google admin app for Android Google admin app for iOS just showing you works on both admin SDK API so you can pragmatically work with the directory secure ldap for the premium we have user lifecycle management and there's no user cap on this secure ldap uh I guess it's in both so maybe we don't have to list them both there single sign-on and automated provisioning so for free we have a setups SSO using Google as identity provider to access pre-integrated list of third-party saml apps set up SSO using Google as an ipd to access custom saml apps set up SSO using a third-party ipd with Google as a service provider for premium we have automated user provisioning for security we get user Security Management self-service password recovery which is a great feature Azure ad also has it so I really like this two-step verification so I guess that's multi-factor including security key management we have enforcement control so with security key enforcement and management password management and strength alert for premium first party session management Google security Center for reporting we get admin login saml groups token audit logs security reports saml logs app reports account active activity reports for premium you here we get device audit logs Auto export audit logs to bigquery and you get an SS or SLA of 99.9 of Premium so here you can see it does a lot you don't need to remember all the stuff for the exam but you know if you're going to take anything away from here just understand that Google Cloud directory sync is a subservice of cloud identity okay [Music] hey this is Andrew Brown from exam Pro and we are looking at active directory now this isn't a Google service per se but the thing is no matter what you're using no matter the cloud service provider you'll want to know active directory inside and out because it's fundamental knowledge and most Enterprises are using it and now with everyone going towards a zero trust model uh you know identity and active directory just go hand in hand okay so we're going to put some extra attention here on this one so Microsoft introduced active directory domain services in Windows 2000 to give organizations the ability to manage multiple on-premise infrastructure components and systems using a single identity per user so here's the big architectural diagram that I created so the idea is that you have your your Enterprise which is the forest here and these are made up of domains a domain is a is a means to host these different uh directory services and it's also the means to which people authorize or authenticate to your directory okay so the idea is that you can think of remains as actual servers and you're going to have to have to have redundant ones because if the main one goes down you'll want to make sure people can still log in and do their business and you might want domains that are closer to the region to which they are authenticating so things are very very fast that's why we're seeing a lot more here than just a single one okay when we look inside of a domain doesn't matter if it's a child or domain we have organizational units these are just ways of structuring maybe departments or things like that and with organizational units we have objects and so objects could be groups users printers servers devices we saw a larger list when we listed out directory service so we don't need to go through it but the idea is that it's just basically things within your network okay then we have active directory domain Services uh shortened to adds so these are the services or that consist of multiple directory Services all right I know it gets confusing because there's directory service and then there's directory services but these are services within a directory service if that makes any sense so domain Services these are the foundational foundation stone of every Windows domain Network stores information about members of The Domain including devices users verifies the credentials and defines the access rights the server running this service is called a domain can controller all right so usually when we talk about the actual server that people are calling them domain controllers all right so some of the services that can be found within active directory would be active directory L lightweight directory service so this is an implementation of ldap protocol for Azure directory domain services and we're going to definitely talk about ldap in this course we have active directory certificates services so it establishes an on-premise public key infrastructure create validate revoke public key certificates for internal uses all right we have active directory Federation services so a single sign-on we talk about single sign-on in this course too so users may use several web-based Services network resources using only one set of credentials stored at a central location we have active directory Rights Management Service this is a server server software for information Rights Management shipped with Windows Server uses encryption and a form of selective functionality denial for limiting access to documents there's a bunch of terminology for active directory I want to get you used to it so let's go through it domain is an area of a network organized by a single authentication database and an active director domain is a logical grouping of 80 objects of a network a domain controller is a server that authenticates user identities and authorizes their access to resources so this is The Logical grouping this is the actual server that does the work a domain computer is a is a computer that is registered with a central authentication database a domain computer would be an 80 object an 80 object is the basic element of an active directory of active directory such as users groups printers computers shared folders gpos Group Policy objects is a virtual collection of policy settings it controls what 80 objects you have access to organizational units is a subdivision within an active directory into which you can place users groups computers and other organizational units very common to make your departments out of OU's directory service such as active directory domain service provides the methods of storing directory data and making the data available to the network users and administrators a directory service runs on a domain controller so you know hopefully you have some kind of idea what active directory is but yeah that's the quick crash course okay [Music] hey this is Andrew Brown from exam Pro and we are looking at managed service for Microsoft active directory and this is just active directory hosted on the Google Cloud platform why would you want to do this when you have Cloud identity well there's just a lot of Rich features within active directory that a cloud identity doesn't have or maybe your team is used to using active directory you can use cloud identity and active director together because you can just Federate your active directory over to Club identity but traditionally active directory has always been hosted on premise however a lot of people are shifting to the cloud because you just don't have to deal with those servers anymore so there is a use case for this I think a lot of people if they're going to be using a managed active directory they're going to use Azure ad just because Azure or Microsoft is the best at it but other clusters providers such as AWS and gcp will give you a managed version of active directory so compatibility with 80 dependent apps so runs real Microsoft ad controllers uses standard active directory features so gpos remote server Administration tools virtually maintenance free so high availability High availability automatically patched configured with secure defaults protected by appropriate Network firewall rules seamless multi-region deployment so simply expand the service to additional regions while continuing to use the same managed 80 domain hybrid identity support So support your on-premise ad domain to Google Cloud deploy a standalone domain for your cloud-based workloads so there you go [Music] hey this is Andrew Brown from exam Pro and we are looking at the concept of identity providers also known as ipds and so a system entity that creates maintains and manages identity information for principles and also provides authentication services to Applications with a federation or distributed Network a trusted provider for your user identity that lets you use authenticate to access other services identity providers could be things like Facebook Amazon Google Twitter GitHub and Linkedin so Federate identity is a method of linking a user's identity across multiple separate identity management systems and the way you're going to do this is via openid so open standard and decentralized Authentication Protocol so this is your ability to be able to log into a different social media platform using Google or Facebook account openid is all about providing who you are you have oauth 2.0 this is the Indus industry standard protocol for authorization of oauth doesn't share password data but instead uses authorization tokens to prove an identity between consumers and service providers oauth is about granting access functionality and I put these in the lineup because you know what I even get these two mixed up but they go hand in hand alright so providing who you are about granting access to functionality then you have saml so security assertion and markup language is an open source or open standard for exchanging authentication and authorization between an identity provider and a service provider an important use case for saml is single sign-on via the web browser and that's the reason we're bringing up saml is so that we can talk about single sign-on [Music] hey this is Andrew Brown from exam Pro and we are taking a look here at single sign-on also known as SSO and this is an authentication scheme that allows a user to log in with a single ID and password to different systems and software so SSO allows it departments to administer a single identity that can access many machines and cloud services so here on the right hand side is the many things that we want to access and on the left hand side we have our directory service in this case it's Azure active directory and we have a user that wants to connect with a single username and password to all the stuff so through the saml protocol which we covered in the last slide we can do single sign-on to all of these services and the key thing to remember is that SSO is seamless so once the user logs into their primary directory they don't have to keep on entering their passwords in it's just going to seem like they they're already logged in when they visit these resources okay [Music] hey this is Andrew Brown from exam Pro and we're taking a look here at lightweight directory access protocol ldap is an open vendor neutral industry standard for application protocols for accessing and maintaining distributed directory information Services over IP and networks so a common use of ldap is to provide a central place to store users and usernames and passwords ldap enables for same sign-on so same sign-on allows users to use a single ID and password but they'll have to enter it every single time they want to log in this idea is you might have an active directory server on premise and it's going to synchronize with an ldap directory so you can get access to things to like Google Cloud kubernetes Jenkins and you're noticing that I'm not listening out generic web apps these are more kind of like heavy duty workloads because that's where ldap kind of uh is used a lot okay so why use ldap when SSO is more convenient because SSO you don't have to enter your password and username every single time well the thing is SSO systems are often built on top of ldap but ldap was not designed evenly to work with web applications so you don't do single sign-on with ldap and a lot of times you just don't see direct integration with them so you'll see ldap more on on premise or using devops workloads like kubernetes or Jenkins so some systems only support integration with ldap and not SSO so it's just times when you have to use it okay [Music] hey this is Andrew Brown from exam Pro and we are looking at Google Cloud directory sync so enables administrators to synchronize users groups and other data from an active directory ldap service to their managed service for ad for Microsoft active directory within Google so it's just a synchronization service um and so this one will show up on the exam for sure so make sure you know what it is so you can choose it correctly okay [Music] hey this is Andrew Brown from exam Pro and we are taking a look here at service level agreements also known as SLA so an SLA is a formal commitment about the expected level of service between a customer and a provider so when a service level is not met and if customer meets its obligation under SLA customers will be eligible to receive compensation so Financial or service credits you can think of them as store credits because you can use them towards uh the most uh the services provided by the CSP whether it's compute storage databases Etc but there will be sometimes exceptions so maybe like registering domains because that actually costs money okay so then you have service level indicators so slis this is a metric or measurement that indicates what measure of performance a customer is receiving at a given time a SLI metric could be uptime performance availability throughput latency error rate durability and correctness then you have slos so service level objects that is the objective that the provider has agreed to meet so slos are represented as a specific Target percentage over a period time so an example here could be availability SLA of 99.99 in a period of three months Target percentages uh that you commonly see are 99.95 99.99 99.9999999999999 and so that is not nine nines after the decimal point so we'll say nine nines of availability nine nines of durability then you have one that's for 11. so you'd say like nine elevens of durability and so the idea here is that the SLA contains slos right and these are at the service level and then the slos are based off of the slis okay [Music] hey this is Andrew Brown from exam Pro and we're going to go through the slas for Google Cloud platform now it's in the exam guide but it doesn't really show up on the exam so uh I don't think you have to pay close attention here and this is really boring because we're just going to list out a bunch of numbers but you know maybe you'll remember some that are 95 and some that are 99 and that might help you on the exam so let's get to it so for compute engine uh and mostly I think all of these are going to be in the monthly and generally for uptime but for covered Services instances in multiple zones 99.99 single instance 99.5 percent load balancing 99.99 then what we have here is uh Cloud SQL and Cloud functions it's a monthly uptime of 99.95 for bigquery and app engines it's uh monthly uptime for 99.99 for cloud storage it's going to vary based on the type of storage but standard storage in multi-region dual region is going to be 99.95 standard storage in Regional location for cloud cloud storage near line cold line multi-region dual region is going to be 99.9 percent near a line or cold Line storage class and region location cloud storage is going to be 99.0 percent that's because of the the durability is reduced you're paying for uh like I mean like it's cold line you're not going to access it very often so it's less of a problem but that makes sense why it's lower for cloudnet this one is just the outlier where it's 99.9 percent uh and then AI platform training prediction is 99.95 it's like the one up here I should have grouped it up here but I didn't uh so for big cloud bigtable we have a bunch of different values so if it's multi-cluster routing so 99. triple nines if it's less than uh or fewer than three regions it's just two nines single cluster routing policies 0.9 zonal instance 0.9 for apogee uh and it's very unlikely they'll ever ask you slas for apogee on the exam but we have them here anyway so for standard 99 for Enterprise 99.9 for Enterprise Plus 99.9 percent for cloud spanner uh you have uh three nines of durability for multi-region and then we have two nines for regional instance so there you go [Music] hey this is Andrew Brown from exam Pro and we are looking at gcp support plans so we got basic standard enhanced premium and then uh just for cost this one's free this one's 29 bucks this one's 500 and this one uh you have to contact sales so this is premium is your Enterprise support enhanced is your business support when you're looking at AWS or Azure they'll charge a hundred dollars but for some reason gcp charges five hundred dollars I think that is not smart on their part because it really makes it hard for adoption when you are a small to medium company no idea why they did that but that's just what it is okay