Google Cloud Digital Leader Certification Course 2024 - Pass the Exam!

hey this is Andrew Brown your favorite Cloud instructor bringing you another free Cloud certification course and this time it's the Google Cloud digital leader also known as the gcp CDL and the way we're going to uh pass and Achieve certification is by going through lecture content doing Hands-On labs in our own Google Cloud accounts and as always I provide you a free practice exam so you can Ace that exam put in your resume your LinkedIn go get that cloud engineer role you've been looking to get if you want to support more free courses like this

one the best way is to uh purchase the additional paid study materials such as additional practice exams the um downloadable lecture slides the cheat sheets get technical support and more over on exampro doco if you don't know me I've taught a lot of courses here on free Cod Camp uh adabs Azure gcp uh Google uh terraform devops Ai and more and I'll see you soon in the course and yes I'm from another angle if you've ever been watching my videos before before I usually shoot a different way and I have my nice shiny thing here

to help with lights but anyway let's jump into it and I'll see you soon ciao hey this is Andrew Brown and we're at the start of our journey asking the most important question first which is what is the Google Cloud digital leader it is a fundamental Cloud certification that introduces you to the Core Concepts of cloud in Google Cloud the certification will demonstrate a person can Define and understand uh a bunch of foundational Concepts like digital transformation uh core Services storage databases AI networking cost management and more and this certification has no known course code

Google does not make course codes for the certifications but I call this the gcp CDL and I specifically called this version the uh 03 because prior to 2022 that was their first version then they had another one then they had another one and then we're at the current one I say after 2024 right now of the time of this video we're near the endale of 2024 so you can really think of this certification as the 2025 certification there's no way they're changing this in the short term they just changed it so if it's 2025 you're

good um but let's go take a look at the gcp road map so this is the road map for gcp certifications the only one that's not listed here is the Google workspace administrator that's because it used to be a pro and now they're switching it to an associate and because it's in beta I don't know what's going on with it so I'm just leaving it out here um but imagine that there is uh another certification right here under the associate um but no matter what your path is you're going to want to start with the

Google Cloud digital leader with the exception of the Google Cloud administrator because that is such a specialized area that you might not need the foundation will do that and we don't even have on the list here but the natural progression is digital leader to Cloud engineer to Cloud architect and then often you go to the other Pros now these are all Pros okay but I have this dividing line here because I kind of think of these as Specialties and that's the way other Cloud providers structure their certifications they have Pros they have Specialties and so

I took the three generic most popular ones call them Pros the rest here we're going to consider Specialties so a lot of people will actually uh um do the cloud architect and the engineer at the same time because they have so much overlap and a lot of times people skip the ace and they go right to the pro um though I think you should do both I think it's it's the better approach but that is the natural path and a lot of people Google have to get their certifications for the pro I know that because

they're on my platform um and so you know I see a Mad Dash for that certification quite a bit um let's talk about the range or the range of time you need to uh uh study to pass this exam if you're beginner you're looking at 20 hours if you're experienc you're looking at 5 hours it just depends on what experience you're coming in with if you already have cloud technical Cloud knowledge is not going to be a long time to learn if you're a beginner you don't know anything about Cloud you don't have technical skills

you're going to be investing a lot more time here the medium time is about 12 hours average study time split split between lectures and labs and practice exams you need to put as much time into your practice exams as the study content because um learning it and then doing the exams are two different things okay so I would recommend one to two hours a day for 14 days pace yourself if you try to cram everything you will forget it uh you need to spread out your learning but not too much you shouldn't spread it over

a month but two weeks is a good learning period for you what is it going to take to pass exam watch the lecture videos do the Hands-On labs and I have Hands-On labs for this it's not required but you should do them anyway because it's going to give you um uh practical basic knowledge in Google cloud and it's going to help you memorize or or remember things a lot better uh so please do those Hands-On Labs that I provide you in your own Google account you're utilizing free tier so you'll be okay um and do

look into getting paid practice exams for this specific certification you really do need pay practice exams because Google even their uh their foundational search is harder than the other uh providers so if you have the let's say the ad Cloud petitioner or the a900 I'm going to tell you Google makes theirs uh very hard and they have a very particular way of writing questions we do have a free practice exam for you on the exam Pro platform at gcp CDL um but again just remind you these are hard to pass without practice exams invest the

time to do them okay where do you take the exam at an in-person test center or online from the convenience of your own home Google uses Criterion uh which is interesting because they were talking about switching away from Criterion like two years ago but they never did um the thing is is that all of these online Proctors are kind of awful and so you know you're just trading problems for different problems so maybe Google just decided to stick with Criterion I find it's okay but um you know they're not the funnest experience if you want

to have the best success I would recommend uh taking the exam in a test center if if there's one nearby you because then you'll be in a controlled environment if anything goes wrong you can blame the test center uh as opposed to something going wrong in your home and you don't want to lose that money or have issues there um these are Proctor exams so there is a supervisor person who monitors students during the examination but I believe that that it's more AI driven these days Criterion in particular um acknowledges that part of their their

validation process checking your room is done by AI uh so you know I wish the cost of certifications would go down because if a real person's not there why are we why are these so expensive but anyway uh just just consider that uh in terms of the exam guide outline I think there's like six domains now there used to be four and they've expanded them to six so we have digital transformation with Google Cloud exploring data transformation with Google Cloud innovating with Google Cloud artificial intelligence modernizing infrastructure and applications with Google Cloud trust and security

with Google Cloud scaling with Google Cloud operations and each domain has its own waiting that determines how many questions in a domain that will show up the big change is this one the Google Cloud artificial intelligence that didn't have this here before in such great emphasis I don't know why Google doesn't make a dedicated gen or AI certification but I guess the inclusion of that uh that domain within this exam guide is to serve that foundational purpose there uh so we' put a lot of a lot of effort into that one in particular because there's

a huge interest at least right now in adopting AI um there's definitely been more stuff that's been added into these two sections here so they don't just have digital trans they have business transformation and just more um tools for the the executive level or the sales team um or the decisions makers to uh understand how to migrate how to do digital Transformations and things like that which is great uh the passing grade here I believe is 700 out of a th000 I say I think it is because the only way to know is to set

the exam and see what happens because they don't put it on the certification page what the passing grade is but if you search other places they'll tell you it's 70% my experience is that it's 70% uh and understand that this is a scaled scoring so you don't want to get exactly 70% to pass you want to be well above that because you can get 70% and still fail based on scaled scoring response types here we'll talk about in a second but there's 50 to 60 Questions there used to be just 60 Questions now it's a

range I don't know why they do that but you can afford to get 18 questions wrong if we're assuming you get 60 Questions I got 60 Questions so that's just what it is there's no penalty for wrong questions the format type here is multiple choice multiple anwers so pretty straightforward the duration here is 1.5 hours 1.5 minutes per question so you have 90 minutes with 120 Minutes seat time the seat time is the amount of time you should allocate for the exam this includes time to review instructions Show online Proctor your workspace read and accept

the NDA complete the exam provide feedback at the end this certification is valid for 3 years before you need to get recertified and let's just have a a little bit of real talk before you take this exam if you are obtaining Cloud certifications you are expected to already have technical skills not necessarily at this foundational level but when you get into the ace and the pro you're expected to know programming scripting SQL it networking Linux and windows servers project management developer tools app development skills comsi algorithms and more and to fill these gaps you can

go over to free Camp they have a huge catalog there I also have paid content under my subscription plan that will fill these gaps as well gcp itself does not care about gcp certifications for hiring for their own technical roles if they hire you it's going to be on different metrics and when you start working at gcp then they'll tell you go get your Sears uh uh uh giving you internal resources or or things like that I know that because a lot of people Google take my courses especially the pro so consider that and the

the amount of time you might need to invest is between 250 and 500 hours to achieve full devel Vel knowledge or Cloud engineering knowledge um but again this is the CDL so this stuff is not yet expected but I just want to uh give you that opportunity to uh to to prep you that if you're going for the ace make sure you make time in between the ace and this certification to get better at these skills okay but there you go and we'll just move on from [Music] here hey this is Andrew Brown from exam

Pro and what I want to show you here is an additional resource that I think is going to help you pass the Google Cloud uh digital leader and so uh I'm here on the cloudgirl dodev uh and this website is by prianka she's a Google uh developer advocate so she knows her stuff uh but what I find that's really useful is she makes all these great sketches that uh help visualize a lot of the core services so you know I'm not doing tons of visualizations in the course uh and I'm just giving you just the

to know information but if you check these out it might help you cement the information a bit better and of course uh there's a lot of accompanying uh videos to these sketches here so if you go to the cloud girls uh YouTube there's a lot of great videos here so strongly recommend that if you feel that you you feel that there's a deficit whether it's a compute engine or gke or whatever uh just to go check out these additional resources [Music] okay hey this is Andrew Brown for from exam Pro and we are at the

start of our journey for the cloud digital leader Google Cloud certification asking the most important question first which is what is cloud computing so cloud computing uh per definition is the practice of using a network of remote servers hosted on the internet to store manage and process data rather than a local server or personal computer and the way I like to think of it is that uh if you're on premise you own the servers you hire the IT people you pay the rent in the real estate you take all the risks but when you're using

a cloud provider someone else owns the servers someone else hires the IT people someone else pays or rents the real estate and you're only responsible for configuring cloud services and code and someone else takes care of the rest [Music] okay so to truly understand cloud computing we have to understand how we got to Cloud hosting and the way to do that is we're going to walk through uh how servers changed over time and uh the benefits and drawbacks to these different types of servers so the First on our list here is a dedicated server this

was a physical machine that you would go out to a store and you'd purchase and You' put it in your office you'd have to set up the networking install everything even install the operating system uh and the great thing about these things is that you would get full control over your server and so theoretically you would have the highest level of security possible I say it's uh theoretical because of course with cloud computing you have all these additional uh services that monitor and do things for you but uh this was again the earliest option out

there um and so there's still in use we still have dedicated servers today but you know it just made it very inaccessible for most people to be able to run web apps or Etc then we had virtual private servers so we're still using one physical machine but now what we've done is we've isolated uh uh virtually isolated our application using something called virtual machines basically into submachines and that allows us to run multiple workloads because if you have different machines with or sorry different apps with different requirements um by virtualizing the machine we're now able

to meet the needs of each application uh and so that was the evolution there uh going from there we had shared hosting this became very popular in the early 2000s if you've ever used GoDaddy or HostGator you've used shared hosting the idea is you'd have one physical machine and instead of virtually isolating uh each customer or tenant from each other you just had a folder on the machine and you could have hundreds of hundreds of businesses on a single machine and the way the system worked is that you know you had uh limits in place

but also uh there was the expectation that there just are would be a lot of people that would be underutilizing the physical machine and so there just be a few people that might overutilize it and so it would work out to be very cheap uh but you know because it's not full virtualization uh you don't have full access to the OS uh and things like that so it was very limited and there was also the chance that some other customer could end up um over utilizing the machine and that could impact your workload all right

so then came along Cloud hosting and this is where instead of having a single machine you had multiple machines uh and they would have virtualization right and so the idea is that now uh you could have a lot more customers on the exact same machine and it's highly distributed so you don't have to worry about uh uh One customer overusing a single machine and you basically get the best of all world so it's flexible scalable it's really secure it's really cost effective it's highly configurable and that's basically the reason why Cloud hosting or cloud computing

is so uh popular [Music] today so before we talk about Google Cloud we need to ask ourselves what is Google so Google is an American multinational technology corporation headquartered in Mountain View California and its claim to fame was in 1996 when they invented the Google search engine and so uh the reason why this is such a big deal was that uh prior to uh Google and really it didn't really take off until 2000 cuz I remember when this thing came out um where we saw Mass adoption but it was just that other search engines at

the time like altta Vista hotbot all the ones out there just couldn't do uh a very good job of finding things but Google uh was smart that they would actually look at the contents of web pages they would cash them and that's how they would determine whether to serve you content another very impressive thing that they did was they didn't use high-end machines they didn't have the money but they had the money to buy up a bunch of low-end machines and they created new tech technology to distribute compute and storage across those machines and that

technology is now open source and it's called Uh Hadoop uh and we'll talk about it later in the course but uh that is something that was very impressive as well so the name Google uh is actually a play on the word Google it's just a different spelling and that word uh precisely means 10 uh to the power of 100 and so if you represent it out in this way the idea was that you had a one followed by a lot of zeros and so I guess this is Google saying hey we are a data driven

company we work with a lot of data and that's true they do uh Google is also an initialism for Global organization of oriented group language of Earth you can tell that they came up with the word Google and then they just decided to try to make it uh into something make it to something so I know that doesn't make a whole lot of sense but that's just you know they're having fun I guess back then uh another thing we need to understand is what is a cloud service provider so a cloud service provider commonly abbreviated

to CS p is a company which provides multiple cloud services and those cloud services can be chained together to create Cloud architectures so here is a um a technical architecture uh for gcp and this is actually a web application and this is a pretty standard one so you might run your web app on uh compute engine which is where your virtual machine is you might have assets and things you need to store uh into cloud storage let like your files and stuff you need a database so maybe you need a postgress database like cloudsql uh

you might have a CDN that sits in front of your web app uh just to um cache uh commonly occurring Pages uh then you need a mechanism to actually deploy the application so maybe you want to set all this up deploy multiple apps the same structure so you can use cloud deployment manager and maybe you have a really fun uh uh or a very useful way of doing customer support by having um a conversational AI like dialogue flow so there are lots of applications out there so this combin can get very uh very variant uh

but this is a pretty common example okay so now the question is what is the Google Cloud platform well this is what Google calls their uh their because they are a CSP so uh this is what they call uh their platform it's commonly referred to as the gcp uh and also it's Google Cloud so I don't know why uh but they don't use the word like in their logos they don't use the word platform but everyone knows it as Google Cloud platform and we all call gcp and the first service they came out with was

app engine all the way back in 2008 I don't remember them calling it Google Cloud at the time I think it was just they wanted a way for people to be able to uh deploy applications really easily uh so I'm a little bit fuzzy about that there but now you know when we look retroactively back you can say Okay app engine was the first service they ever released uh then there's also Google workspace uh and you're probably familiar with this uh because everyone got their Gmail over 10 years ago and so Google workspace is just

a rebranding of G suite and so it's a bundled offering of SAS products for team communication collaboration for an organization so there you got Google Calendar Gmail Google meet Google Drive Google Sheets Google Docs Google slides and you know this course isn't really about Google workspace or the G Suite but you know it does overlap because when we talk about identity getting access to your Google Cloud um console things like that it can tie into Google workspace and so that's why I'm mentioning it here and you're going to see it uh mentioned a few times

in this course [Music] okay so let's talk about the benefits or the advantages of cloud computing uh no matter what cloud service provider you're using you need to know these and they're generally six to seven points uh and in particular for Google Cloud they don't ask you these questions on the fundamental exam like they're not going to say can you tell me three of the the six but uh they do matter you need to know them because uh contextually they help you understand how to answer other questions okay and so uh Google doesn't really have

a list like like AZ yours will actually have a page and they'll say exactly what they are and so I just had to repurpose these uh from Azure here just to so that you can understand what they are okay so the first one is uh that cloud computing is cost effective you pay for what you consume there's no upfront cost uh so the idea here is that you have on demand pricing or pay as you go so when we're talking about AWS likes to call it on demand and Azure likes to call it pay as

you go uh and and so that's just two different ways of saying it but the idea here is you have thousands of customers sharing the cost of resources remember when we looked at um Cloud hosting and we saw that there was more than one customer on the same machine that's how we're talking about being cost effective because you don't have to pay for the entire machine uh another benefit is that cloud computing allows you to go GL within minutes okay so the idea is you if you want to launch a workload uh in Canada in

the US in the UK wherever they have a region you just choose that region and you can launch that that's a huge Advantage than having a server in house whereas the larger uh on premise uh on premises they might only have two data centers in the US and that's just not sufficient okay uh then we're talking about security the cloud provider takes care of the physical security uh and a lot of their services Buy default are designed to be secure so uh they're less likely to have issues right they're going to they're going to try

to enforce best practices and try to lean you towards something that is uh going to be better for your benefit and you have granular access uh to control anything you want so this is something you might not have if you were self-hosting but you can say I only want this particular user in my uh Google console to only be able to launch instances they can't shut them down maybe they can only choose a particular size and so that level of granular control really does make it a lot more secure okay then you have reliability so

a lot of services will have uh the ability to uh backup um they will have they might have built-in Disaster Recovery or make it easy to uh strategize for Disaster Recovery uh you could have data replication and fault tolerance so that is something that is just a lot more better than uh than on premise okay there's scalability so the idea is that when you need more resources you don't have to go out and buy a machine uh you just press a button and now you have additional additional uh compute and if you're not using it

even like two minutes later if you say I don't need this anymore you just shut it down and so you only have to pay for the duration that it runs uh and the idea is you can scale up very quickly uh so you know the the Your Capacity uh is very uh fitting to that then there's the concept of elastic and so scale scalable means you have the ability to add a remove machines or or compute or storage but um elastic means that you can also automate that so the idea is that imagine you have

a web app and a week goes by and you know the weekend's coming up it's Black Friday so you know there's going to be a lot of sales and so you might not be around to provision enough machines you might not know how many machines to provision for that event but uh with um the cloud you can automate it so it'll just say okay you have a lot more capacity now we'll just do it for you we'll spin it up to meet whatever that demand is and when people stop using it we'll we'll scale down

the machines for you we'll just get rid of them for you okay and the last Point here is that the cloud is always current so the idea is you have all this underlying Hardware uh and it has to be patched it has to be upgraded there's always new technology coming out and that stuff is being swapped out all the time by the um cloud provider and they're experts at it right whereas if you bought a physical machine you're going to hold on to it for like 10 years but they they might be switching out machines

every year okay so you're going to have uh you know best-in-class Hardware underlying okay or access to things [Music] okay hey this is Andrew Brown from exam Pro and we're going to take a quick look at the four main categories of cloud services that you'll find on a cloud service provider so a cloud provider can have hundreds of cloud services that are grouped into various types of services and the four most common types I like to call these the four core uh is uh and specifically for infrastructures of service and we'll talk about IAS in

the next video uh but we have compute so imagine having a virtual computer that can run applications programs and code then you have storage so imagine having a virtual hard drive that can store files you have networking so imagine a virtual Network being able to Define internet connections or network isolations and you have databases so imagine a virtual database for uh storing reporting data or a database for purpose web application so those are the four core and we're going to give them uh some additional um attention this course around the Google Cloud offering because we're

going to see them in the exam and that's usually what these fundamental certifications are testing you on okay and so for Google they have uh 60 plus cloud services they have fewer than the other ones but for them it's less about having a lot of services and just having very high quality services so uh it's by Design you know so when you see like Azure has 200 uh it's it's a little bit too much where G gcp is like okay we're just going to make sure that these services are multi-purpose you don't have to have

as many as these other ones okay and I just want to say that the term cloud computing can be used to refer to all categories even though it has compute in the name so you you'll say and I said this um I didn't say it up there but you know you might say clock Computing but you really mean everything right doesn't matter what it is everything is clock computing Computing [Music] okay so we're just looking at the categories of cloud computing now let's take a look at the types of cloud computing and so we have

this pyramid on the left hand side and the idea is that each type is riing on the technology beneath it okay and so the one at the top is called software as of service also known as SAS and it is a product that is run and managed by the cloud service provider so you don't worry about how the service is maintained it just works and remains available the keyword here is software so imagine just using any old software but it's over the cloud on the internet so Salesforce Gmail Office 365 you could even consider Facebook

or Twitter software as a service okay and these are specifically for customers the next layer is platform as a service uh also known as pass and this focuses on the deployment and man M of your apps so you don't worry about provisioning configuring or understanding the hardware OS you can just upload your code uh and it will do the rest okay and so here we would have things like elastic beant stock on AWS Heroku or Google app engine and this is the original logo and I always uh love this logo so I use it whenever

I can but the idea is that if you have a web application you just want to deploy it and just focus on your code that's what a pass is and this is specifically for Developers and then on the bottom we have infrastructure as a service I AAS there's no easy way to say say this uh as one word but uh this is the basic building blocks of cloud it it provides access to networking features computers and data uh storage space so you do not worry about the IT staff the data centers and the hardware and

for uh this uh we have Microsoft Azure AWS uh uh for Google cloud and this is specifically for admins and basically when we talk about a cloud service provider one of the key components or characteristics of a um cloud service provider is that they have an infrastructure as a service offering if they don't have that we don't usually call them a cloud service provider we just call them a cloud platform and uh Google Cloud originally was a cloud platform you didn't have IAS offerings and so that's probably where the origin of the name comes from

okay [Music] hey this is Andrew Brown from exam Pro and we are looking at the Shared responsibility model and this is a simple visualization that helps you determine what the customer is responsible for and what Google is responsible for related to the Google Cloud platform and every cloud service provider has one of these models they vary generally the categories are different uh they just break them down slightly different but generally they're all the same so we're going to spend a little bit extra time with the shared responsibility model uh just because it does show up

on the exam and it's a very important concept so I just want to make sure that you know it uh crystal clear and uh from all angles okay so uh generally these things are broken down into uh different categories so we have infrastructure as a service platform as a service software as a service the types of cloud computing and then we have um uh along the side a bunch of uh categories or responsibilities uh and this again these are Google specific ones so you have content access policies usage deployment web app security identity operations access

and authentication network security SOS data and its content audit logging networking uh storage and encryption Hardware kernel IPC inter protocol something something it it doesn't matter but uh it's just something the level the boot uh hardware and so the idea is that you have things that Google are responsible and things that you're responsible for so for a software it's a service and notice how much blue there is you have the least responsibility which is great because then you can just focus on fewer things but uh remember SAS is something like Microsoft Word so imagine what

you could put in Microsoft Word you'd write your article right so that's the content you might share it with somebody and you're just using the platform so that's SAS then you have platform as a service remember this is like something like app engine where you have your web application you built it Ruby on Rails larel nextjs whatever you want you deploy it you upload your code so that's the content itself and you you have to choose how you want to deploy it and you're responsible for the security of that application because you're the one who

built it right um um so there's that then there's infrastructure of service this is the basic building blocks the idea here is you can launch a virtual machine and so if you do that then you are responsible for the guest OS so you're actually adjusting OS layer stuff and then everything under uh underneath is um is Google's responsibility so the customer is responsible for the data and the configuration of access controls that reside in gcp the customer is responsible for the configuration of cloud services and granting access uh via permissions notice I keep using the

word configuration I highlight it in red it's just to help you remember if you can configure it you're responsible for it Google is generally responsible for the underlying infrastructure so it's the hardware this is a concept from AWS uh I wish all of them would use it but the idea is there's in the cloud and of the cloud so in the cloud is talking about you the customer if you can configure or store it the customer then you are responsible for it and of the cloud is if you cannot configure it then Google is generally

the one that is going to be responsible for it [Music] okay so now that we've looked at the Google's shared responsibility model let's take uh something like compute and compare it across different um uh types of cloud computing so we can understand in practice uh you know what we would be responsible for or not responsible for so we have infrastructure as a service platform as a service software as a service and notice we have another one here called function as a a service you don't usually see these uh in the share responsibility model and it

is a type of cloud computing but it's kind of a bit of a hybrid okay so uh it's kind of an edge case and it's going to just help us understand some of the caveats and how these models are a little bit flawed okay so starting at the the bare bottom where we have the most responsibility is with bare metal and so bare metal um just means that uh it's a physical machine and you're basically responsible for everything else you just want the the uh CL provider to take care of the hardware for you so

you have control over the host the host operating system so literally what's going to be installed on the phys uh at the lowest level and so at this level that means you can control the hypervisor if you want to install some type of different kind of virtualization or have no virtualization at all it's all up to you and so you are the most responsible with this layer then you have VMS virtual machines and so uh this would be compute engine I wrote compute engine here because I'm not really sure what the offering is for bare

metal bare metal is expensive so that's just why okay but for uh virtual machines uh here the idea is you're responsible for the guest OS configuration level that's the OS uh that is running when you have um you know a a submachine running on top of the hypervisor you can also install a container runtime and so when you think of um and technically uh technically this is a a little bit of an odd one because uh for uh Google you can actually checkbox on and say I want this virtual machine to have uh containerization so

technically uh technically um this would be uh Google's responsibility but if you wanted to you could install your own uh container runtime okay and so uh here we see Google is responsible for the hypervisor and the physical machine all right looking at containers and we have a few different options here but we'll talk about Google kubernetes engine gke and the idea here is that you are not worrying about the OS anymore you're configuring your containers and you're worried about the deployment of the containers and the storage of your containers so Google's taking care of the

uh the OS uh if there's a hypervisor a hypervisor and if there's a and the container runtime so they're doing a lot of stuff there and so uh you're getting less and less responsibility then you have platform as a service so this uh would be a managed platform like app engine and so here you're just uploading your code you're say uh you have some configuration of the environment you have to uh uh choose the type of deployment strategy you want you have to configure any associate services but Google is going to be responsible for the

server the OS the networking the storage the security a lot more stuff okay then you have software as a service uh there's not a lot of SAS products uh on Google Cloud but like we'll just pull one from the Google workspace or G Suite like Google Docs and so here you're just worried about the contents of the documents the management of files the configuration of sharing access controls and Google is just responsible for the server the OS Network the storage SEC security uh deployments other like more more stuff than platform as a service then you

have function as a service and this one's uh a bit of an oddball because uh here this is a serverless compute okay Cloud functions is a serverless but you upload your code sounds a lot like platform is a service but you don't have to worry about deployments about scaling anything else it takes care of everything so deployment container runtime networking Storage security physical machine uh you know every every okay there's another service I don't have it on here but it's called um it's called Uh uh Cloud run and that is a serverless container and so

that's where you have it and it's it's it's technically containers it's technically server serverless so it kind of like fits fits in the middle so I'm just saying that there's some variation there the exam's not going to be that hard to figure out what these are but I just want you to know that there is some caveats or variations to this stuff okay it's not clearcut as you might think it is just to get a better visual here we'll just go across bare metal dedicated host virtual machines container functions we didn't cover this I just

didn't have room but there was Soul tenant node because when you have a virtual machine right a virtual machine can either be single tenant or multi-tenant and so what that means is that when it's multi-tenant and that's the whole advantage of cloud is that you have the same you have multiple customers using the same physical machine but you're virtually isolated using having your own virtual machines but if you wanted to have the entire physical machine uh you could have a sole tenant node so you're the only person on that physical machine with those virtual machines

and so that's something that's in between Bare Metal and virtual machine okay so uh just looking at the responsibility of the customer level of control uh like look at code here so code you're responsible across the board for app containers it's up to the containers at functions you you're not responsible for it for the runtime you have control over that in containers right if want to run Ruby you can just make a ruby Docker file and upload and now you can run uh Ruby code you know if they didn't support it for the operating system

uh you have control at the guest OS here for virtual machines for the dedicated host it's still guest OS and then at the bare metal it's Hardware OS for virtualization if you want to change out the type of hypervisor or virtualization method only bare metal is going to let you do that so hopefully that gives you a very clear picture um of the shared responsility model in action and for different types of categories it's going to be completely different [Music] okay so let's take a look at an alternate way of viewing the shared responsibility model

and this is the way adus and Azure does it and the reason I want to show it to you is because it's a lot more uh uh uh encompassing of everything that the cloud can offer you whereas the Google share responsibility model is really focused on the application so you can really tell their developers right but it's important for you to understand the full scope so we have the customer and we have gcp so gcp is responsible for the hardware and the global infrastructure so the regions right uh you know like the everything that has

to do with regions uh the zones and zones is a collection of data centers within a region and the fault domains fault domains is um a logical isol isolation of uh Hardware that's within a Data Center and then there's the physical security of the data center the responsible for that as well right then you have software so uh this breaks down to core four so you got your compute your storage your database and your networking now onto the um customer side there's the configuration of manage services or third-party software so that could be platforms applications

am IM am is a big one that's a huge huge component for customer responsibility configuration configuration of virtual infrastructure and systems so operating systems the network firewall so I notice you see networking down below so we're talking about the actual like routers and switch and things like this and up here this is like Cloud networking okay this is like I want to create a VPC uh and I want to have these subnets in it and I want to use these Cloud networking services but you're not really dealing with lower level software like setting up the

the switch or the router or things like that okay then you have security configuration of data so uh you know whether to use client side data encryption whether you are whether you're using serers side encryption whether you turned it on what type of encryption you want to use protecting the the network traffic so whether you're monitoring it and put any other kinds of controls to say okay who's allowed to see what and your customer data that's a big one okay so yeah this is basically the adus um and Azure way of looking or sorry I

said Azure but it's more like adus and Oracle Azure actually has their own way it's actually looks a lot more like this and so there is they do on premise put on premise in the mix infrastructure is a service platform as a service and software as a service and so they just break it down to here and these are going to look very very very similar to the Google's on so you have applications uh data runtime middleware OS virtualization server storage networking how many is are 1 2 3 4 5 6 7 8 9 these

almost almost match up to the OSI uh layer that's the uh like the layers like the application layer the networking layer things like that and so that's basically how Azure kind of does it uh but it just helps you to see the names in a different way so you can see there's still data there's no mention of like access controls but it's just assumed that if you have an application responsible for it uh you know things like that okay so hopefully that gives you a really clear understanding of the Shar responsibility [Music] model hey this

is Andrew Brown from exam Pro and we are looking at the cloud computing deployment models this one's an important one it will show up in your exam so you want to know the difference starting at the top here we have public cloud and this is where everything is built on the cloud service provider uh this is also known as being Cloud native so the idea here and I know this is an adus example and we're doing gcp just didn't have time to make the new uh the new graphic here but the idea is that you

have a virtual machine and a database it's sitting within subnets within a VPC uh both adus and Google call their vpcs the same thing so that makes it easy here and everything's contained within the cloud service provider there's no cloud services outside the cloud service provider okay then you have private Cloud this is where everything is built on the company's data center this is also known as on premise because it's on the premises uh uh where your office is and so here you would use something like open stack to have private a private Cloud so

open stack I believe it's by Rackspace and the idea here is that it gives you a lot of the benefits where like imagine you want to distribute um a virtual machine across many machines you want to have granular permissions like IM am and things like that that's what private Cloud's going to do for you then you got hybrid and hybrid cloud is where you are using both private and public cloud and you're connecting them right you're off offloading some of your private Cloud compute storage stuff to the public cloud and that's happening uh via some

kind of hybrid connection okay and then we have cross Cloud also known uh as multicloud a lot of people will call it hybrid Cloud it's not hybrid Cloud hybrid cloud is when you have a private cloud and a public Cloud connected a cross cloud is when you are using multiple U multiple um uh csps and the the workload is spread across them a really good example here is something like Azure Arc or um for Google's offering they call theirs anthos so the idea is that you have a control plane that will control compute across multiple

cloud service providers and on- premise environments multicloud multiple Cloud providers or multicloud is just when you use multiple providers but you necessarily use data across them okay but Google's going to just treat multicloud and cross-cloud as the same terminology all right to try to just kind of give this more of um uh like a business use case or who's using these things we talk about uh for uh Cloud this is or public Cloud we're fully utilizing cloud computing this is where we're using cloud and on- premise and this is where uh we're deploying on premise

using virtualization and sometimes known as private Cloud Okay so who's using cloud like public Cloud we're looking at uh startups SAS offerings new projects and companies so think of base camp Dropbox Squarespace for hybrid we have Banks fintech Investment Management large professional service providers Legacy on premise there's reasons why they're hybrid they have to keep certain data uh on on premise for regulatory reasons or it could be because of um just because they've had they have so much infrastructure it's just too hard to to move everything away or they have customers that are concerned about

uh the cloud or the public Cloud when we're talking about the public sector like government or hospitals with super sensive data or very very large Enterprises with crazy regulation like insurance companies they might want to have 100% private Cloud they're starting to um adopt a hybrid model so uh we're seeing less and less of this but you know like hospitals AIG which is insurance company or the government of Canada okay [Music] hey this is Andrew Brown from exam Pro and we are looking at the total cost of ownership also known as TCO uh to really

understand what it is that uh you know we are paying for when we're using on premise and what we're paying for or not have to pay for when we're using gcp these break down to kex and Opex notice here at the top we're going to talk about that in the next slide here um now Google Cloud doesn't actually ever mention TCO uh even though it's pretty common across all the other cloud service providers but it does tie back to kex and Opex so we're going to cover it anyway and it's good to know this okay

so to understand the TCO concept I have these icebergs to really make sure or to sell you that these are icebergs I put some penguins in a whale on it here for you but the idea is that we have things that are above the surface and these are things that we generally think about and then the things below the surface under the water are the things that we're not thinking about that really should helps us factor in the total cost of ownership so we're looking at things that are obvious people think about well uh you

know for on premise we just have to pay for our software license fees right if you have um uh Microsoft uh servers you pay for those licenses and then on gcp well you just pay subscription fees so maybe you're not paying for the licenses but now you're just paying for uh using the services uh On Demand right and so they might look at and say well you know the cost aren't they look pretty comparable but then when you get below the surface we talk about remember on premise you you have control of you have those

physical machines there right so there's the implementation the configuration the training the physical security the hardware the IT personnel the maintenance there's a lot of cost in um actually having those physical machines and all the stuff around them where as uh in the cloud service provider uh you are worried about the implementation the configuration training like how to use cloud services but you're not worried about all that other physical stuff and the idea here is that you can save uh up to 75% shifting over to a cloud service provider uh GCB doesn't have an example

