Google Cloud Professional Cloud Architect Certification

A few weeks ago, I took the Google Cloud Professional Cloud Architect Certification exam. I found the exam to be a good test of one’s knowledge of the products and services offered on Google Cloud, and how to best put them to use in software architecture and design. While studying for the exam, I was never able to find a good study guide for how to prepare for the exam, so I decided to put together this for how to successfully prepare to pass the exam. This is more of a guide on what and how to study for the exam and not a comprehensive repo with all the study material you’ll need. Instead, I’ll link important resources that you can use in your studying here.

Test Format

Normally, the Google Cloud (GCP) exam must be taken in person at one of the sites designed by Google. Thankfully, during quarantine Google has added the option to take the exam remotely with a live video proctor, which is what I did. If you choose to do this, make sure to take the exam on a computer with a webcam as the video proctor will need to monitor you during the entire test duration. Additionally, you’ll need an empty room, clear desk, and a mirror to reflect your computer’s screen back onto the view to of the proctor. Which ever test setting is selected, the format of the exam is the same: 50 questions with a time limit of 2 hours. The time format is actually pretty generous, so that should not be your biggest concern. Questions are multiple choice with 4 or 5 options, and some are multiple selection where the tester must select all of the correct choices. There are no open ended questions. It is in your best interest to answer every single question. There is no benefit to leaving a question blank, and no harm in answering a choice incorrectly, so you should answer every question even if guessing. During the exam, I found that eliminating obviously wrong choices would often reduce the answer choices down to at most 2. Therefore I recommend marking questions you’re unsure of and using this strategy to improve the odds of selecting the correct answer.

Study Topics

In order to be successful on the GCP exam, you’ll need to study the various products and services GCP offers and how to utilize them to architect a software solution top to bottom. Make sure you study each of the following GCP products,

Microservices

Be aware that first and foremost, this is a test of software architecture, not Google Cloud. The exam will test your ability to architect and design software products front to end. This means that in order to past the exam, you need to think about how data will flow through your product, and how different components will interact and function on the data. You must be able to decompose your solution into components that do their task and do it well and do so without degrading the system when they fail (which will inevitable happen at some point). Google has decided that the best way to do so is by using microservices, and you’ll find that products on GCP are built and designed to be used with this architectural pattern. If you’re not familiar with microservices, I recommend the Building Microservices O’Reilly book and Part 2 and 3 of the Software Architecture in Practice Book (third edition) by Len Blass et al. Do not skip becoming familiar with microservices prior to moving on with your study, as by doing so you’re only setting yourself up to fail the exam and as a software architect.

Docker

Docker inevitably comes up anything microservices are mentioned as it’s a useful way to package, deploy, and run microservices. Google has great support for running Docker images through Google Kubernetes Engine (GKE). I would recommend to download Docker on your local machine first, and at the very least building and running the Hello World container to get familiar.

Compute

You’ll find that GCP has different solutions for hosting your microservices. Each solution runs at a different layer of the compute stack and requires more or less infrastructure, auto scaling, and deployment management. Additionally, the available compute solutions differ in how they are designed to run as persistent service or only when some event happens or when some data processing needs to happen. For this, you’ll need to understand the difference between Infrastructure as a Services (IaaS), Platform as a Service (PaaS), and Software as a Service(SaaS).

With this in mind, study the following products available through GCP. Make sure you know what they’re each designed to do, how they differ, and when each would be appropriate to use.

  • Google Compute Engine (GCE)

  • Google Kubernetes Engine (GKE)

  • Google App Engine

  • Google Cloud Functions

  • Google Dataflow

  • Google Dataproc

  • Google Cloud Run- This is a new solution that GCP just introduced. I did not see it in the exam, but I expect it to show up in future exams.

You should also be aware of how each of these solutions handles (or does not handle) auto scaling, and in particular, how managed instance groups typically are resized as demand changes using an autoscaler. Managed instance groups deploy identical instances based on an instance template. Managed instance groups can be deployed in a single zone or across a single region.

Networking- VPCs and VPNs

You can think of VPCs as your own private cloud and all the resources that provides. You’ll be the only one that has full network access to all these resources, and determine what is accessible to the public. In GCP, VPCs are global. Users can create subnetworks for the region to operate in. Conveniently, resources across regions that share a VPC can reach other, and GCP projects can have multiple VPCs. This is often done using a Shared VPC that is created in one project yet can be shared to other projects.

Once you’ve understood this, you should know how to connect networks. There are several options depending on the use case:

  • VPC Peering- use when both networks are in GCP

  • Cloud VPN- use to connect a GCP network to an on-premise or other cloud network. Cloud VPN give the choice of using static or dynamic routes. Use a Cloud router for discovery of dynamic routes.