so uh you get unlimited access to support for standard enhanced and premium they just mean like I guess to access the platform I I would think that it's unlimited across the board but that's just how they display it there for billing support that's asking billing queries you can use email phone or chat in terms of response time uh standard is uh priority two so the the larger the number the lower the priority okay priorities 0 is is the highest right so you can expect a four hour response here and enhance support you're looking at one hour response and for premium you're looking at 15 minute response times uh but I mean this varies based on this is when you actually have a severe issue so it's not for general questions okay for technical support you can only do email with standard and this is pretty common like with either Azure or AWS they'll call it the standard will be just called developer support so yeah it's just emails and you're looking at pretty much a 24-hour response time for that and for technical support for enhanced and premium you got case emails and phone so that is a um I don't know if they have chat because I I didn't really want to pay for 500 to find out if they had chat but I've definitely experienced chat via billing support and it's pretty darn good but if you want to get on the phone for someone you got to be paying a lot more uh for eight out of five uh response for high impact issues uh so 8 out of five means um eight hours out of the day so your standard at five days a week so that's your standard work week 24 7. so anytime you want to ask a question uh they're gonna be able to help you out okay you only get English support and standard if you need Japanese Mandarin Chinese or Korean uh that's an enhanced support and premium support and so some of the features that are found in both enhance and premium is a active assist recommender API third-party support Cloud support API technical support escalation for enhanced support you get access or you can purchase additionally technical account advisor advisory service taas in premium support you get a tam so a technical account manager and so that is a person that is assigned to you you get event Management Service Opera operational Health reviews customer aware support new product previews training credits and access to purchase Mission critical services so so you can see there's a lot of stuff here in terms of the exam I didn't see a single question about like what support plan does what which I was shocked because when you do AWS and Azure you see that kind of stuff there um it's definitely on the exam guide so I don't know why I didn't see any questions and people all the other people I asked never saw those questions either maybe they'll add them in the future so it's worth knowing this page I think in terms of all these feature sets they're definitely not going to ask you them on the exam but we're going to cover them anyway all this stuff here because I think that if you are learning fundamental knowledge and you want to convince your stakeholders you know why to use gcp you want to know the full offering of support okay [Music] hey this is Andrew Brown from exam Pro and we are looking at active assist recommender so active assist is a portfolio of intelligent tools and capabilities to actively assist you in managing uh complexity in your Cloud operations uh so make improvements easily prevent mistakes from happening find out what went wrong quickly and so here on the right hand side is a recommendation where it's saying this is my current configuration but it's recommending that I reduce this instance to six feet pcus and 20 Gigabytes so I can save a bunch of money so three activities is making proactive improvements to your cloud with smart recommendations preventing mistakes from happening in the first place by giving better analysis helping you figure out why something went wrong by using intuitive troubleshooting tools if you use something like trusted advisor in AWS or Azure it's the same thing okay [Music] hey this is Andrew Brown from exam Pro and we are looking at Cloud support API and this allows you to integrate Google Cloud's customer care within your organization's CRM so the API supports create and manage support cases list create download attachments for cases list and create comments and cases and so the the cloud support API is available to customer cares with enhanced or premium support so why would you want this well if you have your own CRM right so you use a CRM to have your own cases for customers allows you to kind of centralize all of your case information in one place so that you don't have to have your users or your support team go out and make cases in Google Cloud that you can just integrate directly into a single platform and this is a very unique offering I haven't seen this on AWS I haven't seen this on Azure so this is pretty cool that gcp does this [Music] hey this is Andrew Brown from exam Pro and we are looking at third-party Technology support for Google Cloud support okay so which third party with hey this is Andrew Brown from exam Pro and we are looking at third-party Technology support uh for Google Cloud so support will assist you with integrating non-google services and open source technologies that are running on or integrating with Google cloud services and we got three approaches to delivering third-party Technology support so we have collaborative support So Google Cloud partners with other companies to create joint support experience so NetApp Cloud volumes for Google Cloud IBM power F5 Network beat b-i-g-i-p Dell Technologies data Stacks uh Astra data bricks so what Google is saying is that they have Partnerships with these companies and so when it comes to supporting these particular providers they can directly go to the people that make it to get you the best support for it for workload Centric support Google cloud has expertise in a variety of third-party Technologies and consists with the setup configuration troubleshooting of those Technologies so it's just that they're working with stuff every day all day so you know it's just they accumulate that knowledge third-party support So Google Cloud provides commercially reasonably assist with installation configuration and troubleshooting of third-party software so operating systems databases web servers devops tools SQL servers third-party support is available to customer care with enhance or premium support so this is really good because you know if you use Ruby on Rails Ruby on Rails isn't a Google Cloud thing but it's nice that they'll take their best effort or reroute it to someone that has domain knowledge within their support teams but there you go [Music] hey this is Andrew Brown from exam Pro and we're looking at technical account advisory service and this provides proactive guidance and reactive support to help you succeed with your Cloud Journey so uh taas delivers the following services so guided onboarding to help you get started with enhanced support and set up your operations with Google Cloud best practices and additional support for the most critical cases including proactive monitoring and guidance on case escalation monthly quarterly yearly reviews to assess your operational Health across Google cloud and deliver recommendations for improving your usage of enhanced support recommended training paths and courses tailored to your organizational needs when you purchase Tas you pay a monthly fee with a minimum one-year contract after the first year your contract is month to month so third-party Technology support is available to customer care support with enhancer premium support so it's just something you can pay for additional on top of enhanced support or premium support just to get you know more guidance okay [Music] hey this is Andrew Brown from exam Pro and we are looking at assured support So this enables you to secure your regular workloads and accelerate your path to running compliant workloads on Google Cloud so for regulated workloads we have a Fed ramp moderate Technical Support Services U.S region and support Technical Services il4 Technical Support Services cjis Technical Support Services fedramp High technical support services so you can see there's a lot going on here so to help you meet your compliance requirements assured support ensures that your workloads are handled by Google support Personnel that possess certain attributes the supported Personnel attributes include Geographic access location us only background checks and U.S person statuses I imagine this goes along with assured workloads but I'm not too sure but uh yeah there we go foreign [Music] hey this is Andrew Brown from exam Pro and we are looking at Mission critical services so this assess and mitigates potential service disruptions for environments that are essential to an organization and cause significant impact to operations when disrupted to prepare you for this service Google Cloud analyzes your current operations and onboards you to Mission critical operations mode a mode standardized by Google the onboarding process includes the following assessing key elements of your mission critical environment including architecture observability measurement and control delivering a gap analysis to help you prepare for Mission critical operations bringing your organization into Mission critical operation modes to drive continuous Improvement of your environment through proactive and preventive engagement after you've onboarded you've received the following Services drills testing training for Mission critical environments customer-centric incident reporting proactive monitoring and case generation priority zero so P0 support case filing privileges with five minute response time War Room Incident Management impact prevention follow-ups so you can see this is a pretty darn serious service but it's only at the the top tier of support okay [Music] hey this is Andrew Brown from exam Pro and we are looking at Cloud aware support so this is a service that provides you with a jump start to resolving technical issues improving your premium support experience so while onboarding your organization to premium support your tan focuses on building customer aware of support So customer care creates customer wear support by learning about and maintaining information about your architecture Partners Google Cloud projects and this information ensures that your technical support Engineers can resolve your support cases promptly and efficiently okay [Music] hey this is Andrew Brown from exam Pro and we are looking at operational Health reviews so this helps you measure your progress and proactively address blockers to your goals with Google Cloud so the reviews serve as a regular touch point with your Tam where you can discuss various topics related to your customer care experience including the efficiency of cloud operations including support Trends analysis of Trends and operational metrics incidents case escalations and outages tracking of open cases staff status reports of high priority Cloud projects so there you go [Music] hey this is Andrew Brown from exam Pro and we are looking at premium support event management service for plan Peak events such as product launch major sales events and with this Service Customer Care Partners with your team to create a plan and provide guidance throughout the event so with event management service your team is supported with the following tasks so preparing your systems for key moments and heavy workloads running disaster tests to proactively resolve potential issues developing and implementing a faster path to resolution to reduce the impact of any issue that might occur so after the event your Tam works with you to review the outcomes and make recommendations for future events to initiate the event management service for an upcoming event contact your Tam but there you go [Music] hey this is Andrew Brown from exam Pro and we're looking at training credits for premium support so you'll receive training credits for Google Cloud Quick Labs we'll talk about quick labs in a moment that you can distribute to your users in your organization your Tam identifies learning opportunities and indicates which training resources can be most beneficial to your organization with this training your developers have resources to find answers quickly and test out ideas in safe environments so for a one-year contract with premium support you get 6250 credits so just to talk a bit about quick Labs it is a platform that allows you to run Labs so the idea is that it can provision resources for you so you don't have to worry about making a mistake or getting over billed and it'll have a checklist that you can go through to do that so labs are becoming very common with cloud service provider or sorry like training providers even myself I have lab systems but this is one that is owned by Google so they used to have I mean they do they had stuff for AWS Azure gcp but now that Google's bought it it's a lot more Google focused and also they have some free stuff there there's actually ones included for this digital Cloud leader course and they're not very good none of the content is really covered in so those ones in particular aren't very good but that doesn't mean there's not a lot of great content on there so you might want to go check that out okay [Music] hey this is Andrew Brown from exam Pro and we're looking at new product previews so for premium support customers you have access to previews of new Google Cloud products by proving a product you have an opportunity to prepare your architecture for a new solution before it becomes more broadly available to the market with your organization's goals and Minds your Tam analyzes your Google Cloud projects and usage to identify opportunities to test and use new products and solutions when your Tam identifies an opportunity they introduce you to product teams and you help you gain access to preview as you test the product your Tam also shares your feedback with the product team in addition to working with Tam you can request and manage access to previews via Cloud console in the cloud console you can check the status of your request and manage which users and organizations have access to previews having access to previews is not a big deal I mean like if you use Azure they actually make it very easy for anybody to test out previews and they're rolling that stuff out all the time for AWS you can see previews if you're part of the community Builders program it's not that hard to get in but you have to be a bit active in AWS where you get direct access to people building out the products and seeing the product so it's a bit odd that Google does it this way where it's only for their premium customers but at least they know that people that are Enterprises paying a lot of money they're going to give really good feedback so maybe it's part of their strategy and it works for them [Music] hey this is Andrew Brown from exam Pro and we're looking at technical account managers also known as Tam I swear we covered this somewhere else but I don't remember where so if it's covered twice that's okay because this one is more of the textbook explanation that Google gives you and I imagine the other one was just me kind of describing tams in general so as a premium support customer you are assigned a technical account manager and also known as a tam and a technical account managers are trusted technical advisors that focus on operational rigor platform Health architectural stability for your organization so Tam support and guide you through in the following ways they can assist you with onboarding to premium support assess your Cloud maturity and works with you to create an adoption roadmap and operational operating model advises you on best practices for Google Cloud delivers frequent operational Health reviews connects you with a technical experts product managers support and Engineers works with you on support cases case escalation high priority cases your Tam will analyze the incident at find the root causes by default you'll receive eight hours per week of foundational technical account management Services if you require more assistance you can purchase additional Tam services but there you go that's the tab and only at the premium support the Enterprise level [Music] hey this is Andrew Brown from exam Pro and we are looking at Cloud buildings account which is used to define who pays for a given set of Google Cloud resources as connected to a Google payments profile so over here on the right hand side you can see that link so projects are going to be going to your billing account and then your billing account is linked to a payment profile uh if you want to see uh that you can create multiple underpayment profile you create multiple uh billing accounts so here's just a single one but it's very easy to create multiples so building account includes one