of a cost-saving example but ad of us does and they showed like 75% it's going to be the same for all the the csps and the idea now is all this stuff in the red here is now the cloud service provider responsibility you don't have to worry about it so let's talk about Capital versus operational expenditures so Capital expenditures known as kex and operational expenditures known as Opex right and so on the kex side this is where you're spending money upfront on physical uh infrastructure and deducting that expense from your tax bill over time so

that's where a lot of people go well you know I can get this machine and then write it off uh year after year and I guess that sounds okay but you're you're going to save way more money way way more money than getting that that small tax benefit but let's talk about what are kex expenses so you have server uh server costs of the computers the storage costs so like hard drives Network costs routers cables switches backup and archive costs Disaster Recovery costs data center costs so rent cooling physical security the technical Personnel so with

capital expenses you have to guess up front what you're going to plan on spending right because you're going once you have those you're going to hold on to them for a period of time right for operational expenditures the cost assoc associated with on- premise data center uh has now shifted to the service provider so you only have to worry about nonphysical costs so this is leasing software and customizing features training employees and customer services paying for cloud support uh your billing is based on cloud metrics so compute usage storage usage and with operational expenses you

can try a product or service without having to invest in the equipment so you can spend a lot more time in things that matter to grow your business and you don't have to immediately commit to a bunch of stuff you have a lot of flexibility there okay so that's the huge [Music] difference hey this is Andrew Brown from exam Pro and we are looking at Cloud architecture terminology so these are very important Concepts when uh utilizing the cloud uh though Google will not ask you directly on their certification uh to describe these Concepts or to

to to pick them out of a lineup of terms okay um however they are still going to play into questions so we generally need to know what these things are so let's go through the Quick List here and then we'll do a bit of a deeper dive on each of these ones okay so first we have availability your ability to ensure a service remains available this is known as highly available ha you have scalability your ability to rapidly grow unimpeded you have elasticity your ability to shrink and grow to meet the demand and this has

to do with the automation of it you have fault tolerance your ability to prevent a failure you have Disaster Recovery your ability to recover from a failure failure also known as being highly durable so Dr so looking first in more detail here High availability this is your ability for your service to remain available by ensuring there is no single point of failure or to ensure a certain level of performance so I got a bunch of text here but I have a Graphic that makes this really clear the idea here is that we have a load

balancer and and for Google it's called Google uh Cloud load balancing and the idea is that we have compute and we distribute it um so it's separate virtual machines but they are in three uh uh different zones and the idea is that if you were to lose one or two zones you would still have a running service because the load balancer would detect that these ones are unhealthy and reroute the traffic to the remaining server okay and that helps us be uh be highly available then you have the idea of being uh highly scalable so

your ability to increase your capacity based on the increasing demand of traffic memory and computing power okay so you have vertical scaling this is where you are scaling up you increasing the uh size of the single machine right so maybe you are increasing the amount of storage the amount of compute things like that resizing the machine then you have horizontal scaling so you're you're just adding additional servers of the same size and then you're Distributing the workload across those machines okay you have high elasticity so your ability to automatically increase or decrease Your Capacity based

on the current demands of traffic memory and computing power sounds very similar to the last slide but the key difference is that it's automated and you're also have the ability to decrease okay so the idea here is that uh you have the concept of horizontal scaling where you can scale out but you can also scale in so scaling out is when you add more servers and scaling in is when you remove servers okay and generally generally speaking when we're doing uh uh uh things that are elastic it's usually of the same size there is an

exception where you can have containers uh I think it's like mesos or whatever they allow you to have a mix and match of different kind of containers but generally it's the same size size containers okay or virtual machines I should say so uh vertical scaling is generally hard for traditional architecture so you're not going to see the concept of elasticity with vertical scaling it's with horizontal scaling okay the way we can do um um horizontal scaling or elastic uh automatic scaling is with managed instance groups with uh Google so this is automatically increasing or decreasing

the response uh to demand or a defined schedule next we have fault tolerance so your ability to for your service to ensure there is no single point of failure or preventing the chance of failure so I'm just going to lay out all the stuff here and so it sounds very similar to high availability but the idea is that it's all about preventing chance of failure so the idea is that um imagine or I guess it's kind of the responsive failure so the idea here is that uh let's imagine you have a database and the primary

database for whatever reason fails okay um and so the idea is that uh your Cloud DNS which is a the like your domain level what it can do is say Okay fail over to the secondary instance so you have a redundant application running you're syncing that data over it's a standby service the idea is that it's ready to take over when the first one fails okay so whether something happens we can fault over to it I know it gets confusing with high availability we have high durability your ability to recover from a disaster and to

prevent the loss of data so solutions that recover from a disaster is known as Disaster Recovery how do you backup your data how fast can you restore that backup does your backup still work how do you ensure uh your current live data is not corrupt so there you go that is uh our terminologies okay hey this is Andrew Brown from exam Pro and we are looking at the evolution of computing your coud service provider has all of these offerings and the idea is that you need to choose the one that meets your use case a

lot of times this all has to come around the utilization of space that's what we're trying to illustrate here in this section here and the tradeoffs of why you might want to use some of these offerings okay for dedicated we're talking about a uh a physically uh a physical server wholly utilized by single customer that's considered single tenant and uh for Google Cloud we're talking about um single node clusters and bare metal machines where you have control of the virtualization so you can install any kind of hypervisor or virtualization you want in the system the

trade-off here though is that you have to guess upfront what your capacity is going to be and you're never going to 100% utilize that machine CU it's going to have to be a bit under in case the utilization goes up that's you choosing the CPUs and the memories you're going to end up overpaying because you're uh you'll have under under utilize server uh it's not going to be easy to vertically scale it's not like you can just say resize it because the machine you have is what you have right you can't add more I mean

I suppose they can insert more memory for you but that's a manual migration uh so it's very difficult um and replacing the server is also very difficult okay so you're limited by the host operating system it's not virtualize so whatever is on there is on there um and that's what your apps are going to have access to uh if you decide to run more than one app which is not a good practice for these kind of machines uh you're going to end up with a resource sharing where one machine might utilize more than the others

technically with a dedicated machine you have a guarantee of security privacy and full utility of the underlying resources I put an as there because yes it's more secure but uh but it's up to you to make sure that it's more secure so you have that's up to your skills of security right whereas if you had a virtual machine or anything above that there's more responsibility on the cloud service provider to just provide a secure machine and they can do a better job than you so why would you use a dedicated machine well maybe you're doing

high performance Computing where you need these machines like very close together and you have to choose what kind of virtualization you need to have okay so then we're looking at virtual machines the idea here is you can run a machine within a machine the way that works is we have a hypervisor this is a software layer that lets you run the virtual machines uh the idea here is now it's multi-tenant you can share the cost with multiple customers you're paying for a fraction of the server uh you'll still end up overpaying for the underutilized virtual

machine because a virtual machine is just like you have to still say how many V vcpus how much memory and your app is you you don't want an app that uses 100% right you want to use exactly the amount you need but you can see here you know there's still going to be some underutilization uh you limited by the guest operating system now but now it's virtualized so at least it's very easy to uh possibly migrate away if you choose to run more than one app on a virtual machine it it can still run into

resource sharing conflicts uh it's easier to export or import images for migration it's easier to vertically or horizontally scale okay and virtual machines are the most common and popular offering for compute because people just very comfortable with those then you have containers and the idea is you have a virtual machine running these things called containers the way they do that is similar to a hypervisor but instead you have um like here is a Docker demon so it's just a um a container uh software layer okay to run those containers there's different kinds stalker is the

most popular uh and the great thing is you can maximize the uh the the capacity because you can easily add new containers resize those containers use up the rest of the space it's a lot more Flex okay uh your containers will share the same underlying OS but they are more efficient than multiple VMS uh multiple apps can run side by side without being limited uh by the same OS requirements and not cause conflicts during resource sharing so containers are really good but you know the tradeoff is there a lot more work to maintain then you

have functions functions go a even step further and the idea is that you uh the the containers where we where we talked about that's a lot of work to maintain now the cloud service provider is taking care of those containers generally sometimes not it depends if it's servers or not but the idea is that you don't even think about this is called servess compute but you don't even think about uh the OS or anything you just know that what your runtime is you run Ruby or python or node and you just upload your code and

you just say uh I want this to be able to run uh uh for this long uh and use this amount of memory okay you're only responsible for your code and data nothing else it's very cost effective you only pay for the time the code is running uh and VMS only run when there is code to be executed but because of that there is this concept of cold starts and this is uh where the virtual machine has to spin up and so sometimes requests can be a bit slow so there's a bit of trade-off there

but functions or serverless compute is generally one of the best offerings as of today but most people are still getting kind of comfortable with that Paradigm [Music] okay hey this is Andrew Brown from exam press and we are taking a look at Global infrastructure so what is global infrastructure well it refers to the global presence of data centers networking and Cloud resources uh available to the customer and so uh just kind of some of the stats that uh Google cloud has they have 25 regions 76 zones 144 Network Edge locations operating in 200 plus countries

so just an idea like here is an example of the exterior of a Google Data Center and this is an interior so we're going to go and dive deep on all the these Cloud infrastructure Concepts starting [Music] now hey this is Andrew Brown from exam Pro and we are looking at regions for Global infrastructure so regions are independent Geographic areas that consist of zones and gcp has 25 regions so here we have a a map and you're going to notice that some are blue and some are white white ones indicate that they are planning to

have um uh regions there in the future in the next 3 years and I think most of most of not all of their regions always have three zones in them so that's pretty good on them uh so uh for the Americas we got Oregon Los Angeles Salt Lake City Las Vegas Iowa South Carolina North Virginia Montreal Sal Paulo we for Europe we have London Belgium Netherlands Zurich Frankfurt Finland Warsaw uh in Asia Pacific we have Mumbai Singapore Jakarta uh Hong Kong Taiwan Tokyo oaka Sydney and soul okay so there's quite a few of them uh

I mean like a lot of people are used to running in US West or Us East I am always running in the Canada region cuz that's where I'm from so it's there um but yeah when you actually want to go use a region it's as simple as choosing it so if I'm launching a virtual machine with uh compute uh instance or compute engine you're just going to choose the region you want to go in okay [Music] hey this is Andrew Brown from exam Pro and we are looking at Google Cloud's Global infrastructure Edge Network and

so Edge networking is the practice of having compute and data storage resources as closest as possible to the end user in order to deliver the lowest latency and to save bandwidth and so when we're talking about Edge networking we're always talking about points of presence po or pops and this is an intermediate location between a gcp region and the end user and this location could be even in a third party data center or it might just be described as a collection of Hardware so maybe it's not even a data center at all and so here

is the big old graphic that um that uh Google has for us and if you see all those wires that's basically uh just showing how things are interconnected the actual Global Network between these pops and actually there's three types of um uh of Pops or or things we want to look at for Edge networking Edge networking devices or things uh and this uh graphic will change for all three this one is I think for Edge pops so just understand that it's not representative of all these three types but the first is Edge pops so a

location where a user can quickly enter so uh Ingress the gcp network for Accelerated access to Cloud resources then you have a CDN uh this is a location to serve so egress leave to leave the network uh uh for cash websites fils assets so they load very fast for the end user then you have Cloud media Edge this is a location specialized for the delivery of media such as video content content and so there you [Music] go hey this is Andrew Brown from exam Pro and we are looking at zones for Google Cloud's Global infrastructure

so a zone is a physical location made up of one or more data center and a data center is secure is a secured building that contains hundreds of thousands of computers and so uh this is an example of uh the interior of a Data Center and of course you probably wouldn't want to have a dog in there unless it's a guard dog in those machines okay so a region will generally contain three zones and I actually think Google's very good about that they always have three zones but other providers will try to uh get a

foothold into new regions and so they might only launch with a single zone offering but I think gcp is good in this regard uh the reason we make mention of that is because when we're talking about high availability the only way to get that is when you have at least three zones that's the standard okay data centers within a region will be isolated from each other so different buildings but they will be close enough to provide low latency and we'll talk about the the the inter latence uh the interzonal latency uh uh coming in this

section here so common practice to run at least three zones to remain available in case one or two data centers fail okay so the way you choose zones within Google cloud is after you've choosen your region you just choose your Zone and sometimes you're choosing more than one zone okay so it's that [Music] simple hey this is Andrew Brown from exam Pro and we are looking at resource scoping for Google Cloud's Global infrastructure so we were just talking about zones and I was saying that you can uh when you launch a resource sometimes you choose

a single zone or multiple zones and that comes into resource scoping okay so I just want to talk a little bit more or reiterate on zones one more time so a zone is a deployment area for Google Cloud resources within a region zones should be considered a single failure domain within a region and uh deploy redundant resources in multiple zones multi zones for fault tolerance and high availability okay so let's now talk about product or resource scoping so the idea is you can launch a resource uh in a single zone in a single region so

this is a zonal resource you have uh Regional resources this is where uh a resource resides in multiple zones in a single region you have multi-regional resource so resources reside across multiple specific zones you have a global Service this is where resources reside globally and regions and zones are abstracted away very common with seress Services okay and then you have internal Services these are foundational Services used by many other services you don't interact with these Services directly they're managed by Google such as spanner Colossus Borg and chubby okay so uh the reason I bring this

up is that you know I saw a question or two on the exam and they were using this terminology and so you know it just helps you to kind of frame that question better if you know resource scoping okay [Music] hey this is Andrew Brown from exam Pro and we are looking at data residency for Google Cloud's Global infrastructure so uh what is data residency well it's the physical or geographic location of where an organization or Cloud resources reside uh and the reason we care about this is so that we can do uh or have

compliance boundaries these are Regulatory Compliance so they're legal requirements by a government or organization that describes where data and Cloud resources are allowed to reside so you know if you're working with the Canadian government they say we're only going to use your software as long as the data resides uh within Canadian data centers that is the idea behind this stuff so when you're trying to run these kind of uh workloads and you need to meet compliance boundaries uh strictly defining the data residency of the data and Cloud resources and gcp you can use something called

assured workloads so this is a feature that allows you to apply VAR security controls to an environment so it's not just for data residency but that's its primary feature so data residency personal data access controls based on attributes person uh Personnel uh support case ownership controls based on attributes encryption so in order to uh apply data residency you're the you're going to use an organizational policy called a resource location restriction and choose the allowed region or multiple regions will this show up in the exam probably not but uh you know it's good to get you

kind of exposed to Global or organizational policies because those kind of do show up on the exam [Music] okay hey this is Andrew Brown from exam Pro and we are looking at Cloud interconnect for Global infrastructure technically this is hybrid um uh hybrid services and so youd have this in the hybrid section but I like to put it in global infrastructure because it's just something that um has to do with uh data centers and connecting things so that's why I always kind of front loaded in this section here so Cloud interconnect provides direct physical connections

between your on- premise Network and Google's Network and so Cloud interconnect enables you to transfer large amounts of data between networks which can be more cost effective than purchasing additional bandwidth over uh public internet so it's a direct physical connection so fiber optics running from data center to Data Center okay and there are two offerings we have dedicated and partners so for dedicated this is a direct physical connection between the on premise Network and Google Network through a cocation facility we'll talk about collocation what that means here in a moment then you have um a

uh partner interconnect this is a direct physical connection between the on premise Network and Google's Network through a trusted third-party data center or provider okay so uh on the dedicated side this is between 10 to uh to 200 gigabytes per seconds and for partner it's between 5050 megabytes per second and 10 GB per second the reason you would be using uh a partner one is maybe because you just can't do dedicated based on your location so you have to work through a partner or maybe it's more cost effective or you know or it does it

meets your needs so it's just going to be dependent on that kind of stuff but generally the reason people are going with partners because they just can't get the dedicated one so what is a collocation facility so a collocation or Carrier hotel is a data center where equipment space and bandwidth are available for rental to retail customers so the idea is that it's a a rent like a rental data center right uh and Google uh Google uh is like is uh uh there's ones that they're cool with using and so those is like you have

a bit more direct control over it so you know it just depends on what you want to do [Music] okay hey this is Andrew Brown from exam Pro and we are looking at Google Cloud for government and so the first thing I want to answer is what is public sector so public sectors include public goods and governmental services such as military law enforcement infrastructure public trans Transit uh public education healthare the and the government itself so Google Cloud can be utilized by the public sector organizations developing Cloud workloads for the public sector and the way

uh Google achieves this is by meeting Regulatory Compliance programs along with specific governance and security controls so some compliance programs that would be used in public sector would be Hippa for for health fed ramp for dealing with the US uh the criminal uh Justice information service uh it's like working with the FBI and uh we got fips 140 uh hyphen 2 and we do cover all these again in the course so don't worry about having them memorized this second uh let's just mention fed ramp so this stands for federal risk and authorization Management program so

fed RP it's a US Government wide program that provides a standardized approach to security assessments authorization and continuous monitoring for cloud products and services so what is gov Cloud because this is something you hear a lot with cloud service providers so a CSP generally will offer an isolated region to run fed ramp workloads and gocloud offering in practice can result in degraded service offerings lower service availability and higher operational costs so GC uh gcp has an alternate to offering uh gov Cloud where fed ramp workloads are authorized in gcps usual region data centers uh and

this scheme mitigates the disadvantages of go Cloud offering so gcp regions will be authorized for either a high or moderate Baseline and so you know that was the thing was I was looking up gcp and I'm like where's their go Cloud I couldn't find it and so they just have a a different way of going about it and supposedly they say that it is better uh I don't know all the details about it but that was what I could uh drum up will this show up on the exam probably not uh I didn't really see

anything for public sector on the exam but from fundamental information you should absolutely know this [Music] okay I just want to cover some basic networking infrastructure terms terms just so that if you aren't familiar with you can get caught up to speed very quickly uh these things are very common so um you we'll cover them in a rapid Pace here but the first we want to talk about is IP addresses and dns's so an IP address is a unique numerical label identifying a device on a network that you have a domain name this is a

userfriendly name mapped to an IP address so an example here would be google.com maps to an IP address then you have DNS a domain name uh system so the uh so this is like the phone book of the web it translates domain names to IP addresses then we have uh internet service providers known as isps these are companies providing internet access to businesses and individuals so example here could be something like Verizon or SoftBank in Canada uh it's like Bell Media um Rogers things like that you have Global Network infrastructure and so under this you'd

have something called fiber optics this transmits transmits data as light pulses over long distances we have subc cables these carry 99% of international traffic and so there's like a map of all these cables running along the sea floor that's how we're all interconnected it's not through space a lot of people think it's all satellites or in space but actually we run physical cables across across to other continents you have Google's Global reach um so here we have the data centers and Edge locations um so we have those we have Network Edge so this is where

we have Google's fiber optic Network that connects data centers worldwide we have Network performance so we have something like latency this is the speed of data transfer and uh that's critical for user experience and we have bandwidth this is the capacity of data transfer across the network so you know in future videos like or in courses like the a will uh put more effort into explaining these things but for this certification you just have to have a general understanding of these basic Network infrastructure terminologies okay [Music] hey this is Andrew Brown from exam Pro and

we are looking at latencies for Google Cloud's Global infrastructure so what is latency well latency is the time delay between two physical systems and what is leg well leg is the noticeable delay between the actions of of input and the reactions of the server sent back to the client all right uh and you probably if you play video games you know what game lag is so it's basically the same thing okay it's just between servers and set of Game servers all right uh we have inter Regional latency so this is latency between two regions and

then we have interzonal latency this is latency between zones residing in a single region and I just want to generally give you an idea of the the the latency in milliseconds this isn't going to be exact because I honestly couldn't find something definitive by Google and there are benchmarks out there and they vary because it's going to be between regions and different zones but I want to try kind of give you kind of a bit of a a the facto way of understanding generally what they'll be and so I would imagine that between two zones

or sorry two regions you could see the worst case of 500 milliseconds so that's in the triple digit and then when we're talking about interzonal latency maybe 10 50 milliseconds so double digit milliseconds Okay the reason this is important is because I saw a question on the exam and it actually asked about 10 milliseconds and it was talking about a high availability and if you knew if you knew that um that it's in the double digit between interzonal stuff you wouldn't have chose multi- region you would only choose a single region with um multiple zones

okay so don't get hung up on so much the exact number but just understand triple digit double digit for these two [Music] okay let's talk about the benefits of the Google data center now we do talk about defense and uh depth in defense or defense and depth with Google in particular because they do a really good job here um but this is kind of a reiteration in a different way that we are talking about uh Google's data center so the first is enhanced security so we have a zero trust architecture with custom Hardware with strong

physical physical security uh including biometric access we have operational efficiency so purpose-built servers uh that reduce energy and use and improve efficiency like the Hina data center with C water cooling that was hard for me to say we have scalability quick add Hardware to meet growing demands without disrupting Services customization complete control over servers allowing unique features Innovations cost and environmental savings lower cost environmental impact through efficient design and renewable energy in fact as of yesterday from this video Google signed um an agreement to start using nuclear power so they're really thinking about um how

to push the usage of their data centers um but yeah there you go [Music] hey this is Andrew Brown from exam Pro and we are taking a look at Innovation waves actually known as Contra T waves uh that's a Russian name so I'm sorry if I pronounced it incorrectly but they are hypothesized cyclik phenomenons in the global World economy the phenomenon is closely connected with technology life cycle so the idea here is that we have these waves that uh irreversibly change the society on a global uh scale and generally we underpin these for particular Tech

technological advancements okay so here we have the steam engine and cotton we have Railway rail way and steel we have electrical engineering and chemistry Innovations here we have petrochemicals and Automobiles we have information technology and the idea here is that Google is suggesting that uh the the wave that we're in right now uh includes Cloud technology as one of the larger factors when we look at one of these waves in Greater detail there's a common pattern to the wave uh that changes the supply and demand and so they say there's an expansion a boom a

recession and a depression and if you can detect that pattern that's how you know uh that something is going on okay and so uh if we are in um if Cloud technology is the case here then we're definitely in an expansion phase right now uh and it's we might be in a boom it's hard to say um but uh yeah so there you [Music] go hey this is Andrew Brown from exam Pro and we are looking at the concept of a burning platform so the term is used when a company abandons old technology for new

technology with the uncertainty of success and can be motivated by fear that the organization's future survival hinges on its digital transformation so uh this idea is comes back to uh the oil industry where you would have a platform and oil would catch fire and so uh the only way to survive would be to uh abandon or jump off uh the platform and so this term this term is not not so popular uh today but Google seems to still be using it um but the idea is that uh you know it's just you have to take

a a leap of faith uh into this stuff if you want to keep up [Music] okay hey this is Andrew Brown from exam Pro and we are looking at the evolution of computing power so computing power is the throughput measured at which a computer can complete a computational task and Google has a variety of offerings uh for the Innovations in this particular field the one that we're all most common with are CPUs so this is just like what's in your computer your laptop when we're talking about cloud computing the one that we commonly see are

Zeon CPU processors because they're uh very very uh good processors and so the offering here at any cloud service provider would be via virtual machines and so for Google their virtual machines are offered via compute engine uh then we're looking at tensor Computing so uh Google created their own um uh machine learning deep learning framework called tensor flow and it has a new type of data structure called a tensor uh that is specifically optimized for uh you know neural networks and the idea here is that um Google decided to create a piece of Hardware that

is specifically designed for their uh tensor data structure uh and so that's what they have which is this TPU thing and for this particular use case is 50 times faster than a traditional CPU all right and this is really for the space of neural Nets uh if you want to have this offering on Google Cloud you'd be using the cloud TPU okay and the last one here is quantum Computing and so Quantum Computing is interesting because it has the potential to be a 100 million times faster it is uh we're literally using parallel parallel uh

uh universe or Dimension uh using things like Quantum entaglement very advanced concepts in order to uh perform insane amount of computation but this field is very early days and so being able to apply it is uh not uh very easy but that doesn't mean that you can't play around with it uh Google has an offering um I don't uh ads has an offering for this but in particular uh Google has uh been producing uh different Hardware so they first had foxtail in 2016 then Bristol cone in 2017 and I think the latest one they have

is s uh syamore in 2018 all right and so this is all accessible via the Google Quantum AI all [Music] right hey this is Andrew Brown from exam Pro and we are looking at the concept of digital transformation and this is the adoption of digital technology to transform services or businesses through replacing non-digital or manual processes with digital processes like going uh paperless or replacing older digital technology with newer digital technology so that means uh you previous so you're using on premise and you're moving into hybrid architecture or using uh uh Cloud native technology all

right and so uh this you could describe uh is that Google has their own uh Google digital transformation framework or concept based off of Google seven solution pillars so we have infrastructure modernization business application platform portfolio application modernization database and Storage Solutions smart analytics artificial intelligence uh and sec security so in terms of the actual exam they're not going to ask you what are the Seven Pillars or what digital transformation is but you know the exam is all um uh business use case scenario so there are some tidbits in here which might help you with

some of the questions and that's why we're going to go through all the pillars [Music] okay hey this is Andrew Brown from exam Pro and we are taking a look here Google Cloud's solution pillars and there's seven in total here and there's a lot of teex so let's work our way through it so the first is infrastructure modernization so replacing Legacy hardware and software systems with Cloud Solutions allows organizations to adopt hybrid architectures and have more infrastructure Mobility choosing a mix of best cloud service provider offerings for their organizational use case so in this case

if we're talking about hybrid architectures one service that we could utilize would be anthos and this allows you to manage compute from both on premise and public cloud in a single unified interface moving on to business applications platform portfolio so the backbone of csps are built on top of robust well documented apis standardized across all offered cloud services organizations can focus on the configuration interconnections of various systems instead of having to build their own systems so what are they talking about here we're talking about Cloud SDK Cloud API Cloud CLI and the Google Cloud documentation

for number three we have application modernization so build building web applications on top of cloud services allows organizations to globally deliver and rapidly iterate faster than ever before csps offer automated deployment pipelines AI powered code reviews easy staging and testing of new features the ability to test and production roll back changes apps are more durable and can remain available when facing catastrophic Regional failure so uh one thing that makes it really easy to um uh build up very robust web apps is if you're able to migrate your web app over to app engine because it

just takes care of a lot of the stuff for you um and all you got to do is upload your code and do some configuration make some choices but more or less it makes it very highly durable available and scalable then you have database and Storage Solutions so most companies can tolerate losing application code you can always write uh you you can always rewrite uh losing data is not something you can recover cloud service providers have guaranteed slas of dur data durability as well as the ability to easily migrate and secure your data so in

this this case uh if we're looking at cloud storage which is on uh you know the storage or file side uh side of the the scenario here uh it can store files and documents as objects and its availability is 99.5% uh and they have an it's SLA backed okay and the way they do that is that they're replicating your data across multiple zones so if a Zone fails it'll just recover uh cover fils from another Zone and it does that automatically for you for number five we have Smart analytics so when you store data on

cloud service providers you can tap into big data and business intelligence uh Cloud offerings assisted by AI to help you analyze your data so for Google there's looker uh and this is data exploration Discovery uh business intelligence platform acquired by Google and is now part of gcp uh then you have artificial intelligence so AI deep learning ml are specialized domains that uh traditionally required uh scarce and expensive subject matter experts cloud is commoditizing uh commoditizing simplifying AI knowledge while driving costs lower for adoption so there's a lot of tools here that Google has but the

the primary ones is vertex AI this is a unified platform for AIML deep learning automl they have their own deep learning framework they've developed it's really easy to use this is my uh uh most uh favorite uh framework and this is the one I always use uh then we have security so cloud services by default have strong mechanisms built in for security governance compliance csps are continually developing new and Innovative security offerings not just at a service per service level but to anal recommend and remediate at the project and organization level you can easily and

quickly audit and apply security controls that become compliant in a fraction of time than on an on premise solution and so things you get uh when you're working the cloud I am I mean if you're using private Cloud I suppose you'd get that with open stack but I am so role based access controls and user management uh one that I really like that Google has is beyond Corp it's a zero trust model framework uh then there's the security Command Center so it's a centralized uh it centralizes visibility control for for security and stuff for misconfigurations

uh but there's a lot more uh there but this is just to kind of help you ground each of these pillars into something practical [Music] okay hey this is Andrew Brown and we are taking a look at business transformation this is the process of using Cloud Technologies to change how a business operates and delivers value to its customers this term I've never heard it outside of Google so I think Google has invented it just like how they've championed the word digital transformation so just understand understand that uh this is more specific to Google to help

um get you in the mindset of how you can utilize Cloud similar to digital transformation but let's talk about the points here so we have transforming workflows with Cloud tools to automate increase efficiency and reduce costs leveraging Ai and data to innovate improve customer experience and unlock revenue streams and we can uh look at this as pillars so I don't think the official uh official documentation lists as pillars but I'm trying to bridge the gap of that information from the digital transformation to the business transformation so we're going to look at it from a pillar

perspective so we have intelligence we have freedom we have collaboration trust and we have sustainability so those are the four that we're looking there or sorry five that we're looking there and so those are the five business transformation benefits memorize those because those will be on your exam I saw them as a question but let's go through each one and talk about them the first one is intelligence so this is this replaces traditional systems with cloud driven Data Solutions that enable smarter decisions and unlocks AI capabilities so what services could do that on Google for

us uh we have big query and data proc so those are two options there for Freedom uh this is where we shift from Legacy Hardware to hybrid and multicloud architectures offering flexibility infrastructure choice and so in this case we're looking at anthos um for collaboration this transforms collaboration with Cloud tools enabling seamless secure communication for hybrid and teams and if you can guess it it's Google workspace for trust we have modernizing security and cloud-based protection offering better visibility control over data so here we have Cloud armor for sustainability we uh we have uh moving away

from energy intensive Hardware to Google's carbon free Cloud infrastructure reducing environmental impact and this is where we have carbon footprint where Google can monitor um carbon use now I just again I want to be honest with you here that this stuff sounds all great but again this is to get you into the Google Cloud ecosystem and I don't necessarily subscribe that this is necessary to improve your business I think on pram is still has its place U but understand that you know this is just PR marketing stuff to get you into the ecosystem of Google

