Ultimate Google Professional Cloud Architect Certification Guide: Build Real-World, Enterprise-Ready Solutions on Google Cloud Platform and Ace the Google Professional Cloud Architect Exam (English Edition)

By Shounak Acharya

Architect Google Cloud Solutions That Go Beyond CertificationKey Features● Master core GCP services, including Compute, Storage, and Networking.● Apply GCP design patterns to real-world enterprise architecture.● Prepare with exam-focused guidance, diagrams, and case scenarios.Book DescriptionIn today’s cloud-first world, the Google Cloud Profession

• Language: English
• Publisher: Orange Education Pvt. Ltd
• Release date: Aug 5, 2025
• ISBN: 9789349888340

Book preview

CHAPTER 1

GCP Compute Engine

Introduction

In this chapter, we embark on an exploration of cloud computing, laying the groundwork for understanding one of the most transformative technologies of our time. Cloud Computing, as defined by the National Institute of Standards and Technology (NIST), is a model that facilitates convenient, on-demand access to a shared pool of configurable computing resources. These resources can be provisioned and released rapidly, with minimal management effort or interaction with service providers. Thus, by dissecting this definition, we uncover the key principles, such as on-demand accessibility, network availability, resource configurability, and the dynamic provisioning as well as release of services—all of which are pivotal in understanding how cloud computing revolutionizes traditional IT systems. This foundational knowledge sets the stage for delving deeper into Google Cloud Platform (GCP) and its capabilities.

The chapter then transitions into a focused discussion on GCP Compute Engine, one of the cornerstone services of the Google Cloud Platform. Now, before diving into the specifics of Compute Engine, we introduce GCP’s architecture, which is structured around concepts like regions and zones. These geographical constructs ensure high availability, redundancy, and scalability of resources across the globe, providing organizations with the flexibility to manage their infrastructure with precision. Following this architectural overview, we delve into the Compute Engine itself which offers robust tools for creating and managing Virtual Machines (VMs). These VMs serve as the backbone of cloud-based workloads, enabling developers and organizations to deploy, scale, and optimize their applications in a highly efficient, cost-effective manner. Hence, through this chapter, readers will gain a comprehensive understanding of how GCP Compute Engine integrates into the broader ecosystem of cloud computing, empowering them to harness its full potential.

Structure

In this chapter, we will cover the following topics:

Introduction to Cloud Computing: Covers definition and principles of cloud computing.

GCP Architecture: Regions and Zones: Discusses the geographical structure, ensuring availability and scalability.

GCP Compute Engine: Explores creating and managing virtual machines in GCP.

Introduction to Cloud Computing

In order to understand what Cloud Computing is, it is best to start with a definition. With that in mind, it would be best to take the definition from an international standards body. In this book, we take the definition provided by the National Institute of Standards and Technology (NIST) which defines cloud computing as follows:

"A model for enabling convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released, with minimal management effort or service provider interaction."

If we closely look at the definition, there are certain important criteria that form the basis for Cloud Computing. They are as follows:

On-demand

Available over the network

Has a shared pool of configurable computing resources

Rapidly Provisioned and Released

Minimal service provider interaction

If a set of services from an organization strive to achieve all of the preceding points, we call those set of services as a Cloud Computing offering, and the Organization giving those set of services as a Cloud Service Provider.

To delve a bit deeper on the definition of Cloud Computing, we need to understand the Cloud Model, a bit better. The Cloud Model has the following properties:

Five essential characteristics

Three deployment models

Three service Models

Let us now try to understand each of them in more detail.

Five Essential Characteristics

The cloud model has five (5) salient characteristics which majorly all of the Cloud Service Providers would have. These can be described as under:

On-demand Self-Service: Cloud resources, such as computing power, storage, and networking can be accessed through a simple user interface, without requiring direct interaction with service providers.

Broad Network Access: Cloud services are available over standard networks, and can be accessed using various devices, including smartphones, tablets, laptops, and desktop computers.