or more billing contacts predefined in a payments profile Billings can have sub accounts for resellers so you can build resources to be paid by your customer so let's compare the two so that we fully understand these two offerings okay so for cloud billing account it is a cloud level resource managed in the Google Cloud console tracks all of the costs charges and usage credits incurred by the Google Cloud usage a cloud billing account can be linked to one or more projects projects usage is charged to the linked billing billing account results in a single invoice per Cloud billing account operates in a single currency defines who pays for a given set of resources is connected to a Google payments profile which includes payment instructions to find how you pay for charges has billing specific roles and permissions to control accessing and modifying billing related functions so establish I am so on the payments profile side we're over here now it is a Google level resource managed at payments.google.com connects to all of your Google services such as Google ads Google Cloud Phi phone service processes payments for all Google services not just Google Cloud stores information like names address tax ID when required legally or who is responsible for the profile stores your various payment instruments so credit cards debit cards bank accounts other payment methods will be used to buy through Google in the past functions is a document Center where you can view invoices payment history and so on controls who you can view and receive invoices of various Cloud billing accounts and products so hopefully that is clear on the exam they're not going to ask you to choose out of these at a lineup so I wouldn't worry about that it's just more for your benefit okay [Music] hey this is Andrew Brown from exam Pro and we are looking at billing account types so there are two types of cloud billing accounts we got self-serve or online accounts payment instrument is a credit or debit card ACH uh direct uh debit depending on the availability in each country or region costs are charged automatically to the payment instrument connected to the cloud billing account you can sign up for self-serve accounts online the documents generally for the self-serve account include statements payment receipts tax invoices that are accessible to Google Cloud console then you have invoice or offline accounts so payment instrument can be a check or wire transfer invoices are sent by mail or electronically invoices are also accessible in the cloud console as our payment receipts you must be eligible for invoice billing and you can learn more about it somewhere in the documentation so that's kind of interesting I don't know I don't remember seeing whether AWS or Azure had that but it's cool that you can do that kind of offline method for payment profile types there's two as well we got individual so uh you're using your account for your own personal payments if you register your payment profile as an individual then you can only manage the profile you won't be able to add or remove users or change permissions on the profile and then we have business you're paying on behalf of a business organization partnership or educational institution you use Google payment center to pay for play apps games Google services like Google ads Google Cloud Phi phone service a business profile allows you to add other users to a Google payment profile you manage so that more than one person can access or manage payment profiles all users added to a business profile can see the payment information on that profile so there you go [Music] hey this is Andrew Brown from exam Pro and we are looking at charging Cycles so for self-serve Cloud billing accounts your Google Cloud chart costs are automatically charged in one of two ways so you either have monthly billing so costs are charged under regular monthly cycle or threshold building costs are charged when your account has occurred a specific amount for self-serve Cloud billing accounts your charging cycle is automatically assigned when you create the account you do not get to choose your charging cycle and you cannot change the charging cycle for invoice uh collab billing accounts your typical receive one invoice per month and the amount of time you have to pay your invoice so your payment terms is determined by the agreement you made with Google so there you go [Music] hey this is Andrew Brown from exam Pro and we're looking at Cloud billing IM roles so Cloud billing lets you control which users have administrative and cost viewing permissions for specified Resources by setting identity and access management so I am policies on the resources so to Grant or limit access to Cloud billing you can set an IM policy at the organizational level the cloud billing account level or the project level cloud billing roles in IEM include billing account creators so this creates a new self-serve online billing accounts billing account administrator manage billing account so but not be able to create them billing account users so link projects to billing accounts billing account viewers so view billing account cost information and transactions project billing manager so link and unlink the project to and from a billing account billing account cost manager so I can view and Export cost information of billing and the documentation here I've just pulled up one this is for uh Billings admin it just shows you all the permission that are possible okay so stuff I just this is basically a condensed list of all this information all these descriptions and stuff but if you want to have an idea of exactly what you have access to you can see that there okay [Music] hey this is Andrew Brown from exam Pro and we are looking at billing health checks and also budget alerts so Billy health checks are recommendations to avoid common billing issues so uh within your Billings overview you'll see this billing health checks and it'll say it'll either be read like saying look at these things here are some ideas and things that are good and so over if you click into that you can see a full kind of checklist the first recommendation is to go ahead and create a budget alert so this allows you to make multiple alert thresholds to reduce spending surprise is an unexpected cost overruns lots of great suggestions here but let's take a look more detail at budget alerts so you can narrow down the budget scope to specific projects or specific resources you're going to go ahead and provide a value so here I say a hundred dollars notice that it draws a trend line so you can see where your spend is currently at and you can you set multiple thresholds that preemptively warn you when you approach your budget limits so here I'm saying uh fifty dollars ninety dollars a hundred dollars this is really nice because other cloud service providers what they'll do is you'll just set a a threshold to say a single threshold which is like 20 percent and if you wanted these incremented stuff you'd have to make multiple uh uh budget alerts or or plans or whatever you want to call any other csps but it would cost you more money whereas this one is just you can just do it all in one go which is really nice so notification options so email alerts to billing admin users link monitoring email notification channels to the budget uh connect a pub sub topic to this account this budget so there you go [Music] hey this is Andrew Brown from exam Pro and I just want to show you how would you get to all the cool building features in Google Cloud console well you just go to billing in the drop down and from there you're gonna have a lot of options but the ones that Google wants to know and you definitely need to know these for the exam are the built-in billing reports there's four that they have in mind so there's billing reports so an interactive pricing Explorer including graph visualization cost table reports a tabular breakdown of the cost to analyze details of invoices cost breakdown report so at a glance waterfall overview of monthly charges and credit pricing report so axis SKU prices for Google cloud services here they are just notice that they're not one to one in terms of naming so that's why I highlighted these in in Black so you could just see like cost table reports is called cost table pricing reports just called pricing things like that okay foreign hey this is Andrew Brown from exam Pro and we are taking a look at the billing reports in Greater detail here so building report is to view and analyze your Google Cloud usage costs using many selectable settings and filters so configuring various views of cloud billing reports can help you answer questions like these how is my current month's Google Cloud spending trending what Google Cloud project costs the most last month what Google cloud service costs me the most what are my forecasted future costs based on historical Trends how much am I spending by the region what was the cost of resources with label X and you can also have customized report views that are savable and shareable so on the exam they actually might ask you you know like okay you want to do this right which built-in report will let you do that so you need to remember these okay and which they apply to all right [Music] hey this is Andrew Brown from exam Pro and we are looking at Cost table reports and a costal report is to access and analyze the details of your invoices and statements I know this image is really small but down below it actually shows like kind of like a summary of um costs just like an invoice you can filter that out to understand those totals and things like that so because your generated invoices and statement PDF only contains simple simplified summarized views of your cost the cost table report is available to provide invoice or statement cost details such as the following including project level cost details from your invoices and statements including tax costs broken down out by project includes additional details you might need such as IDs SKU IDs project numbers the report view is customizable and downloadable to a CSV so there you go foreign [Music] hey this is Andrew Brown from exam Pro and we are looking at cost breakdown reports so a cost breakdown report is an at a glance waterfall overview of your monthly costs and savings so this report shows the following summarized view of monthly charges and credits the combined cost of your monthly Google Cloud usage on-demand rate calculated using non-discounted list prices savings realized on your invoice due to negotiated price if applicable for your Google Cloud billing account savings earned on your invoice with usage-based credits broken down by credit type your invoice level charge is such as tax and adjustments so it's they call it a waterfall because it looks like a waterfall but the idea is like this is just a much clearer view than using billing reports of course you can get the same visualization with billing reports it's just an easier visualization okay [Music] hey this is Andrew Brown from exam Pro and we are looking at pricing reports so use the pricing table report to access SKU prices for Google cloud services including Google Cloud Google Maps platform Google workspace as of the date the report is viewed the report shows the following pricing information displays SKU prices specific to the selected Cloud billing account if your Cloud billing account has negotiated contract pricing each SKU displays the list price your contract price and your effective discount if an SKU is subject to tiered pricing each pricing tier for an SKU is listed as a separate row all the prices are shown in the currency of the selected billing account and the report view is customizable and downloadable to the csvue for offline analysis [Music] hey this is Andrew Brown from exam Pro and we are looking at the pricing overview for Google Cloud because they have a lot of different schemes for pricing and it's going to vary for service but we can break it down into seven types of pricing so we have the free trial so this is a risk-free uh trial period with specific limitations uh we have free tier these are services that have a minimum monthly limit or or of free use and then we're more now into compute so if we have on demand the standard price paid per hour minute seconds milliseconds varies per service committed use discounts a lower uh price than on demand for agreeing to one year or three year contract sustained use discounts so these are passive savings when using resources past a period of continuous use preemptable VM instances instances with deep savings but at a cost of being interrupted flat rate pricing so prefer a stable cost of queries rather than paying on demand so this is only in particular for bigquery I don't know if they provide uh plan to do it for other services we have sole tenant node pricing so dedicated compute so this is basically a single tenant virtual machine so for the exam you're going to want to know all of these pretty well uh like broadly speaking these two aren't going to show up on the exam but uh we're going to cover them anyway just for your own benefit okay [Music] hey this is Andrew Brown from exam Pro and we are looking at free trial and also free tier so this is going to show up on the exam but it's for your own benefit so when you sign up for Google Cloud you are going to get 90 days free for 300 of credits on the platform that you can use towards uh different types of products and services and so there are some limitations to this trial that we need to go through you cannot use these on gpus to your VM instances gpus is generally used for machine learning or deep learning you can't request a quota increase so you get 300 bucks or credits and that's all you get you can't create VM instances that are based on Windows Server images you you need to verify a credit card or other payment method to sign up and at the end of your trial to continue using Google Cloud you must upgrade to a paid Cloud billing account upgrading early will end your trial because you really are in a sandbox to keep you safe that's one of the benefits of Google Cloud where other providers like AWS you have a high chance of going over your free trial into real spend okay so for free tier all Google Cloud customers can use select Google Cloud products like compute engine cloud storage bigquery free of charge within a specified monthly usage limits when you stay within the free tier the resources are not charged against your free true credits to your Cloud billing accounts payments method after your trial ends okay so for app engine we have 28 hours per day for f instances nine hours a day for B instances one gigabyte of egress so data leaving the network like downloads the Google Cloud free tier is available only for the standard environment so it's not for flexible for artifact registry you have 0.5 gigabytes of storage per month for auto ml natural language you get 5000 units of prediction per month for auto ml tables you get six nodes hours of training and prediction for auto ml translation you get 500 000 translated characters per month for automl video intelligence you get 40 node hours for training five hours for prediction for auto ml Vision you get 40 node hours of training and online prediction one hour for batch classification prediction 15 node hours for Edge training for bigquery you get one terabytes of querying per month and to me that is like super awesome and one of the reasons why I like to use bigquery as my primary data warehouse you get 10 gigabytes of storage per month for cloud build you get 120 build minutes per day for cloud functions you get 2 million invocations per month includes both background and HTTP invocations 400 000 gigabyte seconds 200 000 or yeah 200 000 gigahertz seconds uh gigahertz is that GH said I think that's what it is seconds of compute time five gigabytes Network egress per month for cloud logging and Cloud monitoring you get free monthly logging allotment free monthly metrics allotment for natural language you get 5000 units per month for cloud run you get 2 million requests per month 360 000 gigabytes per second of memory 180 180 000 of ecpu seconds of compute time one gigabyte Network egress from uh North America per month and the free tier is available only for cloud Run Okay free access to Cloud shell uh including five gigabytes persistent disk storage so don't fear spinning up Cloud shell it's a very useful tool uh Cloud Source repository so up to five users 50 gigabytes of storage 50 gigabytes of egress for cloud Vision 1000 units per month for firestore one gigabytes storage per month um or just in general sorry not per month 50 000 reads to twenty thousand rights twenty thousand deletes per day for Google kubernetes engine no cluster management fee and that's a big one because other providers will charge you a management fee for the cluster or control plane for autopilot or its own clusters per