Cloud [Music] okay all right let's talk about transformation Cloud which is a set of cloud tools and services that help businesses modernize apps and infrastructure improve collaboration manage data better and strengthen security and compliance so if you go into the Google Cloud console you can't type in transformation cloud and find anything uh confusingly enough there is a a website called transformation. Cloud which has no relation to this so this is really just a collection of services that are considered services to help with trans transformation Cloud okay so hopefully that is as clear as I can

make it but let's talk about app and infrastructure modernization so Google Cloud helps businesses shift from Legacy systems to scalable flexible Cloud infrastructure with tools like anthos and gke supporting hybrid and multicloud setups we have data access and efficiency or we could say data de uh democratization that's a very hard word for me to say so Google here will make data more accessible through services like big query and looker then we have people connection so this is going to be through uh Google workspace as you can see here you're kind of getting the uh routine

here and we have trusted transactions where we have Cloud armor and Beyond corpse so again this is just another way for them to organize things where we have digital transformation business transformation then transformation Cloud U they're just framing other ways for your organization to figure out how to um adopt Google Cloud okay [Music] so how can we get business value out of our data well if we have three kinds of data let's say user data industry data and corporate data where those all intersect that's where we can derive business value so let's just identify these

three types of data the first being user data this would be your customer and behavioral information so think purchases and returns for corporate data this would be internal metrics like sales and Staffing for industry data this is external market trends and benchmarks and so what we can do is we can combine these data uh data sets to get better insights so imagine linking sales data with market trends to improve inventory we can make uh decisions based on uh detecting patterns so we can make informed uh choices that's called datadriven decisions so here we could be

offering personalized products based on customer demographics we can create new value with data so here um when we have new data we can enhance the customer experience improve the efficiency Staffing inventory and sales decision so hopefully that is clear those three components um are going to help you find business value [Music] okay the data value chain is the series of processes where data is collected stored process analyze secured and ultimately uh used to generate business insights or value so let's go through all those steps because we just listed them the first being data collection this

is where you're Gathering data from sources like iot devices apps and customer interactions then you have data storage this is securely storing data in scalable Cloud Solutions like Google uh cloud storage or big query you have data processing this is converting raw data into useful formats using tools like Google data flow and Apachi beam we have data analysis this is extracting insights using tools like big query ml or looker we have uh data security and governance this is ensuring data security with encryption and access controls using IM and Cloud security tools we have data sharing

so this is Distributing insights via apis dashboards or Google Sheets we have data monetization turning data into business value by selling insights or optimizing decisions um so I really haven't seen this uh uh data value chain concept outside of Google Cloud so I'm not sure if this is industrywide it just looks like a data pipeline to me um so there might be uh varant of this when you go to other providers but it's still very very uh straightforward and clear so I still think it's valuable [Music] okay hey this is Andrew Brown from exam Pro

and we are looking at what the Google Cloud console is and this is a portal uh that is a web-based unified console that provides an alternative to the command line tools it allows you to build manage and monitor everything from simple web apps to complex cloud deployments and so this is generally the main way you're going to be interacting uh with Google Cloud because it's the easiest way to do it uh so the idea is that you have this hamburger menu you can drop down and see all the possible Services you can also search for

them uh you can organize uh different projects here and switch between them and in the background here what you can see me doing is I'm actually uh trying to launch a new compute uh engine uh virtual machine instance uh you can also get uh notifications and things like that but basically everything you want to do is via the console okay hey this is Andrew Brown from exam Pro and we are taking a look here at Cloud SDK so SDK stands for software development kit and it is a collection of software development Tools in one installable

package so you can use the cloud SDK to programmatically create modify delete or interact with Google Cloud resources and the SDK is offered in a variety of programming languages so we got Java python nodejs Ruby which is my favorite go.net PHP and so here's this example of us using the iate with Ruby code so we've installed the the the package as a ruby gem that's how we did it and we're accessing a big query and we're just iterating out that table [Music] okay hey this is Andrew Brown from exam Pro and we are taking a

look at Cloud CLI so CLI stands for command line interface and what it allows you to do is process commands to a computer program in the form of lines of text and operating systems Implement a command line interface in a shell or a terminal that's how you're going to interact with one and so this is what it looks like to use a CLI so once it's installed what you'll do is write uh gcloud and then whatever it is that you want to do so in this case we are uh you want to work with a

compute engine so we write compute we SSH s SSH into our instance uh and so it's just as simple as that [Music] okay hey this is Angie Brown from exam Pro and we're taking a look here at Cloud shell this is a free online environment with a command line access for managing your infrastructure and an online code editor for cloud development so uh the idea here is uh these are the two interfaces uh they're very pretty pretty similar but the idea is you'll press this little button here it will launch uh generally a shell and

if you want to switch over to the editor you just press that and here you can see this is basically a bash terminal and this one here is a vs code environment there you go hey this is Andrew Brown from exampro and we're looking at projects and folders for Google Cloud so a project in Google cloud is a logical grouping of resources and a cloud resource must belong to a project so up in your navigation you're going to see the project you're currently on you can drop that down change to another project or quickly and

easily create additional projects a project is made up of settings permissions and other metadata a project can't access another Project's resources unless you use share VPC or VPC Network pairing resources within a single project can work together easily for example by communicating through internal Network subject to the regions and Zone rules each Google Cloud project has the following a project name which you provide a project ID which you can provide or Google Cloud can provide for you a project number which Google Cloud provides as you work with Google Cloud you'll use these uh identifiers in

certain command lines and API calls so each project ID is unique across Google Cloud once you have created a project you can delete the project but its IDs can never be used again when billing is enabled each project is associated with one billing account multiple projects can have their resources usage build to the same account a project serves as a namespace this means that every resource within each project must have unique name but you can usually reuse resource names if they're if they're in separated projects then there's the concept of folders so folders allow you

to logically uh group multiple projects that share common I am permissions folders are common used to isolate projects for different departments or for different environments we'll see more of this when we cover resource hierarchies [Music] okay hey this is Andrew Brown from exam Pro and we're looking at the Google Cloud adoption framework also known as gcaf and this is a white paper that can determine an organization's Readiness to adopt Google Cloud as well as uh providing steps to fill in knowledge gaps and develop new competencies okay so um to really understand the Google Cloud adoption

framework we need to know what is a white paper so it is a report or guide that informs readers uh concisely about a complex issue it is intended to help readers understand an issue solve a problem or make a decision and white papers are generally PDF uh format but they can also be an HTML format as well so uh white papers are common among all the cloud service providers and they're almost always uh an essential to study at the fundamental level and so for um the Google Cloud digital leader I recommend going through the cloud

adoption framework which is what we're going to do here okay so the gcap is composed of four themes three maturity phases the cloud maturity scale uh epics and programs so let's get into [Music] it hey this is Andrew Brown from exam Pro and we are looking at themes for the Google Cloud adoption framework so themes are uh just four different areas uh that your company needs to excel in in order to be successful with their Cloud adoption so starting at the first here we have learn the quality and scale of the learning programs you have

in place to upskill your technical teams your ability to augment your IT staff with experienced Partners so who's engaged how widespread is that engagement how concerted is the effort how effective are the results number two here is lead so the extent to which it teams are supported by a mandate from leadership to migrate to Cloud the degree to which the teams themselves are cross functional collaborative and self motivated so how are teams structured have they got executive sponsorship how are Cloud projects budgeted governed and assessed the third theme Here is scale so the extent to

which you use cloud native services that reduce operational overhead and automate manual processes and policies so how are cloud-based Services provisioned how is capacity for work uh workloads allocated how are applications up uh updates uh managed and for the fourth one here we have secure so the capabilities to protect your services from unauthorized and inappropriate access with a multi-layered identity Centric security model uh dependent also uh on the advanced maturity of the other three themes okay so what controls are in place what technologies used what strategies govern uh everything as a whole [Music] okay hey

this is Andrew Brown from exam Pro and we are looking at phases for the Google Cloud adoption framework and this is all about the maturity of the organization because depending on where you are is going to determine the uh type of action or advice here based on the phase okay so uh for tactical this is short-term uh goals which is individual workloads are in place but there is no coherent plan the focus is on reducing the cost of discrete systems getting to the cloud with minimal disruption the winds are quick but there is no provision

for scale so really they're just trying to utilize anything and it's not there's no real plan in place okay for for strategic this is where you are in the midterm uh of maturity so a broader Vision governs individual workloads which are designed and de developed with an eye to Future needs and scale uh have begun to uh Embrace change people and processes are now now involved in the adoption strategy it teams are both efficient and effective increasing the value of harnessing the cloud for your business operations then we have uh transfor uh transform transformative or

transformational there we go uh and so this is like long-term goals so Cloud operations are functioning smoothly so you're in the cloud now but you're focusing on integrating the data and insights working in the cloud so existing data is transparently shared new data is collected and analyzed predictive and prescriptive analytics view machine learning is used uh people in processes are being transformed which further supports technological changes it is uh no longer a cost center but has become instead a partner to the business hey this is Andre Brown from exam Pro and we are looking at

the cloud maturity scale for the Google Cloud adoption framework and so this is a matrix made up of the themes and phases that we just reviewed and it will help your organization pinpoint their exact adoption position so uh on the horizontal scale we have learn lead scale and secure to determine our adoption themes and then on our vertical scale we have tactical strategic and transform uh transformational for organizations's maturity so uh where it intersects with learn and tactical the idea here is that you are self-taught and you are uh reliant on third parties um for

strategic learn these are organized training with third-party assisted uh for uh learn and transformational it's peer learning and sharing with third-party staff augmentation so just to kind of make sense because I know these are kind of abbreviated so it doesn't make a whole lot of sense but the idea is that if you are learning and you are in the short-term phase then you're probably going to be self-taught in this right okay and then if you're strategic you're going to be you're going to have organized training because you are bringing people and processes in as we

saw in the as we were describing the um maturity phases and then for transformational we have peer learning and sharing because we're now established in the cloud but we're just trying to collect data make things a lot better okay for lead uh uh lead for tactical looks like uh it's teams by function and you have a heroic project manager basically anytime you want to adopt Cloud no matter if it's Google or other ones you need somebody in your team that's going to uh act as the hero or the Evangelist for that adoption uh for the

adoption of the cloud and you got to find that person to carry you through all the stages okay uh so for lead and strategic we have new cross functional uh functional Cloud team so this is where you actually have a specialized team in your organization because you're now in the cloud right uh and so that's going to help support the workloads and move further and then uh down for transformational lead you have cross fun functional feature teams great uh autonomy so the idea is you don't just have a single team but you have multiple teams

that are feature specific so maybe you have data uh data team you have a devops team uh and the idea is that you also want to make sure they have the control to do what they need to do in their own space right that means in Google Cloud they're going to have their own folder and they can self-govern all their projects uh in there they're not they can do their Shadow it and they don't have to ask a centralized it to do stuff uh for scale and tactical so changes slow and uh risk is offs

heavy um because basically everything is still in the old uh the old on- premise system right so that makes sense uh for scale and strategic templates ensure good governance without manual review um so you know you just want to make sure that you have uh infrastructure is cod in place and you're putting uh governing rules in the midterm for transformational scale all Chang is constant low risk and quickly fixed so you're really in good shape for scale here uh you know just scale is going to be really easy right so whereas this you're you're doing

a lot of automation still to try to get your scale for secure fear of public internet trust in private Network that's of course why people are on premise because they're really afraid to be in the public cloud or or uh uh on third parties in general so that is something you're going to have to fight with at that stage uh for strategic you have Central identity hybrid Network you know so that could be using the Beyond Corp which is the zero trust model or you could be doing fed itation uh between uh your Azure active

directory on Prem into uh like with Cloud identity using like uh Google syncing directory uh Service uh then uh the last one here is secure and transformational Trust only the right people device and services this is what they're talking about they're talking about the zero trust model here so that really is where Beyond Corp uh would come into play uh for the Google Cloud adoption framework okay [Music] hey this is Andrew Brown from exam Pro and we we're looking at Tams which stands for technical account manager uh and no matter if you're using Google Cloud

Azure AWS they all have Tams and this is a human resource assigned to work with your organization when paying for Google Cloud's premium support So Tam can assist with Google Cloud adoption framework by performing a high level assessment of your organization's Cloud maturity tell you how to Pro prioritize your training change manner programs partner relationships Cloud operating models secure account configuration so the idea here is that you know if you don't know how to apply the Google Cloud adoption framework you want to get a tam because they're really going to help you connect you to

people that do know how to do it or give you um a bit of a Kickstart in that process [Music] okay hey this is Andrew Brown from exam Pro and we are looking at compute for Google Cloud platform and so there's a variety of services so let's get to it the first being compute engine and this one is for virtual machines or VMS uh and this is generally the primary or traditional type of compute you are going to utilize on a club service provider um then there is bare metal so bare metal is where you

have full control of the hardware so you can install any kind of hypervisor you want it on it or virtualization it's going to allow you to have very low latency on Google Cloud then we have appenine which is a platform as a service build and deploy apps on a fully manage highly scalable platform without having to manage the underlying infrastructure we're going to spend a little bit more time on app engine because the exam definitely pops up with a few questions uh that talk about its different core offerings we have Cloud gpus so add gpus

to your workloads for machine learning scientific Computing and 3D visualization you have Google kubernetes engine also known as gke so reliably efficiently and securely deploy and scale containerized applications on kubernetes you have soul tenant nodes and this is known as dedicated virtual machines and all the other different providers so the reason you'd want to use these is you need to meet compliance you have your own licenses uh you need to keep these instances physically separated uh with dedicated Hardware because maybe you know you're not allowed to run it with uh as a multi-tenant so there's

all sorts of reasons for that you have Cloud functions these are functions as a service so uh you can create serverless single purpose functions that respond to the events uh I guess I could have put cloud run on this as well which is serverless containers but we have a container section so it's not a big deal um we'll get to that some kind of auxiliary services that are used um that are important important to know with compute would be Google Cloud VM engine or VMware engine so migrate and run your VM workloads natively on Google

Cloud you have migrate for compute engine so migrate servers and VMS from on- premise or another Cloud to compute engine this was formerly known as velostrada preemptable VMS so deploy affordable shortlived compute instances suitable for batch jobs and Fa tolerant workloads we're going to cover that again when we go to our pricing section shielded VM so deploy hardened virtual machines on Google Cloud [Music] hey this is Andrew Brown from exam Pro and we are taking a deeper look here at app engine so app engine is a platform as a service for your applications you can

quickly deploy and scale web applications without having to worry about the underlying infrastructure and a great way of thinking of this is if you know Heroku it's basically the Heroku of gcp so the idea here is you can use your favorite programming language whether it's nodejs Java Ruby C go python or PHP you can also bring your own uh language runtime and you do that by uh creating a custom Docker container so there is all our familiar logos just to kind of uh put home as to what you can use um it has powerful application

Diagnostics you have cloud monior cloud logging to monitor the health of your performance Cloud debugger and air reporting to diagnose and fix bugs quickly application versioning so easily create uh development test staging and production environments traffic splitting so route income incoming requests to different app versions a Tob tests and do incremental feature rollouts you have application security so defining access rules with app engine firewall uh and you can leverage manage SSL TLS certification uh certificates by default so the idea is that you have all this infastructure and this is not even the full list but

all this stuff around your application uh that you would generally have to do yourself but they do it all for you okay uh now there are two types of environments that you can launch with app engine you got flexible standard it's very very very important that you know the difference for the exam because they will have scenarios where you have to pick one or the other okay so you can simultaneously use both environments for your application so it's not you have to use one or the other it just depends on what kind of workload you're

running an app engine is well suited to applications that are designed using microservice architecture so splitting it down the line let's talk about standard and then we'll talk about flexible so standard I would describe as being serverless compute so it starts in seconds it's going to run in a sandbox meaning that there's an uh like you don't have uh like you're not deploying a container it's just you're uploading your code okay it's designed for Rapid scaling so it can handle uh sudden spikes of traffic it supports specific language versions uh but it's uh not a

custom runtime so if you've ever deployed a serverless function where you're just like choose Ruby that's the language you get of a particular version okay you're not going to get that much flexibility around that it can scale to zero instances so that's another characteristic of serverless compute its pricing is based on hours uh it cannot uh you cannot use SSH to debug it which is very common for serverless apps uh there are no background processes when we're looking at flexible these are fully managed containers so it starts in minutes uh runs with Docker containers on

compute engine uh VMS so that's what it's doing underneath it it's designed for predictable and consistent traffic it supports uh generally any language version or uh you can run a custom uh runtime must have at least one instance running the pricing is based on vcpus memory and disk you can SSH to debug it uh and you can have background processes so just understand uh those two and you'll be good for the exam [Music] okay hey this is Andrew Brown from exam Pro and we are taking a look at containers for Google Cloud platform form so

uh containers are a type of compute uh but there is so much going on here uh with Google that uh it deserves its own page so we have Google kubernetes engine so gke which is reliably efficiently and securely deploys and scales containerized applications on kubernetes you have Cloud build so continuously build test and deploy containers using the cloud Google Cloud infrastructure you have artifact registry so store manage and secure container images and language packages uh you have container registries so store manage and secure your Docker containers images uh these sound really similar and that's because

this vers this is actually the second version of container registry so both of them exist but generally it's recommended always to use artifact registry okay you're not going to probably see that like them lined up against each other but just so you know uh the benefits always towards artifact registry over container registry okay um if you want to use a virtual machine uh like a um a compute engine you can pretty much just checkbox it on and now you have a container optimized OS so it's really easy to use containers even with compute engine which

is nice you have Cloud run which is a stateless container fully managed environments and you can also use it with anthos so this one and I really should have highlighted this in yellow here but stateless containers is something you want to remember for your exam um they also have containers for the AI platform deep learning so this is when You' be using vertex AI uh you might need to have a bunch of tooling around that and then there's also um the Google marketplace for kubernetes application so you can so if you're using kubernetes and you

just need something that's already pre-built and you're willing to pay or there some free stuff in there you can go there and get them [Music] okay hey this is Andrew Brown from exam bro and we are looking at kubernetes which is an open- Source container orchestration system for automating deployment scaling and management of containers it's originally created by Google and now maintained by the cloud native Computing Foundation also known as cncf uh what's interesting is this Foundation also has their own certifications like the certified kubernetes administrator and the certified kubernetes developer so don't be surprised

if you see me making courses for that in the future uh kuber Denis is commonly called K8 the idea here is that the eight represents the remaining letters so u r n t uh the advantage of kuet over something like Docker and you've probably heard of docker fortain before but it has the ability to run containers distributed across multiple VMS that's what kubernetes can do that Docker cannot do on its own a unique component of cetes are pods a pod is a group of one or more containers with shared storage network resources other shared settings

that is kind of the uh special kind of uh infrastructure or architecture that kubernetes has kubernetes is is ideal for microservice architectures where companies have tens to hundreds I really should have highlighted and red for you tens to hundreds of services they need to manage if you don't have I didn't say containers I said Services because that could be there's even more containers than uh tens to hundreds you know what I mean there could be thousands but the idea here is that um kubernetes does add a lot of management layer to it but the idea

here is that uh you know when you have a lot of services it is the best choice [Music] okay hey this is Andrew Brown from exam Pro and we are looking at databases for the Google Cloud platform and the First on her list is Big query and this one is a big deal because not only is it a data warehouse It's a serverless data warehouse and the reason why that is important is because traditionally uh data warehouses are extremely expensive uh but this one uh because it's serverless that means it it can uh scale to

zero and uh it's uh you know only when you're using it do you pay for it okay and so that is a very unique Cloud offering as says they have kind of a serverless data warehouse it's totally not true the only one that has it is Google and so it's a big deal okay and it's definitely going to show up more in this course and it will absolutely be on the exam okay so um it can store terabytes or pedabytes of data using nosql it is a wide column database service and it also has built-in

ml which we'll re uh visit later on okay uh then there's Cloud spanner this is a fully managed relational database this is not postest this is not myal it is a proprietary ational database designed by Google uh for scale it has you SQL so you'd have to do a tiny bit of translation if you already have an existing database but the idea is that if uh you want something that uh scales like crazy then this is the service for you if you're using relational databases you got Cloud big table this is a nosql key value

store it is a fully managed nosql database for large analytic analytics and operational workloads um so that's there uh we have cloudsql and this is a relation database service so if you're using MySQL postgress SQL Server it's just a manag service to host them there then you have fire stor a nosql document database it adds U nosql document database uh to mobile and web apps it can get kind of confusing because there's another service called Firebase which we cover in this course and it uh has Firebase fire store but it's the same underlying service okay

uh this one is very similar to um mongodb it's not mongodb it's it's a proprietary uh service by Google um but one of its key features is that it has a real-time component to store and sync data in real time and that is a very big deal and that particular uh note there you want to remember because that will show up on the exam if someone's asking for um a database and there's a real time component it's going to be fire store okay you got memory store this is not going to show up in the

exam but it's an inmemory database to achieve Extreme Performance using a managed inmemory data store service so think of reddis that is basically what this is uh and then last on our list here we have database migration service DMS this is a uh serverless easy minimal downtime migration to cloudsql [Music] okay hey this is Andrew Brown from exam Pro and we are taking a look at databases so a database is a data store that stores semi-structured and structured data and a database is more complex data store because it requires using formal design and modeling techniques

databases can be generally categorized as either a relational database so structured data that strongly represents tabular data such as tables rows and columns that means it could either be row oriented or column oriented or non- relational databases semi structures uh uh data that may or may not distantly resemble tabular data and so the way these things work is you'll generally have a specialized language to query in such as SQL A specialized modeling strategy to optimize retrieval for different use cases more fine-tune control over the transformation of the data into useful data structures or reports and

normally when we just say database we're generally referring to relational row oriented data stores so think myql postest msql [Music] okay hey this is Andrew Brown from exam Pro and we are looking at the concept of a data warehouse so a it's basically a relational data store or database designed for analytical workloads which is generally column oriented okay so companies will have terabytes or millions of rows of data and they need a fast way to be able to produce analytical reports data warehouses generally perform aggregation so aggregation is grouping data so like finding a total

of average data warehouses are optimized around columns since they need to quickly aggregate column data uh and so data warehouses are generally designed to be hot um hot means that they can return queries very fast even though they have vast amounts of data uh data warehouses are infrequently access meaning that they aren't intended for real-time reporting but maybe once or twice a day or once a week to generate business uh uh generate business or user reports a data warehouse needs to consume data from a relational database on a regular basis so that's what we're kind

of seeing over here where imagine that this is our data warehouse and we want to generate a report the idea is that we're either ingesting data from SQL or if we're ingesting data from a non uh tabular like structure uh we have to use ETL so to transform the data into the format that we want okay [Music] hey this is Andrew Brown from exam Pro and we are looking at a key value store so key value databases or data storage is a type of non-relational database nosql that uses a simple key Value method to store

data and uh the way I like to describe them is that they're dumb and fast and they generally lack features like relationships indexes aggregation transactions you name it they don't have it but what they do have is speed okay so a key and Value store is a is a unique key alongside a value and the idea here is that a simple key and Value Store will interpret this data resembling something looks like a dictionary so an associative array or a hash and so when we look at it kind of like a table uh it can

resemble tabular data but it does not have consistent columns per row hence it's called schema list because it doesn't follow a particular scheme and due to the simple design they can scale well beyond a relational database uh and key value stores are generally the ones that are the most SC available but the idea is that because of the Simplicity of these things uh usually you are you know like these are really great for like leaderboards where uh the data is exactly stored the way you want to see it okay so if you have to do

joins or uh data manipulation uh then these are not going to be very ideal but if the data is exactly as you needed to see it then they work really well [Music] okay hey this is Andrew Brown from xam Pro and we are looking at document stores so a document store or document data is a nosql database that stores documents as its primary data structure so a document could be XML but it's more commonly Json or Json like documents are a subass of key value stores uh the the main difference is that they can store

nested dictionaries nested hashes okay uh the the components of a document store compares to relational database is the easiest way to explain it so where you would have tables they call them collections where you'd have rows they call them documents where you have columns they call them Fields indexes are the same and you do have some ability to do joining via embedding and linking so you know you can leverage that tabular data to kind of think about uh how document stories are but fundamentally they're not uh tabular data [Music] okay hey this is Andrew Brown

from exam Pro and we are looking at serverless services for Google Cloud platform so what is serverless well serverless architecture are fully managed services that automatically scale are highly available durable secure by default abstracts away the underlying infrastructure and are build based on the execution of your business task so the idea here is you pay for the value yet don't pay for idle servers and serverless can scale to zero meaning when not in use uh the services don't generally cost anything so let's look at Cloud functions this is functions as a service when we're talking

about serverless on any CSP this is what people look at first is what is the um serverless functions okay and so you choose a runtime upload single function code so they're not full web apps just parts of code uh and they're intended to be short lived and everything else is taken care of for you you have Cloud run this is for seress containers so run stateless containers on a fully managed environment or via anthos you have app engine platform is a service so build and deploy apps using traditional web Frameworks and all the underlying infrastructure

is taken care of for you platform as a servic is not always serverless but app engine specifically has a serverless offering which is um The Standard Version you have event Arc and this is a serverless event bus so you build event driven solutions by inly delivering events from Google services SAS and your own apps used for application integration um aws's one is called uh event Bridge so it's the same thing there but the idea is it's application integration for Google services and other third parties okay you have K native this is serverless K8 containers deploy

manage serverless Cloud native applications for kubernetes you have workflows this is a serverless state machine so orchestrate and automate Google cloud and HTP based API services with server workflows you got big query servess data warehouse understand your data using a fully managed highly scalable data warehouse with built-in ml then you have cloud storage this is seress storage so uh it's an object store and the idea is that this stuff is highly available um it's distributed across multiple uh data centers you just upload files you don't think about anything um like about the discs or anything

else [Music] okay hey this this is Andrew Brown from exam Pro and we are looking at storage for Google Cloud platform so we got cloud storage persistent disk and file store uh there is um Cloud surf for Firebase that's not going to show up on your exam but let's dive into these three uh really quickly about their architecture and why they would be used in certain circumstances so for persistent dis the idea here is that it's using blocks as a means of storage so it has a virtual disc and it stores things just like it

would on a regular disc uh the idea here is that you have direct access to the operating system uh and it supports only a single right volume all right we'll talk about the use cases at the end of going through these three architectures then we have file store which is a um a file share so the file is stored with the data and metadata we have multiple connections via the network share supports multiple reads but uh for uh uh writes they're going to get locked when someone's writing okay then you have uh cloud storage which

is for object or blob storage uh so data is stored as objects so there's metad day unique ID it scales with limited uh with uh next to no upper limit in terms of the storage supports multiple reads and wrs uh so there are no locks in place so what would you use these things for well the first one the idea is that you would if you had a virtual machine and you need a volume you could attach a block storage this is just basically a virtual hard drive so you could have a VM with multiple

uh block storage uh or virtual hard diss but the thing is is that um that virtual disc is only being used uh by one operating system at the time the the single VM okay so if you needed to have uh a a virtual hard disk that could be accessed by multiple virtual machines that's where you're going to be using a file share and that's what file store is or you could also just have users connect to it because it's using this NFS and SMB protocol and these are ways where you could easily Mount the drive

to your Windows computer or to a virtual machine okay um and so then last we have is um uh cloud storage which is an object serverless storage the idea here is that you can just upload files you don't have to choose the size of the drive the type of the drive you don't have to worry about backing up the drive or the redundancy of the drive it just works right and there's no concept of a drive it's just there's a bucket and you put everything in it uh the only uh drawback here it's not intended

for high IOP so input outputs reads and writes like it's pretty darn fast but the idea is that you know if you uh you know it's not going to be used as the primary drive of a of a virtual machine right it's going to be for accessing files okay so hopefully those three categories are [Music] clear hey this is Andrew Brown from exam Pro and we are taking a look at cloud storage so cloud storage is a serverless object storage service you do not have to worry about the underlying discs right sizing availability durability uh

the file system underneath you only pay based on the storage so the at rest storage and the download so actually accessing or requesting files uh files are called objects and folders are called buckets uh it has unlimited storage with no minimum object size uh probably there is an upper limit most um servess object storages do have a particular limit but theoretically it's unlimited storage worldwide accessibility and worldwide storage locations low latency so time to First Bite typically 10 of milliseconds has a high durability so it has n99 of annual durability when I say 99 it's

because uh it's 99 and Then followed by 99 okay uh it has Geo redundancy if the data is stored in multi- region or dual region it has a uniform experience with cloud storage features security tools and apis um and I want to cover available storage classes because these do show up on the exam this isn't something that other fundamental certifications would go this deep on but um uh Google really wants you to know uh better in detail their core services so uh for um available storage classes we have standard uh and so here this is

for frequent uh file use if you're building a web application or just general use you're going to be going with standard storage now this is the least cost effective solution it's not expensive but there's ways to save okay you have nearline storage this is when you're going to be accessing on average a file once a month or less right it's going to be cheaper uh than standard storage but the key thing is once a month or less uh then you have cold Line storage this has a higher access cost than nearline store but a lower

at at rest cost so that's kind of just a bit of a trade-off there you have archive storage this actually has no SLA um uh availability it's zero availability uh SLA uh because it's just it's offline right so uh very slow retrieval very cost effective rarely or never intended to be accessed you're using these to store like um uh you know like reports or accounting information that you have an obligation to store for seven years that's when you'd be using that notice that there's this number here it says uh 0 30 90 365 this is

the minimum storage duration it's the minimum days a file needs to remain in a storage before deleting if deleted prematurely a charge will occur so the idea is they want you to hold on to them for a particular time uh to effectively use them right because if you delete them sooner then it doesn't make sense for um for you or for Google Cloud but yeah I just want to emphasize that available storage classes will be on the exam and they showed up more than once for me so definitely know the difference [Music] okay hey this

is Andrew Brown from exam Pro and we are looking at networking for the Google Cloud platform so the most important service to talk about is virtual private Cloud VPC is a logically isolated section of the Google Cloud Network where we can launch Google Cloud re resources and the idea is um you know once you have your slice of the network uh the amount of resources you can launch is based on how many available IP addresses and that's determined by cider range so cider range or cider notation is a uh a format that looks kind of

like an IP address it has this forward slash uh uh thing on the end here and that is what's determining how many available IP addresses are if you have 65,000 that means you can launch pretty much 65,000 virtual machines uh you don't ever just launch something into a VPC you'll launch it into a a subnet of a VPC a subnet is a subdivision of the virtual private Cloud uh and the way that works is that you would actually have to choose a CER range as well that CER range is going to be smaller than the

the the VPC one interestingly enough the the larger the number is the smaller the IP range is that's just how the math works you don't need it for to need it know for the exam uh but I like to cover this stuff anyway because it's fundamental information uh we have public subnets and private subnets public subnets can reach the internet private subnets can't reach the internet uh now there is no a hard rule about that like there's no constraint that is like you don't say create a private subnet you just create a subnet and if

you don't want uh if you want to treat it as a private subet just don't give them any uh external or public IP addresses so here I have a little diagram I made here for you just to kind of explain some of the components this is not an exhaustive one networking has so so many features here um we just get too complicated so we just have a very simple example here so here we have our VPC a VPC has to be launched within a region so here it is in US West one we have a

public and private subnet uh these would be launched in particular zones that's how you get um multis zones so you create a subnet across one subnet per zone so you have three zones and that way you'd be highly available we have uh computer engines these are virtual machines running here so if we wanted a virtual machine in our public subnet to reach the internet it has to have an external IP address uh it would also communicate through internet gateway uh in Google Cloud you don't have to create an internet gateway like AWS it's just there

there's already routes set for it um so that's really nice you don't have to think about that uh for a private subnet if it has to go out to the internet not internet coming in you'd have to use a network address translation uh so cloudnet that's pretty standard across all the cloud service providers if if you're trying to get uh traffic into a a virtual machine sitting a private subnet that is where you'd need some kind of hybrid connection so a cloud VPN or Cloud inter interconnect you'd probably be using both of these in combination

that's usually how it goes or just the cloudvpn but that basically establishes a private connection to uh this VPC and it's its private subnet and that way you could just treat it as the same network the way you're going to protect your your resources is via uh a firewall rules firewall rules um are at the instance level and uh they're also stateful so you can say allow or deny which is when again if you're in AWS it's totally different right you have um you have uh uh different controls for that okay uh but yeah that's

generally the main components there [Music] okay hey this is Andrew Brown from exam Pro and we are looking at more networking services for the Google Cloud platform now these are just basically auxiliary services not all of them you really need to know in detail for the exam but you should know them in general uh and they can kind of help you out so let's go through them all so we have Cloud armor this helps protect against dos and uh web attacks we're going to cover that later again this one could show up on your exam

