PREPARING FOR GOOGLE CLOUD CERTIFICATION: CLOUD ARCHITECT CERTIFICATE

Course 5: Reliable Google Cloud Infrastructure: Design and Process

Week 2: Deploying Applications to Google Cloud

Coursera Study Guide

Click to Enroll in Coursera Google Cloud Architect Certificate

CONTENT

In this module, we discuss the different options of deploying applications to Google Cloud. Google Cloud offers many possible deployment platforms, and the choice is not always immediately obvious.

Learning Objectives

  • Choose the appropriate Google Cloud deployment service for your applications.
  • Configure scalable, resilient infrastructure using Instance Templates and Groups.
  • Orchestrate microservice deployments using Kubernetes and GKE.
  • Leverage App Engine for a completely automated platform as a service (PaaS)
  • Create serverless applications using Cloud Functions.
  • Design services to meet requirements for availability, durability, and scalability.
  • Implement fault-tolerant systems by avoiding single points of failure, correlated failures, and cascading failures.
  • Avoid overload failures with the circuit breaker and truncated exponential backoff design patterns.
  • Design resilient data storage with lazy deletion.
  • Analyze disaster scenarios and plan for disaster recovery using cost/risk analysis.
  • Design secure systems using best practices like separation of concerns, principle of least privilege, and regular audits.
  • Leverage Cloud Security Command Center to help identify vulnerabilities.
  • Simplify cloud governance using organizational policies and folders.
  • Secure people using IAM roles, Identity-Aware Proxy, and Identity Platform.
  • Manage the access and authorization of resources by machines and processes using service accounts.
  • Secure networks with private IPs, firewalls, and Private Google Access.
  • Mitigate DDoS attacks by leveraging Cloud DNS and Google Cloud Armor.
  • Manage new service versions using rolling updates, blue/green deployments, and canary releases.
  • Forecast, monitor, and optimize service cost using the Google Cloud pricing calculator and billing reports and by analyzing billing data.
  • Observe whether your services are meeting their SLOs using Cloud Monitoring and Dashboards.
  • Use Uptime Checks to determine service availability.
  • Respond to service outages using Cloud Monitoring Alerts.

DEPLOYING APPLICATIONS TO GOOGLE CLOUD

1. You’ve been asked to write a program that uses Vision API to check for inappropriate content in photos that are uploaded to a Cloud Storage bucket. Any photos that are inappropriate should be deleted. What might be the simplest, cheapest way to deploy in this program?

  • GKE
  • App Engine
  • Compute Engine
  • Cloud Functions (CORRECT)

Correct: because the requirements for simplest and cheapest are met with Cloud Functions. Cloud Functions are for single purpose functions like image analysis. Cloud Functions also can be triggered by Cloud Storage events, so they provide seamless integration. The payment model based on number of requests, processing time of request (measured in 100ms units), and then other resources consumed is the most suitable of all options offered above. There is a free tier too. Cloud Functions also provides automatic scaling, high availability, and fault tolerance.

2. You have containerized multiple applications using Docker and have deployed them using Compute Engine VMs. You want to save on costs and simplify container management. What might you do?

  • Write Terraform scripts for all deployment.
  • Rewrite the applications to run in App Engine.
  • Rewrite the applications to run in Cloud Functions.
  • Migrate the containers to GKE. (CORRECT)

Correct: The applications are containerized, and GKE will help with the resource efficiency and hence cost, automate many aspects of the container management, and provide the best solution for the scenario.

3. You need to deploy an existing application that was written in .NET version 4. The application requires Windows servers, and you don’t want to change it. Which should you use?

  • GKE
  • Cloud Functions
  • App Engine
  • Compute Engine (CORRECT)

Correct: because the approach is a lift-and-shift, which is best supported by Compute Engine because Compute Engine offers full control over virtual machines including operating systems. No repackaging would be required.

DESIGNING RELIABLE SYSTEMS

1. You’re creating a service and you want to protect it from being overloaded by too many client retries in the event of a partial outage. Which design pattern would you implement?