billing account for clusters created in autopilot mode pods are billed per second CPUs memory resources requests for clusters created in standard mode each user node is charged at a standard compute engine pricing for cloud storage five gigabytes per month of regional storage so that's pretty good but only for the US regions 5000 Class A operations per month 50 000 Class B operations per month one gigabyte Network egress from North America to All Region destinations excluding China and Australia per month free tier is only available in UFC's 1 US West one U.S Central regions uses calculations are combined across those regions last page I believe of our free tier here so for Google Maps you're getting 10 gigabytes messages per month for speech to text 60 Minutes a video intelligence API 1000 units per month for work workflows 5000 internal steps per month 2000 external HTTP calls per month per compute engine one non-preemptable F1 micro VM instance per month within us West U.S Central one U.S east one 30 gigabytes uh months hhd area hard disk drive five gigabytes months uh snap uh snapshot storage in the following regions one gigabyte Network egress your free tier F1 micro instance is limited by time not by instance so each month eligible used for F1 micro instances is free until you have used the number of hours equal to that so just remember F1 micro when you're looking for a free instance usage calculations are combined across supported regions Google Cloud free tier does not include external IP addresses um uh compute engine offers discounts for sustainable use of virtual machines your free tier does uh use doesn't factor into sustained use gpus and tpus are not included in the free tier offers you're always charged for gpus and tpus that you add VM instances and that makes sense because their physical pieces of Hardware they're really expensive okay [Music] hey this is Andrew Brown from exam Pro and we are looking at on-demand pricing so this is when you pay for a Google Cloud resource based on a consumption-based Model A consumption-based model means you only pay for what you use based on a consumption metric so that could be hourly minute seconds milliseconds can be a multiplied by configuration variables such as vcpus or memory by API calls so maybe one dollar every one thousand transactions On Demand is ideal for low cost and it's because it's low cost and flexible only pay per hour short term spiky unpredictable workloads cannot be interrupted and for first-time apps so generally it's the one you usually use okay [Music] hey this is Andrew Brown from exam Pro and we are looking at committed use discounts also known as cuds and this lets you commit to a contract for deeply discounted virtual machines on the Google compute engine it's simple and flexible and requires no upfront costs ideal for workloads with predictable resources needs you purchase compute resources so vcpus memory gpus local ssds discounts apply to the aggregate number of vcpus memory gpus and local ssds with your region not affected by changes to your instance machine setup you commit for payment terms one year to three years purchase a committed use contract for a single project purchase multiple contract share across many projects by enabling shared discounts your billed monthly for the resources you purchase for the duration of the term whether or not you've actually used the service as a is it's going to happen anyway okay so 57 is most machine types and gpus and 70 is a memory optimized machine types so look here on the right hand side just to give you an idea so the idea is that when you want to do committed use you choose the product that you want you're going to choose the plan that you want the region and the commitment and then it's going to tell you your estimated savings okay [Music] hey this is Andrew Brown from exam Pro and we are looking at sustained used discounts also known as Suds and these are automatic discounts for running specific compute engine resources for a significant portion of the billing month so sustain use discounts apply to the following resources and this is broken into two broad categories the first is vcpus and memories when you're dealing with these two components you have General person custom and predefined machine types such as you going in and dropping down different types of machines compute optimize machine types memory optimized machine types sold tenant nodes remember that's kind of like dedicated machines and so here it's 10 Premium cost even if the vcpus and memory in those nodes are covered by the committed use discounts uh and then the other part here is that there's ones for GPU devices so you can apply Suds to gpus which is a great savings okay applied on incremental use after each reach certain usage thresholds you pay only for the number of minutes that you use an instance compute engines automatically give you uh the best price there's no reason to run an instance longer for than you need it automatically apply to the VMS created by both Google kubernetes engine and compute engine and it does not apply to VMS created using App engine's flexible environment and data flow okay but what I want to remember is that Suds is if you keep on using something you're going to save money and it's going to be particular with most CPU types most compute types and gpus okay um oh it also does not apply to E2 and A2 machine types I missed that there in the end uh so uh just to kind of give you an idea of what kind of savings you can expect so there's ones for up to 30 and that's when you're using general purpose and one predefining custom machine types memory optimized machine types shared core machine types Soul tenant nodes and so here's kind of the idea of uses level uh based on also the incremental charge okay and then we have sustained discounts for 20 so general purpose N2 and 2D predefined custom types computer optimized types and then another graph so for the exam they're not you're not going to need to know these details but you just need to know segs you save money uh when you have continued use okay foreign [Music] hey this is Andrew Brown from exam Pro and we are looking at flat rate pricing and this is only for bigquery uh would it be ever be for any other service I don't think so but the idea here is that if you have high volume or Enterprise customers who prefer a stable monthly cost for queries rather than paying on demand price per gigabyte of data process this is where flat rate pricing comes into play so you have purchase dedicated query processing capacity measured in bigquery slots your queries are con the idea here is you consume your queries uh via this capacity and you are not built for bytes process if your capacity demands exceed your committed capacity bigquery will queue up slots and you will not be charged additional fees to enable this flat rate price uh yeah the slide doesn't want to go forward there but to enable the flat rate pricing use bigquery reservations so there you go [Music] hey this is Andrew Brown from exam Pro and we are looking at sole tenant node pricing so a sole tenant node a single a single tenant virtual machine is physical compute engine server that is dedicated to hosting your own projects VM instance you've heard me mention sold tenant many times in this course when you create a soul tenant node your build for all of the vcpus and memory resources on the sole tenant nodes plus a sole tenancy premium which is 10 of the cost of all the underlying vcpus and memory resources it does for sustained use discounts applied to this premium but committed use to discounts do not after you create the node you can place the VM on that node and then these VMS run for no additional cost of vcpus and gigabytes of memory are charged a minimum of one minute after one minute of use Soul tenant nodes are built in one second increments the price of a node type depends on the following so number of vcpus of the node type gigabytes of memory of the node types region where you create the nodes so we'll sold tenant show up on the exam probably so just make sure you understand you don't need to remember all the details to it but remember just understand what it is and generally how expensive it is okay [Music] hey this is Andrew Brown from exam Pro and we are looking at the Google pricing calculator so this is a free web-based cost calculating tool to generally calculate costs of various gcp resources so you do not need a gcp account to use this tool you can create a shareable link or email the estimate to your organization or key stakeholders so this is generally what it looks like you choose the service so here I say I want two instances and there's other particular details and then it's going to generate a cost so here it's saying it's 97 you can email it you can change the currency very straightforward so there you go foreign [Music] hey this is Andrew Brown from exam Pro and we are looking at the concept of resource hierarchy within gcp so this is kind of a graphic of what a hierarchy could look like and there's a lot of components that go into it we did cover this a little bit earlier in one slide about folders where we talked about folders projects and resources there's a lot of moving Parts here and on the exam they're definitely going to ask you about resource hierarchies so let's make sure we know this okay first thing is a resource is a service level service level resources that are used to process your workloads could be bigquery compute engine whatever uh that is a service you want to launch and you have Resource Management how you should configure and Grant access to Cloud resources from your team set up and or or team set up an organization of your account level resources you have domains primary identity of your organization to find which users should be associated with your org your universally administered policy for your users and devices linked to either a Google workspace or a cloud identity account a Google workspace or Cloud identity account can only have one org just so you know then you have orgs or organizations these are the root nodes of your Google Cloud hierarchy of resources you can Define settings permissions policies for all projects folders resources Cloud billing account is its parent organization is associated with exactly one domain using the organization you can essentially manage your Google Cloud resources and users access with proactive and reactive management then you have folders this is a logical grouping of projects and other uh or other folders folders can be used to group resources that share common IM policies you got projects so logical grouping of service level resources products can represent teams environments organizational units business departments and this is basically where resource hierarchy is very detailed in its variants basis of enabling services apis and IIA and permissions a service level resource resource can only belong to a single project you got labels so categorize and filter your resources with key value pairs if you use AWS or Azure they call these tags okay but here at gcp they call them labels great for cost tracking at a granular level there are three suggested architecturals you can use environment oriented function oriented and granular access oriented they're not going to ask you what kind of architecture it is but they're going to talk about these like saying like which would be a good setup and they'll describe kind of what the the setup would be and that's why you want to know these three types and we'll go over to the docs to look at that because that's where the most detail is for this okay [Music] hey this is Andrew Brown from exam Pro and we're looking at environment oriented hierarchy and so this is the most simple uh simplest one to implement and pretty much what you would think that you would want to do and so the idea here is you have a single organization and you're going to break up your folders into different environments so production quality assurance and development and then underneath you're going to run your application so this works pretty well in a very simple setup but it can pose challenges if you have to deploy services that are shared by multiple environments okay [Music] hey this is Andrew Brown from exam Pro and we're looking at function oriented hierarchy so this one looks a little bit more complicated but the idea here is that you have one organization that contains one folder per business function okay so notice here uh we have apps management and infrastructure technology and then the idea is that down below now we can Define production uh our environments as another layer of folders you have folders inside a folders so each business function folder can contain multiple environment folders multiple business functions are apps management and information technology more flexible compared to environment oriented gives you the same environment separation allows you to deploy shared services function oriented hierarchy is more complex to manage than an environment oriented and it's separate access by business so there you go [Music] hey this is Andrew Brown from exam Pro and we are looking at granular access oriented hierarchy so this one's a little bit larger we have three layers of folders and so the idea here is we have one organization organization that contains folders per business unit so now as you can see here it's retail risk management Financial commercial I know it's hard to read but it's hard to fit that whole image in there each business unit can contain one folder per business function so now we have our function so application sandbox shared uh core Services data analysis controlled services and each business function folder can contain one folder per environment so production development Etc so this is the most flexible and accessible option you need to spend a greater effort to manage the structure rules and permissions um the network topology is more complex so really like when you're looking at it the idea is that we had the three three types so the first one was environment oriented so this is the environment then you had function oriented over here and then this one here is granular access oriented so the idea is that you're just adding additional folders for Organization for organizing your resources okay [Music] hey this is Andrew Brown from exam Pro and we are doing the gcp follow along so the idea here is that we are going to uh just launch a bunch of cloud services uh it's not going to be super challenging but the idea is just to kind of help cement the uh the knowledge of what we've learned in the lecture content they don't even recommend uh necessary uh for the exam but I like to do it and I think that you'll appreciate doing it too so once you've created your GCB account you should have an organization and a default project and so one of the first things I want to show you how to do is to set up a resource hierarchy because the idea is you have your Cloud workloads below which run in projects and you can organize them into folders and this is all tied to your organization and this is a little bit tricky and it does show up in the exam so it's important to know how to do this and so that's the first thing I really want to show you so what we'll do is we'll go ahead and make our way over to IEM because that's how we do it and it's not going to work and I'm going to show you why and then we're going to show you how to I get permissions okay so we'll go to IEM and on the left hand side if you expand it down below there's one that says manage resources now you could also go up here and type in manage resources because sometimes it's really hard to find things in gcp so you just have to kind of work those two ways the idea is I have a bunch of projects in here and I have my organization and I want to go ahead and create a folder and so I might have a folder coming back over to our structure here we might want to have a folder like applications and then production so if I try application here and my organization selected notice that I have this little Caution sign says you do not have the required permissions resourcemanager.folders.create permission to create folders in this location so you go okay well how do I get permissions I would think that if I'm the owner I'd have permission to everything but that's not the case so if we make our way back to IEM all right we go all the way back here and we go we're under the top one here which is for the users and we see I have the owner role if you look up the documentation it's going to say go ahead and add project or admin folder okay so you go admin folder or project folder and nothing's going to appear and the reason why is that you can apply permissions or roles at the project level and also the organization level and because of that the the roles that are available are different so you're never going to find it at the project level here and