Cloud load balancing is just a load balancer a high performance load balancer uh we have Cloud CDN so this is uh a Content distribution Network it cashes your data globally so that you know your websites load fast stuff like that um cloudnet a provision applications without public IP addresses allows web apps to communicate in private subnets out to the internet to download things like packages or software updates things like that cloud DNS publish and manage your domain names using uh Google's reliable resistant low latency DNS service uh traffic director this is a global load balancer

this is this has to do with like service mesh stuff um Cloud interconnect so connect your infrastructure to Google Cloud on on your terms from anywhere uh cloudvpn security extend your on- premise Network to Google's Network through ipvp and tunnel that's how you get a a secure connection from your uh on premise to your um your network Google Cloud Network Cloud router dynamically exchange routes between your uh Google Cloud virtual uh VPC Network and your on premise networks using BPG uh so that just a component you need to do a hybrid connection and then we

have some auxiliary services like very auxiliary services for just kind of like monitoring things like that so Network can tell Center a single console for comprehensive network monitoring verification optimization Network Telemetry traffic track Network flows for monitoring forensics real time uh security analysis expense optimization network service tiers optimize your network for performance or cost so for your exam um you know cloudvpn Cloud interconnect Cloud armor and that's about it okay now they talk about they say like there're supposed to be things like uh sdwan and and and service mesh I never saw those on the

exam so these are the real Three that you need to know but these are all the other things that are involved [Music] okay hey this is Andrew Brown from exam Pro and we still got one part left with networking these are just kind of like features of VPC that um I just want you to know they're not core to any questions on the exam but they might show up as choices and so it'll help you eliminate them as the wrong answer okay so we have private Google Cloud this allows your instances to reach Google apis

and services using an internal IP rather than a public IP address so uh you know sometimes services are publicly accessible uh maybe like fir store or something like that or big query and so the idea is you want them to stay in the network right because you're paying outbound or egress costs or you're concerned about security and so having private Google Cloud turned on is a good idea that doesn't necessarily mean that your subnets a private subnet because you turn this on it just means that when it communicates with Google services it's going to use

a private IP address um for shared vpcs this is a way of sharing subnets with their projects so connect resources from multiple projects to a common VPC this sounds like VPC Network peering it's more like a convenience feature where you're not doing at the networking level it's more at the project level um so it confuses me a bit but uh you know I get it uh there's vbc networking peering so privately connect to VPC networks which can reduce latency cost and increase security so uh VPC peering is common in all cloud service providers uh yeah

just joining those vpcs together serverless VPC access allow Cloud functions Cloud run Services app engines standard environments apps to access resources in a VPC network using those private IP addresses I wonder if you have to have private Google Cloud turned on for that but it sounds like the other way so private Google cloud is like my machine connecting with other uh Google cloud services and serverless VPC access is just services that are generally public facing where you access them over a public IP address uh access things via the private Network [Music] okay big query is

a serverless fully managed data warehouse and analytics engine designed for fast scalable data processing across Cloud so here is a screenshot of the big query studio and I'm just going to tell you that this is the best in-class data warehouse out of all the cloud service providers if there's one service really worth using on gcp it is Big query um and so the idea here is that you can run SQL queries in your editor um it's pretty straightforward to use you can easily connect to various data sources uh and bi tools for smooth data import

you can quickly browse data sets and tables through the userfriendly interface you can use the UI command line apis making it simple for both beginners and experts um in terms of the workflow it kind of looks like this so on the left hand inside you have data ingestion so you can uh you have things coming from Big query cloud storage Google Sheets databases apps files upload you're bringing that raw data into bigquery it's interesting you can bring big query into bigquery and uh here we can refine the data and then we can output it to

bigquery or cloud storage and then from there we can analyze the data with bigquery or bigquery ml looker which is obviously a bi tool Google data studio uh partnered uh bi services like Q Link uh or send it to the cloud AI platform in terms of key features for big query we have serus and manage there's no need for infrastructure uh Google handles scaling and updates and I'm going to tell you there's other providers that have serverless I'm doing air quotes right now serverless um uh data warehouses but the only one that I consider truly

serverless is Big query because it's so easy to use it's real time and flexible it supports continuous data streaming and handles structured and unstructured data it has multi cloud and analytics so it can analyze data across multiple clouds using open formats like Apachi Iceberg which is becoming a very popular um table format we have efficient storage and querying so colmer storage for fast queries with built-in analytics and machine learning security and governance so centralized access controls encryption and compliance tools it has flexible pricing so on demand uh or reserved pricing to optimize costs and when

we're talking about data input support it can support a variety of format types so CSV Json Avro parat Google Sheets for analysis uh but Excel is not supported which kind of makes sense it's a Google product and if you ever tried to parse an XLS file it is a pain so I kind of understand that but a really really good service it is worth your time to learn more about it [Music] okay all right let's take a look at looker which is a business intelligence tool that allows users to explore visualize and share their company's

data to make informed business decisions looker lets non-technical users analyze data through easyto use dashboards and drag and drop tools allowing them to create custom reports and insights without Advanced Data skills looker offers three platform additions standard so ideal for small teams under 50 users Enterprise designed for internal bi analytics at scale embed ideal for and external Analytics and large scale customer apps in terms of feature sets we have a unified data platform so realtime access to multiple data sources for consistent upto-date insights across teams for personalization and customization it can quickly create custom dashboards

and reports which they call looks for personalized insights for collaboration and sharing we can easily share data and reports via emails links or integrated tools for development and integration we can use look ML and apis to customize data models and embed insights into other apps and so there's an example of what a look would look like um I don't have strong opinions about looker because I have more familiarity with powerbi and Tableau um and you know the base cost for this service is a bit um makes me uninterested in utilizing it but in further gcp

certifications you actually have to utilize it a lot more more um so in those courses we look at a bit deeper but I look at this uh offering just like I look at Amazon um uh Amazon's bi tool A's bi tool um uh I can't remember what it's called off the top of my head right now but uh anyway you know it's nice that they have it but you know if it's a real company I think they're going to be using powerbi or um uh Tableau but you know if you want to keep all your

data within the Google ecosystem that's one reason why people uh might want to utilize this [Music] okay all right let's talk about Integrations between big query and looker so big query and looker lets you explore and visualize big query data directly within looker making it easy to analyze large data sets without needing complex queries so you know the idea is that with SQL you can get it from looker or or sorry looker can get from Big query using SQL and and looking can bring results back to Big query uh so that's kind of a little

screenshot of uh that example um but anyway query uh you can query big query data in real time getting insights without waiting or delays no data transfers so no need to move data keeping workflows smooth and fast unified access so intuitive interface for exploring data without needing SQL skills seamless integration so combine big query power with Lookers visualization for fast and actionable insight so there you [Music] go hey this is Andrew Brown from exam Pro and we are looking at internal services for the Google Cloud platform so these are services that you generally cannot use

and they're and they're designed to be uh supportive of all the underlying infrastructure for many Google cloud services I just want to get you exposed to these because uh they might show up as choices as distractors on your exam uh and you might see them in the documentation with no context and so you just might wonder what these things are so that's why we're going to cover them and the first one actually is an exception where you can use this service but it's spanner and so spanner uh without the word cloud is the internal service

globally consistent scalable relational database and then Google made this available to us as Cloud spanner then you have Borg it's a cluster management manager that runs hundreds of or thousands of jobs from uh many thousands of different applications across a number of clusters each with up to tens of thousands of machines Borg I think is inspired by Star Trek right the Borg we have chubby a distributed lock manager dlm as a service uh that temporarily prevents files and records from being used by another user or operation on a virtual machine and then you have Colossus

cluster level file system successor to the Google file system GFS provides the underlying infrastructure for the Google Cloud Storage service from fir store to cloudsql to to uh to fir store again I suppose and to Cloud storage I guess I was trying to write something else there but that's okay but there we [Music] go hey this is Andrew Brown from exam Pro and we're looking at what is apogee so apog Corporation was an API management and predictive an analytics uh software provider before its merger into Google Cloud so apogee is a founding member of the

open API initiative so uh that's where we're talking about open API 3.0 specification originally known as the Swagger specification so open API specification is an open source standard for writing declarative structure of an application programing interface API and can either be written in either Json or yaml format so here it is uh but what what they're talking about here is that there's things called API gateways and API gateways is a hosted version of um an API uh and the and if you're familiar with apis the idea is you can Define endpoints you can say I

want a route to users and it's a get and the idea is I want to send it to somewhere I want to send it to this Lambda to this uh virtual machine or whatever okay uh csps will have fully managed API Services known as API Gateway these API gateways generally support open API standards so you can quickly import or export apis so like on AWS you can use open API 3.0 or Swagger which is 2.0 same thing with gcp same thing with Azure they all have these things okay but in particular Google uh has apog

okay and so their apog services were um blended into Google Cloud platform [Music] okay hey this is Andrew Brown from exam Pro and we are looking at API management so API management is where you have API gateways uh that are basically hosted API end points that access Google Cloud resources we got a couple of options here we have the apog API platform this is API Gateway develop security deploy monitor apis everywhere expensive but has many features then you have Cloud endpoints this is also an API Gateway develop deploy and manage apis of Google Cloud cheap

and simple good Integrations with app engines and other services I don't know if Cloud endpoint came before apog uh but I mean I can understand why there's two offerings here you know they acquired a company that had an API Gateway and then they just wanted a cheaper one that's more like serverless kind of offering on the right hand side so but we'll look at what apog does cuz it does a ton so we have API Analytics we have API monetization where you can actually um people pay to access particular resources via the API apog sense

so add intelligent uh Behavior detection to protect apis from Attack apog hybrid so manage API on premise on Google cloud or in a hybrid environment so you can use your apis outside of Google Cloud which is cool Cloud Healthcare API help secure apis uh that power actionable Healthcare insights I think that last one is on the apog side uh for cloud points um now doesn't sound like it does much but it has one really cool thing which is a developer portal so the idea is that once you've created your API you can press a button

and it takes about 10 minutes what it'll do is it'll spin up a a um a website or web app that allows you to explore the API and that's really useful if you're just like looking for documentation or you want to interact with the API for uh the developers on your team and I really like that feature so there you go hey this is Andrew Brown from exam Pro and we are looking at data analytics services for the Google Cloud platform so the number one here is Big query understand your data using fully managed highly

scalable data warehouse with built-in machine learning you got Cloud composer create schedule Monitor and manage workflows using a fully managed orchestration service built on top of apachi airf flow you got data flow develop real-time batch and stream data Pro processing pipelines it is using apachi beam in this case cloud data Fusion so quickly build and manage data pipelines using fully managed codefree data Integrations with a graphical interface you have data prep by uh trifacta so explore clean and prepare data for analysis data proc perform batch processing querying streaming using a manage aphi Spock Hadoop Service

uh you got Google data Studio tell great stories to support Better Business decisions Pub sub andest event streams from anywhere at scale data catalog discover and understand your data using a fully managed scalable data Discovery and metadata managed service Cloud Life Sciences process analyze and annotate G genomic and biomedical data at scale using containerized workflows for the exam you want to know the difference between data flow and data proc because these will come up uh like side by side in choices and they seem very similar because they do the same thing actually these three all

do the same thing they're etls they take data and they they do batch Transformations on them or streaming on them but this one here data proc is when you want to use Hadoop uh it is it is uh then you have data flow and this one is more of a fully managed service and then cloud data Fusion this is where you actually have a graphical user interface and it's code free all right so you know if you understand the difference between those three services uh you're going to get yourself some extra points there on the

exam uh other than big query nothing else really showed up here just those three okay [Music] hey this is Andrew Brown from exam Pro and we are going to make sure we know the difference between data proc data flow and cloud data Fusion because they're going to show up on the exam and they can get confusing okay so data proc is for open-source pipelines Apachi spark Apachi Hadoop so it can do uh batch processing querying and streaming and so the real Focus here is really on spark because spark is known to be the fastest tool

I think it's like 50 times f faster 100 times faster than standard Hadoop jobs uh and just overall super super fast extremely popular so uh you know that is the reason why you'd go with data proc because you're using aachi a spark or H dup uh the downside here is there's more uh management to be uh involved here uh some of it's abstracted away but not all of it then you have data flow this is a fully managed pipeline for batching and streaming okay it's powered by apachi which is technically open source but that is

not an open source tool for uh actually doing the batching and stuff it's to manage the pipeline okay so if you need a fully managed service that's what you're going to use then you have cloud data Fusion this is a um a a way of visually building pipelines it's no code Enterprise solution for building eail pipelines via drag and drop interface I don't think he can use this for streaming it has 150 plus preconfigured connectors and Transformations so you just drag and drop drop stuff uh you just run it and as it's consumed that's what

it does uh if you're using Azure this is the same thing this is similar to Azure data Factory or ads this is as similar as uh glue okay um you know again I don't think it does streaming but uh I think that cloud data Fusion probably would have the highest price point for best performance you would be using data proc for the least amount of headaches but still doing thing pragmatically you'd be using data flow okay so those are the three and and remember them [Music] okay hey this is Andrew Brown from exam Pro and

we are looking at developer tools now these aren't really going to show up on the exam or if they are we've already covered them the most important ones but I just wanted to go over these just so that you had a full scope just for your own knowledge of things that are here I couldn't even be bothered to even pull out icons for this one but let's get through it here cuz I think that you know you might be able to take something away from this that you might use in your own uh development workflow

okay so you have artifact registry so this is for storing containers you have the cloud SDK we covered that earlier this is a um a package to interface with the uh command line interface or pratically write code in your code you have container registry this is the older form of storing containers recommended to use artifact registry nowadays you have a code or Cloud code man that's a hard one to say extend your IDE with tools to write debug deploy kubernetes applications so it's just um probably I think you saw that with Visual Studio code but

it's just stuff around kubernetes Cloud builds so we looked at this in um in our container section this is for running containers for build environments uh Cloud source repositor so manage code and extend your git workflow by connecting Cloud build app engine stuff like that it's just a way of connecting uh git repos to various Services Cloud scheduler schedule batch jobs big data jobs Cloud infrastructure operations using a fully managed Crown job service if you're used ads that's Cloud watch right Cloud tasks asynchronously execute uh dispatch deliver distributed tasks when you're working with Cloud functions

you're going to be working with Cloud tasks uh Cloud code for intellig so debug production Cloud apps inside intellig okay uh tools for Powershell so you can work with power shell with Google you they got tools for visual studio code Eclipse app engine plugins a Maven app engine plugin so it's all for Java there the Gradle and the maven Firebase test lab so uh test your mobile apps from a variety of devices and device configurations that one I'm interested in checking out Firebase crash analytics but these are all within Firebase so that's the only issue

there um uh so get uh clear actionable insights into your app issues tecton so create C uh style pipelines using kuber net native building blocks workflows Oran or istrate and automate Cloud uh Google Cloud HTP Based Services that's a Ser State machine event Arc uh build event driven solutions by asynchronously um delivering events from Google services that is just a Serv event bus so a lot of these we've already covered but just just wanted to show you some of these tools because maybe you use one of these IDE and you just want oh okay I'm

going to go check this out I use Eclipse that'd be cool you [Music] know hey this is Andrew Brown from exam Pro and we are looking at hybrid and multicloud services for uh Google Cloud now it seems like we're reiterating over the same uh Services again and again in different ways and that is on purpose because I want you to know these services so you can remember them for the exam so let's get to it the first is anthos so modernize existing apps build web apps build uh in hybrid and multicloud environments when enabling consistency

between on premise and Cloud environments remember anthos allows you to extend your control plane to not only other multi or other clusters providers but also on premise can do compute and kubernetes you have anthos deployed on VMware so monetize existing apps and build new apps on your VM environments they're never going to ask you to do a a VMware deployed on uh or anthos deployed on VMware but VMware can show up on the exam so you should know what that is anthos gke so that's go Google kubernetes um engine so deploy manage and uh scale

containerized applications on kubernetes powered by Google Cloud this is this is just showing you that anthos handles Google Google kubernetes environment anthos config management automate policy and security at scale for your hybrid kubernetes deployments you have Cloud run fanth so easily leverage and uh the benefits of combining kubernetes and serverless apog API management deploy secure um and monitor apis everywhere remember you can use apog in hybrid or multi uh multic Cloud okay so that is one of its advantages the Google Cloud Marketplace for anthos easily deploy containerized apps uh uh with features of pre-built deployment

templates and Consolidated building migrate for anthos so if you're trying to U Move um uh servers onto uh Google Cloud this is going to be specifically for uh containers I've seen this questions on the exam where you have to choose between migrate for anthos and migrate for compute engine and so if it's virtual machines you're using compute engine if it's uh containers you're using U migrate for anthos okay uh there's operations so aggregate metrics logs and events from your infrastructure to get signals uh uh and the speed of analysis that's under compute engine you have

traffic director this is a global load balancing uh across clusters and config sophisticated traffic control policies for open service mesh what you really know need to know is anthos because anthos is what's going to show up on the exam okay hey this is Andrew Brown from exam Pro and we are looking at Internet of Things So internet of things are physical objects embedded with sensors software and other technologies that stream data to cloud services or other Edge devices an edge device is a device that is an entry point to a service provider Network so uh

Google has exactly one offering for iots and that's iot core securely connect and manage iot devices using a fully managed service if you're wondering what kind of things would be iots maybe you'd have something like a smart plant uh sensor uh video security this is a the ring device by Amazon where it will when people press the button it will record uh you have conversational AI so a home assistant you know like Alexa Google home uh temperature control with Nest uh there's these iot kits this is the adus one but Core 2 is pretty much

a standard one for iot kits to start learning how to use iot and of course drones so there you go hey this is Andrew Brown from exam Pro and we are looking at Cloud deployment manager so to understand this we need to know what infrastructure's code is so IAC is the process of managing and provisioning cloud services through machine readable definition files so yaml or Jason files rather than manual configuration when you want to have governance in your Cloud you want to use IAC because it it means that it will exactly Define what there is

uh and that is a really great way to keep track of um exact configuration okay so for Google it's called Cloud deployment manager uh so that is their IAC service you write them as yaml files uh and you deploy them via the cloud CLI I was a bit surprised to see that they didn't have like an upload and so I was a bit confused as to um how they go do this if you search for IC for Google Cloud you'll see terraform a lot which is a third-party provider for some reason they just kind of

like buried their own uh IC Solution but it does exist and I don't believe there's a Json format just Amal files um but there you [Music] go hey this is Andrew Brown from exampro and we are looking at the operation Suite which is just a collection of operation or monitoring services for Google Cloud so allows you to monitor log trace and profile your apps and services so the main one here is cloud monitoring provides visibility into the performance availability and overall health of the cloud powered applications you got service level monitoring so Define and measure

availability perform and other service levels for cloud powerered applications for cloud logging a reporting you have Cloud logging so store search analyze Monitor and alert on log data and events from Google cloud and AWS airor reporting identify and understand application errors then you have APM so you have Cloud Trace fine performance uh bottlenecks and production Cloud debugger investig investigate code behavior and production and Cloud profilers to continuously gather uh performance information using low impact CPUs and Heap profiling Services is this stuff going to show up in the exam probably not you should just know Cloud

monitoring here [Music] okay hey this is Andrew Brown from exam Pro and we are looking at Firebase so this is Google's fully managed platform for rapidly developing and deploying web and mobile apps uh really it's a platform as a service utilizing serverless technology Firebase offers the following services and features so uh Cloud fire store machine learning cloud functions authentication hosting cloud storage real-time database crash a Linux performance monitoring test lab app distribution Google analytics inapp messaging predictions ADB testing Cloud messaging remote config Dynamic links so Firebase is basically an alternative to using Google Cloud directly

for users who want to focus on building and deploying their applications in a highly pinion framework if you ever heard of adus amplify it's basic that's the adabs uh competitor for this the only thing that um I find like this service is great but I find that it's very hard to migrate off of Firebase onto Google Cloud um but the idea is that you know if you just you don't really want to learn all the the infrastructure as the service stuff and you just want all this convenience around you this thing is really great [Music]

okay data flow is a unified streaming batches batch data processing that's serverless fast and coste effective so there's a screenshot of uh a flow right there uh it can do stream analytics so inest process process and analyze fluctuating volumes of realtime data for realtime business insights it has realtime AI so streaming events to Google Cloud's vertex Ai and tensorflow extension so tfx um it has many use cases like Predictive Analytics fraud detection realtime personalization and anomaly detection it's supported with cicd for ML through Cube flow pipelines it can do iot streaming for sensor and log

data processing in terms of its other features we have data flow SQL so it allows you to use SQL uh directly uh uh in there U so that's really useful it has flexible resource scheduling so Advanced scheduling techniques to to reduce batch processing costs data flow templates so easily share your pipelines across your organization teams um it has vertex AI notebook integration which is really straightforward you can get a private IP it has horizontal scaling uh it can work with a poachy beam if you're not sure what a poachy beam is it's an open Source

unified model for defining both bat and streaming data parallel processing pipelines uh we have data flow Prime so this is a serverless noops autot tuning architecture it also has vertical scaling it has right fitting um so it's a very very good service uh this is why Google is known for ML and data because they have some of the easiest and most robust data and ml Services data flow being one of them okay [Music] Google cloud pubsub is a messaging service that lets different applications communicate by sending and receiving uh messages in real time I always

say application integration that's more of a term over on ads but this does the exact same thing um it can support low latency messaging for real-time data pipelines enabling fast event driven workflows it has Publishers which send events to a topic and subscribers which receive them asynchronous a synchronously very hard word to say separating event creation from processing it works with tools like data flow for streaming big query for analytics and cloud storage for distribution it's ideal for realtime apps data iot streams cash refreshing load balancing and database replication there are two service options here

we have the standard and then we have Pub sub light which is lower cost with manual capacity management and zonal Storage so it really depends on what your use case is here in terms of a message life cycle you first have a publisher which sends a message to the pub subtopic I'm going to get my uh pen tool out here just to make it a lot more clear but we have publisher here and they're sending that message to the topic right then the message is stored somewhere so here it's in the message store the pub

sub delivers the message to all topics uh or topic subscriptions okay so that is this step here and so in this example there's only one subscription but there could be more right we could see multiple subscriptions here the subscription forwards the message to a subscript application so I'm going to assume it's here y right there that's the app down below that's the subscriber the subscriber processes the message and sends an acknowledgements which we call an act um to tell them that the message was received and then pubsub will delete its storage very similar to other

pubsub systems um like like sqs on AWS or um whatever the two there's two different ones on Azure can't remember off the top of my head but very similar similar kind of service [Music] okay hey this is Andrew Brown from exam Pro and we are looking at migration services for Google Cloud the first signer list here is the database migration service and this is when you're migrating open source relational databases into cloudsql didn't see this one in the exam which is kind of a surprise cuz I think that would be kind of an essential one

might show up in the future uh maybe I just didn't get any questions for that we got big query data transfer service this is when you're importing data into big query uh again another one I did not see on the exam uh then we have migrate for compute engine and migrate for anos these are two you want to remember when you want to import from your on-prem into um or migrate on Prem into your Google Cloud you're going to be using compute engine for VMS and for anthos you're going to be using containers you got

to remember remember the difference between these two because they will show up in a lineup for sure another one and this time it's for storage not compute but you have cloud storage transfer service so this is when you're migrating just general storage like data uh it could be from S3 it could be from on Prem um and then there's also transfer Appliance this is where uh you are transferring storage but you have so much data like terabytes of data that you need a physical drive to ship the data so these two I'm giving you extra

emphasis here these two and these two are going to show up in a lineup on the exam for sure so know the difference between them [Music] okay I have just a few uh key Cloud migration terms that I didn't know where else to fit in slide so this slide is really boring but it's really straightforward that I wanted to get you exposure to before we start talking about all these migration types um so the first is workload this is your apps your services or tasks that you can plan to migrate to the cloud you have

retire this is where your commissioning workloads that are no longer needed or useful and we have retain so keeping workloads in the current environment typically due to complexity complexity or compliance reasons so those are your three uh terms that you will see repeated when we're talking about different types of migration I just wanted to get you some exposure there [Music] okay all right let's take a look at the types of migrations and so there are four uh main types of of migrations from on premise to the cloud I want to point out that these terms

some are Universal but other ones are just made up by Google and there used to be fewer but now there's more I'm I'm not saying I necessarily agree with them but I'm just saying that Google's created this language to help organizations to U you know frame their migrations so just understand that uh but the idea is that they work on a spectrum so the ones on the left are easier to implement with limited Cloud benefits and the ones to the right are labor intensive with full Cloud benefits and we have here rehost so lift and

shift rep platform lift and optimize refactor move and improve rebuild rip and replace so uh for rehost you have little to no modification taking the least advantage of the cloud fastest migration strategy for re platform lift workloads with minor adjustments leverage more Cloud features with major changes slower than rehost but gains more Cloud benefits for refactor refactor your existing apps to smaller Cloud native features take advantage of the most offerings of cloud slower migration process but offers better performance scalability for rebuild your building your app from scratch you're taking advantage of the maximum value of

offerings uh but this can take the largest amount of time or longest amount of time so we'll look at these in more detail but it's pretty straightforward what these are um but there you [Music] go let's take a look at rehost or lift and shift as it's more commonly known everywhere else but this will move workloads from a source environment to a Target environment with minor or no modifications or refactoring it's ideal when you have a workload that can operate as is in the Target environment with little or no business needs for change you cons

uh considerations here is it requires the least amount of time because the amount of refactoring is kept to a minimal uh teams can continue to use the same set of tools and skills that they were using before it doesn't take full advantage of cloud platform features like horizontal scaling fine grain pricing highly managed services so you know a rehost would be like imagine you run everything on a VM a virtual machine you just run it on a Google Cloud VM just bring that on over that would be an example of rehost [Music] okay let's take

a look at rep platform so rep platform moves workloads to the cloud with minor optimizations for cloud benefits this is ideal when the app can run in the cloud but needs slight optimizations small changes improve Cloud performance or cost efficiency considerations here is it requires more effort than lift and shift optimizations might need code or configuration changes learning new Cloud features or tools may be necessary maybe an example here would be okay we're going to Leverage uh like let's say we're running everything on VMS but now we're utilizing Cloud spanner to replace the SQL component

or um you know things like that so this is where you're making minor uh Integrations of cloud services [Music] okay let's take a look at refactor or move and improve this is where you modify and Miz the workload while migrating to take advantage of cloud native capabilities this ideal when the current uh app architecture is in cloud ready major updates or Improvement are needed for performance considerations here it takes more time than basic migration requires refactoring the code during migration demands extra effort and new skills for optimizing the cloud so if you're used to just

kind of um uh taking a VM and vertically scaling it maybe you want to make sure that your app can do horizontal scaling and so the way you handle sessions could be different um this could be using more heavier Integrations for cloud so maybe your background jobs you're moving them into Cloud functions um or you're you know changing the way your code is written so that you know maybe uh if you're using containers and there's layers that are abstracted away on Google Cloud run that you just remove those layers all sorts of things you can

do here but the idea is not 100% from scratch [Music] okay let's talk about rebuild or remove and replace sometimes called rip and replace this is where we decommission an existing app and we completely redesign it and rewrite it so it it's a cloud native application or we can say cloud first if we're over on datab best they would call it a cloud first application this is ideal when the current APP isn't mean your goals you want to remove Legacy technical debt but everybody knows that uh debt just never goes away you just create new

debt so you're just trading one kind of debt for another but that's totally fine uh here it requires the most amount of time to develop requires the most amount of learning but you can take maximize uh the most that you can get from cloud so maybe one solution would be like maybe you're going to utilize um uh Firebase like the whole Firebase ecosystem um uh and and leverage it there or make it 100% servess and use cloud functions and Google Cloud run um so yeah there you [Music] go hey this is Andrew Brown from exam

Pro and we are looking at migration path and the reason I want to go through this stuff is not because they're going to ask questions on the exam but it's going to help you contextualize a lot of the business use case scenarios because you know this isn't like a normal uh fundamental uh certification they just make it a lot harder so you need that contextual knowledge okay so there are four phases of your migration there's assess plan deploy and optimize this is going to be text heavy but we'll work our way through it and you'll

leave with some knowledge okay so for assess perform a thorough assessment and discovery of your existing environment in order to understand your app and an environment inventory identify app dependencies and requirements perform total cost of ownership calculations and establish app benchmarks we got plans so create the basic Cloud infrastructure for your workloads to live in and plan how you will move apps this planning includes identity management organization project structure networking sorting your apps and developing a prioritized migration strategy we got deploy so design and Implement execute a deployment process to move your workloads to Google

Cloud you might also have to refine your Cloud infrastructure to deal with the needs optimize begin to take advantage of cloud native Technologies and capabilities to expan your business uh potential to things such as performance scalability Disaster Recovery cost training as well as opening the doors to machine learning AI Integrations for your app so we'll spend more time right now into each of these four phases just to kind of cement this knowledge okay phase one is is the assessment phase you gather information about the workloads you want to migrate and their current runtime environment so

you're going to take an inventory build a list of your machines Hardware specifications operating systems and licenses you'll have catalog apps so build a catalog Matrix to help you organize apps into categories based on the complexity and risk in moving to Google Cloud uh I I don't think we show it in here but the idea is if you want to see it they have an example in the Google Cloud documentation educate your organization about Google Cloud so train and certify your software and network engineers on how the cloud works and what Google Cloud products use

maybe you could use this course to do that experiment and design proof of Concepts so choose a PO and implement it uh calculate the to uh the total cost of ownership Toco so compare your cost on Google cloud with the cost you have today use the Google Calculator choose which workloads to migrate first so identify apps with features that make them likely to be first movers all right um and starting with a less complex app lowers your initial risk because later you can apply your team's new knowledge to hard uh harder migration apps phase two

so in the plan phase you provision to configure the uh the cloud infrastructure and services that will support your workloads on Google Cloud so establish user and service identities so for Google accounts an account that usually belongs to an individual user that interacts with Google cloud service accounts an account that usually belongs to an app or a service rather than a user Google Groups a name collection of Google accounts uh Google workspace domains a virtual group of all the group accounts that have been created in your organization group workspace accounts it's good to know what

all these things are because you know there is overlap in the course for these okay Cloud identity domains these domains are like Google workspaces but they don't have access to Google workspace applications this is one you just need and we covered Cloud identity but this is just one you need um access to Google Cloud but not to um you know the g65 or the the G Suite okay so design your resource uh organization so organize your resources using uh the Google resource hierarchy organizations are the root of a resource hierarchy and represent a real organization

such as a company folders are an additional layer of isolation between projects that can be seen as suborganizations projects are base level organization entities and must be used to access other Google Cloud resources hierarchy architectures we have environment oriented function oriented angular access oriented we cover these uh in its own section because that's how important it is this one super super important for this course is understanding this stuff you'll see exam questions around re or resource hierarchies okay Define groups and roles for resource access so set up groups and roles to Grant the necessary access

to resources design your network topology and establish connectivity so set up the network top topology and contivity from your existing environment to Google Cloud this could be via cloudvpn peerings the VPC peering Cloud interconnect okay and those three well at least the two cloudvpn and Cloud interconnect are going to show up on the exam for phase three this is the deploy phase Implement a deployment process and uh refine it during the uh the migration so you have fully manual deploys lets you quickly experiment with the platform in tools but it is error prone and often

not documented in repeatable configuration management tools abbreviated to CM so configure an environment in an automated repeatable controlled way uh run remote commands on VMS that check the state and remediate of an instance to the desired configuration State you have config container orchestration so consider using kubernetes so you don't have to worry about the underlying infrastructure in the deployment logic so you could use Google kubernetes engine for that deployment automation so automate the deployment process by implementing continuous integration and continuous delivery pipeline you have infrastructure as code write a script that defines resources to be

created or updated in a single deployment action share and stand up entire workflows and environments easily IC tools here is Google deployment manager or hashy Corp terraform and terraform is just it's an IAC but it works across um all cloud service providers and it's really important to know all these different type of deploy types at the fundamental levels that can really help you on the exam okay phase four the optimize phase start optimizing your target environment so build and train your team train your development and operations team to take full advantage of new cloud environments

monitor everything monitoring is the key to ensure that everything in your environment is working as expected Prometheus Google Cloud logging Google Cloud monitoring automate everything so manual operations are exposed to a high error risk and are also time consuming automation leads to cost and time saving uh savings and reduces risk so we looking at Google Cloud composer which is using Apache airf flow spin maker they're not going to ask those on the exam I codify everything so by implementing processes such as infrastructure as code policy as code uh make environments fully Audible and repeatable uh

use managed Services instead of self-managed ones cloudsql automl gke app engine optimized for performance and scalability so horizontal scaling vertical scaling and you want to reduce the cost so take advantage of sustained used discounts Suds committed use contracts uh which sometimes are committ committed use discounts so cud don't get too hung up on the word contract there flat rate pricing uh such as big query which I think is the only service that does that kind of flat rate pricing okay so there you [Music] go hey this is Andrew Brown from exam Pro and we are

looking at migrate for compute engine and it enables you to migrate lift and shift of your virtual machines uh with minor automatic modifications from your Source environment to the Google compute engine the reason we're giving this a little bit more detail is because um on the exam I just saw some more questions that kind of around the feature set of compute engine uh and so I just didn't want you get tripped up uh on the exam okay so continuously replicates this data from the source to VMS to Google Cloud uh no downtime on the source

via transfer quickly clone and test a migrated VM so after it's migrated you can use test clones and make sure everything's working fine if not you can roll back I'm highlighting this one in particular cuz I saw it on the exam uh easily perform all migration tasks with Google Cloud console so just understand there's no downtime with this thing it continuously replicates and you can use test clones all [Music] right hey this is Andrew Brown from exam Pro and we are looking at anthos for Google cloud and I know I've mentioned anthos so many times

but it is in the exam so that's why I want to uh show it to you from different angles so anthos is a modern application management platform used for managing hybrid architectures that span from Google Cloud to other adabs are on Prem data centers running VMware anthos is a single control plane to manage kubernetes compute in hybrid scenarios uh core components of anthos would be infrastructure containers cluster management uh it has a managed service mesh uh this is great for seeing where your resources are and trying to be able to Define slos service level objects

to give guarantees to your customers multicluster management configuration management migration service management it's serverless uh secure software supply chain logging monitoring and it has a Marketplace so it is a pretty darn robust system uh if you're building service based uh architecture applications anthos is a great enabler for this with microservices uh but there you [Music] go hey this is Andrew Brown from exam Pro and we're looking at migrate for anthos and Google kubernetes engine normally it'll just be migrate for anthos but um we just extend it with the full name here so you understand what

the utility of anthos is which is for migration of containers to gke uh so when migrate for anos you can migrate your VMS from your supported Source platforms to Google kubernetes engine anthos anthos clusters on VMware anthos clusters uh on AWS so you can bring them in from a lot of different places you uh use autogenerated container artifacts including uh container images Docker files deployment yaml and persistent data volums to deploy migr workloads and integrate with services such as anthos service mesh anthos configuration management stack driver Cloud build for maintenance using cicd pipelines micranthus is

offered at no charge and no anos subscription is required when migrating to gke charges for other gcp services uh may still apply okay so the big takeaway is that you use this for migrating containers to gke and there's no cost to doing that and you don't need a subscription [Music] okay hey this is Andrew Brown from xampro and we are looking at storage transfer service which allows you to quickly import online data into cloud storage set up a repeating schedule for transferring data as well as transfer data within cloud storage from one bucket to another

it's going to enable you to move or backup data to a cloud storage bucket either from other cloud storage providers or from your on- premise storage move data from uh one cloud storage bucket to another so that it is available to different groups of users and applications periodically move data as part of data processing pipeline or analytical workflow uh you can schedule onetime transfer operations or re uh recurring transfer operations delete existing objects in the destination bucket if they don't have a corresponding object in the source delete data source objects after transferring them uh schedule

periodic schedule uh synchronization from a data source to data sync with Advance filters based on file creation dates file names and the times of day you prefer to import data so what I want you to understand here is that you can use it for cross region replication so cuz you can move it on a schedule from bucket to bucket that you can uh get data from other cloud storage providers like AWS um or you can get it from on premise [Music] okay hey this is Andrew Brown from exam Pro and we are looking at transfer