Resource Pooling: Service providers optimize resource allocation by sharing a pool of resources, among customers. This allows dynamic scaling and efficiency, without customers needing to know the physical location of the resources.

Rapid Elasticity: Resources can quickly scale up to meet the increasing demand or scale down, when no longer needed, offering flexibility and efficiency.

Measured Service: You only pay for what you use, or reserve as you go. Resource usage is monitored, measured, and reported transparently, based on utilization.

All of the points discussed till now can be visualized in the following diagram:

Figure 1.1: Cloud Computing Characteristics

As it can be seen in Figure 1.1, the cloud provider provides various services in terms of servers, storage, networking, and so on in an on-demand fashion to the users, and the users pay only for what they use. These characteristics of the cloud, generally make Cloud Computing very cost-efficient and agile, preventing users from pre-procuring systems – both hardware and software, and use only what is needed. For example,

It can help a startup company build, experiment and finally go to market, without the hassles of having a huge upfront expenditure on IT infrastructure.

For an established business, like an e-commerce, Cloud Computing can help in provisioning and de-provisioning workloads, based on seasonality and time of the day, such that they do not have to run the infrastructure, considering their peak consumption and pay for only what they use.

Beyond, on-demand models, Cloud Providers also provide various discounts on long-running workloads which help users plan their infrastructure for maximum cost efficiencies. We would look at this in a more detailed manner, when we discuss Google’s Compute Engine offerings.

The next topic to understand cloud computing better are the various deployment models that a Cloud Service can have:

Three Deployment Models

Based upon where the infrastructure resides, who owns and manages this, and how are the resources and services accessed by the end-users, we can have various deployment models for the Cloud itself. They are broadly categorised into one of these three (3) categories:

Public Cloud: In this type of Cloud offering, we leverage Cloud Services over the open internet on hardware owned by the cloud provider which is shared with other users, as well.

Private Cloud: The cloud infrastructure is provisioned for exclusive use by a single organization. It could be on-premise, or managed and run by a single provider.

Hybrid Cloud: It is a mix of both public and private clouds working together seamlessly. In this deployment model, there can be more than one service provider being involved.

Since this book is a certification guide for GCP Professional Cloud Architect, we would be focussing more on Public Clouds as GCP is a Public Cloud Offering. However, there are many features of GCP that helps you run even Private and Hybrid Cloud setups. Hence, in the following sections, we would discuss Public Cloud features majorly, and those hybrid and multi-cloud features which are relevant from the certification perspective.

Public Clouds

Consider the diagram in Figure 1.2. A public cloud offering has the following characteristics:

The cloud provider owns, manages, provisions, and maintains the infrastructure.

The Cloud Provider is responsible for capital, operational and maintenance expenses for the infrastructure, and the facilities they are hosted in.

Users do not own the servers, their applications run on, nor the storage, or the maintenance and operations as well as how the platform is maintained.

The user does not have any control over the physical computing environment. They are subject to the security and performance of the Cloud Provider’s infrastructure.

Using Web consoles and APIs, users can provision the resources and services they need.

Users pay a subscription/pay per use fee for the services that are consumed by them.

Figure 1.2: Public Cloud Model

There are several Public Clouds in the market, for example:

Amazon Web Services

Microsoft Azure

Google Cloud Platform

IBM Cloud

Alibaba Cloud

All of these players provide a set of core cloud computing services like Servers, Storage, Networking, Databases, and much more. Beyond these core services, all of the cloud service providers have their own set of niche services which help each of them have an edge over a particular domain over the other. Also, even in the core set of services, there are varied levels of features provided by each of the Cloud Providers that make them more reliable, cost efficient and feature rich over the other providers.

Generally, a Public Cloud is a:

Virtualized multi-tenant architecture enabling tenants or users to share computing resources.

Resources are distributed on an as-needed basis offered through a variety of subscriptions and pay-as-you-go models.

The cloud providers pool of resources, including infrastructure, platforms and software, are NOT dedicated for use by a single tenant or an Organization.