so we got to do is go to your organization all right the way you know that you're in your org right now is that it has this little um building and notice now it's just listing uh people at the organizational level and so what I can do here is go ahead and edit the member I'm going to add a role I'm just going to type in folder okay and so now we have folder admin that's going to give me full access full control to create uh what I wanted to do there which was folders now if we go to the left hand side here and go to manage resources we should have an easier time creating folders now and so we'll go ahead here and call this application okay we'll hit create and give it a moment to create and what we'll need to do is go ahead and refresh to see that new folder and there it is so now that we have that folder let's go ahead and create a folder within that folder so I think yeah if we go ahead and hit create folder here and we'll choose our organizational structure oops uh so sorry so I gotta go and choose the org and then now what we can do is choose the folder so I want application here and following our guide here we're going to go with let's say developments because we're not serious about it running any kind of production workloads today we'll go ahead and create that okay we'll go ahead and hit refresh down below and now you can see we have application development so let's say we want to move um or let's say let's we want to create a new project that's going to sit uh in here for our development workload and So Below down below uh you might want to specify the names but what I'm going to do is create a new one in here and I'll say create project and this is just going to be my app uh and we will choose its location okay we'll hit create and it takes it doesn't take that much time for these to build so uh if we give this a hard refresh there's a refresh button up here we should now see our uh R by app so if we go back to gcp you're up the top here I should be able to switch over to my app all right and so now what we'll do is go ahead and create stuff there but that's what I just wanted to show you was the fact that you had that folders and project structure and how easy it was to create in some of those headaches there um I can't remember you probably can apply permissions at the folder level let's just go take a look I'm not running crazy workloads in um gctv so I don't always know but uh what we'll do is go back to the resource manager manage resources here and I think you can yeah I'm not sure but it's not really in the scope of this certification but the idea is we have our project set up and I will make my way back to that and now we'll start launching some resources okay [Music] hey this is Andrew Brown from exam Pro and we are on the gcp fall Longs for the digital Cloud leader and actually before we launch any resources I probably should show you a bit about uh spend and how to control your spend so this is a new project that we started up and there's nothing really in it now I was playing around in this other sample project here called exam Pro and I purposely ran a bill so I could show you what building looks like uh because it doesn't make a lot of sense like it's very hard to understand it if there's no billing happening so the left hand side you'll go to billing all right and we'll just give it a moment to load here and so we have a bunch of different options here so reports cost tables cost breakdowns commitments etc etc uh and so for the exam you're going to want to know about um the different types of reports the overview reports cost table cost breakdown and generally understand the differences they're pretty thoroughly covered in electric content so uh you know it's not a big deal if you don't absorb it here but the idea here is we can see and this is just the overview we have our cost Trends so we have some nice charts here so it's just kind of like a breakdown so maybe top products things like that it's very straightforward but over here on the right hand side we have billing health checks and so if we were to click this here it's going to give us a bunch of suggestions that we should do and so the first is Grant access to view billing reports assign multiple billing account administrators turn off billing account Creator roll for domain set up a budgets alerts link a project or close an unused account so I would say that studying about budget alert is on our high priority here because we do not want to end up spending more than we have so if we go over to budget alerts over here you can see I have my spending limit and showing that I've spent two dollars and 43 cents out of a hundred dollars so if we wanted to go ahead and create ourselves a budget it's pretty darn easy I'll just say my second budget alert okay see I had a lot of spend the other month there and now I don't have so much um but the idea here is you can go and say okay do I want to take into account credits or not credits would be if you were given gcp credits to utilize for free a lot of times startups get those but the idea is you can go ahead and hit next then you can specify the exact amount and so I could say fifty dollars right and it shows you a line where it can go we'll hit next and this is really nice which I like you don't see this in like AWS where you actually have to set up separate building alarms but in gcp you just if you just can do it all in one go so the idea is if you want multiples you just add multiple thresholds and it's going to warn you when it approaches those numbers and if you go down below you can see that you can email receive emails about it and if you also want to push it to Pub sub you could do that so you could pragmatically code it into your platform in terms of the exam you just need to know that you can set thresholds and why you'd want to use budgets right just to make sure you're monitoring your spend now I don't need to go ahead and create one because I already have one it's a very simple process but that is budget alerts now if we go back over here to reports uh this is really cool this is basically a great way of visualizing your data so you have a bunch of different options and you can really Pare down and say okay I want to know exactly what the spend was for this uh service uh and stuff like that so if you really want to do visuals that's what you'd use that reports tab for then you have your cost table and cost table is basically like a dynamic invoice so the idea is like invoices just aren't able to show you all of the line items and so here we can go and expand and see every single uh every single charge at a granular layer and I'm pretty sure you can export this download here yeah download it as a CSV so it's a better way to um uh like uh review your bill from like an invoice perspective then you have cost breakdown and this is kind of like just a simplified report so like we have reports up here and uh and the overview but this is just more so kind of so you can see it at a glance per month so is it up is it down where are we right so not super complicated um and again the questions are not hard in the exam but really all I wanted to show you was those four there and how to set a budgeted alert and that's pretty much all we need to know so what I'm going to do is make my way back to my sample project and now we're ready to launch some resources okay foreign [Music] hey this is Andrew Brown from exam Pro and let's go take a look at compute engine so what I want you to do is go to the top left corner here onto our hamburger menu and we'll scroll down make our way over to compute engine and go to VM instances so this is where we would launch a virtual machine so we'll give it a moment here to load and as you can see I've never used it within this project so pretty often you'll have to go ahead hit enable so you are agreeing to use a particular service every time you create a project it's always going to show you that but we'll give it a moment to allow us to use that API it just takes a little bit of time and I don't know why sometimes the UI is a little bit buggy um sometimes it freezes like this and so if it does do that what you'll need to do is just go ahead and hit refresh it's usually pretty darn good the experience is usually pretty smooth but not always the case so I'm going to go ahead and hit enable again okay and it just does not want to work right now so if that happens and it's totally possible that can happen what I recommend is just step away go get a tea go get a coffee and come on back because it'll probably work in just a bit okay I'll see you back in a moment all right so uh after a short tea break I'm back and it's now just all of a sudden working so uh that's the thing with these large cloud service providers is that their services are so massive it's very common to run into inconsistencies in the UI where you think you've done something but it's telling you you haven't but you know you have and so you have to have confidence knowing okay I did do this and just give it a little bit of patience and time uh and just check in again and so here you can see you actually launched multiple times because I pressed the button four times so actually worked the first time but here we are and if you want a quick start you can you can hit this button here and the thing is is that gcp and only gcp does this but they have a really really good tutorial system so if you want to be shown around anything you can hit show me now uh and it'll it'll help you step through all the things that you need to know and so this one is just kind of like a tutorial on how to do something I'm not going to go through it this is more for you this is how to do a to-do app with mongodb I don't like mongodb so I'm not doing that today but I just want you to know that's a great way to start learning with gcp um but what we'll do and you can see we have different instances here so VM instance templates Soul tenants those are dedicated machines machine images Etc tpus but what we want to do is just go ahead and create ourselves a regular old virtual machine so go ahead and hit create instance and we'll give it a moment here today is a slow day for gcp it's usually super fast and here we're in here and so on the left hand side we have new VM instance new VM instances from template new VM instance from machine image or the marketplace now uh I really like how gcp uh shows their um forums compared to AWS and Azure because they're always like on one screen and they're very good about showing you the price uh which is really nice uh and here you can do you get a breakdown to kind of see where the hidden costs are so it's not just the CPU cost that it's just like there is a persistent disk uh and maybe if you're using sustained you just use discount if you've used it on a monthly basis it'll show your savings notice it's like a negative so it would show you a reduced cost there but the idea here is that we want to name our instance I'm going to just say my website okay we'll see if it takes that we can add labels labels are tags so I can go here and say um EnV production we'll go ahead and add that label other provide providers call them tags for some reason gcp wants to call them labels but it's the same thing notice we can choose our region so I'm going to see if there is a Canada region I'm pretty sure there is I just started typing as if I was on Azure and that's not the case I got to scroll on down and look for it I know there's a Montreal there's always a Montreal right there at the top and so I can choose between my zones I'm going to stick with Zone a notice we have general purpose and compute optimized uh notice as soon as I want to compute optimized 135 dollars we'll make our way back E2 is I believe the most cost effective uh instances another thing that's really nice about gcp is they just have fewer fewer things to look at so it's just a lot easier to get set up here but this is good for me I don't need a two vcpus and four gigabyte memory I want to go super small so I'll click on that now I'm down to seven dollars and 83 cents I'm a lot more comfortable about comfortable with that we'll scroll on down so confidential VM Services enable the confidential Computing service on this VM so this service adds protection to your data in use by keeping memory of the VM encrypted with keys that Google doesn't have access to that sounds really good so you can see we can check box that on and we'd have some additional settings we're not going to do that today but I think that's really cool this is something I really like is that any kind of most instances I think most like basically all instances can support this container option and what it will do is it will install a container layer for you and then you can just specify your container image and it's very makes it very easy to launch containerized containerized services like single container services Azure doesn't do this AWS doesn't do this only gcp does this in this kind of convenient way so I really really like that not to say you can't do it on AWS you'd have to go to the marketplace but that is like a super bonus for me for gcp I notice there's some Advanced options here so like you know like the the command uh uh command arguments you probably specify uh environment variables maybe the entry point yeah that's the entry point there if you know anything about containers if you don't don't worry uh then you have your boot disk so this is the boot disk right and so we have some options here starts with 10 gigabytes I wouldn't want something larger than 10 GB but we'll take a look around here so here we could choose uh Debian or W9 we can change our operating system I'm pretty comfortable with Debbie and I I like Debian oh Fedora korres that's pretty cool I really like Fedora korres I just learned all about that recently you can provide your own custom images you can set the size of snapshot you can attach existing disks but we'll do stick with Debian because that's a pretty safe one there another one is pretty safe at Centos that's what a lot of the cloud service providers base there they're managed instances on but what we'll do is scroll on down you can see we can apply firewall stuff um yeah that's all fine we don't need to do any more without we don't need a firewall so we'll scroll up make sure our price is okay 7.83 you know what I'm looking for is um a lot of times cloud service providers will have a startup script here it is and this would be cloud and knit okay so Cloud init is a pretty standardized or CF internet cloud in it can't remember what it's called but it's a standardized way of uh providing your um your virtual machines with a script to start like it's the first thing it runs so if we wanted to install Apache we could do that um I'm just trying to see if there's like an example here like it's just a bash script right so I'm just thinking yeah see it here yeah this is actually exactly what I want too so this is perfect I didn't know they had this and so here the idea is that we'll just take this if you specify the first line in a cloud init file as this with the shebang it's going to know it's a basket but it can also take a yaml file I believe um but anyway what this will do is it will install it will do an update and then it will install Apache 2 and I believe these this is actually for Debian uh because if we were using um Centos it'd be like yum but apt is for that I don't know if it needs a pseudo in front of here it doesn't seem to need it but what we'll do is we'll put that in there save me a lot of time I didn't have to try to remember what to write um you can set custom metadata we don't need to set any custom metadata today and just looking some other stuff availability policy on host maintenance nope everything is fine so we'll go ahead and hit create and fingers crossed that just work uh I didn't set up any SSH though huh well if if there's options what we'll do is we'll just launch another one but we'll see how this one goes so what we'll have to do is wait a little while so I just hit refresh up here so there's the connect option for SSH but we're just waiting for it to start it's just going to spin so um let's give it five ten minutes and I'll see you back here in a moment okay okay so after waiting a little bit of time there I did have to hit the refresh button in order to see that green status but let's see if our website works so what we can do is go over to this external IP that is our public facing IP address hit that button to copy it and we'll go ahead and paste that on in there and so notice that it's not resolving if that's happening it's either means two things our Apache server is not running or our fire firewall rules is not allowing us to access on Port 80. so that is something we're going to need to figure out so we need to ssh in I'm so used to providing an SSH key or generating during the creation process I forgot the gcp doesn't make you a