Appliance and this is a hardware Appliance you can use to securely migrate large volumes of data so migrate hundreds of terabytes up to one petabyte uh comes in two configurations so 100 terabytes and 408 80 terabytes imagine when they say A paby you just have multiple multiples of these that you would ship so the one on the left here would be the 480 terab the one on the right is the 100 tbte you can mount uh transfer Appliance as an NFS volume making it easy to drag and drop files or rsync from your current Nas

to the Appliance when you want to use transfer Appliance your data has to be greater than 10 terabytes that's generally when you want to do it uh or it would take more than a week to upload your data over the network you'll want to remember these last two they will absolutely help you on the exam um for uh just features in General um they're tamper resistant so they cannot be easily opened apply tamper evident tags to the shipping case they're ruggedized that means like they're just they have like an exterior case that makes them uh

so they're not damaged you know uh trusted platform module TPM chip is installed on these so they're a mutable root file system and software components that haven't been tampered with it has Hardware uh attestation so they validate the appliance before you can connect to uh connect it to your device and copy data to it for other features when you're in transit it has a AES 256 encryption customer managed encryption Keys nist 800 88 compliant data uh eraser okay for performance features all all drives are SSD so there's no moving Parts it's very fast iops multiple

network connectivity options here we got 10 gabt per second 40 gabyt per second it's uh scalability with multiple app appliances so you use multiple appliances to increase the transfer speed that's where I imagine you'd get up to a pyte of data uh globally uh distributed processing so ships quickly to and from the data center to Google Cloud minimal software so use common software already on your Linux or Mac or Windows system [Music] okay all right let's talk about what is AI so AI which stands for artificial intelligence is when a machine performs jobs that mimics

human behavior when we're talking about machine learning this is machines that get better at task without explicit programming when we're talking about deep learning we're talking about machines that have artificial neural networks inspired by the human brain to solve complex problems what we talk about gen which is not shown here as it is a a a slice or subsection I'm trying to draw here I'm not sure why every time I try to draw on this one it just fails or it's delayed but it is a there it is it is a uh a specialized subset

of AI that generate generates out IM videos text and audio and so what you have to remember is these layers because um you know AI uses machine learning and machine learning can be deep learning but the key difference between ML and DL is that deep learning is utilizing neural networks um so hopefully that is really clear uh and if it's not what we can do is do a comparison between AI versus machine learning so AI focuses on understanding and decision- making whereas machine learning learns from data to predict or make predictions or decisions for data

handling AI analyzes and makes decisions based on existing data ml uses data to train models and make predictions AI applications span across multiple various sectors including data analysis automation natural language processing and healthc Care uh uh and machine learning is used in recommendation systems fraud detection and predictive analysis then we can go further and we can compare AIML to data analytics and bi tools so when we're talking about functionality for AIML this this is where we use models to predict outcomes and automate decision making whereas with data analytics and bi you analyze historical data for

insights for data handling on the AIML side we uh it learns from large data sets to make predictions and automate tasks for the for the data side it processes and visualizes existing data to uh to find patterns on the on for apps for the ml side it's used in automation uh Predictive Analytics personalization Innovation on the data side it's using reports uh reporting dashboards decision making based on past trends for outcomes on the ml side it creates automated and uh automated processes and continuous learning from data and on the data side it provides descriptive and

diagnostic insights for decision-making that was really hard to say but hopefully that gives you kind of a clear picture between the layers of AI and also AIML versus the data side of things um but obviously they play really well together so we'll see them interconnected but they are two separate [Music] things let's talk about supervised versus unsupervised versus reinforcement learning because we're learning about machine learning we need to know about these three types the first being supervised learning this is where data that has been labeled for training and supervised learning is is often described as

being Tas driven because it makes a prediction so when the labels are known and you want a precise outcome when you need a specific value returned uh this is when you're using uh you're trying to uh do things like classification or regression we'll talk about those here shortly in the next slide we have unsupervised learning this is data that has been labeled the ml model needs to do its own labeling and this is where we're trying to make datadriven decisions it recognizes a structure or a pattern uh whe the labels are not known and the

outcome does not need to be precise when you're trying to make sense of data and this is where we're doing clustering dimensionality reduction and Association then we have reinforcement learning this is uh where there is no data there's an environment and the ml model generates data uh from many attempts to reach a goal so here this is decision driven think of game AI imagine Mario like AI trying to learn how to play Mario or ml trying to learn to play Mario learning tasks robot navigation things like that but let's go a little bit deeper here

and talk about supervised learning models and let's define what is classification so class classification is a process of finding a function to divide a data set into classes and categories so an example here would be will it be hot or cold tomorrow um and so classification algorithms here could be logistic regression K nearest neighbor that's one that comes up a lot uh support Vector machines also known as svms kernel svms uh naive uh Bays decision tree classification random Force classification you don't have to remember all those types of algorithms I'm just getting you exposure what

you need to remember is classification is useful when you're trying to divide a data set into like more values and look at that graph on the left hand side notice a line and notice it's dividing one side to the other so here one side is hot one side is cold what is regression Reg expression is a process of finding a function to correlate a data set into continuous variable and number so an example would be what is the temperature going to be tomorrow we're trying to predict a value along that line so you know if

this line keeps extending and then we have a DOT here then we can determine what that value is based on the trajectory of that line so for regression algorithms we have SIMPLE linear regression multiple linear regression polom regression support Vector regression decision tree regression random Force regression let's talk about unsupervised learning models let's get it all out of the way here let talk about clustering so clustering is a process of grouping unlabeled data based on similarities and differences so as you can see on the left hand side uh they're clustering Things based on age uh

clustering algorithms here could be K means DB scan K modes what is association association is the process of finding a relationship between variables through Association so maybe there's a combination like if you have bread and butter right you know if someone buys bread then you suggest butter right um so here we have app aori I never can say that properly a bunch of words I cannot say so I'm not going to even try to say those algorithms but there are a few here that we can utilize we have dimensionality reduction this is the process of

reducing the amount of data while retaining data Integrity often used as a pre-processing stage and we have algorithms for that as well as PCA LDA GDA SBD uh and then LDA but notice that one is latent um it it's a different one even though it has the same initialism and then we have more and we have more there's tons for dimensionality reduction but hopefully that gives you an idea of learning models when we're talking about ML and uh it's clear the difference between supervised unsupervised and reinforcement learning so there you go okay [Music] let's take

a look here at what an algorithm and function is so what is an algorithm it is a set of mathematical or computer instructions to perform a specific task an algorithm can be composed of several smaller algorithms so you know the thing that you want to remember about an algorithm is how do you do something okay so an example of an algorithm would be K nearest neighbor it's worth bringing this this one up because you'll see KN andn quite often uh and it can be used to create a supervised classification machine and so the way this

algorithm works is it will say tell me who are my closest neighbors and we will infer that I be considered of the same class so here we have the red diamond and we're looking around and saying okay these are my neighbors so therefore I must be similar to them with K and N you use different distance metrics uh so these are different kinds of algorithms that we can utilize within KNN so this is we're talking about uh a algorithm composed of smaller algorithms and so uh here's an example of one which is the Min Min

minowsky algorithm they have a bunch of names that are always very hard to say I assume it's named after the people that invented these algorithms let's talk about what is a function so a function is a way of grouping algorithms together so you can call them to compute a result so it kind of sounds like a machine learning model uh in a sense obviously a function is something that's also very well defined in uh computer programming uh when you're using programming but understand that it is a multi- uh multi-purpose term so K&N itself is not

a a a machine learning model but when applied to solve um or it should say machine learning algorithm but when applied to solve machine learning problems then it makes it a machine learning algorithm okay so it's the context to which it is used in that makes it an algorithm because I remember looking at these and going how are these machine learning algorithms and it's really just based on context [Music] okay let's talk about what a machine learning model is but let's first Define what a model is in general terms so a model is an informative

representation of an object person or system so a model could literally be uh a person posing for a painting but then there's this uh abstract idea of models and so this is where we have things like algorithms mathematical computer code written word stuff that's what we're talking about when we're talking about machine learning models and so an ml model is a function that takes in data performs an ml algorithm to produce a prediction and so an ml model is trained not to be confused with the training model which is learning to make correct predictions an

ml model can be uh can be the training model that is just deployed once all once it has been tuned to make good predictions I think I have a bit of a word mishap there once it has let stick that word out there it has been tuned to make good predictions let's kind of have a visual so we understand so we have our training data this is our label data and then you have the training model which is a learning algorithm and then you're going to um continuously uh pass information and tweak the model that's

called hyper tuning and then once we are uh we have trained our model we get our trained model that we can then run predictions through with unlabeled data and when we are trying to make a prediction it's called inference because we're saying we want to infer what this could be and then we get out a prediction so hopefully that makes [Music] sense let us take a look here at what is a feature so a feature is a characteristic extracted from our UNR structured data set that has been prepared to in be ingested by our ml

model to infer a prediction so ml models generally only accept numerical data and so we prepare our data into machine readable format by encoding uh and so we'll re revisit this encoding later in detail but what is feature engineering so feature engineering is the process of extracting features from our provided data sources so imagine you have multiple data sources and you turn that into raw dat data you're going to need to clean and transform that data into features and those features are what is fed into the machine learning model so there you [Music] go let's

take a look at what is inference so inference is the active requesting and getting a prediction in uh inference relating to ml is when you input data into a machine learning model that has been deployed for production use to output a prediction so imagine we have a banana and we ask the machine learning model what is this thing and it's going to Output yellow banana with a confidence score of 0.9% okay so this is us inferring right so this part here I'm going to get my penil out this part here is the inference okay so

the textbook definition of inference is steps in reasoning moving from premise to logical consequen kind of get an idea how that makes sense there [Music] okay so what is training training is the process of teaching a machine learning model to recognize patterns by feeding it data so it can make predictions or decisions based on new and unseen data and so that could be unlabeled data or labeled data depends on the type of learning that you're doing whether it's supervised unsupervised reinforcement learning uh but the thing is that uh you don't want to overtrain or under

Trin your model if you under Trin your model it's not going to make good predictions if you make over train if you overtrain your model like it's fit too much to your data set then it's not going to have enough intelligence to make predictions outside of that data set it's always going to be very biased and return uh very canned answers back to you that's not going to be useful either so you want something in between so that's what well-trained data looks like so there you go [Music] let's take a look at what are parameters

and hyperparameters so what is a model parameter is what we'll first ask so a variable that configures the internal state of a model and whose values can be estimated the value of the parameter is not manually set and will be learned uh outputed after training so parameters are used to make predictions now let's talk about what is a model hyperparameter this is a variable that is external to the model and whose value cannot be estimated the value of the hyperparameter is manually set before the training of the model hyperparameters are used to estimate the model's

parameters so things like learning rate EPO back size epox is something you'll see very often if we're looking at a visual here we should have showed this up a lot sooner right but this over here is the hyperparameter and over here this is the internal State the connections between them okay so hopefully that is clear [Music] hey this is Andrew Brown from exam Pro and we're looking at Ai and ml services and the most important one here is vertex AI so this is Google Cloud's unified ml platform for building ml Solutions end to end and

so a lot of the stuff you're going to be doing uh when it's ml or deep learning is going to be with vertex okay so let's just kind of Define what a ml pipeline looks like so we have data Readiness feature engineering training hyperparameter tuning model serving uh understanding uh Edge so that would be like deploying to the edge like on mobile devices model monitoring and Model Management uh and so we're just going to break it down here uh into three sections and so before we get into the actual functionality of uh machine learning Services

we need some way to actually uh run these models so they're Specialized or train or run or infer but they have specialized um uh virtual machines and containers so that's part of the deep learning environment these will be uh compute that already has pre-installed on them uh the like Python and tensorflow uh and they might be optimized for gpus things like that uh now that we have our compute we need a an actual environment to build these in and the golden standard across the board for no matter what platform you're on it is Jupiter notebooks

and every single platform just like gcp they'll just call them like vertex notebooks but really they're Jupiter notebooks okay um so now that we have an environment or a developer environment we can work on and we have our computer let's talk about the services throughout this pipeline so starting on the left hand side we have data labeling this is a service that um the idea is that if you want to train a supervised machine learning model it needs to have labeled data because it's going to use that to learn so the idea is that you

can uh input uh uh data and then get people to help you label it okay you have data sets that is just a curation of your data that's going to be ingested into the um uh the pipeline or into the ml model or prepared for feature engineering uh feature store is you extracting out key uh data uh and making it uh uh machine readable for the ml model you have experiments this is when you are trying uh different iterations of the ml model so you need to remember um like parameters and configurations uh and the

history about them you have ai accelerators this is just um I think this is fractional this is fractional GPU so the idea is that if you have a uh a virtual machine and the gpus are too expensive you can just have fractional gpus uh visor optimization this is a um a closed closed uh uh Source um service that does optimizations on your um models I imagine it's for hyper tuning uh so we have training so that's where you are just training your model so you use uh like a container or virtual machine to do that

then there's actually the prediction so that's you um uh doing inference uh explainable AI so the idea is there's this big there's a big concern about the ethics or responsibility of AI and so if you can see how it works then you can uh detect for bias or other unfair unfair things uh we have hybrid AI so um I imagine that is just being able to take a model and deploy it on a phone or low-end devices like on the edge closer to the the people uh for model mon we have continuous monitoring you want

to watch for things like um uh drift or D degreg because if you have a a machine learning model uh it can like it can get worse at predictions over time I know that sounds very unusual but it's something that can happen so you want to watch out for that kind of stuff and for Model Management we can collect a bunch of metadata uh and I imagine that would be just for like we'd have um a model catalog like a place to store our models for easier deployment uh and then we want to automate this

entire thing so we have pipelines this is called mlops it's the uh automation of the end to end pipeline for building training inferring uh you know deploying a model then we have autom ML and so this is um basically automates a bunch of this away it's kind of like your platform is a service for machine learning so this can do it for vision for video for language for translation for for tables the idea is you just upload uh your data and then it pretty much does the rest for you uh it will actually run a

bunch of experiments and you'll just choose which is the best one uh so it really makes it easy if you don't know what you're doing [Music] okay hey this is Andrew Brown from exam Pro and we are looking at tensor flow so tensorflow is a low-level deep learning machine learning framework created by the Google brain team and tensorflow is written in Python C++ Cuda and there are apis to allow you to use various I other languages and so tensor flows all based around this idea of a tensor so a tensor is a multi-dimensional array uh

and so they call ts. tensor in their their stuff and it's similar to a numpy ND array of objects and so tf. tensor can reside in accelerator memory like a GPU uh so they're basically a new type of data structure um that's just very specialized for uh machine learning and Google X has created their own Hardware called a tensor processing unit specifically optimized for tensor flow and the tensor data structure uh the way you write tensor flow is in Python an example of an ml model in tensor flow is here on the left hand side

technically this is Cirus Cirus is a highlevel abstraction of tensor flow and so it can get a bit confusing initially the difference between curus and tensor flow but they're essentially the same thing because curus is packaged with tensorflow uh uh for the Google Cloud platform they specifically offer tensorflow enterprise so they accelerate and scale ML workloads on the cloud with comp compatibility tested and optimized tensor flow along with Enterprise ready services and support [Music] okay hey this is Andrew Brown from exam Pro and we are talking about vertex AI again and the reason why is

I just want you to understand the history of it like how it came about uh to avoid some confusion in the Google Cloud console so vertex AI is the unification of AI platform and the addition of automl to to offer an end-to-end solution for all your custom ML and DL needs so AI platform is technically uh deprecated uh you can still use it but it's not recommended to uh uh to use the platform they're always suggesting you to migrate over um to uh vertex AI but the idea here is You' be able to prepare supervised

training uh training with data labeling notebooks to write and document building ml models a model registry to hold all your trained models pipelines for setting up automated cicd to rapidly deploy new changes also known as ml Ops and the other component to vertex AI is autom ml so easily train highquality custom ml models you just upload your data choose what you want to predict and it does the rest okay uh and I actually had a bit of hard time finding this service I was typing like autom ml uh but really there's a thing uh in

there which is called tables and so you could build and deploy machine learning models on structure data so you just like you'd upload the the or actually be through data sets so you upload a data set and from there you say Okay I want to analyze this tabular data okay through [Music] automl hey this is Andrew Brown from exam Pro and we are looking at ML and DL environments so we're talking about the compute and the notebooks okay so to predict train tune predict for machine learning models you need to use compute optimize and specialize

for ML and DL tasks so an ml compute solution will be pre uh prepackaged with specific ml Frameworks data science libraries and you'll have to make the choice between a CPU or utilizing gpus CPUs are great for classical machine learning so supervise unsupervised learning things that are math-based like uh or statistics based algorithms uh gpus are really well suited for deep learning they're very powerful but they're also really really expensive so you got to really decide whether you really want to use gpus or not you have deep learning images and you have deep learning containers

so here um I'm launching up a notebook instance so a notebook instance has to utilize some kind of um a compute so I believe this is a VM here that we're launching and it has a tensorflow Enterprise as the uh prepackaged ml framework it probably has data science libraries along with it and uh here it is using gpus so we have envidia Tesla T4 and of course there's CPUs alongside gpus but um you know just use a gpus on their own there's also Cloud GPU so this adds gpus to your workloads for machine learning scientific

Computing 3D visualization why do you need this well this is fractional gpus because gpus are so expensive sometimes people just need a little bit of gpus and that's where this service kind of fulfills that uh cost effective Gap uh for notebooks it's a web-based application for authoring documents that combine Live code narrative text equations visualizations a notebook makes it easy to code all the steps to an ml solution while intermixing documentation it makes it easy to rerun segments of code for a fast and iterative developer experience uh vertex AI notebooks are powered by Jupiter Labs

IDE so Jupiter is the IND industry standard for interactive notebooks for building ml models or for data analysis if you're already in the data sphere you know what this is if you don't you should go out there and learn it it's very useful so that is the IDE and then this is the Jupiter uh notebook okay uh so yeah there you go hey this is angrew Brown from xam Pro and we are looking at the AI Services offering for Google Cloud platform so AI is when uh machines mimic human behavior or can perform human tasks

and AI leverages ML and DL and generally AI refers to fully manage ml SAS offerings I don't know why Google decided to call vertex AI with AI in it because it's really just for ML and and deep learning uh anytime we just AI people just think fully managed Services okay but these are the fully managed services that go uh Google offers they're not part of vertex AI so they're just outside of it um but let's take a look here so we have Vision AI it deres insights from images text and more and custom or pre-trained

models video AI enabled powerful content Discovery engaging video experiences natural language API so derive insights from unstructured text recommendations AI so provide a catalog of Records uh uh will make suggest recommendations to users um translation so dynamically translate between languages document AI uh natural language processing to train and simulate human review of documents Talent solution the capability to create update read update delete job postings this one is such an oddball you know I think I looked at it before but I don't fully understand it for the exam uh you know they will they might give

you a lineup of vision or video AI okay so if you know what these generally do it's not really that hard to figure out here so we don't have to go very deep on these AI Services [Music] okay hey this is Andrew Brown from exam Pro and we are looking at conversational Ai and this is technology that can participate in conversation with humans so chat Bots voice assistants interactive voice recognition systems so ivrs uh use cases here would be online customer support accessibility HR processes healthare Internet of Things computer software mostly we're seeing it as

the first one there online customer support um so uh Google has really good uh conversational Ai and they have a few different offerings here so we have agent assist Empower human agents with continuous support during calls by identifying intent providing real time and step-by-step assistance you got dialogue flow so build engaging Voice and text based conversational interfaces and they have more than one offering here so they have dialog CX so provides an advanced agent type suitable for large or very large agents a dialogue flow yes so provides the standard agent type suitable for small and

simple agents uh just some auxiliary Services here we have text to speech so convert text to Natural sounding speech using ML and speech to text so convert speech to text using power of ml I suppose the last two there should have been in our AI service lineup but we got through it will you see this stuff on the exam probably not but you should know it cuz it's one of Google's uh greatest strengths and I'm really surprised they didn't have it in the [Music] exam let's take a look at big query ml which lets you

build machine learning models directly in big query using SQL making ml accessible to data analyst without coding expertise which is really cool types of models that big query ml can create are linear regressions logical regressions K means clusterings time series forecasting deep neural networks Matrix factorization principal component analysis and more and these models can be integrated with Google Cloud's vertex AI for further customization optimization other features include is that it has a userfriendly interface powered by SQL to build models without python or Java so really useful for data folks um um ml models are created

with big query avoiding the need for data movement it has it has access to the Google Cloud console big query API more you can manage deploy bigquery ml models with vertex AI um it offers built-in models as we saw a moment ago import models from Onyx tensorflow and other others for prediction Onyx is a really really useful framework but here's an example of um uh an integration that that we can utilize to bring data in here uh but yeah let's just talk about the workflow now so the idea is that you might have streaming or

batch data and you're bringing that into your data warehouse which is Big query in this case then we move on to data processing we export that data we train that model so here we're using python or R uh we deploy the ml model and this is kind of the entire workflow but again you know you don't need to know much about the code but you know if you're using vertex AI I believe that you'll have more customization over there um there's some terms we might want to know so uh we have uh data governance so

how do you control and secure your data how are you going to or who's going to handle the infrastructure uh where do you run the model okay and this is all solved with big query because or bigquery ml because it has built-in governance it has automatic resource handling it simplifies deployment so there you go [Music] all right let's talk about responsible Ai and explainable AI so responsible AI is a set of broad guidelines to ensure AI is used responsibil and Google has their own every provider has their own um and so you know I can

just click through these really quickly because they're not that exciting but you know be socially beneficial avoid creating or reinforcing unfair bias be built and tested for safety be accountable to people incorporate priv uh privacy design principles uphold high standards of scientific Aly Excellence be made available for ethical use so they all are kind of the same but they're all kind of different um and Google has a PDF that you can download that describes this in Greater detail we'll look at that in a moment um but the other thing that we want to know is

about what is explainable AI so uh uh the thing with these models is that we can't truly fully under uh understand exactly how they work but there are ways that we can analyze and reason as to how the models are making decisions um so it's not 100% explainable but the idea is that we have a better idea of how uh data or other things are influencing the output and so this ties back to responsibility because you know if we want uh a model to be uh unfair uh we need to prove that it's not being

unfair and so that's where explainable AI comes into play specific providers are using very specific open source tooling to do this I believe that Google has something called vertex explainable AI um and so it's built in there I'm not exactly how we would show that um but the idea is that responsibility eye is very straightforward explainable eye very straightforward but let's take a closer look at those that that AI principal PDF [Music] okay all right so I just looked up responsible Ai and there's two websites we have Google AI so ai. gooogle and then Google

Cloud um so their scope might be a little bit different or they might be the same but if we go here we can scroll on down and we can see the AI principles over here it also has explainable AI model cards let's take a look at this so here's our principes so those are the things that we saw in the slide earlier which you can read a lot more about uh you can also Download a pdf of this so we'll take a look and see if that actually has more information or if it's is just

the same stuff yeah it's the same stuff so nothing super exciting very straightforward um but we'll close this one out let's take a look here at vertex explainable Ai and so they're just saying things like vertex explainable AI offers feature based and example based explanations to provide key understandings okay vertex AI uses uh nearest neighbor so we learned about KNN that specific algorithm uh to search to return a list of examples um so yeah we'd have to read through a bunch of stuff but there are really specific U models out there for for understanding uh

responsible Ai and you know I'm not exactly seeing that here like we're seeing some patterns that it's applying but normally what I'm looking for is something like uh let's just say responsible AI sorry explainable AI open source and so not really seeing it here shap shap is I think what adabs uses um GitHub right and so this would be an example of trying to explain models so I'm not exactly sure what Google uses again I didn't find it but also let's take a look at model cards so model cards will definitely tell you how um

a model will work normally we're talking about large language models and actually they have them here these are large language models right here we open them up they'll tell us a bunch about them like how the model work works the data processing the benchmarks it would ran against and so in this sense this kind of provides explainable AI to a degree but it's not the same thing as what shap would do which is actually running evaluations against the model uh to determine how fair it's being but this is descriptive of the model and so you

could uh uh say that is also part of explainable AI so hopefully that is pretty clear nothing super exciting here but um uh yeah there you go [Music] let's take a look at what we should consider When selecting Google Cloud AIML Solutions I don't personally like this slide but it's part of the curriculum so I'm just going to list it out here just in case to cover our bases so we're considering Google Cloud AIML Solutions we should consider speed so how fast you need the model in production so here we might use pre-trained apis that

are fast or custom models that take time you have to consider effort so effort depends on the problem complexity data Readiness and team skills Solutions can range from Quick implementation to longer custom development we have uh differentation so how unique does your model need to be simple needs to fit offthe shelf models vertex AI allows customization for Unique cases we have required expertise so assess your team's expertise and needs Advanced AI projects may need specialized Engineers or training uh so these are all considerations okay [Music] let's talk about some common threats that you may encounter

in the cloud so a threat is a cloud Security in Cloud security is a potential negative action or event facilitated by vulnerability that results in unwanted impact to computer system or app Google wants you to know these five types of threats the first is fishing attacks these are deceptive emails used to steal credentials or sensitive data you have DOS attacks these are servers that are overloaded with traffic to disrupt services leading to downtime and loss of Revenue we have ransomware this is a type of malicious software that when installed holds data uh a workstation or

network costage until the ransom has been paid we have Cloud misconfiguration so poorly configured Cloud environments that expose vulnerability that can lead to data leaks we have Insider threats so internal individuals misuse their access leading to Data Theft or other security Brees uh breaches so there we go [Music] let us compare Cloud security versus on premise security so for location the data the apps are hosted offsite data centers managed by Cloud providers and a traditional one uh your org is going to be hosting them with within your facilities or in a um uh a co-tenant

location that you are renting for responsibility that the security uh of the infrastructure uh is the responsibility of the actual provider but the customer is responsible for the data the app and the access for traditional on premise security orgs secure the entire stack so you're responsible for everything for scalability um the cloud service provider here we're talking about Google can provide a lot of scalability Out of the Box on premise you're responsible for it for maintenance and updates again the cloud service provider Google this this case updating and maintaining the underlying infrastructure if it's traditional

you're doing all the work for the cost model you have pay as you go or operational expenditures were traditional you have Capital expend expenditures with significant upfront investment which one you choose to do is dependent on what you want um you know you can use a mix of these things especially with emerging AIML technology we're seeing Cloud reap uh uh I never going say the word but basically people leaving the cloud so you know you have to choose what it is that you want uh neither is good or bad you just have to uh decide

what it is your organization wants to utilize so there you [Music] go hey this is Andrew Brown from exam Pro and we are looking at identity and access services and also Security Services for the Google Cloud platform so at the top here we have identity and access management so I am this establishes fine grade identity and access management for Google Cloud resources we got Cloud identity so easily manage user identities devices and applications from One console identity platform add Google grade identity access management to your apps Beyond Corp Enterprise a zero trust solution that enables

secure access with integrated threat and uh data protection identity aware proxy that's always usable Beyond Corp so use identity and context to guard access to your applications of EMS manag service for Microsoft um active directory active Direct so this is just if you need active directory and you want it hosted on uh Google you can do it that way resource manager this is a hierar hierarchial manage resources on Google Cloud security key enforcement so enforce the use of security keys to help prevent account takeovers tighten security keys so defend against account takeovers from fishing attacks

these are security keys made by Google not going to show up in the exam but they look really cool they're supposed to be really good so check them out before we move on the next slide I just want to give some Focus here you want to know what im is you want to know what Cloud identity is you want to know what Beyond Corp identity aware proxy is you definitely want to know what manage service for Microsoft active directory is these are the ones that are going to show up on the exam okay moving on

to security so access transparency get visibility over uh your cloud provider through near realtime logs binary authorization so deploy only trusted containers on kubernetes engines Cloud asset inventory so view Monitor and analyze Google cloud and anthos assets across projects and services Cloud audit logs gain visibility into who did what where when all that stuff on Google cloud cloud data loss prevention sometimes I write protection in there but it's prevention discover and redact sensitive data Cloud HSM protect cryptographic keys with a fully managed Hardware security module service Cloud Key Management Service manage encryption keys on the

cloud this one is the multi-tenant this one is the single tenant okay security Command Center so understand your security uh and data attack service Shield VM so deploy hardened virtual machines on Google Cloud VPC service controls protect sensitive data in Google cloud services using security perimeters incident response management improve your incident and medium time to mitigate just going to erase the ink here for a second the ones you should be focused on for this exam is cloud data loss pre uh prevention and security Command Center that's why I give them the icons here so they

stand out okay so there you go hey this is Andrew Brown from exam Pro and we are looking at user protection services and this is like stuff that would be offered via uh Android or uh via the Chrome browser right so um you know not core to Google Cloud but you should know these things anyway so uh you get fishing protection so help protect your users from fishing sites recapture Enterprise so help protect your websites from fraudulent activity spam and abuse web risk so detect malicious URLs on your website and in client apps but I

thought this one was the most interesting is that if you want this I'm not a robot thing you can get that in Google Cloud okay and put it on within your apps [Music] okay hey this is Andrew Brown from exam Pro and we are looking at secure by Design infrastructure for Google cloud and this isn't exactly going to show up in the exam but the idea here is it's going to help you understand to what level Google takes its security seriousness okay so we have operational device security so develop and deploy infrastructure software using rigorous

security practices operation teams detect and respond to threats to infrastructure from both inside and external actors 24/7 365 okay internet communication Communications over internet to public cloud service are encrypted in transit network and infrastructure have multiple layers of protection to defend our customers against Deni of service attacks for identity identities and users and services are strongly authenticated access to sensitive data is protected by Advanced tools like fishing resistant security Keys storage services so data stored in the infrastructure is automatically encrypted at rest and distributed for availability and reliability guards against unauthorized access and service interruptions

service deployment any application that runs on our infrastructures deployed with security in mind we don't assume any trust between services and we uh uh we use multiple mechanisms to establish and maintain trust infrastructure was designed to be multi-tenant from the start Hardware infrastructure from the physical premises uh to the purpose build servers networking equipment and customer security chips to uh or Custom Security chips to the low-level software stack running on every machine our entire Hardware infrastructure is Google controlled secured and hardened uh data centers so Google data centers features layered security with custom design electronic

access cards alarms vehicle access barriers perimeter fencing metal detectors Biometrics laser beams okay laser beam intrusion detection they are monitored 24/7 by highresolution cameras that can detect and track Intruders only approved employees specific roles may enter continuous availability infrastructure underpins how Google Cloud delivers services that meet our high standards for performance res resilience availability correctness security design operation and delivery all play a role in making service continuously available so hopefully that makes you confident in Google security practices but there you go hey this is Andrew Brown from exam Pro and we are looking at compliance

report manager this provides you with Easy On Demand access to critical compliance resources at no additional cost really this is just downloadable PDFs that prove that gcp is compliant with various compliance and security standards so you don't even have to log in to access this you just go to the compliance reports manager uh and it's not even in Google Cloud it's in the marketing websites and you just checkbox what you want and then you can go ahead and download that and read through it and see uh that they're being compliant [Music] okay hey this is

Andrew Brown from exam Pro and we are going to look at a bunch of different compliance programs that Google is meeting not the most exhaustive list but the most popular and these will be the most popular with other cloud service providers uh and they're good to know okay so we'll work our way through here U the first here we have is the iso and I uh or I uh these are commonly used together because one is international standards for software and the other one is like when you're using physical uh or physical devices like Hardware

okay so we have control mentation guidance enhanced focus on cloud security protection of personal data in the cloud uh so we talking about uh personally identified information Privacy Information Management System framework so outlines controls and processes to manage data privacy and protect uh uh pii I know CTO they're always going for the 2701 but the numbers are there to uh useful to remember so 271 277 27018 uh 2771 and I do actually have these memorized because that's how frequently they come up uh we have uh systems and organization control sock and there's three layers of

sock sock one sock two sock three so sock one 18 standard and uh standards and report on the effectiveness of internal controls at a service organization relevant to clients internal uh control over their financial reporting I'm not hearing people going after sock one but they're always going for sock 2 evaluates internal controls policies procedures that directly relate to security of a system at an organization sock 3 a report based on on trust service criterias that can be freely distributed yeah here 2701 a bunch and sock 2 a bunch okay uh PCI DSS so payment card

industry data security standard a set of security standards designed to ensure all companies that accept process store and transmit credit card information maintain a secure environment you got um fips so federal information processing standard 140 hyen 2 so us and Canadian government standard that specifies the security requirements for cryptographic modules to protect sense of information this one's one you're going to want to remember uh when you're using um a cloud service provider that stores cryptographic Keys they're going to be fips 142 uh and it's either going to be um for multi- tener single tenant I

think uh if you're doing like Cloud HSM which is a single tenant it's going to have fips 140 hyphen 3 okay um which is better it's it's more more strong okay we got the personal health information protection act so phipa I'm in Ontario so this one is pretty pretty relevant to me but it's just an example of one that's outside the standard uh Hippa one okay we have Hippa so health insurance portability accountabil act this is a US federal law that regulates patient protected health information we have CSA so this is an independent third-party assessment

of a cloud provider security posture uh we have uh fed ramp so Federal risk and authorization Management program we spent more time with this earlier on in the course so US Government standardizes approach to security authorizations for cloud service offering so how the government works with the cloud criminal justice uh Information Services so cjis any US state or uh local agency that wants to access FBI's cjis databases required to adhere to the cjis security policy then we have the general data protections regulation uh gdpr so a European Privacy Law imposes new rules on go companies

governments agencies nonprofits other organizations that offer good secure services to people in the European un Union or collect and analyze data tied to the EU residents you want to know gdpr you want to know fed ramp okay so there you [Music] go hey this is Andrew Brown from exam Pro and we're going to look at privacy and transparency for Google and this is more just to communicate uh the practices they do for these things okay not necessarily going to show up your exam but something you should know at the fundamental level when you're convincing the

executives why to use Google Cloud okay so Google Cloud Enterprise privacy commitments describe how we protect the privacy of Google PL platform and Google workspace customers so you control your data customer data is your data not Google's we only process your data according to your agreements we never use your data for targeting so we do not process your customer data to create ads profiles or improve Google ad products which it kind of feels a bit um I I feel like Google's probably done it in the past but they don't do it anymore at least we

are transparent about our data collection and use uh we're committed to transparency compliance with regulations like gdpr and best privacy best practices we never sell customer data or service data we never sell customer to third parties security and privacy are primary design criteria for all of our products prioritizing the privacy of our customer means protecting the data you uh you trust us with we build the strongest security Technologies into our products Google provides resources on privacy regulations such as lgpd gdpr CCPA the Australian Privacy Act I number act pip da and a bunch more for

transparency Google has trust principles you own your data not Google Google does not sell customer data to third parties Google Cloud does not use customer data for advertising uh all customer data is encrypted by default we guard against Insider access to your data we never give any government uh entity backd door access our privacy practices are audited against International standards so there you go hey this is Andrew Brown from exam Pro and we are looking at Cloud armor and to understand the service we need to know what a distributed denial of service attack is a