  • Cloud Interconnect- use when a high speed network is required. There are 2 options for using a cloud interconnect:

    • Dedicated Interconnect- provides a direct physical connection between GCP and the on-prem network

    • Partner Interconnect- goes through supported service providers.

Storage

You’ll need to know how to select the best storage option depending on the need:

  • Google Cloud Storage (GCS)- stored blobs and binary data

  • Cloud SQL/Spanner- relational databases. Cloud SQL supports MySQL and Postgres. Spanner is Google’s proprietary solution and is best suited for apps that need a database running in multiple regions.

  • Firestore/BigTable- NoSQL databases.

  • BigQuery- warehouse of data

  • MemoryStore- in-memory data cache.

Additionally, the best storage choice depends on the desired SLA, durability, read/write rates, amount of data to store, and the choice of strong or eventual consistency.

Google Cloud Storage has a variety of storage solutions depending on the solution

Google Cloud Storage has a variety of storage solutions depending on the solution

gcs_choice.jpg



Load Balancing and Auto-scaling

Apps built on Google Cloud use global, regional, and internal load balancers to provide access to back end services deployed in multiple regions. Global load balancers generally route requests to the service to the instance group closest to user.

choosing_an_lb.jpg

Regional load balancers are not proxied, and in instead route all traffic through the load balancer. Traffic can only be balanced between VMS that are in the same region.

Internal load balancers are regional, private load balancers (no public IPs). They have reduced latency and are much easier to config since all traffic is internal.

Load balancers support HTTP(S), UDP, TCP, public and private IPs, and Google managed SSL certificates. Load balancers terminate user SSL at the load balancer layer. The connect using GCP’s SSL/TCP to GCE instances.

Auto-scaling

Infrastructure Automation and Deployment

GCP provides a Deployment Manager whose purpose is to serve as an infrastructure deployment automation tool and to document infrastructure as highly structured templates and config files. Deployment Manager conceals the actual GCP API calls that create the infrastructure. Deployment Manager makes infrastructure deployment into a repeatable process using a declarative language.

Other alternatives to using Deployment Manager are terraform and Packer, Chef and Jenkins.

You should then be aware of how autoscaling works- it dynamically adds/removes instances according to an autoscaling policy that can be for example be a CPU utilization threshold, load balancing policy, or some other monitoring metric. Some GCP services (like Cloud Functions, Dataflow, and App Engine) handle auto scaling for you, while others like GKE and GCE do not.

Deploying Applications to Google Cloud

Prior to anything in this section, you must be familiar with git and how collaboration and version control is done in software engineering. GCP has a git repository service in Google Cloud Repo. Additionally, docker images can be created from Cloud Repo using Cloud Build then hosted in GCP’s own hosted docker repository of Container Registry.

Google provides a variety of platforms where applications can be deployed.

gcp_choosing_deployment_platforms.jpg
GCP_deployment_options.jpg



Data Processing

data_processing.jpg

Security and Compliance

You should understand how Google uses Roles and Identity and Access Management to control which user can access different GCP resources and what they can do with those services. Additionally, understand that resources themselves can have their own IAM identity and role. Additionally, understand the hierarchy of projects, folders, and organizations, and how policies can be defined at each level and are inherited. Child policies cannot restrict access granted at the parent level.

security.jpg

Logging and Monitoring

Monitoring is at the heart of Software Reliability Engineering (SRE) and GCP provides several tools for doing this. GCP supports Stackdriver that supports dynamically configuring monitoring of resources and allows users to create custom charts for monitoring activities. The stackdrive workspace is the root entity that hold monitoring and configuration information in Stackdriver monitoring. Stackdriver allows custom dashboards and alerting policies and can have uptime checks to test availability of services.

Resources for Studying

Coursera

In preparation for the exam, I actually went through the 6 course series that Coursera offers in preparation for this exam (you can sign up through here. Out of the 6 courses, the last is the only one that is really necessary to pass the exam. The rest are excellent resources to learn all the details of Google Cloud, so depending on how familiar you are with GCP, you could skim or entirely skip these.

Google Cloud

Lastly, Google provides their own study guide for the exam. Here, you should especially study the case studies since some of the questions on the exam may depend on prior knowledge of these case studies. Moreover, they are good cases to study since your company may have very similar business and technical requirements.

Hope all this helps with the exam, and good luck!

architecture, google cloudJavier Palomaresgoogle cloud, certification, cloud architect, Google Cloud Professional Cloud Architect Certification, Professional Cloud ArchitectComment