set one in the creation process you can just click here and it'll let you in so we can open browser in window on a custom port view gcloud command I kind of would prefer to do it in um the Google shell so let's just try the browser first okay and what it will do is we'll transfer the SSH keys to the VM so you don't have to do anything it's really easy to get in okay and we'll just give it a moment not fast but easy all right and we're in okay so we could type in LS PWD just to see where we are let's go to see the gcloud command if that doesn't work we'll just make our way back here but I would rather I would like to try to use the cloud shell because I think that's really nice we'll go view gcloud command and there it is so what we'll do I'm not sure if this is going to work but what we'll do is copy this the following can be used in the SSH into the instance okay so oh running Cloud shell perfect so if we didn't click there we could go up here and click activate Cloud shell Cloud shell is like a a terminal I think gcp was the first to have this Azure has one AWS now has one but gcp has the best experience for this but what we'll do is we'll go down here and say view in gcloud and just hit run in Cloud shell okay gcloud is the name of the um the CLI okay and we'll give it a moment to start up an instance here I assume it's containerized it's probably it's probably containers it's how so it's able to launch so fast usually it's super fast by the way it's not super fast today and it'll run that gcloud command it should get us into our instance also another cool thing about gcloud is it has a editor built in and it looks just like vs code I'm not going to switch over to it because I do not want to interrupt our terminal but if you want to do coding you can totally do it within the gcp platform and again that's a lot easier than the other ones make it out to be so it's pre-filled it in here it looks like this is a beta feature but we'll go ahead and hit enter uh it's requesting access we'll say authorized we will say yes we'll say enter enter so what it is is it generated out in SSH key for the cloud shell and then I imagine what it's going to do is then um take that SSH key move it on to the server and then allow us to then authenticate that way okay and so I believe yes we are in the instance because it says my website down below so I'll type in clear okay and so one way we could tell if it's working is we could uh we could do like a curl so if we did curl localhost and it returns HTML and it does that shows us that the Apache server is running probably could also type in sudo Apache um or maybe pseudo service um Apache to status yeah and it's running so so it's running and we we did a query so probably the issue has to do with the fact that our firewall's not open so let's go take a look there and see what we can do okay so we need to go create ourselves a firewall rule but I just remembered that we're going to need the IP address so I'm just clicking back to the instance here whenever this page loads I'm going to grab that external IP address and click back forward here we'll go ahead and create ourselves a new rule I'm just going to scroll on down and change this over to specify or all it's just all instances in the network and then specify the range and put forward slash 32 on the end there okay so the top here we're going to type in Port 80. and we'll maybe say website and we'll say I'll let our website be accessible on Port 80. probably would help to type correctly it's not going to hurt anything but you know someone else reads your stuff they want to make sure that it reads okay logs will leave that off default network is fine priority is fine Ingress means inbound egress means outbounds we want to get in like to get something back right we can allow or deny so we are allowing if we scroll on down below we can specify the ports this is TCP we're going to put Port 80 and then we'll go down below and go ahead and hit create does not like the name must be lowercase it's hard to remember all these rules we'll go ahead and hit create we'll give it a moment and what we'll do is go back to the internet hit enter and see if this is working doesn't seem to be working just yet let's give this a refresh see if our rule appears here so Port 80 that is correct priority so it has a high priority so it should be applied 32 203 103 forward slash 32 the 32 just means exactly that IP address we'll go up here it did not resolve so just give me a moment I'll take a think about this okay so I think we might have an easier way to uh make firewall rules in the way we were doing it here so what I'm going to do is go back to my instance here because I could have swore that it was here but I probably just forgot if we go down to view Network details I think here uh we'll get yeah so there is we don't have any network tags so we don't have any way to specify tag but here we have the external IP and the internal IP address and what I wanted to see was what firewall rules were being applied so here if we go over here we can see that we have Port 80 so this should be applying um and down below we could probably do a connect connectivity test here and we'll see what we get back okay we'll go ahead and create a connectivity test let's say uh Port 80 or Port 80 test TCP sounds good to me and we want this to hit the 35.203.103.0 and that's the IP address we could also just say the VM instance that's a lot easier I like that instead notice it's hitting the primary internal IP so that's not going to be very useful because we have to go from the outside in okay so we'll do 35.203.103.0 this is IP address used in gcp this is an IP address used in gcp when you yes it is okay um and that's correct so we'll do Port 80 and we'll say create and we'll see if we get some connectivity so it's just a way for us to effectively see if it's working um last time test last package transmission result so it's probably running it I'll just go here and hit rerun yeah that's fine and do I have a refresh button here new I don't and so it says it's reachable okay well it could go ahead and view the results so we have the VM instance the Ingress egress firewall rules the static route Nat Nat VM instance so everything seems to be working so maybe I'm crazy maybe our thing is working let's go back and take a look again okay but it's not working another thing we could do is we could open up our Cloud shell and so we were using Cloud shell within the server let's just make sure we're not on the inside we're not that's good and what we can do is just do a curl and paste in that IP address and see if we get anything returned back if it times out that means that it's not going to work and notice it's not it's timing out so we still have a firewall rule issue here so let me just try a bit more but hey we did learn we did learn about uh cognitivity tests so it's kind of nice so we'll be back in a moment here okay okay so I think I know what the problem is I haven't tried it yet but I was just staring at this thinking okay I put the IP address in why is it not working well the problem I think is is the fact that I provided the IP address uh for the VM instance but we're actually trying to say what is allowed in right so it really should be my IP address or a public-facing internet so what I'll do is I'm just going to say what's my IP okay and we'll grab this here I bet that's the problem because we're not trying to allow the own server the own IP address of the server into itself that makes no sense it would make more sense if it was ours so what I'll do is go ahead and click this we'll go ahead and edit this Rule and we'll scroll on down and we'll switch this out for my IP address now you could do 0.0.0.04.0 and that's what you'd want to do if you're launching a real website here we'll go ahead and save it how embarrassing but uh it just goes to show it doesn't matter how many years you work with Cloud it's easy to get turned around okay so we'll go up here hit enter and now our website loads so there you go it's not that hard um as long as you know what you're doing okay so what we'll do is we'll make our way back uh to our instance so we'll say compute engine up here probably could pin it um I don't really I don't really like pinning things but so that was our instance um is there anything else of interest to show here not really so let's go ahead and just delete this instance okay and we'll hit refresh here okay it's going to delete I'm pretty confident about it I'm not too concerned about this resource and so what we'll do is go back and click on gcp or Google Cloud platform and uh we'll move on to the next follow along okay [Music] all right so we learned about compute engine let's go learn about I don't know let's say uh databases so what we'll do on the left hand side here is scroll on down and let's go take a look for um SQL so there's spanner and there's Esquibel so spanner uh it's a relational like it's its own variant of a relational database but it's not it's neither postgres or uh MySQL but if you were to be launching a web applications you'd probably want to just use the SQL service so we'll go here and we'll launch ourselves our own SQL instance so go ahead here and create an instance we have the option between MySQL postgres and SQL Server I am particular to postgres so I'll go ahead and click this and we'll go up here and so lowercase numbers letters so my relational database or my uh postgres and we'll need a password so we'll go ahead and generate one there we'll show the password just so I don't have to figure that out later and I need to dump that somewhere so I'm just pasting it off screen so just make sure you know where your password is uh postgres13 seems fine to me I like to launch things in Canada so let's go look for Canada there's Montreal we have single zone and multi-zone now notice does it show us the cost here it's not but I can tell you if you have it in multiple zones it should cost more because you're running redundant servers so I'm going to go single zone okay I want it to be cost effective all right we could even specify the zones I'm going to say any I don't care where it's going to go we can customize our configuration options so let's open it up because we want again the lowest cost for our example here um so we got high memory standards shared core shared core sounds cheap we have lightweight I'm just checking the values here over on the left hand side so look at high memory 26 26 gigabytes that's insane like I don't have a gaming computer that much we go over here now we're down to three seven uh seven gigabytes that's lightweight nothing I don't see anything changing there but I imagine it's cheaper that we have a shared core 600 megabytes this has to be cheap all right so this is the one we're going to choose for storage SSD is fine we don't we're not really doing anything real so I'm going to choose HDD that should be cheaper right I'm going to go 10 gigabytes because I'm not doing anything real enable automatic storage increase that's something you'd want to have but for our purposes I'm turning that off um do we want to have a public IP address well I do because I want to connect to it maybe do a query on it so we'll leave that there you might want to turn that off if you're running a secure workload generally you would and you just only allow um access through uh you know the um firewalls and stuff like that I do not need backups today we don't care when the maintenance Windows is flags are fine we don't need insights insights are nice if you want to query and see information I don't think this costs extra I'm going to leave it off anyway we don't need it today we can set labels as per usual so I can say EnV uh Dev should have been Dev last time too and so I'll go ahead and create this instance okay now I didn't specify a database name so maybe it's just the the identifier all right so I'll just wait for this to provision and I'll see you back here in a moment okay all right so after waiting a little while there it looks like our instance is ready it took about um I don't know 10 minutes for that to spin up uh not too bad and so down below we have the public IP address the outgoing IP address the connection name but looks like there's an easy way to connect with the cloud shells let's click and see if it auto fills it in for us that'd be really really nice I'm not sure if that's the case but I guess we'll find out here in a moment right looks like it is so it says gcloud SQL connect my postgres puts in the username which is postgres um so it looks good let's go ahead ahead and hit enter I might have entered that in twice there permission to deny Cloud SQL admin API has not been used in this project before or is disabled enable it by visiting this link so I guess that's what we'll have to go ahead and do so we'll go and click that link there and we'll give it a moment say enable usually this doesn't take too long sometimes you can tell by going up to the top so that's good so what we'll do is go back and hit up we'll hit enter and see if it connects now along your IP address for incoming connection for five minutes sounds cool can I do stuff I will say backslash D oh no we're waiting okay well not sure what's going on there that's not too clear but I mean that's not usually High we connect to a postgres instance what I would do is collect the names and use something like table plus and that's what I want to do here so that's what we're going to do okay all right so what I got here is uh table plus and this is just a way of connecting to postgres instances so go ahead and make a new connection to postgres this is free software by the way you can go and download it works on Windows Mac and Etc and so we got to fill in a bunch of these things so uh we need the host we need the username and the password so the username is postgres okay the password I saved earlier so I'm going to bring that on over here and paste that in um the database name would be what um it could be this is connection name but that's not very useful I mean my postgres is probably because this looks like it's this is probably the name of the database that's probably the um database name there is my postgres what would the host be uh usually like if it's AWS they have a connection URL I suppose you could use an IP address I'm just not used to having that so we have a public IP address and an outgoing IP address let's try the public IP address here 35 203 16 181 we'll say gcp my postgres here and so it looks like we have mostly everything the default Port is 5432 so we'll just do 5432 we'll hit test and see if that works fingers crossed okay so what I'm waiting for is this to go green it might not go green um let's just try connect instead on Mac it goes green you'll say hey you're connected and it did not connect okay so that's fine so what we'll do is we'll give it a little bit of check here so what else would we need to do okay maybe back I'll be back here in a moment okay you know something I was just thinking is um you know it looks like all our configuration settings are correct but maybe our firewall is just not open so what I'm going to do is make a new tab here and we'll give it a go it's all about trying things on the Fly here nothing's too hard for the cloud uh and we'll go firewall I just want firewall rules well that's app engine so we'll go here because I imagine this must be in a VPC so what we'll do is go here and create ourselves a new rule and I will say uh my postgres rule and we'll go down we'll let Ingress allow specify targets we're just going to do all instances in the networks with a particular IP range so um I'm just going to get my IP IP address like I did last time so my IP address right and we'll grab it there we'll drop it in four slash 32 we'll say TCP 5432 we'll go ahead and create that rule so now now that I have this rule on 5432 which is the port 4 postgres let's go ahead well I guess we got to wait we should probably be patient there is the rule I'm going to go ahead and hit test see if it works now probably it's not going to work if I have that colon in the name in the database we'll try again just connect here that doesn't work we'll just edit it again test connection is the server running 5432 still no good okay well I'll give it another try okay give me a second okay so another thought I had was I was just poking around and we have users and databases here on the left hand side so here we have postgres and then here we have uh postgres again so there is no database called I mean again I haven't tried it but there is no database called my postgres database that's just what I wrote in because I assumed it's based on the instant stand it's just the name of the instance internally for gcp so what would happen if I was to type in postgres instead here and then test this connection would this work because to me like this would make a lot more sense right uh and if