Dos attack so a malicious attempt to disrupt normal traffic by flooding a website with large amounts of fake traffic so you got an attacker on one side and a victim on the other side and the internet sits between them so what the attacker does is they use a bunch of remote machines and they issue commands to those machines and tell those machines hey go produce a bunch of uh spoofed data and send it over the internet and uh it's going to go towards the victim now the great thing is if when you're using a cloud

service provider you're within their Network they generally have built-in dos protection now what's unusual with gcp is They Don't Really call that out very clearly um but I'm sure that they have some layer of built-in dos protection uh but um the service that provides you know more robust dos protection is going to be Cloud armor now cloud armor is a bit different from other uh closers providers in that it does Dos protection and it's also a web application Fireball these are usually separated as two different services and other providers gcp decided to Ru it into

one some of its feature sets are IP based and Geo based access controls support for hybrid and multicloud deployments adaptive protection detect and mitigate attacks against your Cloud load balancing workloads predefine Waf rules to mitigate aaf's top 10 risks named IP lists rual language for web application firewalls visibility and monitoring and Cloud armor has two tiers you got the standard so page you go and manage Protection Plus starting at $3,000 a month pretty standard to see those two-tier pricing for dos protection not that standard to see these two tools rolled into one but that's just

how they do it [Music] okay hey this is Andrew Brown from exam Pro and we are looking at private Cloud which allows you to package Google Cloud resources into service offerings that can be made available and discoverable in a catalog internally to your organization to quickly deploy governance stacks and workloads so this is what the catalog would look like the idea is that you would build uh different kinds of products within this catalog or workloads whatever you want to call them stacks and the idea here is uh you would apply permissions to say who in

your organization is allowed to launch them and so this is a great way to stay compliant because you have these workloads that you uh your uh your developers or your engineers have made sure that are safe to be used within your organization and then it allows your departments to just um procure resources they need uh okay so there you [Music] go hey this is Angie Brown from exam Pro and we are looking at security Command Center and this is a centralized security and risk management platform for your Google Cloud resources so there's a lot that

you can do in here I don't know if you can make it out but you got threat detectors VM patching cryptographic Keys binary authorization security standards you might have noticed these terms as we're uh uh listing through them very very quickly so there's a lot of stuff that lives within this uh Command Center that you can do uh three things I want to highlight that could be relevant to your exam is asset Discovery and inventory so inventory and historical information about your Google Cloud resources threat detection so audits your Cloud resources for security vulnerabilities threat

prevention fixed security misconfigurations with single click remediation if the exam is asking you which service has a a holistic view or everything in one place uh to do stuff for security this is the service [Music] okay hey this is Andre Brown from exam Pro and we are looking at Google cloud data loss prevention so dlps detect and protect sensitive information within gcps storage repositories so we're looking at personally identifiable information so pii so any data that can be used to identify a specific individual really great example here is of mck lovin uh from a movie

from 10 years ago he has a fake ID here but it gets the point we're talking about uh you know driver's licenses uh government IDs passports email address mailing address birthdays any of that kind of personal identifi information then there is protected Health informations phis this is very similar except it's talking about the identity health information about a patient some of it features of DLP here it provides tools to classify mask tokenize and transfer sensitive data support for structured and unstructured data create dashboards and audit reports automate tagging remediation policy based findings connect DLP results

into the security Command Center data catalog or export to your own security information and event management system s or governance tool schedule inspection jobs directly in the console UI over 120 built-in information types so info types and info types Define what sensitive information can be scanned so there you go [Music] hey this is Andrew Brown from exam Pro and we are looking at Beyond Corp for the Google Cloud so the zero trust model operates on the principle of trust no one verify everything and so the idea here is malicious actors are being able to bypass

conventional access controls demonstrating traditional security measures are no longer sufficient so beyond Corp is Google's implementation of the zero trust model and it's going to allow us to do things such as single sign on access control policies access proxies user based authentication device based authentication authorization and by shifting access controls from the network perimeter to individual users Beyond Corp enables secure work from virtually any location without the need of a traditional VPN so the principles here for Beyond Corp are access to Services must not be determined by the network from which you connect access to

Services is granted based on contextual factors from the user and their device access to Services must be authenticated authorized and encrypted okay so a zero trust model put puts identity as the primary security perimeter CU remember we shift that over to the users away from traditional firewalls to be protected Beyond Corp is just itself is just a collection of identity access and Security Services to meet the zero trust model requirements okay so uh that's where it gets confusing because there's Beyond Corp Enterprise which actually is a service and Beyond Corp is more of a conceptual

idea of these uh identity access and Security Services okay so the idea is that we have apps and data so web apps virtual machines sasap applications infrastructure apis we're trying to restrict control access to these things uh to mitigate uh security risks right and so on the left hand side we have um user trust and device trust right and this is where we're going to be looking at their identity and their behavior for devices it's identity and the posture posture being uh the conditions in in which the environment they're in right so the idea is

that they're going to uh come into the Google Network through a global front uh front end and this is where we're going to get context location and time so that could be extracting information like the IP the uh location the region the session age the time the device type things like that we're going to pass that through a rules engine and then from there we have an enforcement point where it makes further decisions before it accesses our apps and data so this is generally the idea of a zero trust model okay uh and this is

kind of the rough outline of where Beyond Corp is going to be um the idea here is that we now incorporate services so here we're using Cloud identity this is for endpoint verification this is just Google's front end this isn't a service in particular this is just the uh Google Network okay then you have access context manager uh and then for enforcement points we have Cloud IAP Cloud am Cloud identity VPC service controls I've highlighted the three in yellow because to me that's really what Beyond Corp is it's adding those three components uh into it

but basically Beyond Corp is the collection of all these services working in this model [Music] okay let's talk about SEC Ops which stands for security operations this is the practice of protecting your data and systems in the cloud by integrating security and operations to reduce risks and improve response to threats um so what we have here under set Ops is vulnerability management so identifying and fixing security vulnerabilities which we can do through the Google Cloud security Command Center log management which we can do through Google Cloud logging incident response uh security awareness training okay uh

the business benefits of SE Ops is reducing risk of data breaches increase up time improve compliance enhanced employee productivity so this term seops was something that uh came up in the in the exam guide so we wanted to make sure we covered it here [Music] okay let's take a a look at data sovereignty and this ensures that data is subject to laws of the country where it's stored protecting individual rights such as gdpr in the EU data residency refers to the physical location of data storage with some countries mandating that data be stored within the

borders of of for compliance so the way it works for Google is Google Cloud offers options to select regions of data storage uh ensuring compliance with local regulations uh we have features like VPC service controls and Google Cloud armor which restricts data access uh traffic location ensuring compliance with data residency and sovereignty requirements so there you [Music] go hey this is Andrew Brown from exam Pro and we are looking at the concept of a directory service so a directory service Maps the names of network resources to the network addresses and the directory service is shared

information infrastructure for locating managing administrating and organizing resources such as volumes folders files printers users groups devices telephone numbers and other objects a directory service is a critical component of a networking operating system and a directory server also known as a name server is a server which provides a directory Service uh each resource on the network is considered an object by the directory server information about our particular resource is stored as a collection of attributes associated with that resource or object so very well-known directory Services would be uh a DNS so domain name Service uh

this is the directory service for the internet so you don't know but you're using it right now uh there's Microsoft active directory this is basically the industry standard uh for uh most or almost all organizations in the world uh underneath you have Azure active directory also known as Azure ad this is a managed service on the Azure uh Cloud there's apachi directory server Oracle has their own there's open LD AP uh Cloud identity which is Google's identity as a service provider and then you have jump Cloud which is a one that is kind of an

agnostic one where you can connect a bunch of directories to it okay so there you [Music] go hey this is Andrew Brown from exam Pro and we are looking at Cloud identity and this is identity is a service by Google Cloud that centrally manages users in groups so you get a bunch of stuff in here like user life cycle management account security single sign on cloud directory device management reporting analytics at management accessible uh through apis does a bunch of stuff uh and the idea here is a Confederate things between Google Cloud active directory Azure

ad and many more directory Services you can manage access and compliance across all your all users in your domain you can create a cloud identity account for each of your users and groups uh then you can use identity access management so I am to manage access to Google Cloud resources for cloud identity account if you want to to uh give someone access to your Google Cloud without having a Google workspace account so not having a Gmail and the g Suite uh this is what this is what you do is use cloud identity so that it

could just get access to just Google Cloud uh so there are uh two versions of cloud identity we have free and premium and there is a lot of features here but let's just run through it so you get the idea or the the the scope of what cloud identity can do so it can handle device management and in the free version we have basic mobile management directory in or device inventory basic password uh passcode uh enforcement remote account wipe uh Android Apple iOS in the premium you get Advanced Mobile management Advanced passcode enforcement security policies

application management Network management Remote device wipe reporting uh application auditing company-owned devices mobile audit MDM rules uh so that would be mobile device management rules okay then for directories you have in the free basic directory management organizational units and groups and they're unlimited that's pretty standard in all directory Services admin manage groups groups for business uh Google Cloud directory sync which we'll give uh closer attention to later on admin rules and privileges Google admin app for Android Google admin app for iOS just showing you works on both admin STK API so you can programmatically uh

work with the directory secure ldap uh for the premium we have user life cycle management and there's no user cap on this uh secure ldap uh I guess it's in both so maybe we don't have to list it in both there single sign on and automated provisioning so for free we have setups SSO using Google as identity provider uh to access pre-integrated list of thirdparty SLE apps set up SSO using Google as an ipd to access custom SLE apps set up SSO using a thirdparty ipd with Google as a Ser service provider for premium we

have automated user provisioning for security uh we get user Security Management self-service password recovery which is a great feature Azure ad also has this so I really like this uh two-step verification uh so I guess that's multiactor including security key management uh and we have enforcement control so with security key enforcement and management password management and strength alert for premium first party session management Google security Center for reporting we get admin login samle group grou token audit logs security reports SLE audit logs app reports account AC activity reports for premium here we get device audit

logs Auto export audit logs to Big query and you get an SL SS or SLA of 99.9% of Premium so here you can see it does a lot you don't need to remember all the stuff for the exam but you know if you're going to uh take anything away from here just understand that Google Cloud directory uh sync is a subservice of cloud identity okay [Music] hey this is Andrew Brown from exam Pro and we are looking at active directory now this isn't a uh Google service per se but the thing is no matter what

you're using no matter the cloud service provider you'll want to know active directory inside and out because it's fundamental knowledge and most Enterprises are using it and now with everyone going towards a zero trust model uh you know identity and active directory just go hand inand okay so we're going to put some extra attention here on this one so Microsoft introduced active directory domain services in Windows 2000 to give organizations the ability to manage multiple on- premise infrastructure components and systems using a single identity per user so here is the big architectural diagram that I

created so the idea is that you have your your Enterprise which is the forest here and these are made up of domains a domain is a is a means to host these different uh uh directory Services uh and it's also the means to which people um uh authorize or authenticate uh uh to your directory okay so the idea is that you can think of domains as actual uh servers and you're going to have have to have redundant ones because if the main one goes down you want to make sure people can still log in and

do their business and you might want domains that are closer uh uh to the region uh to which they are authenticating so things are very very fast that's why we're seeing a lot more here uh than just a single one okay uh when we look inside of a domain doesn't matter if the child or domain we have organizational units these are just ways of uh structuring maybe departments or things like that and with organizational units we have objects and so objects could be groups uh users uh printers uh servers uh devices we saw a larger

list when we listed up directory service so we don't need to go through it but the idea is that it's just basically uh things within your network okay uh then we have active directory domain Services uh shorten to adds so these are the services that consists of multiple directory Services all right I know it gets confusing because there's directory service and then there's directory services but these are services within a directory service if that makes any sense so domain Services these are the foundational uh foundation stone of every Windows domain Network stores information about members

of The Domain including devices users verifies the credentials uh and defines the access rights uh the server running this service is called a domain controller all right so usually when we talk about the actual server that people we're calling them domain controllers all right uh so uh some of the services uh that can be found uh within active directory would be active directory uh L uh lightweight directory service so this is an implementation of ldap protocol for Azure directory domain Services we're going to definitely talk about ldap in this course we have active directory certificates

services so establishes an on premise public key infrastructure create validate revoke public key certificates for internal uses all right we have active directory Federation services so a single sign on we talk about single sign on in this course too uh so users may use several web-based Services network resources using only one set of credentials stored at a central location we have active directory Rights Management Service this is a server server software for information Rights Management shipped with Windows Server uses encryption and a form of selective functionality denial for limiting access to documents there's a bunch

of uh terminology for active directory I want to uh get you used to it so let's go through it domain is an area of a network organized by a single authentication database and an active director domain is a logical grouping of 80 objects of a network a domain controller is a server that authenticates user identities and authorizes their access to resources so this is The Logical grouping and this is the actual server that does the work a domain computer uh is a is is a computer that is registered with a central authentication database a domain

computer would be an ad object an ad object is the basic element of an active directory uh of active directory such as users groups printers computers shared folders uh gpos Group Policy objects is a virtual collection of policy settings it controls what ad objects you have access to organizational units is a subdivision within an active directory into which you can place users groups computers and other organizational units very common to make your departments uh out of ous directory Service uh such as active directory domain service provides the methods of storing directory data and making the

data available to the network users and administrators a directory service runs on a domain controller so you know hopefully you have some kind of idea what active directory is uh but yeah that's the quick crash course [Music] okay hey this is Andrew Brown from exam Pro and we are looking at manage service for Microsoft active directory and this is just active directory hosted on the Google Cloud platform why would you want to do this when you have cloud ident well there's just a lot of uh Rich features with an active directory that a cloud identity

doesn't have or maybe your team is used to using active directory uh you can use cloud identity and active directory together because you can just Federate your active directory over to Cloud identity um but traditionally active directory has always been hosted on premise uh however a lot of people are shifting to the cloud because you just don't have to deal with those servers anymore so there is a use case for this I think a lot of people if they're going to be using a managed active directory they're going to use Azure ad just because Azure

or Microsoft is the best at it but uh other cloud service providers such as ads and gcp will give you uh a managed version of active directory so compatibility with ad dependent apps uh so runs real Microsoft ad controllers uses standard active directory features so gpos uh remote server Administration tools virtually maintenance free so high Avail High availability automatically patched configured with secure defaults protected by appropriate Network firewall rules seamless multi- region deploy employment so simply expand the service to additional regions while continuing to use the same managed ad uh domain hybrid identity support So

support your on premise ad domain to Google Cloud deploy a standalone domain for your cloud-based workloads so there you [Music] go hey this is Andrew Brown from exam Pro and we are looking at the concept of identity providers also known as ipds and so a system entity that creates maintains and manages identity information for principles and also provides authentication services to Applications with a federation or distributor Network a trusted provider uh for your user identity that lets you use authenticate to access other services identity fighers could be things like Facebook Amazon Google Twitter GitHub and

Linkedin so Federate identity is a method of linking a user's identity across multiple separate identity management systems and the way you're going to do this is via open ID so open standard and decentralized Authentication Protocol uh so this is your ability to be able to log into a different social media platform using Google or Facebook account open ID is all about providing who you are you have ooth 2.0 this is the indust industry standard protocol for authorization of ooth doesn't share password data but instead uses authorization tokens to prove an identity between consumers and service

providers ooth is about granting access functionality and I put these in the lineup because you know what I even get these two mixed up but they go hand in hand all right so providing who you are about granting access to functionality then you have samles the security assertion markup language is an open source or open standard for exchanging authentication and authorization between an identity provider and a service provider an important use case for samle is single sign on via the web browser and that's the reason we're bringing up samle is so that we can talk

about single sign [Music] on hey this is Andrew Brown from exam Pro and we are taking a look here at single sign on also known as SSO and this is an authentication scheme that allows a user to log in with a single ID and password to different systems and software so SSO allows it departments to administer a single identity that can access many machines and cloud services so here on the right hand side is the many uh things that we want to access and on the left hand side we have our directory service so in

this case it's Azure active directory and we have a user that wants to connect with a single uh username and password to all the stuff so through the samle protocol which we covered in the last slide uh we can do single sign on to all of these uh services and the key thing to remember is that SSO is seamless so once a user logs in to their primary directory they don't have to keep on entering their passwords in it's just going to seem like they they're already logged in when they visit these resources [Music] okay

hey this is Andrew Brown from exam Pro and we're taking a look here at lightweight directory access protocol ldap is an open vendor neutral industry standard for application protocols for accessing and maintaining a in distributed directory information Services over IP networks so a common use of ldap is to provide a central place to store users and uh usernames and passwords ldap enables for same sign on so same sign on allows users to uh use a single ID password but they'll have to enter it every single time they want to log in so the idea is

you might have an active directory uh server on premise and it's going to synchronize with an ldap uh directory so you can get access to things to like Google Cloud kubernetes Jenkins and you're noticing that I'm not listing out generic web apps these are more kind of like heavy duty um workloads because that's where ldap kind of uh is used a lot okay so why use ldap when SS SSO is more convenient because SSO you don't have to enter your password username every single time well the thing is SSO systems are often built on top

of ldap but ldap was not designed a to work with web applications uh so you don't do single sign on with LD and a lot of times you just don't see direct integration with them so you'll see ldap more on on premise or using Dev Ops work clades like kubernetes or Jenkins so some systems only support integration with ldap and not SSO so there just times when you have to use it [Music] okay hey this is Andrew Brown from exam Pro and we are looking at Google Cloud directory sync so enables administrators to synchronize users

groups and other data from an active directory ldap service to their managed service for for ad uh for Microsoft active directory within Google so it's just a synchronization service um and so this one will show up on the exam for sure so make sure you know what it is uh so you can choose it correctly [Music] okay let's take a look at devops and SRE SRE is actually a term invented by Google and they have a whole white paper on it I think but uh let's first Define devops it is a method that combines development

and operation teams to improve collaboration accountability uh so there's a term of silos so isolated teams that don't collaborate so devops breaks these barriers to improve teamwork we have gradual change so making small incremental updates to reduce risk and improve system reliability there's tooling and automation so this is when you want to reduce manual work and increase efficiency we have the idea of measure everything so tracking performance to understand what's working what needs Improvement then we have the term SRE site reli reliability engineer again this is a term invented Google a job title that they

invented it is a method that applies software engineering to operations making systems more reliable and scalable we have the idea of shared ownership so developers and operation Operation teams share responsibility for uh uh system reliability we have blameless postmortem so reviews after failures to learn from mistakes without blaming anyone I'm sure people are not going to get blamed that things fail but that's that's interesting that they they have that uh we have error budget so the allowed margins for failure before it impacts the user experience we have toil so repetitive manual tasks that can be

automated to improve efficiency so there's a bunch of devops and SRE terms that you should [Music] know hey this is Andrew Brown from exam Pro and we are taking a look here at service level agreements also known as SLA so an SLA is a formal commitment about the expected level of service between a customer and a provider so when a service level is not met and if customer meets its obligation under SLA customers uh will be eligible to receive compensation so Financial or service credits uh you can think of them as store credits because you

can use them towards uh the most of the the services provided by the CSP whether it's comput storage databases Etc but there will be sometimes uh exceptions so maybe like registering domains because that actually cost money okay so uh then you have service level indicators so sis this is a metric or measurement that indicates what measure of performance a customer is receiving at a given time a uh SLI metric could be uptime performance availability throughput latency error rate durability and correctness then you have slos so service level objects that is the objective that the provider

has agreed to meet so slos are represented as a specific Target percentage over a period of time so an example here could be uh availability SLA of 99.99% in a period of 3 months Target percentages uh that you commonly see are 99.95% 99.99% 99999999999 and so th that is uh n uh N9 after the decimal point so we'll say N9 NES of availability N9 NES of durability then you have one that's for 11 so you'd say like 9 11s of durability uh and so the idea here is that um the SLA contains SL right and

these are at the service level and then the slos are based off of the sis [Music] okay hey this is Andrew Brown from exam Pro and we're going to go through the slas for Google Cloud platform now it's in the exam guide but it doesn't really show up on the exam so uh I don't think you have to pay close attention here and this is really boring because we're just going to list out a bunch of numbers uh but you know maybe you'll remember some that are 95 and some that are 99 and that might

help you on the exam so let's get to it so for compute engine uh and mostly I think all of these are going to be in the monthly and generally for uptime but uh for coverage Services instances in multiple zones 99.99% single instance 99.5% load balancing 99.99% uh then what we have here is uh cloudsql and Cloud functions it's monthly uptime of 99.95% for big query and app engines it's uh monthly uptime for 99.99% for cloud stor storage it's going to vary based on the type of storage but standard storage in multi- region dual region

is going to be 99.95% standard storage in Regional location for cloud storage nearline cold line multi- region dual region it's going to be 99.9% nearline or cold Line storage class and Regional location uh cloud storage is going to be 99.0% that's because of the the the durability is reduced you're paying for uh like I mean like it's cold line you're not going to access it very often so it's less of a problem but that makes sense why it's slower for cloudnet uh this one is just the outlier where it's 99.9% uh and then AI platform

trading prediction is 99. 95% it's like the one up here I should have grouped it up here but I didn't uh so for big uh Cloud big table we have a bunch of different values so if it's multicluster routing so 99 tri9 if it's less than uh or fewer than three regions is just two n single cluster routing policies .9 zonal instance .9 for apog uh and it's very unlikely they'll ever ask you slas for apogee on the exam but we have them here anyway so for standard 99 for Enterprise 99.9% for Enterprise Plus 99.9%

for cloud spanner uh you have uh three nines of durability for multi- region and then we have two nines for regional instance so there you [Music] go hey this is Andrew Brown from xam Pro and we are looking at gcp support PL so we got basic standard enhan premium and then uh just for cost this one's free this one's 29 bucks this one's $500 and this one uh you have to contact sales so this is premium is your Enterprise support enhanced is your business support when you're looking at ads or Azure they'll charge a $100

but for some reason gcp charges $500 I think that is not smart on their part because it really makes it hard for adoption when you are a small to medium company um no idea why they did that but that's just what it is okay so uh you get unlimited access to support for standard enhanced and premium they just mean like I guess to access the platform I I would think that it's unlimited across the board but that's just how they display it there for billing support that's asking building queries you can use email phone or

chat uh in terms of response time uh standard is uh priority to so the the the larger the number the lower the priority okay priority zero is is the highest right so uh you can expect a 4-Hour response here in enhanced support you're looking at 1H hour response and for premium you're looking at 15 minute response times uh but I mean this varies based on this is when you actually have a severe issue um so it's not for general questions okay for technical support uh you can only do email with standard uh and this is

pretty common like with either Azure or AWS they'll call it um the standard will be just called developer support so yeah it's just emails and you're looking at pretty much to 24-Hour response time for that uh and for technical support for enhanced and premium you got case emails and phone uh so that is a um I I don't know if they have chat because I didn't really want to pay for $500 to find out if they had chat um but I've definitely experienced chat via building support and it's pretty darn good uh but if you

want to get on the phone for someone you got to be paying a lot more uh for eight out of five response for high impact issues uh so8 out of five means um hours out of the day so your standard at 5 days a week so that's your standard work week 24/7 so anytime you want to ask a question uh they're going to be able to help you out okay you only get English support in standard if you need Japanese Mandarin Chinese or Korean uh that's an enhanced support and premium support and so some of

the features that are found in both enhanced and premium is um active assist recommender API third party support Cloud support API technical support escalation uh for enhanced support you get ACC or you can purchase additionally technical account advisor advisory service Tas uh in premium support you get a tam so a technical account manager and so that is a person that is assigned to you you get event Management Service oper operational Health reviews customer aware support new product previews training credits and access to purchase Mission critical services so you can see there's a lot of stuff

here uh in terms of the exam I didn't see a single question about like what support plan does what which I was shocked because when you do AWS and Azure you see that kind of stuff there um it's definitely on the exam guide so I don't know why I didn't see any questions and people all the other people I asked never saw those questions either maybe they'll add them in the future so it's worth knowing this page I think uh in terms of all these feature sets they're definitely not going to ask you them on

the exam but we're going to cover them anyway all this stuff here because I think that if you are learning fundamental knowledge uh and you want to convince your stakeholders you know why to use gcp you want to know the full offering of support [Music] okay hey this is Andrew Brown from exampro and we are looking at active assist recommender so active assist is a portfolio of intelligent tools and capabilities to actively assist you in managing uh complexity in your Cloud operations uh so make improvements easily prevent mistakes from happening find out what went wrong

quickly and so here on the right hand side is a recommendation where it's uh saying this is my current configuration but it's recommending that I reduce this instance to 6 vpcu and 20 Gigabytes so I can save a bunch of money so uh three activities is making proactive improvements to your cloud with smart recommendations preventing mistakes from happening in the first place by giving better analysis helping you figure out why something went wrong by uh using intuitive troubleshooting tools if you use something like trusted advisor in naus or rer it's the same thing [Music] okay

hey hey this is Andrew Brown from exam Pro and we are looking at Cloud support API and this allows you to integrate Google Cloud's customer care within your organization CRM uh so the API supports create and manage support cases list create download attachments for cases list and create uh comments and cases uh and so the the cloud support API is available to customer cares with enhanced or premium support so why would you want this well if you have your own CRM right so you uh use a CRM to uh have your own cases for customers

allows you to kind of centralize all of your um case information in one place so that uh you don't have to have uh your users or your support team go out and make cases in Google Cloud you can just integrate directly into a single platform and this is a very unique offering I haven't seen this on adus I haven't seen this on Azure so this is pretty cool that gcp does [Music] this hey this is Andrew Brown from exam Pro and we are looking at technical account advisory Serv and this provides proactive guidance and reactive

support to help you succeed with your Cloud Journey so uh taas delivers the following services so guided onboarding to help you get started with enhanced support and set up your operations with Google Cloud best practices and additional support for the most critical cases including proactive monitoring and guidance on case escalation monthly quarterly yearly reviews to assess your operational Health across Google cloud and deliver recommendations for improving your usage of enhanced support recommended training paths and courses tailored to your organization IAL needs when you purchase Tas uh you pay a monthly fee with a minimum one-year

contract after the first year your contract is month-to Monon so third party Technology support is available to customer care support with enhanced or premium support so it's just something you can pay for additional on top of enhanced support or premium support just to get you know more guidance [Music] okay hey this is Angie Brown from exam Pro and we are looking at Mission critical services so this assess and mitigates potential service d disruptions for environments that are essential to an organization and cause significant impact to operations when disrupted to prepare you for this service Google

Cloud analyzes your current operations and onboards you to Mission critical operations mode a mode standardized by Google the onboarding process includes the following assessing key elements of your mission critical environment including architecture observability measurement and control delivering a gap analysis to help you prepare for Mission critical operations bringing your organization into Mission critical operation modes to drive continuous Improvement of your environment through proactive and preventive engagement after you've onboarded you've received the following Services drills testing training for Mission critical environments customer Centric incident reporting proactive monitoring and case generation priority zero so P0 support case

filing privileges with 5 minute response time War Room Incident Management impact prevention follow-ups so you can see this is a pretty darn serious Service uh but it's only at the the top tier of support [Music] okay hey this is Andrew Brown from exam Pro and we are looking at operational Health reviews so this helps you measure your progress and proactively address blockers to your goals with Google Cloud so the reviews serve as a regular touch point with your Tam where you can discuss various topics related to your customer care experience including the efficiency of cloud

operations including support Trends analysis of Trends and operational metrics incident case escalations and is tracking of open cases stat status reports of high priority Cloud projects so there you [Music] go hey this is angrew Brown from exam Pro and we are looking at Cloud bildings account which is used to define who pays for given set of Google Cloud resources is connected to a Google payments profile so over here on the right hand side you can see that link so projects are going to be going to your billing account and then your billing account is linked

to a payment profile uh if you want to see uh uh that you can create multiple under payment profile you create multiple uh billing accounts so here is just a single one but it's very easy to create multiples so billing account includes one or more billing contacts predefined in a payments profile Billings can have sub accounts for resellers so you can Bill resources to be paid by your customer so let's compare the two um so that we fully understand these two offerings okay so for cloud building account it is a cloud level resource managed in

the Google Cloud console tracks all of the costs charges and usage credits incured by the Google Cloud usage a cloud billing account can be linked to one or more projects projects usage is charged to the linked billing uh billing account results in a single invoice per Cloud billing account operates in a single currency defines who pays for given set of resources is connected to a Google payments profile which includes payment instructions defining how you pay for charges has billing specific roles and permissions to control accessing and modifying billing related function so established I am so

on the payments profile side we're over here now uh it is a Google level resource managed at payments. google.com connects to all of your Google services such as Google ads Google Cloud Fone service processes payments for all Google services not just Google Cloud stores information like names address tax ID when required legally or who is responsible for the profile stores your various payment instruments so credit cards debit cards bank accounts other payment methods will be used to buy through Google in the past functions is a document Center where you can view invoices payment history and

so on controls uh who you can view and receive uh invoices of various Cloud billing accounts and products so hopefully that is clear uh on the exam they're not going to ask you to uh uh choose out of these at a lineup so I wouldn't worry about that it's just more for your benefit [Music] okay hey this is Andrew Brown from exam Pro and we are looking at billing account type so there are two types of cloud billing accounts we got self- serve or online accounts payment instrument is a credit or debit card uh a

uh direct uh debit depending on the availability in each re country or region costs are charged automatically to the payment instrument connected to the cloud billing account you can sign up for self-serve accounts online uh the documents generated for the self- serve account include statements payment receipts tax invoices that are accessible to Google Cloud console then you have invoice or offline accounts so payment instrument can be a check or wire transfer invoices are sent by mail or electronically invoices are also accessible in the cloud console as our payment receipts you must be eligible for invoice

billing and you can learn more about it somewhere in the documentation so that's kind of interesting I don't know I don't remember seeing whether ads or Azure had that but it's cool that you can do that kind of offline method for payment profile types there's two as well we got individual so uh you're using your account for your own personal payments if you register your payment profile as an individual then you can only manage the profile you won't be able to add or remove users or change permissions on the profile and then we have business

you're paying on behalf of a business organization partnership or educational institution uh you use Google payment center to pay for uh play apps games Google services like Google ads Google Cloud 5 phone service a business profile allows you to add other users to a Google payment profile you manage so that more than one person can access or manag payment profiles all users added to a business profile can see the payment information on that profile so there you [Music] go hey this is Andrew Brown from exam Pro and we are looking at charging cycle so for

self- serve Cloud billing accounts your Google Cloud Char costs are automatically charged in one of two ways so you either have monthly billing so costs are charged on a regular monthly cycle or threshold building costs are charged when your account has secured a specific amount for self-served cloud billing accounts your charging cycle is automatically assigned when you create the account you do not get to choose your charging cycle and you cannot change the charging cycle for invoice uh cability accounts your typical receive one invoice per month and the amount of time you have to pay

your invoice so your payment terms is determined by the agreement you made with Google so there you go [Music] hey this is Andrew Brown from exam Pro and we are looking at Cloud billing IM roles so Cloud billing lets you control which users have administrative and cost viewing permissions for specified Resources by setting identity and access management so I am policies on the resources so to Grant or limit access to Cloud billing you can set an I am policy at the organizational level the cloud billing account level or the project level uh Cloud billing roles

in IM IM include billing account Creator so this creates a new self- sered online billing account building account administrator manage billing accounts so but not be able to create them building account user so link projects to billing accounts billing account viewer so view billing account cost information transactions uh project billing manager so link and unlink the project to and from a billing account billing account uh uh cost manager so can view and Export cost information of billing in the documentation here I've just pulled up one this is for uh Billings admin it just shows you

all the missions that are possible okay so stuff I just this is basically a condensed list of all this information all these descriptions and stuff but if you want to have an idea of exactly what you have access to you can see that there [Music] okay hey this is Angie Brown from exam Pro and we are looking at billing health checks and also budget alerts so billing health checks are recommendations to avoid common billing issues so uh within your Billings overview uh you'll see this billing health checks and it'll say it'll do be read like

saying look at these things here are some ideas and things that are good and so over if you click into that you can see a full kind of checklist the first recommendation is to go ahead and create a budget alert so this allows you to make multiple alert thresholds to reduce spending surprises and unexpected cost overruns lots of great suggestions here but let's take a look more detail at budget alerts so you can narrow down the budget scope to specific projects or specific resources you're going to go ahead and provide a value so here I

say $100 notice that it draws a trend line so you can see where your spend is currently at and you can you set multiple thresholds that preemptively warn you when you approach your budget limits so here I'm saying uh $50 $90 $100 this is really nice because other uh cloud service providers uh what they'll do is you'll just set a a threshold to say um a single threshold which is like 20% and if you wanted uh these incremented stuff you'd have to make multiple uh uh uh budget alerts or or or plan or whatever you

want to call them the other csps but it would cost you more money whereas this one it's just you can just do it all in one go which is really nice so notification options so email alerts to building admin users link monitoring email notification channels to the budget uh connect a pub subtopic uh to this account uh this budget so there you [Music] go hey this is Andrew Brown from exam Pro and I just want to show you how would you get to all the cool building features in Google Cloud console well you just go

to billing uh in the drop down and from there you're going to have a lot of options but the ones that Google wants you to know and you definitely need to know these for the exam are the built-in billing reports there's four that they have in mind so there's billing reports so an interactive pricing Explorer including graph visualization cost table reports a tabular breakdown of the cost to analyze details of invoices cost breakdown report so at a glance waterfall overview of monthly charges and credit pricing report so access SKU prices for Google cloud services here

they are are just notice that they're not one: one in terms of naming so that's why I highlighted these in in Black so you could just see like costable reports just called cost table pricing report just called pricing things like that [Music] okay hey this is Andrew Brown from exam Pro and we are taking a look at the billing reports in Greater detail here so billing report is to view and analyze your Google Cloud usage costs using many selectable settings and filters so configuring various views of cloud bilding reports can help you answer questions like

these how is my current month's Google Cloud spending trending what Google Cloud project cost the most last month what Google uh Cloud uh service um cost me the most what are my forecasted future costs based on historical Trends how much am I spending uh by the region what was the cost of resources with label X um and you can also have customized report views that are savable and sharable so on the exam they actually might ask you you know like okay you want to do this right which uh built-in report will let you do that