  • Circuit breaker (CORRECT)
  • Lazy caching
  • Overload feedback repudiation
  • Truncated exponential backoff

Correct: because the circuit breaker will attempt to prevent an operation that is likely to fail and therefore will protect the resource that is in partial outage and hopefully prevent cascading failure.

2. You need a relational database for a system that requires extremely high availability (99.999%). The system must run uninterrupted even in the event of a regional outage. Which database would you choose?

  • BigQuery
  • Spanner (CORRECT)
  • Firestore
  • Cloud SQL

Correct: Cloud Spanner meets all the requirements. It is a global relational database with high availability. Multi-regional instances have a monthly uptime of >=99.999%.

SECURITY

1. What do you have to do to enable encryption when using Cloud Storage?

  • Enable encryption and upload a key.
  • Create an encryption key using Cloud Key Management Service, and select it when creating a Cloud Storage bucket.
  • Nothing as encryption is enabled by default. (CORRECT)
  • Simply enable encryption when configuring a bucket.

Correct: because Cloud Storage always encrypts data on the server side before it is written to disk. For server side encryption there are options of customer supplied or customer managed encryption keys, but these are only usually used for compliance reasons and are not necessary.

2. Which Google Cloud features could help reduce the risk of DDoS attacks?

  • HTTP global load balancer
  • CloudCDN
  • Google Cloud Armor
  • All of these (CORRECT)

Correct: because HTTP Load Balancing mitigates and absorbs many layer 4 below attacks such as SYN flood, IP fragment floods, and port exhaustion. CDN caches cacheable content at points of presence close to users. In the event of a DDoS attack for cacheable content, the requests are sent to points of presence, not to your servers/infrastructures, thus increasing the likelihood of the attack being absorbed. Google Cloud Armor is built for DDos mitigation, working with Cloud Load Balancing to detect DDoS attacks.

3. You don’t want programmers to have access to production resources. What’s the easiest way to do this in Google Cloud?

  • Use different service accounts for production and development resources with your project.
  • Create development and production projects, and don’t give developers access to production. (CORRECT)
  • Set up private access and Identity-Aware Proxy.
  • Create a firewall rule that blocks developer access to production servers and databases.

Correct: because the simplest way is to have separate projects and not give developers access to the production project.

4. What Google Cloud service can you use to enforce the principle of least privilege when using Google Cloud?

  • IAM members and roles (CORRECT)
  • Firewall rules
  • Encryption keys
  • SSL certificates

Correct: because the principle of least privilege requires user permissions that are just enough to do what they need, and no more. IAM provides this level of control.

MAINTENANCE AND MONITORING

1. Your service has an availability SLO of 99%. What could you use to monitor whether you are meeting it?

  • Uptime check (CORRECT)
  • Readiness probe
  • Health check
  • Liveness probe

Correct: Availability is the percentage of time a system is running and able to process requests. Monitoring this metric will enable the derivation of the SLO metric.

2. You’re deploying test environments using Compute Engine VMs. Some downtime is acceptable, and it is very important to deploy them as inexpensively as possible. What single thing below could save you the most money?

  • Preemptible machines (CORRECT)
  • Committed use discount
  • Sustained use discount
  • Sole tenant nodes

Correct: These are the most cost-effective solution as required in the question(up to 80% lower than equivalent non-preemptible machines) and the fact that some downtime is acceptable means that the requirement can be met with preemptible machines.

3. You made a minor update to a service and would like to test it in production by sending a small portion of requests to the new version. Which would you choose?

  • A/B testing
  • Canary deployment (CORRECT)
  • Blue/green deployment
  • Rolling update

Correct: Canary deployment aims to eliminate/reduce risks by applying the update to a small subset of users to test out a new feature and best fits the requirements of the question.

4. You’ve made a minor fix to one of your services. You want to deploy the new version with no downtime. Which would you choose?

  • A/B test
  • Rolling update (CORRECT)
  • Canary deployment
  • Blue/green deployment

Correct: A rolling update will update instances incrementally until all have been updated. This strategy can be controlled, for example, by using a managed instance group with Compute Engine or with GKE.

Previous – Week 1
Next – Course

Subscribe to our site

Get new content delivered directly to your inbox.