Google Cloud Platform Certification, Associate Cloud engineer 공부 #day4

https://www.coursera.org/learn/gcp-fundamentals/lecture/CtUqa/virtual-private-cloud-networking

Virtual Private Cloud networking - Virtual Machines and Networks in the Cloud | Coursera

학습 목표

---

• Identify the purpose of and use cases for Google Compute Engine.
• Define the basics of networking in Google Cloud.

 

Virtual Private Cloud networking

VPC(Virtual private cloud)

This means that VPC's combine the scalability and convenience of public cloud computing with the data isolation of private cloud computing.

- VPC networks connect Google Cloud resources to each other and to the internet

- segmenting networks

- Using firewall rules to restrict access to instances

- Creating static routes to forward traffic to specific destinations

- Google VPC networks are global and can have subnets in any Google Cloud region worldwide

Subnets can span the zones that make up a region. This architecture makes it easy to define network layouts with global scope. Resources can even be in different zones on the same subnets.

 

The size of a sub net can be increased by expanding the range of IP addresses 

allocated to it. 

And doing so won't affect virtual machines that are already configured.

This is possible that one VPC, one network, one sub net, one region - two Compute Engine VMS(the same sub net, but in different zones)

This capability can be used to build solutions that are resilient to disruptions, yet retain a simple network layout.

 

Compute Engine

Infrastructure as a Service(Iaas) solution, Compute Engine

- Can create and run virtual machines on Google infrastructure

- No upfront investments(초기투자 X)

- Thousands of virtual CPUs can run on a system that's designed to be fast and to offer consistent performance

- Each VM(Virtual Machine) contains the power and functionality of a full-fledged operating system

- Can be configured much like a physical server

 

VM

Cloud Marketplace

billing

a, b, c

a) For each VM that runs for more than 25 percent of a month, Compute Engine automatically applies a discount for every additional minute.

b) for stable and predictable workloads, a specific amount of vCPUs and memory can be purchased for up to a 57 percent discount off of normal prices in return for committing to a usage term of one year or three years.

c) can save money(such as a batch job analyzing a large dataset) up to 90%

They are different in only one respect.

Compute Engine has permission to terminate a job if its resources are needed elsewhere.

Although savings are possible with preemptible VMs, you need to ensure that your job can be stopped and restarted

Compute Engine doesn't require a particular option or machine type to get high throughput between processing and persistent disks. That's the default and it comes to you at no extra cost.

 

Compute Engine properties

Finally, you'll only pay for what you need with custom machine types. Compute Engine lets you choose the machine properties of your instances, like the number of virtual CPUs and the amounts of memory by using a set of predefined machine types, or by creating your own custom machine types.

 

Scaling virtual machines

But most Google Cloud customers start off with scaling out not up.

quota) 몫

VM machine types) cloud.google.com/compute/docs/machine-types.

 

Important VPC compatibilities

 VPC(Virtual Private Cloud) compatibility features

VPCs have routing tables.

Firewall

For example of metadata tags, you can tag all your web servers with, say, web and write a firewall rule saying that traffic on port 80 or 443 is allowed into all the Ms with the web tag, no matter what their IP address happens to be.

With VPC pairing, a relationship between two VPCs can be established to exchange traffic. 

Alternatively, to use the full power of Identity Access Management, IAM, to control who and what in 

one project can interact with the VPC and another, you can configure a shared VPC.

 

Cloud Load Balancing

to distribute user traffic across multiple instances of an application.

By spreading the load, load balancing reduces the risk that applications experience performance issues. 

And because the load balances don't run in VMs that you have to manage, 

you don't have to worry about scaling or managing them.

 

VPC offers a suite of load balancing options.

Global HTTP load balancing - cross regional load balancing for a web application

Global SSL Proxy load balancer - for secure sockets layer traffic

 

Global TCP Proxy - if it's other TCP traffic that doesn't use SSL

 

The last two proxy services only work for specific pork numbers and they only work for TCP.

If you want to load balance UDP traffic or traffic on any port number, you can still load balance across the Google cloud region with the regional load balancer.

Finally, what all those services have in common is that they're intended for traffic coming into the Google network from the internet.

 

But what if you want to load balance traffic inside your project?

Say between the presentation layer and the business layer of your application.

For that, use the regional internal load balancer.

It accepts traffic on a Google cloud, internal IP Address and load balances it across, compute engine VMs.

 

 

Cloud DNS and Cloud CDN

DNS is what translates Internet host names to addresses.

 

 

 

Google also has a global system of edge caches. 

Edge caching refers to the use of caching servers to store content closer to end users. 

You can use this system to accelerate content delivery in your application by using Cloud CDN, content delivery network. 

- lower network latency. 

- reduce load and you can even save money. 

- Off the HTTP load balancing is set up, Cloud CDN can be enabled with a single checkbox. 

 

There are many other CDNs available out there, of course. 

If you're already using one, chances are it's part of Google Cloud CDN Interconnect partner program, and you can continue to use it.

 

 

Connecting networks to Google VPC

 IPsec VPN protocol

- Uses Cloud Router to make the connection dynamic(연결을 동적으로 만들려면)

- Lets other networks and Google VPC exchange route information over the VPN using the Border Gateway Protocol

- Not always the best option because of security concerns or bandwidth reliability(보안문제 & 대역폭 안정성)

 

Direct Peering

- Puts a router in the same public datacenter as a Google Point of presence(PoP); peering

- Uses a router to exchange traffic between networks

- More than 100 Google points of presence around the world

 

Carrier Peering

- Gives direct access from an on-premises network through a service provider's network

- Not covered by a Google Service Level Agreement(SLA)

 

Dedicated Interconnect

- If getting the highest up times for interconnection is important, using Dedicated Interconnect would be a good solution.

- Allows for one or more direct, private connections to Google

- Can be covered by up to a 99.99% SLA

- Connections can be backed up by a VPN(안정성 제고)

 

Partner Interconnect

- Useful if a data center is in a physical location that can't reach a Dedicated Interconnect colocation facility

- Useful if the data needs don't warrant an entire 10 GigaBytes per second connection

- Can be configured to support mission-critical services or applications that can tolerate some downtime

- Can be covered by up to a 99.99% SLA

 

LAB: Getting Started with VPC Networking

Objectives

In this lab, you learn how to perform the following tasks:

• Explore the default VPC network
• Create an auto mode network with firewall rules
• Create VM instances using Compute Engine
• Explore the connectivity for VM instances

 

recap)

1. Which term describes a secure, individual, private cloud-computing model hosted within a public cloud? 

 

- Virtual private cloud(VPC)

 

 

 

 

2. Select the true statement about Google’s VPC networks and subnets.

 

- Networks are global, and subnets are regional.

 

 

3. An application running in a Compute Engine virtual machine needs high-performance scratch space. Which type of storage meets this need?

 

- 

 

 

 

4. Preemptible VMs can offer advantages over a standard Compute Engine VM. What is a reason customers choose preemptible VMs?

 

- To reduce cost

 

 

 

 

5. Which statement best describes how VPC routers and firewalls work?

 

- They are managed by Google as a built-in feature.

 

 

 

 

6. A Google Cloud customer wants to load-balance traffic among the backend VMs that form part of a multi-tier application. Which load-balancing option should this customer choose?

 

- 

 

 

7. Which interconnect option is a service level agreement (SLA) available for?

 

- Dedicated Interconnect & Partner Interconnect