so you need to remember these okay and which they apply to all [Music] right hey this is Andrew Brown from exam Pro and we are looking at Cost table reports and a cost table report is to access and analyze the details of your invoices and statements I know this image is really small but down below it actually shows like kind of like a summary of um cost just like an invoice so you can filter that out to understand those totals and things like that so because your generated invoices statement PDF only contains simp simplified summarized

views of your cost the cost table report is available to provide invoice or statement cost details such as the following including project level cost details from your invoices and statements including tax costs broken down out by project includes additional details you might need such as IDs SKU IDs project numbers the uh report view is customized able and downloadable to a CSV so there you [Music] go hey this is Andre Brown from exam Pro and we are looking at cost breakdown report so a cost breakdown report is an at a glance waterfall overview of your monthly

costs and savings so this report shows the following summarized view of monthly charges and credits the combined cost of your monthly Google Cloud usage uh on demand rate calculated using non-discounted list prices savings realized on your invoice due to negotiated price if applicable for your Cloud billing account uh savings earned on your invoice with usage based credits broken down by credit type uh your invoice level charges such as tax and adjustments so it's they call it a waterfall because it looks like a waterfall but the idea is like this is just a much uh clearer

view than using um billing reports uh of course you can get the same visualization with billing reports it's just an easier visualization okay [Music] hey this is Andrew Brown from exam Pro and we are looking at pricing report so use the pricing table report to access SKU prices for Google cloud services including Google Cloud Google Maps platform Google workspace as of the date the report is viewed the report shows the following pricing information display SKU prices specific to the selected Cloud billing account if your Cloud billing account has negotiated Contra contract pricing each SKU displays

the list price your contract price and your effective discount if an SKU is subject to tiered pricing each pricing tier for an SKU is listed as a separate row all the prices are shown in the currency of the selected billing account and the report view is customizable and downloadable to the Cs view for offline [Music] analysis let's talk about some best practices when we're talking about Cloud Financial government and so first we'll talk about challenges with Cloud spend so we have unintentional uh over spending so unmonitor resources can lead to uh surprise cost so imagine

you have a VM you forgot about cross uh cost transparency so lack of visibility can lead to unpredictable spending if you have a lot of resources you might not even be aware of what's going on then we have um how we can control and and have predictable resources this is where we have real- time monitoring we have collaboration we have the cloud Center of Excellence we have Google cloud native tools so we can use the cost management tools which will help us explore that information so it's pretty straightforward here is that you know if you

don't want to have those two problems uh use the cost management tools [Music] okay let's take a look at Google's Cloud carbon footprint it's a tool that helps organizations measure track and reduce carbon emissions associated with their use of Google cloud services so here's an example of seeing uh missions that you are utilizing when you are utilizing services I don't think adus has this I haven't seen it in Azure and so Google has been the uh the uh the best at providing transparency around your carbon footprint if that's something you care about um when you're

choosing a region uh it can tell you where there is a region that is low carbon impact remember there's like a little green leaf that they show you uh there is also low carbon Regional signals so this uh will tell you um a guide about regions with lower emissions so that's more stuff about tying to regions in particular um there's the active assistant recommend recommendation so it will suggest things where you know if you shut down resources you can save money it's so bizarre because uh you know when I was getting getting really heavy into

learning cloud like over 10 years ago it was all about running as many things as you could across many regions and stuff to keep things up and now it's like Oh shut them down you don't need them we have Google workspace carbon footprint so this is specific to Google workspace to help you um identify stuff there so here's a screenshot of that little green leaf I've been talking about where you're looking at the regions and they're telling you where the the CO2 is lower by how much I don't know but I guess it probably tells

you there in that uh that table uh Google CFE indicates the percentage of energy consumed from the carbon free sources in each region so there we go um and we have the grid carbon intensity meas which measures the amount of carbon emitted per unit of electricity consumed in the region that's what we're looking at right now but there you [Music] go hey this is Andrew Brown from exam Pro and we are looking at the pricing overview for Google Cloud because they have um a lot of different schemes for pricing and it's going to vary per

service but we can break it down to seven types of pricing so we have the free trial so this is the risk-free uh trial period with specific limitations uh we have free tier the these are services that have a minimum monthly limit or or of free use uh and then we're more now into compute uh so we have on demand the standard price paid per hour minute seconds milliseconds varies per service committed use discounts a lower uh price than on demand for agreeing to onee or three-year contract sustained use discounts so these are passive savings

when using resources past a period of continuous use preemptable VM instances instances with deep uh savings but at a cost of being interrupted flat rate pricing so prefer a stable cost of queries rather than paying on demand so this is only in particular for big query I don't know if they Prov uh plan to do it for other services we have soulle tenant node pricing so uh dedicated compute so this is basically a single tenant virtual machine so uh for the exam you're going to want to know all of these pretty well uh like broadly

speaking these two aren't going to show up on the exam but uh we're going to cover them anyway just for your own benefit [Music] okay hey this is Andrew Brown from exam Pro and we are looking at free trial and also free tier so uh this is going to show up on the exam but it's for your own benefit so when you sign up for Google Cloud you are going to get 90 days free for $300 uh uh of credits on the platform that you can use towards uh different types of products and services H

and so there are some limitations to this trial that we need to go through you cannot use these on gpus to your VM instances gpus is generally used for machine learning or deep learning uh you can't request a quota increase so you get 300 bucks or credits and that's all you get you can't uh create VM instances that are based on Windows Server images um you you need to verify a credit card or other payment method to sign up uh and at the end of your trial to continue using Google Cloud you must up upgrade

to a paid uh Cloud billing account upgrading early will end your trial because you really it are in a sandbox to keep you safe uh that's one of the benefits of Google Cloud where other providers like AWS you have a high chance of going over uh your free trial into real spend okay so for free tier um all Google Cloud customers can use select Google Cloud products like compute engine cloud storage big query free of charge within uh specified monthly usage limits when you stay within the free tier the resources are not charged against your

free tier credits to your Cloud billing account payments method after your trial ends okay so um for app engine we have 28 hours per day for f instances 9 hours a day for B instances one gigabyte of egress so uh data leaving the network like downloads um the Google Cloud free tier is available only for the standard environment so it's not for flexible for artifact industry you have 0.5 GB of storage per month for automl natural language you get 5,000 units of prediction per month for autom ML tables you get six nodes hours of training

and prediction uh for autom ML translation you get 500,000 translated characters per month for autom ML video intelligence you get 40 node hours uh for training five hours uh for prediction for autom ML Vision you get 40 node hours of training and online prediction one hour uh for batch classification prediction 15 node hours for Edge training for big query you get 1 terabytes of querying per month and to me that is like super awesome and one of the reasons why um I like to use big query as my primary um uh data warehouse you get

10 gabt of storage per month for cloud build you get 120 build minutes per day for cloud functions you get 2 million invocations per month includes both background and HTP invocations uh 400,000 G seconds 200,000 or yeah 200,000 uh gigahertz seconds uh gigahertz is that GHz I think that's what it is seconds of compute Time 5 gigabytes network uh egress per month for cloud logging and Cloud monitoring you get free monthly logging allotment free monthly metrics allotment uh for natural language you get 5,000 units per month for cloud run you get 2 million uh requests

per month 360,000 uh gigabytes per second second of memory 180 180,000 vcpu seconds of compute Time 1 gab uh Network egress from uh North America per month and the free tier is available only for cloud run okay uh free access to Cloud shell uh including 5 gigabyt persistent disc storage so don't fear spinning up Cloud shell it's a very useful tool uh Cloud Source repository so up to five users 50 GB of storage 50 GB of egress for cloud Vision 1,000 units per month for fir store 1 GB uh storage per month um or just

in general sorry not per month 50,000 reads to 20,000 writes 20,000 deletes per day for Google kubernetes engine no cluster management fee and that's a big one because um other providers will charge you a management fee for uh the cluster or control plane uh for autopilot or zonal clusters per uh building account for clusters created in autopilot mode pods are build per second V CPUs memory dis uh resources request for clusters created in standard mode each user node is charged at a standard compute engine pricing for cloud storage 5 gabt per month of regional storage

so that's pretty good but only for the US regions 5,000 Class A operations per month 50,000 Class B operations per month 1 Gigabyte Network ESS from North America to All Region destinations excluding China and Australia per month free tier is only available in in Us East one US West one US Central regions usage calculations are combined across those regions last page I believe of our free tier here so for Google Maps uh you're getting 10 gabt messages per month for speech to text 60 Minutes a video intelligence API 1,000 units per month for Work workflows

5,000 internal steps per month 2,000 external HPB calls per month for compute engine one non preemptable F1 microv VM instance per month within Us West us Central One Us East one 30 gigabytes months hhd or hard disk drive 5 gab months uh snap uh snapshot storage in the following regions uh 1 Gigabyte network eress uh your free tier uh F1 micro instance is limited by time not by instance so each month eligible use for F1 micro instances is free until you have used the number of hours equal to that so just remember F1 micro when

you're looking for a free in since usage calculations are combined across supported regions uh Google Cloud uh free tier does not include external IP addresses um uh compute engine offers discounts for sustainable use of virtual machines your fre free tier does uh use doesn't factor into sustained use gpus and tpus are not included in the free tier offers you are always charged for gpus and tpus that you add VM instances and that makes sense cuz they're physical pieces of Hardware they're really expensive [Music] okay hey this is Andrew Brown from exam Pro and we are

looking at on demand pricing so this is when you pay for a Google Cloud resource based on a consumption based model a consumption based model means you only pay for what you use based on a consumption metric so that could be hourly minutes seconds uh milliseconds can be a multiply by configuration variable such as vcpus or memory by API call so maybe $1 every 1,000 transactions On Demand is ideal for low cost and uh it's because it's low cost and flexible only pay per hour shortterm spiky unpredictable workloads cannot be interrupted and for firsttime apps

so generally it's the one you usually use [Music] okay hey this is angrew Brown from exam Pro and we are looking at committed use discounts also known as cuds and this lets you commit to a uh contract for deeply discounted virtual machines on the Google compute engine it's simple and flexible and requires no upfront costs ideal for workloads with predictable resources needs you purchase compute resources so vcpus memory gpus local ssds uh discounts apply to the aggregate number of vcpus memory gpus and local ssds within your region not affected by changes to your instance machine

setup you commit for payment terms one year to 3 years purchase a committed use contract for a single project purchase multiple contract share across many projects by enabling share discounts you're a build month for the resources you've purchased for the duration of the term whether or not you've actually used the service is uh it's going to happen anyway okay so 57% uh is most machine uh uh types in gpus and 70% is uh memory optimized machine types so look here on the right hand side just to give you an idea so the idea is that

when you want to do committed use you choose the product that you want you're going to choose the plan that you want the region um and the commitment and then it's going to tell you your estimated saving [Music] okay hey this is Andrew Brown from exam Pro and we are looking at sustained used discounts also known as Suds and these are automatic discounts for running specific compute engine resources for significant portion of the billing month so sustain use discounts apply to the following resources and this is broken into two broad categories the first is vcpus

and memories so when you're dealing with these two components you have General person custom and predefined machine type such as you going in and dropping down different types of machines compute optimized machine types memory optimized machine types so tenant nodes remember that's kind of like dedicated machines and so here it's 10% Premium cost even if the vcpus and memory in those nodes are covered by the committed used discounts uh and then the other part here is that there's ones for GPU devices so you can apply uh Suds to gpus which is a great savings okay

applied on incremental use after each re uh reach usage thresholds you pay only for the number of minutes that you use an instance uh compute engines automatically give you uh the best uh price there's no reason to run an instance longer for then you need it automatically apply to the VMS created by both Google kubernetes engine and compute engine and it does not apply to VMS created using App engines flexible environment and data flow okay but what I want to remember is that sus is if you keep on using something you're going to save money

and it's going to be particular with uh uh most CPU types uh most compute types and gpus okay um oh and also it does not apply to e E2 and A2 machine types I missed that there in the end uh so uh just to kind of give you an idea of what kind of savings you can expect so there's ones for up to 30% and that's when you're using general purpose N1 predefined and custom machine types memory optimized machine types shared core machine types s tenant nodes and so here's kind of the idea of uses

level uh based on also the incremental charge okay uh and then we have sustained discounts for 20% so general purpose N2 n2d predefined custom types computer optimized types and then another graph so for the exam they're not you're not going to need to know these details but you just need to know Suds you save money uh when you have continued use [Music] okay hey this is Andrew Brown from exam Pro and we are looking at flat rate pricing and this is only for big query uh would it be ever be for any other service I

don't think so uh but the idea here is that if you have high volume or Enterprise customers who prefer a stable monthly cost for queries rather than paying on demand a price per gigabyte of data process this is where flat rate pricing comes into play so you have purchase dedicated query processing capacity measured in big query slots your queries are cons uh the idea here is you consume your queries uh uh via this capacity and you are not build for bytes process if your capacity demands exceed your committed capacity big career will VI up slots

and you will not be charged additional fees to enable this flat rate price uh yeah the slide doesn't want to go forward there but to enable the flat rate pricing use big query reservations so there you [Music] go hey this is Andrew Brown from exam Pro and we are looking at Soul tenant node pricing so a soul tenant node a single ven uh a single tenant virtual machine is physical computer engine server that is dedicated toost posting your own projects VM instance you've heard me mentioned Soul tenant many times in this course when you create

a soul tenant node you're build for all of the vcpus and memory resources on the soul tenant nodes plus a soul tency premium which is 10% of the cost of all the underlying vcpus and memory resources uh it does uh for sustained use discounts apply to this premium but committed use disc discounts do not after you create the node you can place the VM on that node and then these VMS run for no additional cost vcpus gigabytes of memory are charged a minimum of 1 minute after 1 minute of use Soul tenant nodes are built

in 1 second increments the price of a Noe type depends on the following so number of vcpus of the Noe type gigabytes of memory of the node types region where you create the nodes so uh we'll still tenant show up on the exam probably so just make sure you understand uh you don't need to remember all the details to it but remember just understand what it is and generally how expensive it is okay [Music] hey this is Andrew Brown from exam Pro and we are looking at the Google pricing calculator so this is a free

web-based cost calculating tool to generally Calculate cost of various gcp resources so you do not need a gcp account to use this tool you can create a sharable link or email uh they estimate to your organization or key stakeholders so this is generally what it looks like you choose the service so here I say I want two instances uh and there's other particular details and then it's going to uh generate a cost so here it's saying it's $97 you can email it uh you can change the uh currency uh very straightforward so there you [Music]

go hey this is Andrew Brown from exam Pro and we are looking at the concept of resource hierarchy within gcp so uh this is kind of a graphic of what a hierarchy could look like and there's a lot of components uh that go into it we did cover this a little bit earlier uh in one slide about folders where we talked about folders projects and resources but there's a lot moving Parts here and on the exam they're definitely going to ask you about resource hierarchies so let's make sure we know this okay first thing is

a resource is a service level uh service level resources that are used to process your workloads could be big query compute engine whatever uh that is a service you want to launch then you have Resource Management how you should configure and Grant access to Cloud resources from your team setup and or uh or team setup and organization of your account level resources you have domains primary identity of your organization ation Define which users should be associated with your org a universally administered policy for your users and devices linked to either a Google workspace or Cloud

identity account a Google workspace or Cloud identity account can only have one org just so you know uh then you have orgs or organizations these are the root nodes of your Google Cloud hierarchy of resources you can Define settings permissions policies for all projects folders resources Cloud billing account is its parent organization is associated with exactly one domain using an organization you can essentially manage your Google Cloud resources and users access with proactive and reactive management uh then you have folders this is a logical grouping of projects and other uh or other folders folders can

be used to a group resources that share Comm and IM policies you got projects so logical grouping of service level resources products can represent teams environments organizational units business departments and this is basically where uh resource hierarchy is very detailed in its variants basis of enabling services apis and am permissions a service level resource resource can only belong to a single project you got labels so categorize and filter your uh Resources with key value pairs if you used ad or rure they call these tags okay but here gcp they call them labels great for cost

tracking at a granular level there are three suggested har architecturals you can use environment oriented function oriented and granular AIS oriented they're not going to ask you what kind of uh architecture it is but they're going to talk about these um like saying like which would be a good setup and they'll describe kind of what the the setup would be and that's why you want to know these uh three types and we'll go over to the docs to look at that because that's where the most detail is for this [Music] okay hey this is Angie

Brown from exam Pro and we are looking at environment oriented hierarchy and so this is the most simple uh simplest want to implement and pretty much what you would think that you would want to do uh and so the idea here is you have a single organization uh and you're going to break up your folders into different environments so production quality insurance and development and then underneath you're going to run your application so this works pretty well in a very simple setup uh but it can pose challenges if you have to deploy services that are

shared by multiple environments [Music] okay hey this is Andrew Brown from exam Pro and we're looking at function oriented hierarchy uh so this one looks a little bit more complicated but the idea here is that you have one organization that contains one folder per business function okay so notice here uh we have apps management and uh infrastructure technology and then the idea is that down below now we can Define production uh or environments as another layer of folders you have folders inside of folders so each business function folder can contain multiple environment folders multiple business

functions are apps management and information technology more flexible compared to environment oriented gives you the same environment separation allows you to deploy shared services function oriented hierarchy is more complex to manage than an environment oriented and it's separate access by business so there you [Music] go hey this is Andrew Brown from exam Pro and we are looking at granular access oriented hierarchy so this one's a little bit larger we have three layers of folders and so the idea here is we have one organ organization that contains folders per business unit so now as you can

see here it's retail risk management um Financial commercial I know it's hard to read but it's hard to fit that whole image in there each business unit can contain one folder per business function so now we have our function so application sandbox shared uh core Services data analysis uh controlled services and each business function folder can contain one folder per environment so produ development Etc so this is the most flexible and accessible option you need to spend a greater effort to manage the structure roles and permissions um the network topology is more complex so really

like when you're looking at it the idea is that uh we had the three uh three types so the first one was environment oriented so this is the environment then you had function oriented over here and then this one here is granular access oriented so the idea is that you're just adding additional folders for organization for organizing your resources [Music] okay hey this is Andrew Brown from exam Pro and we are doing the gcp follow along so the idea here is that we are going to uh just launch a bunch of cloud uh Services uh

it's not going to be super challenging but the idea is just to kind of help cement the uh the knowledge of what we've learned in the lecture content they don't even recommend uh it necessary uh for the exam but I like to do it and I think that you'll appreciate doing it too so once you've created your GCB account you should have an organization and a default project uh and so one of the first things I want to show you how to do is to set up a resource hierarchy because the idea is you have

your Cloud workloads below which run in projects and you can organize them into folders uh and uh this is all tied to your organization and this is a little bit tricky and it does show up in the exam so it's important to know how to do this uh and so that's the first thing I really want to show you uh so so what we'll do is we'll go ahead and make our way over to IM because that's how we do it and it's not going to work and I'm going to show you why and then

we're going to show you how to get permissions okay so we'll go to IM am and on the left hand side if you expand it down below there's one that says manage resources now you can also go up here and type in manage resources uh because sometimes it's really hard to find things in gcp so you just have to kind of uh work those two ways the idea is I have a bunch of projects in here and I have my organization and I want to go ahead and create a folder and so I might have

a folder coming back over to our structure here we might want to have um a folder like applications and then production so if I try application here and my organization selected notice that I have this little Caution sign says you do not have the required permissions resourc manager. folders. create permission to create folders in this location so you go okay well how do I get permissions I would think that if I'm the owner I'd have permissions to everything but that's not the case so if we make our way back to all right we go all

the way back here uh and uh we go we're under uh the top one here which is for the users and we see I have the owner role if you look up up the documentation it's going to say go ahead and add project or admin folder okay so you go admin folder or project folder and nothing's going to appear and the reason why is that you can apply permissions or roles at the uh project level and also the organization level and because of that the the rules that are available are different so you're never going

to find at the project level here and so what you got to do is go to your organization all right the way you know that you're in your org right now is that it has this little um uh building and notice now it's just listing uh people at the organizational level and so what I can do here is go ahead and edit the member and I'm going to add a role I'm just going to type in folder okay and so now we have folder admin that's going to give me full access full control to create

uh what I wanted to do there which was folders now if we go to left hand side here and go to manage resources we should have an easier time creating folders now and so we'll go ahead here and call this application okay we'll hit create and give it a moment to create and uh what we'll need to do is go ahead and refresh to see that new folder and there it is so now that we have that folder let's go ahead and create a folder within that folder so I think uh yeah if we go

ahead and hit create folder here uh and we'll choose our organizational structure oops uh so sorry so I got to go and choose the org and then now what we can do is choose the folder so I want application here and following our guide here we're going to go with let's say development because we're not serious about running any kind of production workloads today we'll go ahead and create that okay we'll go ahead and hit refresh down below and now you can see we have application development so let's say we want to move um or

let's say let's we want to create a new project that's going to sit uh in here for our development workload and So Below down below uh you might want to uh specify the names but what I'm going to do is create a new one in here and I'll say create project and this is just going to be uh my app uh and we will choose its location okay I'll hit create and it takes it doesn't take that much time for these to build so uh if we give this a hard refresh there's a refresh button

up here we should now see our uh our my app so if we go back to gcp up the top here I should be able to switch over to my app all right and so now what we'll do is go ahead and create stuff there but that's what I just wanted to show you was the fact that you had that uh folders and project structure and how easy it was to create in some of those headaches there um I can't remember you probably can apply permissions at the folder level let's just go take a look

I'm not running crazy workloads in um GCV so I don't always know but uh what we'll do is go back to the resource manager manage resources here and I think you can yeah I'm not sure but it's not really in the scope of this certification but the idea is we have our project set up and I will make my way back to that and now we'll start launching some resources is [Music] okay hey this is Andrew Brown from exam Pro and we are on the gcp fall alongs for the digital Cloud leader and uh actually

before we launch any resources I probably should show you a bit about uh spend and how to control your spend so this is a new project that we uh started up and there's nothing really in it now I was playing around in this other sample project here called exampro and I purposely ran a bill so I could show you what billing looks like uh because it doesn't make a lot of sense like it's very hard to understand it if there's no um uh billing happening so on the left hand side you'll go to billing all

right and we'll just give it a moment to load here and so we have a bunch of different options here so reports cost tables cost breakdowns commitments etc etc uh and so for the exam uh you're going to want to know about um the different types of reports the overview reports cost table cost breakdown and generally understand the differences they're pretty thoroughly covered in lecture cont so uh you know it's not a big deal if you don't absorb it here but um the idea here is uh we can see and this is just the overview

we have our cost Trends so we have some nice charts here um so it's just kind of like a breakdown so maybe top products things like that it's very straightforward but over here on the right hand side we have billing health checks and so if we were to uh click this here it's going to give us a bunch of suggestions that we should do uh and so the first is Grant access to view building reports assign multiple billing account ad administrators uh turn off billing account Creator role for domain set up a budgets alerts link

a project or close an unused account so um I would say that setting up a budget alert is on our high priority here because we do not want to end up spending more than uh we have so if we go over to budget uh alerts over here you can see I have my spending limit and showing that I've spent uh $243 out of $100 so if we want to go ahead and create ourselves a budget it's pretty darn easy I'll just say my second uh budget alert okay see I had a lot of spend the

other month there and now I don't have so much um but the idea here is you can go and say okay do I want to uh take into account credits or not credits would be if you were given gcp credits uh to utilize for free a lot of times startups get those uh but the idea is you can go ahead and hit next then you can specify the exact amount and so I could say $50 right and it shows you a line where it can uh go we'll hit next and this is really nice which

I like uh you don't see this in like AWS where you'd actually have to set up uh separate building alarms but in uh gcp you just if you just can do it all in one go so the idea is if you want multiples you just add multiple thresholds and it's going to warn you when it approaches those numbers and if you go down below you can see that you can email uh receive emails about it uh and if you also want to push it to uh Pub sub you could do that so you can pratically

uh code it into your platform uh in terms of the exam you just to know that you can set thresholds and why you'd want to use budgets right just to make sure you're monitoring your spend now I don't need to go ahead and create one because I already have one it's a very simple process but that is budget alerts now if we go back over here to reports uh this is really cool this is basically a a great way of visualizing your data uh so you have a bunch of different options and you can really

uh pair down and say okay I want to know exactly what the spend was for this uh service uh and stuff like that so if you really want to do visuals that's what you'd use uh that reports tab for then you have uh your cost table and cost table is basically like a dynamic invoice so the idea is like invoices just aren't able to show you all of the line items and so here uh we can go and expand and see every single uh every single charge at a uh granular layer and I'm pretty sure

you can export this um download here yeah downloaded as a CSV so it's a better way to um uh uh like uh review your bill uh from like an invoice perspective then you have cost breakdown and this is kind of like just a simplified report so like we have reports up here and uh and the overview but this is just more so kind of so you can see it at a glance uh per month so is it up is it down where are we right so not super complicated um and again the questions are not

hard in the exam but really all I wanted to show you was those four there and how to set a budget alert and that's pretty much all we need to know so what I'm going to do is make my way back to my sample project and now we're ready to launch some resources [Music] okay hey this is Andrew Brown from exam Pro and let's go take a look at compute engine so what I want you to do is go to the top left corner here onto our hamburger menu and we'll scroll down make our way

over to compute engine and go to VM instances so this is where we would launch virtual machine so we'll give it a moment here to load and as you you can see I've never used it within this project so pretty often you'll have to go ahead hit enable so you are agreeing to use a particular service every time you create a project it's always going to show you that uh but we'll give it a moment to uh uh allow us to use that API uh it just takes a little bit of time and I don't

know why sometimes the UI is a little bit buggy um sometimes it freezes like this and so if it does do that what you'll need to do is just go ahead and hit refresh it's usually pretty darn good the experience is usually pretty smooth but not always the case so I'm going to go ahead and hit enable again okay and it just does not want to work right now so if that happens and it's totally possible that can happen what I recommend is just uh step away go get a tea go get a coffee and

then come on back because it'll probably work in just a bit okay I'll see you back in a moment all right so uh after a short tea break I'm back and it's now just all of a sudden working so uh that's the thing with these large cloud service providers is that their services are so massive it's very common to uh run into inconsistencies in the UI where you think you've done something but it's telling you you haven't but you know you have and so you have to have confidence knowing okay I did do this and

just give it a little bit of patience and time uh and just check in again and so here you can see it actually launched multiple times because I pressed the button four times so actually worked the first time uh but here we are and if you want a quick start you can you can hit this button here and the thing is is that gcp and only gcp does this but they have a really really good tutorial system so if you want to be shown around anything you can hit show me now uh and it'll it'll

help you step through all the things that you need to know and so this one is just kind of like a tutorial uh on how to do something I'm not going to go through it this is more for you this is how how to do a to-do app with mongodb I don't like mongodb so I'm not doing that today but I just want you to know that's a great way to start learning with gcp um but what we'll do uh and you can see we have different instances here so VM instance templates Soul tenants those

are dedicated machines machine images Etc tpus but what we want to do is just go ahead and create ourselves a regular old virtual machine so I'll go ahead and hit create instance and we'll give it a moment here today's a slow day for gcp it's usually super fast and uh here we're in here and so on the left hand side we have new VM instance new VM instance from template new VM instance from machine image or the market place now uh I really like how gcp uh uh shows their um forms compared to ads and

Azure because they're always like on one screen and they're very good about showing you the price uh which is really nice uh and here you can do you get a breakdown to kind of see where the hidden costs are so it's not just the G CPU cost that it's just like there is a persistent dis uh and maybe if you're using sustained used discount if you've used it on a monthly basis it'll show your savings notice it's like a negative so it would uh show you uh a reduce cost there uh but the idea here

is that we want to name our instance so I'm going to say my website okay we'll see if it takes that we can add labels labels are tags so I can go here and say um uh EnV uh production we'll go ahead and add that label other provide providers call them tags for some reason gcp wants to call them labels but it's the same thing notice we can choose our region so I'm going to see if there is a Canada region I'm pretty sure there is I just started typing as if I was on Azure

and that's not the case I got to scroll on down and look for it I know there's a Montreal there's always a Montreal right there at the top uh and so I can choose between my zones I'm going to stick with Zone a notice we have general purpose and compute optimized uh notice as soon as I went to compute optimized $135 we'll make our way back E2 is I believe the most cost effective uh instances another thing that's really nice about gcp is they just have fewer fewer things to look at so uh it's just

a lot easier to uh get set up here but this is good uh for me I don't need a 2 vcpus and four gigabyte memory I want to go super small so I'll click on that now I'm down to $783 I'm a lot more comfortable about uh comfortable with that we'll scroll on down so confidential VM Services enabled a confidential Computing service on this VM so this service adds protection to your data in use by keeping memory of the VM encrypted with keys that Google doesn't have access to that sounds really good uh so you

can see we can checkbox that on and we have some additional settings we're not going to do that today but I think that's really cool this is something I really like is that any kind of most instances I think most like basically all instances can support this container option and what it will do is it will install a uh container uh layer for you and then you can just specify your container image and it's very makes it very easy to launch containerized um uh containerized services like single container services Azure doesn't do this uh adabs

doesn't do this only gcp does this in this kind of convenient way so I really really like that not to say you can't do it on AWS you'd have to go to the marketplace but that is like a super bonus for me for gcp uh I notice there's some Advanced options here so like you know like the the command uh uh command arguments you'd probably specify uh environment variables maybe the entry point yeah that's the entry point there if you know anything about containers if you don't don't worry uh then you have your boot dis

so this is the boot dis right and so we have some options here starts with 10 gigabytes I wouldn't want something larger than 10gb but we'll take a look around here so here we could choose uh Debian or Debian 9 we can change our operating system I'm pretty comfortable with Debian I I like Debian oh Fedor cor s that's pretty cool I really like Fedor cor S I just learned all about that recently you can provide your own custom images uh you can set the besze a snapshot you can attach existing discs but we'll do

stick with Debian because that's a a pretty safe one there uh another one is pretty safe as sentos that's what a lot of the um cloud service providers base their their managed uh instances on but what we'll do is scroll on down you can see we can apply firewall stuff um yeah that's all fine we don't need to do any more with that we don't need a firewall so we'll scroll up make sure our price is okay $783 you know what I'm looking for is um a lot of times Cloud providers will have a startup

script here it is and this would be cloud and knit okay so cloudinit is a pretty standardized or cfit cloudinit can't remember what it's called but it's a standardized way of uh providing your um your virtual machines with a a script to start like it's the first thing it runs so if we wanted to install a Pachi we could do that um I'm just trying to see if there's like an example here like it it's just a bash script right so I'm just thinking yeah see here and this is actually exactly what I want too

so this is perfect I didn't know they had this and so here the idea is that we're just take this if you specify the first line in a cloudinit file as this with the shebang it's going to know it's a a basp but it can also take a yaml file I believe um but anyway what this will do is it will install it will do an update and then it will install apachi 2 and I believe these this is actually for Debian uh because if we were using um sentos it'd be like yum but apt

is for that I don't know if it needs a pseudo in front of here it doesn't seem to need it uh but what we'll do is we'll put that in there Sav me a lot of time I didn't have to try to remember what to write um you can set custom metadata we don't need to set any custom metadata today uh and just looking at some other stuff availability uh policy on host maintenance nope everything is fine so we'll go ahead hit create and fingers cross that just works um I didn't set up any SSH

though huh well if if there's options what we'll do is we'll just launch another one but we'll see how this one goes so what we'll have to do is wait a little while so I just hit refresh up here so there's a connect option for SSH but we're just waiting for it to start it's just going to spin so um let's give it 5 10 minutes and I'll see it back here in a moment okay okay so after waiting a little bit of time there I did have to hit the refresh button in order to

uh see that green status but let's see if our website works so what we can do is go over to this external IP that is our public facing IP address hitting that button to copy it and we'll go ahead and paste that on in there and so notice that it's not resolving if that's happening it's either means two things our Apachi server is not running or our fire firewall rules is not allowing us to access on Port 80 so that is something we're going to need to figure out so we need to ssh in I'm

so used to providing an SSH ke or generating during the uh creation process I forgot the gcp doesn't make you uh a set one in the creation process you can just click here and it'll let you in so we can open browser in window on a custom Port uh vew gcloud command I kind of would prefer to do it in um the Google shell so let's just try the browser first okay and what it will do is it will transfer the SSH keys to the VM so you don't have to do anything it's really easy

to get in okay and we'll just give it a moment not fast but easy all right and we're in okay so you can type in LS PWD just to see where we are uh let's go see the g-cloud command if that doesn't work we'll just make our way back here but I would rather I would like to try to uh use the cloud shell because I think that's really nice so we'll go view gcloud command and there it is so what we'll do I'm not sure if this is going to work but what we'll do

is copy this the following you could be used in the SSH to into the instance okay so oh running Cloud shell perfect so if we didn't click there we could go up here and click activate Cloud shell Cloud shell is like a uh a terminal I think gcp was the first to have this Azure has one adus now has one but gcp has the best experience for this what we'll do is we'll go down here and say view in uh gcloud and just hit run in Cloud shell okay gcloud is the name of the um

the CLI okay okay and we'll give it a moment to uh start up an instance here I assume it's containerized it's probably it's probably containers is how it's able to launch so fast usually it's super fast by the way it's not super fast today and then it'll run that g-cloud command it should get us into our instance also another cool thing about g-cloud is it has a editor built in and it looks just like vs code I'm not going to switch over to it because I do not want to interrupt our terminal but if you

want to do coding you can totally do it within the gcp platform and again that's a lot easier than the other ones make it out to be uh so it's pre-filled it in here it looks like this is a beta feature but we'll go ahead and hit enter uh it's requesting access we'll say authorized we will say yes uh we'll say enter enter so what it is is it generated out in SSH key for the uh Cloud shell and then I imagine what it's going to do is then um take that SSH ke move it

onto the server and then allow us to then authenticate that way okay and so I believe yes we are in the instance because it says my website down below so I'll type in clear okay and so one way we could tell if it's working is we could uh we could do like a curl so if we did curl Local Host and it returns HTML and it does that shows us that the apachi server is running probably could also type in pseudo apachi um or maybe pseudo service um Apachi to status yeah and it's running so

so it's running and we we did a query so probably the issue has to do with the fact that our firewall is not open so let's go take a look there and see what we can do okay so we need to go create ourselves a firewall rule but I just remembered that we're going to need uh the IP address uh so I'm just clicking back to the instance here whenever this page loads I'm going to grab that external IP address and click back forward here we'll go ahead and create ourselves a new rule I'm just

going to scroll on down and change this over to uh specified um all or all inst all instances in the network and then specify the range and put for slash 32 on the end there okay so the top here we're going to type in Port 80 uh and we'll maybe say website and we'll say uh let our website be accessible on Port 80 probably would help to type correctly it's not going to hurt anything but uh you know someone else reads your stuff they want to make sure that it reads okay uh logs will leave

that off default network is fine priority is fine Ingress means inbound egress means outbound so we want to uh get in like to uh to get something back right we can allow or deny so we are allowing if we scroll on down below we can specify the ports this is TCP uh we're going to put Port 80 and then we'll go down below and go ahead and hit create does not like the name must be lowercase it's hard to remember all these rules we'll go ahead and hit create we'll give it a moment and what

we'll do is go back to the internet hit enter and see if this is working doesn't seem to be working just yet let's give this a refresh see if our rule appears here so Port 80 that is correct priority so this has a high priority so it should be applied 32 203 103 432 the 32 just means exactly that IP address we'll go up here it did not resolve so just give me a moment I'll take uh think about this okay so I think we might have an easier way to uh make firewall rules in

the way we were doing it here so what I'm going to do is go back to my instance here CU I could have swore that it was here but I probably just forgot if we go down to a view Network details I think here uh we'll get yeah so there is we don't have any network tag so we don't have any way to specify tag um but here we have the external IP and the internal IP address and what I wanted to see was what firewall rules were being applied so here if we go over

over here we can see that we have Port 80 so this should be applying um and down below we could probably do u a con connectivity test here and we'll see what we get back okay we'll go ahead and create a contivity test we'll say uh Port 80 Port 80 test TCP sounds good to me and we want this to hit the 35203 103.0 and that's the IP address we can also just say the VM instance that's a lot easier I like that instead notice it's hitting the primary internal IP so that's not going to

be very useful because we have to go from the outside in okay so we'll do 35. 20313 do0 this is IP address used in GC P this is an IP address used in gcp when you yes it is okay um and that's correct so we'll do Port 80 we'll say create and we'll see if we get some uh connectivity so it's just a way for us to effectively see if it's working um last time test last packet transmission result so it's probably running it I'll just go here and hit rerun yeah that's fine and do

