Skip to content

Google architect - Page 3

Additional Services

Cloud Scheduler

  • Cloud Scheduler
  • Fully managed cloud enterprise scheduling tool
  • Batch, data jobs, cloud infra operations
  • Integrates with:
    • App engine, pub/sub, cloud logging, http endpoint
    • Automatic endpoint
  • Use case:
    • Schedule a message on PubSub
  • Needs an app-engine app in the project
    • App Engine Cron Service
    • Runs on top of this

Cloud DNS

  • DNS
  • You can setup DNS management via GCP
  • Public
    • Web accessible sites
  • Private
    • Only accessible from a VPC or subnet

Pricing calculator

  • Pricing calculator
  • How to estimate it?
  • use the Google cloud pricing calculator
  • Estimates for 40+ services
  • These are just estimates

Anthos

  • Anthos
  • Run your K8 cluster and on premise
  • Multi-cluster management
  • Consistent managed k8's
  • Central config management
    • Central git repo where it's managed from
    • Logically grouping
    • Environs
  • Provides a service mesh
    • Istio
    • A/B testing
    • Canary rollouts

Machine Learning

  • ML
  • Prebuilt ML
  • No in house ML
  • Easy to use
  • Cloud AutoML
  • Build custom ML models with developers having limited ML Expertise
  • AI Platform
  • Help Data scientists build custom models (tensorflow)
  • Data Management
  • Big query ML
    • can actually build models directly

Apigee

  • Apigee
  • Rest API
  • Managing a REST API isn't easy
    • Implementing multiple versions of your API isn't easy
  • Design secure and publish your API
  • manage the complete lifecycle
  • Provides AI powered monitoring
  • Enable caching with cloudCDN
  • Allows developers to access a simple development portal

Google Cloud architecture framework

Operational Excellence

  • Operational Excellence
  • Monitor the business objectives
    • SLA
    • SLO
    • KPI
  • Test DR
  • Increase software releases and velocity
  • Business health
  • Latency
  • Traffic
  • Errors
  • Saturation
  • Logging
  • Ensure efficient amount of logs
  • DR
  • RTO
    • Recovery time objective
  • RPO
    • Recovery point objective
  • Regularly test this plan
  • Schedule a persistent disk snapshot and copy across regions
  • Use cloudDNS

Security, Privacy and compliance

  • Plan security controls and privacy
  • Strategies
  • implement least privilege
  • Build a layered approach
  • Automate deployment of sensitive tasks
  • Manage auth
  • Follow IAM best practices
    • Understand when to use a service account
  • Use organization policy service
    • Allowing what can and cant be done in the account
  • Enable node-autoupgrade for GKE
  • Use GKE sandbox when running untrusted code
  • Secure the network
  • Use a carefully desigend VPC
  • Isolate workloads in to each VPC per project
  • Can control ingress with Ingress and egress rules
  • Use Network intelligence centre
  • Use Object versioning
  • Use DLP for sanitizing data
  • Audit with Infrastructure logs

Reliability

  • Reliability
  • Measrable goals
  • Architect for HA, scale and automatic change managment
  • Stratergies
    • KPI, SLA, SLO
    • Small changes
    • Rollback
    • Instriment systems for observability
    • Document and automate emergency responses
  • Degrade services gracefully
  • Serve a static page when a site is down
  • Predict peak traffic events
  • Scale and plan
  • Build flexible
  • Ensure all changes can be rolled back
  • Slow progressive rollouts
  • Build efficient alerting
  • Reducing mean time to detect (MTTD)

Performance and cost optimization

  • Use autoscaling and data processing
  • Try serverless options
  • Distribute load with a global LB
  • Identify apps to tune
  • Cloud tracing
  • cloud debugging
  • cloud profiler
  • Analyze costs
  • Export billing data to BQ
    • Use google Data studio
    • Use preemptible vms for non-critical fault tolerant vms

image-1621117434743.png

Want to make this site better? Open a PR or help fund hosting costs