that doesn't work I would say that we have the database right and the username is right but maybe there's something wrong with the host or the IP address or the connection so we go over to users that looks fine we go to the databases this one's called postgres so that is fine we go to connections um and it's public IP to authorize a network or use cloud SQL so we said public IP address is fine you do not have an authorized any external networks to connect to your Cloud SQL external applications you can still connect through Cloud proxy so if we don't have a network maybe that's our problem so oops what if I go and grab my IP address here maybe that's our problem forward slash 32 my home address we'll hit done uh we'll hit save scroll on down below here uh here it says you can manage if you're encrypted public IP address only allow unsecured connections are allowed to connect and that's fine we just want to be able to use it so what we'll do is go back here try this again we'll hit test and this thing is super buggy but notice that it's editing our postgres so I'll see you back here in a moment okay okay so we waited a short amount of time and what I'm going to do is go edit and notice my connection is postgres postgres the database password I put in the hostname and if I go ahead and hit connect it now connects so I don't think that firewall rule mattered at all that's for VM instances uh so I probably go back and just delete it out just to make sure you know that is the case so we just type in firewall here okay and I'm going to go ahead and delete this rule all right and now just to do a sanity check it's not uncommon for cloud service providers to have you know that stuff message separately like in AWS you have uh security groups that are like DB security groups that are specialized so to me that's not a surprise that was like that we'll get go ahead and hit edit hit connect can we still connect yes okay so that's how we had to grant us access now this is postgres this is the default table you really wouldn't be uh making uh or or database you wouldn't be making stuff inside of that what you'd probably want to do is go ahead and create a new database so what we can do go back to our instance here close some tabs out so we don't get confused and probably what we'd have to do is create a new database in here so we go here and I'd say um uh you know my database okay we'll hit create and we'll give that a moment to create probably the postgres user is a super user so we can do whatever we want there but if we go and enter a connection we're going to leave out the database it should allow us to connect to all of the databases here so it should show us postgres and the other one we might have to select our database so control K or oops that's not it Ctrl K okay so there we go so we can see we have Cloud SQL admin my database and postgres so I'll go ahead and click into postgres here all right and there are no tables but I can go and maybe I can make a new table here yep so there we go so we say ID and I will add a new column it will say name we'll make that a varchar let me just drop down change it to far char or text I just prefer text okay and we'll go ahead and save that create Untitled table oh we got to name the table so it's a users here and now what it does not like here zero length identifier create table undefined table well I just named it up here the primary ID would be ID up here can I save it now maybe it doesn't like this one hold on here I'm doing Ctrl s by the way to save it um I never create tables this way I always go through and make a manual connection um but I'm giving it a go here today for the first time so zero length eliminated identified at or near double quotations want to be named over here maybe I mean it's named right I don't know it doesn't doesn't want it um you know if that doesn't work that's totally fine the other way we could do this is um I'm just thinking here because if we like I don't have um postgres client installed on my local machine I don't think I do so I don't think I can use that I can try let's see here no I don't think I do so uh the only way I'd have to do that is probably through Cloud shell and through Cloud shell we would have to allow the IP address I don't know how much of a pain that is my point is is that you know like it's not necessary for the exam to know how to set up a table but the idea is to establish a connection I just wanted to show you how to do that and so I kind of feel like we've kind of satisfied it there and solved all the stuff that we wanted to do but what we'll do is we'll just go ahead and destroy this and we're all good to go okay and what we'll do is just check box that off or click into there we'll go ahead and hit delete and we will put in the instance name there we go and it's deleting I'm pretty confident that will delete and that's it there so we're done with that we'll move on to the next [Music] hey it's Andrew Brown from exam Pro and in this follow along I want to show you Google's app engine which allows you to easily deploy uh web applications so in the top left corner we'll go all the way up here to the navigation menu and we'll scroll on down looking for app engine which appears under serverless so we'll go there we'll go ahead and create ourselves a new application and the first thing we're going to see is a bunch of regions we can choose from I like to always choose from Canada so what I'll do is try to find my region if it is available might not be which is totally fine um and I don't think I'm going to get Canada today so I'll just go with us East one so let's zoom in on this map here oh no there's Canada there we go North America Northeast one grape so we'll go next and we'll give it a moment to load it's just thinking really hard there thinking really hard and I cannot tell if it's frozen so what I'm going to do is just give it a hard refresh here see if that helps at all all right so I just had to give it a hard refresh there uh in order for this to actually show up but what I want you to do is go down and we'll choose our runtime to be a ruby because that's what I know and love uh and we have the option between uh standard and flexible for the exam you definitely want to know the difference uh for this follow along not a big deal we're going to stick with standard here today and the great thing is they do have some samples here on GitHub so what I'm going to do is right click here and just take a look here at what they have and they've got a bunch of different stuff here uh and so what I'm thinking is we can open up our Cloud shell so I'm going to open up Cloud shell here at the top and it actually has an editor mode I haven't really given this a go so let's try it out I know what it looks like it's like vs code um but I'm just saying I haven't done a big workload in here yet so I'm kind of curious and we'll let that load up and oh yeah there's me doing some bigquery stuff from earlier but what I'm going to do yeah see I'm just doing a quick test there but what I'm going to do here is bring in a new repo so here um Source control I don't really use vs code but usually you can go here and press this button here uh um and that's not really helping so that's fine we'll open up the terminal it's not a big deal and I'm just going to do LS PWD to see where I am so I'm in my home directory and here it's going to ask me to do it get clone so I should be able to clone this and we'll hit enter and so now we have all those samples so the question is and here down below it says app engine forward slash app engine whatever what I noticed is that there is no folder called app engine so which one will be run well intuitively I would pick something like rails or maybe Sinatra so maybe they have a very simple example they also have static files so they have Sinatra and rails but um they have a Hello World example here and if we click into it it is Sinatra so I feel that this will probably be the easiest way to deploy and then we have our app yaml file that's actually how we configure um most like like whether it's app engine elastic Beanstalk or app uh Azure app Services there was some cap like this accompanying a configuration file that you can use with it I'm noticing that this is set to flex so maybe we might want to use flex mode and to me it doesn't really matter whether it's standard or flexible so maybe we'll just switch it over to flexible here um and what I'll do oops is it says initialize deploy so what I'll do is I'll just see into that hello world directory here oh we got a first CD into our Ruby docs and then into our hello world directory oh look at that now there is a uh there's an app engine right here maybe we're already in that folder okay that's why so we'll do app engine and then we'll do hello world okay and so we'll probably have to do a bundle install so just do a bundle install uh [Music] uh gem file cannot be required you have Etc it could be just because this machine doesn't have um a ruby installed so maybe we'll do um gem install bundler actually I didn't even check if this has Ruby does this have Ruby installed yeah it does okay and actually it's a very recent version so we'll do gem install bundler it's really not even necessary to do this but it's just out of habit I like to make sure that it uh it bundles before deploying bundler is just like requirements.txt or npm it's just Ruby's package manager or a composer if you're used to using PHP and so then I can just do a bundle install after install the packages did I not just install bundler gym install bundler yep it's installed bundle install [Music] um I'm I'm not really that worried about getting it running locally I just want to deploy it and so in order to deploy it we will have to run the G Cloud app deploy command we'll just double check and make sure that's the case here I'm pretty sure that's what it says down below yeah it's just as simple as this so hopefully this works no problem and we'll authorize it with gcloud if you're installing this locally you probably use gcloud.net to authenticate it's giving us some details here it's really hard to read this on white on black or black on white there but uh let's see what it's doing so we have a description it's going to tell us a source it's going to show us the target URL where it's going to deploy app engine uh default service account sounds good to me so we'll hit y for yes and we'll let it go ahead and provision probably the most simple out of all the providers in terms of like a platform as a service I would say gcp is out of all the three great and so if you just take a look there you can tell it's actually building out a containerized image so it gives you the idea that this is running off of containers also noticing that it's setting up Cloud SQL and cloud cloud SQL proxy so I would suppose if it needed to be backed by a database um this should be shouldn't require a database we'll just take a look here maybe the configuration it has that in there nope just says environments Flex runtime Ruby resources memory disk size Etc so I'm not I'm not sure why it's spinning up a relational database there but and this doesn't even have one but maybe that's just part of what it does okay so we'll just have to wait here a little bit a while and I'll see you back here in a moment okay all right and so after a little while there we can see there's a cloud build fail um it doesn't say as to why hold on here um you have out of gem Etc I know Ruby pretty well so for me uh it's not hard to figure out as to why but looks like we're gonna have to go check the log so I'm not sure what the logs are so just give me a moment I'll go figure that out okay all right so what I did here is I went down below and I opened up this link uh which brings us to our build details and if we scroll all the way down to the bottom notice how many steps it's out of 11 out of 14. so this is actually building the container image and when it went and uh and did a bundle install uh it ran into some trouble here so you're trying to install in deployment mode after changing your gem file run bundle install elsewhere and add the updated gem lock gem file.lock to the version control so um I think maybe we just have to get that bundle installed to work so what I'll do is go back here to my editor I really wish I could figure out how to change the theme Here Is there a way we can change the theme so I can see what I'm looking at I'm not sure maybe settings uh color theme and we will go Abyss oh there we go that's a little bit better so we'll work with that I suppose um so maybe we just need to make sure that the bundle install Works uh which is something I try to just get around but there's no gem lock file that's what it's probably going to be complaining about so if I just expand this here yeah notice there's no gem gem gemfall.lock or gem lock file so we'll do a bundle install and this time will just be a bit more thorough about its read so could not find bundler required by your home directory to update the latest version installed in your system do bundle update bundler so we'll do bundle update bundler let's see if that works I would have thought that we were up to the latest version because we ran it the lock file is being updated to bundler 2 after which you'll be unable to return to bundler one totally fine with that nobody uses bundler one anymore but if we take a look here on the left hand side I don't see um bundler gen lock file there so I'll do bundle install and so now I should have one you have to hit refresh here um so let's see one here let's do a clear and I'll do a LS hyphen la yeah it's right there so uh oh you know why it's because I'm not looking in the subfolder here so we're supposed to go app engine hello world and so there's that gem lock file so now let's go ahead and try that to play again I don't know what happens when you have a failed deploy like that so we'll just hit enter uh and I wonder if anything has changed here with app engine probably not probably a successful deploy while that's going let's go take a look here what was going on um through our build history so uh nothing exciting here but I wanted to see what services was so it was doing it through Cloud build so Cloud build um I imagine it's just like um uh AWS code build which is just a build server so it's a server that is designed to build things um and so that could be preparing uh artifacts for code or in this case it could be building out a image which I think that's what it was doing was building out an image so that's interesting how they uh they link that up so we'll go ahead and hit capital Y here and we'll let it go and deploy again and I will see you here at the end of it and hopefully it works or you know we'll encounter a new error okay all right so after waiting several minutes here uh it looks like it is done uh and it has a science command here called gcloud app browse I don't know if it's going to work within the um Google Cloud shell here let's give it a go and see what happens okay so it didn't detect a browser because we're not running it on our local machine we're running it within uh the Google shell but that's fine we can just copy that link and paste it up on here and so we can see the application is working so let's go give it a peek uh in the actual service let's see what we can see okay because usually usually we will see some additional stuff here so I'll go give this a hard refresh here uh I'm still showing us uh that we'll go ahead and click the dashboard here and so our app should be here uh looks like it must be running here um I'm just trying to distinguish okay up in the top right corner that's where we can see it we can see our versioning here we've got Services okay that makes sense if we wanted to upload uh different versions or we deploy new versions I guess would be version management so yeah pretty straightforward so I'd say we're all done here and now we just need to go ahead and tear this down um good question so I I mean I see this running here so I imagine we can just go ahead and delete it oops I have no idea how we should delete this so just give me a second and I'll figure this out okay all right so it looks like we don't delete app engines we just disable them uh so let's go ahead here and click on disable and we will enter this key in here okay and so that should disable it so why they don't let you delete them I do not know why um but I mean that's totally fine as long as we're not getting build so here it says your app has been currently disabled okay um so yeah there we go so we'll just make our way back here and move on to the next service [Music] this is Andrew Brown from exam Pro and let's go take a look at some storage options for gcp in specific um cloud storage so what we'll do is scroll on down here so we got our compute and we have our storage and here is cloud storage okay and you will notice our screen's a bit messed up here just