Some of the benefits of Public Clouds include:

On-demand Resources: Allowing applications to respond seamlessly to fluctuations in demand.

Economies of Scale: Considering the large amount of users, sharing the same pool of resources results in decrease in cloud costs, over time.

Highly Reliable: If one physical component fails, the service runs unaffected on the remaining available components.

However, due to the nature of how Public Clouds deliver their services, there are some concerns that arise, and they are especially prevalent in having highly regulated industries being wary of using Public Clouds. These are described as follows:

Security concerns arising from incidents of data breaches, data loss, account hijacking, insufficient due diligence and system, and application vulnerability.

Data Sovereignty and Compliance concerns, as it is increasingly critical for companies to be compliant with data sovereignty regulations governing the storage, transfer and security of the data.

There are multiple controls and visibility tools, along with certification and compliance SLAs that are provided by the cloud companies. We would look at them more, when we discuss security constructs of GCP, along these lines.

Even though there are some concerns, Public Cloud is still the most widely used Cloud deployment model. Some of the use-cases for using Public Clouds can be described as under:

Building and testing applications as well as reducing time to market because of the availability and on-demand nature of a plethora of services provided by the Public Clouds.

Businesses with fluctuating capacity and resourcing needs find Public Cloud model very useful.

Highly sensitive organizations find building secondary infrastructures for disaster recovery, data protection and business continuity on Public Cloud as a major use-case.

With this brief overview of Public Clouds, let us look at the other two deployment options, and how they relate to Public Clouds.

Private Clouds

A Private Cloud as per NIST is a "Cloud infrastructure provisioned for exclusive use for a single organization comprising multiple consumers, such as the business units within the organization. It may be owned, managed and operated by the organization, a third party, or some combination of them, and it may exist, on or off the premises." While organization owned on-premises private clouds are very prevalent in this type of deployment model, Public Clouds leverage the "off-premises managed by third party" part of the definition to provide Private Cloud Services to sensitive Organizations.

From Public Cloud perspective, the offering of a Private Cloud Environment on their shared infrastructure is provided by what is called as a Virtual Private Cloud or VPC. Consider the following diagram:

Figure 1.3: Virtual Private Cloud

A VPC is a public cloud offering that lets an organization establish its own private and secure cloud-like computing environment in a logically isolated part of a shared public cloud.

Using a VPC, organizations can leverage the dynamic scalability, high availability, and lower cost of ownership of a public cloud, while having the infrastructure and security tailored to the organization’s unique needs.

This is typically available on all major public cloud providers.

VPC provides best of both worlds because:

It is managed by the internal IT of the organization, providing unified and processed services for both on and off-premise workloads.

Because a VPC is a completely isolated logical grouping, only the organization has access to the resources running within a VPC. This can be further controlled to provide access to organization’s personas.

Since, it finally runs on a public cloud, all the benefits of dynamic scalability, rapid elasticity and agility is provided.

As seen in the preceding diagram, VPCs can also be connected to on-premises. Hence, the existing investment on hardware can be retained, using technologies, such as Cloud Bursting and extra workloads that can be rapidly provisioned and de-provisioned on the Cloud, when the demand surges.

Please note that when we delve deeper into GCP’s products and services, we would see that many of the product offerings are delivered through the VPC model only. So, one might wonder, why did we categorise VPCs as a Private Cloud Offering as there is no way, we can run certain core services, without first creating a VPC. To this, please note that while many of the core services run inside a VPC, many do not. Also, as we would see later that there are various service models that are offered by the Cloud Providers, where a concept of VPC does not make sense.

Therefore, please note that VPCs as a concept were implemented by cloud providers to provide a logical private slice of their shared infrastructure to the end-user organizations for their compute offerings, such that the end-user organizations see this slice as their own private data centre. Hence, while VPC is an integral way in which compute services are delivered, it was created to offer a private cloud like system on the public cloud’s shared infrastructure.

