Author: examcert

When an application outgrows a single Compute Engine VM size, even of the largest type, it is time to use managed instance groups and load balancers to handle larger amounts of traffic. Refer to Figure 4.67 in Chapter 4, where this concept was initially introduced. A managed instance group is a set of identical Compute…

Suppose you received a request to create a new zone called my-zone.com so that the vm-a (10.0.1.2) and vm-b (10.0.0.3) Compute Engine VMs that are deployed in my-vpc-network can communicate with each other using the vm-a.my-zone.com and vm-b.my-zone.com FQDNs. Follow these steps: Figure 9.29 – Creating a private zone my-zone.com Figure 9.30 – Zone details…

Compute Engine VM instances use their metadata servers as internal DNSs to resolve the IP addresses of other VMs in the same network. A metadata server communicates with Google’s public DNS for queries outside a local network. For example, the following figure shows an SSH session to a Compute Engine VM, vm-a, during which it…

Firewall rules can be added to a VPC at any time. The predefined Compute Security Admin role allows you to create, edit, and delete rules. Compute Network Viewer can be used to view rule details. When a new firewall rule is added, you need to give it a name and priority from 0 to 65535….

As mentioned earlier in this chapter, even though subnets that belong to the same VPC are connected, it is the firewall’s role to control communication between Compute Engine VM workloads. The same applies to networks connected via Interconnect/VPN or VPC peering. When routing information is exchanged, and connectivity is established, the next step is configuring…

While VPN is considered the fastest way to connect to Google Cloud, Cloud Interconnect is the fastest connection to Google Cloud. Like VPN, Cloud Interconnect enables communication based on internal IP addresses between workloads that are on-premises (or in another cloud) and created via a VPC. The difference between VPN and Interconnect is that Interconnect…

VPN is often considered the fastest way to connect to Google Cloud. It uses a public network and doesn’t require additional physical connection setup. Two types of Cloud VPN gateways at Google Cloud are high availability (HA) VPN and Classic VPN. Classic VPN doesn’t offer high availability and BGP support. It only supports static routing….

This section will investigate how you can create a hybrid cloud by connecting your on-premises environment to Google. Note that similar mechanisms will allow you to build multi-cloud architectures by connecting your resources in another cloud with Google Cloud. Cloud Router When two networking environments are connected, they need a way to inform their peers…

VPC network peering allows private connectivity across two VPCs while keeping them administratively separated. Peered VPCs can either be in the same or different projects; they may even belong to different organizations. As opposed to a Shared VPC, managing VPC peering is decentralized. Network and security admins at both ends manage their routing and firewall…

Managing networking can be challenging when an organization owns multiple projects with multiple VPCs and subnets. For example, someone will have to track if users that create subnets don’t use IP ranges that overlap (if some VPCs need to be connected in the future). In addition, someone will have to ensure that all projects have…