I have a refresh button here no I don't and so it says it's reachable okay well we can go ahead and view the results so we have the VM instance the Ingress egress firewall rules the static route natn VM instance so everything seems to be working so maybe I'm crazy maybe our thing is working let's go back and take a look again okay but it's not working another thing we could do is we could open up our Cloud shell and so we were using Cloud shell within the server let's just make sure we're not on

the inside we're not that's good and what we can do is just do a curl and paste in that IP address and see if we get anything returned back if it times out that means that it's not going to work and know it's not it's timing out so we still have a firewall rule issue here so let me just try a bit more but hey we did learn we did learn about uh C cognitivity test that's kind of nice so we'll be back in a moment here okay okay so I think I know what the

problem is I haven't tried it yet but I was just staring at this thinking okay I put the IP address in why is it not working well the problem I think is is the fact that I provided the IP address uh for the VM instance but we're actually trying to say what is allowed in right so it really should be my IP address or uh a public facing internet so what I'll do is I'm just going to say what's my IP okay and we'll grab this here and I bet that's the problem because we're not

trying to allow the own server the own IP address of the server into itself that makes no sense it would make more sense if it was ours so what I'll do is go ahead and click this we'll go ahead and edit this Rule and we'll scroll on down and we'll switch this out for my IP address now you could do 0.0.0.0 for. Z and that's what you'd want to do if you're launching a real website here we'll go ahead and save it how embarrassing but uh it just goes to show it doesn't matter how many

years you work with Cloud it's it's easy to get turned around okay so we'll go up here hit enter and now our website loads so there you go it's not that hard um as long as you know what you're doing okay so what we'll do is we'll make our way back uh to our um instance so we'll say compute engine up here probably could pin it um I don't want I don't really like pinning things but so that was a instance um is there anything else of interest to show here not really so let's go

ahead and just delete this instance okay and we'll hit refresh here okay it's going to delete I'm pretty confident about it I'm not too concerned about this resource and so what we'll do is go back and click on G uh gcp or Google Club platform and uh we'll move on to the next fall along [Music] okay all right so we learned about compute engine let's go learn about I don't know let's say uh databases so what we'll do on the left hand side here is scroll on down and let's go take a look for um

SQL so there's spanner and there's SQL so spanner uh it's a relational like it's its own variant of a relational database but it's not it's neither postgress or uh MySQL but if you were to be launching a web application you'd probably want to just use the SQL service so we'll go here and we'll launch ourselves our own SQL instance so go ahead here and create an instance we have the option between MySQL postgress and SQL Server I am particular to postgress so I'll go ahead and click this and we'll go up here and so lowercase

numbers letters so my relational database or my uh postgress and we'll need a password so we'll go ahead and generate one there we'll show the password just so I don't have to uh figure that out later and I need to dump that somewhere so I'm just pasting it off screen so just make sure you know where your password is uh postest 13 seems fine to me I like to launch things in Canada so let's go look for Canada there's Montreal we have single zone and multizone now notice does it show us the cost here it's

not but I can tell you if you have it a multi zones it should cost more because you're running redundant servers so I'm going to go single zone okay I want it to be cost effective all right we can even specify the zones I'm going to say any I don't care where it's going to go we can customize our configuration options so let's open it up because we wanted again the lowest cost for our example here um so we got high memory standard shared core shared core sounds cheap we have lightweight I'm just checking the

values here over on the left hand side so look at high memory 26 26 gab that's insane my like I don't have a gaming computer that much we go over here now we're down to 37 7 gigabytes that's lightweight nothing I don't see anything changing there but I imagine it's cheaper then we have a shared core 600 megabytes this has to be cheap all right so this is the one we're going to choose for storage SSD is fine we don't we're not really doing anything real so I'm going to choose HDD that should be cheaper

right I'm going to go 10 gabt cuz I'm not doing anything real uh enable automatic storage increase that's something you'd want to have but for our purposes I'm turning that off um do we want to have a public IP address well I do because I want to connect to it maybe do a query on it so we'll leave that there um you might want to turn that off if you're running a secure workload generally you would and you just only allow um access through uh you know the um firewalls and stuff like that I do

not need backups today uh we don't care when the maintenance Windows is flags are fine we don't need insights insights are nice if you want to query and see information I don't think this costs extra but I'm going to leave it off anyway we don't need it today we can set labels as per usual so I can say EnV uh Dev should have been Dev last time too and so I'll go ahead and create this instance okay now I didn't specify a database name so maybe it's just the the identifier all right so I'll just

wait for this to provision I'll see you back here in a moment okay all right so after waiting a little while there it looks like our instance is ready it took about um I don't know 10 minutes for that to spin up uh not too bad and so down below we have uh the public IP address the outgoing IP address the connection name but looks like there's an easy way to connect with the uh Cloud shell so let's click it and see if it auto fills it in for us that'd be really really nice I'm

not sure if that's the case but I guess we'll find out here in a moment right looks like it is so it says gcloud SQL connect my postgress puts in the username which is postgress um so it looks good let's go hit ahead and hit enter might have entered that in twice there uh permission deny cloudsql admin API has not been used in this project before or is disabled enable it by visiting this link so I guess that's what we'll have to go ahead and do so we'll go and click that link there and we'll

give it a moment say enable usually this doesn't take too long sometimes you can tell by going up through the top so that's good so what we'll do is go back and hit up we'll hit enter and see if it connects now allowing your IP address for incoming connection for 5 minutes sounds cool can I do stuff we'll say back slash D oh no we're waiting okay well not sure what's going on there that's not too clear but I mean that's not usually how we connect to a postc instance what I would do is collect

the names and uh use something like table plus and that's what I want to do here so that's what we're going to do okay all right so what I got here is uh table plus and this is just a way of connecting to postgress instances so go ahead and make a new connection to postgress this is free software by the way you can go and download it works on Windows Mac and Etc and so we got to fill in a bunch of these things so uh we need the host we need the username and the

password so the username is postgress okay the uh password uh I saved earlier so I'm going to bring that on over here and paste that in um the database name would be what um it could be so this says connection name but that's not very useful I mean my postgress is probably because this looks like it's this is probably the um name of the database that's probably the um database name there is my postgress what would the host be um usually like if it's a they have a connection URL I suppose you could use an

IP address I'm just not used to having that so we have a public IP address and an outgoing IP address let's try the public IP address here 35 2036 181 we'll say uh gcp my postgress here and so it looks like we have mostly everything the default Port is 5432 so we'll just do 5432 we'll hit test and see if that works fingers crossed okay so what I'm waiting for is this to go green it might not go green um let's just try connect instead on Mac it goes green I'll say hey you're connected and

it did not connect okay so that's fine so what we'll do is we'll give it a little bit of check here so what else would we need need to do give me back I'll be back here in a moment okay you know something I was just thinking is um you know it looks like all our configuration settings are correct but maybe our firewalls is just not open so what I'm going to do is make a new tab here and we'll give it a go it's all about trying things on the Fly here nothing's too hard

for the cloud uh and we'll go firewall I just want firewall rules well that's app engine so we'll go here because I imagine this must be in a VPC so what we'll do is go here and create ourselves a new rule and we'll say uh my postgress [Music] rule and we'll go down we'll let allow specify targets we're just going to uh do all instances in the networks with a particular IP range so um I'm just going to get my IP IP address like I did last time so my IP address right then we'll grab

it there we'll drop it in 4/32 we'll say TCP 5432 we'll go ahead and create that rule so now now that I have this rule on 5432 which is the port for postgress let's go ahead well I guess we got to wait we should probably be patient there is the rule I'm going to go ahead and hit test see if it works now probably is not going to work if I have that colon in the name in the database we'll try again just connect here that doesn't work we'll just edit it again again test connection

is a server running 5432 still no good okay well I'll give it another try okay give me a second okay so another thought I had was I was just poking around and we have users in databases here on the left hand side so here we have postgress and then here we have uh postgress again so there is no database called I mean again I haven't tried it but there is no database called my postgress database that's just what I wrote in because I assumed it's based on the instance name that's just the name of the

instance internally uh for gcp so what would happen if I was to type in postgress instead here and then test this connection would this work because to me like this would make a lot more sense right uh and if that doesn't work I would say that we have the database right and the username is right but maybe there's something wrong with the host or the IP address or the connection so we go over to users that looks fine we go to the databases this one's called postgress so that is fine we go to connections um

and it's public IP to authorize a networker use cloudsql so we said public IP address is fine you do not have an authorized any external networks to connect to your cloudsql external applications can still connect through Cloud proxy so if we don't have a network maybe that's our problem so whoops what if if I go and grab my IP address here maybe that's our problem for sl32 my home address we'll hit done uh we'll hit save scroll on down below here uh here it says you can manage if you're encrypted public IP address only allow

unsecure connections are allowed to connect and that's fine we just want to be able to use it so what we'll do is go back here try this again we'll hit test and this thing is super buggy but notice that it's editing our postgress so I'll see you back here in a moment okay okay so we waited a short amount of time and what I'm going to do is go edit and notice my connections postgress postgress the database password I put in the host name uh and if I go ahead and hit connect it now connects

so I don't think that firewall rule mattered at all that's for VM instances uh so I probably go back and just delete it out just to make sure you know that is the case um so we'll just type in firewall here okay and I'm going to go ahead and delete this rule all right and now just to do a sanity check it's not uncommon for cloud service providers to have you know that stuff messes separately like in ads you have um uh security groups that are like DB security groups that are specialized so to me

that's not a surprise that was like that we'll get go ahead and hit uh edit hit connect can we still connect yes okay so that's how we had to grant us access now this is postgress this is the default table you really wouldn't be uh uh making uh or or database you wouldn't be making stuff inside of that what you probably want to do is go ahead and create a new database so what we can do go back to our uh instance here close some tabs out so we don't get confused and probably what we'd

have to do is create a new database in here so we go here and I'd say um uh you know my database okay we'll hit create and we'll give that a moment to create probably the postgress user is a super user so we can do whatever we want there but if we go and edit a connection we're going to leave out the database it should allow us to connect to all of the databases here so it should show us postgress and the other one uh we might have to select our database so control K or

uh oops that's not it control k okay so there we go so we can see we have cloudsql admin uh my database and post grass so I'll go ahead and click into postgress here all right and there are no tables but I can go and maybe I can make a new table here yep so we there we go so we say ID and I will add a new column it will say name we'll make that a varar it will let me just drop down change it to farar or text I just prefer text okay and

we'll go ahead and save that create untitle table oh we got to name the table so we say users Here and Now what it does not like here zero length identifier create table undefined table well I just named it up here uh the primary ID would be ID up here can I save it now maybe it doesn't like this one hold on here I'm doing contr s by the way to save it um I never create tables this way I always go through and make a manual connection um but I'm giving it a go here

today for the first time so zero length eliminated identified at or near double quotations want to be named over here maybe I mean it's named right I don't know it doesn't doesn't want it um you know that doesn't work that's totally fine the other way we could do this is um I'm just thinking here because if we like I don't have um postgress client installed on my local machine I don't think I do so I don't think I can uh use that I can try let's see here no I don't think I do so uh

the only way I'd have to do this is probably through Cloud shell and through Cloud shell we would have to allow the IP address uh I don't know how much of a pain that is my point is is that you know like it's not necessary for the exam to know how to set up a table but the idea is to establish a conection I just wanted to show you how to do that that and so I kind of feel like we've kind of satisfied it there and solved all the stuff that we wanted to do

um but what we'll do is we'll just go ahead and destroy this and we're all good to go okay and what we'll do is just check box that off or click into there we go ahead and hit delete and we will put in the instance name there we go it's deleting I'm pretty confident that will delete and that's it there there so we're done with that we'll move on to the [Music] next hey it's Angie Brown from exam Pro and in this fallong I want to show you Google's app engine which allows you to easily

deploy uh web applications so in the top left corner we'll go all the way up here to the navigation menu and we'll scroll on down looking for app engine which appears under serverless so we'll go there we'll go ahead and create ourselves a new application and the first thing we're going to see is a bunch of regions we can choose from I like to always choose from uh Canada so what I'll do is try to find my region if it is available it might not be which is totally fine um and I don't think I'm

going to get Canada today so I'll just go with us East one so let's me zoom in on this map here oh no there's Canada there we go North America Northeast one great so we'll go next and we'll give it a moment to load it's just thinking really hard there thinking really hard and I cannot tell if it's frozen so what I'm going to do is just give it a hard refresh here see if that helps at all all right so I just had to give it a hard refresh there uh in order for this

to actually show up um but what I want you to do is go down and we'll choose our run time to be a ruby because that's what I know and love uh and we have the option between uh standard and flexible for the exam you definitely want to know the difference uh for this fall along not a big deal we're going to stick with standard here today um and the great thing is they do have some samples here on GitHub so what I'm going to do is right click here and just take a look here

at what they have they got a bunch of different stuff here uh and so what I'm thinking is we can open up our Cloud shell so I'm going to open up Cloud shell here at the top and it actually has an editor mode I haven't really given this a go so let's try it out I know what it looks like it's like vs code um but I'm just saying I haven't uh done a big workload in here yet so I'm kind of curious and we'll let that load up and oh yeah there's me doing some

big query stuff from earlier um but what I'm going to do yeah see I just doing a a quick test there but uh what I'm going to do here is bring in a new repo so here um Source control I don't really use uh vs code uh but usually you can go here and press this button here um and that's not really helping so that's fine we'll open up the terminal it's not a big deal and I'm just going to do LS PWD to see where I am so I'm in my home directory and here

it's going to ask me to do a get clone so I should be able to clone this and we'll hit enter and so now we have all those samples so the question is and here down below it says app engine for slapp engine whatever what I noticed is that there is no folder called app engine so which one will be run well intuitively I would pick something like rails or maybe Sinatra so maybe they have a very simple example um they also have static files so they have Sinatra and rails but um they have an

hello world example here and if we click into it it is Sinatra so I feel that this will probably be the easiest way to deploy um and then we have our app yaml file that's actually how we configure um uh most like like whether it's app engine um elastic beant stock or app uh Azure app Services they always have like this accompanying configuration file that you can use with it I'm noticing that this is set to flex so maybe we might want to use flex mode and to me it doesn't really matter whether it's standard

or flexible so we we'll just switch it over to flexible here um and what I'll do whoops is it says initialize deploy so what I'll do is I'll just CD into that hello world directory here oh we got to first CD into our Ruby docs and then into our hello world directory oh look at that now there is a uh there's an app engine right here maybe we're already in that folder okay that's why so we'll do app engine and then we'll do hello world okay and so we'll probably have to do a bundle install

so we'll just do a bundle install um gem F cannot be required you have Etc it could be just because this machine doesn't have um a a ruby installed so maybe we'll do um gem install bundler actually I didn't even check if this has Ruby does this have Ruby installed yeah it does okay and actually it's a very recent version so we'll do gem install bundler it's really not even necessary to do this but it's just out of habit I like to make sure that it uh it bundles before deploying bundler is just like um

requirements.txt or mpm it's just Ruby's package manager or a composer if you're used to using PHP and so then I can just do a bundle install after install the packages uh did I not just install bundler gem install bundler yep it's installed bundle install um I'm I'm not really that worried about getting it running locally I just want to deploy it and so in order to deploy it we will have to run the gcloud app deploy command we'll just double check and make sure that's the case here I'm pretty sure that's what it says down

below yeah it's just as simple as this so hopefully this works no problem and we authoriz it with g-cloud if you're installing this locally you probably use gcloud andit to authenticate it's giving us some details here it's really hard to read this on uh white on black or black on white there but uh let's see what it's doing so we have a description it's going to S us a source it's going to show us the target Ur all where it's going to deploy app engine uh default service account sounds good to me so we'll hit

y for yes and we'll let it go ahead and provision probably the most simple out of uh all the providers in terms of like a platform as a service I would say gcp is out of all the three great and so if you just take a look there you can tell it's actually building out a containerized image so gives you the idea that this is uh running off of containers also noticing that it's setting up cloudsql and Cloud uh cloudsql proxy so I would suppose if it needed to be backed by a database um this

should be shouldn't require a database we'll just take a look here maybe the configuration it has that in there no just says environments Flex runtime Ruby uh resources memory dis size Etc so I'm not I'm not sure why it's spinning up a relational database there but and this doesn't even have one but maybe that's just part of what it does okay so we'll just have to wait here a little bit a while and I'll see you back here in a moment okay all right and so after a little while there we can see there's a

cloud build fail um it doesn't say as to why hold on here um you have add a gem Etc I know Ruby pretty well so for me uh it's not hard to figure out as to Y but looks like we're going to have to go check the log so I'm not sure where the logs are so just give me a moment I'll go figure that out okay all right so what I did here is I went down below and I opened up this link uh which brings us to our build details and if we scroll

all the way down to the bottom notice how many steps it's out of 11 out of 14 so this is is actually building the container image and when it went and uh and did a bundle install uh it ran into some trouble here so you are trying to install in deployment mode after changing your gem file run Buttle install else where and add the updated gem lock gem file. loock to the version control so um I think maybe we just have to get that bundle installed to work so what I'll do is go back here

to my editor I really wish I could figure how to change the theme Here Is there a way we can change the theme so I can see what I'm looking at I'm not sure maybe settings uh color theme and we will go Abyss oh there we go that's a little bit better so we'll work with that I suppose um so maybe we just need to make sure that the bundle install Works uh which is something I tried to just get around but if there's no gem lock file that's what it's probably going to be complaining

about so if I just expand this here yeah notice there's no gem uh gem gem file. loock or gem lock file uh so we'll do bundle install and this time we'll just be a bit more thorough about its read so could not find bundler required by your home directory to update the latest version installed in your system do bundle update bundler so we'll do bundle update bundler let's see if that works I would have thought that we were up to the latest version because we ran it the lock file has being updated to bundler 2

after which you will be unable to return to bundler one totally fine with that nobody uses bundler one anymore but if we take a look here on the left hand side uh I don't see um bundler a gem lock file there so I'll do bundle install and so now I should have one may I have to hit refresh here um still let's see one here let's do a clear and I'll do a LS how you an LA yeah it's right there so um oh you know why it's cuz I'm not looking in the subfolder here

so we're supposed to go app engine hello world and so there's that gem lock file so now let's go ahead and try that deploy again I don't know what happens when you have a filed deploy like that so we'll just hit enter uh and I wonder if anything has changed here with app engine probably not probably have to do a successful deploy while that's going let's go take a look here was going on um through our build history so uh nothing exciting here but I wanted to see what services was so it was doing through

Cloud build so Cloud build um I imagine it's just like um uh a code build which is just a build server so it's a server that is designed to build things um and so that could be uh preparing uh artifacts for code or in this case it could be building out a image which I think that's what it was doing it was building out an image so that's interesting how they uh they link that up so we'll go ahead and hit capital Y here and we'll let it go and deploy again and I will see

you here uh at the end of it and hopefully it works or you know we'll encounter a new error okay all right so after waiting several minutes here uh it looks like it is done uh and it has a S command here called g-cloud app browse I don't know if it's going to work within the um Google Cloud shell here let's give it a go and see what happens okay so it didn't detect a browser because we're not running it on our local machine uh we're running it within uh the Google shell but that's fine

we can just copy that link and paste it up on here and so we can see the application is working so let's go give it a peek uh in the actual service and see what we can see okay because usually usually uh we will see some additional stuff here so I'll go give this a hard refresh here uh it's still showing us uh that we'll go ahead and click the dashboard here and so our app should be here uh looks like it must be running here um I'm just trying to distinguish okay up in the

top right corner that's where we can see it we can see our versioning here uh we've got Services okay that makes sense if we wanted to upload uh different versions or we deploy new versions I guess it would be version management so yeah pretty straightforward um so I'd say we're all done here and now we just need to go ahead and tear this down um good question so I I mean I see this running here so I imagine we can just go ahead and delete it whoops I have no idea how we should delete this

so just give me a second and I'll figure this out okay all right so it looks like we don't delete app engines we just disabled them uh so let's go ahead here and click on disable and we will enter uh this key in here okay and so that should disable it so why they don't let you delete them I do not know why um but I mean that's totally fine as long as we're not getting build so here it says your app has been currently disabled okay um so yeah there we go so we'll just

make our way back here and move on to the next [Music] service hey this is Andrew Brown from exam Pro and let's go take a look at some Storage off for gcp in specific um cloud storage so what we'll do is scroll on down here so we got our compute and we have our storage and here is cloud storage okay and you will notice oh our screen's a bit messed up here just give it a whoops give it a hard refresh here to get that uh weird navigation out of the way but uh you can

see that because we set up our app engine we already have some storage here uh but let's go ahead and create ourselves a new bucket and we'll just say uh my new bucket okay these are globally unique names so it's just like domain name so you might have to put in some random uh numbers there let continue now we have an option of multi- region dual region or just region with the lowest latency with a single region um I'm just going to stick with multi- region for uh this I'm going to see if I can

choose Canada actually only have three options us European union or Asia if I choose different ones what are my options do I get North America there we go actually I want Toronto because that's the closest place that I am here uh clearly multi- region would give you the highest availability but if you want the lowest latency and you just want a single region more options you probably might just want to choose region there okay go ahead and hit continue I like on the right hand side it's estimating our cost here now we have our different

storage options this will absolutely show up on the exam so you need to know the difference so standard best for short-term storage and frequently Access Data nearline best for backup and data access less than a month cold line best for disaster recovery and data access less than once a quarter archive best for long-term digital preservation of data access less than once a year so we're going to stick with standard uh and then here it says prevent Public Access one of the most um uh common vulnerabilities for cloud service providers is through uh cloud storage when

they're uh made public especially on AWS I'm sure it's no different for gcp so it's probably good to have uh Public Access prevention turned on on the bucket and then you have access controls under it we have uniform and fine grade uh we're not sharing this with anybody else so we don't have to worry about that we'll go ahead and hit continue you'll notice that uh we can set encryption to be the Google manage encryption key or a customer manage encryption key we'll just stick with Google's manage key there because that's very easy you can

set up a retention policy if we check boxes we get more information so we could say how long we want to retain uh stuff for going leave that off for now apply labels as per usual we go ahead and create our bucket and so now that we have our bucket let's go ahead and I'm going to create a new folder I'm going to call it Star Trek okay and what I'll do is I'll just go grab some images to upload just a couple images uh I'll be back here in a second okay all right so

let's go ahead and upload some files so I'm going to click into the Star Trek folder we're going to hit upload files I'm going to go into my Star Trek folder and I have a couple Graphics from my uh one of my previous courses here we'll hit upload and you'll see the files upload and there they are if you want to go ahead and download them there's a download button on the right hand side uh we have some other options uh here nothing super important I'm going to go ahead and uh delete these files okay

and give that a moment not that this would cost us anything to keep these two uh teeny tiny files around but it's probably a good habit to learn how to delete stuff uh at this level here uh and and I'll go ahead and delete my new bucket and we will type in delete to permit delete it okay and there you go that is Google Cloud [Music] Storage hey this is Andre Brown from exam Pro and we are taking a look here at Big query so what I want you to do is go to the top

and type in big query uh and this is one of Google's Flagship products because it does something that other cloud service providers does not do and it's the fact that it's a serverless data warehouse so other um providers like uh red shift or um I'm kind of forgetting the one Azure uh synapse uh things like that uh they are not serverless that means that they have an idle costs that you pay for and they're generally really expensive uh but uh a big query is very cost effective because it can scale to zero and you're paying

for consumption okay so uh for me it's actually a service I definitely use on a regular basis and I really really like it uh so just to kind of give you an idea of how this works now if you have not attached your credit card yet and you're using the sandbox it is totally safe to do this um but if you do have your credit card attached I'd probably suggest not querying if you're trying to be cost effective here but they have a bunch of um data sets here and so here is one for covid

and a lot of these are public data sets or I mean this one is at least and that means that uh Google has made it available to you and uh for this one in particular for new users you can start up to 10 gabt of data up to uh and query up to one terabyte each month for free so you can really play around with big query in that sense once you attach a credit card it's no longer free actually I'm not really sure if if it's if it's still extended to be free outside of

sandbox mode um but I can't be certain okay so if we go back here we don't have to uh do anything the data set's already there we just have to reference it so uh it was a bit hard to find any available queries but I did find one on this this blog post so thank you whoever did this and let's go ahead and grab this here and see if we can run ourselves a successful query notice it's going to suggest how much data it's going to process this is important because it's our consumption and we'll

go ahead and hit run okay and we will see what we get back and so there we there we go we got some uh data back you go ahead and explore the data so explored in data Studio or goovis so if you have some other things there you could uh see that data create some dashboards and things like that but that's pretty much it that's all I really wanted to show you um and that is big [Music] query hey this is Andrew Brown from exam Pro and in this video we're just going to take a

peek into vertex AI um I just like doing this because at some point you know maybe your company or or you might be considering to do a little bit of ml okay uh and the thing is a lot of people are scared of it and they're really worried about it being extremely expensive and so this is kind of my way of just kind of getting your toes toes uh uh into the pool um so you're not too afraid to do it so we'll go ahead here and type in vertex AI that is gcps offering and

we'll go ahead and just enable it and I wonder if I can do it in Canada I always like to pick Canada if I can Montreal I if it was Toronto they just don't have data I mean they have data centers there but there's never data centers for the main providers there and so uh we chose our region okay and I just want to do anything like opening a notebook that's usually uh what we would uh want to do but what I really want to show you is about compute because that is the the hidden

cost uh to any type whether it's Sage maker um uh Azure uh ml Studio or data Studio ml Studio can't remember off the top of my head what's called vertex AI it's just that you have to remember to turn off the servers if you remember that uh it's very uh not scary to use um uh these services so if we want to have a notebook so migrate your notebook I don't have any right now but I just want to run anything so we'll go ahead and create ourselves a new instance and so here uh just

like all the other ones you have to choose your environment Cuda or gpus you do not want to touch because those are super super expensive so we will just choose Python 3 notice comes with s kit learn pandis and more that's usually the safest one uh here if you look here it'll tell us what it's spting up so four C CPUs 15 GB of RAM 100 GB standard so it's pretty darn large but that's pretty standard for uh what you'd want to use um so what we'll do is go ahead and hit create actually let's

go take a look at Advanced options I've never clicked that before um no nothing exciting there so we'll go ahead and hit create notice this is $102 a month so you if you're afraid to run this don't do it but I mean we're going to turn it on and turn it off so it's like not going to cost us much right um so I'll go ahead and spin that up there okay and I'm not sure how fast this is going to uh start up on AWS they have like ones that will start up within one

or two minutes um but I don't think that's something that is offered on gcp or or Azure so the green usually means it's running setting up the proxy to Jupiter lab so this is what we really want to do is we want to open up Jupiter lab so so we'll just have to wait a little while until that's ready okay so I'll see you back here in a moment all right so after waiting a very short while there now we can see we have this open Jupiter lab so we'll go ahead and click that uh

and that will give us our Jupiter lab environment this is just an IDE specialized for data scientists or people working in the data field notice that it comes pre-loaded with tutorials which is pretty nice um so we have some big query Cloud ml engine fairing storage um if we go in here this would show us how to work work with big query pragmatically and the idea here is you go ahead and just just hit play on these okay uh and the idea is you if you hit play I'm not too afraid of doing this if

you want to just watch that's totally fine as well but uh here it says locations are required etc etc so that ran um and so here this would just query some public data set so that's something we did when we did Big query we just ran a query there but if we hit run it should output the results notice there's Aster it just means it's running so give it a bit of time and so there is its data so this is pretty um you know this is pretty uh uh you know pretty straightforward um and

very similar experience to the other providers there so once you learn one you kind of learn them all uh but yeah the real thing that you got to be a bit fearful of is the fact that uh you know depending on the machine type you choose they get really expensive so what you can do I'm just going to check if they have them on the Le hand side here sometimes the providers will have like a category just for computer but when you're actually jupter Labs you can go over here um oh it shows the colel

session if you're on um uh AWS it would actually show you the compute here that you can shut it down but what we can do is if we're really concerned about it we just go here and stop stop the instance okay but the thing is is that you could also be paying for storage so that could be kind of expensive so I'll actually just go ahead and delete it but we have to stop I think the instance before we can go ahead and delete it so uh we'll give this a refresh here okay and while

that's going I just want to show you something else actually I really like this channel called by Cloud because uh they cover a lot of different kind of AI techniques but the reason I'm bringing here is not to promote this channel but more so because they'd like to link in these Google collab files and so Google collab is kind of a way of um utilizing it's kind of it's like a notebook it's a like a Jupiter notebook uh or might may be a Jupiter notebook it just doesn't look one to one with the Jupiter Labs

notebook but um it allows you to run ml models uh but also to utilize gpus and gpus uh like your graphics cards are really really expensive in the cloud and so this is an opportunity where you can use it for free and you're just sharing it with other people and it's one of Google's initiatives to allow you to learn in a cost-free way with Google and I think it's really cool uh but you could just click through this stuff and kind of get a result so I go here and hit uh run I'll just say

run anyway that totally fine with that okay and I I could just say run all with that and this is not going to cost me anything like I I do not have to worry about it so that's something that's really nice that Google lets you do I assume it's using under utiliz machines or machines that aren't being in use so if you are learning you could just you know use Google collab uh but if you uh if you need to use you need to build a real model to deploy uh then you're going to be

doing that with jupyter labs and vertex AI okay so I'm going to see if that is finished uh shutting down yet is it done no it's pending uh I'm going to shut that down maybe that was causing the issue there okay so I'll wait till it gets out of the pending State here um and this is just running I don't know this is even going to do uh execute a 3D uh photo in painting it's going to do something cool something relating uh relating to uh um something to change poses for people okay but anyway

um I'll see you back here in a moment when this is out of pending okay okay all right so just as I stopped the video it it uh it also stopped the instance so now I can go ahead and delete it we'll just say say delete okay and that should take care of uh any lingering costs just in case you're following along and you do not want to get build $100 by the end of the month there probably was instances that were a bit cheaper that we could have chose um like you don't have to

do this I'm just kind of taking a look here so there probably was yeah so we could have we could have chose something like this notice that was $29 that would have been a lot safer to do um because when I think of like Sage maker and and azures uh ml Studio or Studio this is usually the cost that I run my notebooks at so probably just had a very expensive default and we just had to change it down below to this okay um I figured that was probably the case but I should have showed

you that as we're doing it so you're not super scared so really the real cost would be $30 and you can do a lot with that but again you can use Google cab for free but there you go that's it