Now that we have seen what Private Clouds are, especially as it relates to the Public Cloud Providers, let us observe what is a Hybrid Cloud.

Hybrid Cloud

Experienced readers might already be contemplating that connecting VPCs to on-premises forms is what is called as a hybrid cloud. Then why was it mentioned under the VPC or Private Cloud section? Well, they are right in their thinking in a way. Hybrid cloud is a cloud deployment model, where we connect our on-premises Private Cloud and the Third-party Public Clouds. However, Hybrid Clouds is not "only" connecting VPCs to On-Premises. These Clouds can be formed by just about any type of secure and private connection to the Public Cloud offering and usage, as it is not limited to only the services that are available in the VPCs. Moreover, a Hybrid Cloud deployment might also be formed between an on-premise, and more than one public clouds.

In fact, by definition, there are three types of Hybrid Clouds:

Hybrid Monocloud: One Cloud Provider and one-premise private cloud. This was what was also covered in VPC, and is the overlapping use-case for both the models.

Hybrid Multicloud: Multiple Public Clouds are connected with the on-premise private cloud, with different workloads deployed in different clouds.

Composite Multicloud: All the public and private clouds are stitched in a unified environment, where a single workload can run across multiple clouds and on-premise.

Based upon the use-case and interoperability constraints, an organization might choose to go with one of the above types of Hybrid Clouds. While Hybrid Monoclouds are easiest to implement, and the most widely adopted hybrid cloud model, the complexity increases as we go for multiclouds. GCP provides various offerings for not only monoclouds, but also both types of multicloud requirements.

Hybrid Clouds offer a lot of benefits, such as:

A hybrid cloud enables organizations to allocate highly regulated or sensitive tasks to a private cloud, while less sensitive operations can be executed on a public cloud.

With a hybrid cloud, you can rapidly, cost-effectively, and automatically scale up using public cloud infrastructure, without affecting the workloads operating on your private cloud.

By avoiding commitment to a single vendor, and eliminating the need for exclusive choices between different cloud models, you can optimize your infrastructure budget for cost efficiency.

Some of the notable use-cases for Hybrid Clouds are:

Software-as-a-service Integration – for example, backing up of your Corporate SaaS Email like Google Workspace or Office 365 on on-premises.

Leveraging advanced Data and AI offerings of cloud, while keeping the rest of the applications on-premise.

Enhancing and Modernizing Legacy Applications.

VMWare Migration from on-premise to cloud with a lift and shift, followed by the modernization strategy.

We will be looking at solving various use-cases as already mentioned here through GCP’s hybrid and multi cloud offerings, later in this book.

Three Service Models

Based upon what is offered as an offering from the Cloud Service Provider, there are also three (3) different service models. A Cloud Service Provider may offer either some, or all of these types of offerings. They are as follows:

Infrastructure as a Service (IaaS): You get access to infrastructure and physical computing resources, such as servers, networking and storage, without managing them.

Platform as a Service (PaaS): You get access to the platform, like software tools to build applications for users which are delivered over the internet.

Software as a Service (SaaS): It is a software licensing model in which software and applications are centrally hosted and licensed on a subscription basis – on-demand software.

Infrastructure as a Service (IaaS)

In this type of Service Model, we only use Infrastructure from the Cloud Service Provider. Examples include virtual machines, storage, networking, and so on. Beyond the infrastructure, the end-user is responsible for managing everything that is installed on the infrastructure.

These include:

Application Code and Runtime

Configuring Load Balancing

Auto Scaling

OS Upgrades and Patches

Availability

And a lot of other things

IaaS can be imagined as the following layered diagram:

Figure 1.4: Infrastructure as a Service

All the things that are shown in red are managed by the cloud service provider. For example, if we are booting up a VM in a Cloud, everything that is necessary to boot up a VM, installed with a particular OS is taken care by the cloud provider, right down to managing the physical Data Centres. After a VM is given to the end user, everything that the user installs and configures to provide a production grade service to its end-users are managed by them. Even ensuring that the OS is patched to the latest version, has to be ensured by the end-user.