give it a whoops give it a hard refresh here to get that weird navigation out of the way but you can see that because we set up our app engine we already have some storage here but let's go ahead and create ourselves a new bucket and we'll just say uh my new bucket okay these are globally unique names so it's just like domain name so you might have to put in some random numbers there click continue now we have an option of multi-region dual region or just region with the lowest latency with a single region um I'm just going to stick with multi-region for this I'm going to see if I can choose Canada I actually only have three options U.S European union or Asia if I choose different ones what are my options do I get North America there we go so actually I want Toronto because that's the closest place that I am here uh clearly multi-region would give you the highest availability but if you want the lowest latency and you just want a single region more options you probably might just want to choose a region there okay we'll go ahead and hit continue I like on the right hand side it's estimating our cost here now we have our different storage options this will absolutely show up on the exam so you need to know the difference so standard best for short-term storage and frequently accessed data near line best for backup and data access less than a month cold line best for disaster recovery and data access less than once a quarter archive best for long-term digital preservation of data access lesson once a year so we're going to stick with standard uh and then here it says prevent Public Access one of the most um uh common vulnerabilities for cloud service providers is through cloud storage when they're made public especially on AWS I'm sure it's no different for gcp so it's probably good to have a public access prevention turned on on the bucket and then you have access controls under it you have uniform and fine grade we're not sharing this with anybody else so we don't have to worry about that we'll go ahead and hit continue you'll notice that we can set encryption to be the Google manage encryption key or a customer manage encryption key we'll just stick with Google's manage key there because that's very easy you can set up a retention policy if we check boxes we get more information so we could say how long we want to retain uh stuff for I'm going to leave that off for now apply labels as per usual we'll go ahead and create our bucket and so now that we have our bucket let's go ahead and I'm going to create a new folder I'm going to call it Star Trek okay and what I'll do is I'll just go grab some images to upload just a couple images and I'll be back here in a second okay all right so let's go ahead and upload some files so I'm going to click into the Star Trek folder we're going to hit upload files I'm going to go into my Star Trek folder and I have a couple of Graphics from my uh one of my previous courses here we'll hit upload and you'll see the files upload and there they are if you want to go ahead and download them there's a download button on the right hand side we have some other options uh here nothing super important I'm going to go ahead and delete these files okay and give that a moment not that this would cost us anything to keep these two teeny tiny files around but it's probably a good habit to learn how to delete stuff at this level here uh and I'll go ahead and delete my new bucket and we will type in delete to permit and delete it okay and there you go that is Google Cloud Storage [Music] hey this is Andrew Brown from exam Pro and we are taking a look here at bigquery so what I want you to do is go to the top and type in bigquery and this is one of Google's Flagship products because it does something that other cloud service providers does not do and it's the fact that it's a serverless data warehouse so other providers like redshift or um I'm kind of forgetting the one Azure uh synapse uh things like that they are not serverless that means that they have an idle cost that you pay for and they're generally really expensive uh but uh bigquery is very cost effective because it can scale to zero and you're paying for consumption okay so uh for me it's actually a service I definitely use on a regular basis and I really really like it so just to kind of give you an idea of how this works now if you have not attached your credit card yet and you're using the sandbox it is totally safe to do this but if you do have your credit card attached I probably suggest not queryinged if you're trying to be cost effective here but they have a bunch of data sets here and so here is one for covid and a lot of these are public data sets or I mean this one is at least and that means that Google has made it available to you and for this one in particular for new users you can store up to 10 gigabytes of data up to and query up to one terabyte each month for free so you can really play around with bigquery in that sense once you attach a credit card it's no longer free actually I'm not really sure if if it's if it's still extended to be free outside of sandbox mode uh but I can't be certain okay so if we go back here we don't have to do anything the data set's already there we just have to reference it so it was a bit hard to find any available queries but I did find one on this blog post so thank you whoever did this and let's go ahead and grab this here and see if we can run ourselves a successful query notice it's going to suggest how much data it's going to process this is important because it's our consumption and we'll go ahead and hit run okay and we will see what we get back and so there we there we go we got some data back you go ahead and explore the data so export in data Studio or geoviz so if you have some other things there you could see that data create some live dashboards and things like that but that's pretty much it that's all I really wanted to show you um and that is bigquery [Music] hey this is Andrew Brown from exam Pro and in this video we're just going to take a peek into vertex AI um I just like doing this because at some point you know maybe your company or or you might be considering to do a little bit of ml okay uh and the thing is a lot of people are scared of it and they're really worried about it being extremely expensive and so this is kind of my way of just kind of getting your toes toes uh uh into the pool um so you're not too afraid to do it so we'll go ahead here and type in vertex AI that is gcp's offering and we'll go ahead and just enable it and I wonder if I can do it in Canada I always like to pick Canada if I can Montreal because if it was Toronto they just don't have data I mean they have data centers there but there's never data centers for the main providers there and so uh we chose our region okay and I just want to do anything like opening a notebook that's usually uh what we would want to do but what I really want to show you is about compute because that is the the hidden cost uh to any type whether it's sagemaker um uh Azure ml Studio or data Studio ml Studio I can't remember off the top of my head was called vertex AI it's just that you have to remember to turn off the servers if you remember that it's very not scary to use um these services so if we want to have a notebook so migrate your notebook I don't have any right now but I just want to run anything so we'll go ahead and create ourselves a new instance and so here uh just like all the other ones you'd have to choose your environment Cuda or gpus you do not want to touch because those are super super expensive so we will just choose python3 notice it comes with scikit learn pandas and more that's usually the safest one here if you look here it'll tell us what it's spinning up so four vcpus 15 gigabytes of RAM 100 gigabyte standard so it's pretty darn large but that's pretty standard for uh what you'd want to use um so what we'll do is go ahead and hit create actually let's go take a look at Advanced options I've never clicked that before um nothing exciting there so we'll go ahead and hit create notice it says a hundred and two dollars a month so you if you're afraid to run this don't do it but I mean we're going to turn it on and turn it off so it's like not going to cost us much right um so I'll go ahead and spin that up there okay and I'm not sure how fast this is going to start up on AWS they have like ones that will start up within one or two minutes but I don't think that's something that is offered on gcp or or azure so the green usually means it's running setting up the proxy to Jupiter lab so this is what we really want to do is we want to open up Jupiter lab so we'll just have to wait a little while until that's ready okay so I'll see you back here in a moment all right so after waiting a very short while there now we can see we have this open Jupiter Labs we'll go ahead and click that and that will give us our Jupiter lab environment this is just an IDE specialized for data scientists or people working in the data field notice that it comes pre-loaded with tutorials which is pretty nice so we have some bigquery Cloud ml engine fairing storage um if we go in here this would show us how to work with bigquery pragmatically and the idea here is you go ahead and you just hit play on these okay uh and the idea is you if you hit play I'm not too afraid of doing this if you want to just watch that's totally fine as well but uh here it says locations are required Etc et cetera so that ran and so here this would just query some public data set so that's something we did when we did bigquery we just ran a query there but if we hit run it should output the results notice there's a asterisk it just means that it's running so give it a bit of time and so there is its data so this is pretty um you know this is pretty uh uh you know pretty straightforward um and very similar experience to the other providers there so once you learn one you kind of learn them all but yeah the real thing that you got to be a bit fearful of is the fact that uh you know depending on the machine type you choose they get really expensive so what you can do I'm just going to check if they have them on the left hand side here sometimes the providers will have like a category just for compute but when you're actually in Jupiter Labs you can go over here um oh it shows the kernel session if you're on um uh AWS they would actually show you the compute here that you can shut it down but what we can do is if we're really concerned about it we just go here and stop stop the instance okay but the thing is is that you could also be paying for storage so that could be kind of expensive so I'll actually just go ahead and delete it but we have to stop I think the instance before we can go ahead and delete it so we'll give this a refresh here okay and while that's going I just want to show you something else actually I really like this channel called by Cloud because uh they cover a lot of different kind of AI techniques but the reason I'm bringing it here is not to promote this channel but more so because they'd like to link in these Google collab files and so Google collab is kind of a way of um utilizing it's kind of it's like a notebook it's a like a jupyter notebook uh or it might may be a jupyter notebook it just doesn't look one-to-one with the Jupiter Labs notebook but it allows you to run ml models but also to utilize gpus and gpus uh like your graphics cards are really really expensive in the cloud and so this is an opportunity where you can use it for free and you're just sharing it with other people and it's one of Google's initiatives to allow you to learn in a cost-free way with Google and I think it's really cool but you can just click through this stuff and kind of get a result so I'd go here and hit run I'll just say run anyway that's totally fine with that okay and I can't just say run all like that and this is not going to cost me anything like I do not have to worry about it so that's something that's really nice that Google lets you do I assume it's you using under utilized machines or machines that aren't being in use so if you are learning you could just you know use Google collab uh but if you uh if you need to use you need to build a real model to deploy then you're going to be doing that with jupyter labs and vertex AI okay so I'm going to see if that is finished shutting down yet is it done no it's pending uh I'm gonna shut that down maybe that was causing the issue there okay so I'll wait till it gets out of the pending State here um and this is just running I don't know this is even gonna do uh execute a 3D photo in painting it's gonna do something cool something relating uh relating to uh something to change poses for people okay but anyway um I'll see you back here in a moment when this is out of pending okay all right so just as I stopped the video it it uh it also stopped the instance so now I can go ahead and delete it we'll just say say delete okay and that should take care of uh any lingering costs just in case you're following along and you do not want to get billed a hundred dollars by the end of the month there probably was instances that were a bit cheaper that we could have chose uh like you don't have to do this I'm just kind of taking a look here so there probably was yeah so we could have we could have chose something like this notice that was 29 that would have been a lot safer to do um because when I think of like sagemaker and and azure's uh ml Studio or Studio this is usually the cost that I run my notebooks at so probably just had a very expensive default and we just had to change it down below to this okay um I figured that was probably the case but I should have showed you that as we're doing it so you're not super scared so really the real cost would be thirty dollars and you can do a lot with that but again you can use Google Cloud for free but there you go that's it hey this is Andrew Brown from exam Pro and I'm going to show you how to book a Google certification exam so in this particular one I'm booking for the cloud digital leader and so uh the idea here is we're going to go ahead and register for this exam and then we would need to choose our preferred language and what you're going to notice that up here this is powered by Criterion so Criterion is a global testing solution similar to psi or Pearson VUE but for whatever reason this is the one that Google is partnered with so you might need to log in but if you don't have one you'll have to go ahead and create yourself a new account and so just looking at the details here login password Etc address there's a lot of information to go on here so just notice for the asterisk I'm going to go ahead and fill all this out so I'll see you back here in a moment all right so I filled in all my information we'll go ahead and hit save great and we've created our accounts let's go ahead and log in so I'll just put in my username I chose I was lucky to actually get my own name I was really surprised but I'll go grab my password Here great and so now we can go ahead and register for our exam so here we can see all the exam uh exam possibilities here and so what I want to do is go ahead and find the one I'm looking for which is the digital team leader Cloud digital leader there it is let's go ahead and hit the Plus we have two options on-site or proctored at this time I'm going to do a remote proctored exam and so I have some options to choose here um so I think I would like today is the 27th oh I gotta choose my time zone so we'll go up here at the top I'm in the Toronto time zone and actually that's the date I want so it's the only date on the calendar but that's perfect for me and I need to choose my appropriate time and that is going to be 8 pm and so then we just have the usual instructions here so no shows cancellations reschedule retake policy online test center exam terms and conditions so you'll want to go through that and read this very very thoroughly okay and once you're happy with it you're going to go ahead and hit select I do not have a coupon but if you did you could enter it in there if you are happy with the time and to make sure it's the correct exam and the correct language go ahead and check out and so now this is where I'm going to go ahead and enter in my credit card details all right great so that's all filled in there so let's go ahead and hit submit and so it's just saying here that for our registration to be complete we have to receive a confirmation email so I'm going to wait here a little bit and just wait until I see that okay so I just want to show you here I've received it just was instantaneously which was great since it's like zero seconds and so it's just a refresher of our uh exam details there so it's going to really help you find that stuff quicker so that's all good there and if I go ahead and hit done there's nothing else to do there so there you go [Music]