Platform as a Service (PaaS)

Now, let us start with the stack diagram for PaaS:

Figure 1.5: Platform as a Service

Platform as a service offers platforms which can be used by the end-users to develop further applications. Examples of Platforms include:

Container as a Service (CAAS): Containers instead of Apps

Function as a Service (FAAS): Functions instead of Apps

Databases: Relational and NoSQL

In this type of offering, the Cloud Provider is responsible for everything that is marked in Red in the preceding figure, such as:

OS (including upgrades and patches)

Platform Runtime

Autoscaling, Availability, and Load Balancing

The end-user is responsible for:

Configuration (of their application and services)

Application Code (if applicable)

For example, if the Cloud Provider provides a service, such as MySQL on Cloud, then the Cloud Provider is responsible for providing and managing a MySQL server with a specific version, and also patching and upgrading of the server. The end-user is given certain parameters to tune the MySQL server like concurrency, setting up High availability, indexing mechanisms, and much more.

Software as a Service (SaaS)

As can be seen from the Figure 1.6, everything is managed by the Cloud Provider, shown in red. Please note that, historically, this was the first type of Cloud Services that were offered, followed by PaaS, and then IaaS.

Figure 1.6: Software as a Service

In this model:

Everything is owned and managed by the cloud provider.

You are given an interface – either a web application, desktop application or APIs.

Possible to integrate into your own workflows if the SaaS supports API integrations.

Examples include: Mail systems such as Gmail, CRM, and ERP Systems like Salesforce, SAP, and so on, as well as marketing applications like Magento and Adobe.

This brings to the end of the discussion of the introduction to cloud computing section. From the PCA certification perspective, we would mostly be looking at the IaaS and PaaS models offered by GCP. We would also look at the various Hybrid Cloud offerings of GCP, as we discuss the Public Cloud offerings extensively throughout this book.

Creating Your Free GCP Account

Navigate to the [https://github.com/ava-orange-education/GCP-Professional-Cloud-Architect-Certification-Guide]. Refer to the README.MD file located at the root of this GitHub Repository to create your Free GCP Account.

Introduction to Compute Engine

According to the Google Documentation’s definition, "Compute Engine is a computing and hosting service that lets you create and run virtual machines on Google infrastructure. Compute Engine offers scale, performance, and value that enables you easily launch large compute clusters on Google’s infrastructure. There are no upfront investments, and you can run thousands of virtual CPUs on a system that offers quick, consistent performance."

From a cloud service model definition perspective, the Compute Engine is the Infrastructure as a Service (IaaS) Offering from GCP, and forms the core for multiple other services that are built on top of the Compute Engine service.

Thus, it lets you to:

Create and manage VMs.

Perform configuration management of the VMs in terms of Operating System, Compute Configurations like CPU, RAM and disks, Networking Interfaces, and so on.

Distribute your computing infrastructure globally.

Create and manage Networking for the VMs – Everything related to your Virtual Private Cloud.

Manage clusters of VMs as a set and do autoscaling, as well as load balancing on the VM instances.

Manage storage for the Virtual Machines in terms of attached disks and lifecycle management of disks like backup, restore, snapshotting, and so on.

Manage access to VMs by providing a Pluggable Authentication Module for the computing infrastructure.

Perform security vulnerability assessment for the Operating Systems, and automatic patch management.

Migrate VMs from on-prem to cloud, and vice-versa as well as even containerise your apps running within a VM.

Out of all the preceding points, we would be discussing those which are the most relevant topics from a PCA perspective, and also provide links to GCP documentation, wherever applicable.

VM Creation Flow

If we look at a typical OS installation process on general PC, we would do the following typical activities:

Have a media with the OS image, a usb-drive, CD/DVD(not any more), network boot location, and so on, available to the PC.

Have at least one disk on the PC which would have the final OS installed. This is typically the C:\ on a Windows Machine and /boot on a Linux